Merge pull request #886 from dgarske/fixes_coverity2

Fixes for coverity scan (part 2)
This commit is contained in:
toddouska 2017-05-02 08:53:03 -07:00 committed by GitHub
commit 27aafd674a
14 changed files with 330 additions and 258 deletions

View File

@ -5328,9 +5328,15 @@ int SendBuffered(WOLFSSL* ssl)
static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
{
byte* tmp;
#if WOLFSSL_GENERAL_ALIGNMENT > 0
byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
RECORD_HEADER_SZ;
byte align = WOLFSSL_GENERAL_ALIGNMENT;
byte align = WOLFSSL_GENERAL_ALIGNMENT;
#else
const byte align = WOLFSSL_GENERAL_ALIGNMENT;
#endif
#if WOLFSSL_GENERAL_ALIGNMENT > 0
/* the encrypted data will be offset from the front of the buffer by
the header, if the user wants encrypted alignment they need
to define their alignment requirement */
@ -5339,14 +5345,19 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
while (align < hdrSz)
align *= 2;
}
#endif
tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align,
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align,
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
WOLFSSL_MSG("growing output buffer\n");
if (!tmp) return MEMORY_E;
if (tmp == NULL)
return MEMORY_E;
#if WOLFSSL_GENERAL_ALIGNMENT > 0
if (align)
tmp += align - hdrSz;
#endif
if (ssl->buffers.outputBuffer.length)
XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
@ -5357,10 +5368,14 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
ssl->buffers.outputBuffer.offset, ssl->heap,
DYNAMIC_TYPE_OUT_BUFFER);
ssl->buffers.outputBuffer.dynamicFlag = 1;
#if WOLFSSL_GENERAL_ALIGNMENT > 0
if (align)
ssl->buffers.outputBuffer.offset = align - hdrSz;
else
#endif
ssl->buffers.outputBuffer.offset = 0;
ssl->buffers.outputBuffer.buffer = tmp;
ssl->buffers.outputBuffer.bufferSize = size +
ssl->buffers.outputBuffer.length;
@ -5372,8 +5387,14 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
{
byte* tmp;
byte hdrSz = DTLS_RECORD_HEADER_SZ;
#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0;
byte hdrSz = DTLS_RECORD_HEADER_SZ;
#else
const byte align = WOLFSSL_GENERAL_ALIGNMENT;
#endif
#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
/* the encrypted data will be offset from the front of the buffer by
the dtls record header, if the user wants encrypted alignment they need
to define their alignment requirement. in tls we read record header
@ -5383,19 +5404,24 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
while (align < hdrSz)
align *= 2;
}
#endif
if (usedLength < 0 || size < 0) {
WOLFSSL_MSG("GrowInputBuffer() called with negative number");
return BAD_FUNC_ARG;
}
tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap,
DYNAMIC_TYPE_IN_BUFFER);
tmp = (byte*)XMALLOC(size + usedLength + align,
ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
WOLFSSL_MSG("growing input buffer\n");
if (!tmp) return MEMORY_E;
if (tmp == NULL)
return MEMORY_E;
#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
if (align)
tmp += align - hdrSz;
#endif
if (usedLength)
XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
@ -5406,10 +5432,13 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
ssl->buffers.inputBuffer.dynamicFlag = 1;
#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
if (align)
ssl->buffers.inputBuffer.offset = align - hdrSz;
else
#endif
ssl->buffers.inputBuffer.offset = 0;
ssl->buffers.inputBuffer.buffer = tmp;
ssl->buffers.inputBuffer.bufferSize = size + usedLength;
ssl->buffers.inputBuffer.idx = 0;
@ -6945,16 +6974,14 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ParseCertRelative(args->dCert, CERT_TYPE,
!ssl->options.verifyNone, ssl->ctx->cm);
if (ret != 0) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl,
args->dCert->sigCtx.asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl,
args->dCert->sigCtx.asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
goto exit_dc;
}
#endif
#ifndef NO_SKID
subjectHash = args->dCert->extSubjKeyId;
@ -7111,16 +7138,14 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
{ /* only parse if not already present in dCert from above */
ret = ParseCertRelative(args->dCert, CERT_TYPE,
!ssl->options.verifyNone, ssl->ctx->cm);
if (ret != 0) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl,
args->dCert->sigCtx.asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
if (ret == WC_PENDING_E) {
ret = wolfSSL_AsyncPush(ssl,
args->dCert->sigCtx.asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
goto exit_dc;
}
#endif
}
if (ret == 0) {
@ -16069,11 +16094,6 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
}
#endif
/* Check for error */
if (ret != 0) {
goto exit_dske;
}
/* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_END;
} /* case TLS_ASYNC_FINALIZE */
@ -17286,11 +17306,6 @@ int SendClientKeyExchange(WOLFSSL* ssl)
args->inputSz);
}
/* Check for error */
if (ret != 0) {
goto exit_scke;
}
/* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_END;
} /* case TLS_ASYNC_FINALIZE */
@ -19558,11 +19573,6 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
#endif
/* Check for error */
if (ret != 0) {
goto exit_sske;
}
/* Advance state and proceed */
ssl->options.asyncState = TLS_ASYNC_END;
} /* case TLS_ASYNC_FINALIZE */

