From bbc9bc5e2c21e7a8403d7ff443fb95c88e863685 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 7 Jan 2022 12:40:31 -0600 Subject: [PATCH 01/34] wolfcrypt/src/port/kcapi/kcapi_hmac.c: fix memory leak in wc_HmacSetKey() (fixes #4731). --- wolfcrypt/src/port/kcapi/kcapi_hmac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/port/kcapi/kcapi_hmac.c b/wolfcrypt/src/port/kcapi/kcapi_hmac.c index 5d4538d3a..4e96839fc 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_hmac.c +++ b/wolfcrypt/src/port/kcapi/kcapi_hmac.c @@ -102,7 +102,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) const char* ciphername = NULL; if ((hmac == NULL || (key == NULL && length != 0))) { - ret = BAD_FUNC_ARG; + return BAD_FUNC_ARG; } #ifdef HAVE_FIPS @@ -183,7 +183,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) hmac->macType = type; } - if (ret == 0 && hmac->handle == NULL) { + if (hmac->handle != NULL) { kcapi_md_destroy(hmac->handle); hmac->handle = NULL; } From a14982b0790347989c7ba0b162e66eaaf86bc740 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 7 Jan 2022 21:36:24 -0600 Subject: [PATCH 02/34] configure.ac: add ENABLED_WPAS to the config summary. --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index 0859d5c8b..fc7222e39 100644 --- a/configure.ac +++ b/configure.ac @@ -7736,6 +7736,7 @@ echo " * MEMORY: $ENABLED_MEMORY" echo " * I/O POOL: $ENABLED_IOPOOL" echo " * wolfSentry: $ENABLED_WOLFSENTRY" echo " * LIGHTY: $ENABLED_LIGHTY" +echo " * WPA Supplicant: $ENABLED_WPAS" echo " * HAPROXY: $ENABLED_HAPROXY" echo " * STUNNEL: $ENABLED_STUNNEL" echo " * tcpdump: $ENABLED_TCPDUMP" From ff4c6e5d7b861b0ad17f322fcc4af504c26ab8a5 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 7 Jan 2022 22:39:38 -0600 Subject: [PATCH 03/34] linuxkm: relocate WOLFSSL_LINUXKM code in wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/memory.c to linuxkm/{linuxkm_wc_port.h,linuxkm_memory.c}, and gate SIMD in IRQ handlers on -DLINUXKM_SIMD_IRQ in prep for Linux 5.16; linuxkm: when -DWOLFCRYPT_ONLY, don't include ssl.h in module_exports.c.template and module_hooks.c, and fix gating to work right with that; wolfssl/wolfcrypt/types.h: add support for a WOLFSSL_XFREE_NO_NULLNESS_CHECK gate (used in cppcheck analysis). --- .gitignore | 1 + linuxkm/Kbuild | 2 +- linuxkm/include.am | 4 +- linuxkm/linuxkm_memory.c | 307 +++++++++++++++ linuxkm/linuxkm_wc_port.h | 623 ++++++++++++++++++++++++++++++ linuxkm/module_exports.c.template | 9 +- linuxkm/module_hooks.c | 36 +- wolfcrypt/src/memory.c | 201 +--------- wolfssl/wolfcrypt/types.h | 42 +- wolfssl/wolfcrypt/wc_port.h | 569 +-------------------------- 10 files changed, 1008 insertions(+), 786 deletions(-) create mode 100644 linuxkm/linuxkm_memory.c create mode 100644 linuxkm/linuxkm_wc_port.h diff --git a/.gitignore b/.gitignore index 31e9b4a56..c42f7c3a5 100644 --- a/.gitignore +++ b/.gitignore @@ -227,6 +227,7 @@ IDE/MDK-ARM/LPC43xx/LPC43xx/ !linuxkm/Makefile /Kbuild linuxkm/*.ko +linuxkm/*.ko.signed linuxkm/Module.symvers linuxkm/built-in.a linuxkm/modules.order diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 50c44f43c..02c3eab5d 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -29,7 +29,7 @@ ifeq "$(WOLFSSL_CFLAGS)" "" $(error $$WOLFSSL_CFLAGS is unset.) endif -WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) +WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -isystem $(shell $(CC) -print-file-name=include) ifeq "$(KERNEL_ARCH)" "x86" WOLFSSL_CFLAGS += -mpreferred-stack-boundary=4 diff --git a/linuxkm/include.am b/linuxkm/include.am index 130670900..cec11ad2d 100644 --- a/linuxkm/include.am +++ b/linuxkm/include.am @@ -10,4 +10,6 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \ linuxkm/module_exports.c.template \ linuxkm/pie_first.c \ linuxkm/pie_redirect_table.c \ - linuxkm/pie_last.c + linuxkm/pie_last.c \ + linuxkm/linuxkm_memory.c \ + linuxkm/linuxkm_wc_port.h diff --git a/linuxkm/linuxkm_memory.c b/linuxkm/linuxkm_memory.c new file mode 100644 index 000000000..34e2b3082 --- /dev/null +++ b/linuxkm/linuxkm_memory.c @@ -0,0 +1,307 @@ +/* linuxkm_memory.c + * + * Copyright (C) 2006-2021 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* included by wolfcrypt/src/memory.c */ + +#if defined(WOLFSSL_LINUXKM_SIMD_X86) + #ifdef LINUXKM_SIMD_IRQ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0) + static union fpregs_state **wolfcrypt_linuxkm_fpu_states = NULL; + #else + static struct fpstate **wolfcrypt_linuxkm_fpu_states = NULL; + #endif + #else + static unsigned int *wolfcrypt_linuxkm_fpu_states = NULL; + #endif + + static WARN_UNUSED_RESULT inline int am_in_hard_interrupt_handler(void) + { + return (preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0; + } + + WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void) + { + #ifdef LINUXKM_SIMD_IRQ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0) + wolfcrypt_linuxkm_fpu_states = + (union fpregs_state **)kzalloc(nr_cpu_ids + * sizeof(struct fpu_state *), + GFP_KERNEL); + #else + wolfcrypt_linuxkm_fpu_states = + (struct fpstate **)kzalloc(nr_cpu_ids + * sizeof(struct fpstate *), + GFP_KERNEL); + #endif + #else + wolfcrypt_linuxkm_fpu_states = + (unsigned int *)kzalloc(nr_cpu_ids * sizeof(unsigned int), + GFP_KERNEL); + #endif + + if (! wolfcrypt_linuxkm_fpu_states) { + pr_err("warning, allocation of %lu bytes for " + "wolfcrypt_linuxkm_fpu_states failed.\n", + nr_cpu_ids * sizeof(struct fpu_state *)); + return MEMORY_E; + } +#ifdef LINUXKM_SIMD_IRQ + { + typeof(nr_cpu_ids) i; + for (i=0; istate, which + * has stringent alignment requirements (64 byte cache + * line), but takes a pointer to the parent struct. work + * around this. + */ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) + struct fpu *fake_fpu_pointer = + (struct fpu *)(((char *)wolfcrypt_linuxkm_fpu_states[processor_id]) + - offsetof(struct fpu, state)); + copy_fpregs_to_fpstate(fake_fpu_pointer); + #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0) + struct fpu *fake_fpu_pointer = + (struct fpu *)(((char *)wolfcrypt_linuxkm_fpu_states[processor_id]) + - offsetof(struct fpu, state)); + save_fpregs_to_fpstate(fake_fpu_pointer); + #else + struct fpu *fake_fpu_pointer = + (struct fpu *)(((char *)wolfcrypt_linuxkm_fpu_states[processor_id]) + - offsetof(struct fpu, fpstate)); + save_fpregs_to_fpstate(fake_fpu_pointer); + #endif + } + /* mark the slot as used. */ + ((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] = 1; + /* note, not preempt_enable()ing, mirroring kernel_fpu_begin() + * semantics, even though routine will have been entered already + * non-preemptable. + */ + return 0; + } else +#endif /* LINUXKM_SIMD_IRQ */ + { + preempt_enable(); + return BAD_STATE_E; + } + } else { + + /* allow for nested calls */ +#ifdef LINUXKM_SIMD_IRQ + if (((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] != 0) { + if (((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] == 255) { + preempt_enable(); + pr_err("save_vector_registers_x86 recursion register overflow for " + "cpu id %d.\n", processor_id); + return BAD_STATE_E; + } else { + ++((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1]; + return 0; + } + } + kernel_fpu_begin(); + preempt_enable(); /* kernel_fpu_begin() does its own + * preempt_disable(). decrement ours. + */ + ((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] = 1; +#else /* !LINUXKM_SIMD_IRQ */ + if (wolfcrypt_linuxkm_fpu_states[processor_id] != 0) { + if (wolfcrypt_linuxkm_fpu_states[processor_id] == ~0U) { + preempt_enable(); + pr_err("save_vector_registers_x86 recursion register overflow for " + "cpu id %d.\n", processor_id); + return BAD_STATE_E; + } else { + ++wolfcrypt_linuxkm_fpu_states[processor_id]; + return 0; + } + } + kernel_fpu_begin(); + preempt_enable(); /* kernel_fpu_begin() does its own + * preempt_disable(). decrement ours. + */ + wolfcrypt_linuxkm_fpu_states[processor_id] = 1; +#endif /* !LINUXKM_SIMD_IRQ */ + + return 0; + } + } + void restore_vector_registers_x86(void) + { + int processor_id = smp_processor_id(); + + if ((wolfcrypt_linuxkm_fpu_states == NULL) +#ifdef LINUXKM_SIMD_IRQ + || (wolfcrypt_linuxkm_fpu_states[processor_id] == NULL) +#endif + ) + { + pr_err("restore_vector_registers_x86 called for cpu id %d " + "with null context buffer.\n", processor_id); + return; + } + +#ifdef LINUXKM_SIMD_IRQ + if (((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] == 0) + { + pr_err("restore_vector_registers_x86 called for cpu id %d " + "without saved context.\n", processor_id); + return; + } + + if (--((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] > 0) { + preempt_enable(); /* preempt_disable count will still be nonzero after this decrement. */ + return; + } + + if (am_in_hard_interrupt_handler()) { + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) + copy_kernel_to_fpregs(wolfcrypt_linuxkm_fpu_states[processor_id]); + #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0) + __restore_fpregs_from_fpstate(wolfcrypt_linuxkm_fpu_states[processor_id], + xfeatures_mask_all); + #else + restore_fpregs_from_fpstate(wolfcrypt_linuxkm_fpu_states[processor_id], + fpu_kernel_cfg.max_features); + #endif + preempt_enable(); + } else { + kernel_fpu_end(); + } +#else /* !LINUXKM_SIMD_IRQ */ + if (wolfcrypt_linuxkm_fpu_states[processor_id] == 0) + { + pr_err("restore_vector_registers_x86 called for cpu id %d " + "without saved context.\n", processor_id); + return; + } + + if (--wolfcrypt_linuxkm_fpu_states[processor_id] > 0) { + preempt_enable(); /* preempt_disable count will still be nonzero after this decrement. */ + return; + } + + kernel_fpu_end(); +#endif /* !LINUXKM_SIMD_IRQ */ + + return; + } +#endif /* WOLFSSL_LINUXKM_SIMD_X86 && WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED */ diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h new file mode 100644 index 000000000..3adaaba2b --- /dev/null +++ b/linuxkm/linuxkm_wc_port.h @@ -0,0 +1,623 @@ +/* linuxkm_wc_port.h + * + * Copyright (C) 2006-2022 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* included by wolfssl/wolfcrypt/wc_port.h */ + +#ifndef LINUXKM_WC_PORT_H +#define LINUXKM_WC_PORT_H + + #ifdef HAVE_CONFIG_H + #ifndef PACKAGE_NAME + #error wc_port.h included before config.h + #endif + /* config.h is autogenerated without gating, and is subject to repeat + * inclusions, so gate it out here to keep autodetection masking + * intact: + */ + #undef HAVE_CONFIG_H + #endif + + #ifdef BUILDING_WOLFSSL + + #if defined(CONFIG_MIPS) && defined(HAVE_LINUXKM_PIE_SUPPORT) + /* __ZBOOT__ disables some unhelpful macros around the mem*() funcs in + * legacy arch/mips/include/asm/string.h + */ + #define __ZBOOT__ + #define memcmp __builtin_memcmp + #define __ARCH_MEMCMP_NO_REDIRECT + #define __ARCH_MEMCPY_NO_REDIRECT + #define __builtin_memcpy memcpy + extern void *memcpy(void *dest, const void *src, unsigned int n); + #define __ARCH_MEMCPY_NO_REDIRECT + #define __builtin_memset memset + extern void *memset(void *dest, int c, unsigned int n); + #endif + + _Pragma("GCC diagnostic push"); + + /* we include all the needed kernel headers with these masked out. else + * there are profuse warnings. + */ + _Pragma("GCC diagnostic ignored \"-Wunused-parameter\""); + _Pragma("GCC diagnostic ignored \"-Wpointer-arith\""); + _Pragma("GCC diagnostic ignored \"-Wshadow\""); + _Pragma("GCC diagnostic ignored \"-Wnested-externs\""); + _Pragma("GCC diagnostic ignored \"-Wredundant-decls\""); + _Pragma("GCC diagnostic ignored \"-Wsign-compare\""); + _Pragma("GCC diagnostic ignored \"-Wpointer-sign\""); + _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\""); + _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\""); + _Pragma("GCC diagnostic ignored \"-Wtype-limits\""); + _Pragma("GCC diagnostic ignored \"-Wswitch-enum\""); + + /* suppress inclusion of stdint-gcc.h to avoid conflicts with Linux native include/linux/types.h: */ + #define _GCC_STDINT_H + #define WC_PTR_TYPE uintptr_t + + #include + #include + #include + #include + #include + #include + #ifdef __PIE__ + /* without this, mm.h brings in static, but not inline, pmd_to_page(), + * with direct references to global vmem variables. + */ + #undef USE_SPLIT_PMD_PTLOCKS + #define USE_SPLIT_PMD_PTLOCKS 0 + #endif + #include + #ifndef SINGLE_THREADED + #include + #endif + #include + #include + #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM) + #ifndef CONFIG_X86 + #error X86 SIMD extensions requested, but CONFIG_X86 is not set. + #endif + #define WOLFSSL_LINUXKM_SIMD + #define WOLFSSL_LINUXKM_SIMD_X86 + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + #include + #else + #include + #endif + #ifdef LINUXKM_SIMD_IRQ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 0, 0) + #include + #endif + #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0) + #error LINUXKM_SIMD_IRQ is unavailable on linux >= 5.16 (missing exports around fpregs) + /* + * #include + * #include + */ + #endif + #endif + #ifndef SAVE_VECTOR_REGISTERS + #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_x86(); if (_svr_ret != 0) { fail_clause } } + #endif + #ifndef RESTORE_VECTOR_REGISTERS + #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86() + #endif + #elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \ + defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\ + defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) + #if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64) + #error ARM SIMD extensions requested, but CONFIG_ARM* is not set. + #endif + #define WOLFSSL_LINUXKM_SIMD + #define WOLFSSL_LINUXKM_SIMD_ARM + #include + #ifndef SAVE_VECTOR_REGISTERS + #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } } + #endif + #ifndef RESTORE_VECTOR_REGISTERS + #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm() + #endif + #ifdef LINUXKM_SIMD_IRQ + #error LINUXKM_SIMD_IRQ is unavailable on ARM (not implemented) + #endif + #else + #ifndef WOLFSSL_NO_ASM + #define WOLFSSL_NO_ASM + #endif + #endif + + _Pragma("GCC diagnostic pop"); + + /* the kernel uses -std=c89, but not -pedantic, and makes full use of anon + * structs/unions, so we should too. + */ + #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 + + #define NO_THREAD_LS + #define NO_ATTRIBUTE_CONSTRUCTOR + + /* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) + #define HAVE_KVMALLOC + #endif + + #ifdef HAVE_FIPS + extern int wolfCrypt_FIPS_first(void); + extern int wolfCrypt_FIPS_last(void); + #endif + + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) + /* work around backward dependency of asn.c on ssl.c. */ + struct Signer; + struct Signer *GetCA(void *signers, unsigned char *hash); + #ifndef NO_SKID + struct Signer *GetCAByName(void* signers, unsigned char *hash); + #endif + #endif + + #if defined(__PIE__) && !defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE) + #error "compiling -fPIE without PIE support." + #endif + + #if defined(HAVE_FIPS) && !defined(HAVE_LINUXKM_PIE_SUPPORT) + #error "FIPS build requires PIE support." + #endif + + #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE + +#ifdef CONFIG_MIPS + #undef __ARCH_MEMCMP_NO_REDIRECT + #undef memcmp + extern int memcmp(const void *s1, const void *s2, size_t n); +#endif + + struct wolfssl_linuxkm_pie_redirect_table { + #ifndef __ARCH_MEMCMP_NO_REDIRECT + typeof(memcmp) *memcmp; + #endif + #ifndef __ARCH_MEMCPY_NO_REDIRECT + typeof(memcpy) *memcpy; + #endif + #ifndef __ARCH_MEMSET_NO_REDIRECT + typeof(memset) *memset; + #endif + #ifndef __ARCH_MEMMOVE_NO_REDIRECT + typeof(memmove) *memmove; + #endif + #ifndef __ARCH_STRNCMP_NO_REDIRECT + typeof(strncmp) *strncmp; + #endif + #ifndef __ARCH_STRLEN_NO_REDIRECT + typeof(strlen) *strlen; + #endif + #ifndef __ARCH_STRSTR_NO_REDIRECT + typeof(strstr) *strstr; + #endif + #ifndef __ARCH_STRNCPY_NO_REDIRECT + typeof(strncpy) *strncpy; + #endif + #ifndef __ARCH_STRNCAT_NO_REDIRECT + typeof(strncat) *strncat; + #endif + #ifndef __ARCH_STRNCASECMP_NO_REDIRECT + typeof(strncasecmp) *strncasecmp; + #endif + typeof(kstrtoll) *kstrtoll; + + #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) + typeof(_printk) *_printk; + #else + typeof(printk) *printk; + #endif + typeof(snprintf) *snprintf; + + const unsigned char *_ctype; + + typeof(kmalloc) *kmalloc; + typeof(kfree) *kfree; + typeof(ksize) *ksize; + typeof(krealloc) *krealloc; + #ifdef HAVE_KVMALLOC + typeof(kvmalloc_node) *kvmalloc_node; + typeof(kvfree) *kvfree; + #endif + typeof(is_vmalloc_addr) *is_vmalloc_addr; + typeof(kmem_cache_alloc_trace) *kmem_cache_alloc_trace; + typeof(kmalloc_order_trace) *kmalloc_order_trace; + + typeof(get_random_bytes) *get_random_bytes; + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + typeof(getnstimeofday) *getnstimeofday; + #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) + typeof(current_kernel_time64) *current_kernel_time64; + #else + typeof(ktime_get_coarse_real_ts64) *ktime_get_coarse_real_ts64; + #endif + + struct task_struct *(*get_current)(void); + int (*preempt_count)(void); + + #ifdef WOLFSSL_LINUXKM_SIMD_X86 + typeof(irq_fpu_usable) *irq_fpu_usable; + /* kernel_fpu_begin() replaced by kernel_fpu_begin_mask() in commit e4512289, + * released in kernel 5.11, backported to 5.4.93 + */ + #ifdef kernel_fpu_begin + typeof(kernel_fpu_begin_mask) *kernel_fpu_begin_mask; + #else + typeof(kernel_fpu_begin) *kernel_fpu_begin; + #endif + typeof(kernel_fpu_end) *kernel_fpu_end; + + #ifdef LINUXKM_SIMD_IRQ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) + typeof(copy_fpregs_to_fpstate) *copy_fpregs_to_fpstate; + typeof(copy_kernel_to_fpregs) *copy_kernel_to_fpregs; + #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0) + typeof(save_fpregs_to_fpstate) *save_fpregs_to_fpstate; + typeof(__restore_fpregs_from_fpstate) *__restore_fpregs_from_fpstate; + typeof(xfeatures_mask_all) *xfeatures_mask_all; + /* + * #else + * typeof(save_fpregs_to_fpstate) *save_fpregs_to_fpstate; + * typeof(restore_fpregs_from_fpstate) *restore_fpregs_from_fpstate; + * typeof(fpu_kernel_cfg) *fpu_kernel_cfg; + */ + #endif + #endif + typeof(cpu_number) *cpu_number; + typeof(nr_cpu_ids) *nr_cpu_ids; + + #endif /* WOLFSSL_LINUXKM_SIMD_X86 */ + + typeof(__mutex_init) *__mutex_init; + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + typeof(mutex_lock_nested) *mutex_lock_nested; + #else + typeof(mutex_lock) *mutex_lock; + #endif + typeof(mutex_unlock) *mutex_unlock; + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + typeof(mutex_destroy) *mutex_destroy; + #endif + + #ifdef HAVE_FIPS + typeof(wolfCrypt_FIPS_first) *wolfCrypt_FIPS_first; + typeof(wolfCrypt_FIPS_last) *wolfCrypt_FIPS_last; + #endif + + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) + typeof(GetCA) *GetCA; + #ifndef NO_SKID + typeof(GetCAByName) *GetCAByName; + #endif + #endif + + const void *_last_slot; + }; + + extern const struct wolfssl_linuxkm_pie_redirect_table *wolfssl_linuxkm_get_pie_redirect_table(void); + + #ifdef __PIE__ + + #ifndef __ARCH_MEMCMP_NO_REDIRECT + #define memcmp (wolfssl_linuxkm_get_pie_redirect_table()->memcmp) + #endif + #ifndef __ARCH_MEMCPY_NO_REDIRECT + #define memcpy (wolfssl_linuxkm_get_pie_redirect_table()->memcpy) + #endif + #ifndef __ARCH_MEMSET_NO_REDIRECT + #define memset (wolfssl_linuxkm_get_pie_redirect_table()->memset) + #endif + #ifndef __ARCH_MEMMOVE_NO_REDIRECT + #define memmove (wolfssl_linuxkm_get_pie_redirect_table()->memmove) + #endif + #ifndef __ARCH_STRNCMP_NO_REDIRECT + #define strncmp (wolfssl_linuxkm_get_pie_redirect_table()->strncmp) + #endif + #ifndef __ARCH_STRLEN_NO_REDIRECT + #define strlen (wolfssl_linuxkm_get_pie_redirect_table()->strlen) + #endif + #ifndef __ARCH_STRSTR_NO_REDIRECT + #define strstr (wolfssl_linuxkm_get_pie_redirect_table()->strstr) + #endif + #ifndef __ARCH_STRNCPY_NO_REDIRECT + #define strncpy (wolfssl_linuxkm_get_pie_redirect_table()->strncpy) + #endif + #ifndef __ARCH_STRNCAT_NO_REDIRECT + #define strncat (wolfssl_linuxkm_get_pie_redirect_table()->strncat) + #endif + #ifndef __ARCH_STRNCASECMP_NO_REDIRECT + #define strncasecmp (wolfssl_linuxkm_get_pie_redirect_table()->strncasecmp) + #endif + #define kstrtoll (wolfssl_linuxkm_get_pie_redirect_table()->kstrtoll) + + #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) + #define _printk (wolfssl_linuxkm_get_pie_redirect_table()->_printk) + #else + #define printk (wolfssl_linuxkm_get_pie_redirect_table()->printk) + #endif + #define snprintf (wolfssl_linuxkm_get_pie_redirect_table()->snprintf) + + #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype) + + #define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc) + #define kfree (wolfssl_linuxkm_get_pie_redirect_table()->kfree) + #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize) + #define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc) + #define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO) + #ifdef HAVE_KVMALLOC + #define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node) + #define kvfree (wolfssl_linuxkm_get_pie_redirect_table()->kvfree) + #endif + #define is_vmalloc_addr (wolfssl_linuxkm_get_pie_redirect_table()->is_vmalloc_addr) + #define kmem_cache_alloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmem_cache_alloc_trace) + #define kmalloc_order_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_order_trace) + + #define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes) + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + #define getnstimeofday (wolfssl_linuxkm_get_pie_redirect_table()->getnstimeofday) + #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) + #define current_kernel_time64 (wolfssl_linuxkm_get_pie_redirect_table()->current_kernel_time64) + #else + #define ktime_get_coarse_real_ts64 (wolfssl_linuxkm_get_pie_redirect_table()->ktime_get_coarse_real_ts64) + #endif + + #undef get_current + #define get_current (wolfssl_linuxkm_get_pie_redirect_table()->get_current) + #undef preempt_count + #define preempt_count (wolfssl_linuxkm_get_pie_redirect_table()->preempt_count) + + #ifdef WOLFSSL_LINUXKM_SIMD_X86 + #define irq_fpu_usable (wolfssl_linuxkm_get_pie_redirect_table()->irq_fpu_usable) + #ifdef kernel_fpu_begin + #define kernel_fpu_begin_mask (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin_mask) + #else + #define kernel_fpu_begin (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin) + #endif + #define kernel_fpu_end (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_end) + #ifdef LINUXKM_SIMD_IRQ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) + #define copy_fpregs_to_fpstate (wolfssl_linuxkm_get_pie_redirect_table()->copy_fpregs_to_fpstate) + #define copy_kernel_to_fpregs (wolfssl_linuxkm_get_pie_redirect_table()->copy_kernel_to_fpregs) + #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0) + #define save_fpregs_to_fpstate (wolfssl_linuxkm_get_pie_redirect_table()->save_fpregs_to_fpstate) + #define __restore_fpregs_from_fpstate (wolfssl_linuxkm_get_pie_redirect_table()->__restore_fpregs_from_fpstate) + #define xfeatures_mask_all (*(wolfssl_linuxkm_get_pie_redirect_table()->xfeatures_mask_all)) + /* + * #else + * #define save_fpregs_to_fpstate (wolfssl_linuxkm_get_pie_redirect_table()->save_fpregs_to_fpstate) + * #define restore_fpregs_from_fpstate (wolfssl_linuxkm_get_pie_redirect_table()->restore_fpregs_from_fpstate) + * #define fpu_kernel_cfg (*(wolfssl_linuxkm_get_pie_redirect_table()->fpu_kernel_cfg)) + */ + #endif + #endif + #define cpu_number (*(wolfssl_linuxkm_get_pie_redirect_table()->cpu_number)) + #define nr_cpu_ids (*(wolfssl_linuxkm_get_pie_redirect_table()->nr_cpu_ids)) + #endif + + #define __mutex_init (wolfssl_linuxkm_get_pie_redirect_table()->__mutex_init) + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + #define mutex_lock_nested (wolfssl_linuxkm_get_pie_redirect_table()->mutex_lock_nested) + #else + #define mutex_lock (wolfssl_linuxkm_get_pie_redirect_table()->mutex_lock) + #endif + #define mutex_unlock (wolfssl_linuxkm_get_pie_redirect_table()->mutex_unlock) + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + #define mutex_destroy (wolfssl_linuxkm_get_pie_redirect_table()->mutex_destroy) + #endif + + /* per linux/ctype.h, tolower() and toupper() are macros bound to static inlines + * that use macros that bring in the _ctype global. for __PIE__, this needs to + * be masked out. + */ + #undef tolower + #undef toupper + #define tolower(c) (islower(c) ? (c) : ((c) + ('a'-'A'))) + #define toupper(c) (isupper(c) ? (c) : ((c) - ('a'-'A'))) + + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) + #define GetCA (wolfssl_linuxkm_get_pie_redirect_table()->GetCA) + #ifndef NO_SKID + #define GetCAByName (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByName) + #endif + #endif + + #endif /* __PIE__ */ + + #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */ + +#ifdef WOLFSSL_LINUXKM_SIMD + +#ifdef WOLFSSL_LINUXKM_SIMD_X86 + + extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void); + extern void free_wolfcrypt_linuxkm_fpu_states(void); + extern __must_check int save_vector_registers_x86(void); + extern void restore_vector_registers_x86(void); + +#elif defined(CONFIG_ARM) || defined(CONFIG_ARM64) + + #error kernel module ARM SIMD is not yet tested or usable. + + static WARN_UNUSED_RESULT inline int save_vector_registers_arm(void) + { + preempt_disable(); + if (! may_use_simd()) { + preempt_enable(); + return BAD_STATE_E; + } else { + fpsimd_preserve_current_state(); + return 0; + } + } + static inline void restore_vector_registers_arm(void) + { + fpsimd_restore_current_state(); + preempt_enable(); + } + +#endif + +#endif /* WOLFSSL_LINUXKM_SIMD */ + + /* Linux headers define these using C expressions, but we need + * them to be evaluable by the preprocessor, for use in sp_int.h. + */ + #if BITS_PER_LONG == 64 + _Static_assert(sizeof(ULONG_MAX) == 8, "BITS_PER_LONG is 64, but ULONG_MAX is not."); + + #undef UCHAR_MAX + #define UCHAR_MAX 255 + #undef USHRT_MAX + #define USHRT_MAX 65535 + #undef UINT_MAX + #define UINT_MAX 4294967295U + #undef ULONG_MAX + #define ULONG_MAX 18446744073709551615UL + #undef ULLONG_MAX + #define ULLONG_MAX ULONG_MAX + #undef INT_MAX + #define INT_MAX 2147483647 + #undef LONG_MAX + #define LONG_MAX 9223372036854775807L + #undef LLONG_MAX + #define LLONG_MAX LONG_MAX + + #elif BITS_PER_LONG == 32 + + _Static_assert(sizeof(ULONG_MAX) == 4, "BITS_PER_LONG is 32, but ULONG_MAX is not."); + + #undef UCHAR_MAX + #define UCHAR_MAX 255 + #undef USHRT_MAX + #define USHRT_MAX 65535 + #undef UINT_MAX + #define UINT_MAX 4294967295U + #undef ULONG_MAX + #define ULONG_MAX 4294967295UL + #undef INT_MAX + #define INT_MAX 2147483647 + #undef LONG_MAX + #define LONG_MAX 2147483647L + + #undef ULLONG_MAX + #undef LLONG_MAX + #if BITS_PER_LONG_LONG == 64 + #define ULLONG_MAX 18446744073709551615UL + #define LLONG_MAX 9223372036854775807L + #else + #undef NO_64BIT + #define NO_64BIT + #define ULLONG_MAX ULONG_MAX + #define LLONG_MAX LONG_MAX + #endif + +#else + #error unexpected BITS_PER_LONG value. +#endif + + /* remove this multifariously conflicting macro, picked up from + * Linux arch//include/asm/current.h. + */ + #ifndef WOLFSSL_NEED_LINUX_CURRENT + #undef current + #endif + + /* prevent gcc's mm_malloc.h from being included, since it unconditionally + * includes stdlib.h, which is kernel-incompatible. + */ + #define _MM_MALLOC_H_INCLUDED + + #ifdef HAVE_KVMALLOC + #define malloc(x) kvmalloc_node(x, GFP_KERNEL, NUMA_NO_NODE) + #define free(x) kvfree(x) + void *lkm_realloc(void *ptr, size_t newsize); + #define realloc(x, y) lkm_realloc(x, y) + #else + #define malloc(x) kmalloc(x, GFP_KERNEL) + #define free(x) kfree(x) + #define realloc(x,y) krealloc(x, y, GFP_KERNEL) + #endif + + /* min() and max() in linux/kernel.h over-aggressively type-check, producing + * myriad spurious -Werrors throughout the codebase. + */ + #undef min + #undef max + + /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType) + * and linux/key.h (extern int()). + */ + #define key_update wc_key_update + + #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args) + #define printf(...) lkm_printf(__VA_ARGS__) + + #ifdef HAVE_FIPS + extern void fipsEntry(void); + #endif + + /* suppress false-positive "writing 1 byte into a region of size 0" warnings + * building old kernels with new gcc: + */ + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + _Pragma("GCC diagnostic ignored \"-Wstringop-overflow\""); + #endif + + /* includes are all above, with incompatible warnings masked out. */ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) + typedef __kernel_time_t time_t; + #else + typedef __kernel_time64_t time_t; + #endif + extern time_t time(time_t * timer); + #define XTIME time + #define WOLFSSL_GMTIME + #define XGMTIME(c, t) gmtime(c) + #define NO_TIMEVAL 1 + + #define XMALLOC(s, h, t) ({(void)(h); (void)(t); kmalloc(s, GFP_KERNEL);}) + #define XFREE(p, h, t) ({void* _xp; (void)(h); _xp = (p); if(_xp) kfree(_xp);}) + #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); krealloc((p), (n), GFP_KERNEL);}) + + #endif /* BUILDING_WOLFSSL */ + + /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */ + #define XSNPRINTF snprintf + + /* the rigmarole around kstrtoll() here is to accommodate its warn-unused-result attribute. */ + /* also needed to suppress inclusion of stdlib.h in wolfssl/wolfcrypt/types.h */ + #define XATOI(s) ({ \ + long long _xatoi_res = 0; \ + int _xatoi_ret = kstrtoll(s, 10, &_xatoi_res); \ + if (_xatoi_ret != 0) { \ + _xatoi_res = 0; \ + } \ + (int)_xatoi_res; \ + }) + + #define WOLFSSL_KTHREADS + + typedef struct mutex wolfSSL_Mutex; + +#endif /* LINUXKM_WC_PORT_H */ diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template index 9e82ed06c..b7fc29e66 100644 --- a/linuxkm/module_exports.c.template +++ b/linuxkm/module_exports.c.template @@ -31,8 +31,10 @@ #endif #include -#include -#include +#ifndef WOLFCRYPT_ONLY + #include + #include +#endif #ifndef NO_CRYPT_TEST #include #include @@ -110,6 +112,9 @@ #ifdef HAVE_PKCS7 #include #endif +#ifdef HAVE_PKCS12 + #include +#endif #ifdef HAVE_FIPS #include #include diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 843296bd2..2f6da4a22 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -33,13 +33,17 @@ #include #include -#include +#ifdef WOLFCRYPT_ONLY + #include +#else + #include +#endif #ifdef HAVE_FIPS -#include + #include #endif #ifndef NO_CRYPT_TEST -#include -#include + #include + #include #endif static int libwolfssl_cleanup(void) { @@ -170,7 +174,7 @@ static int wolfssl_init(void) text_hash = 0; } - if ((pie_rodata_start < pie_rodata_end) && + if ((pie_rodata_start < pie_rodata_end) && // cppcheck-suppress comparePointers (pie_rodata_start >= (char *)THIS_MODULE_BASE + THIS_MODULE_TEXT_SIZE) && (pie_rodata_end - (char *)THIS_MODULE_BASE <= THIS_MODULE_RO_SIZE)) { @@ -414,13 +418,21 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { kernel_fpu_begin; #endif wolfssl_linuxkm_pie_redirect_table.kernel_fpu_end = kernel_fpu_end; - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) - wolfssl_linuxkm_pie_redirect_table.copy_fpregs_to_fpstate = my_copy_fpregs_to_fpstate; - wolfssl_linuxkm_pie_redirect_table.copy_kernel_to_fpregs = my_copy_kernel_to_fpregs; - #else - wolfssl_linuxkm_pie_redirect_table.save_fpregs_to_fpstate = save_fpregs_to_fpstate; - wolfssl_linuxkm_pie_redirect_table.