From 37bc497f219d23763d09330fec2e4e9cb0b8ca1c Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 3 Dec 2015 12:37:49 -0800 Subject: [PATCH] fix merge conflict --- src/internal.c | 880 +++++++++++++++++++++++++++++++------------------ 1 file changed, 556 insertions(+), 324 deletions(-) diff --git a/src/internal.c b/src/internal.c index e7f52953f..5e0eae51e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10620,17 +10620,21 @@ static void PickHashSigAlgo(WOLFSSL* ssl, AddLateName("ServerKeyExchange", &ssl->timeoutInfo); #endif + switch (ssl->specs.kea) + { #ifndef NO_PSK - if (ssl->specs.kea == psk_kea) { - - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + case psk_kea: + { + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &length); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) + if ((*inOutIdx - begin) + length > size) { return BUFFER_ERROR; + } XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, min(length, MAX_PSK_ID_LEN)); @@ -10649,8 +10653,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, /* if qshSz is larger than 0 it is the length of buffer used */ if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size, 0)) < 0) + size, 0)) < 0) { return qshSz; + } *inOutIdx += qshSz; } else { @@ -10665,155 +10670,182 @@ static void PickHashSigAlgo(WOLFSSL* ssl, } #endif #ifndef NO_DH - if (ssl->specs.kea == diffie_hellman_kea) + case diffie_hellman_kea: { - /* p */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; + /* p */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { + return BUFFER_ERROR; + } - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; + if ((*inOutIdx - begin) + length > size) { + return BUFFER_ERROR; + } - if (length < ssl->options.minDhKeySz) { - WOLFSSL_MSG("Server using a DH key that is too small"); - SendAlert(ssl, alert_fatal, handshake_failure); - return DH_KEY_SIZE_E; - } + if (length < ssl->options.minDhKeySz) { + WOLFSSL_MSG("Server using a DH key that is too small"); + SendAlert(ssl, alert_fatal, handshake_failure); + return DH_KEY_SIZE_E; + } - ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); + ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, + DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_P.buffer) - ssl->buffers.serverDH_P.length = length; - else - return MEMORY_ERROR; + if (ssl->buffers.serverDH_P.buffer) { + ssl->buffers.serverDH_P.length = length; + } + else { + return MEMORY_ERROR; + } - XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); - *inOutIdx += length; + XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); + *inOutIdx += length; - ssl->options.dhKeySz = length; + ssl->options.dhKeySz = length; - /* g */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; + /* g */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { + return BUFFER_ERROR; + } - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; + if ((*inOutIdx - begin) + length > size) { + return BUFFER_ERROR; + } - ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); + ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, + DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_G.buffer) - ssl->buffers.serverDH_G.length = length; - else - return MEMORY_ERROR; + if (ssl->buffers.serverDH_G.buffer) { + ssl->buffers.serverDH_G.length = length; + } + else { + return MEMORY_ERROR; + } - XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); - *inOutIdx += length; + XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); + *inOutIdx += length; - /* pub */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) - return BUFFER_ERROR; + /* pub */ + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { + return BUFFER_ERROR; + } - ato16(input + *inOutIdx, &length); - *inOutIdx += OPAQUE16_LEN; + ato16(input + *inOutIdx, &length); + *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; + if ((*inOutIdx - begin) + length > size) { + return BUFFER_ERROR; + } - ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, - DYNAMIC_TYPE_DH); + ssl->buffers.serverDH_Pub.buffer = + (byte*) XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Pub.buffer) - ssl->buffers.serverDH_Pub.length = length; - else - return MEMORY_ERROR; + if (ssl->buffers.serverDH_Pub.buffer) { + ssl->buffers.serverDH_Pub.length = length; + } + else { + return MEMORY_ERROR; + } - XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); - *inOutIdx += length; + XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, + length); + *inOutIdx += length; + break; } /* dh_kea */ #endif /* NO_DH */ #ifdef HAVE_ECC - if (ssl->specs.kea == ecc_diffie_hellman_kea) + case ecc_diffie_hellman_kea: { - byte b; + byte b; - if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN + OPAQUE8_LEN > size) - return BUFFER_ERROR; - - b = input[(*inOutIdx)++]; - - if (b != named_curve) - return ECC_CURVETYPE_ERROR; - - *inOutIdx += 1; /* curve type, eat leading 0 */ - b = input[(*inOutIdx)++]; - - if (CheckCurveId(b) != 0) { - return ECC_CURVE_ERROR; - } - - length = input[(*inOutIdx)++]; - - if ((*inOutIdx - begin) + length > size) - return BUFFER_ERROR; - - if (ssl->peerEccKey == NULL) { - /* alloc/init on demand */ - ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), - ssl->ctx->heap, DYNAMIC_TYPE_ECC); - if (ssl->peerEccKey == NULL) { - WOLFSSL_MSG("PeerEccKey Memory error"); - return MEMORY_E; + if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN + + OPAQUE8_LEN > size) { + return BUFFER_ERROR; } - wc_ecc_init(ssl->peerEccKey); - } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ - wc_ecc_free(ssl->peerEccKey); - ssl->peerEccKeyPresent = 0; - wc_ecc_init(ssl->peerEccKey); - } - if (wc_ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey) != 0) - return ECC_PEERKEY_ERROR; + b = input[(*inOutIdx)++]; - *inOutIdx += length; - ssl->peerEccKeyPresent = 1; + if (b != named_curve) { + return ECC_CURVETYPE_ERROR; + } + + *inOutIdx += 1; /* curve type, eat leading 0 */ + b = input[(*inOutIdx)++]; + + if (CheckCurveId(b) != 0) { + return ECC_CURVE_ERROR; + } + + length = input[(*inOutIdx)++]; + + if ((*inOutIdx - begin) + length > size) { + return BUFFER_ERROR; + } + + if (ssl->peerEccKey == NULL) { + /* alloc/init on demand */ + ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), + ssl->ctx->heap, DYNAMIC_TYPE_ECC); + if (ssl->peerEccKey == NULL) { + WOLFSSL_MSG("PeerEccKey Memory error"); + return MEMORY_E; + } + wc_ecc_init(ssl->peerEccKey); + } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ + wc_ecc_free(ssl->peerEccKey); + ssl->peerEccKeyPresent = 0; + wc_ecc_init(ssl->peerEccKey); + } + + if (wc_ecc_import_x963(input + *inOutIdx, length, + ssl->peerEccKey) != 0) { + return ECC_PEERKEY_ERROR; + } + + *inOutIdx += length; + ssl->peerEccKeyPresent = 1; + + break; } #endif /* HAVE_ECC */ #if !defined(NO_DH) && !defined(NO_PSK) - if (ssl->specs.kea == dhe_psk_kea) { - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + case dhe_psk_kea: + { + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &length); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) + if ((*inOutIdx - begin) + length > size) { return BUFFER_ERROR; + } XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, - min(length, MAX_PSK_ID_LEN)); + min(length, MAX_PSK_ID_LEN)); ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0; *inOutIdx += length; /* p */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &length); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) + if ((*inOutIdx - begin) + length > size) { return BUFFER_ERROR; + } if (length < ssl->options.minDhKeySz) { WOLFSSL_MSG("Server using a DH key that is too small"); @@ -10821,13 +10853,15 @@ static void PickHashSigAlgo(WOLFSSL* ssl, return DH_KEY_SIZE_E; } - ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, + ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_P.buffer) + if (ssl->buffers.serverDH_P.buffer) { ssl->buffers.serverDH_P.length = length; - else + } + else { return MEMORY_ERROR; + } XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); *inOutIdx += length; @@ -10835,48 +10869,59 @@ static void PickHashSigAlgo(WOLFSSL* ssl, ssl->options.dhKeySz = length; /* g */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &length); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) + if ((*inOutIdx - begin) + length > size) { return BUFFER_ERROR; + } ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_G.buffer) + if (ssl->buffers.serverDH_G.buffer) { ssl->buffers.serverDH_G.length = length; - else + } + else { return MEMORY_ERROR; + } XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); *inOutIdx += length; /* pub */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &length); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) + if ((*inOutIdx - begin) + length > size) { return BUFFER_ERROR; + } ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Pub.buffer) + if (ssl->buffers.serverDH_Pub.buffer) { ssl->buffers.serverDH_Pub.length = length; - else + } + else { return MEMORY_ERROR; + } XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); *inOutIdx += length; + + break; } #endif /* !NO_DH || !NO_PSK */ + } /* switch() */ #if !defined(NO_DH) || defined(HAVE_ECC) if (!ssl->options.usingAnon_cipher && @@ -10949,22 +10994,25 @@ static void PickHashSigAlgo(WOLFSSL* ssl, (void)hashAlgo; /* save message for hash verify */ - if (verifySz > MAX_DH_SZ) + if (verifySz > MAX_DH_SZ) { ERROR_OUT(BUFFER_ERROR, done); + } #ifdef WOLFSSL_SMALL_STACK messageVerify = (byte*)XMALLOC(MAX_DH_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (messageVerify == NULL) + if (messageVerify == NULL) { ERROR_OUT(MEMORY_E, done); + } #endif XMEMCPY(messageVerify, input + begin, verifySz); if (IsAtLeastTLSv1_2(ssl)) { byte setHash = 0; - if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) + if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) { ERROR_OUT(BUFFER_ERROR, done); + } hashAlgo = input[(*inOutIdx)++]; sigAlgo = input[(*inOutIdx)++]; @@ -11019,22 +11067,25 @@ static void PickHashSigAlgo(WOLFSSL* ssl, } /* signature */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { ERROR_OUT(BUFFER_ERROR, done); + } ato16(input + *inOutIdx, &length); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + length > size) + if ((*inOutIdx - begin) + length > size) { ERROR_OUT(BUFFER_ERROR, done); + } /* inOutIdx updated at the end of the function */ /* verify signature */ #ifdef WOLFSSL_SMALL_STACK hash = (byte*)XMALLOC(FINISHED_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (hash == NULL) + if (hash == NULL) { ERROR_OUT(MEMORY_E, done); + } #endif #ifndef NO_OLD_TLS @@ -11042,8 +11093,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #ifdef WOLFSSL_SMALL_STACK if (doMd5) { md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5 == NULL) + if (md5 == NULL) { ERROR_OUT(MEMORY_E, done); + } } #endif if (doMd5) { @@ -11057,13 +11109,16 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #ifdef WOLFSSL_SMALL_STACK if (doSha) { sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) + if (sha == NULL) { ERROR_OUT(MEMORY_E, done); + } } #endif if (doSha) { ret = wc_InitSha(sha); - if (ret != 0) goto done; + if (ret != 0) { + goto done; + } wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); wc_ShaUpdate(sha, messageVerify, verifySz); @@ -11078,8 +11133,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, DYNAMIC_TYPE_TMP_BUFFER); hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL || hash256 == NULL) + if (sha256 == NULL || hash256 == NULL) { ERROR_OUT(MEMORY_E, done); + } } #endif if (doSha256) { @@ -11088,9 +11144,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl, RAN_LEN)) && !