View File

@ -537,7 +537,6 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
if (cm == NULL)
return NULL;
ret = AllocDer(&derCert, issuer->derCert->length,
issuer->derCert->type, NULL);
if (ret == 0) {
@ -556,8 +555,13 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
certId = NULL;
}
else
InitOcspRequest(certId, &cert, 0, NULL);
else {
ret = InitOcspRequest(certId, &cert, 0, NULL);
if (ret != 0) {
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
certId = NULL;
}
}
FreeDecodedCert(&cert);
}

View File

@ -1173,9 +1173,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
return -1;
}
ret = (int)XFREAD(loadBuf, fileSz, 1, file);
ret = (int)XFREAD(loadBuf, 1, fileSz, file);
XFCLOSE(file);
if (ret != fileSz) {
free(loadBuf);
return -1;
}
if (typeKey == SSL_FILETYPE_PEM) {
byte* saveBuf = (byte*)malloc(fileSz);
int saveBufSz = 0;

100
src/ssl.c
View File

@ -4550,9 +4550,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#ifdef HAVE_ECC
/* could have DER ECC (or pkcs8 ecc), no easy way to tell */
eccKey = 1; /* so try it out */
#else
WOLFSSL_MSG("RSA decode failed and ECC not enabled to try");
ret = SSL_BAD_FILE;
#endif
if (!eccKey)
ret = SSL_BAD_FILE;
} else {
/* check that the size of the RSA key is enough */
int RsaSz = wc_RsaEncryptSize((RsaKey*)key);
@ -5395,12 +5396,12 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
}
dynamic = 1;
}
else if (sz < 0) {
else if (sz <= 0) {
XFCLOSE(file);
return SSL_BAD_FILE;
}
if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
ret = SSL_BAD_FILE;
else {
if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE)
@ -5514,7 +5515,7 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
sz = XFTELL(file);
XREWIND(file);
if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) {
if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
WOLFSSL_MSG("CertManagerVerify file bad size");
XFCLOSE(file);
return SSL_BAD_FILE;
@ -5530,7 +5531,7 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
dynamic = 1;
}
if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
ret = SSL_BAD_FILE;
else
ret = wolfSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
@ -5829,7 +5830,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
sz = XFTELL(file);
XREWIND(file);
if (sz < 0) {
if (sz <= 0) {
ret = SSL_BAD_FILE;
}
else if (sz > (long)sizeof(staticBuffer)) {
@ -5845,7 +5846,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
}
if (ret == 0) {
if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) {
if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) {
ret = SSL_BAD_FILE;
}
else {
@ -5915,7 +5916,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
sz = XFTELL(file);
XREWIND(file);
if (sz < 0) {
if (sz <= 0) {
ret = SSL_BAD_FILE;
}
else if (sz > (long)sizeof(staticBuffer)) {
@ -5930,7 +5931,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
dynamic = 1;
}
if (ret == 0) {
if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz)
ret = SSL_BAD_FILE;
else
ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted,
@ -6082,12 +6083,12 @@ static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
}
dynamic = 1;
}
else if (sz < 0) {
else if (sz <= 0) {
XFCLOSE(file);
return SSL_BAD_FILE;
}
if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
ret = SSL_BAD_FILE;
else {
if (ssl)
@ -7873,6 +7874,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
const byte* secret, word32 secretSz)
{
int ret = 0;
WOLFSSL_ENTER("wolfSSL_DTLS_SetCookieSecret");
if (ssl == NULL) {
@ -7911,14 +7914,15 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}
/* If the supplied secret is NULL, randomly generate a new secret. */
if (secret == NULL)
wc_RNG_GenerateBlock(ssl->rng,
if (secret == NULL) {
ret = wc_RNG_GenerateBlock(ssl->rng,
ssl->buffers.dtlsCookieSecret.buffer, secretSz);
}
else
XMEMCPY(ssl->buffers.dtlsCookieSecret.buffer, secret, secretSz);
WOLFSSL_LEAVE("wolfSSL_DTLS_SetCookieSecret", 0);
return 0;
return ret;
}
#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
