From fb5200aa95a5f693f9e1dd95ef529bab8b6d65b0 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 30 Apr 2014 15:01:10 -0700 Subject: [PATCH] 1. Added more options to the full commit test. 2. Cleanups from static analysis. --- commit-tests.sh | 2 +- ctaocrypt/src/hc128.c | 1 + ctaocrypt/src/pkcs7.c | 10 +- ctaocrypt/test/test.c | 492 ++++++++++++++++++++++++++++++++++-------- src/ssl.c | 3 + 5 files changed, 409 insertions(+), 99 deletions(-) diff --git a/commit-tests.sh b/commit-tests.sh index 551cffdb9..066f1d0d5 100755 --- a/commit-tests.sh +++ b/commit-tests.sh @@ -23,7 +23,7 @@ RESULT=$? # make sure full config is ok echo -e "\n\nTesting full config as well...\n\n" -./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512; +./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512 --enable-crl --enable-ocsp --enable-savesession --enable-savecert --enable-atomicuser --enable-pkcallbacks --enable-scep; RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1 diff --git a/ctaocrypt/src/hc128.c b/ctaocrypt/src/hc128.c index 885cdfcf3..4937d6eb9 100644 --- a/ctaocrypt/src/hc128.c +++ b/ctaocrypt/src/hc128.c @@ -338,6 +338,7 @@ static INLINE int DoProcess(HC128* ctx, byte* output, const byte* input, if (msglen > 0) { + XMEMSET(keystream, 0, sizeof(keystream)); /* hush the static analysis */ generate_keystream(ctx, keystream); #ifdef BIG_ENDIAN_ORDER diff --git a/ctaocrypt/src/pkcs7.c b/ctaocrypt/src/pkcs7.c index 5f83e12a2..1b0092797 100644 --- a/ctaocrypt/src/pkcs7.c +++ b/ctaocrypt/src/pkcs7.c @@ -585,11 +585,7 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) byte* content = NULL; byte* sig = NULL; byte* cert = NULL; - byte* signedAttr = NULL; - int contentSz = 0, sigSz = 0, certSz = 0, signedAttrSz = 0; - - (void)signedAttr; /* not used yet, just set */ - (void)signedAttrSz; + int contentSz = 0, sigSz = 0, certSz = 0; if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0) return BAD_FUNC_ARG; @@ -750,10 +746,6 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; - /* save pointer and length */ - signedAttr = &pkiMsg[idx]; - signedAttrSz = length; - idx += length; } diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 7e315cec4..e19675bd9 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -2792,44 +2792,87 @@ int rsa_test(void) FILE* pemFile; ret = InitRsaKey(&genKey, 0); - if (ret != 0) return -300; + if (ret != 0) + return -300; ret = MakeRsaKey(&genKey, 1024, 65537, &rng); if (ret != 0) return -301; der = (byte*)malloc(FOURK_BUF); - if (der == NULL) + if (der == NULL) { + FreeRsaKey(&genKey); return -307; + } pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(der); + FreeRsaKey(&genKey); return -308; + } derSz = RsaKeyToDer(&genKey, der, FOURK_BUF); - if (derSz < 0) + if (derSz < 0) { + free(der); + free(pem); return -302; + } keyFile = fopen("./key.der", "wb"); - if (!keyFile) + if (!keyFile) { + free(der); + free(pem); + FreeRsaKey(&genKey); return -303; - ret = (int)fwrite(der, derSz, 1, keyFile); + } + ret = (int)fwrite(der, 1, derSz, keyFile); fclose(keyFile); + if (ret != derSz) { + free(der); + free(pem); + FreeRsaKey(&genKey); + return -313; + } pemSz = DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(der); + free(pem); + FreeRsaKey(&genKey); return -304; + } pemFile = fopen("./key.