mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 14:00:48 +02:00
+1
-1
@@ -18819,7 +18819,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
if (ssl->options.handShakeState == HANDSHAKE_DONE && type == client_hello &&
|
||||
ssl->options.side == WOLFSSL_SERVER_END) {
|
||||
WOLFSSL_MSG("Renegotiation request rejected");
|
||||
SendAlert(ssl, alert_fatal, no_renegotiation);
|
||||
SendAlert(ssl, alert_warning, no_renegotiation);
|
||||
WOLFSSL_ERROR_VERBOSE(SECURE_RENEGOTIATION_E);
|
||||
return SECURE_RENEGOTIATION_E;
|
||||
}
|
||||
|
||||
@@ -7730,6 +7730,15 @@ int test_wc_AesEaxStream(void)
|
||||
ExpectIntEQ(wc_AesEaxEncryptFinal(NULL, tagBuf, WC_AES_BLOCK_SIZE),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
/* wc_AesEaxEncryptFinal authTagSz below WOLFSSL_MIN_AUTH_TAG_SZ must be
|
||||
* rejected, even on an otherwise valid context */
|
||||
ExpectIntEQ(wc_AesEaxInit(&eax, key1, sizeof(key1),
|
||||
nonce1, sizeof(nonce1), NULL, 0), 0);
|
||||
ExpectIntEQ(wc_AesEaxEncryptFinal(&eax, tagBuf,
|
||||
WOLFSSL_MIN_AUTH_TAG_SZ - 1),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_AesEaxFree(&eax), 0);
|
||||
|
||||
/* wc_AesEaxDecryptFinal NULL eax */
|
||||
ExpectIntEQ(wc_AesEaxDecryptFinal(NULL, tag1, sizeof(tag1)),
|
||||
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
+1
-1
@@ -17556,7 +17556,7 @@ int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz)
|
||||
word32 i;
|
||||
|
||||
if (eax == NULL || authTag == NULL || authTagSz == 0 ||
|
||||
authTagSz > WC_AES_BLOCK_SIZE) {
|
||||
authTagSz > WC_AES_BLOCK_SIZE || authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
@@ -55,6 +55,7 @@ This code assumes at least one is enabled
|
||||
int wc_tsip_MakeRsaKey(int size, void* ctx)
|
||||
{
|
||||
e_tsip_err_t ret;
|
||||
int wcRet = WC_HW_E;
|
||||
TsipUserCtx *info = (TsipUserCtx*)ctx;
|
||||
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
|
||||
tsip_rsa1024_key_pair_index_t *tsip_pair1024_key = NULL;
|
||||
@@ -148,6 +149,7 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
|
||||
info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
|
||||
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
|
||||
info->wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
|
||||
wcRet = 0;
|
||||
#endif
|
||||
}
|
||||
else if (size == 2048) {
|
||||
@@ -191,13 +193,31 @@ int wc_tsip_MakeRsaKey(int size, void* ctx)
|
||||
info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
|
||||
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
|
||||
info->wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
|
||||
wcRet = 0;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* hardware key generation failed; free the key pair buffer that
|
||||
* was allocated above so it does not leak, and report the error */
|
||||
WOLFSSL_MSG_EX("TSIP RSA key generation failed: %d", ret);
|
||||
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
|
||||
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
|
||||
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
|
||||
#endif
|
||||
wcRet = WC_HW_E;
|
||||
}
|
||||
tsip_hw_unlock();
|
||||
}
|
||||
else {
|
||||
/* could not obtain the TSIP hardware lock */
|
||||
WOLFSSL_MSG_EX("TSIP hardware lock failed: %d", ret);
|
||||
wcRet = WC_HW_E;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return wcRet;
|
||||
}
|
||||
|
||||
/* Generate TSIP key index if needed
|
||||
@@ -260,7 +280,9 @@ int wc_tsip_RsaFunction(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (tsip_RsakeyImport(tuc) == 0) {
|
||||
ret = tsip_RsakeyImport(tuc);
|
||||
|
||||
if (ret == 0) {
|
||||
type = info->pk.rsa.type;
|
||||
keySize = (int)tuc->wrappedKeyType;
|
||||
|
||||
@@ -364,7 +386,10 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
ret = CRYPTOCB_UNAVAILABLE;
|
||||
}
|
||||
|
||||
if (tsip_RsakeyImport(tuc) == 0) {
|
||||
if (ret == 0)
|
||||
ret = tsip_RsakeyImport(tuc);
|
||||
|
||||
if (ret == 0) {
|
||||
hashData.pdata = (uint8_t*)info->pk.rsa.out;
|
||||
hashData.data_length = *(info->pk.rsa.outLen);
|
||||
hashData.data_type =
|
||||
|
||||
@@ -644,6 +644,9 @@ int wc_Sha512_224Final(wc_Sha512* sha, byte* hash)
|
||||
wolfSSL_CryptHwMutexUnLock();
|
||||
}
|
||||
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
/* Reset state */
|
||||
return wc_InitSha512_224(sha);
|
||||
}
|
||||
|
||||
@@ -2175,6 +2175,10 @@ int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz,
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (rng == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
*rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG);
|
||||
if (*rng == NULL) {
|
||||
return MEMORY_E;
|
||||
|
||||
@@ -1575,7 +1575,7 @@ int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len)
|
||||
int ret = 0;
|
||||
|
||||
/* Validate parameters. */
|
||||
if ((key == NULL) || (len == NULL)) {
|
||||
if ((key == NULL) || (key->params == NULL) || (len == NULL)) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
else {
|
||||
|
||||
Reference in New Issue
Block a user