mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into ti

Browse Source
This commit is contained in:
toddouska 2014-06-19 16:01:35 -07:00
commit 4fe938cf3a
3 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
ctaocrypt/src/pkcs7.c
View File

@ -508,8 +508,12 @@ int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
esd.outerSeqSz = SetSequence(totalSz, esd.outerSeq); esd.outerSeqSz = SetSequence(totalSz, esd.outerSeq);
totalSz += esd.outerSeqSz; totalSz += esd.outerSeqSz;
if (outputSz < totalSz) if (outputSz < totalSz) {
if (flatSignedAttribs)
XFREE(flatSignedAttribs, 0, NULL);
return BUFFER_E; return BUFFER_E;
}
idx = 0; idx = 0;
XMEMCPY(output + idx, esd.outerSeq, esd.outerSeqSz); XMEMCPY(output + idx, esd.outerSeq, esd.outerSeqSz);
@ -845,12 +849,16 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
issuerSerialSeq); issuerSerialSeq);
/* KeyEncryptionAlgorithmIdentifier, only support RSA now */ /* KeyEncryptionAlgorithmIdentifier, only support RSA now */
if (keyEncAlgo != RSAk) if (keyEncAlgo != RSAk) {
FreeDecodedCert(&decoded);
return ALGO_ID_E; return ALGO_ID_E;
}
keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, keyType, 0); keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, keyType, 0);
if (keyEncAlgSz == 0) if (keyEncAlgSz == 0) {
FreeDecodedCert(&decoded);
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
/* EncryptedKey */ /* EncryptedKey */
ret = InitRsaKey(&pubKey, 0); ret = InitRsaKey(&pubKey, 0);
@ -858,6 +866,7 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
if (RsaPublicKeyDecode(decoded.publicKey, &idx, &pubKey, if (RsaPublicKeyDecode(decoded.publicKey, &idx, &pubKey,
decoded.pubKeySize) < 0) { decoded.pubKeySize) < 0) {
CYASSL_MSG("ASN RSA key decode error"); CYASSL_MSG("ASN RSA key decode error");
FreeDecodedCert(&decoded);
return PUBLIC_KEY_E; return PUBLIC_KEY_E;
} }
@ -866,6 +875,7 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
FreeRsaKey(&pubKey); FreeRsaKey(&pubKey);
if (*keyEncSz < 0) { if (*keyEncSz < 0) {
CYASSL_MSG("RSA Public Encrypt failed"); CYASSL_MSG("RSA Public Encrypt failed");
FreeDecodedCert(&decoded);
return *keyEncSz; return *keyEncSz;
} }
@ -879,6 +889,7 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz + if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz +
keyEncAlgSz + encKeyOctetStrSz + *keyEncSz > (int)outSz) { keyEncAlgSz + encKeyOctetStrSz + *keyEncSz > (int)outSz) {
CYASSL_MSG("RecipientInfo output buffer too small"); CYASSL_MSG("RecipientInfo output buffer too small");
FreeDecodedCert(&decoded);
return BUFFER_E; return BUFFER_E;
} }
@ -1037,8 +1048,13 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
* adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */ * adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */
contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo, contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
blkType, ivOctetStringSz + DES_BLOCK_SIZE); blkType, ivOctetStringSz + DES_BLOCK_SIZE);
if (contentEncAlgoSz == 0)
if (contentEncAlgoSz == 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (dynamicFlag)
XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
/* encrypt content */ /* encrypt content */
if (pkcs7->encryptOID == DESb) { if (pkcs7->encryptOID == DESb) {
@ -1324,6 +1340,8 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
encryptedContent = XMALLOC(encryptedContentSz, NULL, encryptedContent = XMALLOC(encryptedContentSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (encryptedContent == NULL)
return MEMORY_E;
XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz); XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz);
@ -1331,8 +1349,10 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
keySz = RsaPrivateDecryptInline(encryptedKey, encryptedKeySz, keySz = RsaPrivateDecryptInline(encryptedKey, encryptedKeySz,
&decryptedKey, &privKey); &decryptedKey, &privKey);
FreeRsaKey(&privKey); FreeRsaKey(&privKey);
if (keySz <= 0) if (keySz <= 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return keySz; return keySz;
}
/* decrypt encryptedContent */ /* decrypt encryptedContent */
if (encOID == DESb) { if (encOID == DESb) {
@ -1361,6 +1381,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
} }
} else { } else {
CYASSL_MSG("Unsupported content encryption OID type"); CYASSL_MSG("Unsupported content encryption OID type");
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ALGO_ID_E; return ALGO_ID_E;
} }

