mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-07 19:30:50 +02:00
Initial pass at fixes for coverity scan.
This commit is contained in:
@@ -408,15 +408,13 @@ static int StartTLS_Init(SOCKET_T* sockfd)
|
||||
if (sockfd == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
|
||||
/* S: 220 <host> SMTP service ready */
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
|
||||
err_sys("failed to read STARTTLS command\n");
|
||||
|
||||
if (!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) {
|
||||
printf("%s\n", tmpBuf);
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
} else {
|
||||
err_sys("incorrect STARTTLS command received");
|
||||
}
|
||||
@@ -427,12 +425,12 @@ static int StartTLS_Init(SOCKET_T* sockfd)
|
||||
err_sys("failed to send STARTTLS EHLO command\n");
|
||||
|
||||
/* S: 250 <host> offers a warm hug of welcome */
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
|
||||
err_sys("failed to read STARTTLS command\n");
|
||||
|
||||
if (!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) {
|
||||
printf("%s\n", tmpBuf);
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
} else {
|
||||
err_sys("incorrect STARTTLS command received");
|
||||
}
|
||||
@@ -444,12 +442,12 @@ static int StartTLS_Init(SOCKET_T* sockfd)
|
||||
}
|
||||
|
||||
/* S: 220 Go ahead */
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
|
||||
err_sys("failed to read STARTTLS command\n");
|
||||
|
||||
if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
|
||||
printf("%s\n", tmpBuf);
|
||||
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
|
||||
} else {
|
||||
err_sys("incorrect STARTTLS command received, expected 220");
|
||||
}
|
||||
|
||||
+92
-77
@@ -8584,6 +8584,12 @@ static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
|
||||
word32 idx = diff / DTLS_WORD_BITS;
|
||||
word32 newDiff = diff % DTLS_WORD_BITS;
|
||||
|
||||
/* verify idx is valid for window array */
|
||||
if (idx >= WOLFSSL_DTLS_WINDOW_WORDS) {
|
||||
WOLFSSL_MSG("Invalid DTLS windows index");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (window[idx] & (1 << (newDiff - 1))) {
|
||||
WOLFSSL_MSG("Current record sequence number already received.");
|
||||
return 0;
|
||||
@@ -11794,7 +11800,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
|
||||
return 0;
|
||||
|
||||
if (!request || ssl->buffers.weOwnCert) {
|
||||
if (request == NULL || ssl->buffers.weOwnCert) {
|
||||
DerBuffer* der = ssl->buffers.certificate;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
DecodedCert* cert = NULL;
|
||||
@@ -11822,25 +11828,27 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
else {
|
||||
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
|
||||
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
if (request == NULL) {
|
||||
FreeDecodedCert(cert);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return MEMORY_E;
|
||||
if (request) {
|
||||
ret = InitOcspRequest(request, cert, 0, ssl->heap);
|
||||
if (ret == 0) {
|
||||
/* make sure ctx OCSP request is updated */
|
||||
if (!ssl->buffers.weOwnCert) {
|
||||
wolfSSL_Mutex* ocspLock =
|
||||
&ssl->ctx->cm->ocsp_stapling->ocspLock;
|
||||
if (wc_LockMutex(ocspLock) == 0) {
|
||||
if (ssl->ctx->certOcspRequest == NULL)
|
||||
ssl->ctx->certOcspRequest = request;
|
||||
wc_UnLockMutex(ocspLock);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
request = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
ret = InitOcspRequest(request, cert, 0, ssl->heap);
|
||||
if (ret != 0) {
|
||||
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
}
|
||||
else if (!ssl->buffers.weOwnCert && 0 == wc_LockMutex(
