mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix Coverity

This commit is contained in:
Tesfa Mael 2020-06-04 21:05:07 -07:00
parent 1e94f0478c
commit 890500c1b1
13 changed files with 190 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
examples/benchmark/tls_bench.c
View File

@ -525,15 +525,15 @@ static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz)
int recvd;
int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
struct sockaddr peer;
socklen_t peerSz;
socklen_t peerSz = 0;
if (DoneHandShake) dtls_timeout = 0;
if (!wolfSSL_get_using_nonblock(ssl)) {
struct timeval timeout;
XMEMSET(&timeout, 0, sizeof(timeout));
timeout.tv_sec = dtls_timeout;
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
sizeof(timeout)) != 0) {
printf("setsockopt rcvtimeo failed\n");
@ -543,7 +543,7 @@ static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz)
recvd = (int)recvfrom(sd, buf, sz, 0, (SOCKADDR*)&peer, &peerSz);
if (recvd < 0) {
if (errno == SOCKET_EWOULDBLOCK || errno == SOCKET_EAGAIN) {
if (wolfSSL_dtls_get_using_nonblock(ssl)) {
return WOLFSSL_CBIO_ERR_WANT_READ;
@ -576,7 +576,7 @@ static int ReceiveFrom(WOLFSSL *ssl, int sd, char *buf, int sz)
#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_CLIENT)
static int SendTo(int sd, char *buf, int sz, const struct sockaddr *peer,
static int SendTo(int sd, char *buf, int sz, const struct sockaddr *peer,
socklen_t peerSz)
{
int sent;
@ -625,9 +625,9 @@ static int ServerSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
#endif
#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_CLIENT)
if (info->doDTLS) {
return SendTo(info->server.sockFd, buf, sz,
return SendTo(info->server.sockFd, buf, sz,
(const struct sockaddr*)&info->clientAddr, sizeof(info->clientAddr));
} else
} else
#endif
return SocketSend(info->server.sockFd, buf, sz);
}
@ -659,9 +659,9 @@ static int ClientSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
#endif
#ifdef WOLFSSL_DTLS
if (info->doDTLS) {
return SendTo(info->client.sockFd, buf, sz,
return SendTo(info->client.sockFd, buf, sz,
(const struct sockaddr*)&info->serverAddr, sizeof(info->serverAddr));
} else
} else
#endif
return SocketSend(info->client.sockFd, buf, sz);
}
@ -676,7 +676,7 @@ static int ClientRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
if (info->doDTLS) {
return ReceiveFrom(ssl, info->client.sockFd, buf, sz);
} else
} else
#endif
return SocketRecv(info->client.sockFd, buf, sz);
}
@ -734,14 +734,14 @@ static int SetupSocketAndConnect(info_t* info, const char* host,
#ifdef WOLFSSL_DTLS
if (info->doDTLS) {
/* Create the SOCK_DGRAM socket type is implemented on the User
/* Create the SOCK_DGRAM socket type is implemented on the User
* Datagram Protocol/Internet Protocol(UDP/IP protocol).*/
if ((info->client.sockFd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
printf("ERROR: failed to create the SOCK_DGRAM socket\n");
return -1;
}
XMEMCPY(&info->serverAddr, &servAddr, sizeof(servAddr));
} else {
} else {
#endif
/* Create a socket that uses an Internet IPv4 address,
* Sets the socket to be stream based (TCP),
@ -792,7 +792,7 @@ static int bench_tls_client(info_t* info)
if(info->doDTLS) {
if (tls13) return WOLFSSL_SUCCESS;
cli_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
} else
} else
#endif
#ifdef WOLFSSL_TLS13
if (tls13)
@ -889,7 +889,7 @@ static int bench_tls_client(info_t* info)
#ifdef WOLFSSL_DTLS
if (info->doDTLS) {
ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr,
ret = wolfSSL_dtls_set_peer(cli_ssl, &info->serverAddr,
sizeof(info->serverAddr));
if (ret != WOLFSSL_SUCCESS) {
printf("error setting dtls peer\n");
@ -906,7 +906,7 @@ static int bench_tls_client(info_t* info)
wolfSSL_SetIOWriteCtx(cli_ssl, info);
#if defined(HAVE_PTHREAD) && defined(WOLFSSL_DTLS)
/* synchronize with server */
/* synchronize with server */
if (info->doDTLS && !info->clientOrserverOnly) {
pthread_mutex_lock(&info->dtls_mutex);
if (info->serverReady != 1) {
@ -1083,7 +1083,7 @@ static int SetupSocketAndListen(int* listenFd, word32 port, int doDTLS)
#ifdef WOLFSSL_DTLS
if (doDTLS) {
/* Create a socket that is implemented on the User Datagram Protocol/
* Interet Protocol(UDP/IP protocol). */
* Interet Protocol(UDP/IP protocol). */
if((*listenFd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
printf("ERROR: failed to create the socket\n");
return -1;
@ -1149,7 +1149,7 @@ static int SocketWaitClient(info_t* info)
MSG_PEEK, (struct sockaddr*)&clientAddr, &size);
if (connd < -1) {
printf("ERROR: failed to accept the connection\n");
return -1;
return -1;
}
XMEMCPY(&info->clientAddr, &clientAddr, sizeof(clientAddr));
info->server.sockFd = info->listenFd;
@ -1195,7 +1195,7 @@ static int bench_tls_server(info_t* info)
if(info->doDTLS) {
if(tls13) return WOLFSSL_SUCCESS;
srv_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
} else {
} else {
#endif
#ifdef WOLFSSL_TLS13
if (tls13)
@ -1301,7 +1301,7 @@ static int bench_tls_server(info_t* info)
}
#ifdef WOLFSSL_DTLS
if (info->doDTLS) {
ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr,
ret = wolfSSL_dtls_set_peer(srv_ssl, &info->clientAddr,
sizeof(info->clientAddr));
if (ret != WOLFSSL_SUCCESS) {
printf("error setting dtls peer\n");
@ -1405,7 +1405,7 @@ static int bench_tls_server(info_t* info)
#ifdef WOLFSSL_DTLS
if (info->doDTLS) {
SetupSocketAndListen(&info->listenFd, info->port, info->doDTLS);
}
}
#endif
}

