Initial pass at fixes for coverity scan.

This commit is contained in:
David Garske
2017-04-28 14:59:45 -07:00
parent 4387e1f08e
commit db63fe83d4
18 changed files with 239 additions and 169 deletions
+6 -8
View File
@@ -408,15 +408,13 @@ static int StartTLS_Init(SOCKET_T* sockfd)
if (sockfd == NULL)
return BAD_FUNC_ARG;
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
/* S: 220 <host> SMTP service ready */
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) {
printf("%s\n", tmpBuf);
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
} else {
err_sys("incorrect STARTTLS command received");
}
@@ -427,12 +425,12 @@ static int StartTLS_Init(SOCKET_T* sockfd)
err_sys("failed to send STARTTLS EHLO command\n");
/* S: 250 <host> offers a warm hug of welcome */
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) {
printf("%s\n", tmpBuf);
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
} else {
err_sys("incorrect STARTTLS command received");
}
@@ -444,12 +442,12 @@ static int StartTLS_Init(SOCKET_T* sockfd)
}
/* S: 220 Go ahead */
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf), 0) < 0)
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
err_sys("failed to read STARTTLS command\n");
if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
printf("%s\n", tmpBuf);
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
} else {
err_sys("incorrect STARTTLS command received, expected 220");
}
+92 -77
View File
@@ -8584,6 +8584,12 @@ static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
word32 idx = diff / DTLS_WORD_BITS;
word32 newDiff = diff % DTLS_WORD_BITS;
/* verify idx is valid for window array */
if (idx >= WOLFSSL_DTLS_WINDOW_WORDS) {
WOLFSSL_MSG("Invalid DTLS windows index");
return 0;
}
if (window[idx] & (1 << (newDiff - 1))) {
WOLFSSL_MSG("Current record sequence number already received.");
return 0;
@@ -11794,7 +11800,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
return 0;
if (!request || ssl->buffers.weOwnCert) {
if (request == NULL || ssl->buffers.weOwnCert) {
DerBuffer* der = ssl->buffers.certificate;
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* cert = NULL;
@@ -11822,25 +11828,27 @@ int SendCertificateStatus(WOLFSSL* ssl)
else {
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (request == NULL) {
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
if (request) {
ret = InitOcspRequest(request, cert, 0, ssl->heap);
if (ret == 0) {
/* make sure ctx OCSP request is updated */
if (!ssl->buffers.weOwnCert) {
wolfSSL_Mutex* ocspLock =
&ssl->ctx->cm->ocsp_stapling->ocspLock;
if (wc_LockMutex(ocspLock) == 0) {
if (ssl->ctx->certOcspRequest == NULL)
ssl->ctx->certOcspRequest = request;
wc_UnLockMutex(ocspLock);
}
}
}
else {
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
request = NULL;
}
}
ret = InitOcspRequest(request, cert, 0, ssl->heap);
if (ret != 0) {
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
else if (!ssl->buffers.weOwnCert && 0 == wc_LockMutex(
&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
if (!ssl->ctx->certOcspRequest)
ssl->ctx->certOcspRequest = request;
wc_UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock);
else {
ret = MEMORY_E;
}
}
@@ -11859,10 +11867,11 @@ int SendCertificateStatus(WOLFSSL* ssl)
&response);
/* Suppressing, not critical */
if (ret == OCSP_CERT_REVOKED
|| ret == OCSP_CERT_UNKNOWN
|| ret == OCSP_LOOKUP_FAIL)
if (ret == OCSP_CERT_REVOKED ||
ret == OCSP_CERT_UNKNOWN ||
ret == OCSP_LOOKUP_FAIL) {
ret = 0;
}
if (response.buffer) {
if (ret == 0)
@@ -11898,18 +11907,18 @@ int SendCertificateStatus(WOLFSSL* ssl)
if (!request || ssl->buffers.weOwnCert) {
DerBuffer* der = ssl->buffers.certificate;
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* cert = NULL;
#else
DecodedCert cert[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* cert = NULL;