|
||||
&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
|
||||
if (!ssl->ctx->certOcspRequest)
|
||||
ssl->ctx->certOcspRequest = request;
|
||||
wc_UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock);
|
||||
else {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11859,10 +11867,11 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
&response);
|
||||
|
||||
/* Suppressing, not critical */
|
||||
if (ret == OCSP_CERT_REVOKED
|
||||
|| ret == OCSP_CERT_UNKNOWN
|
||||
|| ret == OCSP_LOOKUP_FAIL)
|
||||
if (ret == OCSP_CERT_REVOKED ||
|
||||
ret == OCSP_CERT_UNKNOWN ||
|
||||
ret == OCSP_LOOKUP_FAIL) {
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if (response.buffer) {
|
||||
if (ret == 0)
|
||||
@@ -11898,18 +11907,18 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
|
||||
if (!request || ssl->buffers.weOwnCert) {
|
||||
DerBuffer* der = ssl->buffers.certificate;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
DecodedCert* cert = NULL;
|
||||
#else
|
||||
DecodedCert cert[1];
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
DecodedCert* cert = NULL;
|
||||
#else
|
||||
DecodedCert cert[1];
|
||||
#endif
|
||||
|
||||
/* unable to fetch status. skip. */
|
||||
if (der->buffer == NULL || der->length == 0)
|
||||
return 0;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (cert == NULL)
|
||||
return MEMORY_E;
|
||||
@@ -11924,26 +11933,27 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
else {
|
||||
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
|
||||
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
if (request == NULL) {
|
||||
FreeDecodedCert(cert);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return MEMORY_E;
|
||||
if (request) {
|
||||
ret = InitOcspRequest(request, cert, 0, ssl->heap);
|
||||
if (ret == 0) {
|
||||
/* make sure ctx OCSP request is updated */
|
||||
if (!ssl->buffers.weOwnCert) {
|
||||
wolfSSL_Mutex* ocspLock =
|
||||
&ssl->ctx->cm->ocsp_stapling->ocspLock;
|
||||
if (wc_LockMutex(ocspLock) == 0) {
|
||||
if (ssl->ctx->certOcspRequest == NULL)
|
||||
ssl->ctx->certOcspRequest = request;
|
||||
wc_UnLockMutex(ocspLock);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
request = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
ret = InitOcspRequest(request, cert, 0, ssl->heap);
|
||||
if (ret != 0) {
|
||||
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
}
|
||||
else if (!ssl->buffers.weOwnCert && 0 == wc_LockMutex(
|
||||
&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
|
||||
if (!ssl->ctx->certOcspRequest)
|
||||
ssl->ctx->certOcspRequest = request;
|
||||
|
||||
wc_UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock);
|
||||
else {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11962,10 +11972,11 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
&responses[0]);
|
||||
|
||||
/* Suppressing, not critical */
|
||||
if (ret == OCSP_CERT_REVOKED
|
||||
|| ret == OCSP_CERT_UNKNOWN
|
||||
|| ret == OCSP_LOOKUP_FAIL)
|
||||
if (ret == OCSP_CERT_REVOKED ||
|
||||
ret == OCSP_CERT_UNKNOWN ||
|
||||
ret == OCSP_LOOKUP_FAIL) {
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (request != ssl->ctx->certOcspRequest)
|
||||
@@ -11984,7 +11995,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
XMEMSET(&der, 0, sizeof(buffer));
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
|
||||
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (cert == NULL)
|
||||
return MEMORY_E;
|
||||
@@ -12011,23 +12022,30 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
|
||||
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
if (request == NULL) {
|