2
examples/client/client.c
View File

@ -728,7 +728,7 @@ static int StartTLS_Init(SOCKET_T* sockfd)
XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0)
err_sys("failed to read STARTTLS command\n");
tmpBuf[sizeof(tmpBuf)-1] = '\0';
if (!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) {
printf("%s\n", tmpBuf);
} else {

29
src/bio.c
View File

@ -159,22 +159,20 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,
static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
{
int ret = sz;
if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) {
if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf,
sz) != WOLFSSL_SUCCESS)
{
ret = WOLFSSL_FATAL_ERROR;
return WOLFSSL_FATAL_ERROR;
}
}
else {
if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, ret)
if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, sz)
!= WOLFSSL_SUCCESS) {
ret = WOLFSSL_FATAL_ERROR;
return WOLFSSL_FATAL_ERROR;
}
}
return ret;
return sz;
}
#endif /* WOLFCRYPT_ONLY */
@ -609,10 +607,6 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
bio = bio->next;
}
if (frmt != NULL) {
XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
/* info cb, user can override return value */
if (front != NULL && front->infoCb != NULL) {
ret = (int)front->infoCb(front,
@ -620,6 +614,10 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
(const char*)data, 0, 0, ret);
}
if (frmt != NULL) {
XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
}
if (retB64 != 0)
return retB64;
else
@ -1527,6 +1525,7 @@ void* wolfSSL_BIO_get_data(WOLFSSL_BIO* bio)
*/
long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
{
int ret = 0;
#ifndef WOLFSSL_DTLS
(void)on;
#endif
@ -1538,9 +1537,9 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
{
int flag = XFCNTL(bio->num, F_GETFL, 0);
if (on)
XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK);
ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK);
else
XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK);
ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK);
}
#endif
break;
@ -1554,8 +1553,10 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
WOLFSSL_MSG("Unsupported bio type for non blocking");
break;
}
return 1;
if (ret != -1)
return 1;
else
return 0;
}

1
src/crl.c
View File

@ -630,6 +630,7 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
head = head->next;
FreeCRL_Entry(current, heap);
}
return NULL;
}
current = current->next;

