From 3b768bcb5ee5e737a8f66adee6f6737f012ce2c1 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 6 Mar 2021 10:18:31 +0900 Subject: [PATCH] addressed review comments --- src/ssl.c | 64 +++++++++++++++++++++++++++++++----------- tests/api.c | 34 +++++++++++++++++++++- wolfcrypt/src/md5.c | 8 ++++++ wolfcrypt/src/sha.c | 8 ++++++ wolfcrypt/src/sha256.c | 7 +++++ wolfcrypt/src/sha512.c | 13 ++++++++- 6 files changed, 115 insertions(+), 19 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d6dd64f7a..7ca132336 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2272,7 +2272,7 @@ int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl) #ifdef WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST /* The following is a non-standard way to reconfigure the max packet size - post-handshake for wolfSSL_write/woflSSL_read */ + post-handshake for wolfSSL_write/wolfSSL_read */ if (ssl->options.handShakeState == HANDSHAKE_DONE) { switch (mfl) { case WOLFSSL_MFL_2_8 : ssl->max_fragment = 256; break; @@ -16832,25 +16832,30 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return 0; } - + /* Apply MD5 transformation to the data */ int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX* md5, const unsigned char* data) { int ret; WOLFSSL_ENTER("MD5_Transform"); + + /* sanity check */ + if (md5 == NULL || data == NULL) { + return 0; + } #if defined(BIG_ENDIAN_ORDER) { ByteReverseWords((word32*)data, (word32*)data, WC_MD5_BLOCK_SIZE); } #endif - + ret = wc_Md5Transform((wc_Md5*)md5, data); /* return 1 on success, 0 otherwise */ if (ret == 0) return 1; - - return ret; + else + return 0; } #endif /* !NO_MD5 */ @@ -16907,12 +16912,17 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #if defined(OPENSSL_EXTRA) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + /* Apply SHA1 transformation to the data */ int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data) { int ret; WOLFSSL_ENTER("SHA_Transform"); + /* sanity check */ + if (sha == NULL || data == NULL) { + return 0; + } #if defined(LITTLE_ENDIAN_ORDER) { ByteReverseWords((word32*)data, (word32*)data, WC_SHA_BLOCK_SIZE); @@ -16923,8 +16933,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, /* return 1 on success, 0 otherwise */ if (ret == 0) return 1; - - return ret; + else + return 0; } #endif #endif @@ -16952,6 +16962,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #if defined(OPENSSL_EXTRA) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + /* Apply SHA1 transformation to the data */ int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data) { @@ -17066,12 +17077,17 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #if defined(OPENSSL_EXTRA) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + /* Apply SHA256 transformation to the data */ int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, const unsigned char* data) { int ret; WOLFSSL_ENTER("SHA256_Transform"); + /* sanity check */ + if (sha256 == NULL || data == NULL) { + return 0; + } #if defined(LITTLE_ENDIAN_ORDER) { ByteReverseWords((word32*)data, (word32*)data, WC_SHA256_BLOCK_SIZE); @@ -17082,8 +17098,8 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, /* return 1 on success, 0 otherwise */ if (ret == 0) return 1; - - return ret; + else + return 0; } #endif #endif @@ -17193,20 +17209,25 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + /* Apply SHA512 transformation to the data */ int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512, const unsigned char* data) { int ret = WOLFSSL_SUCCESS; WOLFSSL_ENTER("SHA512_Transform"); + /* sanity check */ + if (sha512 == NULL || data == NULL) { + return 0; + } ret = wc_Sha512Transform((wc_Sha512*)sha512, data); /* return 1 on success, 0 otherwise */ if (ret == 0) return 1; - - return ret; + else + return 0; } #endif /* !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION > 2)) */ @@ -21690,7 +21711,7 @@ WOLFSSL_SESSION* wolfSSL_SESSION_new(void) } /* add one to session reference count - * return WOFLSSL_SUCCESS on success and WOLFSSL_FAILURE on error */ + * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */ int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session) { if (session == NULL) @@ -26087,6 +26108,9 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, byte* der = NULL; WOLFSSL_X509_CRL* crl = NULL; + if (bp == NULL) + return NULL; + if ((derSz = wolfSSL_BIO_get_len(bp)) > 0) { der = (byte*)XMALLOC(derSz, 0, DYNAMIC_TYPE_DER); if (der != NULL) { @@ -26111,6 +26135,11 @@ WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE); } +/* Read CRL file, and add it to store and corresponding cert manager */ +/* @param ctx a pointer of X509_LOOKUP back to the X509_STORE */ +/* @param file a file to read */ +/* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */ +/* @return WOLFSSL_SUCCESS(1) on successful, othewise WOLFSSL_FAILURE(0)*/ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type) { @@ -26161,7 +26190,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, } } } else { - WOLFSSL_MSG("Invaid file type"); + WOLFSSL_MSG("Invalid file type"); } wolfSSL_X509_CRL_free(crl); @@ -26379,7 +26408,8 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, } -/* +/* inherits properties of param "to" to param "from" +* * WOLFSSL_VPARAM_DEFAULT any values in "src" is copied * if "src" value is new for "to". * WOLFSSL_VPARAM_OVERWRITE all values of "form" are copied to "to" @@ -26387,7 +26417,7 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, * WOLFSSL_VPARAM_LOCKED don't copy any values * WOLFSSL_VPARAM_ONCE the current inherit_flags is zerroed */ -static int woflSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, +static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, const WOLFSSL_X509_VERIFY_PARAM *from) { int ret = WOLFSSL_FAILURE; @@ -26530,11 +26560,11 @@ int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM *to, _inherit_flags = to->inherit_flags; /* Ored