@ -12099,14 +12103,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
else
wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
break;
#ifdef WOLFSSL_DES_ECB
case DES_ECB_TYPE :
if (ctx->enc)
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
else
ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len);
break;
#endif
case DES_EDE3_CBC_TYPE :
if (ctx->enc)
ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
@ -12114,14 +12110,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
break;
#ifdef WOLFSSL_DES_ECB
case DES_EDE3_ECB_TYPE :
if (ctx->enc)
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
else
ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len);
case DES_ECB_TYPE :
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
break;
case DES_EDE3_ECB_TYPE :
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
break;
#endif
#endif
#endif /* !NO_DES3 */
#ifndef NO_RC4
case ARC4_TYPE :
@ -12149,7 +12145,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ret != 0) {
WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
return 0; /* failuer */
return 0; /* failure */
}
WOLFSSL_MSG("wolfSSL_EVP_Cipher success");
@ -13614,8 +13610,8 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
if (fileBuffer != NULL) {
int ret = (int)XFREAD(fileBuffer, sz, 1, file);
if (ret > 0) {
int ret = (int)XFREAD(fileBuffer, 1, sz, file);
if (ret == sz) {
newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
}
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
@ -13671,8 +13667,8 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
return NULL;
}
ret = (int)XFREAD(fileBuffer, sz, 1, file);
if (ret < 0) {
ret = (int)XFREAD(fileBuffer, 1, sz, file);
if (ret != sz) {
XFCLOSE(file);
if (dynamic)
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
@ -15909,7 +15905,7 @@ WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx)
WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_value");
return NULL;
}
WOLFSSL_API void ERR_load_SSL_strings(void)
{
@ -16340,16 +16336,9 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
WOLFSSL_MSG("wc_Des_SetKey return error.");
return;
}
if (enc){
if (wc_Des_EcbEncrypt(&myDes, (byte*) desb,
(const byte*) desa, sizeof(WOLFSSL_DES_cblock)) != 0){
WOLFSSL_MSG("wc_Des_EcbEncrpyt return error.");
}
} else {
if (wc_Des_EcbDecrypt(&myDes, (byte*) desb,
(const byte*) desa, sizeof(WOLFSSL_DES_cblock)) != 0){
WOLFSSL_MSG("wc_Des_EcbDecrpyt return error.");
}
if (wc_Des_EcbEncrypt(&myDes, (byte*) desb,
(const byte*)desa, sizeof(WOLFSSL_DES_cblock)) != 0){
WOLFSSL_MSG("wc_Des_EcbEncrypt return error.");
}
}
}
@ -16772,7 +16761,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
byte* myBuffer = staticBuffer;
int dynamic = 0;
XFILE file = XBADFILE;
long sz = 0;
size_t sz = 0;
int eccKey = 0;
WOLFSSL_CTX* ctx = ssl->ctx;
WOLFSSL_X509* peer_cert = &ssl->peerCert;
@ -16806,7 +16795,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
if ((myBuffer != NULL) &&
(sz > 0) &&
(XFREAD(myBuffer, sz, 1, file) > 0) &&
(XFREAD(myBuffer, 1, sz, file) == sz) &&
(PemToDer(myBuffer, sz, CERT_TYPE,
&fileDer, ctx->heap, info, &eccKey) == 0) &&
(fileDer->length != 0) &&
@ -17063,8 +17052,13 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
if (bn_one == NULL) {
bn_one = wolfSSL_BN_new();
if (bn_one)
mp_set_int((mp_int*)bn_one->internal, 1);
if (bn_one) {
if (mp_set_int((mp_int*)bn_one->internal, 1) != MP_OKAY) {
/* handle error by freeing BN and returning NULL */
wolfSSL_BN_free(bn_one);
bn_one = NULL;
}
}
}
return bn_one;
@ -22161,22 +22155,22 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
#ifndef NO_FILESYSTEM
XFILE fp;
WOLFSSL_ENTER("wolfSSL_BIO_new_file");
if ((wolfSSL_BIO_get_fp(b, &fp) == SSL_SUCCESS) && (fp != NULL))
{
XFCLOSE(fp);
}
fp = XFOPEN(name, "r");
if (fp == NULL)
return SSL_BAD_FILE;
if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != SSL_SUCCESS) {
return SSL_BAD_FILE;
}
return SSL_SUCCESS;
#else
(void)name;