3
src/internal.c
View File

@ -9856,7 +9856,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef OPENSSL_EXTRA #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
if (ssl->specs.kea == diffie_hellman_kea) { if (ssl->specs.kea == diffie_hellman_kea) {
byte *output; byte *output;
word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
@ -11453,6 +11453,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
(void)out; (void)out;
(void)input; (void)input;
(void)size; (void)size;
(void)begin;
if (ssl->options.side != CYASSL_SERVER_END) { if (ssl->options.side != CYASSL_SERVER_END) {
CYASSL_MSG("Client received client keyexchange, attack?"); CYASSL_MSG("Client received client keyexchange, attack?");

11
src/ssl.c
View File

@ -10388,6 +10388,7 @@ static int initGlobalRNG = 0;
} }
#endif /* NO_DSA */ #endif /* NO_DSA */
#ifndef NO_RSA
static void InitCyaSSL_Rsa(CYASSL_RSA* rsa) static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
{ {
if (rsa) { if (rsa) {
@ -10463,8 +10464,10 @@ static int initGlobalRNG = 0;
XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
} }
} }
#endif /* NO_RSA */
#if !defined(NO_RSA) || !defined(NO_DSA)
static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi) static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi)
{ {
CYASSL_MSG("Entering SetIndividualExternal"); CYASSL_MSG("Entering SetIndividualExternal");
@ -10489,6 +10492,7 @@ static int initGlobalRNG = 0;
return 0; return 0;
} }
#endif /* !NO_RSA && !NO_DSA */
#ifndef NO_DSA #ifndef NO_DSA
@ -10536,6 +10540,7 @@ static int initGlobalRNG = 0;
#endif /* NO_DSA */ #endif /* NO_DSA */
#ifndef NO_RSA
static int SetRsaExternal(CYASSL_RSA* rsa) static int SetRsaExternal(CYASSL_RSA* rsa)
{ {
RsaKey* key; RsaKey* key;
@ -10685,6 +10690,7 @@ static int initGlobalRNG = 0;
return CyaSSL_BN_num_bytes(rsa->n); return CyaSSL_BN_num_bytes(rsa->n);
} }
#endif /* NO_RSA */
#ifndef NO_DSA #ifndef NO_DSA
@ -10726,6 +10732,7 @@ static int initGlobalRNG = 0;
#endif /* NO_DSA */ #endif /* NO_DSA */
#ifndef NO_RSA
/* return SSL_SUCCES on ok, 0 otherwise */ /* return SSL_SUCCES on ok, 0 otherwise */
int CyaSSL_RSA_sign(int type, const unsigned char* m, int CyaSSL_RSA_sign(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet, unsigned int mLen, unsigned char* sigRet,
@ -10857,6 +10864,7 @@ static int initGlobalRNG = 0;
else else
return SSL_FATAL_ERROR; return SSL_FATAL_ERROR;
} }
#endif /* NO_RSA */
void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen, void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen,
@ -11217,7 +11225,7 @@ static int initGlobalRNG = 0;
#ifndef NO_RSA
/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */ /* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz) int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
{ {
@ -11246,6 +11254,7 @@ int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
return SSL_SUCCESS; return SSL_SUCCESS;
} }
#endif /* NO_RSA */
#ifndef NO_DSA #ifndef NO_DSA