__restore_fpregs_from_fpstate = __restore_fpregs_from_fpstate; - wolfssl_linuxkm_pie_redirect_table.xfeatures_mask_all = &xfeatures_mask_all; + #ifdef LINUXKM_SIMD_IRQ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) + wolfssl_linuxkm_pie_redirect_table.copy_fpregs_to_fpstate = my_copy_fpregs_to_fpstate; + wolfssl_linuxkm_pie_redirect_table.copy_kernel_to_fpregs = my_copy_kernel_to_fpregs; + #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0) + wolfssl_linuxkm_pie_redirect_table.save_fpregs_to_fpstate = save_fpregs_to_fpstate; + wolfssl_linuxkm_pie_redirect_table.__restore_fpregs_from_fpstate = __restore_fpregs_from_fpstate; + wolfssl_linuxkm_pie_redirect_table.xfeatures_mask_all = &xfeatures_mask_all; + /* + * #else + * wolfssl_linuxkm_pie_redirect_table.save_fpregs_to_fpstate = save_fpregs_to_fpstate; + * wolfssl_linuxkm_pie_redirect_table.restore_fpregs_from_fpstate = restore_fpregs_from_fpstate; + * wolfssl_linuxkm_pie_redirect_table.fpu_kernel_cfg = &fpu_kernel_cfg; + */ + #endif #endif wolfssl_linuxkm_pie_redirect_table.cpu_number = &cpu_number; wolfssl_linuxkm_pie_redirect_table.nr_cpu_ids = &nr_cpu_ids; diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 8b8fca3f8..1fd92151b 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -152,7 +152,7 @@ void* wolfSSL_Malloc(size_t size) #ifdef WOLFSSL_DEBUG_MEMORY #if defined(WOLFSSL_DEBUG_MEMORY_PRINT) && !defined(WOLFSSL_TRACK_MEMORY) - printf("Alloc: %p -> %u at %s:%d\n", res, (word32)size, func, line); + printf("Alloc: %p -> %u at %s:%u\n", res, (word32)size, func, line); #else (void)func; (void)line; @@ -193,7 +193,7 @@ void wolfSSL_Free(void *ptr) { #ifdef WOLFSSL_DEBUG_MEMORY #if defined(WOLFSSL_DEBUG_MEMORY_PRINT) && !defined(WOLFSSL_TRACK_MEMORY) - printf("Free: %p at %s:%d\n", ptr, func, line); + printf("Free: %p at %s:%u\n", ptr, func, line); #else (void)func; (void)line; @@ -1140,197 +1140,6 @@ void __attribute__((no_instrument_function)) } #endif -#if defined(WOLFSSL_LINUXKM_SIMD_X86) - static union fpregs_state **wolfcrypt_linuxkm_fpu_states = NULL; - - static WARN_UNUSED_RESULT inline int am_in_hard_interrupt_handler(void) - { - return (preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0; - } - - WARN_UNUSED_RESULT int allocate_wolfcrypt_linuxkm_fpu_states(void) - { - wolfcrypt_linuxkm_fpu_states = - (union fpregs_state **)kzalloc(nr_cpu_ids - * sizeof(struct fpu_state *), - GFP_KERNEL); - if (! wolfcrypt_linuxkm_fpu_states) { - pr_err("warning, allocation of %lu bytes for " - "wolfcrypt_linuxkm_fpu_states failed.\n", - nr_cpu_ids * sizeof(struct fpu_state *)); - return MEMORY_E; - } - { - typeof(nr_cpu_ids) i; - for (i=0; istate, which - * has stringent alignment requirements (64 byte cache - * line), but takes a pointer to the parent struct. work - * around this. - */ - struct fpu *fake_fpu_pointer = - (struct fpu *)(((char *)wolfcrypt_linuxkm_fpu_states[processor_id]) - - offsetof(struct fpu, state)); - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) - copy_fpregs_to_fpstate(fake_fpu_pointer); - #else - save_fpregs_to_fpstate(fake_fpu_pointer); - #endif - } - /* mark the slot as used. */ - ((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] = 1; - /* note, not preempt_enable()ing, mirroring kernel_fpu_begin() - * semantics, even though routine will have been entered already - * non-preemptable. - */ - return 0; - } else { - preempt_enable(); - return BAD_STATE_E; - } - } else { - - /* allow for nested calls */ - if (((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] != 0) { - if (((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] == 255) { - preempt_enable(); - pr_err("save_vector_registers_x86 recursion register overflow for " - "cpu id %d.\n", processor_id); - return BAD_STATE_E; - } else { - ++((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1]; - return 0; - } - } - - kernel_fpu_begin(); - preempt_enable(); /* kernel_fpu_begin() does its own - * preempt_disable(). decrement ours. - */ - ((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] = 1; - return 0; - } - } - void restore_vector_registers_x86(void) - { - int processor_id = smp_processor_id(); - - if ((wolfcrypt_linuxkm_fpu_states == NULL) || - (wolfcrypt_linuxkm_fpu_states[processor_id] == NULL)) - { - pr_err("restore_vector_registers_x86 called for cpu id %d " - "without null context buffer.\n", processor_id); - return; - } - - if (((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] == 0) - { - pr_err("restore_vector_registers_x86 called for cpu id %d " - "without saved context.\n", processor_id); - return; - } - - if (--((unsigned char *)wolfcrypt_linuxkm_fpu_states[processor_id])[PAGE_SIZE-1] > 0) { - preempt_enable(); /* preempt_disable count will still be nonzero after this decrement. */ - return; - } - - if (am_in_hard_interrupt_handler()) { - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) - copy_kernel_to_fpregs(wolfcrypt_linuxkm_fpu_states[processor_id]); - #else - __restore_fpregs_from_fpstate(wolfcrypt_linuxkm_fpu_states[processor_id], - xfeatures_mask_all); - #endif - preempt_enable(); - } else { - kernel_fpu_end(); - } - return; - } -#endif /* WOLFSSL_LINUXKM_SIMD_X86 && WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED */ +#ifdef WOLFSSL_LINUXKM + #include "../../linuxkm/linuxkm_memory.c" +#endif diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 5d17dfec7..1c97fdce2 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -415,7 +415,11 @@ decouple library dependencies with standard string, memory and so on. /* Telit M2MB SDK requires use m2mb_os API's, not std malloc/free */ /* Use of malloc/free will cause CPU reboot */ #define XMALLOC(s, h, t) ((void)h, (void)t, m2mb_os_malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) m2mb_os_free((xp));} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) m2mb_os_free(xp) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) m2mb_os_free(xp);} + #endif #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) #elif defined(NO_WOLFSSL_MEMORY) @@ -439,15 +443,17 @@ decouple library dependencies with standard string, memory and so on. /* just use plain C stdlib stuff if desired */ #include #define XMALLOC(s, h, t) malloc((size_t)(s)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) free(xp) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) free(xp);} + #endif #define XREALLOC(p, n, h, t) realloc((p), (size_t)(n)) #endif #elif defined(WOLFSSL_LINUXKM) - /* the requisite linux/slab.h is included in wc_port.h, with incompatible warnings masked out. */ - #define XMALLOC(s, h, t) ({(void)(h); (void)(t); kmalloc(s, GFP_KERNEL);}) - #define XFREE(p, h, t) ({void* _xp; (void)(h); _xp = (p); if(_xp) kfree(_xp);}) - #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); krealloc((p), (n), GFP_KERNEL);}) + + /* definitions are in linuxkm/linuxkm_wc_port.h */ #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ @@ -460,21 +466,37 @@ decouple library dependencies with standard string, memory and so on. #ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_DEBUG_MEMORY #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(xp, h, t, __func__, __LINE__) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);} + #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);} + #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ #elif !defined(FREERTOS) && !defined(FREERTOS_TCP) #ifdef WOLFSSL_DEBUG_MEMORY #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__)) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(xp, __func__, __LINE__) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, __func__, __LINE__);} + #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__) #else #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s))) - #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(p) + #else + #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp);} + #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) #endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_STATIC_MEMORY */ diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 017787d31..1554a6953 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -55,553 +55,7 @@ #endif #ifdef WOLFSSL_LINUXKM - #ifdef HAVE_CONFIG_H - #ifndef PACKAGE_NAME - #error wc_port.h included before config.h - #endif - /* config.h is autogenerated without gating, and is subject to repeat - * inclusions, so gate it out here to keep autodetection masking - * intact: - */ - #undef HAVE_CONFIG_H - #endif - - #ifdef BUILDING_WOLFSSL - - #if defined(CONFIG_MIPS) && defined(HAVE_LINUXKM_PIE_SUPPORT) - /* __ZBOOT__ disables some unhelpful macros around the mem*() funcs in - * legacy arch/mips/include/asm/string.h - */ - #define __ZBOOT__ - #define memcmp __builtin_memcmp - #define __ARCH_MEMCMP_NO_REDIRECT - #define __ARCH_MEMCPY_NO_REDIRECT - #define __builtin_memcpy memcpy - extern void *memcpy(void *dest, const void *src, unsigned int n); - #define __ARCH_MEMCPY_NO_REDIRECT - #define __builtin_memset memset - extern void *memset(void *dest, int c, unsigned int n); - #endif - - _Pragma("GCC diagnostic push"); - - /* we include all the needed kernel headers with these masked out. else - * there are profuse warnings. - */ - _Pragma("GCC diagnostic ignored \"-Wunused-parameter\""); - _Pragma("GCC diagnostic ignored \"-Wpointer-arith\""); - _Pragma("GCC diagnostic ignored \"-Wshadow\""); - _Pragma("GCC diagnostic ignored \"-Wnested-externs\""); - _Pragma("GCC diagnostic ignored \"-Wredundant-decls\""); - _Pragma("GCC diagnostic ignored \"-Wsign-compare\""); - _Pragma("GCC diagnostic ignored \"-Wpointer-sign\""); - _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\""); - _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\""); - _Pragma("GCC diagnostic ignored \"-Wtype-limits\""); - _Pragma("GCC diagnostic ignored \"-Wswitch-enum\""); - - /* suppress inclusion of stdint-gcc.h to avoid conflicts with Linux native include/linux/types.h: */ - #define _GCC_STDINT_H - - #include - #include - #include - #include - #include - #include - #ifdef __PIE__ - /* without this, mm.h brings in static, but not inline, pmd_to_page(), - * with direct references to global vmem variables. - */ - #undef USE_SPLIT_PMD_PTLOCKS - #define USE_SPLIT_PMD_PTLOCKS 0 - #endif - #include - #ifndef SINGLE_THREADED - #include - #endif - #include - #include - #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM) - #ifndef CONFIG_X86 - #error X86 SIMD extensions requested, but CONFIG_X86 is not set. - #endif - #define WOLFSSL_LINUXKM_SIMD - #define WOLFSSL_LINUXKM_SIMD_X86 - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - #include - #else - #include - #endif - #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 0, 0) - #include - #endif - #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_x86(); if (_svr_ret != 0) { fail_clause } } - #endif - #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86() - #endif - #elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \ - defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\ - defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) - #if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64) - #error ARM SIMD extensions requested, but CONFIG_ARM* is not set. - #endif - #define WOLFSSL_LINUXKM_SIMD - #define WOLFSSL_LINUXKM_SIMD_ARM - #include - #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } } - #endif - #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm() - #endif - #else - #ifndef WOLFSSL_NO_ASM - #define WOLFSSL_NO_ASM - #endif - #endif - - _Pragma("GCC diagnostic pop"); - - /* the kernel uses -std=c89, but not -pedantic, and makes full use of anon - * structs/unions, so we should too. - */ - #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 - - #define NO_THREAD_LS - #define NO_ATTRIBUTE_CONSTRUCTOR - - /* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */ - #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) - #define HAVE_KVMALLOC - #endif - - #ifdef HAVE_FIPS - extern int wolfCrypt_FIPS_first(void); - extern int wolfCrypt_FIPS_last(void); - #endif - - #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) - /* work around backward dependency of asn.c on ssl.c. */ - struct Signer; - struct Signer *GetCA(void *signers, unsigned char *hash); - #ifndef NO_SKID - struct Signer *GetCAByName(void* signers, unsigned char *hash); - #endif - #endif - - #if defined(__PIE__) && !defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE) - #error "compiling -fPIE without PIE support." - #endif - - #if defined(HAVE_FIPS) && !defined(HAVE_LINUXKM_PIE_SUPPORT) - #error "FIPS build requires PIE support." - #endif - - #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE - -#ifdef CONFIG_MIPS - #undef __ARCH_MEMCMP_NO_REDIRECT - #undef memcmp - extern int memcmp(const void *s1, const void *s2, size_t n); -#endif - - struct wolfssl_linuxkm_pie_redirect_table { - #ifndef __ARCH_MEMCMP_NO_REDIRECT - typeof(memcmp) *memcmp; - #endif - #ifndef __ARCH_MEMCPY_NO_REDIRECT - typeof(memcpy) *memcpy; - #endif - #ifndef __ARCH_MEMSET_NO_REDIRECT - typeof(memset) *memset; - #endif - #ifndef __ARCH_MEMMOVE_NO_REDIRECT - typeof(memmove) *memmove; - #endif - #ifndef __ARCH_STRNCMP_NO_REDIRECT - typeof(strncmp) *strncmp; - #endif - #ifndef __ARCH_STRLEN_NO_REDIRECT - typeof(strlen) *strlen; - #endif - #ifndef __ARCH_STRSTR_NO_REDIRECT - typeof(strstr) *strstr; - #endif - #ifndef __ARCH_STRNCPY_NO_REDIRECT - typeof(strncpy) *strncpy; - #endif - #ifndef __ARCH_STRNCAT_NO_REDIRECT - typeof(strncat) *strncat; - #endif - #ifndef __ARCH_STRNCASECMP_NO_REDIRECT - typeof(strncasecmp) *strncasecmp; - #endif - typeof(kstrtoll) *kstrtoll; - - #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) - typeof(_printk) *_printk; - #else - typeof(printk) *printk; - #endif - typeof(snprintf) *snprintf; - - const unsigned char *_ctype; - - typeof(kmalloc) *kmalloc; - typeof(kfree) *kfree; - typeof(ksize) *ksize; - typeof(krealloc) *krealloc; - #ifdef HAVE_KVMALLOC - typeof(kvmalloc_node) *kvmalloc_node; - typeof(kvfree) *kvfree; - #endif - typeof(is_vmalloc_addr) *is_vmalloc_addr; - typeof(kmem_cache_alloc_trace) *kmem_cache_alloc_trace; - typeof(kmalloc_order_trace) *kmalloc_order_trace; - - typeof(get_random_bytes) *get_random_bytes; - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - typeof(getnstimeofday) *getnstimeofday; - #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) - typeof(current_kernel_time64) *current_kernel_time64; - #else - typeof(ktime_get_coarse_real_ts64) *ktime_get_coarse_real_ts64; - #endif - - struct task_struct *(*get_current)(void); - int (*preempt_count)(void); - - #ifdef WOLFSSL_LINUXKM_SIMD_X86 - typeof(irq_fpu_usable) *irq_fpu_usable; - /* kernel_fpu_begin() replaced by kernel_fpu_begin_mask() in commit e4512289, - * released in kernel 5.11, backported to 5.4.93 - */ - #ifdef kernel_fpu_begin - typeof(kernel_fpu_begin_mask) *kernel_fpu_begin_mask; - #else - typeof(kernel_fpu_begin) *kernel_fpu_begin; - #endif - typeof(kernel_fpu_end) *kernel_fpu_end; - - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) - typeof(copy_fpregs_to_fpstate) *copy_fpregs_to_fpstate; - typeof(copy_kernel_to_fpregs) *copy_kernel_to_fpregs; - #else - typeof(save_fpregs_to_fpstate) *save_fpregs_to_fpstate; - typeof(__restore_fpregs_from_fpstate) *__restore_fpregs_from_fpstate; - typeof(xfeatures_mask_all) *xfeatures_mask_all; - #endif - typeof(cpu_number) *cpu_number; - typeof(nr_cpu_ids) *nr_cpu_ids; - - #endif /* WOLFSSL_LINUXKM_SIMD_X86 */ - - typeof(__mutex_init) *__mutex_init; - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - typeof(mutex_lock_nested) *mutex_lock_nested; - #else - typeof(mutex_lock) *mutex_lock; - #endif - typeof(mutex_unlock) *mutex_unlock; - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - typeof(mutex_destroy) *mutex_destroy; - #endif - - #ifdef HAVE_FIPS - typeof(wolfCrypt_FIPS_first) *wolfCrypt_FIPS_first; - typeof(wolfCrypt_FIPS_last) *wolfCrypt_FIPS_last; - #endif - - #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) - typeof(GetCA) *GetCA; - #ifndef NO_SKID - typeof(GetCAByName) *GetCAByName; - #endif - #endif - - const void *_last_slot; - }; - - extern const struct wolfssl_linuxkm_pie_redirect_table *wolfssl_linuxkm_get_pie_redirect_table(void); - - #ifdef __PIE__ - - #ifndef __ARCH_MEMCMP_NO_REDIRECT - #define memcmp (wolfssl_linuxkm_get_pie_redirect_table()->memcmp) - #endif - #ifndef __ARCH_MEMCPY_NO_REDIRECT - #define memcpy (wolfssl_linuxkm_get_pie_redirect_table()->memcpy) - #endif - #ifndef __ARCH_MEMSET_NO_REDIRECT - #define memset (wolfssl_linuxkm_get_pie_redirect_table()->memset) - #endif - #ifndef __ARCH_MEMMOVE_NO_REDIRECT - #define memmove (wolfssl_linuxkm_get_pie_redirect_table()->memmove) - #endif - #ifndef __ARCH_STRNCMP_NO_REDIRECT - #define strncmp (wolfssl_linuxkm_get_pie_redirect_table()->strncmp) - #endif - #ifndef __ARCH_STRLEN_NO_REDIRECT - #define strlen (wolfssl_linuxkm_get_pie_redirect_table()->strlen) - #endif - #ifndef __ARCH_STRSTR_NO_REDIRECT - #define strstr (wolfssl_linuxkm_get_pie_redirect_table()->strstr) - #endif - #ifndef __ARCH_STRNCPY_NO_REDIRECT - #define strncpy (wolfssl_linuxkm_get_pie_redirect_table()->strncpy) - #endif - #ifndef __ARCH_STRNCAT_NO_REDIRECT - #define strncat (wolfssl_linuxkm_get_pie_redirect_table()->strncat) - #endif - #ifndef __ARCH_STRNCASECMP_NO_REDIRECT - #define strncasecmp (wolfssl_linuxkm_get_pie_redirect_table()->strncasecmp) - #endif - #define kstrtoll (wolfssl_linuxkm_get_pie_redirect_table()->kstrtoll) - - #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0) - #define _printk (wolfssl_linuxkm_get_pie_redirect_table()->_printk) - #else - #define printk (wolfssl_linuxkm_get_pie_redirect_table()->printk) - #endif - #define snprintf (wolfssl_linuxkm_get_pie_redirect_table()->snprintf) - - #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype) - - #define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc) - #define kfree (wolfssl_linuxkm_get_pie_redirect_table()->kfree) - #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize) - #define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc) - #define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO) - #ifdef HAVE_KVMALLOC - #define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node) - #define kvfree (wolfssl_linuxkm_get_pie_redirect_table()->kvfree) - #endif - #define is_vmalloc_addr (wolfssl_linuxkm_get_pie_redirect_table()->is_vmalloc_addr) - #define kmem_cache_alloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmem_cache_alloc_trace) - #define kmalloc_order_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_order_trace) - - #define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes) - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - #define getnstimeofday (wolfssl_linuxkm_get_pie_redirect_table()->getnstimeofday) - #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) - #define current_kernel_time64 (wolfssl_linuxkm_get_pie_redirect_table()->current_kernel_time64) - #else - #define ktime_get_coarse_real_ts64 (wolfssl_linuxkm_get_pie_redirect_table()->ktime_get_coarse_real_ts64) - #endif - - #undef get_current - #define get_current (wolfssl_linuxkm_get_pie_redirect_table()->get_current) - #undef preempt_count - #define preempt_count (wolfssl_linuxkm_get_pie_redirect_table()->preempt_count) - - #ifdef WOLFSSL_LINUXKM_SIMD_X86 - #define irq_fpu_usable (wolfssl_linuxkm_get_pie_redirect_table()->irq_fpu_usable) - #ifdef kernel_fpu_begin - #define kernel_fpu_begin_mask (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin_mask) - #else - #define kernel_fpu_begin (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_begin) - #endif - #define kernel_fpu_end (wolfssl_linuxkm_get_pie_redirect_table()->kernel_fpu_end) - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 14, 0) - #define copy_fpregs_to_fpstate (wolfssl_linuxkm_get_pie_redirect_table()->copy_fpregs_to_fpstate) - #define copy_kernel_to_fpregs (wolfssl_linuxkm_get_pie_redirect_table()->copy_kernel_to_fpregs) - #else - #define save_fpregs_to_fpstate (wolfssl_linuxkm_get_pie_redirect_table()->save_fpregs_to_fpstate) - #define __restore_fpregs_from_fpstate (wolfssl_linuxkm_get_pie_redirect_table()->__restore_fpregs_from_fpstate) - #define xfeatures_mask_all (*(wolfssl_linuxkm_get_pie_redirect_table()->xfeatures_mask_all)) - #endif - #define cpu_number (*(wolfssl_linuxkm_get_pie_redirect_table()->cpu_number)) - #define nr_cpu_ids (*(wolfssl_linuxkm_get_pie_redirect_table()->nr_cpu_ids)) - #endif - - #define __mutex_init (wolfssl_linuxkm_get_pie_redirect_table()->__mutex_init) - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - #define mutex_lock_nested (wolfssl_linuxkm_get_pie_redirect_table()->mutex_lock_nested) - #else - #define mutex_lock (wolfssl_linuxkm_get_pie_redirect_table()->mutex_lock) - #endif - #define mutex_unlock (wolfssl_linuxkm_get_pie_redirect_table()->mutex_unlock) - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - #define mutex_destroy (wolfssl_linuxkm_get_pie_redirect_table()->mutex_destroy) - #endif - - /* per linux/ctype.h, tolower() and toupper() are macros bound to static inlines - * that use macros that bring in the _ctype global. for __PIE__, this needs to - * be masked out. - */ - #undef tolower - #undef toupper - #define tolower(c) (islower(c) ? (c) : ((c) + ('a'-'A'))) - #define toupper(c) (isupper(c) ? (c) : ((c) - ('a'-'A'))) - - #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) - #define GetCA (wolfssl_linuxkm_get_pie_redirect_table()->GetCA) - #ifndef NO_SKID - #define GetCAByName (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByName) - #endif - #endif - - #endif /* __PIE__ */ - - #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */ - -#ifdef WOLFSSL_LINUXKM_SIMD - -#ifdef WOLFSSL_LINUXKM_SIMD_X86 - - extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void); - extern void free_wolfcrypt_linuxkm_fpu_states(void); - extern __must_check int save_vector_registers_x86(void); - extern void restore_vector_registers_x86(void); - -#elif defined(CONFIG_ARM) || defined(CONFIG_ARM64) - - #error kernel module ARM SIMD is not yet tested or usable. - - static WARN_UNUSED_RESULT inline int save_vector_registers_arm(void) - { - preempt_disable(); - if (! may_use_simd()) { - preempt_enable(); - return BAD_STATE_E; - } else { - fpsimd_preserve_current_state(); - return 0; - } - } - static inline void restore_vector_registers_arm(void) - { - fpsimd_restore_current_state(); - preempt_enable(); - } - -#endif - -#endif /* WOLFSSL_LINUXKM_SIMD */ - - /* Linux headers define these using C expressions, but we need - * them to be evaluable by the preprocessor, for use in sp_int.h. - */ - #if BITS_PER_LONG == 64 - _Static_assert(sizeof(ULONG_MAX) == 8, "BITS_PER_LONG is 64, but ULONG_MAX is not."); - - #undef UCHAR_MAX - #define UCHAR_MAX 255 - #undef USHRT_MAX - #define USHRT_MAX 65535 - #undef UINT_MAX - #define UINT_MAX 4294967295U - #undef ULONG_MAX - #define ULONG_MAX 18446744073709551615UL - #undef ULLONG_MAX - #define ULLONG_MAX ULONG_MAX - #undef INT_MAX - #define INT_MAX 2147483647 - #undef LONG_MAX - #define LONG_MAX 9223372036854775807L - #undef LLONG_MAX - #define LLONG_MAX LONG_MAX - - #elif BITS_PER_LONG == 32 - - _Static_assert(sizeof(ULONG_MAX) == 4, "BITS_PER_LONG is 32, but ULONG_MAX is not."); - - #undef UCHAR_MAX - #define UCHAR_MAX 255 - #undef USHRT_MAX - #define USHRT_MAX 65535 - #undef UINT_MAX - #define UINT_MAX 4294967295U - #undef ULONG_MAX - #define ULONG_MAX 4294967295UL - #undef INT_MAX - #define INT_MAX 2147483647 - #undef LONG_MAX - #define LONG_MAX 2147483647L - - #undef ULLONG_MAX - #undef LLONG_MAX - #if BITS_PER_LONG_LONG == 64 - #define ULLONG_MAX 18446744073709551615UL - #define LLONG_MAX 9223372036854775807L - #else - #undef NO_64BIT - #define NO_64BIT - #define ULLONG_MAX ULONG_MAX - #define LLONG_MAX LONG_MAX - #endif - -#else - #error unexpected BITS_PER_LONG value. -#endif - - /* remove this multifariously conflicting macro, picked up from - * Linux arch//include/asm/current.h. - */ - #ifndef WOLFSSL_NEED_LINUX_CURRENT - #undef current - #endif - - /* prevent gcc's mm_malloc.h from being included, since it unconditionally - * includes stdlib.h, which is kernel-incompatible. - */ - #define _MM_MALLOC_H_INCLUDED - - #ifdef HAVE_KVMALLOC - #define malloc(x) kvmalloc_node(x, GFP_KERNEL, NUMA_NO_NODE) - #define free(x) kvfree(x) - void *lkm_realloc(void *ptr, size_t newsize); - #define realloc(x, y) lkm_realloc(x, y) - #else - #define malloc(x) kmalloc(x, GFP_KERNEL) - #define free(x) kfree(x) - #define realloc(x,y) krealloc(x, y, GFP_KERNEL) - #endif - - /* min() and max() in linux/kernel.h over-aggressively type-check, producing - * myriad spurious -Werrors throughout the codebase. - */ - #undef min - #undef max - - /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType) - * and linux/key.h (extern int()). - */ - #define key_update wc_key_update - - #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args) - #define printf(...) lkm_printf(__VA_ARGS__) - - #ifdef HAVE_FIPS - extern void fipsEntry(void); - #endif - - /* suppress false-positive "writing 1 byte into a region of size 0" warnings - * building old kernels with new gcc: - */ - #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) - _Pragma("GCC diagnostic ignored \"-Wstringop-overflow\""); - #endif - - #endif /* BUILDING_WOLFSSL */ - - /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */ - #define XSNPRINTF snprintf - - /* the rigmarole around kstrtoll() here is to accommodate its warn-unused-result attribute. */ - /* also needed to suppress inclusion of stdlib.h in wolfssl/wolfcrypt/types.h */ - #define XATOI(s) ({ \ - long long _xatoi_res = 0; \ - int _xatoi_ret = kstrtoll(s, 10, &_xatoi_res); \ - if (_xatoi_ret != 0) { \ - _xatoi_res = 0; \ - } \ - (int)_xatoi_res; \ - }) - + #include "../../linuxkm/linuxkm_wc_port.h" #endif /* WOLFSSL_LINUXKM */ /* THREADING/MUTEX SECTION */ @@ -711,8 +165,8 @@ #else #ifndef SINGLE_THREADED #ifndef WOLFSSL_USER_MUTEX - #if defined(WOLFSSL_LINUXKM) - #define WOLFSSL_KTHREADS + #ifdef WOLFSSL_LINUXKM + /* definitions are in linuxkm/linuxkm_wc_port.h */ #else #define WOLFSSL_PTHREADS #include @@ -810,7 +264,7 @@ #elif defined(WOLFSSL_USER_MUTEX) /* typedef User_Mutex wolfSSL_Mutex; */ #elif defined(WOLFSSL_LINUXKM) - typedef struct mutex wolfSSL_Mutex; + /* definitions are in linuxkm/linuxkm_wc_port.h */ #else #error Need a mutex type in multithreaded mode #endif /* USE_WINDOWS_API */ @@ -1375,21 +829,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #elif defined(WOLFSSL_LINUXKM) - #ifdef BUILDING_WOLFSSL - /* includes are all above, with incompatible warnings masked out. */ - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) - typedef __kernel_time_t time_t; - #else - typedef __kernel_time64_t time_t; - #endif - extern time_t time(time_t * timer); - #define XTIME time - #define WOLFSSL_GMTIME - #define XGMTIME(c, t) gmtime(c) - #define NO_TIMEVAL 1 - - #endif /* BUILDING_WOLFSSL */ + /* definitions are in linuxkm/linuxkm_wc_port.h */ #elif defined(HAL_RTC_MODULE_ENABLED) #include From b69dc00bd76713a23da828fb872fd7c8ffca1a78 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:27:47 -0600 Subject: [PATCH 04/34] src/internal.c: fixes for cppcheck complaints: nullPointerRedundantCheck uninitvar --- src/internal.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/src/internal.c b/src/internal.c index 607f26773..07ee30e1f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1640,8 +1640,8 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, word32 idx = 0; word16 length = 0; int version = 0; - int ret = 0; - int optSz; + int ret = BAD_FUNC_ARG; + int optSz = 0; int rc; byte validProto = 0; /* did we find a valid protocol */ @@ -1825,8 +1825,8 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, #ifndef WOLFSSL_AEAD_ONLY /* set hmac function to use when verifying */ - if (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 || - ssl->options.dtls == 1) { + if (ret == 0 && (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 || + ssl->options.dtls == 1)) { #if !defined(WOLFSSL_RENESAS_SCEPROTECT) && \ !defined(WOLFSSL_RENESAS_TSIP_TLS) ssl->hmac = TLS_hmac; @@ -4318,7 +4318,7 @@ int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo, int hashAlgo, RsaKey* key, buffer* keyBufInfo) { - int ret; + int ret = SIG_VERIFY_E; #ifdef HAVE_PK_CALLBACKS const byte* keyBuf = NULL; @@ -4592,7 +4592,7 @@ int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, RsaKey* key, buffer* keyBufInfo) { - int ret; + int ret = BAD_FUNC_ARG; #ifdef HAVE_PK_CALLBACKS const byte* keyBuf = NULL; word32 keySz = 0; @@ -4710,7 +4710,7 @@ int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo) { - int ret; + int ret = SIG_VERIFY_E; #ifdef HAVE_PK_CALLBACKS const byte* keyBuf = NULL; word32 keySz = 0; @@ -21475,9 +21475,6 @@ const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]) { int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]) { const char *n1,*n2,*n3; - n1 = n[1]; - n2 = n[2]; - n3 = n[3]; WOLFSSL_ENTER("IsCipherAEAD"); @@ -21486,6 +21483,10 @@ int IsCipherAEAD(char n[][MAX_SEGMENT_SZ]) return 0; } + n1 = n[1]; + n2 = n[2]; + n3 = n[3]; + if ((XSTRNCMP(n2,"GCM",3) == 0) || (XSTRNCMP(n3,"GCM",3) == 0) || (XSTRNCMP(n1,"CCM",3) == 0) || (XSTRNCMP(n2,"CCM",3) == 0) || (XSTRNCMP(n3,"CCM",3) == 0) || @@ -22820,9 +22821,7 @@ exit_dpk: byte *output; word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; int sendSz; - int idSz = ssl->options.resuming - ? ssl->session.sessionIDSz - : 0; + int idSz; int ret; word16 extSz = 0; @@ -22830,6 +22829,8 @@ exit_dpk: return BAD_FUNC_ARG; } + idSz = ssl->options.resuming ? ssl->session.sessionIDSz : 0; + #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) return SendTls13ClientHello(ssl); From 4d3dfc451d47fb393e4c346eb1e49ee2f5ba45d0 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:27:59 -0600 Subject: [PATCH 05/34] src/sniffer.c: fixes for cppcheck complaints: negativeIndex --- src/sniffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sniffer.c b/src/sniffer.c index fe1db4e24..11c9acb99 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -364,7 +364,7 @@ static