Merge pull request #886 from dgarske/fixes_coverity2
Fixes for coverity scan (part 2)
This commit is contained in:
commit
27aafd674a
@ -5328,9 +5328,15 @@ int SendBuffered(WOLFSSL* ssl)
|
||||
static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
|
||||
{
|
||||
byte* tmp;
|
||||
#if WOLFSSL_GENERAL_ALIGNMENT > 0
|
||||
byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
|
||||
RECORD_HEADER_SZ;
|
||||
byte align = WOLFSSL_GENERAL_ALIGNMENT;
|
||||
byte align = WOLFSSL_GENERAL_ALIGNMENT;
|
||||
#else
|
||||
const byte align = WOLFSSL_GENERAL_ALIGNMENT;
|
||||
#endif
|
||||
|
||||
#if WOLFSSL_GENERAL_ALIGNMENT > 0
|
||||
/* the encrypted data will be offset from the front of the buffer by
|
||||
the header, if the user wants encrypted alignment they need
|
||||
to define their alignment requirement */
|
||||
@ -5339,14 +5345,19 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
|
||||
while (align < hdrSz)
|
||||
align *= 2;
|
||||
}
|
||||
#endif
|
||||
|
||||
tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align,
|
||||
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
|
||||
tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align,
|
||||
ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
|
||||
WOLFSSL_MSG("growing output buffer\n");
|
||||
|
||||
if (!tmp) return MEMORY_E;
|
||||
if (tmp == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
#if WOLFSSL_GENERAL_ALIGNMENT > 0
|
||||
if (align)
|
||||
tmp += align - hdrSz;
|
||||
#endif
|
||||
|
||||
if (ssl->buffers.outputBuffer.length)
|
||||
XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
|
||||
@ -5357,10 +5368,14 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
|
||||
ssl->buffers.outputBuffer.offset, ssl->heap,
|
||||
DYNAMIC_TYPE_OUT_BUFFER);
|
||||
ssl->buffers.outputBuffer.dynamicFlag = 1;
|
||||
|
||||
#if WOLFSSL_GENERAL_ALIGNMENT > 0
|
||||
if (align)
|
||||
ssl->buffers.outputBuffer.offset = align - hdrSz;
|
||||
else
|
||||
#endif
|
||||
ssl->buffers.outputBuffer.offset = 0;
|
||||
|
||||
ssl->buffers.outputBuffer.buffer = tmp;
|
||||
ssl->buffers.outputBuffer.bufferSize = size +
|
||||
ssl->buffers.outputBuffer.length;
|
||||
@ -5372,8 +5387,14 @@ static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
|
||||
int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
|
||||
{
|
||||
byte* tmp;
|
||||
byte hdrSz = DTLS_RECORD_HEADER_SZ;
|
||||
#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
|
||||
byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0;
|
||||
byte hdrSz = DTLS_RECORD_HEADER_SZ;
|
||||
#else
|
||||
const byte align = WOLFSSL_GENERAL_ALIGNMENT;
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
|
||||
/* the encrypted data will be offset from the front of the buffer by
|
||||
the dtls record header, if the user wants encrypted alignment they need
|
||||
to define their alignment requirement. in tls we read record header
|
||||
@ -5383,19 +5404,24 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
|
||||
while (align < hdrSz)
|
||||
align *= 2;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (usedLength < 0 || size < 0) {
|
||||
WOLFSSL_MSG("GrowInputBuffer() called with negative number");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap,
|
||||
DYNAMIC_TYPE_IN_BUFFER);
|
||||
tmp = (byte*)XMALLOC(size + usedLength + align,
|
||||
ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
|
||||
WOLFSSL_MSG("growing input buffer\n");
|
||||
|
||||
if (!tmp) return MEMORY_E;
|
||||
if (tmp == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
|
||||
if (align)
|
||||
tmp += align - hdrSz;
|
||||
#endif
|
||||
|
||||
if (usedLength)
|
||||
XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
|
||||
@ -5406,10 +5432,13 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
|
||||
ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
|
||||
|
||||
ssl->buffers.inputBuffer.dynamicFlag = 1;
|
||||
#if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
|
||||
if (align)
|
||||
ssl->buffers.inputBuffer.offset = align - hdrSz;
|
||||
else
|
||||
#endif
|
||||
ssl->buffers.inputBuffer.offset = 0;
|
||||
|
||||
ssl->buffers.inputBuffer.buffer = tmp;
|
||||
ssl->buffers.inputBuffer.bufferSize = size + usedLength;
|
||||
ssl->buffers.inputBuffer.idx = 0;
|
||||
@ -6945,16 +6974,14 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
|
||||
ret = ParseCertRelative(args->dCert, CERT_TYPE,
|
||||
!ssl->options.verifyNone, ssl->ctx->cm);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (ret == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPush(ssl,
|
||||
args->dCert->sigCtx.asyncDev,
|
||||
WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (ret == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPush(ssl,
|
||||
args->dCert->sigCtx.asyncDev,
|
||||
WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