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(der); + free(pem); + FreeRsaKey(&genKey); return -305; - ret = (int)fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); + if (ret != pemSz) { + free(der); + free(pem); + FreeRsaKey(&genKey); + return -314; + } ret = InitRsaKey(&derIn, 0); - if (ret != 0) return -3060; + if (ret != 0) { + free(der); + free(pem); + FreeRsaKey(&genKey); + return -3060; + } idx = 0; ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz); - if (ret != 0) + if (ret != 0) { + free(der); + free(pem); + FreeRsaKey(&derIn); + FreeRsaKey(&genKey); return -306; + } FreeRsaKey(&derIn); FreeRsaKey(&genKey); @@ -2857,8 +2900,10 @@ int rsa_test(void) if (derCert == NULL) return -309; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(derCert); return -310; + } InitCert(&myCert); @@ -2873,31 +2918,56 @@ int rsa_test(void) myCert.sigType = CTC_SHA256wRSA; certSz = MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng); - if (certSz < 0) + if (certSz < 0) { + free(derCert); + free(pem); return -401; + } #ifdef CYASSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) + if (ret != 0) { + free(derCert); + free(pem); return -402; + } FreeDecodedCert(&decode); #endif derFile = fopen("./cert.der", "wb"); - if (!derFile) + if (!derFile) { + free(derCert); + free(pem); return -403; - ret = (int)fwrite(derCert, certSz, 1, derFile); + } + ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); + if (ret != certSz) { + free(derCert); + free(pem); + return -414; + } pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(derCert); + free(pem); return -404; + } pemFile = fopen("./cert.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(derCert); + free(pem); return -405; - ret = (int)fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); + if (ret != pemSz) { + free(derCert); + free(pem); + return -406; + } free(pem); free(derCert); } @@ -2922,21 +2992,35 @@ int rsa_test(void) if (derCert == NULL) return -311; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(derCert); return -312; + } file3 = fopen(caKeyFile, "rb"); - if (!file3) + if (!file3) { + free(derCert); + free(pem); return -412; + } bytes3 = fread(tmp, 1, FOURK_BUF, file3); fclose(file3); ret = InitRsaKey(&caKey, 0); - if (ret != 0) return -411; + if (ret != 0) { + free(derCert); + free(pem); + return -411; + } ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) return -413; + if (ret != 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); + return -413; + } InitCert(&myCert); @@ -2949,41 +3033,81 @@ int rsa_test(void) strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); ret = SetIssuer(&myCert, caCertFile); - if (ret < 0) + if (ret < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -405; + } certSz = MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng); - if (certSz < 0) + if (certSz < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -407; + } certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, &caKey, NULL, &rng); - if (certSz < 0) + if (certSz < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -408; + } #ifdef CYASSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) + if (ret != 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -409; + } FreeDecodedCert(&decode); #endif derFile = fopen("./othercert.der", "wb"); - if (!derFile) + if (!derFile) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -410; - ret = (int)fwrite(derCert, certSz, 1, derFile); + } + ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); + if (ret != certSz) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); + return -416; + } pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -411; + } pemFile = fopen("./othercert.