5
src/internal.c
View File

@ -19215,7 +19215,7 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
int i;
unsigned long len;
const char* nameDelim;
/* Support trailing : */
nameDelim = XSTRSTR(name, ":");
if (nameDelim)
@ -26933,6 +26933,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef WOLFSSL_EXTRA_ALERTS
SendAlert(ssl, alert_fatal, handshake_failure);
#endif
#ifdef HAVE_EXT_CACHE
wolfSSL_SESSION_free(session);
#endif
return EXT_MASTER_SECRET_NEEDED_E;
}
#ifdef HAVE_EXT_CACHE

2
src/keys.c
View File

@ -3385,7 +3385,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side)
/* Initialize the AES-GCM/CCM explicit IV to a zero. */
#ifdef WOLFSSL_DTLS
if (scr_copy)
XMEMCPY(ssl->keys.aead_exp_IV,
XMEMMOVE(ssl->keys.aead_exp_IV,
keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
#endif
XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ);

50
src/ssl.c
View File

@ -2508,7 +2508,7 @@ WOLFSSL_ABI
int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
word32 protocol_name_listSz, byte options)
{
char *list, *ptr, *token[WOLFSSL_MAX_ALPN_NUMBER]={NULL};
char *list, *ptr, *token[WOLFSSL_MAX_ALPN_NUMBER+1]={NULL};
word16 len;
int idx = 0;
int ret = WOLFSSL_FAILURE;
@ -8430,6 +8430,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
wolfSSL_ASN1_OBJECT_free(ext->obj);
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(&cert);
XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return NULL;
}
ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
@ -8499,7 +8500,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
int nid;
const int sz = CTC_NAME_SIZE*2;
int rc = WOLFSSL_FAILURE;
char tmp[CTC_NAME_SIZE*2];
char tmp[CTC_NAME_SIZE*2] = {0};
WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print");
if ((out == NULL) || (ext == NULL)) {
@ -8514,7 +8515,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
}
str = wolfSSL_X509_EXTENSION_get_data(ext);
if (obj == NULL) {
if (str == NULL) {
WOLFSSL_MSG("Error getting ASN1_STRING from X509_EXTENSION");
return rc;
}
@ -8638,7 +8639,7 @@ const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
WOLFSSL_MSG("Failed to get nid from passed extension object");
return NULL;
}
XMEMSET(&method, 0, sizeof(WOLFSSL_v3_ext_method));
switch (nid) {
case NID_basic_constraints:
break;
@ -11539,7 +11540,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT
/* do not send buffered or advance state if last error was an
/* do not send buffered or advance state if last error was an
async pending operation */
&& ssl->error != WC_PENDING_E
#endif
@ -11951,7 +11952,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT
/* do not send buffered or advance state if last error was an
/* do not send buffered or advance state if last error was an
async pending operation */
&& ssl->error != WC_PENDING_E
#endif
@ -16568,7 +16569,12 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
WOLFSSL_ENTER("DES_ncbc_encrypt");
/* OpenSSL compat, no ret */
wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
if (wc_Des_SetKey(&myDes, (const byte*)schedule,
(const byte*)ivec, !enc) != 0) {
WOLFSSL_MSG("wc_Des_SetKey return error.");
return;
}
lb_sz = length%DES_BLOCK_SIZE;
blk = length/DES_BLOCK_SIZE;
idx -= sizeof(DES_cblock);
@ -23741,7 +23747,7 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)asnTime, buf,
sizeof(buf)) == NULL) {
XMEMSET(buf, 0, MAX_TIME_STRING_SZ);
XMEMCPY(buf, "Bad time value", 14);
XSTRNCPY(buf, "Bad time value", sizeof(buf)-1);
ret = WOLFSSL_FAILURE;
}
@ -30419,6 +30425,7 @@ int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key,
int wolfSSL_HmacCopy(Hmac* des, Hmac* src)
{
void* heap;
int ret;
#ifndef HAVE_FIPS
heap = src->heap;
@ -30433,36 +30440,36 @@ int wolfSSL_HmacCopy(Hmac* des, Hmac* src)
switch (src->macType) {
#ifndef NO_MD5
case WC_MD5:
wc_Md5Copy(&src->hash.md5, &des->hash.md5);
ret = wc_Md5Copy(&src->hash.md5, &des->hash.md5);
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case WC_SHA:
wc_ShaCopy(&src->hash.sha, &des->hash.sha);
ret = wc_ShaCopy(&src->hash.sha, &des->hash.sha);
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case WC_SHA224:
wc_Sha224Copy(&src->hash.sha224, &des->hash.sha224);
ret = wc_Sha224Copy(&src->hash.sha224, &des->hash.sha224);
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case WC_SHA256:
wc_Sha256Copy(&src->hash.sha256, &des->hash.sha256);
ret = wc_Sha256Copy(&src->hash.sha256, &des->hash.sha256);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
wc_Sha384Copy(&src->hash.sha384, &des->hash.sha384);
ret = wc_Sha384Copy(&src->hash.sha384, &des->hash.sha384);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
wc_Sha512Copy(&src->hash.sha512, &des->hash.sha512);
ret = wc_Sha512Copy(&src->hash.sha512, &des->hash.sha512);
break;
#endif /* WOLFSSL_SHA512 */
@ -30470,6 +30477,9 @@ int wolfSSL_HmacCopy(Hmac* des, Hmac* src)
return WOLFSSL_FAILURE;
}
if (ret != 0)
return WOLFSSL_FAILURE;
XMEMCPY((byte*)des->ipad, (byte*)src->ipad, WC_HMAC_BLOCK_SIZE);
XMEMCPY((byte*)des->opad, (byte*)src->opad, WC_HMAC_BLOCK_SIZE);
XMEMCPY((byte*)des->innerHash, (byte*)src->innerHash, WC_MAX_DIGEST_SIZE);
@ -41001,7 +41011,7 @@ void wolfSSL_print_all_errors_fp(XFILE fp)
}
#endif /* !NO_FILESYSTEM */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX ||
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX ||
HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH */
@ -41701,7 +41711,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
{
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
int count = 0, len = 0, totalSz = 0, tmpSz = 0;
char tmp[ASN_NAME_MAX];
char tmp[ASN_NAME_MAX+1];
char fullName[ASN_NAME_MAX];
const char *buf = NULL;
WOLFSSL_X509_NAME_ENTRY* ne;
@ -42988,7 +42998,8 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
int ret = 0;
while (1) {
if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) {
ret = wc_PeekErrorNode(-1, file, NULL, line);
if (ret == BAD_MUTEX_E || ret == BAD_FUNC_ARG || ret == BAD_STATE_E) {
WOLFSSL_MSG("Issue peeking at error node in queue");
return 0;
}
@ -44564,7 +44575,10 @@ WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
ret = GetInt(&mpi, ai->data, &idx, ai->dataMax);
if (ret != 0) {
#ifdef WOLFSSL_QT
mp_init(&mpi); /* must init mpi */
ret = mp_init(&mpi); /* must init mpi */
if (ret != MP_OKAY) {
return NULL;
}
/* Serial number in QT starts at index 0 of data */
if (mp_read_unsigned_bin(&mpi, (byte*)ai->data, ai->length) != 0) {
mp_clear(&mpi);