goto exit_dc;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef NO_SKID
|
||||
subjectHash = args->dCert->extSubjKeyId;
|
||||
@ -7111,16 +7138,14 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
{ /* only parse if not already present in dCert from above */
|
||||
ret = ParseCertRelative(args->dCert, CERT_TYPE,
|
||||
!ssl->options.verifyNone, ssl->ctx->cm);
|
||||
if (ret != 0) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (ret == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPush(ssl,
|
||||
args->dCert->sigCtx.asyncDev,
|
||||
WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
}
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (ret == WC_PENDING_E) {
|
||||
ret = wolfSSL_AsyncPush(ssl,
|
||||
args->dCert->sigCtx.asyncDev,
|
||||
WC_ASYNC_FLAG_CALL_AGAIN);
|
||||
goto exit_dc;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
@ -16069,11 +16094,6 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Check for error */
|
||||
if (ret != 0) {
|
||||
goto exit_dske;
|
||||
}
|
||||
|
||||
/* Advance state and proceed */
|
||||
ssl->options.asyncState = TLS_ASYNC_END;
|
||||
} /* case TLS_ASYNC_FINALIZE */
|
||||
@ -17286,11 +17306,6 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||
args->inputSz);
|
||||
}
|
||||
|
||||
/* Check for error */
|
||||
if (ret != 0) {
|
||||
goto exit_scke;
|
||||
}
|
||||
|
||||
/* Advance state and proceed */
|
||||
ssl->options.asyncState = TLS_ASYNC_END;
|
||||
} /* case TLS_ASYNC_FINALIZE */
|
||||
@ -19558,11 +19573,6 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Check for error */
|
||||
if (ret != 0) {
|
||||
goto exit_sske;
|
||||
}
|
||||
|
||||
/* Advance state and proceed */
|
||||
ssl->options.asyncState = TLS_ASYNC_END;
|
||||
} /* case TLS_ASYNC_FINALIZE */
|
||||
|
10
src/ocsp.c
10
src/ocsp.c
@ -537,7 +537,6 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
||||
if (cm == NULL)
|
||||
return NULL;
|
||||
|
||||
|
||||
ret = AllocDer(&derCert, issuer->derCert->length,
|
||||
issuer->derCert->type, NULL);
|
||||
if (ret == 0) {
|
||||
@ -556,8 +555,13 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
|
||||
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
certId = NULL;
|
||||
}
|
||||
else
|
||||
InitOcspRequest(certId, &cert, 0, NULL);
|
||||
else {
|
||||
ret = InitOcspRequest(certId, &cert, 0, NULL);
|
||||
if (ret != 0) {
|
||||
XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
certId = NULL;
|
||||
}
|
||||
}
|
||||
FreeDecodedCert(&cert);
|
||||
}
|
||||
|
||||
|
@ -1173,9 +1173,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
|
||||
return -1;
|
||||
}
|
||||
|
||||
ret = (int)XFREAD(loadBuf, fileSz, 1, file);
|
||||
ret = (int)XFREAD(loadBuf, 1, fileSz, file);
|
||||
XFCLOSE(file);
|
||||
|
||||
if (ret != fileSz) {
|
||||
free(loadBuf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (typeKey == SSL_FILETYPE_PEM) {
|
||||
byte* saveBuf = (byte*)malloc(fileSz);
|
||||
int saveBufSz = 0;
|
||||
|
100
src/ssl.c
100
src/ssl.c
@ -4550,9 +4550,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
#ifdef HAVE_ECC
|
||||
/* could have DER ECC (or pkcs8 ecc), no easy way to tell */
|
||||
eccKey = 1; /* so try it out */
|
||||
#else
|
||||
WOLFSSL_MSG("RSA decode failed and ECC not enabled to try");
|
||||
ret = SSL_BAD_FILE;
|
||||
#endif
|
||||
if (!eccKey)
|
||||
ret = SSL_BAD_FILE;
|
||||
} else {
|
||||
/* check that the size of the RSA key is enough */
|
||||
int RsaSz = wc_RsaEncryptSize((RsaKey*)key);
|
||||
@ -5395,12 +5396,12 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
|
||||
}
|
||||
dynamic = 1;
|
||||
}
|
||||
else if (sz < 0) {
|
||||
else if (sz <= 0) {
|
||||
XFCLOSE(file);
|
||||
return SSL_BAD_FILE;
|
||||
}
|
||||
|
||||
if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
|
||||
if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
|
||||
ret = SSL_BAD_FILE;
|
||||
else {
|
||||
if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE)
|
||||
@ -5514,7 +5515,7 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
|
||||
sz = XFTELL(file);
|
||||
XREWIND(file);
|
||||
|
||||
if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) {
|
||||
if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
|
||||
WOLFSSL_MSG("CertManagerVerify file bad size");
|
||||
XFCLOSE(file);
|
||||
return SSL_BAD_FILE;
|
||||
@ -5530,7 +5531,7 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
|
||||
dynamic = 1;
|
||||
}
|
||||
|
||||
if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
|
||||
if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
|
||||
ret = SSL_BAD_FILE;
|
||||
else
|
||||
ret = wolfSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
|
||||
@ -5829,7 +5830,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
|
||||
sz = XFTELL(file);
|
||||
XREWIND(file);
|
||||
|
