diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 8e993ef13..160974175 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1591,9 +1591,9 @@ static int GetDate(DecodedCert* cert, int dateType) int length; byte date[MAX_DATE_SIZE]; byte b; - word32 startIdx = 0; #ifdef CYASSL_CERT_GEN + word32 startIdx = 0; if (dateType == BEFORE) cert->beforeDate = &cert->source[cert->srcIdx]; else @@ -2073,25 +2073,25 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, static void DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert) { - word32 index = 0; + word32 idx = 0; int length = 0; CYASSL_ENTER("DecodeBasicCaConstraint"); - if (GetSequence(input, &index, &length, sz) < 0) return; + if (GetSequence(input, &idx, &length, sz) < 0) return; - if (input[index++] != ASN_BOOLEAN) + if (input[idx++] != ASN_BOOLEAN) { CYASSL_MSG("\tfail: constraint not BOOLEAN"); return; } - if (GetLength(input, &index, &length, sz) < 0) + if (GetLength(input, &idx, &length, sz) < 0) { CYASSL_MSG("\tfail: length"); return; } - if (input[index]) + if (input[idx]) cert->isCA = 1; } @@ -2103,69 +2103,68 @@ static void DecodeBasicCaConstraint(byte* input, int sz, DecodedCert* cert) static void DecodeCrlDist(byte* input, int sz, DecodedCert* cert) { - word32 index = 0; + word32 idx = 0; int length = 0; - word32 oid; CYASSL_ENTER("DecodeCrlDist"); /* Unwrap the list of Distribution Points*/ - if (GetSequence(input, &index, &length, sz) < 0) return; + if (GetSequence(input, &idx, &length, sz) < 0) return; /* Unwrap a single Distribution Point */ - if (GetSequence(input, &index, &length, sz) < 0) return; + if (GetSequence(input, &idx, &length, sz) < 0) return; /* The Distribution Point has three explicit optional members * First check for a DistributionPointName */ - if (input[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) + if (input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) { - index++; - if (GetLength(input, &index, &length, sz) < 0) return; + idx++; + if (GetLength(input, &idx, &length, sz) < 0) return; - if (input[index] == + if (input[idx] == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CRLDP_FULL_NAME)) { - index++; - if (GetLength(input, &index, &length, sz) < 0) return; + idx++; + if (GetLength(input, &idx, &length, sz) < 0) return; - if (input[index] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) + if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) { - index++; - if (GetLength(input, &index, &length, sz) < 0) return; + idx++; + if (GetLength(input, &idx, &length, sz) < 0) return; cert->extCrlInfoSz = length; - cert->extCrlInfo = input + index; - index += length; + cert->extCrlInfo = input + idx; + idx += length; } else /* This isn't a URI, skip it. */ - index += length; + idx += length; } else /* This isn't a FULLNAME, skip it. */ - index += length; + idx += length; } /* Check for reasonFlags */ - if (index < (word32)sz && - input[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) + if (idx < (word32)sz && + input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) { - index++; - if (GetLength(input, &index, &length, sz) < 0) return; - index += length; + idx++; + if (GetLength(input, &idx, &length, sz) < 0) return; + idx += length; } /* Check for cRLIssuer */ - if (index < (word32)sz && - input[index] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2)) + if (idx < (word32)sz && + input[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2)) { - index++; - if (GetLength(input, &index, &length, sz) < 0) return; - index += length; + idx++; + if (GetLength(input, &idx, &length, sz) < 