||||
FreeDecodedCert(cert);
|
||||
|
||||
ret = MEMORY_E;
|
||||
break;
|
||||
}
|
||||
|
||||
ret = InitOcspRequest(request, cert, 0, ssl->heap);
|
||||
if (ret != 0) {
|
||||
XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
break;
|
||||
if (ret == 0) {
|
||||
/* make sure ctx OCSP request is updated */
|
||||
if (!ssl->buffers.weOwnCertChain) {
|
||||
wolfSSL_Mutex* ocspLock =
|
||||
&ssl->ctx->cm->ocsp_stapling->ocspLock;
|
||||
if (wc_LockMutex(ocspLock) == 0) {
|
||||
if (ssl->ctx->chainOcspRequest[i] == NULL)
|
||||
ssl->ctx->chainOcspRequest[i] = request;
|
||||
wc_UnLockMutex(ocspLock);
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (!ssl->buffers.weOwnCertChain && 0 ==
|
||||
wc_LockMutex(
|
||||
&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
|
||||
if (!ssl->ctx->chainOcspRequest[i])
|
||||
ssl->ctx->chainOcspRequest[i] = request;
|
||||
|
||||
wc_UnLockMutex(
|
||||
&ssl->ctx->cm->ocsp_stapling->ocspLock);
|
||||
else {
|
||||
FreeDecodedCert(cert);
|
||||
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
request = NULL;
|
||||
break;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
@@ -12037,13 +12055,14 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
request, &responses[i + 1]);
|
||||
|
||||
/* Suppressing, not critical */
|
||||
if (ret == OCSP_CERT_REVOKED
|
||||
|| ret == OCSP_CERT_UNKNOWN
|
||||
|| ret == OCSP_LOOKUP_FAIL)
|
||||
if (ret == OCSP_CERT_REVOKED ||
|
||||
ret == OCSP_CERT_UNKNOWN ||
|
||||
ret == OCSP_LOOKUP_FAIL) {
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if (request != ssl->ctx->chainOcspRequest[i])
|
||||
XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
|
||||
i++;
|
||||
}
|
||||
@@ -12065,10 +12084,11 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||
request, &responses[++i]);
|
||||
|
||||
/* Suppressing, not critical */
|
||||
if (ret == OCSP_CERT_REVOKED
|
||||
|| ret == OCSP_CERT_UNKNOWN
|
||||
|| ret == OCSP_LOOKUP_FAIL)
|
||||
if (ret == OCSP_CERT_REVOKED ||
|
||||
ret == OCSP_CERT_UNKNOWN ||
|
||||
ret == OCSP_LOOKUP_FAIL) {
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17609,9 +17629,9 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
||||
}
|
||||
#ifndef NO_OLD_TLS
|
||||
else {
|
||||
/* if old TLS load MD5 hash as value to sign */
|
||||
XMEMCPY(ssl->buffers.sig.buffer, ssl->hsHashes->certHashes.md5,
|
||||
FINISHED_SZ);
|
||||
/* if old TLS load MD5 and SHA hash as value to sign */
|
||||
XMEMCPY(ssl->buffers.sig.buffer,
|
||||
(byte*)ssl->hsHashes->certHashes.md5, FINISHED_SZ);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -17767,11 +17787,6 @@ int SendCertificateVerify(WOLFSSL* ssl)
|
||||
args->inputSz);
|
||||
}
|
||||
|
||||
/* Check for error */
|
||||
if (ret != 0) {
|
||||
goto exit_scv;
|
||||
}
|
||||
|
||||
/* Advance state and proceed */
|
||||
ssl->options.asyncState = TLS_ASYNC_END;
|
||||
} /* case TLS_ASYNC_FINALIZE */
|
||||
|
||||
@@ -1024,45 +1024,72 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
||||
word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, maxLen;
|
||||
char reqSzStr[6];
|
||||
char* req = (char*)buf;
|
||||
const char* blankStr = " ";
|
||||
const char* http11Str = " HTTP/1.1";
|
||||
const char* hostStr = "\r\nHost: ";
|
||||
const char* contentLenStr = "\r\nContent-Length: ";
|
||||
const char* contentTypeStr = "\r\nContent-Type: ";
|
||||
const char* doubleCrLfStr = "\r\n\r\n";
|
||||
word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen,
|
||||
contentTypeStrLen, doubleCrLfStrLen;
|
||||
|
||||
reqTypeLen = (word32)XSTRLEN(reqType);
|
||||
domainNameLen = (word32)XSTRLEN(domainName);
|
||||