View File

@ -1648,7 +1648,7 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
void* heap)
{
TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
TLSX* extension;
SNI* sni = NULL;
if (extensions == NULL || data == NULL)
@ -1657,6 +1657,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL)
return MEMORY_E;
extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
if (!extension) {
int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap);
if (ret != 0) {
@ -1698,7 +1699,8 @@ word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
switch (sni->type) {
case WOLFSSL_SNI_HOST_NAME:
*data = sni->data.host_name;
if (data)
*data = sni->data.host_name;
return (word16)XSTRLEN((char*)*data);
}
}
@ -3175,7 +3177,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
{
TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
TLSX* extension;
EllipticCurve* curve = NULL;
int ret = 0;
@ -3185,6 +3187,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0)
return ret;
extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
if (!extension) {
if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap))
!= 0) {

View File

@ -347,8 +347,9 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, 0));
/* invalid ca file */
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
#ifndef WOLFSSL_TIRTOS
/* invalid path */
@ -3060,7 +3061,7 @@ static void test_wolfSSL_DES_ecb_encrypt(void)
/* Decrypt messages */
int ret1 = 0;
int ret2 = 0;
int ret2 = 0;
wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
ret1 = memcmp((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
AssertIntEQ(ret1,0);

View File

@ -1322,7 +1322,11 @@ void bench_poly1305()
bench_stats_start(&count, &start);
do {
for (i = 0; i < numBlocks; i++) {
wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE);
ret = wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE);
if (ret != 0) {
printf("Poly1305Update failed: %d\n", ret);
break;
}
}
wc_Poly1305Final(&enc, mac);
count += i;
@ -2121,14 +2125,14 @@ void bench_cmac(void)
double start;
int ret, i, count;
ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL);
if (ret != 0) {
printf("InitCmac failed, ret = %d\n", ret);
return;
}
bench_stats_start(&count, &start);
do {
ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL);
if (ret != 0) {
printf("InitCmac failed, ret = %d\n", ret);
return;
}
for (i = 0; i < numBlocks; i++) {
ret = wc_CmacUpdate(&cmac, bench_plain, BENCH_SIZE);
if (ret != 0) {
@ -2136,6 +2140,7 @@ void bench_cmac(void)
return;
}
}
/* Note: final force zero's the Cmac struct */
ret = wc_CmacFinal(&cmac, digest, &digestSz);
if (ret != 0) {
printf("CmacFinal failed, ret = %d\n", ret);
@ -2292,7 +2297,9 @@ void bench_rsa(int doAsync)
}
#ifdef WC_RSA_BLINDING
wc_RsaSetRNG(&rsaKey[i], &rng);
ret = wc_RsaSetRNG(&rsaKey[i], &rng);
if (ret != 0)
goto exit;
#endif
/* decode the private key */
@ -3025,11 +3032,24 @@ void bench_eccEncrypt(void)
int ret, i, count;
double start;
wc_ecc_init_ex(&userA, HEAP_HINT, devId);
ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
if (ret != 0) {
printf("wc_ecc_encrypt make key A failed: %d\n", ret);
return;
}
wc_ecc_init_ex(&userB, HEAP_HINT, devId);
if (ret != 0) {
printf("wc_ecc_encrypt make key B failed: %d\n", ret);
wc_ecc_free(&userA);
return;
}
wc_ecc_make_key(&rng, keySize, &userA);
wc_ecc_make_key(&rng, keySize, &userB);
ret = wc_ecc_make_key(&rng, keySize, &userA);
if (ret != 0)
goto exit;
ret = wc_ecc_make_key(&rng, keySize, &userB);
if (ret != 0)
goto exit;
for (i = 0; i < (int)sizeof(msg); i++)
msg[i] = i;
@ -3064,6 +3084,12 @@ exit_enc:
exit_dec:
bench_stats_asym_finish("ECC", keySize * 8, "decrypt", 0, count, start);
exit:
if (ret != 0) {
printf("bench_eccEncrypt failed! %d\n", ret);
}
/* cleanup */
wc_ecc_free(&userB);
wc_ecc_free(&userA);
@ -3076,14 +3102,18 @@ void bench_curve25519KeyGen(void)
{
curve25519_key genKey;
double start;
int i, count;
int ret, i, count;
/* Key Gen */
bench_stats_start(&count, &start);
do {
for (i = 0; i < genTimes; i++) {
wc_curve25519_make_key(&rng, 32, &genKey);
ret = wc_curve25519_make_key(&rng, 32, &genKey);
wc_curve25519_free(&genKey);
if (ret != 0) {
printf("wc_curve25519_make_key failed: %d\n", ret);
break;
}
}
count += i;
} while (bench_stats_sym_check(start));
@ -3109,7 +3139,8 @@ void bench_curve25519KeyAgree(void)
}
ret = wc_curve25519_make_key(&rng, 32, &genKey2);
if (ret != 0) {
printf("curve25519_make_key failed\n");
printf("curve25519_make_key failed: %d\n", ret);
wc_curve25519_free(&genKey);
return;
}
@ -3120,7 +3151,7 @@ void bench_curve25519KeyAgree(void)
x = sizeof(shared);
ret = wc_curve25519_shared_secret(&genKey, &genKey2, shared, &x);
if (ret != 0) {
printf("curve25519_shared_secret failed\n");
printf("curve25519_shared_secret failed: %d\n", ret);
goto exit;
}
}

