WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5663 from lealem47/scan_build

pull/5712/head
Hayden Roche 2022-10-18 08:10:33 -07:00 committed by GitHub
parent c5df62e647 327b66d3ed
commit b7c4ddba72
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 71 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/internal.c
View File

@ -10359,7 +10359,9 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
}
#endif
#if defined(WOLFSSL_DTLS13) || defined(WOLFSSL_TLS13)
tls12minor = TLSv1_2_MINOR;
#endif
#ifdef WOLFSSL_DTLS13
if (ssl->options.dtls)
tls12minor = DTLSv1_2_MINOR;
@ -28181,7 +28183,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
-1, args->bits);
#endif
if (ret != 0)
return ret;
goto exit_dske;
/* CLIENT: Data verified with cert's public key. */
ssl->options.peerAuthGood =
ssl->options.havePeerCert;
@ -28387,6 +28389,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
DYNAMIC_TYPE_ASYNC);
if (ssl->async == NULL)
ERROR_OUT(MEMORY_E, exit_scke);
XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC));
}
args = (SckeArgs*)ssl->async->args;
@ -29370,9 +29373,15 @@ int SendClientKeyExchange(WOLFSSL* ssl)
defined(HAVE_CURVE448)
case ecc_diffie_hellman_kea:
{
/* place size of public key in buffer */
*args->encSecret = (byte)args->encSz;
args->encSz += OPAQUE8_LEN;
if (args->encSecret == NULL) {
ret = BAD_STATE_E;
goto exit_scke;
}
else {
/* place size of public key in buffer */
*args->encSecret = (byte)args->encSz;
args->encSz += OPAQUE8_LEN;
}
break;
}
#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
@ -29628,6 +29637,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
DYNAMIC_TYPE_ASYNC);
if (ssl->async == NULL)
ERROR_OUT(MEMORY_E, exit_scv);
XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC));
}
args = (ScvArgs*)ssl->async->args;
#ifdef WOLFSSL_ASYNC_CRYPT
@ -30628,6 +30638,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
DYNAMIC_TYPE_ASYNC);
if (ssl->async == NULL)
ERROR_OUT(MEMORY_E, exit_sske);
XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC));
}
args = (SskeArgs*)ssl->async->args;
#ifdef WOLFSSL_ASYNC_CRYPT

3
src/tls.c
View File

@ -11959,7 +11959,10 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions);
if (ret != WOLFSSL_SUCCESS)
return ret;
/* ret value will be overwritten in !NO_PSK case */
#ifdef NO_PSK
ret = 0;
#endif
}
#endif /* !(HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */

6
tests/api.c
View File

@ -6279,7 +6279,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
return 0;
}
}
#endif
#else
if (ctx == NULL) {
ctx = wolfSSL_CTX_new(callbacks->method());
}
@ -6287,6 +6287,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
printf("CTX new failed\n");
return 0;
}
#endif
/* set defaults */
if (callbacks->caPemFile == NULL)
@ -6489,7 +6490,7 @@ static void run_wolfssl_client(void* args)
return;
}
}
#endif
#else
if (ctx == NULL) {
ctx = wolfSSL_CTX_new(callbacks->method());
}
@ -6497,6 +6498,7 @@ static void run_wolfssl_client(void* args)
printf("CTX new failed\n");
return;
}
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());

107
wolfcrypt/src/kdf.c
View File

@ -86,26 +86,6 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
Hmac hmac[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC);
if (previous == NULL || current == NULL || hmac == NULL) {
if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
return MEMORY_E;
}
#endif
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE);
wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE);
wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac));
#endif
switch (hash) {
#ifndef NO_MD5
case md5_mac:
@ -142,11 +122,6 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
break;
#endif
default:
#ifdef WOLFSSL_SMALL_STACK
if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
#endif
return HASH_TYPE_E;
}
@ -163,6 +138,24 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
lastTime = times - 1;
#ifdef WOLFSSL_SMALL_STACK
previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC);
if (previous == NULL || current == NULL || hmac == NULL) {
if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
return MEMORY_E;
}
#endif
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE);
wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE);
wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac));
#endif
ret = wc_HmacInit(hmac, heap, devId);
if (ret == 0) {
ret = wc_HmacSetKey(hmac, hash, secret, secLen);
@ -204,14 +197,16 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
ForceZero(current, P_HASH_MAX_SIZE);
ForceZero(hmac, sizeof(Hmac));
#if defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(previous, P_HASH_MAX_SIZE);
wc_MemZero_Check(current, P_HASH_MAX_SIZE);
wc_MemZero_Check(hmac, sizeof(Hmac));
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(previous, P_HASH_MAX_SIZE);
wc_MemZero_Check(current, P_HASH_MAX_SIZE);
wc_MemZero_Check(hmac, sizeof(Hmac));
#endif
return ret;
@ -225,39 +220,30 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
{
int ret = 0;
word32 half = (secLen + 1) / 2;
const byte* md5_half;
const byte* sha_half;
byte* md5_result;
#ifdef WOLFSSL_SMALL_STACK
byte* sha_result;
byte* labelSeed;
#else
byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
#endif
#if !defined(WOLFSSL_ASYNC_CRYPT) || defined(WC_ASYNC_NO_HASH)
byte labelSeed[MAX_PRF_LABSEED];
#else
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap);
if (labelSeed == NULL)
return MEMORY_E;
#endif
if (half > MAX_PRF_HALF ||
labLen + seedLen > MAX_PRF_LABSEED ||
digLen > MAX_PRF_DIG)
{
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
WC_FREE_VAR(labelSeed, heap);
#endif
return BUFFER_E;
}
#ifdef WOLFSSL_SMALL_STACK
sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST);
if (sha_result == NULL) {
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
WC_FREE_VAR(labelSeed, heap);
#endif
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_DIGEST);
if (sha_result == NULL || labelSeed == NULL) {
XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST);
return MEMORY_E;
}
#endif
@ -283,14 +269,13 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
#if defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(sha_result, MAX_PRF_DIG);
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
WC_FREE_VAR(labelSeed, heap);
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST);
#endif
return ret;
@ -305,30 +290,37 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
int ret = 0;
if (useAtLeastSha256) {
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap);
if (labelSeed == NULL)
return MEMORY_E;
#ifdef WOLFSSL_SMALL_STACK
byte* labelSeed;
#else
byte labelSeed[MAX_PRF_LABSEED];
byte labelSeed[MAX_PRF_LABSEED];
#endif
if (labLen + seedLen > MAX_PRF_LABSEED)
if (labLen + seedLen > MAX_PRF_LABSEED) {
return BUFFER_E;
}
#ifdef WOLFSSL_SMALL_STACK
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_DIGEST);
if (labelSeed == NULL) {
return MEMORY_E;
}
#endif
XMEMCPY(labelSeed, label, labLen);
XMEMCPY(labelSeed + labLen, seed, seedLen);
/* If a cipher suite wants an algorithm better than sha256, it
* should use better. */
if (hash_type < sha256_mac || hash_type == blake2b_mac)
if (hash_type < sha256_mac || hash_type == blake2b_mac) {
hash_type = sha256_mac;
}
/* compute PRF for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1.2 PRF */
ret = wc_PRF(digest, digLen, secret, secLen, labelSeed,
labLen + seedLen, hash_type, heap, devId);
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
WC_FREE_VAR(labelSeed, heap);
#ifdef WOLFSSL_SMALL_STACK
XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST);
#endif
}
else {
@ -341,7 +333,6 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#endif
}
return ret;
}
#endif /* WOLFSSL_HAVE_PRF */