diff --git a/src/internal.c b/src/internal.c index 802cc68c8..ce14ba9ea 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10359,7 +10359,9 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, } #endif +#if defined(WOLFSSL_DTLS13) || defined(WOLFSSL_TLS13) tls12minor = TLSv1_2_MINOR; +#endif #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) tls12minor = DTLSv1_2_MINOR; @@ -28181,7 +28183,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, -1, args->bits); #endif if (ret != 0) - return ret; + goto exit_dske; /* CLIENT: Data verified with cert's public key. */ ssl->options.peerAuthGood = ssl->options.havePeerCert; @@ -28387,6 +28389,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) DYNAMIC_TYPE_ASYNC); if (ssl->async == NULL) ERROR_OUT(MEMORY_E, exit_scke); + XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC)); } args = (SckeArgs*)ssl->async->args; @@ -29370,9 +29373,15 @@ int SendClientKeyExchange(WOLFSSL* ssl) defined(HAVE_CURVE448) case ecc_diffie_hellman_kea: { - /* place size of public key in buffer */ - *args->encSecret = (byte)args->encSz; - args->encSz += OPAQUE8_LEN; + if (args->encSecret == NULL) { + ret = BAD_STATE_E; + goto exit_scke; + } + else { + /* place size of public key in buffer */ + *args->encSecret = (byte)args->encSz; + args->encSz += OPAQUE8_LEN; + } break; } #endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */ @@ -29628,6 +29637,7 @@ int SendCertificateVerify(WOLFSSL* ssl) DYNAMIC_TYPE_ASYNC); if (ssl->async == NULL) ERROR_OUT(MEMORY_E, exit_scv); + XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC)); } args = (ScvArgs*)ssl->async->args; #ifdef WOLFSSL_ASYNC_CRYPT @@ -30628,6 +30638,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, DYNAMIC_TYPE_ASYNC); if (ssl->async == NULL) ERROR_OUT(MEMORY_E, exit_sske); + XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC)); } args = (SskeArgs*)ssl->async->args; #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/src/tls.c b/src/tls.c index f40f410b5..d7e2a9f00 100644 --- a/src/tls.c +++ b/src/tls.c @@ -11959,7 +11959,10 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); if (ret != WOLFSSL_SUCCESS) return ret; + /* ret value will be overwritten in !NO_PSK case */ + #ifdef NO_PSK ret = 0; + #endif } #endif /* !(HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ diff --git a/tests/api.c b/tests/api.c index d44b44730..9a0fc101d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -6279,7 +6279,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) return 0; } } -#endif +#else if (ctx == NULL) { ctx = wolfSSL_CTX_new(callbacks->method()); } @@ -6287,6 +6287,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) printf("CTX new failed\n"); return 0; } +#endif /* set defaults */ if (callbacks->caPemFile == NULL) @@ -6489,7 +6490,7 @@ static void run_wolfssl_client(void* args) return; } } -#endif +#else if (ctx == NULL) { ctx = wolfSSL_CTX_new(callbacks->method()); } @@ -6497,6 +6498,7 @@ static void run_wolfssl_client(void* args) printf("CTX new failed\n"); return; } +#endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index c7f6e0f95..17ad919b0 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -86,26 +86,6 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret, Hmac hmac[1]; #endif -#ifdef WOLFSSL_SMALL_STACK - previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); - current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); - hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); - - if (previous == NULL || current == NULL || hmac == NULL) { - if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); - if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST); - if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); - - return MEMORY_E; - } -#endif - -#ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE); - wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE); - wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac)); -#endif - switch (hash) { #ifndef NO_MD5 case md5_mac: @@ -142,11 +122,6 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret, break; #endif default: - #ifdef WOLFSSL_SMALL_STACK - if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); - if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST); - if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); - #endif return HASH_TYPE_E; } @@ -163,6 +138,24 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret, lastTime = times - 1; +#ifdef WOLFSSL_SMALL_STACK + previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); + current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); + hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); + if (previous == NULL || current == NULL || hmac == NULL) { + if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); + if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST); + if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); + return MEMORY_E; + } +#endif + +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE); + wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE); + wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac)); +#endif + ret = wc_HmacInit(hmac, heap, devId); if (ret == 0) { ret = wc_HmacSetKey(hmac, hash, secret, secLen); @@ -204,14 +197,16 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret, ForceZero(current, P_HASH_MAX_SIZE); ForceZero(hmac, sizeof(Hmac)); +#if defined(WOLFSSL_CHECK_MEM_ZERO) + wc_MemZero_Check(previous, P_HASH_MAX_SIZE); + wc_MemZero_Check(current, P_HASH_MAX_SIZE); + wc_MemZero_Check(hmac, sizeof(Hmac)); +#endif + #ifdef WOLFSSL_SMALL_STACK XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); XFREE(current, heap, DYNAMIC_TYPE_DIGEST); XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); -#elif defined(WOLFSSL_CHECK_MEM_ZERO) - wc_MemZero_Check(previous, P_HASH_MAX_SIZE); - wc_MemZero_Check(current, P_HASH_MAX_SIZE); - wc_MemZero_Check(hmac, sizeof(Hmac)); #endif return ret; @@ -225,39 +220,30 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret, { int ret = 0; word32 half = (secLen + 1) / 2; - const byte* md5_half; const byte* sha_half; byte* md5_result; #ifdef WOLFSSL_SMALL_STACK byte* sha_result; + byte* labelSeed; #else byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ -#endif -#if !defined(WOLFSSL_ASYNC_CRYPT) || defined(WC_ASYNC_NO_HASH) byte labelSeed[MAX_PRF_LABSEED]; -#else - WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); - if (labelSeed == NULL) - return MEMORY_E; #endif if (half > MAX_PRF_HALF || labLen + seedLen > MAX_PRF_LABSEED || digLen > MAX_PRF_DIG) { - #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) - WC_FREE_VAR(labelSeed, heap); - #endif return BUFFER_E; } #ifdef WOLFSSL_SMALL_STACK sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST); - if (sha_result == NULL) { - #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) - WC_FREE_VAR(labelSeed, heap); - #endif + labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_DIGEST); + if (sha_result == NULL || labelSeed == NULL) { + XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); + XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST); return MEMORY_E; } #endif @@ -283,14 +269,13 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret, } } -#ifdef WOLFSSL_SMALL_STACK - XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); -#elif defined(WOLFSSL_CHECK_MEM_ZERO) +#if defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(sha_result, MAX_PRF_DIG); #endif -#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) - WC_FREE_VAR(labelSeed, heap); +#ifdef WOLFSSL_SMALL_STACK + XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); + XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST); #endif return ret; @@ -305,30 +290,37 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, int ret = 0; if (useAtLeastSha256) { - #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) - WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); - if (labelSeed == NULL) - return MEMORY_E; + #ifdef WOLFSSL_SMALL_STACK + byte* labelSeed; #else - byte labelSeed[MAX_PRF_LABSEED]; + byte labelSeed[MAX_PRF_LABSEED]; #endif - if (labLen + seedLen > MAX_PRF_LABSEED) + if (labLen + seedLen > MAX_PRF_LABSEED) { return BUFFER_E; + } + + #ifdef WOLFSSL_SMALL_STACK + labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_DIGEST); + if (labelSeed == NULL) { + return MEMORY_E; + } + #endif XMEMCPY(labelSeed, label, labLen); XMEMCPY(labelSeed + labLen, seed, seedLen); /* If a cipher suite wants an algorithm better than sha256, it * should use better. */ - if (hash_type < sha256_mac || hash_type == blake2b_mac) + if (hash_type < sha256_mac || hash_type == blake2b_mac) { hash_type = sha256_mac; + } /* compute PRF for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1.2 PRF */ ret = wc_PRF(digest, digLen, secret, secLen, labelSeed, labLen + seedLen, hash_type, heap, devId); - #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) - WC_FREE_VAR(labelSeed, heap); + #ifdef WOLFSSL_SMALL_STACK + XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST); #endif } else { @@ -341,7 +333,6 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, #endif } - return ret; } #endif /* WOLFSSL_HAVE_PRF */