View File

@ -2372,56 +2372,63 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
int* algoID, void* heap)
{
word32 tmpIdx = 0;
#ifdef HAVE_ECC
#ifdef HAVE_ECC
ecc_key ecc;
#endif
#ifndef NO_RSA
#endif
#ifndef NO_RSA
RsaKey rsa;
#endif
#endif
if (algoID == NULL) {
return BAD_FUNC_ARG;
}
*algoID = 0;
#ifndef NO_RSA
wc_InitRsaKey(&rsa, heap);
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) {
*algoID = RSAk;
}
else {
WOLFSSL_MSG("Not RSA DER key");
}
wc_FreeRsaKey(&rsa);
#endif /* NO_RSA */
#ifdef HAVE_ECC
if (*algoID != RSAk) {
tmpIdx = 0;
wc_ecc_init_ex(&ecc, heap, INVALID_DEVID);
if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {
*algoID = ECDSAk;
/* sanity check on arguments */
if (curveOID == NULL || oidSz == NULL) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(&ecc);
return BAD_FUNC_ARG;
}
/* now find oid */
if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(&ecc);
return BAD_FUNC_ARG;
}
#ifndef NO_RSA
if (wc_InitRsaKey(&rsa, heap) == 0) {
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) {
*algoID = RSAk;
}
else {
WOLFSSL_MSG("Not ECC DER key either");
WOLFSSL_MSG("Not RSA DER key");
}
wc_ecc_free(&ecc);
wc_FreeRsaKey(&rsa);
}
#endif /* HAVE_ECC */
else {
WOLFSSL_MSG("GetKeyOID wc_InitRsaKey failed");
}
#endif /* NO_RSA */
#ifdef HAVE_ECC
if (*algoID != RSAk) {
tmpIdx = 0;
if (wc_ecc_init_ex(&ecc, heap, INVALID_DEVID) == 0) {
if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {
*algoID = ECDSAk;
/* sanity check on arguments */
if (curveOID == NULL || oidSz == NULL) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(&ecc);
return BAD_FUNC_ARG;
}
/* now find oid */
if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(&ecc);
return BAD_FUNC_ARG;
}
}
else {
WOLFSSL_MSG("Not ECC DER key either");
}
wc_ecc_free(&ecc);
}
else {
WOLFSSL_MSG("GetKeyOID wc_ecc_init_ex failed");
}
}
#endif /* HAVE_ECC */
/* if flag is not set then is neither RSA or ECC key that could be
* found */
@ -6405,9 +6412,13 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
/* extra header information for encrypted key */
if (cipher_info != NULL) {
size_t cipherInfoStrLen = XSTRLEN((char*)cipher_info);
if (cipherInfoStrLen > HEADER_ENCRYPTED_KEY_SIZE - (23+10+2))
cipherInfoStrLen = HEADER_ENCRYPTED_KEY_SIZE - (23+10+2);
XSTRNCAT(header, "Proc-Type: 4,ENCRYPTED\n", 23);
XSTRNCAT(header, "DEK-Info: ", 10);
XSTRNCAT(header, (char*)cipher_info, XSTRLEN((char*)cipher_info));
XSTRNCAT(header, (char*)cipher_info, cipherInfoStrLen);
XSTRNCAT(header, "\n\n", 2);
}
@ -7438,27 +7449,26 @@ static int SetAKID(byte* output, word32 outSz,
{
byte *enc_val;
int ret, enc_valSz;
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04};
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 };
static const byte akid_cs[] = { 0x80 };
if (output == NULL || input == NULL)
return BAD_FUNC_ARG;
enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), heap,
DYNAMIC_TYPE_TMP_BUFFER);
enc_valSz = length + 3 + sizeof(akid_cs);
enc_val = (byte *)XMALLOC(enc_valSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (enc_val == NULL)
return MEMORY_E;
/* sequence for ContentSpec & value */
enc_valSz = SetOidValue(enc_val, length+3+sizeof(akid_cs),
akid_cs, sizeof(akid_cs), input, length);
if (enc_valSz == 0) {
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
ret = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs),
input, length);
if (ret > 0) {
enc_valSz = ret;
ret = SetOidValue(output, outSz, akid_oid,
sizeof(akid_oid), enc_val, enc_valSz);
ret = SetOidValue(output, outSz, akid_oid, sizeof(akid_oid),
enc_val, enc_valSz);
}
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
@ -7921,7 +7931,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* SKID */
if (cert->skidSz) {
/* check the provided SKID size */
if (cert->skidSz > (int)sizeof(cert->skid))
if (cert->skidSz > (int)sizeof(der->skid))
return SKID_E;
/* Note: different skid buffers sizes for der (MAX_KID_SZ) and