const char* const msgTable[] = static void GetError(int idx, char* str) { if (str == NULL || - idx < 0 || idx > (int)(sizeof(msgTable)/sizeof(const char* const))) + idx <= 0 || idx > (int)(sizeof(msgTable)/sizeof(const char* const))) return; XSTRNCPY(str, msgTable[idx - 1], MAX_ERROR_LEN-1); str[MAX_ERROR_LEN-1] = '\0'; From bb727d2ef2a0f644eb985b1a2db3c4eb63457eb3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:28:09 -0600 Subject: [PATCH 06/34] src/ssl.c: fixes for cppcheck complaints: uselessAssignmentPtrArg autoVariables[not a defect; added suppression] invalidPrintfArgType_sint nullPointerRedundantCheck pointerSize --- src/ssl.c | 70 +++++++++++++++++++++++++++++++++---------------------- 1 file changed, 42 insertions(+), 28 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 3caf33f2c..158964948 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5457,12 +5457,12 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der (void)devId; if (ctx == NULL && ssl == NULL) - ret = BAD_FUNC_ARG; + return BAD_FUNC_ARG; if (!der || !keySz || !idx || !resetSuites || !keyFormat) - ret = BAD_FUNC_ARG; + return BAD_FUNC_ARG; #ifndef NO_RSA - if (ret == 0 && (*keyFormat == 0 || *keyFormat == RSAk)) { + if ((*keyFormat == 0 || *keyFormat == RSAk)) { /* make sure RSA key can be used */ #ifdef WOLFSSL_SMALL_STACK RsaKey* key; @@ -5530,10 +5530,12 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der #ifdef WOLFSSL_SMALL_STACK XFREE(key, heap, DYNAMIC_TYPE_RSA); #endif + if (ret != 0) + return ret; } #endif #ifdef HAVE_ECC - if (ret == 0 && (*keyFormat == 0 || *keyFormat == ECDSAk)) { + if ((*keyFormat == 0 || *keyFormat == ECDSAk)) { /* make sure ECC key can be used */ #ifdef WOLFSSL_SMALL_STACK ecc_key* key; @@ -5593,10 +5595,12 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der #ifdef WOLFSSL_SMALL_STACK XFREE(key, heap, DYNAMIC_TYPE_ECC); #endif + if (ret != 0) + return ret; } #endif /* HAVE_ECC */ #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) - if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED25519k)) { + if ((*keyFormat == 0 || *keyFormat == ED25519k)) { /* make sure Ed25519 key can be used */ #ifdef WOLFSSL_SMALL_STACK ed25519_key* key; @@ -5662,10 +5666,12 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der #ifdef WOLFSSL_SMALL_STACK XFREE(key, heap, DYNAMIC_TYPE_ED25519); #endif + if (ret != 0) + return ret; } #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) - if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED448k)) { + if ((*keyFormat == 0 || *keyFormat == ED448k)) { /* make sure Ed448 key can be used */ #ifdef WOLFSSL_SMALL_STACK ed448_key* key = NULL; @@ -5720,11 +5726,13 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der #ifdef WOLFSSL_SMALL_STACK XFREE(key, heap, DYNAMIC_TYPE_ED448); #endif + if (ret != 0) + return ret; } #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ #ifdef HAVE_PQC - if (ret == 0 && ((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) || - (*keyFormat == FALCON_LEVEL5k))) { + if (((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) || + (*keyFormat == FALCON_LEVEL5k))) { /* make sure Falcon key can be used */ falcon_key* key = (falcon_key*)XMALLOC(sizeof(falcon_key), heap, DYNAMIC_TYPE_FALCON); @@ -5768,7 +5776,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der } ssl->buffers.keySz = *keySz; } - else if (ctx) { + else { if (*keyFormat == FALCON_LEVEL1k) { ctx->privateKeyType = falcon_level1_sa_algo; } @@ -5785,6 +5793,8 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der wc_falcon_free(key); } XFREE(key, heap, DYNAMIC_TYPE_FALCON); + if (ret != 0) + return ret; } #endif /* HAVE_PQC */ return ret; @@ -7154,7 +7164,7 @@ int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx) #define GET_VERIFY_SETTING_CTX(ctx) \ (ctx && ctx->verifyNone ? NO_VERIFY : VERIFY) #define GET_VERIFY_SETTING_SSL(ssl) \ - (ssl && ssl->options.verifyNone ? NO_VERIFY : VERIFY) + (ssl->options.verifyNone ? NO_VERIFY : VERIFY) #ifndef NO_FILESYSTEM @@ -15423,7 +15433,9 @@ int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) #endif return ret; } - session = NULL; /* invalidate the provided session, only use ssl->session */ + /* don't use the provided session pointer from here to end of func, only use + * ssl->session. + */ #ifdef OPENSSL_EXTRA /* check for application context id */ @@ -15977,12 +15989,12 @@ int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak, &peak, &maxSessions); if (ret != WOLFSSL_SUCCESS) return ret; - printf("Total Sessions Seen = %d\n", totalSessionsSeen); - printf("Total Sessions Now = %d\n", totalSessionsNow); + printf("Total Sessions Seen = %u\n", totalSessionsSeen); + printf("Total Sessions Now = %u\n", totalSessionsNow); #ifdef WOLFSSL_PEAK_SESSIONS - printf("Peak Sessions = %d\n", peak); + printf("Peak Sessions = %u\n", peak); #endif - printf("Max Sessions = %d\n", maxSessions); + printf("Max Sessions = %u\n", maxSessions); E = (double)totalSessionsSeen / SESSION_ROWS; @@ -18691,7 +18703,7 @@ int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx) options = wolfSSL_CTX_get_options(ctx); } - if (ctx->maxProto) { + if ((ctx != NULL) && ctx->maxProto) { ret = 0; } else { @@ -25196,7 +25208,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) #endif } XSNPRINTF(tmp, sizeof(tmp) - 1, - "\n Exponent: %d (0x%x)\n",idx, idx); + "\n Exponent: %u (0x%x)\n",idx, idx); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -32055,8 +32067,8 @@ end: int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* sess) { WOLFSSL_ENTER("wolfSSL_SESSION_has_ticket"); - sess = GetSessionPtr(sess); #ifdef HAVE_SESSION_TICKET + sess = GetSessionPtr(sess); if (sess) { if ((sess->ticketLen > 0) && (sess->ticket != NULL)) { return WOLFSSL_SUCCESS; @@ -40968,7 +40980,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset) idx = ByteReverseWord32(idx); #endif } - XSNPRINTF(tmp, sizeof(tmp) - 1, "\nExponent: %d (0x%x)", idx, idx); + XSNPRINTF(tmp, sizeof(tmp) - 1, "\nExponent: %u (0x%x)", idx, idx); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; @@ -44850,6 +44862,8 @@ err: if (pemBio) wolfSSL_BIO_free(pemBio); return WOLFSSL_FAILURE; +#else /* ! (WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM) */ + return WOLFSSL_FAILURE; #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ } @@ -55212,7 +55226,7 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, int algId; const byte* curveOid; word32 oidSz; - int encAlgId; + int encAlgId = 0; if (bio == NULL || pkey == NULL) return -1; @@ -62188,7 +62202,7 @@ int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out) WOLFSSL_MSG("wc_InitRng error"); return WOLFSSL_FAILURE; } - p7->rng = &rng; + p7->rng = &rng; // cppcheck-suppress autoVariables } if ((len = wc_PKCS7_EncodeSignedData(p7, NULL, 0)) < 0) { @@ -62535,13 +62549,13 @@ WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, size_t boundLen = 0; char* boundary = NULL; - static const char* kContType = "Content-Type"; - static const char* kCTE = "Content-Transfer-Encoding"; - static const char* kMultSigned = "multipart/signed"; - static const char* kAppPkcsSign = "application/pkcs7-signature"; - static const char* kAppXPkcsSign = "application/x-pkcs7-signature"; - static const char* kAppPkcs7Mime = "application/pkcs7-mime"; - static const char* kAppXPkcs7Mime = "application/x-pkcs7-mime"; + static const char kContType[] = "Content-Type"; + static const char kCTE[] = "Content-Transfer-Encoding"; + static const char kMultSigned[] = "multipart/signed"; + static const char kAppPkcsSign[] = "application/pkcs7-signature"; + static const char kAppXPkcsSign[] = "application/x-pkcs7-signature"; + static const char kAppPkcs7Mime[] = "application/pkcs7-mime"; + static const char kAppXPkcs7Mime[] = "application/x-pkcs7-mime"; if (in == NULL || bcont == NULL) { From 8ba602707309fde8ba0a9fab001176aa2e401bd7 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:28:35 -0600 Subject: [PATCH 07/34] src/wolfio.c: fixes for cppcheck complaints: nullPointer uninitvar --- src/wolfio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/wolfio.c b/src/wolfio.c index 7fd72fb38..8480562ce 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1234,7 +1234,7 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, } /* read data if no \r\n or first time */ - if (end == NULL) { + if ((start == NULL) || (end == NULL)) { result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0); if (result > 0) { len += result; @@ -2577,7 +2577,7 @@ int LwIPNativeReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) WOLFSSL_LWIP_NATIVE_STATE* nlwip; int ret = 0; - if (nlwip == NULL || ctx == NULL) { + if (ctx == NULL) { return WOLFSSL_CBIO_ERR_GENERAL; } nlwip = (WOLFSSL_LWIP_NATIVE_STATE*)ctx; From 11f72877a2c96b750247030dce531c8abd32c780 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:29:09 -0600 Subject: [PATCH 08/34] wolfcrypt/src/asn.c: fixes for cppcheck complaints: invalidPrintfArgType_uint nullPointerRedundantCheck --- wolfcrypt/src/asn.c | 74 ++++++++++++++++++++++----------------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8ae519377..13028d952 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5508,7 +5508,7 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, DECL_ASNGETDATA(dataASN, rsaKeyASN_Length); int ret = 0; byte i; - byte version; + byte version = (byte)-1; #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) word32 algId = 0; #endif @@ -5674,13 +5674,15 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, int ret = 0; word32 oid = 9; byte version; - word32 idx = *inOutIdx; + word32 idx; /* Check validity of parameters. */ if (input == NULL || inOutIdx == NULL) { - ret = BAD_FUNC_ARG; + return BAD_FUNC_ARG; } + idx = *inOutIdx; + CALLOC_ASNGETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL); if (ret == 0) { @@ -7649,7 +7651,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, #else DECL_ASNSETDATA(dataASN, p8EncPbes1ASN_Length); int ret = 0; - int sz; + int sz = 0; int version; int id; int blockSz = 0; @@ -8651,7 +8653,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) #else ASNSetData dataASN[dhParamASN_Length]; int ret = 0; - int sz; + int sz = 0; WOLFSSL_ENTER("wc_DhParamsToDer"); @@ -9391,7 +9393,7 @@ int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) DECL_ASNSETDATA(dataASN, dsaPubKeyASN_Length); int ret = 0; int i; - int sz; + int sz = 0; const ASNItem *data = NULL; int count = 0; @@ -9542,7 +9544,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, DECL_ASNSETDATA(dataASN, dsaKeyASN_Length); int ret = 0; int i; - int sz; + int sz = 0; (void)ints; @@ -10802,8 +10804,8 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) /* store IP addresses as a string */ if (entry->len == WOLFSSL_IP4_ADDR_LEN) { - XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFF & ip[0], - 0xFF & ip[1], 0xFF & ip[2], 0xFF & ip[3]); + XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFFu & ip[0], + 0xFFu & ip[1], 0xFFu & ip[2], 0xFFu & ip[3]); } if (entry->len == WOLFSSL_IP6_ADDR_LEN) { @@ -20484,7 +20486,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, return idx; #else DECL_ASNSETDATA(dataASN, rsaPublicKeyASN_Length); - int sz; + int sz = 0; int ret = 0; int o = 0; @@ -20646,7 +20648,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) #else DECL_ASNSETDATA(dataASN, rsaKeyASN_Length); byte i; - int sz; + int sz = 0; int ret = 0; if ((key == NULL) || (key->type != RSA_PRIVATE)) { @@ -21113,21 +21115,20 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, CALLOC_ASNSETDATA(dataASN, eccPublicKeyASN_Length, ret, key->heap); - if (ret == 0) { - /* Set the key type OID. */ - SetASN_OID(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], ECDSAk, - oidKeyType); - /* Set the curve OID. */ - SetASN_Buffer(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_CURVEID], - key->dp->oid, key->dp->oidSz); - /* Don't try to write out explicit parameters. */ - dataASN[ECCPUBLICKEYASN_IDX_ALGOID_PARAMS].noOut = 1; - /* Set size of public point to ensure space is made for it. */ - SetASN_Buffer(&dataASN[ECCPUBLICKEYASN_IDX_PUBKEY], NULL, pubSz); - /* Calculate size of ECC public key. */ - ret = SizeASN_Items(eccPublicKeyASN, dataASN, - eccPublicKeyASN_Length, &sz); - } + /* Set the key type OID. */ + SetASN_OID(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], ECDSAk, + oidKeyType); + /* Set the curve OID. */ + SetASN_Buffer(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_CURVEID], + key->dp->oid, key->dp->oidSz); + /* Don't try to write out explicit parameters. */ + dataASN[ECCPUBLICKEYASN_IDX_ALGOID_PARAMS].noOut = 1; + /* Set size of public point to ensure space is made for it. */ + SetASN_Buffer(&dataASN[ECCPUBLICKEYASN_IDX_PUBKEY], NULL, pubSz); + /* Calculate size of ECC public key. */ + ret = SizeASN_Items(eccPublicKeyASN, dataASN, + eccPublicKeyASN_Length, &sz); + /* Check buffer, if passed in, is big enough for encoded data. */ if ((ret == 0) && (output != NULL) && (sz > outLen)) { ret = BUFFER_E; @@ -22035,7 +22036,7 @@ static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input) int cnt = 1 + EKU_OID_HI; int i; int ret = 0; - int sz; + int sz = 0; #ifdef WOLFSSL_EKU_OID cnt += CTC_MAX_EKU_NB; @@ -22581,7 +22582,7 @@ static int EncodeName(EncodedName* name, const char* nameStr, ASNItem namesASN[rdnASN_Length]; byte dnOid[DN_OID_SZ] = { 0x55, 0x04, 0x00 }; int ret = 0; - int sz; + int sz = 0; const byte* oid; int oidSz; word32 nameSz; @@ -22953,7 +22954,7 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) ASNItem* namesASN = NULL; int items = 0; int ret = 0; - int sz; + int sz = 0; /* Calculate length of name entries and size for allocating. */ ret = SetNameRdnItems(NULL, NULL, 0, name); @@ -24377,7 +24378,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, word32 issuerSz = 0; word32 subjectSz = 0; word32 extSz = 0; - int sz; + int sz = 0; int ret = 0; word32 issRawLen = 0; word32 sbjRawLen = 0; @@ -25219,7 +25220,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, #else DECL_ASNSETDATA(dataASN, certReqBodyASN_Length); word32 publicKeySz, subjectSz, extSz; - int sz; + int sz = 0; int ret = 0; #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) word32 sbjRawSz; @@ -26616,7 +26617,7 @@ int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g) #else ASNSetData dataASN[dhParamASN_Length]; int ret = 0; - int sz; + int sz = 0; WOLFSSL_ENTER("StoreDHparams"); if (out == NULL) { @@ -28002,7 +28003,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, *inLen = totalSz; #ifndef WOLFSSL_NO_MALLOC XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (pub) { + if (pubIn) { XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif @@ -28406,9 +28407,8 @@ static int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, *privKeyLen = privSz; XMEMCPY(privKey, priv, *privKeyLen); - if (pubKeyLen != NULL) - *pubKeyLen = pubSz; - if (pubKey != NULL && pubKeyLen != NULL) + *pubKeyLen = pubSz; + if (pubKey != NULL) XMEMCPY(pubKey, pub, *pubKeyLen); } if (endKeyIdx != (int)*inOutIdx) @@ -30653,7 +30653,7 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size) #else DECL_ASNSETDATA(dataASN, ocspRequestASN_Length); word32 extSz = 0; - int sz; + int sz = 0; int ret = 0; WOLFSSL_ENTER("EncodeOcspRequest"); From d36a1be74b7b39d500094994947a77254957bd04 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:29:18 -0600 Subject: [PATCH 09/34] wolfcrypt/src/dh.c: fixes for cppcheck complaints: identicalInnerCondition --- wolfcrypt/src/dh.