DEFAULT inherit flag proerty to copy "from" contents to "to" - * contends + * contents */ to->inherit_flags |= WOLFSSL_VPARAM_DEFAULT; - ret = woflSSL_X509_VERIFY_PARAM_inherit(to, from); + ret = wolfSSL_X509_VERIFY_PARAM_inherit(to, from); /* restore inherit flag */ to->inherit_flags = _inherit_flags; diff --git a/tests/api.c b/tests/api.c index 2579fe06c..1aaa4911e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33070,6 +33070,14 @@ static void test_wolfSSL_MD5_Transform(void) XMEMSET(&md5, 0, sizeof(md5)); XMEMSET(&local, 0, sizeof(local)); + /* sanity check */ + AssertIntEQ(wolfSSL_MD5_Transform(NULL, NULL), 0); + AssertIntEQ(wolfSSL_MD5_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(wolfSSL_MD5_Transform(&md5, NULL), 0); + AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG); + AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); + AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG); + /* Init MD5 CTX */ AssertIntEQ(wolfSSL_MD5_Init(&md5), 1); /* Do Transform*/ @@ -33106,7 +33114,7 @@ static void test_wolfSSL_SHA224(void) size_t inLen; byte hash[WC_SHA224_DIGEST_SIZE]; - printf(testingFmt, "wolfSSL_SHA224)"); + printf(testingFmt, "wolfSSL_SHA224()"); inLen = XSTRLEN((char*)input); XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE); @@ -33139,6 +33147,14 @@ static void test_wolfSSL_SHA_Transform(void) XMEMSET(&sha, 0, sizeof(sha)); XMEMSET(&local, 0, sizeof(local)); + /* sanity check */ + AssertIntEQ(wolfSSL_SHA_Transform(NULL, NULL), 0); + AssertIntEQ(wolfSSL_SHA_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(wolfSSL_SHA_Transform(&sha, NULL), 0); + AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG); + AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG); + AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG); + /* Init SHA CTX */ AssertIntEQ(wolfSSL_SHA_Init(&sha), 1); /* Do Transform*/ @@ -33185,6 +33201,14 @@ static void test_wolfSSL_SHA256_Transform(void) XMEMSET(&sha256, 0, sizeof(sha256)); XMEMSET(&local, 0, sizeof(local)); + /* sanity check */ + AssertIntEQ(wolfSSL_SHA256_Transform(NULL, NULL), 0); + AssertIntEQ(wolfSSL_SHA256_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, NULL), 0); + AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG); + AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); + AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG); + /* Init SHA256 CTX */ AssertIntEQ(wolfSSL_SHA256_Init(&sha256), 1); /* Do Transform*/ @@ -33259,6 +33283,14 @@ static void test_wolfSSL_SHA512_Transform(void) XMEMSET(&sha512, 0, sizeof(sha512)); XMEMSET(&local, 0, sizeof(local)); + /* sanity check */ + AssertIntEQ(wolfSSL_SHA512_Transform(NULL, NULL), 0); + AssertIntEQ(wolfSSL_SHA512_Transform(NULL, (const byte*)&input1), 0); + AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, NULL), 0); + AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG); + AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); + AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG); + /* Init SHA512 CTX */ AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1); diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index d4c92ad0b..e4ffc2f09 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -551,8 +551,16 @@ int wc_Md5Copy(wc_Md5* src, wc_Md5* dst) return ret; } #ifdef OPENSSL_EXTRA +/* Apply MD5 transformation to the data */ +/* @param md5 a pointer to wc_MD5 structure */ +/* @param data data to be applied MD5 transformation */ +/* @return 0 on successful, otherwise non-zero on failure */ int wc_Md5Transform(wc_Md5* md5, const byte* data) { + /* sanity check */ + if (md5 == NULL || data == NULL) { + return BAD_FUNC_ARG; + } return Transform(md5, data); } #endif diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 35c1589c6..0d16521cd 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -774,8 +774,16 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) } #if defined(OPENSSL_EXTRA) +/* Apply SHA1 transformation to the data */ +/* @param sha a pointer to wc_Sha structure */ +/* @param data data to be applied SHA1 transformation */ +/* @return 0 on successful, otherwise non-zero on failure */ int wc_ShaTransform(wc_Sha* sha, const unsigned char* data) { + /* sanity check */ + if (sha == NULL || data == NULL) { + return BAD_FUNC_ARG; + } return (Transform(sha, data)); } #endif diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index eb26ad6d6..249bc5d6d 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -1296,8 +1296,15 @@ static int InitSha256(wc_Sha256* sha256) } #if defined(OPENSSL_EXTRA) +/* Apply SHA256 transformation to the data */ +/* @param sha a pointer to wc_Sha256 structure */ +/* @param data data to be applied SHA256 transformation */ +/* @return 0 on successful, otherwise non-zero on failure */ int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data) { + if (sha == NULL || data == NULL) { + return BAD_FUNC_ARG; + } return (Transform_Sha256(sha, data)); } #endif diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 0353cfc64..bc576da21 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -917,6 +917,10 @@ void wc_Sha512Free(wc_Sha512* sha512) #endif /* WOLFSSL_ASYNC_CRYPT */ } #if defined(OPENSSL_EXTRA) +/* Apply SHA512 transformation to the data */ +/* @param sha a pointer to wc_Sha512 structure */ +/* @param data data to be applied SHA512 transformation */ +/* @return 0 on successful, otherwise non-zero on failure */ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) { int ret ; @@ -930,7 +934,14 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) #else word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; #endif - + + /* sanity check */ + if (sha == NULL || data == NULL) { + #if defined(WOLFSSL_SMALL_STACK) + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return BAD_FUNC_ARG; + } #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2) Sha512_SetTransform(); #endif