||||
if (sz < 0) {
|
||||
if (sz <= 0) {
|
||||
ret = SSL_BAD_FILE;
|
||||
}
|
||||
else if (sz > (long)sizeof(staticBuffer)) {
|
||||
@ -5845,7 +5846,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) {
|
||||
if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) {
|
||||
ret = SSL_BAD_FILE;
|
||||
}
|
||||
else {
|
||||
@ -5915,7 +5916,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
|
||||
sz = XFTELL(file);
|
||||
XREWIND(file);
|
||||
|
||||
if (sz < 0) {
|
||||
if (sz <= 0) {
|
||||
ret = SSL_BAD_FILE;
|
||||
}
|
||||
else if (sz > (long)sizeof(staticBuffer)) {
|
||||
@ -5930,7 +5931,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
|
||||
dynamic = 1;
|
||||
}
|
||||
if (ret == 0) {
|
||||
if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
|
||||
if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz)
|
||||
ret = SSL_BAD_FILE;
|
||||
else
|
||||
ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted,
|
||||
@ -6082,12 +6083,12 @@ static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
|
||||
}
|
||||
dynamic = 1;
|
||||
}
|
||||
else if (sz < 0) {
|
||||
else if (sz <= 0) {
|
||||
XFCLOSE(file);
|
||||
return SSL_BAD_FILE;
|
||||
}
|
||||
|
||||
if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
|
||||
if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
|
||||
ret = SSL_BAD_FILE;
|
||||
else {
|
||||
if (ssl)
|
||||
@ -7873,6 +7874,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
|
||||
int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
const byte* secret, word32 secretSz)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_DTLS_SetCookieSecret");
|
||||
|
||||
if (ssl == NULL) {
|
||||
@ -7911,14 +7914,15 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
|
||||
}
|
||||
|
||||
/* If the supplied secret is NULL, randomly generate a new secret. */
|
||||
if (secret == NULL)
|
||||
wc_RNG_GenerateBlock(ssl->rng,
|
||||
if (secret == NULL) {
|
||||
ret = wc_RNG_GenerateBlock(ssl->rng,
|
||||
ssl->buffers.dtlsCookieSecret.buffer, secretSz);
|
||||
}
|
||||
else
|
||||
XMEMCPY(ssl->buffers.dtlsCookieSecret.buffer, secret, secretSz);
|
||||
|
||||
WOLFSSL_LEAVE("wolfSSL_DTLS_SetCookieSecret", 0);
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
|
||||
@ -12099,14 +12103,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
else
|
||||
wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
|
||||
break;
|
||||
#ifdef WOLFSSL_DES_ECB
|
||||
case DES_ECB_TYPE :
|
||||
if (ctx->enc)
|
||||
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
|
||||
else
|
||||
ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len);
|
||||
break;
|
||||
#endif
|
||||
case DES_EDE3_CBC_TYPE :
|
||||
if (ctx->enc)
|
||||
ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
|
||||
@ -12114,14 +12110,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
|
||||
break;
|
||||
#ifdef WOLFSSL_DES_ECB
|
||||
case DES_EDE3_ECB_TYPE :
|
||||
if (ctx->enc)
|
||||
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
|
||||
else
|
||||
ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len);
|
||||
case DES_ECB_TYPE :
|
||||
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
|
||||
break;
|
||||
case DES_EDE3_ECB_TYPE :
|
||||
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif /* !NO_DES3 */
|
||||
|
||||
#ifndef NO_RC4
|
||||
case ARC4_TYPE :
|
||||
@ -12149,7 +12145,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
|
||||
return 0; /* failuer */
|
||||
return 0; /* failure */
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("wolfSSL_EVP_Cipher success");
|
||||
@ -13614,8 +13610,8 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
|
||||
|
||||
fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
|
||||
if (fileBuffer != NULL) {
|
||||
int ret = (int)XFREAD(fileBuffer, sz, 1, file);
|
||||
if (ret > 0) {
|
||||
int ret = (int)XFREAD(fileBuffer, 1, sz, file);
|
||||
if (ret == sz) {
|
||||
newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
|
||||
}
|
||||
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
|
||||
@ -13671,8 +13667,8 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = (int)XFREAD(fileBuffer, sz, 1, file);
|
||||
if (ret < 0) {
|
||||
ret = (int)XFREAD(fileBuffer, 1, sz, file);
|
||||
if (ret != sz) {
|
||||
XFCLOSE(file);
|
||||
if (dynamic)
|
||||
XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
|
||||
@ -15909,7 +15905,7 @@ WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx)
|
||||
WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_value");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
WOLFSSL_API void ERR_load_SSL_strings(void)
|
||||
{
|
||||
|
||||
@ -16340,16 +16336,9 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
|
||||
WOLFSSL_MSG("wc_Des_SetKey return error.");
|
||||
return;
|
||||
}
|
||||
if (enc){
|
||||