reqSzStrLen = wolfIO_Word16ToString(reqSzStr, (word16)reqSz);
|
||||
contentTypeLen = (word32)XSTRLEN(contentType);
|
||||
|
||||
/* determine max length */
|
||||
maxLen = reqTypeLen + domainNameLen + pathLen + reqSzStrLen + contentTypeLen + 56;
|
||||
blankStrLen = (word32)XSTRLEN(blankStr);
|
||||
http11StrLen = (word32)XSTRLEN(http11Str);
|
||||
hostStrLen = (word32)XSTRLEN(hostStr);
|
||||
contentLenStrLen = (word32)XSTRLEN(contentLenStr);
|
||||
contentTypeStrLen = (word32)XSTRLEN(contentTypeStr);
|
||||
doubleCrLfStrLen = (word32)XSTRLEN(doubleCrLfStr);
|
||||
|
||||
/* determine max length and check it */
|
||||
maxLen =
|
||||
reqTypeLen +
|
||||
blankStrLen +
|
||||
pathLen +
|
||||
http11StrLen +
|
||||
hostStrLen +
|
||||
domainNameLen +
|
||||
contentLenStrLen +
|
||||
reqSzStrLen +
|
||||
contentTypeStrLen +
|
||||
contentTypeLen +
|
||||
doubleCrLfStrLen +
|
||||
1 /* null term */;
|
||||
if (maxLen > (word32)bufSize)
|
||||
return 0;
|
||||
|
||||
XSTRNCPY((char*)buf, reqType, reqTypeLen);
|
||||
buf += reqTypeLen;
|
||||
XSTRNCPY((char*)buf, " ", 1);
|
||||
buf += 1;
|
||||
XSTRNCPY((char*)buf, blankStr, blankStrLen+1);
|
||||
buf += blankStrLen;
|
||||
XSTRNCPY((char*)buf, path, pathLen);
|
||||
buf += pathLen;
|
||||
XSTRNCPY((char*)buf, " HTTP/1.1", 9);
|
||||
buf += 9;
|
||||
XSTRNCPY((char*)buf, http11Str, http11StrLen+1);
|
||||
buf += http11StrLen;
|
||||
if (domainNameLen > 0) {
|
||||
XSTRNCPY((char*)buf, "\r\nHost: ", 8);
|
||||
buf += 8;
|
||||
XSTRNCPY((char*)buf, hostStr, hostStrLen+1);
|
||||
buf += hostStrLen;
|
||||
XSTRNCPY((char*)buf, domainName, domainNameLen);
|
||||
buf += domainNameLen;
|
||||
}
|
||||
if (reqSz > 0 && reqSzStrLen > 0) {
|
||||
XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
|
||||
buf += 18;
|
||||
XSTRNCPY((char*)buf, contentLenStr, contentLenStrLen+1);
|
||||
buf += contentLenStrLen;
|
||||
XSTRNCPY((char*)buf, reqSzStr, reqSzStrLen);
|
||||
buf += reqSzStrLen;
|
||||
}
|
||||
if (contentTypeLen > 0) {
|
||||
XSTRNCPY((char*)buf, "\r\nContent-Type: ", 16);
|
||||
buf += 16;
|
||||
XSTRNCPY((char*)buf, contentTypeStr, contentTypeStrLen+1);
|
||||
buf += contentTypeStrLen;
|
||||
XSTRNCPY((char*)buf, contentType, contentTypeLen);
|
||||
buf += contentTypeLen;
|
||||
}
|
||||
XSTRNCPY((char*)buf, "\r\n\r\n", 4);
|
||||
buf += 4;
|
||||
XSTRNCPY((char*)buf, doubleCrLfStr, doubleCrLfStrLen+1);
|
||||
buf += doubleCrLfStrLen;
|
||||
|
||||
#ifdef WOLFIO_DEBUG
|
||||
printf("HTTP %s: %s", reqType, req);
|
||||
|
||||
+16
-5
@@ -608,7 +608,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
|
||||
byte* p;
|
||||
int len;
|
||||
int dataAlloced = 0;
|
||||
OcspResponse* ret;
|
||||
OcspResponse* ret = NULL;
|
||||
|
||||
if (bio == NULL)
|
||||
return NULL;
|
||||
@@ -624,9 +624,18 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
|
||||
long l;
|
||||
|
||||
i = XFTELL(bio->file);
|
||||
if (i < 0)
|
||||
return NULL;
|
||||
XFSEEK(bio->file, 0, SEEK_END);
|
||||
l = XFTELL(bio->file);
|
||||
if (l < 0)
|
||||
return NULL;
|
||||
XFSEEK(bio->file, i, SEEK_SET);
|
||||
|
||||
/* check calulated length */
|
||||
if (l - i <= 0)
|
||||
return NULL;
|
||||
|
||||
data = (byte*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (data == NULL)
|
||||
return NULL;
|
||||
@@ -637,8 +646,10 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
|
||||
else
|
||||
return NULL;
|
||||
|
||||
p = data;
|
||||
ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
|
||||
if (len > 0) {
|
||||
p = data;
|
||||
ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
|
||||
}
|
||||
|
||||
if (dataAlloced)
|
||||
