WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5663 from lealem47/scan_build

pull/5712/head
Hayden Roche 2022-10-18 08:10:33 -07:00 committed by GitHub
parent c5df62e647 327b66d3ed
commit b7c4ddba72
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 71 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/internal.c
View File

@ -10359,7 +10359,9 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
} }
#endif #endif
#if defined(WOLFSSL_DTLS13) || defined(WOLFSSL_TLS13)
tls12minor = TLSv1_2_MINOR; tls12minor = TLSv1_2_MINOR;
#endif
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) if (ssl->options.dtls)
tls12minor = DTLSv1_2_MINOR; tls12minor = DTLSv1_2_MINOR;
@ -28181,7 +28183,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
-1, args->bits); -1, args->bits);
#endif #endif
if (ret != 0) if (ret != 0)
return ret; goto exit_dske;
/* CLIENT: Data verified with cert's public key. */ /* CLIENT: Data verified with cert's public key. */
ssl->options.peerAuthGood = ssl->options.peerAuthGood =
ssl->options.havePeerCert; ssl->options.havePeerCert;
@ -28387,6 +28389,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
DYNAMIC_TYPE_ASYNC); DYNAMIC_TYPE_ASYNC);
if (ssl->async == NULL) if (ssl->async == NULL)
ERROR_OUT(MEMORY_E, exit_scke); ERROR_OUT(MEMORY_E, exit_scke);
XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC));
} }
args = (SckeArgs*)ssl->async->args; args = (SckeArgs*)ssl->async->args;
@ -29370,9 +29373,15 @@ int SendClientKeyExchange(WOLFSSL* ssl)
defined(HAVE_CURVE448) defined(HAVE_CURVE448)
case ecc_diffie_hellman_kea: case ecc_diffie_hellman_kea:
{ {
if (args->encSecret == NULL) {
ret = BAD_STATE_E;
goto exit_scke;
}
else {
/* place size of public key in buffer */ /* place size of public key in buffer */
*args->encSecret = (byte)args->encSz; *args->encSecret = (byte)args->encSz;
args->encSz += OPAQUE8_LEN; args->encSz += OPAQUE8_LEN;
}
break; break;
} }
#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */ #endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
@ -29628,6 +29637,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
DYNAMIC_TYPE_ASYNC); DYNAMIC_TYPE_ASYNC);
if (ssl->async == NULL) if (ssl->async == NULL)
ERROR_OUT(MEMORY_E, exit_scv); ERROR_OUT(MEMORY_E, exit_scv);
XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC));
} }
args = (ScvArgs*)ssl->async->args; args = (ScvArgs*)ssl->async->args;
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
@ -30628,6 +30638,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
DYNAMIC_TYPE_ASYNC); DYNAMIC_TYPE_ASYNC);
if (ssl->async == NULL) if (ssl->async == NULL)
ERROR_OUT(MEMORY_E, exit_sske); ERROR_OUT(MEMORY_E, exit_sske);
XMEMSET(ssl->async, 0, sizeof(struct WOLFSSL_ASYNC));
} }
args = (SskeArgs*)ssl->async->args; args = (SskeArgs*)ssl->async->args;
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT

3
src/tls.c
View File

@ -11959,7 +11959,10 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions);
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)
return ret; return ret;
/* ret value will be overwritten in !NO_PSK case */
#ifdef NO_PSK
ret = 0; ret = 0;
#endif
} }
#endif /* !(HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ #endif /* !(HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */

6
tests/api.c
View File

@ -6279,7 +6279,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
return 0; return 0;
} }
} }
#endif #else
if (ctx == NULL) { if (ctx == NULL) {
ctx = wolfSSL_CTX_new(callbacks->method()); ctx = wolfSSL_CTX_new(callbacks->method());
} }
@ -6287,6 +6287,7 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
printf("CTX new failed\n"); printf("CTX new failed\n");
return 0; return 0;
} }
#endif
/* set defaults */ /* set defaults */
if (callbacks->caPemFile == NULL) if (callbacks->caPemFile == NULL)
@ -6489,7 +6490,7 @@ static void run_wolfssl_client(void* args)
return; return;
} }
} }
#endif #else
if (ctx == NULL) { if (ctx == NULL) {
ctx = wolfSSL_CTX_new(callbacks->method()); ctx = wolfSSL_CTX_new(callbacks->method());
} }
@ -6497,6 +6498,7 @@ static void run_wolfssl_client(void* args)
printf("CTX new failed\n"); printf("CTX new failed\n");
return; return;
} }
#endif
#ifdef WOLFSSL_TIRTOS #ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self()); fdOpenSession(Task_self());