#else
DecodedCert cert[1];
#endif
/* unable to fetch status. skip. */
if (der->buffer == NULL || der->length == 0)
return 0;
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return MEMORY_E;
@@ -11924,26 +11933,27 @@ int SendCertificateStatus(WOLFSSL* ssl)
else {
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (request == NULL) {
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return MEMORY_E;
if (request) {
ret = InitOcspRequest(request, cert, 0, ssl->heap);
if (ret == 0) {
/* make sure ctx OCSP request is updated */
if (!ssl->buffers.weOwnCert) {
wolfSSL_Mutex* ocspLock =
&ssl->ctx->cm->ocsp_stapling->ocspLock;
if (wc_LockMutex(ocspLock) == 0) {
if (ssl->ctx->certOcspRequest == NULL)
ssl->ctx->certOcspRequest = request;
wc_UnLockMutex(ocspLock);
}
}
}
else {
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
request = NULL;
}
}
ret = InitOcspRequest(request, cert, 0, ssl->heap);
if (ret != 0) {
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
}
else if (!ssl->buffers.weOwnCert && 0 == wc_LockMutex(
&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
if (!ssl->ctx->certOcspRequest)
ssl->ctx->certOcspRequest = request;
wc_UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock);
else {
ret = MEMORY_E;
}
}
@@ -11962,10 +11972,11 @@ int SendCertificateStatus(WOLFSSL* ssl)
&responses[0]);
/* Suppressing, not critical */
if (ret == OCSP_CERT_REVOKED
|| ret == OCSP_CERT_UNKNOWN
|| ret == OCSP_LOOKUP_FAIL)
if (ret == OCSP_CERT_REVOKED ||
ret == OCSP_CERT_UNKNOWN ||
ret == OCSP_LOOKUP_FAIL) {
ret = 0;
}
}
if (request != ssl->ctx->certOcspRequest)
@@ -11984,7 +11995,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
XMEMSET(&der, 0, sizeof(buffer));
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (cert == NULL)
return MEMORY_E;
@@ -12011,23 +12022,30 @@ int SendCertificateStatus(WOLFSSL* ssl)
request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (request == NULL) {
FreeDecodedCert(cert);
ret = MEMORY_E;
break;
}
ret = InitOcspRequest(request, cert, 0, ssl->heap);
if (ret != 0) {
XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
break;
if (ret == 0) {
/* make sure ctx OCSP request is updated */
if (!ssl->buffers.weOwnCertChain) {
wolfSSL_Mutex* ocspLock =
&ssl->ctx->cm->ocsp_stapling->ocspLock;
if (wc_LockMutex(ocspLock) == 0) {
if (ssl->ctx->chainOcspRequest[i] == NULL)
ssl->ctx->chainOcspRequest[i] = request;
wc_UnLockMutex(ocspLock);
}
}
}
else if (!ssl->buffers.weOwnCertChain && 0 ==
wc_LockMutex(
&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
if (!ssl->ctx->chainOcspRequest[i])
ssl->ctx->chainOcspRequest[i] = request;
wc_UnLockMutex(
&ssl->ctx->cm->ocsp_stapling->ocspLock);
else {
FreeDecodedCert(cert);
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
request = NULL;
break;
}
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
@@ -12037,13 +12055,14 @@ int SendCertificateStatus(WOLFSSL* ssl)
request, &responses[i + 1]);
/* Suppressing, not critical */
if (ret == OCSP_CERT_REVOKED
|| ret == OCSP_CERT_UNKNOWN
|| ret == OCSP_LOOKUP_FAIL)
if (ret == OCSP_CERT_REVOKED ||
ret == OCSP_CERT_UNKNOWN ||
ret == OCSP_LOOKUP_FAIL) {
ret = 0;
}
if (request != ssl->ctx->chainOcspRequest[i])
XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
i++;
}
@@ -12065,10 +12084,11 @@ int SendCertificateStatus(WOLFSSL* ssl)
request, &responses[++i]);
/* Suppressing, not critical */
if (ret == OCSP_CERT_REVOKED
|| ret == OCSP_CERT_UNKNOWN
|| ret == OCSP_LOOKUP_FAIL)
if (ret == OCSP_CERT_REVOKED ||
ret == OCSP_CERT_UNKNOWN ||
ret == OCSP_LOOKUP_FAIL) {
ret = 0;
}
}
}
@@ -17609,9 +17629,9 @@ int SendCertificateVerify(WOLFSSL* ssl)
}
#ifndef NO_OLD_TLS
else {
/* if old TLS load MD5 hash as value to sign */
XMEMCPY(ssl->buffers.sig.buffer, ssl->hsHashes->certHashes.md5,
FINISHED_SZ);