XFREE(data, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@@ -687,8 +698,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
GetSequence(*data, &idx, &length, len);
|
||||
(*data) += idx + length;
|
||||
if (GetSequence(*data, &idx, &length, len) >= 0)
|
||||
(*data) += idx + length;
|
||||
|
||||
return resp;
|
||||
}
|
||||
|
||||
@@ -674,8 +674,8 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len)
|
||||
if (ssl == NULL)
|
||||
return NULL;
|
||||
|
||||
cipher = wolfSSL_get_cipher_name_from_suite(ssl->options.cipherSuite0,
|
||||
ssl->options.cipherSuite);
|
||||
cipher = wolfSSL_get_cipher_name_from_suite(ssl->options.cipherSuite,
|
||||
ssl->options.cipherSuite0);
|
||||
len = min(len, (int)(XSTRLEN(cipher) + 1));
|
||||
XMEMCPY(buf, cipher, len);
|
||||
return buf;
|
||||
@@ -9000,9 +9000,11 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
|
||||
copyInto->ticket = copyInto->staticTicket;
|
||||
}
|
||||
|
||||
if (wc_UnLockMutex(&session_mutex) != 0) {
|
||||
if (ret == SSL_SUCCESS)
|
||||
ret = BAD_MUTEX_E;
|
||||
if (doDynamicCopy) {
|
||||
if (wc_UnLockMutex(&session_mutex) != 0) {
|
||||
if (ret == SSL_SUCCESS)
|
||||
ret = BAD_MUTEX_E;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret != SSL_SUCCESS) {
|
||||
@@ -16317,7 +16319,7 @@ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes)
|
||||
|
||||
|
||||
#ifdef WOLFSSL_DES_ECB
|
||||
/* Encrpyt or decrypt input message desa with key and get output in desb.
|
||||
/* Encrpyt or decrypt input message desa with key and get output in desb.
|
||||
* if enc is DES_ENCRYPT,input message is encrypted or
|
||||
* if enc is DES_DECRYPT,input message is decrypted.
|
||||
* */
|
||||
@@ -19565,6 +19567,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
|
||||
|
||||
/* set the cipher name on info */
|
||||
XSTRNCPY(info->name, cipher, NAME_SZ);
|
||||
info->name[NAME_SZ-1] = '\0'; /* null term */
|
||||
|
||||
/* Generate a random salt */
|
||||
if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != SSL_SUCCESS) {
|
||||
@@ -20736,17 +20739,16 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
|
||||
mp_clear(&a);
|
||||
mp_clear(&prime);
|
||||
|
||||
if (ret != MP_OKAY) {
|
||||
ret = SSL_FAILURE;
|
||||
}
|
||||
|
||||
/* set the external value for the computed point */
|
||||
if (ret != SSL_FAILURE) {
|
||||
if (ret == MP_OKAY) {
|
||||
/* set the external value for the computed point */
|
||||
ret = SetECPointInternal(r);
|
||||
if (ret != SSL_SUCCESS) {
|
||||
WOLFSSL_MSG("SetECPointInternal r failed");
|
||||
}
|
||||
}
|
||||
else {
|
||||
ret = SSL_FAILURE;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -22018,9 +22020,18 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
|
||||
|
||||
/* Read in next certificate from file but no more. */
|
||||
i = XFTELL(bp->file);
|
||||
if (i < 0)
|
||||
return NULL;
|
||||
XFSEEK(bp->file, 0, SEEK_END);
|
||||
l = XFTELL(bp->file);
|
||||
if (l < 0)
|
||||
return NULL;
|
||||
XFSEEK(bp->file, i, SEEK_SET);
|
||||
|
||||
/* check calulated length */
|
||||
if (l - i <= 0)
|
||||
return NULL;
|
||||
|
||||
pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (pem == NULL)
|
||||
return NULL;
|
||||
@@ -22582,10 +22593,13 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
|
||||
return NULL;
|
||||
|
||||
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
|
||||
if (bio == NULL)
|
||||
if (bio == NULL) {
|
||||
XFCLOSE(fp);
|
||||
return bio;
|
||||
}
|
||||
|
||||
if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != SSL_SUCCESS) {
|
||||
XFCLOSE(fp);
|
||||
wolfSSL_BIO_free(bio);
|
||||
bio = NULL;
|
||||
}
|
||||
|
||||