View File

@ -1864,6 +1864,10 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
err = mp_copy(P->y, y);
if (err == MP_OKAY)
err = mp_copy(P->z, z);
if (err != MP_OKAY) {
goto done;
}
#else
/* Use destination directly */
x = P->x;
@ -1871,10 +1875,6 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
z = P->z;
#endif
if (err != MP_OKAY) {
goto done;
}
/* first map z back to normal */
err = mp_montgomery_reduce(z, modulus, mp);
@ -1913,10 +1913,11 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
err = mp_copy(y, P->y);
if (err == MP_OKAY)
err = mp_copy(z, P->z);
#endif
done:
/* clean up */
#endif
/* clean up */
mp_clear(&t1);
mp_clear(&t2);
@ -6132,8 +6133,6 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
if (err != MP_OKAY)
break;
for (y = 0; y < (1UL<<FP_LUT); y++) {
if (err != MP_OKAY)
break;
if (lut_orders[y].ham != (int)x) continue;
/* perform the add */

View File

@ -172,15 +172,17 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out,
const unsigned char *in, int inl)
{
int ret = 0;
switch (ctx->cipherType) {
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
if (ctx->enc)
wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
else
wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
break;
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
@ -198,43 +200,45 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
if (ctx->enc)
wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
else
wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
break;
#endif
#ifndef NO_DES3
case DES_CBC_TYPE:
if (ctx->enc)
wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
else
wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
break;
case DES_EDE3_CBC_TYPE:
if (ctx->enc)
wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
else
wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
break;
#if defined(WOLFSSL_DES_ECB)
case DES_ECB_TYPE:
wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
break;
case DES_EDE3_ECB_TYPE:
if (ctx->enc)
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
else
wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl);
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
break;
#endif /* WOLFSSL_DES_ECB */
#endif /* !NO_DES3 */
default:
return 0;
}
(void)in;
(void)inl;
(void)out;
return 1;
}
if (ret != 0)
return 0; /* failure */
(void)in;
(void)inl;
(void)out;
return 1; /* success */
}
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,