/* if old TLS load MD5 and SHA hash as value to sign */
XMEMCPY(ssl->buffers.sig.buffer,
(byte*)ssl->hsHashes->certHashes.md5, FINISHED_SZ);
}
#endif
@@ -17767,11 +17787,6 @@ int SendCertificateVerify(WOLFSSL* ssl)
args->inputSz);
}
/* Check for error */
if (ret != 0) {
goto exit_scv;
}
/* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_END;
} /* case TLS_ASYNC_FINALIZE */
+41 -14
View File
@@ -1024,45 +1024,72 @@ int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, maxLen;
char reqSzStr[6];
char* req = (char*)buf;
const char* blankStr = " ";
const char* http11Str = " HTTP/1.1";
const char* hostStr = "\r\nHost: ";
const char* contentLenStr = "\r\nContent-Length: ";
const char* contentTypeStr = "\r\nContent-Type: ";
const char* doubleCrLfStr = "\r\n\r\n";
word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen,
contentTypeStrLen, doubleCrLfStrLen;
reqTypeLen = (word32)XSTRLEN(reqType);
domainNameLen = (word32)XSTRLEN(domainName);
reqSzStrLen = wolfIO_Word16ToString(reqSzStr, (word16)reqSz);
contentTypeLen = (word32)XSTRLEN(contentType);
/* determine max length */
maxLen = reqTypeLen + domainNameLen + pathLen + reqSzStrLen + contentTypeLen + 56;
blankStrLen = (word32)XSTRLEN(blankStr);
http11StrLen = (word32)XSTRLEN(http11Str);
hostStrLen = (word32)XSTRLEN(hostStr);
contentLenStrLen = (word32)XSTRLEN(contentLenStr);
contentTypeStrLen = (word32)XSTRLEN(contentTypeStr);
doubleCrLfStrLen = (word32)XSTRLEN(doubleCrLfStr);
/* determine max length and check it */
maxLen =
reqTypeLen +
blankStrLen +
pathLen +
http11StrLen +
hostStrLen +
domainNameLen +
contentLenStrLen +
reqSzStrLen +
contentTypeStrLen +
contentTypeLen +
doubleCrLfStrLen +
1 /* null term */;
if (maxLen > (word32)bufSize)
return 0;
XSTRNCPY((char*)buf, reqType, reqTypeLen);
buf += reqTypeLen;
XSTRNCPY((char*)buf, " ", 1);
buf += 1;
XSTRNCPY((char*)buf, blankStr, blankStrLen+1);
buf += blankStrLen;
XSTRNCPY((char*)buf, path, pathLen);
buf += pathLen;
XSTRNCPY((char*)buf, " HTTP/1.1", 9);
buf += 9;
XSTRNCPY((char*)buf, http11Str, http11StrLen+1);
buf += http11StrLen;
if (domainNameLen > 0) {
XSTRNCPY((char*)buf, "\r\nHost: ", 8);
buf += 8;
XSTRNCPY((char*)buf, hostStr, hostStrLen+1);
buf += hostStrLen;
XSTRNCPY((char*)buf, domainName, domainNameLen);
buf += domainNameLen;
}
if (reqSz > 0 && reqSzStrLen > 0) {
XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
buf += 18;
XSTRNCPY((char*)buf, contentLenStr, contentLenStrLen+1);
buf += contentLenStrLen;
XSTRNCPY((char*)buf, reqSzStr, reqSzStrLen);
buf += reqSzStrLen;
}
if (contentTypeLen > 0) {
XSTRNCPY((char*)buf, "\r\nContent-Type: ", 16);
buf += 16;
XSTRNCPY((char*)buf, contentTypeStr, contentTypeStrLen+1);
buf += contentTypeStrLen;
XSTRNCPY((char*)buf, contentType, contentTypeLen);
buf += contentTypeLen;
}
XSTRNCPY((char*)buf, "\r\n\r\n", 4);
buf += 4;
XSTRNCPY((char*)buf, doubleCrLfStr, doubleCrLfStrLen+1);
buf += doubleCrLfStrLen;
#ifdef WOLFIO_DEBUG
printf("HTTP %s: %s", reqType, req);
+16 -5
View File
@@ -608,7 +608,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
byte* p;
int len;
int dataAlloced = 0;
OcspResponse* ret;
OcspResponse* ret = NULL;
if (bio == NULL)
return NULL;
@@ -624,9 +624,18 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
long l;
i = XFTELL(bio->file);
if (i < 0)
return NULL;
XFSEEK(bio->file, 0, SEEK_END);
l = XFTELL(bio->file);
if (l < 0)
return NULL;
XFSEEK(bio->file, i, SEEK_SET);
/* check calulated length */
if (l - i <= 0)
return NULL;
data = (byte*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
if (data == NULL)
return NULL;
@@ -637,8 +646,10 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
else
return NULL;
p = data;
ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
if (len > 0) {
p = data;
ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
}
if (dataAlloced)