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz))) + && !(ret = wc_Sha256Update(sha256, messageVerify, verifySz))) { ret = wc_Sha256Final(sha256, hash256); - if (ret != 0) goto done; + } + if (ret != 0) { + goto done; + } } #endif @@ -11101,8 +11160,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, DYNAMIC_TYPE_TMP_BUFFER); hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL || hash384 == NULL) + if (sha384 == NULL || hash384 == NULL) { ERROR_OUT(MEMORY_E, done); + } } #endif if (doSha384) { @@ -11111,9 +11171,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl, RAN_LEN)) && !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz))) + && !(ret = wc_Sha384Update(sha384, messageVerify, verifySz))) { ret = wc_Sha384Final(sha384, hash384); - if (ret != 0) goto done; + } + if (ret != 0) { + goto done; + } } #endif @@ -11124,8 +11187,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, DYNAMIC_TYPE_TMP_BUFFER); hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL || hash512 == NULL) + if (sha512 == NULL || hash512 == NULL) { ERROR_OUT(MEMORY_E, done); + } } #endif if (doSha512) { @@ -11134,15 +11198,20 @@ static void PickHashSigAlgo(WOLFSSL* ssl, RAN_LEN)) && !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, RAN_LEN)) - && !(ret = wc_Sha512Update(sha512, messageVerify, verifySz))) + && !(ret = wc_Sha512Update(sha512, messageVerify, verifySz))) { ret = wc_Sha512Final(sha512, hash512); - if (ret != 0) goto done; + } + if (ret != 0) { + goto done; + } } #endif + switch (sigAlgo) + { #ifndef NO_RSA /* rsa */ - if (sigAlgo == rsa_sa_algo) + case rsa_sa_algo: { byte* out = NULL; byte doUserRsa = 0; @@ -11153,8 +11222,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, doUserRsa = 1; #endif /*HAVE_PK_CALLBACKS */ - if (ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent) + if (ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent) { ERROR_OUT(NO_PEER_KEY, done); + } if (doUserRsa) { #ifdef HAVE_PK_CALLBACKS @@ -11166,9 +11236,10 @@ static void PickHashSigAlgo(WOLFSSL* ssl, ssl->RsaVerifyCtx); #endif /*HAVE_PK_CALLBACKS */ } - else + else { verifiedSz = wc_RsaSSL_VerifyInline((byte *)input + *inOutIdx, length, &out, ssl->peerRsaKey); + } if (IsAtLeastTLSv1_2(ssl)) { word32 encSigSz; @@ -11219,31 +11290,38 @@ static void PickHashSigAlgo(WOLFSSL* ssl, #ifdef WOLFSSL_SMALL_STACK encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (encodedSig == NULL) + if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, done); + } #endif - if (digest == NULL) + if (digest == NULL) { ERROR_OUT(ALGO_ID_E, done); + } encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH); if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig, - min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) + min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) { ret = VERIFY_SIGN_ERROR; + } #ifdef WOLFSSL_SMALL_STACK XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret != 0) + if (ret != 0) { goto done; + } } else if (verifiedSz != FINISHED_SZ || !out || XMEMCMP(out, - hash, FINISHED_SZ) != 0) + hash, FINISHED_SZ) != 0) { ERROR_OUT(VERIFY_SIGN_ERROR, done); - } else + } + break; + } #endif #ifdef HAVE_ECC /* ecdsa */ - if (sigAlgo == ecc_dsa_sa_algo) { + case ecc_dsa_sa_algo: + { int verify = 0; #ifndef NO_OLD_TLS byte* digest = &hash[MD5_DIGEST_SIZE]; @@ -11255,8 +11333,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, byte doUserEcc = 0; #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->EccVerifyCb) + if (ssl->ctx->EccVerifyCb) { doUserEcc = 1; + } #endif if (!ssl->peerEccDsaKeyPresent) @@ -11301,12 +11380,15 @@ static void PickHashSigAlgo(WOLFSSL* ssl, ret = wc_ecc_verify_hash(input + *inOutIdx, length, digest, digestSz, &verify, ssl->peerEccDsaKey); } - if (ret != 0 || verify == 0) + if (ret != 0 || verify == 0) { ERROR_OUT(VERIFY_SIGN_ERROR, done); + } + break; } - else #endif /* HAVE_ECC */ + default: ERROR_OUT(ALGO_ID_E, done); + } /* switch (sigAlgo) */ /* signature length */ *inOutIdx += length; @@ -11334,8 +11416,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(messageVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret != 0) + if (ret != 0) { return ret; + } } if (IsEncryptionOn(ssl, 0)) { @@ -11353,8 +11436,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl, if (name == TLSX_QUANTUM_SAFE_HYBRID) { /* if qshSz is larger than 0 it is the length of buffer used */ if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size, 0)) < 0) + size, 0)) < 0) { return qshSz; + } *inOutIdx += qshSz; } else { @@ -12893,8 +12977,10 @@ int DoSessionTicket(WOLFSSL* ssl, #endif + switch(ssl->specs.kea) + { #ifndef NO_PSK - if (ssl->specs.kea == psk_kea) + case psk_kea: { byte *output; word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; @@ -12903,8 +12989,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* include size part */ length = (word32)XSTRLEN(ssl->arrays->server_hint); - if (length > MAX_PSK_ID_LEN) + if (length > MAX_PSK_ID_LEN) { return SERVER_HINT_ERROR; + } length += HINT_LEN_SZ; sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -12921,8 +13008,9 @@ int DoSessionTicket(WOLFSSL* ssl, } #endif /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { + return ret; + } /* get ouput buffer */ output = ssl->buffers.outputBuffer.buffer + @@ -12943,8 +13031,9 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->peerQSHKeyPresent) { if (qshSz > 0) { idx = sendSz - qshSz; - if (QSH_KeyExchangeWrite(ssl, 1) != 0) + if (QSH_KeyExchangeWrite(ssl, 1) != 0) { return MEMORY_E; + } /* extension type */ c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx); @@ -12952,41 +13041,51 @@ int DoSessionTicket(WOLFSSL* ssl, /* write to output and check amount written */ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) + > qshSz - OPAQUE16_LEN) { return MEMORY_E; + } } } #endif #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { return ret; + } + } #endif ret = HashOutput(ssl, output, sendSz, 0); - if (ret != 0) + if (ret != 0) { return ret; + } #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) + if (ssl->hsInfoOn) { AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - if (ssl->toInfoOn) + } + if (ssl->toInfoOn) { AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, - sendSz, ssl->heap); + sendSz, ssl->heap); + } #endif ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) + if (ssl->options.groupMessages) { ret = 0; - else + } + else { ret = SendBuffered(ssl); + } ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; + break; } #endif /*NO_PSK */ #if !defined(NO_DH) && !defined(NO_PSK) - if (ssl->specs.kea == dhe_psk_kea) { + case dhe_psk_kea: + { byte *output; word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; word32 hintLen; @@ -12994,23 +13093,26 @@ int DoSessionTicket(WOLFSSL* ssl, DhKey dhKey; if (ssl->buffers.serverDH_P.buffer == NULL || - ssl->buffers.serverDH_G.buffer == NULL) + ssl->buffers.serverDH_G.buffer == NULL) { return NO_DH_PARAMS; + } if (ssl->buffers.serverDH_Pub.buffer == NULL) { ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Pub.buffer == NULL) + if (ssl->buffers.serverDH_Pub.buffer == NULL) { return MEMORY_E; + } } if (ssl->buffers.serverDH_Priv.buffer == NULL) { ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Priv.buffer == NULL) + if (ssl->buffers.serverDH_Priv.buffer == NULL) { return MEMORY_E; + } } wc_InitDhKey(&dhKey); @@ -13018,15 +13120,17 @@ int DoSessionTicket(WOLFSSL* ssl, ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length); - if (ret == 0) + if (ret == 0) { ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng, ssl->buffers.serverDH_Priv.buffer, &ssl->buffers.serverDH_Priv.length, ssl->buffers.serverDH_Pub.buffer, &ssl->buffers.serverDH_Pub.length); + } wc_FreeDhKey(&dhKey); - if (ret != 0) + if (ret != 0) { return ret; + } length = LENGTH_SZ * 3 + /* p, g, pub */ ssl->buffers.serverDH_P.length + @@ -13035,8 +13139,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* include size part */ hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); - if (hintLen > MAX_PSK_ID_LEN) + if (hintLen > MAX_PSK_ID_LEN) { return SERVER_HINT_ERROR; + } length += hintLen + HINT_LEN_SZ; sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -13052,8 +13157,9 @@ int DoSessionTicket(WOLFSSL* ssl, #endif /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; + if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { + return ret; + } /* get ouput buffer */ output = ssl->buffers.outputBuffer.buffer + @@ -13101,42 +13207,51 @@ int DoSessionTicket(WOLFSSL* ssl, /* write to output and check amount written */ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) + > qshSz - OPAQUE16_LEN) { return MEMORY_E; + } } } #endif #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { return ret; + } + } #endif ret = HashOutput(ssl, output, sendSz, 0); - if (ret != 0) + if (ret != 0) { return ret; + } #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) + if (ssl->hsInfoOn) { AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - if (ssl->toInfoOn) + } + if (ssl->toInfoOn) { AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, - sendSz, ssl->heap); + sendSz, ssl->heap); + } #endif ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) + if (ssl->options.groupMessages) { ret = 0; - else + } + else { ret = SendBuffered(ssl); + } ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; + break; } #endif /* !NO_DH && !NO_PSK */ #ifdef HAVE_ECC - if (ssl->specs.kea == ecc_diffie_hellman_kea) + case ecc_diffie_hellman_kea: { byte *output; word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; @@ -13169,7 +13284,7 @@ int DoSessionTicket(WOLFSSL* ssl, #endif if (ssl->specs.static_ecdh) { - WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchagne"); + WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchange"); return 0; } @@ -13182,7 +13297,7 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->eccTempKey == NULL) { /* alloc/init on demand */ ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key), - ssl->ctx->heap, DYNAMIC_TYPE_ECC); + ssl->ctx->heap, DYNAMIC_TYPE_ECC); if (ssl->eccTempKey == NULL) { WOLFSSL_MSG("EccTempKey Memory error"); return MEMORY_E; @@ -13199,13 +13314,15 @@ int DoSessionTicket(WOLFSSL* ssl, #ifdef WOLFSSL_SMALL_STACK exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (exportBuf == NULL) + DYNAMIC_TYPE_TMP_BUFFER); + if (exportBuf == NULL) { return MEMORY_E; + } #endif - if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) + if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) { ERROR_OUT(ECC_EXPORT_ERROR, done_a); + } length += expSz; preSigSz = length; @@ -13213,8 +13330,9 @@ int DoSessionTicket(WOLFSSL* ssl, #ifndef NO_RSA ret = wc_InitRsaKey(&rsaKey, ssl->heap); - if (ret != 0) + if (ret != 0) { goto done_a; + } #endif wc_ecc_init(&dsaKey); @@ -13236,8 +13354,9 @@ int DoSessionTicket(WOLFSSL* ssl, word32 i = 0; ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey, ssl->buffers.key.length); - if (ret != 0) + if (ret != 0) { goto done_a; + } sigSz = wc_RsaEncryptSize(&rsaKey); } else #endif @@ -13247,8 +13366,9 @@ int DoSessionTicket(WOLFSSL* ssl, word32 i = 0; ret = wc_EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, &dsaKey, ssl->buffers.key.length); - if (ret != 0) + if (ret != 0) { goto done_a; + } sigSz = wc_ecc_sig_size(&dsaKey); /* worst case estimate */ } else { @@ -13260,8 +13380,9 @@ int DoSessionTicket(WOLFSSL* ssl, } length += sigSz; - if (IsAtLeastTLSv1_2(ssl)) + if (IsAtLeastTLSv1_2(ssl)) { length += HASH_SIG_SIZE; + } sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -13366,9 +13487,10 @@ int DoSessionTicket(WOLFSSL* ssl, is */ #ifdef HAVE_FUZZER - if (ssl->fuzzerCb) - ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, FUZZ_SIGNATURE, - ssl->fuzzerCtx); + if (ssl->fuzzerCb) { + ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, + FUZZ_SIGNATURE, ssl->fuzzerCtx); + } #endif /* do signature */ @@ -13417,9 +13539,10 @@ int DoSessionTicket(WOLFSSL* ssl, #ifdef WOLFSSL_SMALL_STACK hash = (byte*)XMALLOC(FINISHED_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (hash == NULL) + DYNAMIC_TYPE_TMP_BUFFER); + if (hash == NULL) { ERROR_OUT(MEMORY_E, done_a); + } #endif #ifndef NO_OLD_TLS @@ -13428,8 +13551,9 @@ int DoSessionTicket(WOLFSSL* ssl, if (doMd5) { md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5 == NULL) + if (md5 == NULL) { ERROR_OUT(MEMORY_E, done_a2); + } } #endif if (doMd5) { @@ -13444,13 +13568,16 @@ int DoSessionTicket(WOLFSSL* ssl, if (doSha) { sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) + if (sha == NULL) { ERROR_OUT(MEMORY_E, done_a2); + } } #endif if (doSha) { ret = wc_InitSha(sha); - if (ret != 0) goto done_a2; + if (ret != 0) { + goto done_a2; + } wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); wc_ShaUpdate(sha, output + preSigIdx, preSigSz); @@ -13465,22 +13592,25 @@ int DoSessionTicket(WOLFSSL* ssl, DYNAMIC_TYPE_TMP_BUFFER); hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL || hash256 == NULL) + if (sha256 == NULL || hash256 == NULL) { ERROR_OUT(MEMORY_E, done_a2); + } } #endif if (doSha256) { if (!(ret = wc_InitSha256(sha256)) && !(ret = wc_Sha256Update(sha256, - ssl->arrays->clientRandom, RAN_LEN)) + ssl->arrays->clientRandom, RAN_LEN)) && !(ret = wc_Sha256Update(sha256, - ssl->arrays->serverRandom, RAN_LEN)) + ssl->arrays->serverRandom, RAN_LEN)) && !(ret = wc_Sha256Update(sha256, - output + preSigIdx, preSigSz))) + output + preSigIdx, preSigSz))) { ret = wc_Sha256Final(sha256, hash256); - - if (ret != 0) goto done_a2; + } + if (ret != 0) { + goto done_a2; + } } #endif @@ -13491,22 +13621,25 @@ int DoSessionTicket(WOLFSSL* ssl, DYNAMIC_TYPE_TMP_BUFFER); hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL || hash384 == NULL) + if (sha384 == NULL || hash384 == NULL) { ERROR_OUT(MEMORY_E, done_a2); + } } #endif if (doSha384) { if (!(ret = wc_InitSha384(sha384)) && !(ret = wc_Sha384Update(sha384, - ssl->arrays->clientRandom, RAN_LEN)) + ssl->arrays->clientRandom, RAN_LEN)) && !(ret = wc_Sha384Update(sha384, - ssl->arrays->serverRandom, RAN_LEN)) + ssl->arrays->serverRandom, RAN_LEN)) && !(ret = wc_Sha384Update(sha384, - output + preSigIdx, preSigSz))) + output + preSigIdx, preSigSz))) { ret = wc_Sha384Final(sha384, hash384); - - if (ret != 0) goto done_a2; + } + if (ret != 0) { + goto done_a2; + } } #endif @@ -13517,22 +13650,25 @@ int DoSessionTicket(WOLFSSL* ssl, DYNAMIC_TYPE_TMP_BUFFER); hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL || hash512 == NULL) + if (sha512 == NULL || hash512 == NULL) { ERROR_OUT(MEMORY_E, done_a2); + } } #endif if (doSha512) { if (!(ret = wc_InitSha512(sha512)) && !(ret = wc_Sha512Update(sha512, - ssl->arrays->clientRandom, RAN_LEN)) + ssl->arrays->clientRandom, RAN_LEN)) && !(ret = wc_Sha512Update(sha512, - ssl->arrays->serverRandom, RAN_LEN)) + ssl->arrays->serverRandom, RAN_LEN)) && !(ret = wc_Sha512Update(sha512, - output + preSigIdx, preSigSz))) + output + preSigIdx, preSigSz))) { ret = wc_Sha512Final(sha512, hash512); - - if (ret != 0) goto done_a2; + } + if (ret != 0) { + goto done_a2; + } } #endif @@ -13554,9 +13690,10 @@ int DoSessionTicket(WOLFSSL* ssl, #ifdef WOLFSSL_SMALL_STACK encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (encodedSig == NULL) + DYNAMIC_TYPE_TMP_BUFFER); + if (encodedSig == NULL) { ERROR_OUT(MEMORY_E, done_a2); + } #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -13613,13 +13750,13 @@ int DoSessionTicket(WOLFSSL* ssl, } else { ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx, - sigSz, &rsaKey, ssl->rng); + sigSz, &rsaKey, ssl->rng); } if (ret > 0) { /* check for signature faults */ ret = VerifyRsaSign(output + idx, ret, - signBuffer, signSz, &rsaKey); + signBuffer, signSz, &rsaKey); } wc_FreeRsaKey(&rsaKey); wc_ecc_free(&dsaKey); @@ -13628,8 +13765,9 @@ int DoSessionTicket(WOLFSSL* ssl, XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret < 0) + if (ret < 0) { goto done_a2; + } } else #endif @@ -13645,8 +13783,9 @@ int DoSessionTicket(WOLFSSL* ssl, byte doUserEcc = 0; #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC) - if (ssl->ctx->EccSignCb) + if (ssl->ctx->EccSignCb) { doUserEcc = 1; + } #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -13679,7 +13818,8 @@ int DoSessionTicket(WOLFSSL* ssl, if (doUserEcc) { #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC) ret = ssl->ctx->EccSignCb(ssl, digest, digestSz, - output + LENGTH_SZ + idx, &sz, + output + LENGTH_SZ + idx, + &sz, ssl->buffers.key.buffer, ssl->buffers.key.length, ssl->EccSignCtx); @@ -13687,15 +13827,16 @@ int DoSessionTicket(WOLFSSL* ssl, } else { ret = wc_ecc_sign_hash(digest, digestSz, - output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey); + output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey); } #ifndef NO_RSA wc_FreeRsaKey(&rsaKey); #endif wc_ecc_free(&dsaKey); - if (ret < 0) + if (ret < 0) { goto done_a2; + } /* Now that we know the real sig size, write it. */ c16toa((word16)sz, output + idx); @@ -13742,8 +13883,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* write to output and check amount written */ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) + > qshSz - OPAQUE16_LEN) { return MEMORY_E; + } } } #endif @@ -13752,27 +13894,34 @@ int DoSessionTicket(WOLFSSL* ssl, AddHeaders(output, length, server_key_exchange, ssl); #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { goto done_a; + } + } #endif - if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) + if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) { goto done_a; + } #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) + if (ssl->hsInfoOn) { AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - if (ssl->toInfoOn) + } + if (ssl->toInfoOn) { AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, sendSz, ssl->heap); + } #endif ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) + if (ssl->options.groupMessages) { ret = 0; - else + } + else { ret = SendBuffered(ssl); + } ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; done_a: @@ -13785,7 +13934,8 @@ int DoSessionTicket(WOLFSSL* ssl, #endif /* HAVE_ECC */ #if !defined(NO_DH) && !defined(NO_RSA) - if (ssl->specs.kea == diffie_hellman_kea) { + case diffie_hellman_kea: + { byte *output; word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; int sendSz; @@ -13795,23 +13945,26 @@ int DoSessionTicket(WOLFSSL* ssl, DhKey dhKey; if (ssl->buffers.serverDH_P.buffer == NULL || - ssl->buffers.serverDH_G.buffer == NULL) + ssl->buffers.serverDH_G.buffer == NULL) { return NO_DH_PARAMS; + } if (ssl->buffers.serverDH_Pub.buffer == NULL) { ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Pub.buffer == NULL) + if (ssl->buffers.serverDH_Pub.buffer == NULL) { return MEMORY_E; + } } if (ssl->buffers.serverDH_Priv.buffer == NULL) { ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, DYNAMIC_TYPE_DH); - if (ssl->buffers.serverDH_Priv.buffer == NULL) + if (ssl->buffers.serverDH_Priv.buffer == NULL) { return MEMORY_E; + } } wc_InitDhKey(&dhKey); @@ -13819,15 +13972,18 @@ int DoSessionTicket(WOLFSSL* ssl, ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length); - if (ret == 0) + if (ret == 0) { ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng, ssl->buffers.serverDH_Priv.buffer, &ssl->buffers.serverDH_Priv.length, ssl->buffers.serverDH_Pub.buffer, &ssl->buffers.serverDH_Pub.length); + } wc_FreeDhKey(&dhKey); - if (ret != 0) return ret; + if (ret != 0) { + return ret; + } length = LENGTH_SZ * 3; /* p, g, pub */ length += ssl->buffers.serverDH_P.length + @@ -13839,16 +13995,19 @@ int DoSessionTicket(WOLFSSL* ssl, if (!ssl->options.usingAnon_cipher) { ret = wc_InitRsaKey(&rsaKey, ssl->heap); - if (ret != 0) return ret; + if (ret != 0) { + return ret; + } /* sig length */ length += LENGTH_SZ; - if (!ssl->buffers.key.buffer) + if (!ssl->buffers.key.buffer) { return NO_PRIVATE_KEY; + } - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey, - ssl->buffers.key.length); + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, + &rsaKey, ssl->buffers.key.length); if (ret == 0) { sigSz = wc_RsaEncryptSize(&rsaKey); length += sigSz; @@ -13858,8 +14017,9 @@ int DoSessionTicket(WOLFSSL* ssl, return ret; } - if (IsAtLeastTLSv1_2(ssl)) + if (IsAtLeastTLSv1_2(ssl)) { length += HASH_SIG_SIZE; + } } sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; @@ -13878,8 +14038,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* check for available size */ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { - if (!ssl->options.usingAnon_cipher) + if (!ssl->options.usingAnon_cipher) { wc_FreeRsaKey(&rsaKey); + } return ret; } @@ -13911,9 +14072,10 @@ int DoSessionTicket(WOLFSSL* ssl, idx += ssl->buffers.serverDH_Pub.length; #ifdef HAVE_FUZZER - if (ssl->fuzzerCb) - ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, FUZZ_SIGNATURE, - ssl->fuzzerCtx); + if (ssl->fuzzerCb) { + ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, + FUZZ_SIGNATURE, ssl->fuzzerCtx); + } #endif /* Add signature */ @@ -14039,11 +14201,12 @@ int DoSessionTicket(WOLFSSL* ssl, /* do signature */ #ifdef WOLFSSL_SMALL_STACK hash = (byte*)XMALLOC(FINISHED_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (hash == NULL) + DYNAMIC_TYPE_TMP_BUFFER); + if (hash == NULL) { return MEMORY_E; /* No heap commitment before this point, from now on, the resources are freed at done_b. */ + } #endif #ifndef NO_OLD_TLS @@ -14052,8 +14215,9 @@ int DoSessionTicket(WOLFSSL* ssl, if (doMd5) { md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5 == NULL) + if (md5 == NULL) { ERROR_OUT(MEMORY_E, done_b); + } } #endif if (doMd5) { @@ -14069,14 +14233,16 @@ int DoSessionTicket(WOLFSSL* ssl, if (doSha) { sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha == NULL) + if (sha == NULL) { ERROR_OUT(MEMORY_E, done_b); + } } #endif if (doSha) { - if ((ret = wc_InitSha(sha)) != 0) + if ((ret = wc_InitSha(sha)) != 0) { goto done_b; + } wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); wc_ShaUpdate(sha, output + preSigIdx, preSigSz); @@ -14091,22 +14257,25 @@ int DoSessionTicket(WOLFSSL* ssl, DYNAMIC_TYPE_TMP_BUFFER); hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha256 == NULL || hash256 == NULL) + if (sha256 == NULL || hash256 == NULL) { ERROR_OUT(MEMORY_E, done_b); + } } #endif if (doSha256) { if (!(ret = wc_InitSha256(sha256)) && !(ret = wc_Sha256Update(sha256, - ssl->arrays->clientRandom, RAN_LEN)) + ssl->arrays->clientRandom, RAN_LEN)) && !(ret = wc_Sha256Update(sha256, - ssl->arrays->serverRandom, RAN_LEN)) + ssl->arrays->serverRandom, RAN_LEN)) && !(ret = wc_Sha256Update(sha256, - output + preSigIdx, preSigSz))) + output + preSigIdx, preSigSz))) { ret = wc_Sha256Final(sha256, hash256); - - if (ret != 0) goto done_b; + } + if (ret != 0) { + goto done_b; + } } #endif @@ -14116,23 +14285,26 @@ int DoSessionTicket(WOLFSSL* ssl, sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sha384 == NULL || hash384 == NULL) + DYNAMIC_TYPE_TMP_BUFFER); + if (sha384 == NULL || hash384 == NULL) { ERROR_OUT(MEMORY_E, done_b); + } } #endif if (doSha384) { if (!(ret = wc_InitSha384(sha384)) && !