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -412; - ret = (int)fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); + if (ret != pemSz) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); + return -415; + } fclose(pemFile); free(pem); free(derCert); @@ -3002,7 +3126,7 @@ int rsa_test(void) int pemSz; size_t bytes3; word32 idx3 = 0; - FILE* file3 ; + FILE* file3; #ifdef CYASSL_TEST_CERT DecodedCert decode; #endif @@ -3011,20 +3135,29 @@ int rsa_test(void) if (derCert == NULL) return -5311; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(derCert); return -5312; + } file3 = fopen(eccCaKeyFile, "rb"); - if (!file3) + if (!file3) { + free(derCert); + free(pem); return -5412; + } bytes3 = fread(tmp, 1, FOURK_BUF, file3); fclose(file3); ecc_init(&caKey); ret = EccPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) return -5413; + if (ret != 0) { + free(derCert); + free(pem); + return -5413; + } InitCert(&myCert); myCert.sigType = CTC_SHA256wECDSA; @@ -3038,40 +3171,80 @@ int rsa_test(void) strncpy(myCert.subject.email, "info@wolfssl.com", CTC_NAME_SIZE); ret = SetIssuer(&myCert, eccCaCertFile); - if (ret < 0) + if (ret < 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5405; + } certSz = MakeCert(&myCert, derCert, FOURK_BUF, NULL, &caKey, &rng); - if (certSz < 0) + if (certSz < 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5407; + } certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, NULL, &caKey, &rng); - if (certSz < 0) + if (certSz < 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5408; + } #ifdef CYASSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) + if (ret != 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5409; + } FreeDecodedCert(&decode); #endif derFile = fopen("./certecc.der", "wb"); - if (!derFile) + if (!derFile) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5410; - ret = (int)fwrite(derCert, certSz, 1, derFile); + } + ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); + if (ret != certSz) { + free(pem); + free(derCert); + ecc_free(&caKey); + return -5414; + } pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5411; + } pemFile = fopen("./certecc.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(pem); + free(derCert); + ecc_free(&caKey); return -5412; - ret = (int)fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); + if (ret != pemSz) { + free(pem); + free(derCert); + ecc_free(&caKey); + return -5415; + } fclose(pemFile); free(pem); free(derCert); @@ -3090,8 +3263,7 @@ int rsa_test(void) FILE* ntruPrivFile; int certSz; int pemSz; - size_t bytes; - word32 idx = 0; + word32 idx3; #ifdef CYASSL_TEST_CERT DecodedCert decode; #endif @@ -3099,8 +3271,10 @@ int rsa_test(void) if (derCert == NULL) return -311; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(derCert); return -312; + } byte public_key[557]; /* sized for EES401EP2 */ word16 public_key_len; /* no. of octets in public key */ @@ -3112,33 +3286,53 @@ int rsa_test(void) }; word32 rc = crypto_drbg_instantiate(112, pers_str, sizeof(pers_str), GetEntropy, &drbg); - if (rc != DRBG_OK) + if (rc != DRBG_OK) { + free(derCert); + free(pem); return -450; + } rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, NULL, &private_key_len, NULL); - if (rc != NTRU_OK) + if (rc != NTRU_OK) { + free(derCert); + free(pem); return -451; + } rc = crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len, public_key, &private_key_len, private_key); crypto_drbg_uninstantiate(drbg); - if (rc != NTRU_OK) + if (rc != NTRU_OK) { + free(derCert); + free(pem); return -452; + } caFile = fopen(caKeyFile, "rb"); - if (!caFile) + if (!caFile) { + free(derCert); + free(pem); return -453; + } bytes = fread(tmp, 1, FOURK_BUF, caFile); fclose(caFile); ret = InitRsaKey(&caKey, 0); - if (ret != 0) return -459; - ret = RsaPrivateKeyDecode(tmp, &idx, &caKey, (word32)bytes); - if (ret != 0) return -454; + if (ret != 0) { + free(derCert); + free(pem); + return -459; + } + ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); + if (ret != 0) { + free(derCert); + free(pem); + return -454; + } InitCert(&myCert); @@ -3151,51 +3345,92 @@ int rsa_test(void) strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); ret = SetIssuer(&myCert, caCertFile); - if (ret < 0) + if (ret < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -455; + } certSz = MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key, public_key_len, &rng); - if (certSz < 0) + if (certSz < 0) { + free(derCert); + free(pem); + FreeRsaKey(&caKey); return -456; + } certSz = SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, &caKey, NULL, &rng); - if (certSz < 0) + FreeRsaKey(&caKey); + if (certSz < 0) { + free(derCert); + free(pem); return -457; + } #ifdef CYASSL_TEST_CERT InitDecodedCert(&decode, derCert, certSz, 0); ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) + if (ret != 0) { + free(derCert); + free(pem); return -458; + } FreeDecodedCert(&decode); #endif derFile = fopen("./ntru-cert.der", "wb"); - if (!derFile) + if (!derFile) { + free(derCert); + free(pem); return -459; - ret = fwrite(derCert, certSz, 1, derFile); + } + ret = (int)fwrite(derCert, 1, certSz, derFile); fclose(derFile); + if (ret != certSz) { + free(derCert); + free(pem); + return -473; + } pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(derCert); + free(pem); return -460; + } pemFile = fopen("./ntru-cert.pem", "wb"); - if (!pemFile) + if (!pemFile) { + free(derCert); + free(pem); return -461; - ret = fwrite(pem, pemSz, 1, pemFile); + } + ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); + if (ret != pemSz) { + free(derCert); + free(pem); + return -474; + } ntruPrivFile = fopen("./ntru-key.raw", "wb"); - if (!ntruPrivFile) + if (!ntruPrivFile) { + free(derCert); + free(pem); return -462; - ret = fwrite(private_key, private_key_len, 1, ntruPrivFile); + } + ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile); fclose(ntruPrivFile); + if (ret != private_key_len) { + free(pem); + free(derCert); + return -475; + } free(pem); free(derCert); - FreeRsaKey(&caKey); } #endif /* HAVE_NTRU */ #ifdef CYASSL_CERT_REQ @@ -3211,8 +3446,10 @@ int rsa_test(void) if (der == NULL) return -463; pem = (byte*)malloc(FOURK_BUF); - if (pem == NULL) + if (pem == NULL) { + free(der); return -464; + } InitCert(&req); @@ -3229,30 +3466,55 @@ int rsa_test(void) req.sigType = CTC_SHA256wRSA; derSz = MakeCertReq(&req, der, FOURK_BUF, &key, NULL); - if (derSz < 0) + if (derSz < 0) { + free(pem); + free(der); return -465; + } derSz = SignCert(req.bodySz, req.sigType, der, FOURK_BUF, &key, NULL, &rng); - if (derSz < 0) + if (derSz < 0) { + free(pem); + free(der); return -466; + } pemSz = DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE); - if (pemSz < 0) + if (pemSz < 0) { + free(pem); + free(der); return -467; + } reqFile = fopen("./certreq.der", "wb"); - if (!reqFile) + if (!reqFile) { + free(pem); + free(der); return -468; + } - ret = (int)fwrite(der, derSz, 1, reqFile); + ret = (int)fwrite(der, 1, derSz, reqFile); fclose(reqFile); + if (ret != derSz) { + free(pem); + free(der); + return -471; + } reqFile = fopen("./certreq.pem", "wb"); - if (!reqFile) + if (!reqFile) { + free(pem); + free(der); return -469; - ret = (int)fwrite(pem, pemSz, 1, reqFile); + } + ret = (int)fwrite(pem, 1, pemSz, reqFile); fclose(reqFile); + if (ret != pemSz) { + free(pem); + free(der); + return -470; + } free(pem); free(der); @@ -3855,6 +4117,10 @@ int ecc_test(void) ecc_init(&pubKey); ret = ecc_make_key(&rng, 32, &userA); + + if (ret != 0) + return -1014; + ret = ecc_make_key(&rng, 32, &userB); if (ret != 0) @@ -3863,6 +4129,9 @@ int ecc_test(void) x = sizeof(sharedA); ret = ecc_shared_secret(&userA, &userB, sharedA, &x); + if (ret != 0) + return -1015; + y = sizeof(sharedB); ret = ecc_shared_secret(&userB, &userA, sharedB, &y); @@ -3901,6 +4170,9 @@ int ecc_test(void) x = sizeof(sig); ret = ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &userA); + if (ret != 0) + return -1016; + verify = 0; ret = ecc_verify_hash(sig, x, digest, sizeof(digest), &verify, &userA); @@ -4200,21 +4472,29 @@ int pkcs7enveloped_test(void) return -201; privKey = (byte*)malloc(FOURK_BUF); - if (privKey == NULL) + if (privKey == NULL) { + free(cert); return -202; + } certFile = fopen(clientCert, "rb"); - if (!certFile) + if (!certFile) { + free(cert); + free(privKey); err_sys("can't open ./certs/client-cert.der, " "Please run from CyaSSL home dir", -42); + } certSz = fread(cert, 1, FOURK_BUF, certFile); fclose(certFile); keyFile = fopen(clientKey, "rb"); - if (!keyFile) + if (!keyFile) { + free(cert); + free(privKey); err_sys("can't open ./certs/client-key.der, " "Please run from CyaSSL home dir", -43); + } privKeySz = fread(privKey, 1, FOURK_BUF, keyFile); fclose(keyFile); @@ -4230,24 +4510,35 @@ int pkcs7enveloped_test(void) /* encode envelopedData */ envelopedSz = PKCS7_EncodeEnvelopedData(&pkcs7, enveloped, sizeof(enveloped)); - if (envelopedSz <= 0) + if (envelopedSz <= 0) { + free(cert); + free(privKey); return -203; + } /* decode envelopedData */ decodedSz = PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, decoded, sizeof(decoded)); - if (decodedSz <= 0) + if (decodedSz <= 0) { + free(cert); + free(privKey); return -204; + } /* test decode result */ if (memcmp(decoded, data, sizeof(data)) != 0) { + free(cert); + free(privKey); return -205; } /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(pkcs7OutFile, "wb"); - if (!pkcs7File) + if (!pkcs7File) { + free(cert); + free(privKey); return -206; + } ret = (int)fwrite(enveloped, envelopedSz, 1, pkcs7File); fclose(pkcs7File); @@ -4302,15 +4593,19 @@ int pkcs7signed_test(void) outSz = FOURK_BUF; certDer = (byte*)malloc(FOURK_BUF); - keyDer = (byte*)malloc(FOURK_BUF); - out = (byte*)malloc(FOURK_BUF); - if (certDer == NULL) return -207; - if (keyDer == NULL) + keyDer = (byte*)malloc(FOURK_BUF); + if (keyDer == NULL) { + free(certDer); return -208; - if (out == NULL) + } + out = (byte*)malloc(FOURK_BUF); + if (out == NULL) { + free(certDer); + free(keyDer); return -209; + } /* read in DER cert of recipient, into cert of size certSz */ file = fopen(clientCert, "rb"); @@ -4336,15 +4631,23 @@ int pkcs7signed_test(void) fclose(file); ret = InitRng(&rng); - if (ret != 0) + if (ret != 0) { + free(certDer); + free(keyDer); + free(out); return -210; + } senderNonce[0] = 0x04; senderNonce[1] = PKCS7_NONCE_SZ; ret = RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); - if (ret != 0) + if (ret != 0) { + free(certDer); + free(keyDer); + free(out); return -211; + } PKCS7_InitWithCert(&msg, certDer, certDerSz); msg.privateKey = keyDer; @@ -4365,8 +4668,12 @@ int pkcs7signed_test(void) transId[1] = SHA_DIGEST_SIZE * 2; ret = InitSha(&sha); - if (ret != 0) + if (ret != 0) { + free(certDer); + free(keyDer); + free(out); return -4003; + } ShaUpdate(&sha, msg.publicKey, msg.publicKeySz); ShaFinal(&sha, digest); @@ -4396,6 +4703,13 @@ int pkcs7signed_test(void) } ret = (int)fwrite(out, 1, outSz, file); fclose(file); + if (ret != (int)outSz) { + free(certDer); + free(keyDer); + free(out); + PKCS7_Free(&msg); + return -218; + } PKCS7_Free(&msg); PKCS7_InitWithCert(&msg, NULL, 0); diff --git a/src/ssl.c b/src/ssl.c index 87be69cb7..39726a92f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3280,6 +3280,9 @@ int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format) int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file) { CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file"); + if (ctx == NULL) + return SSL_FAILURE; + if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL) == SSL_SUCCESS) { ctx->haveNTRU = 1;