diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c index 371aaa6cc..0aa8631b5 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c @@ -118,7 +118,7 @@ int construct_argv() __argv[cnt] = malloc(10); sprintf(__argv[cnt], "benchmark"); - __argv[9] = '\0'; + __argv[cnt][9] = '\0'; cnt = 1; while (*ch != '\0') diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c index d5636b493..6a9a345d3 100644 --- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c +++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c @@ -197,6 +197,7 @@ FILE * wolfSSL_fopen(const char *name, const char *openmode) #define PATHSIZE 100 char path[PATHSIZE] ; char *p ; + if (name == NULL) return NULL; if(strlen(name) > PATHSIZE)return(NULL) ; for(i = 0; i<= strlen(name); i++) { diff --git a/IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c b/IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c index 695370deb..0c0e9cb24 100644 --- a/IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c +++ b/IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c @@ -323,9 +323,7 @@ int wolfssl_server_accept_tcp(WOLFSSL* ssl, SOCKET_T* fd, SOCKET_T* acceptfd) if (ret == 0) { *acceptfd = clientfd; tcp_set_nonblocking(&clientfd); - } - if (ret == 0) { printf("Server has client\n"); if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) ret = -1; diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 88866b18e..27e034a65 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -89,7 +89,7 @@ void echoclient_test(void* args) int argc = 0; char** argv = 0; #endif - word16 port = yasslPort; + word16 port; char buffer[CYASSL_MAX_ERROR_SZ]; ((func_args*)args)->return_code = -1; /* error state */ @@ -126,6 +126,8 @@ void echoclient_test(void* args) #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_SHELL) port = ((func_args*)args)->signal->port; +#else + port = yasslPort; #endif #if defined(CYASSL_DTLS) diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 6ca547087..63075cfd3 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -238,7 +238,7 @@ static int check_md5(void) return -1; } - if (ret == 0 && memcmp(mcDigest, defDigest, CRYPT_MD5_DIGEST_SIZE) != 0) { + if (memcmp(mcDigest, defDigest, CRYPT_MD5_DIGEST_SIZE) != 0) { printf("md5 final memcmp failed\n"); return -1; } diff --git a/src/bio.c b/src/bio.c index c82702e18..979029fa4 100644 --- a/src/bio.c +++ b/src/bio.c @@ -230,15 +230,15 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) if (bio->ptr) { ret = (int)XFREAD(buf, 1, len, (XFILE)bio->ptr); } + else { #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - else { ret = (int)XREAD(bio->num, buf, len); - } #else - WOLFSSL_MSG("No file pointer and XREAD not enabled"); - ret = NOT_COMPILED_IN; + WOLFSSL_MSG("No file pointer and XREAD not enabled"); + ret = NOT_COMPILED_IN; #endif + } #else WOLFSSL_MSG("WOLFSSL_BIO_FILE used with NO_FILESYSTEM"); ret = NOT_COMPILED_IN; @@ -541,9 +541,11 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) { int ret = 0; +#ifdef WOLFSSL_BASE64_ENCODE /* Use extra return var as we want to return how much of input we have * written, not how big the base64 encoding ended up being */ int retB64 = 0; +#endif WOLFSSL_BIO* front = bio; void* frmt = NULL; word32 frmtSz = 0; @@ -594,15 +596,15 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) if (bio->ptr) { ret = (int)XFWRITE(data, 1, len, (XFILE)bio->ptr); } + else { #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - else { ret = (int)XWRITE(bio->num, data, len); - } #else - WOLFSSL_MSG("No file pointer and XWRITE not enabled"); - ret = NOT_COMPILED_IN; + WOLFSSL_MSG("No file pointer and XWRITE not enabled"); + ret = NOT_COMPILED_IN; #endif + } #else WOLFSSL_MSG("WOLFSSL_BIO_FILE used with NO_FILESYSTEM"); ret = NOT_COMPILED_IN; @@ -659,9 +661,11 @@ exit_chain: XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); } +#ifdef WOLFSSL_BASE64_ENCODE if (retB64 > 0 && ret > 0) return retB64; else +#endif return ret; } diff --git a/src/internal.c b/src/internal.c index c64972677..d3e105a58 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1715,9 +1715,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->minEccKeySz = MIN_ECCKEY_SZ; ctx->eccTempKeySz = ECDHE_SIZE; #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) ctx->verifyDepth = MAX_CHAIN_DEPTH; -#endif #ifdef OPENSSL_EXTRA ctx->cbioFlag = WOLFSSL_CBIO_NONE; #endif @@ -1866,11 +1864,6 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT; #endif -#ifdef HAVE_WOLF_EVENT - if (ret == 0) - ret = wolfEventQueue_Init(&ctx->event_queue); -#endif /* HAVE_WOLF_EVENT */ - #ifdef WOLFSSL_EARLY_DATA ctx->maxEarlyDataSz = MAX_EARLY_DATA_SZ; #endif @@ -1880,7 +1873,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) #endif ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */ - ctx->verifyDepth = MAX_CHAIN_DEPTH; + +#ifdef HAVE_WOLF_EVENT + ret = wolfEventQueue_Init(&ctx->event_queue); +#endif /* HAVE_WOLF_EVENT */ return ret; } @@ -5832,9 +5828,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->wfd = -1; ssl->devId = ctx->devId; /* device for async HW (from wolfAsync_DevOpen) */ - ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */ - ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */ - #ifdef HAVE_NETX ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */ ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */ @@ -5848,7 +5841,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #elif defined (WOLFSSL_GNRC) ssl->IOCB_ReadCtx = ssl->gnrcCtx; ssl->IOCB_WriteCtx = ssl->gnrcCtx; +#else + ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */ + ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */ #endif + /* initialize states */ ssl->options.serverState = NULL_STATE; ssl->options.clientState = NULL_STATE; @@ -6256,10 +6253,6 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey) return BAD_FUNC_ARG; } - if (sz == 0) { - return NOT_COMPILED_IN; - } - /* Allocate memory for key */ *pKey = (void *)XMALLOC(sz, ssl->heap, type); if (*pKey == NULL) { @@ -8557,10 +8550,8 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size) the header, if the user wants encrypted alignment they need to define their alignment requirement */ - if (align) { - while (align < hdrSz) - align *= 2; - } + while (align < hdrSz) + align *= 2; #endif tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align, @@ -11771,8 +11762,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Check peer's certificate version number. TLS 1.2 / 1.3 * requires the clients certificate be version 3 unless a * different version has been negotiated using RFC 7250 */ - if ((ret == 0) && - (ssl->options.side == WOLFSSL_SERVER_END)) { + if (ssl->options.side == WOLFSSL_SERVER_END) { if (args->dCert->version != WOLFSSL_X509_V3) { WOLFSSL_MSG("Peers certificate was not version 3!"); args->lastErr = ASN_VERSION_E; @@ -17048,7 +17038,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int epochOrder) { #ifndef WOLFSSL_NO_TLS12 - int ret = 0; + int ret; BuildMsgArgs* args; BuildMsgArgs lcl_args; #ifdef WOLFSSL_ASYNC_CRYPT @@ -17075,8 +17065,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } #endif - ret = WC_NOT_PENDING_E; #ifdef WOLFSSL_ASYNC_CRYPT + ret = WC_NOT_PENDING_E; if (asyncOkay) { ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState); if (ret != WC_NOT_PENDING_E) { @@ -17092,7 +17082,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } /* Reset state */ - if (ret == WC_NOT_PENDING_E) { +#ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NOT_PENDING_E) +#endif + { ret = 0; ssl->options.buildMsgState = BUILD_MSG_BEGIN; XMEMSET(args, 0, sizeof(BuildMsgArgs)); @@ -18584,7 +18577,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) int sent = 0, /* plainText size */ sendSz, ret; +#if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) int groupMsgs = 0; +#endif if (ssl->error == WANT_WRITE #ifdef WOLFSSL_ASYNC_CRYPT @@ -18635,7 +18630,11 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } /* last time system socket output buffer was full, try again to send */ - if (!groupMsgs && ssl->buffers.outputBuffer.length > 0) { + if (ssl->buffers.outputBuffer.length > 0 + #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) + && !groupMsgs + #endif + ) { WOLFSSL_MSG("output buffer was full, trying to send again"); if ( (ssl->error = SendBuffered(ssl)) < 0) { WOLFSSL_ERROR(ssl->error); @@ -21972,19 +21971,20 @@ exit_dpk: /* Make sure client setup is valid for this suite, true on success */ int VerifyClientSuite(WOLFSSL* ssl) { - int havePSK = 0; + #ifndef NO_PSK + int havePSK = ssl->options.havePSK; + #endif byte first = ssl->options.cipherSuite0; byte second = ssl->options.cipherSuite; WOLFSSL_ENTER("VerifyClientSuite"); - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #endif - if (CipherRequires(first, second, REQUIRES_PSK)) { WOLFSSL_MSG("Requires PSK"); - if (havePSK == 0) { + #ifndef NO_PSK + if (havePSK == 0) + #endif + { WOLFSSL_MSG("Don't have PSK"); return 0; } @@ -24191,7 +24191,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) case TLS_ASYNC_BUILD: { args->encSz = MAX_ENCRYPT_SZ; - args->encSecret = (byte*)XMALLOC(args->encSz, ssl->heap, + args->encSecret = (byte*)XMALLOC(MAX_ENCRYPT_SZ, ssl->heap, DYNAMIC_TYPE_SECRET); if (args->encSecret == NULL) { ERROR_OUT(MEMORY_E, exit_scke); @@ -25275,7 +25275,7 @@ int SendCertificateVerify(WOLFSSL* ssl) /* build encoded signature buffer */ ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ; - ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length, + ssl->buffers.sig.buffer = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, ssl->heap, DYNAMIC_TYPE_SIGNATURE); if (ssl->buffers.sig.buffer == NULL) { ERROR_OUT(MEMORY_E, exit_scv); @@ -25325,9 +25325,10 @@ int SendCertificateVerify(WOLFSSL* ssl) } #ifndef NO_OLD_TLS else { - /* if old TLS load MD5 and SHA hash as value to sign */ + /* if old TLS load MD5 and SHA hash as value to sign + * MD5 and SHA must be first two buffers in stucture */ XMEMCPY(ssl->buffers.sig.buffer, - (byte*)ssl->hsHashes->certHashes.md5, FINISHED_SZ); + (byte*)&ssl->hsHashes->certHashes, FINISHED_SZ); } #endif @@ -25817,7 +25818,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; int sendSz; byte sessIdSz = ID_LEN; + #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET) byte echoId = 0; /* ticket echo id flag */ + #endif byte cacheOff = 0; /* session cache off flag */ WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND); @@ -25862,7 +25865,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* if no session cache don't send a session ID unless we're echoing * an ID as part of session tickets */ - if (echoId == 0 && cacheOff == 1) { + if (cacheOff == 1 + #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET) + && echoId == 0 + #endif + ) { length -= ID_LEN; /* adjust ID_LEN assumption */ sessIdSz = 0; } @@ -26547,7 +26554,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN; args->exportSz = MAX_EXPORT_ECC_SZ; - args->exportBuf = (byte*)XMALLOC(args->exportSz, + args->exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, ssl->heap, DYNAMIC_TYPE_DER); if (args->exportBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); @@ -26656,7 +26663,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Export temp ECC key and add to length */ args->exportSz = MAX_EXPORT_ECC_SZ; - args->exportBuf = (byte*)XMALLOC(args->exportSz, + args->exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, ssl->heap, DYNAMIC_TYPE_DER); if (args->exportBuf == NULL) { ERROR_OUT(MEMORY_E, exit_sske); @@ -27635,7 +27642,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, static int VerifyServerSuite(WOLFSSL* ssl, word16 idx) { int haveRSA = !ssl->options.haveStaticECC; - int havePSK = 0; + #ifndef NO_PSK + int havePSK = ssl->options.havePSK; + #endif byte first; byte second; @@ -27649,10 +27658,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, first = ssl->suites->suites[idx]; second = ssl->suites->suites[idx+1]; - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #endif - if (ssl->options.haveNTRU) haveRSA = 0; @@ -27690,7 +27695,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (CipherRequires(first, second, REQUIRES_PSK)) { WOLFSSL_MSG("Requires PSK"); - if (havePSK == 0) { + #ifndef NO_PSK + if (havePSK == 0) + #endif + { WOLFSSL_MSG("Don't have PSK"); return 0; } diff --git a/src/ssl.c b/src/ssl.c index 645d21cd2..358e9aa01 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2123,6 +2123,9 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) WOLFSSL_ENTER("wolfSSL_read()"); #ifdef OPENSSL_EXTRA + if (ssl == NULL) { + return BAD_FUNC_ARG; + } if (ssl->CBIS != NULL) { ssl->CBIS(ssl, SSL_CB_READ, WOLFSSL_SUCCESS); ssl->cbmode = SSL_CB_READ; @@ -2837,7 +2840,9 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl) #endif } +#ifdef HAVE_SESSION_TICKET if (ret == WOLFSSL_SUCCESS) +#endif ret = _Rehandshake(ssl); return ret; @@ -8287,7 +8292,7 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl) if (ret == 0 && der.keyOID == RSAk) { ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, der.publicKey, der.pubKeySize); - if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) + if (ret == 0) ret = WOLFSSL_SUCCESS; wc_FreeRsaKey((RsaKey*)pkey); } @@ -8296,7 +8301,7 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl) if (ret == 0 && der.keyOID == ECDSAk) { ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, der.publicKey, der.pubKeySize); - if (ret == 0 && ret != CRYPTOCB_UNAVAILABLE) + if (ret == 0) ret = WOLFSSL_SUCCESS; wc_ecc_free((ecc_key*)pkey); } @@ -13792,7 +13797,7 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) { - if (ssl->options.sessionCacheOff) + if (ssl == NULL || ssl->options.sessionCacheOff) return WOLFSSL_FAILURE; #ifdef OPENSSL_EXTRA @@ -16746,10 +16751,12 @@ int wolfSSL_get_server_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey) #endif *pkey = ret; - if (ret == NULL) - return WOLFSSL_FAILURE; - else +#ifdef HAVE_ECC + if (ret != NULL) return WOLFSSL_SUCCESS; + else +#endif + return WOLFSSL_FAILURE; } #endif /* !NO_WOLFSSL_SERVER */ @@ -18854,7 +18861,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) * don't */ static void ExternalFreeX509(WOLFSSL_X509* x509) { +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) int doFree = 0; +#endif WOLFSSL_ENTER("ExternalFreeX509"); if (x509) { @@ -18871,11 +18880,12 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (x509->refCount == 0) doFree = 1; wc_UnLockMutex(&x509->refMutex); - #else - doFree = 1; - #endif /* OPENSSL_EXTRA */ + #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ - if (doFree) { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + if (doFree) + #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ + { FreeX509(x509); XFREE(x509, x509->heap, DYNAMIC_TYPE_X509); } @@ -22943,7 +22953,8 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, return textSz; } - if (buf != NULL && text != NULL) { + /* buf is not NULL from above */ + if (text != NULL) { textSz = min(textSz + 1, len); /* + 1 to account for null char */ if (textSz > 0) { XMEMCPY(buf, text, textSz - 1); @@ -32173,8 +32184,13 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng) !