11
src/tls.c
View File

@ -3039,8 +3039,6 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (length == 0)
return 0;
if (length < ENUM_LEN)
return BUFFER_ERROR;
status_type = input[offset++];
@ -3841,13 +3839,10 @@ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
return;
#endif
}
else {
#ifdef HAVE_FFDHE
return;
#endif
}
}
#ifdef HAVE_FFDHE
return;
#endif
/* turns semaphore on to avoid sending this extension. */
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS));
}

11
src/tls13.c
View File

@ -7216,12 +7216,13 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
{
int ret = 0;
word32 inputLength;
byte type;
word32 size = 0;
WOLFSSL_ENTER("DoTls13HandShakeMsg()");
if (ssl->arrays == NULL) {
byte type;
word32 size;
if (GetHandshakeHeader(ssl, input, inOutIdx, &type, &size,
totalSz) != 0) {
@ -7238,8 +7239,6 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* If there is a pending fragmented handshake message,
* pending message size will be non-zero. */
if (ssl->arrays->pendingMsgSz == 0) {
byte type;
word32 size;
if (GetHandshakeHeader(ssl,input, inOutIdx, &type, &size, totalSz) != 0)
return PARSE_ERROR;
@ -7339,7 +7338,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT
/* do not send buffered or advance state if last error was an
/* do not send buffered or advance state if last error was an
async pending operation */
&& ssl->error != WC_PENDING_E
#endif
@ -8065,7 +8064,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
if (ssl->buffers.outputBuffer.length > 0
#ifdef WOLFSSL_ASYNC_CRYPT
/* do not send buffered or advance state if last error was an
/* do not send buffered or advance state if last error was an
async pending operation */
&& ssl->error != WC_PENDING_E
#endif