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 26c62832f..64bf127c5 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1736,10 +1736,8 @@ int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 privSz, if (ret == 0) { if (mp_iszero(q) == MP_NO) { /* priv (x) shouldn't be greater than q - 1 */ - if (ret == 0) { - if (mp_copy(&key->q, q) != MP_OKAY) - ret = MP_INIT_E; - } + if (mp_copy(&key->q, q) != MP_OKAY) + ret = MP_INIT_E; if (ret == 0) { if (mp_sub_d(q, 1, q) != MP_OKAY) ret = MP_SUB_E; From c557a74953e4852dae849f27810e544419a77f51 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:29:35 -0600 Subject: [PATCH 10/34] wolfcrypt/src/ecc.c: fixes for cppcheck complaints: invalidPrintfArgType_sint identicalInnerCondition --- wolfcrypt/src/ecc.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 938c0652c..5ca31feb8 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3706,6 +3706,9 @@ int wc_ecc_is_valid_idx(int n) { int x; + if (n >= (int)ECC_SET_COUNT) + return 0; + for (x = 0; ecc_sets[x].size != 0; x++) ; /* -1 is a valid index --- indicating that the domain params @@ -5154,11 +5157,11 @@ static void wc_ecc_dump_oids(void) for (i = 0; i < (int)oidSz; i++) { sum += oid[i]; } - printf("Sum: %d\n", sum); + printf("Sum: %u\n", sum); /* validate sum */ if (ecc_sets[x].oidSum != sum) { - printf(" Sum %d Not Valid!\n", ecc_sets[x].oidSum); + printf(" Sum %u Not Valid!\n", ecc_sets[x].oidSum); } } mOidDumpDone = 1; @@ -11077,12 +11080,10 @@ static int accel_fp_mul2add(int idx1, int idx2, first = 0; } if (zB && first == 0) { - if (zB) { - if ((err = ecc_projective_add_point_safe(R, - fp_cache[idx2].LUT[zB], R, a, - modulus, mp, &first)) != MP_OKAY){ - break; - } + if ((err = ecc_projective_add_point_safe(R, + fp_cache[idx2].LUT[zB], R, a, + modulus, mp, &first)) != MP_OKAY){ + break; } } else if (zB && first == 1) { if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != MP_OKAY) || From d4aa6bd1fc2f557203fcdaeda941c42abb45a520 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:29:47 -0600 Subject: [PATCH 11/34] wolfcrypt/src/evp.c: fixes for cppcheck complaints: bufferAccessOutOfBounds nullPointerRedundantCheck --- wolfcrypt/src/evp.c | 146 +++++++++++++++++++++----------------------- 1 file changed, 69 insertions(+), 77 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 3db06bf1b..0b2236b4a 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -147,10 +147,6 @@ static const char EVP_AES_256_ECB[] = "AES-256-ECB"; #endif #endif - #define EVP_AES_SIZE 11 - #ifdef WOLFSSL_AES_CFB - #define EVP_AESCFB_SIZE 14 - #endif #endif #ifndef NO_DES3 @@ -159,23 +155,19 @@ static const char EVP_DES_EDE3_CBC[] = "DES-EDE3-CBC"; static const char EVP_DES_EDE3_ECB[] = "DES-EDE3-ECB"; - - #define EVP_DES_SIZE 7 - #define EVP_DES_EDE3_SIZE 12 #endif #ifdef HAVE_IDEA static const char EVP_IDEA_CBC[] = "IDEA-CBC"; - #define EVP_IDEA_SIZE 8 #endif #ifndef NO_RC4 static const char EVP_ARC4[] = "ARC4"; - #define EVP_ARC4_SIZE 4 #endif static const char EVP_NULL[] = "NULL"; -#define EVP_NULL_SIZE 4 + +#define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0) #define EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 #define EVP_PKEY_PRINT_DIGITS_PER_LINE 15 @@ -1047,140 +1039,140 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) { if (cipher == NULL) return 0; /* dummy for #ifdef */ #ifndef NO_DES3 - else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_CBC)) return DES_CBC_TYPE; - else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_CBC)) return DES_EDE3_CBC_TYPE; #if !defined(NO_DES3) - else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_ECB)) return DES_ECB_TYPE; - else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_ECB)) return DES_EDE3_ECB_TYPE; #endif /* NO_DES3 && HAVE_AES_ECB */ #endif #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CBC)) return AES_128_CBC_TYPE; #endif #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CBC)) return AES_192_CBC_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CBC)) return AES_256_CBC_TYPE; #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if defined(HAVE_AESGCM) #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_GCM)) return AES_128_GCM_TYPE; #endif #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_GCM)) return AES_192_GCM_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_GCM)) return AES_256_GCM_TYPE; #endif #endif /* HAVE_AESGCM */ #if defined(WOLFSSL_AES_COUNTER) #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CTR)) return AES_128_CTR_TYPE; #endif #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CTR)) return AES_192_CTR_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CTR)) return AES_256_CTR_TYPE; #endif #endif /* HAVE_AES_CBC */ #if defined(HAVE_AES_ECB) #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_ECB)) return AES_128_ECB_TYPE; #endif #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_ECB)) return AES_192_ECB_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_ECB)) return AES_256_ECB_TYPE; #endif #endif /*HAVE_AES_CBC */ #if defined(WOLFSSL_AES_XTS) #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_XTS)) return AES_128_XTS_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_XTS)) return AES_256_XTS_TYPE; #endif #endif /* WOLFSSL_AES_XTS */ #if defined(WOLFSSL_AES_CFB) #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1)) return AES_128_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB1)) return AES_192_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB1)) return AES_256_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB8)) return AES_128_CFB8_TYPE; #endif #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB8)) return AES_192_CFB8_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8)) return AES_256_CFB8_TYPE; #endif #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128)) return AES_128_CFB128_TYPE; #endif #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB128)) return AES_192_CFB128_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB128)) return AES_256_CFB128_TYPE; #endif #endif /*HAVE_AES_CBC */ #if defined(WOLFSSL_AES_OFB) #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_OFB, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_OFB)) return AES_128_OFB_TYPE; #endif #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_OFB, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_OFB)) return AES_192_OFB_TYPE; #endif #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_OFB, EVP_AES_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_OFB)) return AES_256_OFB_TYPE; #endif #endif #endif /* !NO_AES */ #ifndef NO_RC4 - else if (XSTRNCMP(cipher, EVP_ARC4, EVP_ARC4_SIZE) == 0) + else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARC4)) return ARC4_TYPE; #endif else return 0; @@ -1995,10 +1987,10 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, } ownPkey = 1; pkey = wolfSSL_EVP_PKEY_new(); - pkey->type = ctx->pkey->type; - if (pkey == NULL) - return ret; + return MEMORY_E; + + pkey->type = ctx->pkey->type; } switch (pkey->type) { @@ -5034,7 +5026,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CBC))) { WOLFSSL_MSG("EVP_AES_128_CBC"); ctx->cipherType = AES_128_CBC_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5059,7 +5051,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 if (ctx->cipherType == AES_192_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CBC))) { WOLFSSL_MSG("EVP_AES_192_CBC"); ctx->cipherType = AES_192_CBC_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5084,7 +5076,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CBC))) { WOLFSSL_MSG("EVP_AES_256_CBC"); ctx->cipherType = AES_256_CBC_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5117,7 +5109,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))) { WOLFSSL_MSG("EVP_AES_128_GCM"); ctx->cipherType = AES_128_GCM_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5153,7 +5145,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 if (ctx->cipherType == AES_192_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))) { WOLFSSL_MSG("EVP_AES_192_GCM"); ctx->cipherType = AES_192_GCM_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5189,7 +5181,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))) { WOLFSSL_MSG("EVP_AES_256_GCM"); ctx->cipherType = AES_256_GCM_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5228,7 +5220,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CTR))) { WOLFSSL_MSG("EVP_AES_128_CTR"); ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; ctx->cipherType = AES_128_CTR_TYPE; @@ -5256,7 +5248,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 if (ctx->cipherType == AES_192_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CTR))) { WOLFSSL_MSG("EVP_AES_192_CTR"); ctx->cipherType = AES_192_CTR_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5284,7 +5276,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CTR))) { WOLFSSL_MSG("EVP_AES_256_CTR"); ctx->cipherType = AES_256_CTR_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5314,7 +5306,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #ifdef HAVE_AES_ECB #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_ECB))) { WOLFSSL_MSG("EVP_AES_128_ECB"); ctx->cipherType = AES_128_ECB_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5333,7 +5325,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 if (ctx->cipherType == AES_192_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_ECB))) { WOLFSSL_MSG("EVP_AES_192_ECB"); ctx->cipherType = AES_192_ECB_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5352,7 +5344,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_ECB))) { WOLFSSL_MSG("EVP_AES_256_ECB"); ctx->cipherType = AES_256_ECB_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5373,7 +5365,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #ifdef WOLFSSL_AES_CFB #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) { WOLFSSL_MSG("EVP_AES_128_CFB1"); ctx->cipherType = AES_128_CFB1_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5397,7 +5389,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 if (ctx->cipherType == AES_192_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB1))) { WOLFSSL_MSG("EVP_AES_192_CFB1"); ctx->cipherType = AES_192_CFB1_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5421,7 +5413,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB1))) { WOLFSSL_MSG("EVP_AES_256_CFB1"); ctx->cipherType = AES_256_CFB1_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5449,7 +5441,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_256 */ #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB8))) { WOLFSSL_MSG("EVP_AES_128_CFB8"); ctx->cipherType = AES_128_CFB8_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5473,7 +5465,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 if (ctx->cipherType == AES_192_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB8))) { WOLFSSL_MSG("EVP_AES_192_CFB8"); ctx->cipherType = AES_192_CFB8_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5497,7 +5489,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB8))) { WOLFSSL_MSG("EVP_AES_256_CFB8"); ctx->cipherType = AES_256_CFB8_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5525,7 +5517,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_256 */ #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) { WOLFSSL_MSG("EVP_AES_128_CFB128"); ctx->cipherType = AES_128_CFB128_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5549,7 +5541,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 if (ctx->cipherType == AES_192_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB128))) { WOLFSSL_MSG("EVP_AES_192_CFB128"); ctx->cipherType = AES_192_CFB128_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5573,7 +5565,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB128))) { WOLFSSL_MSG("EVP_AES_256_CFB128"); ctx->cipherType = AES_256_CFB128_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5603,7 +5595,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_OFB, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_OFB))) { WOLFSSL_MSG("EVP_AES_128_OFB"); ctx->cipherType = AES_128_OFB_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5627,7 +5619,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 if (ctx->cipherType == AES_192_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_OFB, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_OFB))) { WOLFSSL_MSG("EVP_AES_192_OFB"); ctx->cipherType = AES_192_OFB_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5651,7 +5643,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_OFB, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_OFB))) { WOLFSSL_MSG("EVP_AES_256_OFB"); ctx->cipherType = AES_256_OFB_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5681,7 +5673,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #ifdef WOLFSSL_AES_XTS #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_XTS_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_XTS))) { WOLFSSL_MSG("EVP_AES_128_XTS"); ctx->cipherType = AES_128_XTS_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5711,7 +5703,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_256 if (ctx->cipherType == AES_256_XTS_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_XTS))) { WOLFSSL_MSG("EVP_AES_256_XTS"); ctx->cipherType = AES_256_XTS_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5744,7 +5736,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #ifndef NO_DES3 if (ctx->cipherType == DES_CBC_TYPE || - (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) { WOLFSSL_MSG("EVP_DES_CBC"); ctx->cipherType = DES_CBC_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5766,7 +5758,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } #ifdef WOLFSSL_DES_ECB else if (ctx->cipherType == DES_ECB_TYPE || - (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_ECB))) { WOLFSSL_MSG("EVP_DES_ECB"); ctx->cipherType = DES_ECB_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5786,7 +5778,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type && - XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) { + EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_CBC))) { WOLFSSL_MSG("EVP_DES_EDE3_CBC"); ctx->cipherType = DES_EDE3_CBC_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5811,7 +5803,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } else if (ctx->cipherType == DES_EDE3_ECB_TYPE || (type && - XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) { + EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_ECB))) { WOLFSSL_MSG("EVP_DES_EDE3_ECB"); ctx->cipherType = DES_EDE3_ECB_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5830,7 +5822,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* NO_DES3 */ #ifndef NO_RC4 if (ctx->cipherType == ARC4_TYPE || - (type && XSTRNCMP(type, EVP_ARC4, 4) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARC4))) { WOLFSSL_MSG("ARC4"); ctx->cipherType = ARC4_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5844,7 +5836,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* NO_RC4 */ #ifdef HAVE_IDEA if (ctx->cipherType == IDEA_CBC_TYPE || - (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_IDEA_CBC))) { WOLFSSL_MSG("EVP_IDEA_CBC"); ctx->cipherType = IDEA_CBC_TYPE; ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -5867,7 +5859,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } #endif /* HAVE_IDEA */ if (ctx->cipherType == NULL_CIPHER_TYPE || - (type && XSTRNCMP(type, EVP_NULL, 4) == 0)) { + (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_NULL))) { WOLFSSL_MSG("NULL cipher"); ctx->cipherType = NULL_CIPHER_TYPE; ctx->keyLen = 0; From 1eb5537e346c68bffe8bb972d2679ed2b5594d5a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:30:00 -0600 Subject: [PATCH 12/34] wolfcrypt/src/fe_low_mem.c: fixes for cppcheck complaints: funcArgOrderDifferent --- wolfcrypt/src/fe_low_mem.