if (wc_Des_EcbEncrypt(&myDes, (byte*) desb,
|
||||
(const byte*) desa, sizeof(WOLFSSL_DES_cblock)) != 0){
|
||||
WOLFSSL_MSG("wc_Des_EcbEncrpyt return error.");
|
||||
}
|
||||
} else {
|
||||
if (wc_Des_EcbDecrypt(&myDes, (byte*) desb,
|
||||
(const byte*) desa, sizeof(WOLFSSL_DES_cblock)) != 0){
|
||||
WOLFSSL_MSG("wc_Des_EcbDecrpyt return error.");
|
||||
}
|
||||
if (wc_Des_EcbEncrypt(&myDes, (byte*) desb,
|
||||
(const byte*)desa, sizeof(WOLFSSL_DES_cblock)) != 0){
|
||||
WOLFSSL_MSG("wc_Des_EcbEncrypt return error.");
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -16772,7 +16761,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
|
||||
byte* myBuffer = staticBuffer;
|
||||
int dynamic = 0;
|
||||
XFILE file = XBADFILE;
|
||||
long sz = 0;
|
||||
size_t sz = 0;
|
||||
int eccKey = 0;
|
||||
WOLFSSL_CTX* ctx = ssl->ctx;
|
||||
WOLFSSL_X509* peer_cert = &ssl->peerCert;
|
||||
@ -16806,7 +16795,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
|
||||
|
||||
if ((myBuffer != NULL) &&
|
||||
(sz > 0) &&
|
||||
(XFREAD(myBuffer, sz, 1, file) > 0) &&
|
||||
(XFREAD(myBuffer, 1, sz, file) == sz) &&
|
||||
(PemToDer(myBuffer, sz, CERT_TYPE,
|
||||
&fileDer, ctx->heap, info, &eccKey) == 0) &&
|
||||
(fileDer->length != 0) &&
|
||||
@ -17063,8 +17052,13 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
|
||||
|
||||
if (bn_one == NULL) {
|
||||
bn_one = wolfSSL_BN_new();
|
||||
if (bn_one)
|
||||
mp_set_int((mp_int*)bn_one->internal, 1);
|
||||
if (bn_one) {
|
||||
if (mp_set_int((mp_int*)bn_one->internal, 1) != MP_OKAY) {
|
||||
/* handle error by freeing BN and returning NULL */
|
||||
wolfSSL_BN_free(bn_one);
|
||||
bn_one = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return bn_one;
|
||||
@ -22161,22 +22155,22 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
|
||||
int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
|
||||
#ifndef NO_FILESYSTEM
|
||||
XFILE fp;
|
||||
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_BIO_new_file");
|
||||
|
||||
if ((wolfSSL_BIO_get_fp(b, &fp) == SSL_SUCCESS) && (fp != NULL))
|
||||
{
|
||||
XFCLOSE(fp);
|
||||
}
|
||||
|
||||
|
||||
fp = XFOPEN(name, "r");
|
||||
if (fp == NULL)
|
||||
return SSL_BAD_FILE;
|
||||
|
||||
|
||||
if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != SSL_SUCCESS) {
|
||||
return SSL_BAD_FILE;
|
||||
}
|
||||
|
||||
|
||||
return SSL_SUCCESS;
|
||||
#else
|
||||
(void)name;
|
||||
|
@ -1648,7 +1648,7 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
|
||||
int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
|
||||
void* heap)
|
||||
{
|
||||
TLSX* extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
|
||||
TLSX* extension;
|
||||
SNI* sni = NULL;
|
||||
|
||||
if (extensions == NULL || data == NULL)
|
||||
@ -1657,6 +1657,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size,
|
||||
if ((sni = TLSX_SNI_New(type, data, size, heap)) == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
extension = TLSX_Find(*extensions, TLSX_SERVER_NAME);
|
||||
if (!extension) {
|
||||
int ret = TLSX_Push(extensions, TLSX_SERVER_NAME, (void*)sni, heap);
|
||||
if (ret != 0) {
|
||||
@ -1698,7 +1699,8 @@ word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
|
||||
if (sni && sni->status != WOLFSSL_SNI_NO_MATCH) {
|
||||
switch (sni->type) {
|
||||
case WOLFSSL_SNI_HOST_NAME:
|
||||
*data = sni->data.host_name;
|
||||
if (data)
|
||||
*data = sni->data.host_name;
|
||||
return (word16)XSTRLEN((char*)*data);
|
||||
}
|
||||
}
|
||||
@ -3175,7 +3177,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
||||
|
||||
int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
|
||||
{
|
||||
TLSX* extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
|
||||
TLSX* extension;
|
||||
EllipticCurve* curve = NULL;
|
||||
int ret = 0;
|
||||
|
||||
@ -3185,6 +3187,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
|
||||
if ((ret = TLSX_EllipticCurve_Append(&curve, name, heap)) != 0)
|
||||
return ret;
|
||||
|
||||
extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS);
|
||||
if (!extension) {
|
||||
if ((ret = TLSX_Push(extensions, TLSX_SUPPORTED_GROUPS, curve, heap))
|
||||
!= 0) {
|
||||
|
@ -347,8 +347,9 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
|
||||
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, 0));
|
||||
|
||||
/* invalid ca file */
|
||||
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
|
||||
AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
|
||||
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
|
||||
AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
|
||||
|
||||
|
||||
#ifndef WOLFSSL_TIRTOS
|
||||
/* invalid path */
|
||||
@ -3060,7 +3061,7 @@ static void test_wolfSSL_DES_ecb_encrypt(void)
|
||||
|
||||
/* Decrypt messages */
|
||||
int ret1 = 0;
|
||||
int ret2 = 0;
|
||||
int ret2 = 0;