115
tests/api.c
View File

@ -2098,8 +2098,8 @@ static void test_wolfSSL_ECDSA_SIG(void)
unsigned char outSig[8];
unsigned char sigData[8] =
{ 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
AssertNull(wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData)));
sig = wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData));
AssertNull(sig);
cp = sigData;
AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
AssertIntEQ((cp == sigData + 8), 1);
@ -12995,6 +12995,7 @@ static int test_RsaDecryptBoundsCheck(void)
WC_RNG rng;
printf(testingFmt, "RSA decrypt bounds check");
XMEMSET(&rng, 0, sizeof(rng));
ret = wc_InitRng(&rng);
@ -13126,6 +13127,8 @@ static int test_wc_RsaKeyToDer (void)
/* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
+ 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
#endif
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
@ -13231,6 +13234,9 @@ static int test_wc_RsaKeyToPublicDer (void)
word32 derLen = 290;
#endif
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = WOLFSSL_FATAL_ERROR;
@ -14461,6 +14467,8 @@ static int test_wc_MakeDsaKey (void)
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey genKey;
WC_RNG rng;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -14558,7 +14566,10 @@ static int test_wc_DsaKeyToDer (void)
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
#endif
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_InitDsaKey(&genKey);
@ -14966,6 +14977,8 @@ static int test_wc_DsaExportKeyRaw (void)
word32 xOutSz, yOutSz;
printf(testingFmt, "wc_DsaExportKeyRaw()");
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -18059,6 +18072,9 @@ static int test_wc_ecc_check_key (void)
WC_RNG rng;
ecc_key key;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
@ -18154,6 +18170,9 @@ static int test_wc_ecc_size (void)
WC_RNG rng;
ecc_key key;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
@ -18233,7 +18252,7 @@ static int test_wc_ecc_signVerify_hash (void)
/* Init stack var */
XMEMSET(sig, 0, siglen);
XMEMSET(&key, 0, sizeof(ecc_key));
XMEMSET(&key, 0, sizeof(key));
/* Init structs. */
ret = wc_InitRng(&rng);
@ -18343,6 +18362,9 @@ static int test_wc_ecc_shared_secret (void)
/* Initialize variables. */
XMEMSET(out, 0, keySz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&pubKey, 0, sizeof(pubKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -18413,6 +18435,8 @@ static int test_wc_ecc_export_x963 (void)
/* Initialize variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -18482,6 +18506,8 @@ static int test_wc_ecc_export_x963_ex (void)
/* Init stack variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -18582,6 +18608,10 @@ static int test_wc_ecc_import_x963 (void)
/* Init stack variables. */
XMEMSET(x963, 0, x963Len);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&pubKey, 0, sizeof(pubKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&pubKey);
@ -18653,6 +18683,9 @@ static int ecc_import_private_key (void)
/* Init stack variables. */
XMEMSET(privKey, 0, privKeySz);
XMEMSET(x963Key, 0, x963KeySz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&keyImp, 0, sizeof(keyImp));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -18725,6 +18758,8 @@ static int test_wc_ecc_export_private_only (void)
/* Init stack variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -19006,6 +19041,8 @@ static int test_wc_ecc_sig_size (void)
WC_RNG rng;
int keySz = KEY16;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
@ -19281,6 +19318,9 @@ static int test_wc_ecc_encryptDecrypt (void)
/* Init stack variables. */
XMEMSET(out, 0, outSz);
XMEMSET(plain, 0, plainSz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&srvKey, 0, sizeof(srvKey));
XMEMSET(&cliKey, 0, sizeof(cliKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -19427,6 +19467,8 @@ static int test_wc_ecc_pointFns (void)
/* Init stack variables. */
XMEMSET(der, 0, derSz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -19600,7 +19642,9 @@ static int test_wc_ecc_shared_secret_ssh (void)
/* Init stack variables. */
XMEMSET(secret, 0, secretLen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&key2, 0, sizeof(key2));
/* Make keys */
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -19894,6 +19938,8 @@ static int test_wc_ecc_is_valid_idx (void)
int iVal = -2;
int iVal2 = 3000;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
@ -22951,7 +22997,8 @@ static void test_wolfSSL_PEM_PrivateKey(void)
XFCLOSE(file);
/* Test using BIO new mem and loading PEM private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
bio = BIO_new_mem_buf(buf, (int)sz);
AssertNotNull(bio);
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