XFREE(data, 0, DYNAMIC_TYPE_TMP_BUFFER);
@@ -687,8 +698,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
return NULL;
}
GetSequence(*data, &idx, &length, len);
(*data) += idx + length;
if (GetSequence(*data, &idx, &length, len) >= 0)
(*data) += idx + length;
return resp;
}
+27 -13
View File
@@ -674,8 +674,8 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len)
if (ssl == NULL)
return NULL;
cipher = wolfSSL_get_cipher_name_from_suite(ssl->options.cipherSuite0,
ssl->options.cipherSuite);
cipher = wolfSSL_get_cipher_name_from_suite(ssl->options.cipherSuite,
ssl->options.cipherSuite0);
len = min(len, (int)(XSTRLEN(cipher) + 1));
XMEMCPY(buf, cipher, len);
return buf;
@@ -9000,9 +9000,11 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
copyInto->ticket = copyInto->staticTicket;
}
if (wc_UnLockMutex(&session_mutex) != 0) {
if (ret == SSL_SUCCESS)
ret = BAD_MUTEX_E;
if (doDynamicCopy) {
if (wc_UnLockMutex(&session_mutex) != 0) {
if (ret == SSL_SUCCESS)
ret = BAD_MUTEX_E;
}
}
if (ret != SSL_SUCCESS) {
@@ -16317,7 +16319,7 @@ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes)
#ifdef WOLFSSL_DES_ECB
/* Encrpyt or decrypt input message desa with key and get output in desb.
/* Encrpyt or decrypt input message desa with key and get output in desb.
* if enc is DES_ENCRYPT,input message is encrypted or
* if enc is DES_DECRYPT,input message is decrypted.
* */
@@ -19565,6 +19567,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
/* set the cipher name on info */
XSTRNCPY(info->name, cipher, NAME_SZ);
info->name[NAME_SZ-1] = '\0'; /* null term */
/* Generate a random salt */
if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != SSL_SUCCESS) {
@@ -20736,17 +20739,16 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
mp_clear(&a);
mp_clear(&prime);
if (ret != MP_OKAY) {
ret = SSL_FAILURE;
}
/* set the external value for the computed point */
if (ret != SSL_FAILURE) {
if (ret == MP_OKAY) {
/* set the external value for the computed point */
ret = SetECPointInternal(r);
if (ret != SSL_SUCCESS) {
WOLFSSL_MSG("SetECPointInternal r failed");
}
}
else {
ret = SSL_FAILURE;
}
return ret;
}
@@ -22018,9 +22020,18 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
/* Read in next certificate from file but no more. */
i = XFTELL(bp->file);
if (i < 0)
return NULL;
XFSEEK(bp->file, 0, SEEK_END);
l = XFTELL(bp->file);
if (l < 0)
return NULL;
XFSEEK(bp->file, i, SEEK_SET);
/* check calulated length */
if (l - i <= 0)
return NULL;
pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL)
return NULL;
@@ -22582,10 +22593,13 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
return NULL;
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
if (bio == NULL)
if (bio == NULL) {
XFCLOSE(fp);
return bio;
}
if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != SSL_SUCCESS) {
XFCLOSE(fp);
wolfSSL_BIO_free(bio);
bio = NULL;
}
+12 -6
View File
@@ -592,12 +592,13 @@ static INLINE int bench_stats_sym_check(double start)
static void bench_stats_sym_finish(const char* desc, int doAsync, int count, double start)
{
double total, persec;
double total, persec = 0;
END_INTEL_CYCLES
total = current_time(0) - start;
persec = 1 / total * count;
if (count > 0)
persec = 1 / total * count;
#ifdef BENCH_EMBEDDED
/* since using kB, convert to MB/s */
persec = persec / 1024;
@@ -618,10 +619,11 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count, dou
static void bench_stats_asym_finish(const char* algo, int strength,
const char* desc, int doAsync, int count, double start)
{
double total, each, opsSec, milliEach;
double total, each = 0, opsSec, milliEach;
total = current_time(0) - start;
each = total / count; /* per second */
if (count > 0)
each = total / count; /* per second */
opsSec = count / total; /* ops/per second */
milliEach = each * 1000; /* milliseconds */