105
wolfcrypt/src/kdf.c
View File

@ -86,26 +86,6 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
Hmac hmac[1]; Hmac hmac[1];
#endif #endif
#ifdef WOLFSSL_SMALL_STACK
previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC);
if (previous == NULL || current == NULL || hmac == NULL) {
if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
return MEMORY_E;
}
#endif
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE);
wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE);
wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac));
#endif
switch (hash) { switch (hash) {
#ifndef NO_MD5 #ifndef NO_MD5
case md5_mac: case md5_mac:
@ -142,11 +122,6 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
break; break;
#endif #endif
default: default:
#ifdef WOLFSSL_SMALL_STACK
if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
#endif
return HASH_TYPE_E; return HASH_TYPE_E;
} }
@ -163,6 +138,24 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
lastTime = times - 1; lastTime = times - 1;
#ifdef WOLFSSL_SMALL_STACK
previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST);
hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC);
if (previous == NULL || current == NULL || hmac == NULL) {
if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
return MEMORY_E;
}
#endif
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE);
wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE);
wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac));
#endif
ret = wc_HmacInit(hmac, heap, devId); ret = wc_HmacInit(hmac, heap, devId);
if (ret == 0) { if (ret == 0) {
ret = wc_HmacSetKey(hmac, hash, secret, secLen); ret = wc_HmacSetKey(hmac, hash, secret, secLen);
@ -204,14 +197,16 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret,
ForceZero(current, P_HASH_MAX_SIZE); ForceZero(current, P_HASH_MAX_SIZE);
ForceZero(hmac, sizeof(Hmac)); ForceZero(hmac, sizeof(Hmac));
#if defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(previous, P_HASH_MAX_SIZE);
wc_MemZero_Check(current, P_HASH_MAX_SIZE);
wc_MemZero_Check(hmac, sizeof(Hmac));
#endif
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); XFREE(previous, heap, DYNAMIC_TYPE_DIGEST);
XFREE(current, heap, DYNAMIC_TYPE_DIGEST); XFREE(current, heap, DYNAMIC_TYPE_DIGEST);
XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(previous, P_HASH_MAX_SIZE);
wc_MemZero_Check(current, P_HASH_MAX_SIZE);
wc_MemZero_Check(hmac, sizeof(Hmac));
#endif #endif
return ret; return ret;
@ -225,39 +220,30 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
{ {
int ret = 0; int ret = 0;
word32 half = (secLen + 1) / 2; word32 half = (secLen + 1) / 2;
const byte* md5_half; const byte* md5_half;
const byte* sha_half; const byte* sha_half;
byte* md5_result; byte* md5_result;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
byte* sha_result; byte* sha_result;
byte* labelSeed;
#else #else
byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
#endif
#if !defined(WOLFSSL_ASYNC_CRYPT) || defined(WC_ASYNC_NO_HASH)
byte labelSeed[MAX_PRF_LABSEED]; byte labelSeed[MAX_PRF_LABSEED];
#else
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap);
if (labelSeed == NULL)
return MEMORY_E;
#endif #endif
if (half > MAX_PRF_HALF || if (half > MAX_PRF_HALF ||
labLen + seedLen > MAX_PRF_LABSEED || labLen + seedLen > MAX_PRF_LABSEED ||
digLen > MAX_PRF_DIG) digLen > MAX_PRF_DIG)
{ {
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH)
WC_FREE_VAR(labelSeed, heap);
#endif
return BUFFER_E; return BUFFER_E;
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST); sha_result = (byte*)XMALLOC(MAX_PRF_DIG, heap, DYNAMIC_TYPE_DIGEST);
if (sha_result == NULL) { labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_DIGEST);
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) if (sha_result == NULL || labelSeed == NULL) {
WC_FREE_VAR(labelSeed, heap); XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
#endif XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST);
return MEMORY_E; return MEMORY_E;
} }
#endif #endif
@ -283,14 +269,13 @@ int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
} }
} }
#ifdef WOLFSSL_SMALL_STACK #if defined(WOLFSSL_CHECK_MEM_ZERO)
XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(sha_result, MAX_PRF_DIG); wc_MemZero_Check(sha_result, MAX_PRF_DIG);
#endif #endif
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) #ifdef WOLFSSL_SMALL_STACK
WC_FREE_VAR(labelSeed, heap); XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST);
XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST);
#endif #endif
return ret; return ret;
@ -305,30 +290,37 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
int ret = 0; int ret = 0;
if (useAtLeastSha256) { if (useAtLeastSha256) {
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) #ifdef WOLFSSL_SMALL_STACK
WC_DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); byte* labelSeed;
if (labelSeed == NULL)
return MEMORY_E;
#else #else
byte labelSeed[MAX_PRF_LABSEED]; byte labelSeed[MAX_PRF_LABSEED];
#endif #endif
if (labLen + seedLen > MAX_PRF_LABSEED) if (labLen + seedLen > MAX_PRF_LABSEED) {
return BUFFER_E; return BUFFER_E;
}
#ifdef WOLFSSL_SMALL_STACK
labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, heap, DYNAMIC_TYPE_DIGEST);
if (labelSeed == NULL) {
return MEMORY_E;
}
#endif
XMEMCPY(labelSeed, label, labLen); XMEMCPY(labelSeed, label, labLen);
XMEMCPY(labelSeed + labLen, seed, seedLen); XMEMCPY(labelSeed + labLen, seed, seedLen);
/* If a cipher suite wants an algorithm better than sha256, it /* If a cipher suite wants an algorithm better than sha256, it
* should use better. */ * should use better. */
if (hash_type < sha256_mac || hash_type == blake2b_mac) if (hash_type < sha256_mac || hash_type == blake2b_mac) {
hash_type = sha256_mac; hash_type = sha256_mac;
}
/* compute PRF for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1.2 PRF */ /* compute PRF for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1.2 PRF */
ret = wc_PRF(digest, digLen, secret, secLen, labelSeed, ret = wc_PRF(digest, digLen, secret, secLen, labelSeed,
labLen + seedLen, hash_type, heap, devId); labLen + seedLen, hash_type, heap, devId);
#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) #ifdef WOLFSSL_SMALL_STACK
WC_FREE_VAR(labelSeed, heap); XFREE(labelSeed, heap, DYNAMIC_TYPE_DIGEST);
#endif #endif
} }
else { else {
@ -341,7 +333,6 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#endif #endif
} }
return ret; return ret;
} }
#endif /* WOLFSSL_HAVE_PRF */ #endif /* WOLFSSL_HAVE_PRF */