@@ -592,12 +592,13 @@ static INLINE int bench_stats_sym_check(double start)
|
||||
|
||||
static void bench_stats_sym_finish(const char* desc, int doAsync, int count, double start)
|
||||
{
|
||||
double total, persec;
|
||||
double total, persec = 0;
|
||||
|
||||
END_INTEL_CYCLES
|
||||
total = current_time(0) - start;
|
||||
|
||||
persec = 1 / total * count;
|
||||
if (count > 0)
|
||||
persec = 1 / total * count;
|
||||
#ifdef BENCH_EMBEDDED
|
||||
/* since using kB, convert to MB/s */
|
||||
persec = persec / 1024;
|
||||
@@ -618,10 +619,11 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count, dou
|
||||
static void bench_stats_asym_finish(const char* algo, int strength,
|
||||
const char* desc, int doAsync, int count, double start)
|
||||
{
|
||||
double total, each, opsSec, milliEach;
|
||||
double total, each = 0, opsSec, milliEach;
|
||||
|
||||
total = current_time(0) - start;
|
||||
each = total / count; /* per second */
|
||||
if (count > 0)
|
||||
each = total / count; /* per second */
|
||||
opsSec = count / total; /* ops/per second */
|
||||
milliEach = each * 1000; /* milliseconds */
|
||||
|
||||
@@ -1570,7 +1572,7 @@ void bench_chacha(void)
|
||||
void bench_chacha20_poly1305_aead(void)
|
||||
{
|
||||
double start;
|
||||
int i, count;
|
||||
int ret, i, count;
|
||||
|
||||
byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
|
||||
XMEMSET(authTag, 0, sizeof(authTag));
|
||||
@@ -1578,8 +1580,12 @@ void bench_chacha20_poly1305_aead(void)
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
for (i = 0; i < numBlocks; i++) {
|
||||
wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
|
||||
ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
|
||||
bench_plain, BENCH_SIZE, bench_cipher, authTag);
|
||||
if (ret < 0) {
|
||||
printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret);
|
||||
break;
|
||||
}
|
||||
}
|
||||
count += i;
|
||||
} while (bench_stats_sym_check(start));
|
||||
|
||||
+12
-5
@@ -7387,7 +7387,7 @@ static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz,
|
||||
|
||||
/* encode Subject Key Identifier, return total bytes written
|
||||
* RFC5280 : non-critical */
|
||||
static int SetSKID(byte* output, word32 outSz, byte *input, word32 length)
|
||||
static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
|
||||
{
|
||||
byte skid_len[1 + MAX_LENGTH_SZ];
|
||||
byte skid_enc_len[MAX_LENGTH_SZ];
|
||||
@@ -7921,9 +7921,11 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
/* SKID */
|
||||
if (cert->skidSz) {
|
||||
/* check the provided SKID size */
|
||||
if (cert->skidSz > (int)sizeof(der->skid))
|
||||
if (cert->skidSz > (int)sizeof(cert->skid))
|
||||
return SKID_E;
|
||||
|
||||
/* Note: different skid buffers sizes for der (MAX_KID_SZ) and
|
||||
cert (CTC_MAX_SKID_SIZE). */
|
||||
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
|
||||
cert->skid, cert->skidSz);
|
||||
if (der->skidSz <= 0)
|
||||
@@ -8645,9 +8647,11 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
|
||||
heap = eccKey->heap;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (certSignCtx == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (certSignCtx->sig == NULL) {
|
||||
certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
|
||||
@@ -8984,6 +8988,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
|
||||
/* Set KeyUsage from human readable string */
|
||||
int wc_SetKeyUsage(Cert *cert, const char *value)
|
||||
{
|
||||
int ret = 0;
|
||||
char *token, *str, *ptr;
|
||||
word32 len;
|
||||
|
||||
@@ -9025,14 +9030,16 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
|
||||
cert->keyUsage |= KEYUSE_ENCIPHER_ONLY;