|
||||
wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
|
||||
ret1 = memcmp((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
|
||||
AssertIntEQ(ret1,0);
|
||||
|
@ -1322,7 +1322,11 @@ void bench_poly1305()
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
for (i = 0; i < numBlocks; i++) {
|
||||
wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE);
|
||||
ret = wc_Poly1305Update(&enc, bench_plain, BENCH_SIZE);
|
||||
if (ret != 0) {
|
||||
printf("Poly1305Update failed: %d\n", ret);
|
||||
break;
|
||||
}
|
||||
}
|
||||
wc_Poly1305Final(&enc, mac);
|
||||
count += i;
|
||||
@ -2121,14 +2125,14 @@ void bench_cmac(void)
|
||||
double start;
|
||||
int ret, i, count;
|
||||
|
||||
ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL);
|
||||
if (ret != 0) {
|
||||
printf("InitCmac failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
ret = wc_InitCmac(&cmac, bench_key, 16, WC_CMAC_AES, NULL);
|
||||
if (ret != 0) {
|
||||
printf("InitCmac failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
|
||||
for (i = 0; i < numBlocks; i++) {
|
||||
ret = wc_CmacUpdate(&cmac, bench_plain, BENCH_SIZE);
|
||||
if (ret != 0) {
|
||||
@ -2136,6 +2140,7 @@ void bench_cmac(void)
|
||||
return;
|
||||
}
|
||||
}
|
||||
/* Note: final force zero's the Cmac struct */
|
||||
ret = wc_CmacFinal(&cmac, digest, &digestSz);
|
||||
if (ret != 0) {
|
||||
printf("CmacFinal failed, ret = %d\n", ret);
|
||||
@ -2292,7 +2297,9 @@ void bench_rsa(int doAsync)
|
||||
}
|
||||
|
||||
#ifdef WC_RSA_BLINDING
|
||||
wc_RsaSetRNG(&rsaKey[i], &rng);
|
||||
ret = wc_RsaSetRNG(&rsaKey[i], &rng);
|
||||
if (ret != 0)
|
||||
goto exit;
|
||||
#endif
|
||||
|
||||
/* decode the private key */
|
||||
@ -3025,11 +3032,24 @@ void bench_eccEncrypt(void)
|
||||
int ret, i, count;
|
||||
double start;
|
||||
|
||||
wc_ecc_init_ex(&userA, HEAP_HINT, devId);
|
||||
ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
printf("wc_ecc_encrypt make key A failed: %d\n", ret);
|
||||
return;
|
||||
}
|
||||
wc_ecc_init_ex(&userB, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
printf("wc_ecc_encrypt make key B failed: %d\n", ret);
|
||||
wc_ecc_free(&userA);
|
||||
return;
|
||||
}
|
||||
|
||||
wc_ecc_make_key(&rng, keySize, &userA);
|
||||
wc_ecc_make_key(&rng, keySize, &userB);
|
||||
ret = wc_ecc_make_key(&rng, keySize, &userA);
|
||||
if (ret != 0)
|
||||
goto exit;
|
||||
ret = wc_ecc_make_key(&rng, keySize, &userB);
|
||||
if (ret != 0)
|
||||
goto exit;
|
||||
|
||||
for (i = 0; i < (int)sizeof(msg); i++)
|
||||
msg[i] = i;
|
||||
@ -3064,6 +3084,12 @@ exit_enc:
|
||||
exit_dec:
|
||||
bench_stats_asym_finish("ECC", keySize * 8, "decrypt", 0, count, start);
|
||||
|
||||
exit:
|
||||
|
||||
if (ret != 0) {
|
||||
printf("bench_eccEncrypt failed! %d\n", ret);
|
||||
}
|
||||
|
||||
/* cleanup */
|
||||
wc_ecc_free(&userB);
|
||||
wc_ecc_free(&userA);
|
||||
@ -3076,14 +3102,18 @@ void bench_curve25519KeyGen(void)
|
||||
{
|
||||
curve25519_key genKey;
|
||||
double start;
|
||||
int i, count;
|
||||
int ret, i, count;
|
||||
|
||||
/* Key Gen */
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
for (i = 0; i < genTimes; i++) {
|
||||
wc_curve25519_make_key(&rng, 32, &genKey);
|
||||
ret = wc_curve25519_make_key(&rng, 32, &genKey);
|
||||
wc_curve25519_free(&genKey);
|
||||
if (ret != 0) {
|
||||
printf("wc_curve25519_make_key failed: %d\n", ret);
|
||||
break;
|
||||
}
|
||||
}
|
||||
count += i;
|
||||
} while (bench_stats_sym_check(start));
|
||||
@ -3109,7 +3139,8 @@ void bench_curve25519KeyAgree(void)
|
||||
}
|
||||
ret = wc_curve25519_make_key(&rng, 32, &genKey2);
|
||||
if (ret != 0) {
|
||||
printf("curve25519_make_key failed\n");
|
||||
printf("curve25519_make_key failed: %d\n", ret);
|
||||
wc_curve25519_free(&genKey);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -3120,7 +3151,7 @@ void bench_curve25519KeyAgree(void)
|
||||
x = sizeof(shared);
|
||||
ret = wc_curve25519_shared_secret(&genKey, &genKey2, shared, &x);
|
||||
if (ret != 0) {
|
||||
printf("curve25519_shared_secret failed\n");
|
||||
printf("curve25519_shared_secret failed: %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -2372,56 +2372,63 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
int* algoID, void* heap)
|
||||
{
|
||||
word32 tmpIdx = 0;
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#ifdef HAVE_ECC
|
||||
ecc_key ecc;
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
RsaKey rsa;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (algoID == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
*algoID = 0;
|
||||
|
||||
#ifndef NO_RSA
|
||||
wc_InitRsaKey(&rsa, heap);
|
||||
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) {
|
||||
*algoID = RSAk;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not RSA DER key");
|
||||
}
|