0) return; + idx += length; } - if (index < (word32)sz) + if (idx < (word32)sz) { CYASSL_MSG("\tThere are more CRL Distribution Point records, " "but we only use the first one."); @@ -2181,38 +2180,38 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert) * any issues, return without saving the record. */ { - word32 index = 0; + word32 idx = 0; int length = 0; word32 oid; /* Unwrap the list of AIAs */ - if (GetSequence(input, &index, &length, sz) < 0) return; + if (GetSequence(input, &idx, &length, sz) < 0) return; /* Unwrap a single AIA */ - if (GetSequence(input, &index, &length, sz) < 0) return; + if (GetSequence(input, &idx, &length, sz) < 0) return; oid = 0; - if (GetObjectId(input, &index, &oid, sz) < 0) return; + if (GetObjectId(input, &idx, &oid, sz) < 0) return; /* Only supporting URIs right now. */ - if (input[index] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) + if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) { - index++; - if (GetLength(input, &index, &length, sz) < 0) return; + idx++; + if (GetLength(input, &idx, &length, sz) < 0) return; cert->extAuthInfoSz = length; - cert->extAuthInfo = input + index; - index += length; + cert->extAuthInfo = input + idx; + idx += length; } else { /* Skip anything else. */ - index++; - if (GetLength(input, &index, &length, sz) < 0) return; - index += length; + idx++; + if (GetLength(input, &idx, &length, sz) < 0) return; + idx += length; } - if (index < (word32)sz) + if (idx < (word32)sz) { CYASSL_MSG("\tThere are more Authority Information Access records, " "but we only use first one."); @@ -2228,7 +2227,7 @@ static void DecodeCertExtensions(DecodedCert* cert) * index. It is works starting with the recorded extensions pointer. */ { - word32 index = 0; + word32 idx = 0; int sz = cert->extensionsSz; byte* input = cert->extensions; int length; @@ -2238,59 +2237,59 @@ static void DecodeCertExtensions(DecodedCert* cert) if (input == NULL || sz == 0) return; - if (input[index++] != ASN_EXTENSIONS)return; + if (input[idx++] != ASN_EXTENSIONS)return; - if (GetLength(input, &index, &length, sz) < 0) return; + if (GetLength(input, &idx, &length, sz) < 0) return; - if (GetSequence(input, &index, &length, sz) < 0) return; + if (GetSequence(input, &idx, &length, sz) < 0) return; - while (index < (word32)sz) { - if (GetSequence(input, &index, &length, sz) < 0) { + while (idx < (word32)sz) { + if (GetSequence(input, &idx, &length, sz) < 0) { CYASSL_MSG("\tfail: should be a SEQUENCE"); return; } oid = 0; - if (GetObjectId(input, &index, &oid, sz) < 0) { + if (GetObjectId(input, &idx, &oid, sz) < 0) { CYASSL_MSG("\tfail: OBJECT ID"); return; } /* check for critical flag */ - if (input[index] == ASN_BOOLEAN) { + if (input[idx] == ASN_BOOLEAN) { CYASSL_MSG("\tfound optional critical flag, moving past"); - index += (ASN_BOOL_SIZE + 1); + idx += (ASN_BOOL_SIZE + 1); } /* process the extension based on the OID */ - if (input[index++] != ASN_OCTET_STRING) { + if (input[idx++] != ASN_OCTET_STRING) { CYASSL_MSG("\tfail: should be an OCTET STRING"); return; } - if (GetLength(input, &index, &length, sz) < 0) { + if (GetLength(input, &idx, &length, sz) < 0) { CYASSL_MSG("\tfail: extension data length"); return; } switch (oid) { case BASIC_CA_OID: - DecodeBasicCaConstraint(&input[index], length, cert); + DecodeBasicCaConstraint(&input[idx], length, cert); break; case CRL_DIST_OID: - DecodeCrlDist(&input[index], length, cert); + DecodeCrlDist(&input[idx], length, cert); break; case AUTH_INFO_OID: - DecodeAuthInfo(&input[index], length, cert); + DecodeAuthInfo(&input[idx], length, cert); break; default: CYASSL_MSG("\tExtension type not handled, skipping"); break; } - index += length; + idx += length; } return; @@ -4668,7 +4667,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, long sz) len += idx; - while (idx < len) { + while (idx < (word32)len) { if (GetRevoked(buff, &idx, dcrl, sz) < 0) return ASN_PARSE_E; } diff --git a/cyassl/ctaocrypt/tfm.h b/cyassl/ctaocrypt/tfm.h index 37fa98523..af74a9034 100644 --- a/cyassl/ctaocrypt/tfm.h +++ b/cyassl/ctaocrypt/tfm.h @@ -415,7 +415,7 @@ int fp_cmp_d(fp_int *a, fp_digit b); void fp_add_d(fp_int *a, fp_digit b, fp_int *c); /* c = a - b */ -/*void fp_sub_d(fp_int *a, fp_digit b, fp_int *c);*/ +void fp_sub_d(fp_int *a, fp_digit b, fp_int *c); /* c = a * b */ void fp_mul_d(fp_int *a, fp_digit b, fp_int *c); diff --git a/cyassl/ssl.h b/cyassl/ssl.h index b14c029f9..c30a9ac52 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -384,7 +384,6 @@ CYASSL_API char* CyaSSL_alert_type_string_long(int); CYASSL_API char* CyaSSL_alert_desc_string_long(int); CYASSL_API char* CyaSSL_state_string_long(CYASSL*); -CYASSL_API void CyaSSL_RSA_free(CYASSL_RSA*); CYASSL_API CYASSL_RSA* CyaSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); CYASSL_API void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX*, diff --git a/src/crl.c b/src/crl.c index 18a139069..b3211d274 100644 --- a/src/crl.c +++ b/src/crl.c @@ -149,12 +149,13 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert) CYASSL_MSG("Issuing missing CRL callback"); url[0] = '\0'; - if (cert->extCrlInfoSz < sizeof(url) -1 ) { + if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) { XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz); url[cert->extCrlInfoSz] = '\0'; } - else + else { CYASSL_MSG("CRL url too long"); + } crl->cm->cbMissingCRL(url); } } @@ -233,8 +234,9 @@ int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type) } else { ret = AddCRL(crl, &dcrl); - if (ret != 0) + if (ret != 0) { CYASSL_MSG("AddCRL error"); + } } FreeDecodedCRL(&dcrl); diff --git a/src/internal.c b/src/internal.c index 2a8ad6b93..561d9c0ac 100644 --- a/src/internal.c +++ b/src/internal.c @@ -460,6 +460,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK, (void)haveDH; (void)havePSK; (void)haveNTRU; + (void)haveStaticECC; if (suites->setSuites) return; /* trust user settings, don't override */ diff --git a/src/ssl.c b/src/ssl.c index c37bebfea..b478e2d7a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1089,6 +1089,9 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) if (ssl) ssl->options.haveECDSA = 1; break; + default: + CYASSL_MSG("Not ECDSA cert signature"); + break; } FreeDecodedCert(&cert); @@ -1166,6 +1169,8 @@ int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type, long sz = 0; XFILE* file = XFOPEN(fname, "rb"); + (void)crl; + if (!file) return SSL_BAD_FILE; XFSEEK(file, 0, XSEEK_END); sz = XFTELL(file); @@ -1377,6 +1382,8 @@ int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file, /* turn on CRL if off and compiled in, set options */ int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options) { + (void)options; + CYASSL_ENTER("CyaSSL_CertManagerEnableCRL"); if (cm == NULL) return BAD_FUNC_ARG; @@ -4136,26 +4143,6 @@ int CyaSSL_set_compression(CYASSL* ssl) return 0; /* failure */ } - if (key) - CYASSL_MSG("have key"); - - if (iv) - CYASSL_MSG("have iv"); - - if (enc == 1) { - CYASSL_MSG("encrypt side"); - } - else if (enc == 0) { - CYASSL_MSG("decrypt side"); - } - else { - CYASSL_MSG("no side"); - if (ctx->enc) - CYASSL_MSG("no side enc"); - else - CYASSL_MSG("no side dec"); - } - if (ctx->cipherType == AES_128_CBC_TYPE || (type && XSTRNCMP(type, "AES128-CBC", 10) == 0)) { CYASSL_MSG("AES-128-CBC"); @@ -4323,13 +4310,6 @@ int CyaSSL_set_compression(CYASSL* ssl) return 0; /* failure */ } - if (ctx->enc) - CYASSL_MSG("encrypting"); - else - CYASSL_MSG("decrypting"); - - - switch (ctx->cipherType) { case AES_128_CBC_TYPE : @@ -5851,6 +5831,9 @@ static int initGlobalRNG = 0; CYASSL_MSG("CyaSSL_RAND_seed"); + (void)seed; + (void)len; + if (initGlobalRNG == 0) { if (InitRng(&globalRNG) < 0) { CYASSL_MSG("CyaSSL Init Global RNG failed"); @@ -5893,12 +5876,14 @@ static int initGlobalRNG = 0; void CyaSSL_BN_CTX_init(CYASSL_BN_CTX* ctx) { + (void)ctx; CYASSL_MSG("CyaSSL_BN_CTX_init"); } void CyaSSL_BN_CTX_free(CYASSL_BN_CTX* ctx) { + (void)ctx; CYASSL_MSG("CyaSSL_BN_CTX_free"); /* do free since static ctx that does nothing */ @@ -5986,6 +5971,7 @@ static int initGlobalRNG = 0; int CyaSSL_BN_mod(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b, const CYASSL_BN_CTX* c) { + (void)c; CYASSL_MSG("CyaSSL_BN_mod"); if (r == NULL || a == NULL || b == NULL) @@ -6117,8 +6103,9 @@ static int initGlobalRNG = 0; return NULL; } } - else + else { CYASSL_MSG("CyaSSL_BN_bin2bn wants return bignum"); + } return ret; } @@ -6126,6 +6113,8 @@ static int initGlobalRNG = 0; int CyaSSL_mask_bits(CYASSL_BIGNUM* bn, int n) { + (void)bn; + (void)n; CYASSL_MSG("CyaSSL_BN_mask_bits"); return -1; @@ -6134,12 +6123,14 @@ static int initGlobalRNG = 0; int CyaSSL_BN_rand(CYASSL_BIGNUM* bn, int bits, int top, int bottom) { - byte buffer[1024]; + byte buff[1024]; RNG tmpRNG; RNG* rng = &tmpRNG; int ret; int len = bits/8; + (void)top; + (void)bottom; CYASSL_MSG("CyaSSL_BN_rand"); if (bn == NULL || bn->internal == NULL) { @@ -6159,11 +6150,11 @@ static int initGlobalRNG = 0; rng = &globalRNG; } - RNG_GenerateBlock(rng, buffer, len); - buffer[0] |= 0x80 | 0x40; - buffer[len-1] |= 0x01; + RNG_GenerateBlock(rng, buff, len); + buff[0] |= 0x80 | 0x40; + buff[len-1] |= 0x01; - if (mp_read_unsigned_bin((mp_int*)bn->internal,buffer,len) != MP_OKAY) { + if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) { CYASSL_MSG("mp read bin failed"); return 0; } @@ -6174,6 +6165,9 @@ static int initGlobalRNG = 0; int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM* bn, int n) { + (void)bn; + (void)n; + CYASSL_MSG("CyaSSL_BN_is_bit_set"); return 0; @@ -6246,6 +6240,9 @@ static int initGlobalRNG = 0; CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* bn) { + (void)r; + (void)bn; + CYASSL_MSG("CyaSSL_BN_copy"); return NULL; @@ -6254,6 +6251,9 @@ static int initGlobalRNG = 0; int CyaSSL_BN_set_word(CYASSL_BIGNUM* bn, unsigned long w) { + (void)bn; + (void)w; + CYASSL_MSG("CyaSSL_BN_set_word"); return -1; @@ -6262,6 +6262,9 @@ static int initGlobalRNG = 0; int CyaSSL_BN_dec2bn(CYASSL_BIGNUM** bn, const char* str) { + (void)bn; + (void)str; + CYASSL_MSG("CyaSSL_BN_dec2bn"); return -1; @@ -6270,6 +6273,8 @@ static int initGlobalRNG = 0; char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM* bn) { + (void)bn; + CYASSL_MSG("CyaSSL_BN_bn2dec"); return NULL; @@ -6585,6 +6590,8 @@ static int initGlobalRNG = 0; int CyaSSL_DSA_generate_key(CYASSL_DSA* dsa) { + (void)dsa; + CYASSL_MSG("CyaSSL_DSA_generate_key"); return 0; /* key gen not needed by server */ @@ -6595,6 +6602,14 @@ static int initGlobalRNG = 0; unsigned char* seed, int seedLen, int* counterRet, unsigned long* hRet, void* cb) { + (void)dsa; + (void)bits; + (void)seed; + (void)seedLen; + (void)counterRet; + (void)hRet; + (void)cb; + CYASSL_MSG("CyaSSL_DSA_generate_parameters_ex"); return 