@@ -1570,7 +1572,7 @@ void bench_chacha(void)
void bench_chacha20_poly1305_aead(void)
{
double start;
int i, count;
int ret, i, count;
byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
XMEMSET(authTag, 0, sizeof(authTag));
@@ -1578,8 +1580,12 @@ void bench_chacha20_poly1305_aead(void)
bench_stats_start(&count, &start);
do {
for (i = 0; i < numBlocks; i++) {
wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, NULL, 0,
bench_plain, BENCH_SIZE, bench_cipher, authTag);
if (ret < 0) {
printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret);
break;
}
}
count += i;
} while (bench_stats_sym_check(start));
+12 -5
View File
@@ -7387,7 +7387,7 @@ static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz,
/* encode Subject Key Identifier, return total bytes written
* RFC5280 : non-critical */
static int SetSKID(byte* output, word32 outSz, byte *input, word32 length)
static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length)
{
byte skid_len[1 + MAX_LENGTH_SZ];
byte skid_enc_len[MAX_LENGTH_SZ];
@@ -7921,9 +7921,11 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* SKID */
if (cert->skidSz) {
/* check the provided SKID size */
if (cert->skidSz > (int)sizeof(der->skid))
if (cert->skidSz > (int)sizeof(cert->skid))
return SKID_E;
/* Note: different skid buffers sizes for der (MAX_KID_SZ) and
cert (CTC_MAX_SKID_SIZE). */
der->skidSz = SetSKID(der->skid, sizeof(der->skid),
cert->skid, cert->skidSz);
if (der->skidSz <= 0)
@@ -8645,9 +8647,11 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
heap = eccKey->heap;
}
#ifdef WOLFSSL_ASYNC_CRYPT
if (certSignCtx == NULL) {
return BAD_FUNC_ARG;
}
#endif
if (certSignCtx->sig == NULL) {
certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap,
@@ -8984,6 +8988,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
/* Set KeyUsage from human readable string */
int wc_SetKeyUsage(Cert *cert, const char *value)
{
int ret = 0;
char *token, *str, *ptr;
word32 len;
@@ -9025,14 +9030,16 @@ int wc_SetKeyUsage(Cert *cert, const char *value)
cert->keyUsage |= KEYUSE_ENCIPHER_ONLY;
else if (!XSTRNCASECMP(token, "decipherOnly", len))
cert->keyUsage |= KEYUSE_DECIPHER_ONLY;
else
return KEYUSAGE_E;
else {
ret = KEYUSAGE_E;
break;
}
token = XSTRTOK(NULL, ",", &ptr);
}
XFREE(str, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
return ret;
}
#endif /* WOLFSSL_CERT_EXT */
+4
View File
@@ -6562,9 +6562,13 @@ done:
mp_clear(&tka);
mp_clear(&order);
#ifdef WOLFSSL_SMALL_STACK
if (kb[0])
#endif
ForceZero(kb[0], KB_SIZE);
#ifdef WOLFSSL_SMALL_STACK
if (kb[1])
#endif
ForceZero(kb[1], KB_SIZE);
#ifdef WOLFSSL_SMALL_STACK
+3 -3
View File
@@ -224,10 +224,10 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
if (ctx->enc)
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
else
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl);
break;
#endif
#endif
#endif /* WOLFSSL_DES_ECB */
#endif /* !NO_DES3 */
default:
return 0;
}
+5 -20
View File
@@ -286,25 +286,10 @@ int wc_LoggingInit(void)
/* internal function that is called by wolfCrypt_Cleanup */
int wc_LoggingCleanup(void)
{
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return BAD_MUTEX_E;
}
/* clear logging entries */
wc_ClearErrorNodes();
/* free all nodes from error queue */
{
struct wc_error_queue* current;
struct wc_error_queue* next;
current = (struct wc_error_queue*)wc_errors;
while (current != NULL) {
next = current->next;
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
current = next;
}
}
wc_UnLockMutex(&debug_mutex);
/* free mutex */
if (wc_FreeMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Bad Mutex free");
return BAD_MUTEX_E;
@@ -473,6 +458,8 @@ void wc_RemoveErrorNode(int index)
wc_UnLockMutex(&debug_mutex);
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
/* Clears out the list of error nodes.