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c index 45c1b7abb..2eb512f4c 100644 --- a/wolfcrypt/src/fe_low_mem.c +++ b/wolfcrypt/src/fe_low_mem.c @@ -141,7 +141,7 @@ static void xc_diffadd(byte *x5, byte *z5, } #ifndef FREESCALE_LTC_ECC -int curve25519(byte *result, const byte *e, const byte *q) +int curve25519(byte *result, const byte *n, const byte *p) { /* Current point: P_m */ byte xm[F25519_SIZE]; @@ -154,19 +154,19 @@ int curve25519(byte *result, const byte *e, const byte *q) int i; /* Note: bit 254 is assumed to be 1 */ - lm_copy(xm, q); + lm_copy(xm, p); for (i = 253; i >= 0; i--) { - const int bit = (e[i >> 3] >> (i & 7)) & 1; + const int bit = (n[i >> 3] >> (i & 7)) & 1; byte xms[F25519_SIZE]; byte zms[F25519_SIZE]; /* From P_m and P_(m-1), compute P_(2m) and P_(2m-1) */ - xc_diffadd(xm1, zm1, q, f25519_one, xm, zm, xm1, zm1); + xc_diffadd(xm1, zm1, p, f25519_one, xm, zm, xm1, zm1); xc_double(xm, zm, xm, zm); /* Compute P_(2m+1) */ - xc_diffadd(xms, zms, xm1, zm1, xm, zm, q, f25519_one); + xc_diffadd(xms, zms, xm1, zm1, xm, zm, p, f25519_one); /* Select: * bit = 1 --> (P_(2m+1), P_(2m)) From f126e6add58642fedb9ef0f91dd42f28dbf92dce Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:30:20 -0600 Subject: [PATCH 13/34] wolfcrypt/src/integer.c: fixes for cppcheck complaints: nullPointerRedundantCheck[false positive; added suppression] --- wolfcrypt/src/integer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 06138d70c..a64f23a65 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -1993,7 +1993,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, * one of many reduction algorithms without modding the guts of * the code with if statements everywhere. */ - int (*redux)(mp_int*,mp_int*,mp_digit) = NULL; + int (*redux)(mp_int*,mp_int*,mp_digit) = NULL; // cppcheck-suppress nullPointerRedundantCheck // cppcheck 2.6.3 false positive #ifdef WOLFSSL_SMALL_STACK M = (mp_int*) XMALLOC(sizeof(mp_int) * TAB_SIZE, NULL, From 67de528d9170bdf97a565b1c126aaf7fb3600a78 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:30:32 -0600 Subject: [PATCH 14/34] wolfcrypt/src/logging.c: fixes for cppcheck complaints: invalidPrintfArgType_sint --- wolfcrypt/src/logging.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index a5a8bf011..0d1874c8e 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -487,7 +487,7 @@ void WOLFSSL_ERROR(int error) if (error < 0) error = error - (2 * error); /* get absolute value */ XSNPRINTF(buffer, sizeof(buffer), - "wolfSSL error occurred, error = %d line:%d file:%s", + "wolfSSL error occurred, error = %d line:%u file:%s", error, line, file); if (wc_AddErrorNode(error, line, buffer, (char*)file) != 0) { From dc98f4dd3044ef98907f94bb92bc8b69d6addcca Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:30:52 -0600 Subject: [PATCH 15/34] wolfcrypt/src/pkcs12.c: fixes for cppcheck complaints: uselessAssignmentPtrArg --- wolfcrypt/src/pkcs12.c | 1 - 1 file changed, 1 deletion(-) diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index e81a9255a..7f29a2cbf 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -188,7 +188,6 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12) } XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS); - pkcs12 = NULL; } From 9e76ec88557d1869d967797b634c3932fb1c6dab Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:31:07 -0600 Subject: [PATCH 16/34] wolfcrypt/src/pkcs7.c: fixes for cppcheck complaints: nullPointerArithmeticRedundantCheck --- wolfcrypt/src/pkcs7.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 21daab7be..3bcbfec6f 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -2718,7 +2718,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, XMEMCPY(output2 + idx, esd->encContentDigest, esd->encContentDigestSz); idx += esd->encContentDigestSz; - if (output2 && output2Sz) { + if (output2Sz) { *output2Sz = idx; idx = 0; /* success */ } From 1488e28ea3c57487a2d387a6d483ecf07982f77b Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:31:36 -0600 Subject: [PATCH 17/34] wolfcrypt/src/port/ti/ti-aes.c: fixes for cppcheck complaints: missingReturn[false positive] --- wolfcrypt/src/port/ti/ti-aes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c index ae7a2faef..29fde1881 100644 --- a/wolfcrypt/src/port/ti/ti-aes.c +++ b/wolfcrypt/src/port/ti/ti-aes.c @@ -209,6 +209,7 @@ WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz XMEMCPY(out, out_block+aes->left,odd) ; aes->left += odd ; } + return; // work around cppcheck 2.6.3 false positive missingReturn } #endif From 24bb007d3c76c58792ca7e0552f991991a6cbdbe Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:31:51 -0600 Subject: [PATCH 18/34] wolfcrypt/src/random.c: fixes for cppcheck complaints: uninitvar --- wolfcrypt/src/random.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4664c9360..724e86a8c 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -2468,7 +2468,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { - int ret; + int ret = 0; word32 buffer[4]; while (sz > 0) { @@ -2493,7 +2493,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { - int ret; + int ret = 0; word32 buffer[4]; while (sz > 0) { @@ -2551,7 +2551,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return -1; } ret = WOLFSSL_SCE_TRNG_HANDLE.p_api->read(WOLFSSL_SCE_TRNG_HANDLE.p_ctrl, - (word32*)tmp, 1); + (word32*)&tmp, 1); if (ret != SSP_SUCCESS) { return -1; } From 094d89bfb92d188a4596e2f8d4441a9d0c1686b2 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:32:03 -0600 Subject: [PATCH 19/34] wolfcrypt/src/rsa.c: fixes for cppcheck complaints: identicalInnerCondition --- wolfcrypt/src/rsa.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 6a60ba453..2707e86fb 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2420,32 +2420,41 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, #if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) /* blind */ ret = mp_rand(rnd, get_digit_count(&key->n), rng); - + if (ret != 0) + break; /* rndi = 1/rnd mod n */ - if (ret == 0 && mp_invmod(rnd, &key->n, rndi) != MP_OKAY) + if (mp_invmod(rnd, &key->n, rndi) != MP_OKAY) { ret = MP_INVMOD_E; + break; + } /* rnd = rnd^e */ #ifndef WOLFSSL_SP_MATH_ALL - if (ret == 0 && mp_exptmod(rnd, &key->e, &key->n, rnd) != MP_OKAY) + if (mp_exptmod(rnd, &key->e, &key->n, rnd) != MP_OKAY) { ret = MP_EXPTMOD_E; + break; + } #else - if (ret == 0 && mp_exptmod_nct(rnd, &key->e, &key->n, - rnd) != MP_OKAY) { + if (mp_exptmod_nct(rnd, &key->e, &key->n, rnd) != MP_OKAY) { ret = MP_EXPTMOD_E; + break; } #endif /* tmp = tmp*rnd mod n */ - if (ret == 0 && mp_mulmod(tmp, rnd, &key->n, tmp) != MP_OKAY) + if (mp_mulmod(tmp, rnd, &key->n, tmp) != MP_OKAY) { ret = MP_MULMOD_E; + break; + } #endif /* WC_RSA_BLINDING && !WC_NO_RNG */ #ifdef RSA_LOW_MEM /* half as much memory but twice as slow */ - if (ret == 0 && mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) + if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) { ret = MP_EXPTMOD_E; + break; + } #else - if (ret == 0) { + { #ifdef WOLFSSL_SMALL_STACK mp_int* tmpa; mp_int* tmpb = NULL; @@ -2461,9 +2470,9 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, tmpb = tmpa + 1; else ret = MEMORY_E; + if (ret == 0) #endif - - if (ret == 0) { + { if (mp_init(tmpa) != MP_OKAY) ret = MP_INIT_E; else From 6e763825edb227be9a26d217d6aca281005fa959 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:32:14 -0600 Subject: [PATCH 20/34] wolfcrypt/src/sha.c: fixes for cppcheck complaints: bufferAccessOutOfBounds --- wolfcrypt/src/sha.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index e0e2b1531..e0355efc9 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -698,7 +698,7 @@ int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) #ifdef LITTLE_ENDIAN_ORDER ByteReverseWords((word32*)digest, (word32*)sha->digest, WC_SHA_DIGEST_SIZE); - XMEMCPY(hash, digest, WC_SHA_DIGEST_SIZE); + XMEMCPY(hash, (byte *)&digest[0], WC_SHA_DIGEST_SIZE); #else XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); #endif @@ -802,7 +802,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) ByteReverseWords(sha->digest, sha->digest, WC_SHA_DIGEST_SIZE); #endif - XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); + XMEMCPY(hash, (byte *)&sha->digest[0], WC_SHA_DIGEST_SIZE); (void)InitSha(sha); /* reset state */ From 82b508b9171c945ba881101e2e31912e53189a35 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:32:26 -0600 Subject: [PATCH 21/34] wolfcrypt/src/sha512.c: fixes for cppcheck complaints: nullPointerRedundantCheck --- wolfcrypt/src/sha512.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index a84c3943a..a0a0b3b4a 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -956,13 +956,15 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) static WC_INLINE int Sha512Final(wc_Sha512* sha512) { - byte* local = (byte*)sha512->buffer; + byte* local; int ret; if (sha512 == NULL) { return BAD_FUNC_ARG; } + local = (byte*)sha512->buffer; + local[sha512->buffLen++] = 0x80; /* add 1 */ /* pad with zeros */ From 71b0b89e95160f26a5f4c7f3ea4e4ec3d51aeeeb Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:32:37 -0600 Subject: [PATCH 22/34] wolfcrypt/src/srp.c: fixes for cppcheck complaints: identicalInnerCondition --- wolfcrypt/src/srp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index f05a1e43b..4b7e51337 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -611,8 +611,11 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size) if (((i = (mp_int *)XMALLOC(sizeof(*i), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) || ((j = (mp_int *)XMALLOC(sizeof(*j), srp->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) r = MEMORY_E; + if (!r) #endif - if (!r) r = mp_init_multi(i, j, 0, 0, 0, 0); + { + r = mp_init_multi(i, j, 0, 0, 0, 0); + } if (!r) r = mp_read_unsigned_bin(i, srp->k,SrpHashSize(srp->type)); if (!r) r = mp_iszero(i) == MP_YES ? SRP_BAD_KEY_E : 0; if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, pubkey); From 8aa11005082a55d2ee53bfd039de3bac314390c4 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:32:48 -0600 Subject: [PATCH 23/34] wolfcrypt/src/wc_pkcs11.c: fixes for cppcheck complaints: uninitvar --- wolfcrypt/src/wc_pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c index 32f521e00..667db293b 100644 --- a/wolfcrypt/src/wc_pkcs11.c +++ b/wolfcrypt/src/wc_pkcs11.c @@ -2041,7 +2041,7 @@ static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session, word32 i = 0; int curveIdx; unsigned char* point = NULL; - int pointSz; + int pointSz = 0; byte tag; CK_RV rv; CK_ATTRIBUTE tmpl[] = { From 70ab36f81c048f912ef185b2e95172270c0b587a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:33:33 -0600 Subject: [PATCH 24/34] wolfcrypt/src/wc_port.c: fixes for cppcheck complaints: uninitvar nullPointer --- wolfcrypt/src/wc_port.c | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 8ab1d8317..36812a4ec 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -130,7 +130,7 @@ int wolfCrypt_Init(void) time_t seed = time(NULL); srand((word32)seed); rngMallocFail = rand() % 2000; /* max 2000 */ - printf("\n--- RNG MALLOC FAIL AT %d---\n", rngMallocFail); + printf("\n--- RNG MALLOC FAIL AT %u ---\n", rngMallocFail); wolfSSL_SetMemFailCount(rngMallocFail); } #endif @@ -1649,7 +1649,7 @@ int wolfSSL_CryptHwMutexUnLock(void) void *newp = NULL; if(p) { ercd = get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp); - if (ercd == E_OK) { + if ((ercd == E_OK) && (newp != NULL)) { XMEMCPY(newp, p, sz); ercd = rel_mpl(ID_wolfssl_MPOOL, (VP)p); if (ercd == E_OK) { @@ -1743,7 +1743,7 @@ int wolfSSL_CryptHwMutexUnLock(void) void *newp = NULL; if (p) { ercd = tk_get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp, TMO_FEVR); - if (ercd == E_OK) { + if ((ercd == E_OK) && (newp != NULL)) { XMEMCPY(newp, p, sz); ercd = tk_rel_mpl(ID_wolfssl_MPOOL, (VP)p); if (ercd == E_OK) { @@ -2150,10 +2150,7 @@ time_t windows_time(time_t* timer) SYSTEMTIME sysTime; FILETIME fTime; ULARGE_INTEGER intTime; - time_t localTime; - if (timer == NULL) - timer = &localTime; GetSystemTime(&sysTime); SystemTimeToFileTime(&sysTime, &fTime); @@ -2163,9 +2160,11 @@ time_t windows_time(time_t* timer) intTime.QuadPart -= 0x19db1ded53e8000; /* to secs */ intTime.QuadPart /= 10000000; - *timer = (time_t)intTime.QuadPart; - return *timer; + if (timer != NULL) + *timer = (time_t)intTime.QuadPart; + + return (time_t)intTime.QuadPart; } #endif /* _WIN32_WCE */ @@ -2275,19 +2274,17 @@ time_t pic32_time(time_t* timer) #else word32 sec = 0; #endif - time_t localTime; - - if (timer == NULL) - timer = &localTime; #ifdef MICROCHIP_MPLAB_HARMONY sec = TCPIP_SNTP_UTCSecondsGet(); #else sec = SNTPGetUTCSeconds(); #endif - *timer = (time_t) sec; - return *timer; + if (timer != NULL) + *timer = (time_t)sec; + + return (time_t)sec; } #endif /* MICROCHIP_TCPIP || MICROCHIP_TCPIP_V5 */ @@ -2331,16 +2328,14 @@ time_t micrium_time(time_t* timer) time_t mqx_time(time_t* timer) { - time_t localTime; TIME_STRUCT time_s; - if (timer == NULL) - timer = &localTime; - _time_get(&time_s); - *timer = (time_t) time_s.SECONDS; - return *timer; + if (timer != NULL) + *timer = (time_t)time_s.SECONDS; + + return (time_t)time_s.SECONDS; } #endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */ From 29fcbb0b192b25869c9e73f8afc231abeeb47ce7 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:33:54 -0600 Subject: [PATCH 25/34] wolfcrypt/test/test.c: fixes for cppcheck complaints: memleakOnRealloc nullPointerRedundantCheck uninitvar invalidPrintfArgType_uint --- wolfcrypt/test/test.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 04d8df591..5a625e104 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11969,9 +11969,6 @@ static int simple_mem_test(int sz) WOLFSSL_TEST_SUBROUTINE int memory_test(void) { int ret = 0; -#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) - byte* b = NULL; -#endif #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY) int i; #endif @@ -12088,15 +12085,22 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void) #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) /* realloc test */ - b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (b) { - b = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + { + byte *c = NULL; + byte *b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (b) { + c = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (c) + b = c; + } + if (b) + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if ((b == NULL) || (c == NULL)) { + return -7217; + } } - if (b == NULL) { - return -7217; - } - XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -18353,10 +18357,10 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS) + return -18601; + if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) return -8601; - } #endif /* NO_MD5 */ #ifndef NO_SHA @@ -18376,10 +18380,10 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS) + return -18602; + if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) return -8602; - } #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 From fdb6a2d87dab590178f9e7da077365c6e032ad26 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:34:09 -0600 Subject: [PATCH 26/34] wolfssl/test.h: fixes for cppcheck complaints: nullPointerRedundantCheck invalidScanfArgType_int --- wolfssl/test.h | 73 +++++++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 34 deletions(-) diff --git a/wolfssl/test.h b/wolfssl/test.h index 09ee3df32..2bb13c454 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -74,7 +74,7 @@ static unsigned long wolfSSL_inet_addr(const char *cp) { unsigned int a[4] ; unsigned long ret ; - sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ; + sscanf(cp, "%u.