(ret = wc_Sha384Update(sha384, - ssl->arrays->clientRandom, RAN_LEN)) + ssl->arrays->clientRandom, RAN_LEN)) && !(ret = wc_Sha384Update(sha384, - ssl->arrays->serverRandom, RAN_LEN)) + ssl->arrays->serverRandom, RAN_LEN)) && !(ret = wc_Sha384Update(sha384, - output + preSigIdx, preSigSz))) + output + preSigIdx, preSigSz))) { ret = wc_Sha384Final(sha384, hash384); - - if (ret != 0) goto done_b; + } + if (ret != 0) { + goto done_b; + } } #endif @@ -14143,22 +14315,25 @@ int DoSessionTicket(WOLFSSL* ssl, DYNAMIC_TYPE_TMP_BUFFER); hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha512 == NULL || hash512 == NULL) + if (sha512 == NULL || hash512 == NULL) { ERROR_OUT(MEMORY_E, done_b); + } } #endif if (doSha512) { if (!(ret = wc_InitSha512(sha512)) && !(ret = wc_Sha512Update(sha512, - ssl->arrays->clientRandom, RAN_LEN)) + ssl->arrays->clientRandom, RAN_LEN)) && !(ret = wc_Sha512Update(sha512, - ssl->arrays->serverRandom, RAN_LEN)) + ssl->arrays->serverRandom, RAN_LEN)) && !(ret = wc_Sha512Update(sha512, - output + preSigIdx, preSigSz))) + output + preSigIdx, preSigSz))) { ret = wc_Sha512Final(sha512, hash512); - - if (ret != 0) goto done_b; + } + if (ret != 0) { + goto done_b; + } } #endif @@ -14174,8 +14349,9 @@ int DoSessionTicket(WOLFSSL* ssl, byte doUserRsa = 0; #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->RsaSignCb) + if (ssl->ctx->RsaSignCb) { doUserRsa = 1; + } #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -14269,7 +14445,9 @@ int DoSessionTicket(WOLFSSL* ssl, #endif #endif - if (ret < 0) return ret; + if (ret < 0) { + return ret; + } } #ifdef HAVE_QSH @@ -14284,37 +14462,49 @@ int DoSessionTicket(WOLFSSL* ssl, /* write to output and check amount written */ if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx) - > qshSz - OPAQUE16_LEN) + > qshSz - OPAQUE16_LEN) { return MEMORY_E; + } } } #endif #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) - if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) + if (ssl->options.dtls) { + if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { return ret; + } + } #endif - if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) + if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) { return ret; + } #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) + if (ssl->hsInfoOn) { AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); - if (ssl->toInfoOn) + } + if (ssl->toInfoOn) { AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, sendSz, ssl->heap); + } #endif ssl->buffers.outputBuffer.length += sendSz; - if (ssl->options.groupMessages) + if (ssl->options.groupMessages) { ret = 0; - else + } + else { ret = SendBuffered(ssl); + } ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; + break; } #endif /* NO_DH */ + default: + break; + } /* switch(ssl->specs.kea) */ return ret; #undef ERROR_OUT @@ -15564,18 +15754,21 @@ int DoSessionTicket(WOLFSSL* ssl, } #ifndef NO_CERTS - if (ssl->options.verifyPeer && ssl->options.failNoCert) + if (ssl->options.verifyPeer && ssl->options.failNoCert) { if (!ssl->options.havePeerCert) { WOLFSSL_MSG("client didn't present peer cert"); return NO_PEER_CERT; } + } #endif #ifdef WOLFSSL_CALLBACKS - if (ssl->hsInfoOn) + if (ssl->hsInfoOn) { AddPacketName("ClientKeyExchange", &ssl->handShakeInfo); - if (ssl->toInfoOn) + } + if (ssl->toInfoOn) { AddLateName("ClientKeyExchange", &ssl->timeoutInfo); + } #endif switch (ssl->specs.kea) { @@ -15587,18 +15780,22 @@ int DoSessionTicket(WOLFSSL* ssl, byte doUserRsa = 0; #ifdef HAVE_PK_CALLBACKS - if (ssl->ctx->RsaDecCb) + if (ssl->ctx->RsaDecCb) { doUserRsa = 1; + } #endif ret = wc_InitRsaKey(&key, ssl->heap); - if (ret != 0) return ret; + if (ret != 0) { + return ret; + } - if (ssl->buffers.key.buffer) - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, - &key, ssl->buffers.key.length); - else + if (!ssl->buffers.key.buffer) { return NO_PRIVATE_KEY; + } + + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, + &key, ssl->buffers.key.length); if (ret == 0) { length = wc_RsaEncryptSize(&key); @@ -15607,8 +15804,9 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->options.tls) { word16 check; - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &check); *inOutIdx += OPAQUE16_LEN; @@ -15647,8 +15845,9 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major || ssl->arrays->preMasterSecret[1] != - ssl->chVersion.minor) + ssl->chVersion.minor) { ret = PMS_VERSION_ERROR; + } else { #ifdef HAVE_QSH @@ -15662,8 +15861,9 @@ int DoSessionTicket(WOLFSSL* ssl, length of buffer used */ if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, size - *inOutIdx - + begin, 1)) < 0) + + begin, 1)) < 0) { return qshSz; + } *inOutIdx += qshSz; } else { @@ -15691,17 +15891,20 @@ int DoSessionTicket(WOLFSSL* ssl, byte* pms = ssl->arrays->preMasterSecret; word16 ci_sz; - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &ci_sz); *inOutIdx += OPAQUE16_LEN; - if (ci_sz > MAX_PSK_ID_LEN) + if (ci_sz > MAX_PSK_ID_LEN) { return CLIENT_ID_ERROR; + } - if ((*inOutIdx - begin) + ci_sz > size) + if ((*inOutIdx - begin) + ci_sz > size) { return BUFFER_ERROR; + } XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz); *inOutIdx += ci_sz; @@ -15712,8 +15915,9 @@ int DoSessionTicket(WOLFSSL* ssl, MAX_PSK_KEY_LEN); if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { return PSK_KEY_ERROR; + } /* make psk pre master secret */ /* length of key + length 0s + length of key + key */ @@ -15739,8 +15943,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* if qshSz is larger than 0 it is the length of buffer used */ if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) + size - *inOutIdx + begin, 1)) < 0) { return qshSz; + } *inOutIdx += qshSz; } else { @@ -15764,30 +15969,36 @@ int DoSessionTicket(WOLFSSL* ssl, word16 cipherLen; word16 plainLen = sizeof(ssl->arrays->preMasterSecret); - if (!ssl->buffers.key.buffer) + if (!ssl->buffers.key.buffer) { return NO_PRIVATE_KEY; + } - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &cipherLen); *inOutIdx += OPAQUE16_LEN; - if (cipherLen > MAX_NTRU_ENCRYPT_SZ) + if (cipherLen > MAX_NTRU_ENCRYPT_SZ) { return NTRU_KEY_ERROR; + } - if ((*inOutIdx - begin) + cipherLen > size) + if ((*inOutIdx - begin) + cipherLen > size) { return BUFFER_ERROR; + } if (NTRU_OK != ntru_crypto_ntru_decrypt( (word16) ssl->buffers.key.length, ssl->buffers.key.buffer, cipherLen, input + *inOutIdx, &plainLen, - ssl->arrays->preMasterSecret)) + ssl->arrays->preMasterSecret)) { return NTRU_DECRYPT_ERROR; + } - if (plainLen != SECRET_LEN) + if (plainLen != SECRET_LEN) { return NTRU_DECRYPT_ERROR; + } *inOutIdx += cipherLen; @@ -15801,8 +16012,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* if qshSz is larger than 0 it is the length of buffer used */ if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) + size - *inOutIdx + begin, 1)) < 0) { return qshSz; + } *inOutIdx += qshSz; } else { @@ -15820,13 +16032,15 @@ int DoSessionTicket(WOLFSSL* ssl, #ifdef HAVE_ECC case ecc_diffie_hellman_kea: { - if ((*inOutIdx - begin) + OPAQUE8_LEN > size) + if ((*inOutIdx - begin) + OPAQUE8_LEN > size) { return BUFFER_ERROR; + } length = input[(*inOutIdx)++]; - if ((*inOutIdx - begin) + length > size) + if ((*inOutIdx - begin) + length > size) { return BUFFER_ERROR; + } if (ssl->peerEccKey == NULL) { /* alloc/init on demand */ @@ -15843,8 +16057,9 @@ int DoSessionTicket(WOLFSSL* ssl, wc_ecc_init(ssl->peerEccKey); } - if (wc_ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey)) + if (wc_ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey)) { return ECC_PEERKEY_ERROR; + } *inOutIdx += length; ssl->peerEccKeyPresent = 1; @@ -15859,9 +16074,10 @@ int DoSessionTicket(WOLFSSL* ssl, ret = wc_EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, &staticKey, ssl->buffers.key.length); - if (ret == 0) + if (ret == 0) { ret = wc_ecc_shared_secret(&staticKey, ssl->peerEccKey, ssl->arrays->preMasterSecret, &length); + } wc_ecc_free(&staticKey); } @@ -15875,8 +16091,9 @@ int DoSessionTicket(WOLFSSL* ssl, } } - if (ret != 0) + if (ret != 0) { return ECC_SHARED_ERROR; + } ssl->arrays->preMasterSz = length; #ifdef HAVE_QSH @@ -15889,8 +16106,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* if qshSz is larger than 0 it is the length of buffer used */ if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) + size - *inOutIdx + begin, 1)) < 0) { return qshSz; + } *inOutIdx += qshSz; } else { @@ -15910,26 +16128,29 @@ int DoSessionTicket(WOLFSSL* ssl, word16 clientPubSz; DhKey dhKey; - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &clientPubSz); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + clientPubSz > size) + if ((*inOutIdx - begin) + clientPubSz > size) { return BUFFER_ERROR; + } wc_InitDhKey(&dhKey); ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length); - if (ret == 0) + if (ret == 0) { ret = wc_DhAgree(&dhKey, ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, ssl->buffers.serverDH_Priv.buffer, ssl->buffers.serverDH_Priv.length, input + *inOutIdx, clientPubSz); + } wc_FreeDhKey(&dhKey); *inOutIdx += clientPubSz; @@ -15944,8 +16165,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* if qshSz is larger than 0 it is the length of buffer used */ if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) + size - *inOutIdx + begin, 1)) < 0) { return qshSz; + } *inOutIdx += qshSz; } else { @@ -15955,8 +16177,9 @@ int DoSessionTicket(WOLFSSL* ssl, } } #endif - if (ret == 0) + if (ret == 0) { ret = MakeMasterSecret(ssl); + } } break; #endif /* NO_DH */ @@ -15968,16 +16191,19 @@ int DoSessionTicket(WOLFSSL* ssl, DhKey dhKey; /* Read in the PSK hint */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &clientSz); *inOutIdx += OPAQUE16_LEN; - if (clientSz > MAX_PSK_ID_LEN) + if (clientSz > MAX_PSK_ID_LEN) { return CLIENT_ID_ERROR; + } - if ((*inOutIdx - begin) + clientSz > size) + if ((*inOutIdx - begin) + clientSz > size) { return BUFFER_ERROR; + } XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, clientSz); @@ -15986,26 +16212,29 @@ int DoSessionTicket(WOLFSSL* ssl, 0; /* Read in the DHE business */ - if ((*inOutIdx - begin) + OPAQUE16_LEN > size) + if ((*inOutIdx - begin) + OPAQUE16_LEN > size) { return BUFFER_ERROR; + } ato16(input + *inOutIdx, &clientSz); *inOutIdx += OPAQUE16_LEN; - if ((*inOutIdx - begin) + clientSz > size) + if ((*inOutIdx - begin) + clientSz > size) { return BUFFER_ERROR; + } wc_InitDhKey(&dhKey); ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length); - if (ret == 0) + if (ret == 0) { ret = wc_DhAgree(&dhKey, pms + OPAQUE16_LEN, &ssl->arrays->preMasterSz, ssl->buffers.serverDH_Priv.buffer, ssl->buffers.serverDH_Priv.length, input + *inOutIdx, clientSz); + } wc_FreeDhKey(&dhKey); *inOutIdx += clientSz; @@ -16020,8 +16249,9 @@ int DoSessionTicket(WOLFSSL* ssl, MAX_PSK_KEY_LEN); if (ssl->arrays->psk_keySz == 0 || - ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) + ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { return PSK_KEY_ERROR; + } c16toa((word16) ssl->arrays->psk_keySz, pms); pms += OPAQUE16_LEN; @@ -16039,8 +16269,9 @@ int DoSessionTicket(WOLFSSL* ssl, /* if qshSz is larger than 0 it is the length of buffer used */ if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, - size - *inOutIdx + begin, 1)) < 0) + size - *inOutIdx + begin, 1)) < 0) { return qshSz; + } *inOutIdx += qshSz; } else { @@ -16074,8 +16305,9 @@ int DoSessionTicket(WOLFSSL* ssl, if (ret == 0) { ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; #ifndef NO_CERTS - if (ssl->options.verifyPeer) + if (ssl->options.verifyPeer) { ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes); + } #endif }