||||
wc_FreeRsaKey(&rsa);
|
||||
#endif /* NO_RSA */
|
||||
#ifdef HAVE_ECC
|
||||
if (*algoID != RSAk) {
|
||||
tmpIdx = 0;
|
||||
wc_ecc_init_ex(&ecc, heap, INVALID_DEVID);
|
||||
if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {
|
||||
*algoID = ECDSAk;
|
||||
|
||||
/* sanity check on arguments */
|
||||
if (curveOID == NULL || oidSz == NULL) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(&ecc);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* now find oid */
|
||||
if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(&ecc);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
#ifndef NO_RSA
|
||||
if (wc_InitRsaKey(&rsa, heap) == 0) {
|
||||
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) {
|
||||
*algoID = RSAk;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not ECC DER key either");
|
||||
WOLFSSL_MSG("Not RSA DER key");
|
||||
}
|
||||
wc_ecc_free(&ecc);
|
||||
wc_FreeRsaKey(&rsa);
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
else {
|
||||
WOLFSSL_MSG("GetKeyOID wc_InitRsaKey failed");
|
||||
}
|
||||
#endif /* NO_RSA */
|
||||
#ifdef HAVE_ECC
|
||||
if (*algoID != RSAk) {
|
||||
tmpIdx = 0;
|
||||
if (wc_ecc_init_ex(&ecc, heap, INVALID_DEVID) == 0) {
|
||||
if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {
|
||||
*algoID = ECDSAk;
|
||||
|
||||
/* sanity check on arguments */
|
||||
if (curveOID == NULL || oidSz == NULL) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(&ecc);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* now find oid */
|
||||
if (wc_ecc_get_oid(ecc.dp->oidSum, curveOID, oidSz) < 0) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(&ecc);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not ECC DER key either");
|
||||
}
|
||||
wc_ecc_free(&ecc);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("GetKeyOID wc_ecc_init_ex failed");
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
/* if flag is not set then is neither RSA or ECC key that could be
|
||||
* found */
|
||||
@ -6405,9 +6412,13 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
|
||||
|
||||
/* extra header information for encrypted key */
|
||||
if (cipher_info != NULL) {
|
||||
size_t cipherInfoStrLen = XSTRLEN((char*)cipher_info);
|
||||
if (cipherInfoStrLen > HEADER_ENCRYPTED_KEY_SIZE - (23+10+2))
|
||||
cipherInfoStrLen = HEADER_ENCRYPTED_KEY_SIZE - (23+10+2);
|
||||
|
||||
XSTRNCAT(header, "Proc-Type: 4,ENCRYPTED\n", 23);
|
||||
XSTRNCAT(header, "DEK-Info: ", 10);
|
||||
XSTRNCAT(header, (char*)cipher_info, XSTRLEN((char*)cipher_info));
|
||||
XSTRNCAT(header, (char*)cipher_info, cipherInfoStrLen);
|
||||
XSTRNCAT(header, "\n\n", 2);
|
||||
}
|
||||
|
||||
@ -7438,27 +7449,26 @@ static int SetAKID(byte* output, word32 outSz,
|
||||
{
|
||||
byte *enc_val;
|
||||
int ret, enc_valSz;
|
||||
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04};
|
||||
static const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04 };
|
||||
static const byte akid_cs[] = { 0x80 };
|
||||
|
||||
if (output == NULL || input == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
enc_val = (byte *)XMALLOC(length+3+sizeof(akid_cs), heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
enc_valSz = length + 3 + sizeof(akid_cs);
|
||||
enc_val = (byte *)XMALLOC(enc_valSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (enc_val == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
/* sequence for ContentSpec & value */
|
||||
enc_valSz = SetOidValue(enc_val, length+3+sizeof(akid_cs),
|
||||
akid_cs, sizeof(akid_cs), input, length);
|
||||
if (enc_valSz == 0) {
|
||||
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return 0;
|
||||
}
|
||||
ret = SetOidValue(enc_val, enc_valSz, akid_cs, sizeof(akid_cs),
|
||||
input, length);
|
||||
if (ret > 0) {
|
||||
enc_valSz = ret;
|
||||
|
||||
ret = SetOidValue(output, outSz, akid_oid,
|
||||
sizeof(akid_oid), enc_val, enc_valSz);
|
||||
ret = SetOidValue(output, outSz, akid_oid, sizeof(akid_oid),
|
||||
enc_val, enc_valSz);
|
||||
}
|
||||
|
||||
XFREE(enc_val, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
@ -7921,7 +7931,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
/* SKID */
|
||||
if (cert->skidSz) {
|
||||
/* check the provided SKID size */
|
||||
if (cert->skidSz > (int)sizeof(cert->skid))
|
||||
if (cert->skidSz > (int)sizeof(der->skid))
|
||||
return SKID_E;
|
||||
|
||||
/* Note: different skid buffers sizes for der (MAX_KID_SZ) and
|
||||
|
@ -1864,6 +1864,10 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
|
||||
err = mp_copy(P->y, y);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(P->z, z);
|
||||
|
||||
if (err != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
#else
|
||||
/* Use destination directly */
|
||||
x = P->x;
|
||||
@ -1871,10 +1875,6 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