@ -23832,8 +23879,9 @@ static void test_wolfSSL_EVP_MD_ecc_signing(void)
printf(testingFmt, "wolfSSL_EVP_MD_ecc_signing()");
cp = ecc_clikey_der_256;
AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
sizeof_ecc_clikey_der_256)));
privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
sizeof_ecc_clikey_der_256);
AssertNotNull(privKey);
p = ecc_clikeypub_der_256;
AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
sizeof_ecc_clikeypub_der_256)));
@ -23934,7 +23982,8 @@ static void test_wolfSSL_CTX_add_extra_chain_cert(void)
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile,
SSL_FILETYPE_PEM));
#endif
AssertNotNull(pkey = X509_get_pubkey(ecX509));
pkey = X509_get_pubkey(ecX509);
AssertNotNull(pkey);
/* current ECC key is 256 bit (32 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 32);
@ -24150,7 +24199,8 @@ static void test_wolfSSL_X509_STORE_CTX(void)
AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
#ifdef OPENSSL_ALL
/* sk_X509_new only in OPENSSL_ALL */
AssertNotNull(sk = sk_X509_new());
sk = sk_X509_new();
AssertNotNull(sk);
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
#else
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
@ -24426,8 +24476,8 @@ static void test_wolfSSL_CTX_add_client_CA(void)
printf(testingFmt, "wolfSSL_CTX_add_client_CA()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
/* Add client cert */
AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
AssertNotNull(x509);
ret = SSL_CTX_add_client_CA(ctx, x509);
AssertIntEQ(ret, SSL_SUCCESS);
AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
@ -24723,8 +24773,8 @@ static void test_wolfSSL_BN(void)
AssertNotNull(d = BN_new());
value[0] = 0x03;
AssertNotNull(ai = ASN1_INTEGER_new());
ai = ASN1_INTEGER_new();
AssertNotNull(ai);
/* at the moment hard setting since no set function */
ai->data[0] = 0x02; /* tag for ASN_INTEGER */
ai->data[1] = 0x01; /* length of integer */
@ -25206,9 +25256,11 @@ static void test_wolfSSL_set_options(void)
SSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
ctx = SSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
ctx = SSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
@ -26700,8 +26752,8 @@ static void test_wolfSSL_OBJ(void)
*/
AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
OPENSSL_free(buf_dyn);
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
bio = BIO_new(BIO_s_mem());
AssertTrue(bio != NULL);
for (j = 0; j < numNames; j++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
@ -26722,7 +26774,8 @@ static void test_wolfSSL_OBJ(void)
AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", &pkey, &x509, NULL)) > 0);
wc_PKCS12_free(p12);
EVP_PKEY_free(pkey);
AssertNotNull((x509Name = X509_get_issuer_name(x509)) != NULL);
x509Name = X509_get_issuer_name(x509);
AssertNotNull(x509Name);
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
for (j = 0; j < numNames; j++)
@ -27326,7 +27379,8 @@ static void test_wolfSSL_BIO_should_retry(void)
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
/* force retry */
AssertNotNull(ssl = wolfSSL_new(ctx));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
wolfSSL_SSLSetIORecv(ssl, forceWantRead);
@ -28554,8 +28608,8 @@ static void test_wolfSSL_DH_1536_prime(void)
};
printf(testingFmt, "wolfSSL_DH_1536_prime()");
AssertNotNull(bn = get_rfc3526_prime_1536(NULL));
bn = get_rfc3526_prime_1536(NULL);
AssertNotNull(bn);
AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
AssertIntEQ(0, XMEMCMP(expected, bits, sz));
@ -29461,9 +29515,10 @@ static void test_wolfSSL_get_ciphers_compat(void)
const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
printf(testingFmt, "wolfSSL_get_ciphers_compat");
AssertNotNull(method = SSLv23_client_method());
AssertNotNull(ctx = SSL_CTX_new(method));
method = SSLv23_client_method();
AssertNotNull(method);
ctx = SSL_CTX_new(method);
AssertNotNull(ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
SSL_CTX_set_verify_depth(ctx, 4);
@ -31478,8 +31533,8 @@ static void test_wolfSSL_EVP_PKEY_sign(void)
size_t rsaKeySz = 2048/8; /* Bytes */
printf(testingFmt, "wolfSSL_EVP_PKEY_sign()");
AssertNotNull(sig = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
sig = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertNotNull(sig);
XMEMSET(sig, 0, rsaKeySz);
AssertNotNull(sigVerify = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(sigVerify, 0, rsaKeySz);
@ -33753,9 +33808,11 @@ static void test_stubs_are_stubs()
WOLFSSL_CTX* ctx = NULL;
WOLFSSL_CTX* ctxN = NULL;
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#elif !defined(NO_WOLFSSL_SERVER)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
return;
#endif