|
||||
else if (!XSTRNCASECMP(token, "decipherOnly", len))
|
||||
cert->keyUsage |= KEYUSE_DECIPHER_ONLY;
|
||||
else
|
||||
return KEYUSAGE_E;
|
||||
else {
|
||||
ret = KEYUSAGE_E;
|
||||
break;
|
||||
}
|
||||
|
||||
token = XSTRTOK(NULL, ",", &ptr);
|
||||
}
|
||||
|
||||
XFREE(str, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
|
||||
|
||||
@@ -6562,9 +6562,13 @@ done:
|
||||
mp_clear(&tka);
|
||||
mp_clear(&order);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (kb[0])
|
||||
#endif
|
||||
ForceZero(kb[0], KB_SIZE);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (kb[1])
|
||||
#endif
|
||||
ForceZero(kb[1], KB_SIZE);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
|
||||
+3
-3
@@ -224,10 +224,10 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
if (ctx->enc)
|
||||
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
else
|
||||
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl);
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif /* WOLFSSL_DES_ECB */
|
||||
#endif /* !NO_DES3 */
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
+5
-20
@@ -286,25 +286,10 @@ int wc_LoggingInit(void)
|
||||
/* internal function that is called by wolfCrypt_Cleanup */
|
||||
int wc_LoggingCleanup(void)
|
||||
{
|
||||
if (wc_LockMutex(&debug_mutex) != 0) {
|
||||
WOLFSSL_MSG("Lock debug mutex failed");
|
||||
return BAD_MUTEX_E;
|
||||
}
|
||||
/* clear logging entries */
|
||||
wc_ClearErrorNodes();
|
||||
|
||||
/* free all nodes from error queue */
|
||||
{
|
||||
struct wc_error_queue* current;
|
||||
struct wc_error_queue* next;
|
||||
|
||||
current = (struct wc_error_queue*)wc_errors;
|
||||
while (current != NULL) {
|
||||
next = current->next;
|
||||
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
|
||||
current = next;
|
||||
}
|
||||
}
|
||||
|
||||
wc_UnLockMutex(&debug_mutex);
|
||||
/* free mutex */
|
||||
if (wc_FreeMutex(&debug_mutex) != 0) {
|
||||
WOLFSSL_MSG("Bad Mutex free");
|
||||
return BAD_MUTEX_E;
|
||||
@@ -473,6 +458,8 @@ void wc_RemoveErrorNode(int index)
|
||||
wc_UnLockMutex(&debug_mutex);
|
||||
}
|
||||
|
||||
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
|
||||
|
||||
/* Clears out the list of error nodes.
|
||||
*/
|
||||
void wc_ClearErrorNodes(void)
|
||||
@@ -499,8 +486,6 @@ void wc_ClearErrorNodes(void)
|
||||
wc_last_node = NULL;
|
||||
wc_UnLockMutex(&debug_mutex);
|
||||
}
|
||||
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
|
||||
|
||||
int wc_SetLoggingHeap(void* h)
|
||||
{
|
||||
|
||||
+1
-1
@@ -360,7 +360,7 @@ int wc_Md5Update(Md5* md5, const byte* data, word32 len)
|
||||
local = (byte*)md5->buffer;
|
||||
|
||||
/* check that internal buffLen is valid */
|
||||
if (md5->buffLen > MD5_BLOCK_SIZE)
|
||||
if (md5->buffLen >= MD5_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
while (len) {
|
||||
|
||||
@@ -4100,8 +4100,11 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
|
||||
/* encrypt content */
|
||||
ret = wc_PKCS7_GenerateIV(NULL, tmpIv, blockSz);
|
||||
if (ret != 0)
|
||||
if (ret != 0) {
|
||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->encryptionKey,
|
||||
pkcs7->encryptionKeySz, tmpIv, blockSz, plain, encryptedOutSz,
|
||||
@@ -4181,7 +4184,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
|
||||
WOLFSSL_MSG("PKCS#7 output buffer too small");
|
||||
if (pkcs7->unprotectedAttribsSz != 0) {
|
||||
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
|
||||
}
|
||||
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
|
||||
|
||||
@@ -257,9 +257,8 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Final(&sha, digest);