0; /* key gen not needed by server */ @@ -6838,6 +6853,9 @@ static int initGlobalRNG = 0; int CyaSSL_RSA_blinding_on(CYASSL_RSA* rsa, CYASSL_BN_CTX* bn) { + (void)rsa; + (void)bn; + CYASSL_MSG("CyaSSL_RSA_blinding_on"); return 1; /* on by default */ @@ -6847,6 +6865,12 @@ static int initGlobalRNG = 0; int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr, unsigned char* to, CYASSL_RSA* rsa, int padding) { + (void)len; + (void)fr; + (void)to; + (void)rsa; + (void)padding; + CYASSL_MSG("CyaSSL_RSA_public_encrypt"); return -1; @@ -6856,6 +6880,12 @@ static int initGlobalRNG = 0; int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr, unsigned char* to, CYASSL_RSA* rsa, int padding) { + (void)len; + (void)fr; + (void)to; + (void)rsa; + (void)padding; + CYASSL_MSG("CyaSSL_RSA_private_decrypt"); return -1; @@ -6970,7 +7000,7 @@ static int initGlobalRNG = 0; *sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, (RsaKey*)rsa->internal, rng); - if (sigLen < 0) { + if (*sigLen <= 0) { CYASSL_MSG("Bad Rsa Sign"); return 0; } @@ -6983,6 +7013,12 @@ static int initGlobalRNG = 0; int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from, unsigned char* to, CYASSL_RSA* rsa, int padding) { + (void)flen; + (void)from; + (void)to; + (void)rsa; + (void)padding; + CYASSL_MSG("CyaSSL_RSA_public_decrypt"); return -1; @@ -7061,8 +7097,9 @@ static int initGlobalRNG = 0; CYASSL_MSG("sha hmac"); ctx->type = SHA; } - else + else { CYASSL_MSG("bad init type"); + } } if (key && keylen) { @@ -7118,6 +7155,8 @@ static int initGlobalRNG = 0; void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx) { + (void)ctx; + CYASSL_MSG("CyaSSL_HMAC_cleanup"); } @@ -7146,6 +7185,7 @@ static int initGlobalRNG = 0; CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY* key) { + (void)key; CYASSL_MSG("CyaSSL_EVP_PKEY_get1_RSA"); return NULL; @@ -7154,6 +7194,7 @@ static int initGlobalRNG = 0; CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY* key) { + (void)key; CYASSL_MSG("CyaSSL_EVP_PKEY_get1_DSA"); return NULL; @@ -7205,6 +7246,8 @@ static int initGlobalRNG = 0; void CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset, unsigned char* iv, int len) { + (void)len; + CYASSL_MSG("CyaSSL_3des_iv"); if (ctx == NULL || iv == NULL) { @@ -7222,6 +7265,8 @@ static int initGlobalRNG = 0; void CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset, unsigned char* iv, int len) { + (void)len; + CYASSL_MSG("CyaSSL_aes_ctr_iv"); if (ctx == NULL || iv == NULL) { @@ -7342,6 +7387,14 @@ static int initGlobalRNG = 0; unsigned char* passwd, int len, pem_password_cb cb, void* arg) { + (void)bio; + (void)rsa; + (void)cipher; + (void)passwd; + (void)len; + (void)cb; + (void)arg; + CYASSL_MSG("CyaSSL_PEM_write_bio_RSAPrivateKey"); return -1; @@ -7354,6 +7407,14 @@ static int initGlobalRNG = 0; unsigned char* passwd, int len, pem_password_cb cb, void* arg) { + (void)bio; + (void)rsa; + (void)cipher; + (void)passwd; + (void)len; + (void)cb; + (void)arg; + CYASSL_MSG("CyaSSL_PEM_write_bio_DSAPrivateKey"); return -1; @@ -7364,6 +7425,11 @@ static int initGlobalRNG = 0; CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio, CYASSL_EVP_PKEY** key, pem_password_cb cb, void* arg) { + (void)bio; + (void)key; + (void)cb; + (void)arg; + CYASSL_MSG("CyaSSL_PEM_read_bio_PrivateKey"); return NULL; @@ -7380,6 +7446,8 @@ int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff, int ret; buffer der; + (void)pass; + CYASSL_ENTER("CyaSSL_KeyPemToDer"); if (pem == NULL || buff == NULL || buffSz <= 0) {