2
wolfcrypt/src/evp.c
View File

@ -856,7 +856,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
if (ret == WOLFSSL_SUCCESS) {
/* reset cipher state after final */
wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1);
ret = wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1);
}
return ret;
}

1
wolfcrypt/src/pkcs12.c
View File

@ -2122,6 +2122,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert,
XFREE(certBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (ret < 0) {
WOLFSSL_LEAVE("wc_PKCS12_create()", ret);
XFREE(certCi, heap, DYNAMIC_TYPE_TMP_BUFFER);
return NULL;
}
*certCiSz = ret;

23
wolfcrypt/test/test.c
View File

@ -14443,6 +14443,7 @@ int dh_test(void)
(void)tmp;
(void)bytes;
XMEMSET(&rng, 0, sizeof(rng));
/* Use API for coverage. */
ret = wc_InitDhKey(&key);
if (ret != 0) {
@ -17214,13 +17215,17 @@ int openssl_evpSig_test(void)
verf = EVP_MD_CTX_create();
if((sign == NULL)||(verf == NULL)){
printf("error with EVP_MD_CTX_create\n");
EVP_MD_CTX_destroy(sign);
EVP_MD_CTX_destroy(verf);
return ERR_BASE_EVPSIG-10;
}
ret = EVP_SignInit(sign, EVP_sha1());
if(ret != SSL_SUCCESS){
printf("error with EVP_SignInit\n");
return ERR_BASE_EVPSIG-11;
if (ret != SSL_SUCCESS){
printf("error with EVP_SignInit\n");
EVP_MD_CTX_destroy(sign);
EVP_MD_CTX_destroy(verf);
return ERR_BASE_EVPSIG-11;
}
count = sizeof(msg);
@ -17232,6 +17237,10 @@ int openssl_evpSig_test(void)
ret1 = EVP_SignUpdate(sign, pt, count);
ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
EVP_MD_CTX_destroy(sign);
EVP_MD_CTX_destroy(verf);
printf("error with EVP_MD_CTX_create\n");
return ERR_BASE_EVPSIG-12;
}
@ -17242,12 +17251,18 @@ int openssl_evpSig_test(void)
ret1 = EVP_VerifyInit(verf, EVP_sha1());
ret2 = EVP_VerifyUpdate(verf, pt, count);
if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
EVP_MD_CTX_destroy(sign);
EVP_MD_CTX_destroy(verf);
printf("error with EVP_Verify\n");
return ERR_BASE_EVPSIG-13;
}
if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
EVP_MD_CTX_destroy(sign);
EVP_MD_CTX_destroy(verf);
printf("error with EVP_VerifyFinal\n");
return ERR_BASE_EVPSIG-14;
}
@ -17257,6 +17272,8 @@ int openssl_evpSig_test(void)
if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
EVP_MD_CTX_destroy(sign);
EVP_MD_CTX_destroy(verf);
printf("EVP_VerifyInit without update not detected\n");
return ERR_BASE_EVPSIG-15;
}