|
||||
|
||||
wc_Sha256Free(&sha);
|
||||
if (ret == 0) {
|
||||
wc_Sha256Free(&sha);
|
||||
|
||||
if (outSz > OUTPUT_BLOCK_LEN) {
|
||||
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
|
||||
outSz -= OUTPUT_BLOCK_LEN;
|
||||
@@ -342,8 +341,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
ret = wc_Sha256Update(&sha, data, sizeof(data));
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Final(&sha, digest);
|
||||
if (ret == 0)
|
||||
wc_Sha256Free(&sha);
|
||||
wc_Sha256Free(&sha);
|
||||
|
||||
if (ret == 0) {
|
||||
XMEMCPY(&checkBlock, digest, sizeof(word32));
|
||||
@@ -363,14 +361,14 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
drbg->lastBlock = checkBlock;
|
||||
}
|
||||
|
||||
if (out != NULL) {
|
||||
if (out != NULL && outSz != 0) {
|
||||
if (outSz >= OUTPUT_BLOCK_LEN) {
|
||||
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
|
||||
outSz -= OUTPUT_BLOCK_LEN;
|
||||
out += OUTPUT_BLOCK_LEN;
|
||||
array_add_one(data, DRBG_SEED_LEN);
|
||||
}
|
||||
else if (out != NULL && outSz != 0) {
|
||||
else if (out != NULL) {
|
||||
XMEMCPY(out, digest, outSz);
|
||||
outSz = 0;
|
||||
}
|
||||
@@ -430,8 +428,8 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
|
||||
ret = wc_Sha256Update(&sha, drbg->V, sizeof(drbg->V));
|
||||
if (ret == 0)
|
||||
ret = wc_Sha256Final(&sha, digest);
|
||||
if (ret == 0)
|
||||
wc_Sha256Free(&sha);
|
||||
|
||||
wc_Sha256Free(&sha);
|
||||
|
||||
if (ret == 0) {
|
||||
array_add(drbg->V, sizeof(drbg->V), digest, SHA256_DIGEST_SIZE);
|
||||
|
||||
+1
-1
@@ -432,7 +432,7 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
/* check that internal buffLen is valid */
|
||||
if (sha->buffLen > SHA_BLOCK_SIZE)
|
||||
if (sha->buffLen >= SHA_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
while (len) {
|
||||
|
||||
@@ -510,7 +510,7 @@ static int InitSha256(Sha256* sha256)
|
||||
local = (byte*)sha256->buffer;
|
||||
|
||||
/* check that internal buffLen is valid */
|
||||
if (sha256->buffLen > SHA256_BLOCK_SIZE)
|
||||
if (sha256->buffLen >= SHA256_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
SAVE_XMM_YMM; /* for Intel AVX */
|
||||
|
||||
@@ -529,7 +529,7 @@ static INLINE int Sha512Update(Sha512* sha512, const byte* data, word32 len)
|
||||
byte* local = (byte*)sha512->buffer;
|
||||
|
||||
/* check that internal buffLen is valid */
|
||||
if (sha512->buffLen > SHA512_BLOCK_SIZE)
|
||||
if (sha512->buffLen >= SHA512_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
SAVE_XMM_YMM; /* for Intel AVX */
|
||||
|
||||
+3
-1
@@ -552,6 +552,8 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
|
||||
byte counter[4];
|
||||
int r = BAD_FUNC_ARG;
|
||||
|
||||
XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
|
||||
|
||||
srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP);
|
||||
if (srp->key == NULL)
|
||||
return MEMORY_E;
|
||||
@@ -568,7 +570,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
|
||||
if (!r) r = SrpHashUpdate(&hash, secret, size);
|
||||
if (!r) r = SrpHashUpdate(&hash, counter, 4);
|
||||
|
||||
if(j + digestSz > srp->keySz) {
|
||||
if (j + digestSz > srp->keySz) {
|
||||
if (!r) r = SrpHashFinal(&hash, digest);
|
||||
XMEMCPY(srp->key + j, digest, srp->keySz - j);
|
||||
j = srp->keySz;
|
||||
|
||||
@@ -12863,14 +12863,14 @@ int pkcs7encrypted_test(void)
|
||||
|
||||
ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File);
|
||||
fclose(pkcs7File);
|
||||
|
||||
if (ret > 0)
|
||||
ret = 0;
|
||||
#endif
|
||||
|
||||
wc_PKCS7_Free(&pkcs7);
|
||||
}
|
||||
|
||||
if (ret > 0)
|
||||
return 0;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user