Merge branch 'master' of github.com:cyassl/cyassl
This commit is contained in:
commit
59e4c346f0
@ -63,6 +63,16 @@ enum {
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef min
|
||||
|
||||
static INLINE word32 min(word32 a, word32 b)
|
||||
{
|
||||
return a > b ? b : a;
|
||||
}
|
||||
|
||||
#endif /* min */
|
||||
|
||||
|
||||
#ifdef THREADX
|
||||
/* uses parital <time.h> structures */
|
||||
#define XTIME(tl) (0)
|
||||
@ -2710,7 +2720,7 @@ static int SetMyVersion(word32 version, byte* output, int header)
|
||||
}
|
||||
output[i++] = ASN_INTEGER;
|
||||
output[i++] = 0x01;
|
||||
output[i++] = version;
|
||||
output[i++] = (byte)version;
|
||||
|
||||
return i;
|
||||
}
|
||||
@ -3183,8 +3193,6 @@ static const char* GetOneName(CertName* name, int idx)
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -3220,8 +3228,6 @@ static byte GetNameId(int idx)
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -3508,7 +3514,8 @@ static int WriteCertBody(DerCert* der, byte* buffer)
|
||||
idx += der->publicKeySz;
|
||||
if (der->extensionsSz) {
|
||||
/* extensions */
|
||||
XMEMCPY(buffer + idx, der->extensions, der->extensionsSz);
|
||||
XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz,
|
||||
sizeof(der->extensions)));
|
||||
idx += der->extensionsSz;
|
||||
}
|
||||
|
||||
|
@ -54,6 +54,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
|
||||
word32 i = 0;
|
||||
word32 j = 0;
|
||||
word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
|
||||
const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
|
||||
|
||||
plainSz = (plainSz * 3 + 3) / 4;
|
||||
if (plainSz > *outLen) return BAD_FUNC_ARG;
|
||||
@ -75,6 +76,16 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
|
||||
if (e4 == PAD)
|
||||
pad4 = 1;
|
||||
|
||||
if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
|
||||
CYASSL_MSG("Bad Base64 Decode data, too small");
|
||||
return ASN_INPUT_E;
|
||||
}
|
||||
|
||||
if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
|
||||
CYASSL_MSG("Bad Base64 Decode data, too big");
|
||||
return ASN_INPUT_E;
|
||||
}
|
||||
|
||||
e1 = base64Decode[e1 - 0x2B];
|
||||
e2 = base64Decode[e2 - 0x2B];
|
||||
e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
|
||||
|
@ -2762,6 +2762,9 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
|
||||
}
|
||||
}
|
||||
|
||||
if (pa > MP_WARRAY)
|
||||
return MP_RANGE; /* TAO range check */
|
||||
|
||||
#ifdef CYASSL_SMALL_STACK
|
||||
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
|
||||
if (W == NULL)
|
||||
@ -2878,6 +2881,8 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
|
||||
|
||||
/* number of output digits to produce */
|
||||
pa = MIN(digs, a->used + b->used);
|
||||
if (pa > MP_WARRAY)
|
||||
return MP_RANGE; /* TAO range check */
|
||||
|
||||
#ifdef CYASSL_SMALL_STACK
|
||||
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
|
||||
@ -3598,6 +3603,9 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
|
||||
}
|
||||
}
|
||||
|
||||
if (pa > MP_WARRAY)
|
||||
return MP_RANGE; /* TAO range check */
|
||||
|
||||
#ifdef CYASSL_SMALL_STACK
|
||||
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
|
||||
if (W == NULL)
|
||||
|
@ -2822,7 +2822,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
|
||||
|
||||
/* write to output */
|
||||
if (ivSz) {
|
||||
XMEMCPY(output + idx, iv, ivSz);
|
||||
XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv)));
|
||||
idx += ivSz;
|
||||
}
|
||||
XMEMCPY(output + idx, input, inSz);
|
||||
@ -4235,7 +4235,7 @@ int SetCipherList(Suites* s, const char* list)
|
||||
i += RAN_LEN;
|
||||
b = input[i++];
|
||||
if (b) {
|
||||
XMEMCPY(ssl->arrays.sessionID, input + i, b);
|
||||
XMEMCPY(ssl->arrays.sessionID, input + i, min(b, ID_LEN));
|
||||
i += b;
|
||||
ssl->options.haveSessionId = 1;
|
||||
}
|
||||
@ -4506,7 +4506,7 @@ int SetCipherList(Suites* s, const char* list)
|
||||
encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
|
||||
|
||||
if (encSigSz != (word32)ret || XMEMCMP(out, encodedSig,
|
||||
encSigSz) != 0)
|
||||
min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
|
||||
return VERIFY_SIGN_ERROR;
|
||||
}
|
||||
else {
|
||||
@ -4673,7 +4673,7 @@ int SetCipherList(Suites* s, const char* list)
|
||||
|
||||
/* precede export with 1 byte length */
|
||||
ret = ecc_export_x963(&myKey, encSecret + 1, &size);
|
||||
encSecret[0] = size;
|
||||
encSecret[0] = (byte)size;
|
||||
encSz = size + 1;
|
||||
|
||||
if (ret != 0)
|
||||
@ -6139,12 +6139,13 @@ int SetCipherList(Suites* s, const char* list)
|
||||
|
||||
sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
|
||||
|
||||
if (outLen == (int)sigSz && XMEMCMP(out, encodedSig,sigSz) == 0)
|
||||
if (outLen == (int)sigSz && XMEMCMP(out, encodedSig,
|
||||
min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
|
||||
ret = 0; /* verified */
|
||||
}
|
||||
else {
|
||||
if (outLen == sizeof(ssl->certHashes) && XMEMCMP(out,
|
||||
ssl->certHashes.md5, sizeof(ssl->certHashes)) == 0)
|
||||
&ssl->certHashes, sizeof(ssl->certHashes)) == 0)
|
||||
ret = 0; /* verified */
|
||||
}
|
||||
}
|
||||
|
12
src/tls.c
12
src/tls.c
@ -33,6 +33,16 @@
|
||||
#ifndef NO_TLS
|
||||
|
||||
|
||||
#ifndef min
|
||||
|
||||
static INLINE word32 min(word32 a, word32 b)
|
||||
{
|
||||
return a > b ? b : a;
|
||||
}
|
||||
|
||||
#endif /* min */
|
||||
|
||||
|
||||
/* calculate XOR for TLSv1 PRF */
|
||||
static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
|
||||
{
|
||||
@ -74,7 +84,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
|
||||
HmacFinal(&hmac, current);
|
||||
|
||||
if ( (i == lastTime) && lastLen)
|
||||
XMEMCPY(&result[idx], current, lastLen);
|
||||
XMEMCPY(&result[idx], current, min(lastLen, sizeof(current)));
|
||||
else {
|
||||
XMEMCPY(&result[idx], current, len);
|
||||
idx += len;
|
||||
|
Loading…
x
Reference in New Issue
Block a user