%u.%u.%u", &a[0], &a[1], &a[2], &a[3]) ; ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; return(ret) ; } @@ -594,9 +594,8 @@ err_sys(const char* msg) #endif { printf("wolfSSL error: %s\n", msg); - - XEXIT_T(EXIT_FAILURE); } + XEXIT_T(EXIT_FAILURE); } static WC_INLINE @@ -622,9 +621,8 @@ err_sys_with_errno(const char* msg) #else printf("wolfSSL error: %s\n", msg); #endif - - XEXIT_T(EXIT_FAILURE); } + XEXIT_T(EXIT_FAILURE); } @@ -1110,8 +1108,10 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, (void)udp; (void)sctp; - if (addr == NULL) + if (addr == NULL) { err_sys("invalid argument to build_addr, addr is NULL"); + return; + } XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T)); @@ -2061,7 +2061,7 @@ static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, if (ready_file) { #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) && \ !defined(NETOS) - XFILE srf = NULL; + XFILE srf = (XFILE)NULL; if (args) ready = args->signal; @@ -3009,8 +3009,10 @@ static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf) #endif ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); - if (ret != 0 || myStack == NULL) + if (ret != 0 || myStack == NULL) { err_sys_with_errno("posix_memalign failed\n"); + return -1; + } XMEMSET(myStack, STACK_CHECK_VAL, stackSize); @@ -3082,8 +3084,11 @@ static WC_INLINE int StackSizeCheck_launch(func_args* args, thread_func tf, pthr } ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); - if (ret != 0 || myStack == NULL) + if (ret != 0 || myStack == NULL) { err_sys_with_errno("posix_memalign failed\n"); + free(shim_args); + return -1; + } XMEMSET(myStack, STACK_CHECK_VAL, stackSize); @@ -3676,7 +3681,7 @@ static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK ECC KeyGen: keySz %d, Curve ID %d\n", keySz, ecc_curve); + WOLFSSL_PKMSG("PK ECC KeyGen: keySz %u, Curve ID %d\n", keySz, ecc_curve); ret = wc_ecc_init(new_key); if (ret == 0) { @@ -3722,7 +3727,7 @@ static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK ECC Sign: inSz %d, keySz %d\n", inSz, keySz); + WOLFSSL_PKMSG("PK ECC Sign: inSz %u, keySz %u\n", inSz, keySz); #ifdef TEST_PK_PRIVKEY ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); @@ -3746,7 +3751,7 @@ static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, free(keyBuf); #endif - WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %d\n", ret, *outSz); + WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %u\n", ret, *outSz); return ret; } @@ -3764,7 +3769,7 @@ static WC_INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK ECC Verify: sigSz %d, hashSz %d, keySz %d\n", sigSz, hashSz, keySz); + WOLFSSL_PKMSG("PK ECC Verify: sigSz %u, hashSz %u, keySz %u\n", sigSz, hashSz, keySz); ret = wc_ecc_init(&myKey); if (ret == 0) { @@ -3867,7 +3872,7 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, wc_ecc_free(&tmpKey); - WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen); + WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %u, OutLen %u\n", ret, *pubKeySz, *outlen); return ret; } @@ -3999,7 +4004,7 @@ static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %d\n", keySz); + WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %u\n", keySz); ret = wc_InitRng(&rng); if (ret != 0) @@ -4074,7 +4079,7 @@ static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey wc_curve25519_free(&tmpKey); - WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %d, outLen %d\n", + WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %u, outLen %u\n", ret, *pubKeySz, *outlen); return ret; @@ -4095,7 +4100,7 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK 448 Sign: inSz %d, keySz %d\n", inSz, keySz); + WOLFSSL_PKMSG("PK 448 Sign: inSz %u, keySz %u\n", inSz, keySz); #ifdef TEST_PK_PRIVKEY ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); @@ -4115,7 +4120,7 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, free(keyBuf); #endif - WOLFSSL_PKMSG("PK 448 Sign: ret %d, outSz %d\n", ret, *outSz); + WOLFSSL_PKMSG("PK 448 Sign: ret %d, outSz %u\n", ret, *outSz); return ret; } @@ -4134,7 +4139,7 @@ static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK 448 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, + WOLFSSL_PKMSG("PK 448 Verify: sigSz %u, msgSz %u, keySz %u\n", sigSz, msgSz, keySz); ret = wc_ed448_init(&myKey); @@ -4165,7 +4170,7 @@ static WC_INLINE int myX448KeyGen(WOLFSSL* ssl, curve448_key* key, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK 448 KeyGen: keySz %d\n", keySz); + WOLFSSL_PKMSG("PK 448 KeyGen: keySz %u\n", keySz); ret = wc_InitRng(&rng); if (ret != 0) @@ -4240,7 +4245,7 @@ static WC_INLINE int myX448SharedSecret(WOLFSSL* ssl, curve448_key* otherKey, wc_curve448_free(&tmpKey); - WOLFSSL_PKMSG("PK 448 PMS: ret %d, pubKeySz %d, outLen %d\n", + WOLFSSL_PKMSG("PK 448 PMS: ret %d, pubKeySz %u, outLen %u\n", ret, *pubKeySz, *outlen); return ret; @@ -4263,7 +4268,7 @@ static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key, /* return 0 on success */ ret = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz); - WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %d, pubKeySz %d, outlen %d\n", + WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %u, pubKeySz %u, outlen %u\n", ret, privSz, pubKeySz, *outlen); return ret; @@ -4286,7 +4291,7 @@ static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK RSA Sign: inSz %d, keySz %d\n", inSz, keySz); + WOLFSSL_PKMSG("PK RSA Sign: inSz %u, keySz %u\n", inSz, keySz); #ifdef TEST_PK_PRIVKEY ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); @@ -4315,7 +4320,7 @@ static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, free(keyBuf); #endif - WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %d\n", ret, *outSz); + WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %u\n", ret, *outSz); return ret; } @@ -4332,7 +4337,7 @@ static WC_INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz); + WOLFSSL_PKMSG("PK RSA Verify: sigSz %u, keySz %u\n", sigSz, keySz); ret = wc_InitRsaKey(&myKey, NULL); if (ret == 0) { @@ -4359,7 +4364,7 @@ static WC_INLINE int myRsaSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %d, keySz %d\n", sigSz, keySz); + WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %u, keySz %u\n", sigSz, keySz); #ifdef TEST_PK_PRIVKEY ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); @@ -4399,7 +4404,7 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %d, hash %d, mgf %d, keySz %d\n", + WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %u, hash %d, mgf %d, keySz %u\n", inSz, hash, mgf, keySz); #ifdef TEST_PK_PRIVKEY @@ -4449,7 +4454,7 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, free(keyBuf); #endif - WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %d\n", ret, *outSz); + WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %u\n", ret, *outSz); return ret; } @@ -4467,7 +4472,7 @@ static WC_INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %d, hash %d, mgf %d, keySz %d\n", + WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %u, hash %d, mgf %d, keySz %u\n", sigSz, hash, mgf, keySz); switch (hash) { @@ -4516,7 +4521,7 @@ static WC_INLINE int myRsaPssSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %d, hash %d, mgf %d, keySz %d\n", + WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %u, hash %d, mgf %d, keySz %u\n", sigSz, hash, mgf, keySz); #ifdef TEST_PK_PRIVKEY @@ -4577,7 +4582,7 @@ static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK RSA Enc: inSz %d, keySz %d\n", inSz, keySz); + WOLFSSL_PKMSG("PK RSA Enc: inSz %u, keySz %u\n", inSz, keySz); ret = wc_InitRng(&rng); if (ret != 0) @@ -4597,7 +4602,7 @@ static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, } wc_FreeRng(&rng); - WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %d\n", ret, *outSz); + WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %u\n", ret, *outSz); return ret; } @@ -4615,7 +4620,7 @@ static WC_INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz, (void)ssl; (void)cbInfo; - WOLFSSL_PKMSG("PK RSA Dec: inSz %d, keySz %d\n", inSz, keySz); + WOLFSSL_PKMSG("PK RSA Dec: inSz %u, keySz %u\n", inSz, keySz); #ifdef TEST_PK_PRIVKEY ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); @@ -4965,7 +4970,7 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz"; WC_RNG rng; - byte out; + byte out = 0; if (tempfn == NULL || len < 1 || num < 1 || len <= num) { printf("Bad input\n"); From cb86da71fa19e8ff9dbf2661d65ead74c39ecd03 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:34:22 -0600 Subject: [PATCH 27/34] wolfssl/wolfcrypt/ecc.h: fixes for cppcheck complaints: preprocessorErrorDirective[division/modulo by zero] --- wolfssl/wolfcrypt/ecc.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 111bff40f..8aa5dded3 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -359,6 +359,9 @@ typedef struct ecc_set_type { #endif /* verify alignment */ +#if CHAR_BIT == 0 + #error CHAR_BIT must be nonzero +#endif #if FP_MAX_BITS_ECC % CHAR_BIT #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT #endif From 7341b54a202902cae8f30e9738a1056d76bb01c3 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 00:34:33 -0600 Subject: [PATCH 28/34] wolfssl/wolfcrypt/tfm.h: fixes for cppcheck complaints: preprocessorErrorDirective[division/modulo by zero] --- wolfssl/wolfcrypt/tfm.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 6ca36ebc5..54ce49ded 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -277,6 +277,9 @@ #define FP_MAX_SIZE (FP_MAX_BITS+(8*DIGIT_BIT)) /* will this lib work? */ +#if CHAR_BIT == 0 + #error CHAR_BIT must be nonzero +#endif #if (CHAR_BIT & 7) #error CHAR_BIT must be a multiple of eight. #endif From a4444e6c3edbfaeab4ee12921a521fb5d75f6cae Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 01:10:02 -0600 Subject: [PATCH 29/34] wolfcrypt/test/test.c: in rsa_oaep_padding_test(), remove accidentally repeated MEMORY_E check. --- wolfcrypt/test/test.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5a625e104..057cb8e96 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -15009,11 +15009,6 @@ static int rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng) XMEMCPY(in, inStr, inLen); -#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC - if (in == NULL || out == NULL || plain == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); -#endif - #ifndef NO_SHA do { #if defined(WOLFSSL_ASYNC_CRYPT) From ff0eb5a41eb7aa46922c7dab6653b680bd285480 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 01:35:46 -0600 Subject: [PATCH 30/34] wolfcrypt/test/test.c: in wolfcrypt_test(), tweak formatting of CheckRunTimeSettings() to resolve invalidPrintfArgType_uint from cppcheck --force. --- wolfcrypt/test/test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 057cb8e96..135740ef9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -746,8 +746,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if !defined(NO_BIG_INT) if (CheckCtcSettings() != 1) { - printf("Sizeof mismatch (build) %x != (run) %x\n", - CTC_SETTINGS, CheckRunTimeSettings()); + printf("Sizeof mismatch (build) %x != (run) %lx\n", + CTC_SETTINGS, (unsigned long)CheckRunTimeSettings()); return err_sys("Build vs runtime math mismatch\n", -1000); } From 56c28ff3079effac26fd5679318bf87ee4215e7c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 02:39:50 -0600 Subject: [PATCH 31/34] src/ssl.c: in wolfSSL_SESSION_has_ticket(), add (void)sess if !defined(HAVE_SESSION_TICKET), to fix -Wunused-parameter. --- src/ssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 158964948..cf93dfd8f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -32074,6 +32074,8 @@ int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* sess) return WOLFSSL_SUCCESS; } } +#else + (void)sess; #endif return WOLFSSL_FAILURE; } From 49fc54ef1fb6f24f856bee70a5912df57963b79f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 02:41:02 -0600 Subject: [PATCH 32/34] linuxkm/linuxkm_wc_port.h: move XMALLOC/XREALLOC/XFREE definitions outside BUILDING_WOLFSSL gate as-was, for back-compat. --- linuxkm/linuxkm_wc_port.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 3adaaba2b..10be06f69 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -596,12 +596,12 @@ #define XGMTIME(c, t) gmtime(c) #define NO_TIMEVAL 1 + #endif /* BUILDING_WOLFSSL */ + #define XMALLOC(s, h, t) ({(void)(h); (void)(t); kmalloc(s, GFP_KERNEL);}) #define XFREE(p, h, t) ({void* _xp; (void)(h); _xp = (p); if(_xp) kfree(_xp);}) #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); krealloc((p), (n), GFP_KERNEL);}) - #endif /* BUILDING_WOLFSSL */ - /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */ #define XSNPRINTF snprintf From c50964cc3529dea27a7729d47486ae4c1a7a7374 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 11:08:57 -0600 Subject: [PATCH 33/34] src/internal.c: fix flubbed edit in wolfSSL_session_import_internal(). --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 07ee30e1f..efbe9a0f3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1640,7 +1640,7 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, word32 idx = 0; word16 length = 0; int version = 0; - int ret = BAD_FUNC_ARG; + int ret = 0; int optSz = 0; int rc; byte validProto = 0; /* did we find a valid protocol */ From 355b5821b2ee3f0762987a1c3b65f81b8f31b9ff Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 8 Jan 2022 11:43:56 -0600 Subject: [PATCH 34/34] WOLFSSL_SESSION_EXPORT: fixes for scan-build complaints (deadcode.DeadStores) building --enable-all --enable-sessionexport. --- src/internal.c | 2 ++ tests/api.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/internal.c b/src/internal.c index efbe9a0f3..e8333c2ec 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5751,12 +5751,14 @@ int InitSSL_Suites(WOLFSSL* ssl) #ifndef NO_PSK havePSK = (byte)ssl->options.havePSK; #endif /* NO_PSK */ +#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) #ifdef HAVE_ANON haveAnon = (byte)ssl->options.haveAnon; #endif /* HAVE_ANON*/ #ifdef WOLFSSL_MULTICAST haveMcast = (byte)ssl->options.haveMcast; #endif /* WOLFSSL_MULTICAST */ +#endif /* !NO_CERTS && !WOLFSSL_SESSION_EXPORT */ #ifdef WOLFSSL_EARLY_DATA if (ssl->options.side == WOLFSSL_SERVER_END) diff --git a/tests/api.c b/tests/api.c index d7461907e..010bd2e3a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -4314,7 +4314,9 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd) loop_count = ((func_args*)args)->argc; + #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ + #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) {