diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 43eafea04..a9f7518a8 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -760,8 +760,8 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz) { word32 inOutIdx = 0, oid; - int first, second, length, iterations, saltSz, id; - int version; + int first, second, length, version, saltSz, id; + int iterations = 0; byte salt[MAX_SALT_SIZE]; byte cbcIv[MAX_IV_SIZE]; @@ -1375,6 +1375,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->srcIdx += 2; id = cert->source[cert->srcIdx++]; b = cert->source[cert->srcIdx++]; /* strType */ + (void)b; /* may want to validate? */ if (GetLength(cert->source, &cert->srcIdx, &strLen, cert->maxIdx) < 0) diff --git a/ctaocrypt/src/integer.c b/ctaocrypt/src/integer.c index 72f443ffc..3bf4e7545 100644 --- a/ctaocrypt/src/integer.c +++ b/ctaocrypt/src/integer.c @@ -116,6 +116,9 @@ mp_clear (mp_int * a) { int i; + if (a == NULL) + return; + /* only do anything if a hasn't been freed previously */ if (a->dp != NULL) { /* first zero the digits */ diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index d493bfa31..3b5e2d134 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -236,6 +236,16 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, mp_int B1; if (hashType == MD5) { + Md5 md5; + + InitMd5(&md5); + Md5Update(&md5, buffer, totalLen); + Md5Final(&md5, Ai); + + for (i = 1; i < iterations; i++) { + Md5Update(&md5, Ai, u); + Md5Final(&md5, Ai); + } } else if (hashType == SHA) { Sha sha; @@ -251,10 +261,30 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, } #ifndef NO_SHA256 else if (hashType == SHA256) { + Sha256 sha256; + + InitSha256(&sha256); + Sha256Update(&sha256, buffer, totalLen); + Sha256Final(&sha256, Ai); + + for (i = 1; i < iterations; i++) { + Sha256Update(&sha256, Ai, u); + Sha256Final(&sha256, Ai); + } } #endif #ifdef CYASSL_SHA512 else if (hashType == SHA512) { + Sha512 sha512; + + InitSha512(&sha512); + Sha512Update(&sha512, buffer, totalLen); + Sha512Final(&sha512, Ai); + + for (i = 1; i < iterations; i++) { + Sha512Update(&sha512, Ai, u); + Sha512Final(&sha512, Ai); + } } #endif diff --git a/ctaocrypt/src/rabbit.c b/ctaocrypt/src/rabbit.c index 79f5b3e92..008dffe2e 100644 --- a/ctaocrypt/src/rabbit.c +++ b/ctaocrypt/src/rabbit.c @@ -210,7 +210,7 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen) U32V(ctx->workCtx.x[1]<<16)); /* Increment pointers and decrement length */ - input += 16; + input += 16; output += 16; msglen -= 16; } @@ -219,25 +219,25 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen) if (msglen) { word32 i; - word32 tmp[4]; - byte* buffer = (byte*)tmp; + byte buffer[16]; /* Iterate the system */ RABBIT_next_state(&(ctx->workCtx)); /* Generate 16 bytes of pseudo-random data */ - tmp[0] = LITTLE32(ctx->workCtx.x[0] ^ + *(word32*)(buffer+ 0) = LITTLE32(ctx->workCtx.x[0] ^ (ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16)); - tmp[1] = LITTLE32(ctx->workCtx.x[2] ^ + *(word32*)(buffer+ 4) = LITTLE32(ctx->workCtx.x[2] ^ (ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16)); - tmp[2] = LITTLE32(ctx->workCtx.x[4] ^ + *(word32*)(buffer+ 8) = LITTLE32(ctx->workCtx.x[4] ^ (ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16)); - tmp[3] = LITTLE32(ctx->workCtx.x[6] ^ + *(word32*)(buffer+12) = LITTLE32(ctx->workCtx.x[6] ^ (ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16)); /* Encrypt/decrypt the data */ for (i=0; i - #define XMALLOC(s, h, t) CyaSSL_Malloc((s)) + #define XMALLOC(s, h, t) ((void)h, (void)t, CyaSSL_Malloc((s))) #define XFREE(p, h, t) {void* xp = (p); if((xp)) CyaSSL_Free((xp));} #define XREALLOC(p, n, h, t) CyaSSL_Realloc((p), (n)) #endif diff --git a/src/internal.c b/src/internal.c index 7ed29d6af..0b7a51ef6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -449,7 +449,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, (void)havePSK; (void)haveNTRU; (void)haveStaticECC; - (void)haveRSAsig; if (suites->setSuites) return; /* trust user settings, don't override */ @@ -457,8 +456,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, if (side == SERVER_END && haveStaticECC) haveRSA = 0; /* can't do RSA with ECDSA key */ - if (side == SERVER_END && haveECDSAsig) - haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ + if (side == SERVER_END && haveECDSAsig) { + haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ + (void)haveRSAsig; /* non ecc builds won't read */ + } #ifdef CYASSL_DTLS if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR) @@ -3349,7 +3350,8 @@ int SendCertificate(CYASSL* ssl) if (ssl->buffers.certChain.buffer) { XMEMCPY(output + i, ssl->buffers.certChain.buffer, ssl->buffers.certChain.length); - i += ssl->buffers.certChain.length; + /* if add more to output adjust i + i += ssl->buffers.certChain.length; */ } } HashOutput(ssl, output, sendSz, 0); @@ -3418,7 +3420,8 @@ int SendCertificateRequest(CYASSL* ssl) } c16toa(0, &output[i]); /* auth's */ - i += REQ_HEADER_SZ; + /* if add more to output, adjust i + i += REQ_HEADER_SZ; */ HashOutput(ssl, output, sendSz, 0); @@ -5259,7 +5262,8 @@ int SetCipherList(Suites* s, const char* list) idx += 2; } XMEMCPY(output + idx, encSecret, encSz); - idx += encSz; + /* if add more to output, adjust idx + idx += encSz; */ HashOutput(ssl, output, sendSz, 0); diff --git a/src/keys.c b/src/keys.c index 0e4bc0474..c752e2cda 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1103,7 +1103,6 @@ int DeriveKeys(CYASSL* ssl) XMEMCPY(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN); idx += RAN_LEN; XMEMCPY(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN); - idx += RAN_LEN; ShaUpdate(&sha, shaInput, sizeof(shaInput) - KEY_PREFIX + j); ShaFinal(&sha, shaOutput); diff --git a/src/ssl.c b/src/ssl.c index 28c5f0cc4..5e938374c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -722,7 +722,6 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) (void)heap; (void)dynamicType; - (void)pkcs8Enc; if (type == CERT_TYPE || type == CA_TYPE) { XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header)); @@ -759,8 +758,10 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) sizeof(footer)); headerEnd = XSTRNSTR((char*)buff, header, sz); - if (headerEnd) + if (headerEnd) { pkcs8Enc = 1; + (void)pkcs8Enc; /* only opensslextra will read */ + } } } if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */ @@ -936,7 +937,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) CYASSL_MSG("Growing Tmp Chain Buffer"); bufferSz = sz - consumed; /* will shrink to actual size */ chainBuffer = (byte*)XMALLOC(bufferSz, ctx->heap, - DYNAMIC_FILE_TYPE); + DYNAMIC_TYPE_FILE); if (chainBuffer == NULL) { XFREE(der.buffer, ctx->heap, dynamicType); return MEMORY_E; @@ -1386,6 +1387,7 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff, CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer"); der.buffer = NULL; + der.length = 0; if (format == SSL_FILETYPE_PEM) { EncryptedInfo info;