|
||||
z = P->z;
|
||||
#endif
|
||||
|
||||
if (err != MP_OKAY) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* first map z back to normal */
|
||||
err = mp_montgomery_reduce(z, modulus, mp);
|
||||
|
||||
@ -1913,10 +1913,11 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp)
|
||||
err = mp_copy(y, P->y);
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(z, P->z);
|
||||
#endif
|
||||
|
||||
done:
|
||||
/* clean up */
|
||||
#endif
|
||||
|
||||
/* clean up */
|
||||
mp_clear(&t1);
|
||||
mp_clear(&t2);
|
||||
|
||||
@ -6132,8 +6133,6 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp,
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
for (y = 0; y < (1UL<<FP_LUT); y++) {
|
||||
if (err != MP_OKAY)
|
||||
break;
|
||||
if (lut_orders[y].ham != (int)x) continue;
|
||||
|
||||
/* perform the add */
|
||||
|
@ -172,15 +172,17 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
unsigned char *out,
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
switch (ctx->cipherType) {
|
||||
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
|
||||
case AES_128_CBC_TYPE:
|
||||
case AES_192_CBC_TYPE:
|
||||
case AES_256_CBC_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
|
||||
ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
|
||||
else
|
||||
wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
|
||||
ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
|
||||
break;
|
||||
#endif
|
||||
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
|
||||
@ -198,43 +200,45 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
case AES_192_ECB_TYPE:
|
||||
case AES_256_ECB_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
|
||||
ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
|
||||
else
|
||||
wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
|
||||
ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_DES3
|
||||
case DES_CBC_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
|
||||
ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
|
||||
else
|
||||
wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
|
||||
ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
|
||||
break;
|
||||
case DES_EDE3_CBC_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
else
|
||||
wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
|
||||
ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
|
||||
break;
|
||||
#if defined(WOLFSSL_DES_ECB)
|
||||
case DES_ECB_TYPE:
|
||||
wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
|
||||
ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
|
||||
break;
|
||||
case DES_EDE3_ECB_TYPE:
|
||||
if (ctx->enc)
|
||||
wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
else
|
||||
wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl);
|
||||
ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
|
||||
break;
|
||||
#endif /* WOLFSSL_DES_ECB */
|
||||
#endif /* !NO_DES3 */
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
(void)in;
|
||||
(void)inl;
|
||||
(void)out;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (ret != 0)
|
||||
return 0; /* failure */
|
||||
|
||||
(void)in;
|
||||
(void)inl;
|
||||
(void)out;
|
||||
|
||||
return 1; /* success */
|
||||
}
|
||||
|
||||
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
|
||||
|
@ -592,19 +592,21 @@ int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (additional == NULL && addSz > 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
/* additional allowed to be 0 */
|
||||
if (addSz > 0) {
|
||||
if (additional == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* additional data plus padding */
|
||||
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
|
||||
if (paddingLen) {
|
||||
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
|
||||
/* additional data plus padding */
|
||||
if ((ret = wc_Poly1305Update(ctx, additional, addSz)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
paddingLen = -((int)addSz) & (WC_POLY1305_PAD_SZ - 1);
|
||||
if (paddingLen) {
|
||||
if ((ret = wc_Poly1305Update(ctx, padding, paddingLen)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* input plus padding */
|
||||
|
@ -368,7 +368,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
out += OUTPUT_BLOCK_LEN;
|
||||
array_add_one(data, DRBG_SEED_LEN);
|
||||
}
|
||||
else if (out != NULL) {
|
||||
else {
|
||||
XMEMCPY(out, digest, outSz);
|
||||
outSz = 0;
|
||||
}
|
||||
|
@ -349,8 +349,9 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
|
||||
/* Set k = H(N, g) */
|
||||
r = SrpHashInit(&hash, srp->type);
|
||||
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
|
||||
for (i = 0; (word32)i < nSz - gSz; i++)
|
||||
SrpHashUpdate(&hash, &pad, 1);
|
||||
for (i = 0; (word32)i < nSz - gSz; i++) {
|
||||
if (!r) r = SrpHashUpdate(&hash, &pad, 1);
|
||||
}
|
||||