*/
void wc_ClearErrorNodes(void)
@@ -499,8 +486,6 @@ void wc_ClearErrorNodes(void)
wc_last_node = NULL;
wc_UnLockMutex(&debug_mutex);
}
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
int wc_SetLoggingHeap(void* h)
{
+1 -1
View File
@@ -360,7 +360,7 @@ int wc_Md5Update(Md5* md5, const byte* data, word32 len)
local = (byte*)md5->buffer;
/* check that internal buffLen is valid */
if (md5->buffLen > MD5_BLOCK_SIZE)
if (md5->buffLen >= MD5_BLOCK_SIZE)
return BUFFER_E;
while (len) {
+5 -2
View File
@@ -4100,8 +4100,11 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
/* encrypt content */
ret = wc_PKCS7_GenerateIV(NULL, tmpIv, blockSz);
if (ret != 0)
if (ret != 0) {
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
return ret;
}
ret = wc_PKCS7_EncryptContent(pkcs7->encryptOID, pkcs7->encryptionKey,
pkcs7->encryptionKeySz, tmpIv, blockSz, plain, encryptedOutSz,
@@ -4181,7 +4184,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz)
WOLFSSL_MSG("PKCS#7 output buffer too small");
if (pkcs7->unprotectedAttribsSz != 0) {
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS);
}
XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+6 -8
View File
@@ -257,9 +257,8 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
wc_Sha256Free(&sha);
if (ret == 0) {
wc_Sha256Free(&sha);
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
@@ -342,8 +341,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
ret = wc_Sha256Update(&sha, data, sizeof(data));
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
if (ret == 0)
wc_Sha256Free(&sha);
wc_Sha256Free(&sha);
if (ret == 0) {
XMEMCPY(&checkBlock, digest, sizeof(word32));
@@ -363,14 +361,14 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
drbg->lastBlock = checkBlock;
}
if (out != NULL) {
if (out != NULL && outSz != 0) {
if (outSz >= OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
array_add_one(data, DRBG_SEED_LEN);
}
else if (out != NULL && outSz != 0) {
else if (out != NULL) {
XMEMCPY(out, digest, outSz);
outSz = 0;
}
@@ -430,8 +428,8 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
ret = wc_Sha256Update(&sha, drbg->V, sizeof(drbg->V));
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
if (ret == 0)
wc_Sha256Free(&sha);
wc_Sha256Free(&sha);
if (ret == 0) {
array_add(drbg->V, sizeof(drbg->V), digest, SHA256_DIGEST_SIZE);
+1 -1
View File
@@ -432,7 +432,7 @@ int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
#endif /* WOLFSSL_ASYNC_CRYPT */
/* check that internal buffLen is valid */
if (sha->buffLen > SHA_BLOCK_SIZE)
if (sha->buffLen >= SHA_BLOCK_SIZE)
return BUFFER_E;
while (len) {
+1 -1
View File
@@ -510,7 +510,7 @@ static int InitSha256(Sha256* sha256)
local = (byte*)sha256->buffer;
/* check that internal buffLen is valid */
if (sha256->buffLen > SHA256_BLOCK_SIZE)
if (sha256->buffLen >= SHA256_BLOCK_SIZE)
return BUFFER_E;
SAVE_XMM_YMM; /* for Intel AVX */
+1 -1
View File
@@ -529,7 +529,7 @@ static INLINE int Sha512Update(Sha512* sha512, const byte* data, word32 len)
byte* local = (byte*)sha512->buffer;
/* check that internal buffLen is valid */
if (sha512->buffLen > SHA512_BLOCK_SIZE)
if (sha512->buffLen >= SHA512_BLOCK_SIZE)
return BUFFER_E;
SAVE_XMM_YMM; /* for Intel AVX */
+3 -1
View File
@@ -552,6 +552,8 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
byte counter[4];
int r = BAD_FUNC_ARG;
XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP);
if (srp->key == NULL)
return MEMORY_E;
@@ -568,7 +570,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
if (!r) r = SrpHashUpdate(&hash, secret, size);
if (!r) r = SrpHashUpdate(&hash, counter, 4);
if(j + digestSz > srp->keySz) {
if (j + digestSz > srp->keySz) {
if (!r) r = SrpHashFinal(&hash, digest);
XMEMCPY(srp->key + j, digest, srp->keySz - j);
j = srp->keySz;
+3 -3
View File
@@ -12863,14 +12863,14 @@ int pkcs7encrypted_test(void)
ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File);
fclose(pkcs7File);
if (ret > 0)
ret = 0;
#endif
wc_PKCS7_Free(&pkcs7);
}
if (ret > 0)
return 0;
return ret;
}