View File

@ -592,19 +592,21 @@ int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
return BAD_FUNC_ARG;
}
if (additional == NULL && addSz > 0) {
return BAD_FUNC_ARG;
}
/* additional allowed to be 0 */
if (addSz > 0) {
if (additional == NULL)
return BAD_FUNC_ARG;
/* additional data plus padding */
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
return ret;
}
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
if (paddingLen) {
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
/* additional data plus padding */
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
return ret;
}
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
if (paddingLen) {
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
return ret;
}
}
}
/* input plus padding */

View File

@ -368,7 +368,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
out += OUTPUT_BLOCK_LEN;
array_add_one(data, DRBG_SEED_LEN);
}
else if (out != NULL) {
else {
XMEMCPY(out, digest, outSz);
outSz = 0;
}

View File

@ -349,8 +349,9 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
/* Set k = H(N, g) */
r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
for (i = 0; (word32)i < nSz - gSz; i++)
SrpHashUpdate(&hash, &pad, 1);
for (i = 0; (word32)i < nSz - gSz; i++) {
if (!r) r = SrpHashUpdate(&hash, &pad, 1);
}
if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
if (!r) r = SrpHashFinal(&hash, srp->k);

View File

@ -302,8 +302,8 @@ static INLINE void InitTcpReady(tcp_ready* ready)
ready->srfName = NULL;
#ifdef SINGLE_THREADED
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0);
pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0);
#endif
}
@ -1111,6 +1111,7 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
static INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
{
int ret;
long int fileSz;
FILE* file;
if (fname == NULL || buf == NULL || bufLen == NULL)
@ -1128,9 +1129,10 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
}
fseek(file, 0, SEEK_END);
*bufLen = ftell(file);
fileSz = (int)ftell(file);
rewind(file);
if (*bufLen > 0) {
if (fileSz > 0) {
*bufLen = (size_t)fileSz;
*buf = (byte*)malloc(*bufLen);
if (*buf == NULL) {
ret = MEMORY_E;
@ -1738,12 +1740,13 @@ static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
if (ret != 0)
return ret;
wc_ecc_init(&myKey);
ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
wc_ecc_free(&myKey);
ret = wc_ecc_init(&myKey);
if (ret == 0) {
ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
wc_ecc_free(&myKey);
}
wc_FreeRng(&rng);
return ret;
@ -1760,12 +1763,13 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
(void)ssl;
(void)ctx;
wc_ecc_init(&myKey);
ret = wc_ecc_import_x963(key, keySz, &myKey);
if (ret == 0)
ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
wc_ecc_free(&myKey);
ret = wc_ecc_init(&myKey);
if (ret == 0) {
ret = wc_ecc_import_x963(key, keySz, &myKey);
if (ret == 0)
ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
wc_ecc_free(&myKey);
}
return ret;
}
@ -1845,16 +1849,17 @@ static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
if (ret != 0)
return ret;
wc_InitRsaKey(&myKey, NULL);
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) { /* save and convert to 0 success */
*outSz = ret;
ret = 0;
}
wc_FreeRsaKey(&myKey);
}
wc_FreeRsaKey(&myKey);
wc_FreeRng(&rng);
return ret;
@ -1873,12 +1878,13 @@ static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
(void)ssl;
(void)ctx;
wc_InitRsaKey(&myKey, NULL);
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
wc_FreeRsaKey(&myKey);
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
wc_FreeRsaKey(&myKey);
}
return ret;
}
@ -1900,17 +1906,18 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
if (ret != 0)
return ret;
wc_InitRsaKey(&myKey, NULL);
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) {
*outSz = ret;
ret = 0; /* reset to success */
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0) {
ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
if (ret > 0) {
*outSz = ret;
ret = 0; /* reset to success */
}
}
wc_FreeRsaKey(&myKey);
}
wc_FreeRsaKey(&myKey);
wc_FreeRng(&rng);
return ret;
@ -1927,20 +1934,21 @@ static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
(void)ssl;
(void)ctx;
wc_InitRsaKey(&myKey, NULL);
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
#ifdef WC_RSA_BLINDING
ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
if (ret != 0) {
wc_FreeRsaKey(&myKey);
return ret;
}
#endif
ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0) {
#ifdef WC_RSA_BLINDING
ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
if (ret != 0) {
wc_FreeRsaKey(&myKey);
return ret;
}
#endif
ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
}
wc_FreeRsaKey(&myKey);
}
wc_FreeRsaKey(&myKey);
return ret;
}