if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
|
||||
if (!r) r = SrpHashFinal(&hash, srp->k);
|
||||
|
||||
|
110
wolfssl/test.h
110
wolfssl/test.h
@ -302,8 +302,8 @@ static INLINE void InitTcpReady(tcp_ready* ready)
|
||||
ready->srfName = NULL;
|
||||
#ifdef SINGLE_THREADED
|
||||
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
|
||||
pthread_mutex_init(&ready->mutex, 0);
|
||||
pthread_cond_init(&ready->cond, 0);
|
||||
pthread_mutex_init(&ready->mutex, 0);
|
||||
pthread_cond_init(&ready->cond, 0);
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -1111,6 +1111,7 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
||||
static INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
|
||||
{
|
||||
int ret;
|
||||
long int fileSz;
|
||||
FILE* file;
|
||||
|
||||
if (fname == NULL || buf == NULL || bufLen == NULL)
|
||||
@ -1128,9 +1129,10 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
|
||||
}
|
||||
|
||||
fseek(file, 0, SEEK_END);
|
||||
*bufLen = ftell(file);
|
||||
fileSz = (int)ftell(file);
|
||||
rewind(file);
|
||||
if (*bufLen > 0) {
|
||||
if (fileSz > 0) {
|
||||
*bufLen = (size_t)fileSz;
|
||||
*buf = (byte*)malloc(*bufLen);
|
||||
if (*buf == NULL) {
|
||||
ret = MEMORY_E;
|
||||
@ -1738,12 +1740,13 @@ static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
wc_ecc_init(&myKey);
|
||||
|
||||
ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
|
||||
wc_ecc_free(&myKey);
|
||||
ret = wc_ecc_init(&myKey);
|
||||
if (ret == 0) {
|
||||
ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
|
||||
wc_ecc_free(&myKey);
|
||||
}
|
||||
wc_FreeRng(&rng);
|
||||
|
||||
return ret;
|
||||
@ -1760,12 +1763,13 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
|
||||
(void)ssl;
|
||||
(void)ctx;
|
||||
|
||||
wc_ecc_init(&myKey);
|
||||
|
||||
ret = wc_ecc_import_x963(key, keySz, &myKey);
|
||||
if (ret == 0)
|
||||
ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
|
||||
wc_ecc_free(&myKey);
|
||||
ret = wc_ecc_init(&myKey);
|
||||
if (ret == 0) {
|
||||
ret = wc_ecc_import_x963(key, keySz, &myKey);
|
||||
if (ret == 0)
|
||||
ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
|
||||
wc_ecc_free(&myKey);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -1845,16 +1849,17 @@ static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
wc_InitRsaKey(&myKey, NULL);
|
||||
|
||||
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
|
||||
if (ret > 0) { /* save and convert to 0 success */
|
||||
*outSz = ret;
|
||||
ret = 0;
|
||||
ret = wc_InitRsaKey(&myKey, NULL);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
|
||||
if (ret > 0) { /* save and convert to 0 success */
|
||||
*outSz = ret;
|
||||
ret = 0;
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
wc_FreeRng(&rng);
|
||||
|
||||
return ret;
|
||||
@ -1873,12 +1878,13 @@ static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
|
||||
(void)ssl;
|
||||
(void)ctx;
|
||||
|
||||
wc_InitRsaKey(&myKey, NULL);
|
||||
|
||||
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
|
||||
wc_FreeRsaKey(&myKey);
|
||||
ret = wc_InitRsaKey(&myKey, NULL);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0)
|
||||
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
|
||||
wc_FreeRsaKey(&myKey);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -1900,17 +1906,18 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
wc_InitRsaKey(&myKey, NULL);
|
||||
|
||||
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
|
||||
ret = wc_InitRsaKey(&myKey, NULL);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
|
||||
if (ret > 0) {
|
||||
*outSz = ret;
|
||||
ret = 0; /* reset to success */
|
||||
ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0) {
|
||||
ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
|
||||
if (ret > 0) {
|
||||
*outSz = ret;
|
||||
ret = 0; /* reset to success */
|
||||
}
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
wc_FreeRng(&rng);
|
||||
|
||||
return ret;
|
||||
@ -1927,20 +1934,21 @@ static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
|
||||
(void)ssl;
|
||||
(void)ctx;
|
||||
|
||||
wc_InitRsaKey(&myKey, NULL);
|
||||
|
||||
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
ret = wc_InitRsaKey(&myKey, NULL);
|
||||
if (ret == 0) {
|
||||
#ifdef WC_RSA_BLINDING
|
||||
ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
|
||||
if (ret != 0) {
|
||||
wc_FreeRsaKey(&myKey);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
|
||||
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
|
||||
if (ret == 0) {
|
||||
#ifdef WC_RSA_BLINDING
|
||||
ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
|
||||
if (ret != 0) {
|
||||
wc_FreeRsaKey(&myKey);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
}
|
||||
wc_FreeRsaKey(&myKey);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user