mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 08:10:49 +02:00
Fixes for high impact issues
This commit is contained in:
+29
-24
@@ -8976,36 +8976,41 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
||||
for (;;) {
|
||||
headerEnd = XSTRNSTR((char*)buff, header, sz);
|
||||
|
||||
if (headerEnd || type != PRIVATEKEY_TYPE) {
|
||||
if (headerEnd) {
|
||||
break;
|
||||
} else
|
||||
if (header == BEGIN_RSA_PRIV) {
|
||||
header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
|
||||
} else
|
||||
if (header == BEGIN_PRIV_KEY) {
|
||||
header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
|
||||
} else
|
||||
#ifdef HAVE_ECC
|
||||
if (header == BEGIN_ENC_PRIV_KEY) {
|
||||
header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
|
||||
} else
|
||||
if (header == BEGIN_EC_PRIV) {
|
||||
header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
|
||||
} else
|
||||
#endif
|
||||
#ifdef HAVE_ED25519
|
||||
if (type == PRIVATEKEY_TYPE) {
|
||||
if (header == BEGIN_RSA_PRIV) {
|
||||
header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
|
||||
} else
|
||||
if (header == BEGIN_PRIV_KEY) {
|
||||
header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
|
||||
} else
|
||||
#ifdef HAVE_ECC
|
||||
if (header == BEGIN_DSA_PRIV)
|
||||
#else
|
||||
if (header == BEGIN_ENC_PRIV_KEY)
|
||||
if (header == BEGIN_ENC_PRIV_KEY) {
|
||||
header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
|
||||
} else
|
||||
if (header == BEGIN_EC_PRIV) {
|
||||
header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
|
||||
#ifdef HAVE_ED25519
|
||||
#ifdef HAVE_ECC
|
||||
if (header == BEGIN_DSA_PRIV)
|
||||
#else
|
||||
if (header == BEGIN_ENC_PRIV_KEY)
|
||||
#endif
|
||||
{
|
||||
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
break;
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
#ifdef HAVE_CRL
|
||||
if (type == CRL_TYPE) {
|
||||
header = BEGIN_CRL; footer = END_CRL;
|
||||
if ((type == CRL_TYPE) && (header != BEGIN_CRL)) {
|
||||
header = BEGIN_CRL; footer = END_CRL;
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
|
||||
+13
-7
@@ -2201,13 +2201,13 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
/* tmp2 += (2*loop_check_prime)
|
||||
* to have p = (q * tmp2) + 1 prime
|
||||
*/
|
||||
if (primeCheckCount) {
|
||||
if ((ret == 0) && (primeCheckCount)) {
|
||||
if (mp_add_d(&tmp2, 2 * primeCheckCount, &tmp2) != MP_OKAY)
|
||||
ret = MP_ADD_E;
|
||||
}
|
||||
|
||||
/* find a value g for which g^tmp2 != 1 */
|
||||
if (mp_set(&dh->g, 1) != MP_OKAY)
|
||||
if ((ret == 0) && (mp_set(&dh->g, 1) != MP_OKAY))
|
||||
ret = MP_ZERO_E;
|
||||
|
||||
if (ret == 0) {
|
||||
@@ -2219,18 +2219,24 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
|
||||
} while (ret == 0 && mp_cmp_d(&tmp, 1) == MP_EQ);
|
||||
}
|
||||
|
||||
/* at this point tmp generates a group of order q mod p */
|
||||
mp_exch(&tmp, &dh->g);
|
||||
if (ret == 0) {
|
||||
/* at this point tmp generates a group of order q mod p */
|
||||
mp_exch(&tmp, &dh->g);
|
||||
}
|
||||
|
||||
/* clear the parameters if there was an error */
|
||||
if (ret != 0) {
|
||||
if ((ret != 0) && (dh != NULL)) {
|
||||
mp_clear(&dh->q);
|
||||
mp_clear(&dh->p);
|
||||
mp_clear(&dh->g);
|
||||
}
|
||||
|
||||
ForceZero(buf, bufSz);
|
||||
XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (buf != NULL) {
|
||||
ForceZero(buf, bufSz);
|
||||
if (dh != NULL) {
|
||||
XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
}
|
||||
mp_clear(&tmp);
|
||||
mp_clear(&tmp2);
|
||||
|
||||
|
||||
+17
-7
@@ -357,12 +357,14 @@ static long wc_PKCS7_GetMaxStream(PKCS7* pkcs7, byte flag, byte* in,
|
||||
pkcs7->stream->maxLen = length + idx;
|
||||
}
|
||||
}
|
||||
|
||||
if (pkcs7->stream->maxLen == 0) {
|
||||
pkcs7->stream->maxLen = defSz;
|
||||
}
|
||||
|
||||
return pkcs7->stream->maxLen;
|
||||
}
|
||||
|
||||
if (pkcs7->stream->maxLen == 0) {
|
||||
pkcs7->stream->maxLen = defSz;
|
||||
}
|
||||
return defSz;
|
||||
}
|
||||
|
||||
@@ -3435,7 +3437,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
byte* der;
|
||||
#endif
|
||||
int multiPart = 0, keepContent;
|
||||
int contentLen;
|
||||
int contentLen = 0;
|
||||
|
||||
byte* pkiMsg = in;
|
||||
word32 pkiMsgSz = inSz;
|
||||
@@ -3877,7 +3879,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
|
||||
/* If getting the content info failed with non degenerate then return the
|
||||
* error case. Otherwise with a degenerate it is ok if the content
|
||||
* info was omitted */
|
||||
if (!degenerate && !detached && ret != 0) {
|
||||
if (!degenerate && !detached && (ret != 0)) {
|
||||
break;
|
||||
}
|
||||
else {
|
||||
@@ -8560,10 +8562,11 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz,
|
||||
ret = BAD_FUNC_ARG;
|
||||
|
||||
}
|
||||
return ret;
|
||||
|
||||
(void)pkiMsg;
|
||||
(void)pkiMsgSz;
|
||||
|
||||
return ret;
|
||||
#else
|
||||
(void)in;
|
||||
(void)inSz;
|
||||
@@ -8588,7 +8591,7 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
|
||||
byte* pkiMsg = in;
|
||||
word32 pkiMsgSz = inSz;
|
||||
#ifndef NO_PKCS7_STREAM
|
||||
word32 tmpIdx = *idx;
|
||||
word32 tmpIdx;
|
||||
long rc;
|
||||
#endif
|
||||
|
||||
@@ -8598,6 +8601,10 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef NO_PKCS7_STREAM
|
||||
tmpIdx = *idx;
|
||||
#endif
|
||||
|
||||
/* check if in the process of decrypting */
|
||||
switch (pkcs7->state) {
|
||||
case WC_PKCS7_DECRYPT_KTRI:
|
||||
@@ -9914,6 +9921,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output,
|
||||
idx += unauthAttribsSetSz;
|
||||
XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz);
|
||||
idx += unauthAttribsSz;
|
||||
}
|
||||
|
||||
if (flatUnauthAttribs != NULL) {
|
||||
XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user