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING) rng = ((RsaKey*)rsa->internal)->rng; #endif - if (rng == NULL && tmpRNG) { - if (!*tmpRNG) { + if (tmpRNG != NULL + #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \ + !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING) + && rng == NULL + #endif + ) { + if (*tmpRNG == NULL) { #ifdef WOLFSSL_SMALL_STACK *tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (*tmpRNG == NULL) @@ -32434,35 +32450,28 @@ int wolfSSL_RAND_egd(const char* nm) #endif return WOLFSSL_FATAL_ERROR; } - if (ret == WOLFSSL_SUCCESS) { - rem.sun_family = AF_UNIX; - XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path) - 1); - rem.sun_path[sizeof(rem.sun_path)-1] = '\0'; - } + rem.sun_family = AF_UNIX; + XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path) - 1); + rem.sun_path[sizeof(rem.sun_path)-1] = '\0'; /* connect to egd server */ - if (ret == WOLFSSL_SUCCESS) { - if (connect(fd, (struct sockaddr*)&rem, sizeof(struct sockaddr_un)) - == -1) { - WOLFSSL_MSG("error connecting to egd server"); - ret = WOLFSSL_FATAL_ERROR; - } + if (connect(fd, (struct sockaddr*)&rem, sizeof(struct sockaddr_un)) == -1) { + WOLFSSL_MSG("error connecting to egd server"); + ret = WOLFSSL_FATAL_ERROR; } while (ret == WOLFSSL_SUCCESS && bytes < 255 && idx + 2 < 256) { - if (ret == WOLFSSL_SUCCESS) { - buf[idx] = WOLFSSL_EGD_NBLOCK; - buf[idx + 1] = 255 - bytes; /* request 255 bytes from server */ - ret = (int)write(fd, buf + idx, 2); - if (ret <= 0 || ret != 2) { - if (errno == EAGAIN) { - ret = WOLFSSL_SUCCESS; - continue; - } - WOLFSSL_MSG("error requesting entropy from egd server"); - ret = WOLFSSL_FATAL_ERROR; - break; + buf[idx] = WOLFSSL_EGD_NBLOCK; + buf[idx + 1] = 255 - bytes; /* request 255 bytes from server */ + ret = (int)write(fd, buf + idx, 2); + if (ret != 2) { + if (errno == EAGAIN) { + ret = WOLFSSL_SUCCESS; + continue; } + WOLFSSL_MSG("error requesting entropy from egd server"); + ret = WOLFSSL_FATAL_ERROR; + break; } /* attempting to read */ @@ -43367,7 +43376,9 @@ err: const char* headerEnd = NULL; const char* footer = NULL; const char* footerEnd = NULL; + #ifdef HAVE_CRL DerBuffer* der = NULL; + #endif (void)cb; @@ -43397,9 +43408,10 @@ err: /* Read the header and footer */ while (wolfSSL_BIO_read(bio, &pem[i], 1) == 1) { i++; - if (!header) + if (!header) { header = XSTRNSTR(pem, "-----BEGIN ", (unsigned int)i); - else if (header) { + } + else { if (!headerEnd) { headerEnd = XSTRNSTR(header + XSTR_SIZEOF("-----BEGIN "), "-----", @@ -43463,7 +43475,7 @@ err: goto err; } } -#ifdef HAVE_CRL + #ifdef HAVE_CRL else if (headerEnd - header == XSTR_SIZEOF("-----BEGIN X509 CRL-----") && XMEMCMP(header, "-----BEGIN X509 CRL-----", @@ -43481,7 +43493,7 @@ err: goto err; } } -#endif + #endif else { /* TODO support WOLFSSL_X509_PKEY as well */ WOLFSSL_MSG("Unsupported PEM structure"); @@ -43490,14 +43502,18 @@ err: } XFREE(pem, 0, DYNAMIC_TYPE_PEM); + #ifdef HAVE_CRL if (der) FreeDer(&der); + #endif return WOLFSSL_SUCCESS; err: if (pem) XFREE(pem, 0, DYNAMIC_TYPE_PEM); + #ifdef HAVE_CRL if (der) FreeDer(&der); + #endif return WOLFSSL_FAILURE; #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ } @@ -54855,7 +54871,10 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, oidSz = 0; } - if (ret >= 0) { + #ifdef HAVE_ECC + if (ret >= 0) + #endif + { ret = wc_CreatePKCS8Key(key, &keySz, (byte*)pkey->pkey.ptr, pkey->pkey_sz, algId, curveOid, oidSz); keySz = ret; @@ -55233,7 +55252,7 @@ int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s) int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) { byte* p = NULL; - int derSz; + int derSz = 0; WOLFSSL_ENTER("wolfSSL_X509_set_pubkey"); if (cert == NULL || pkey == NULL) diff --git a/src/tls.c b/src/tls.c index 3ffa417f7..fca7730bb 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5135,8 +5135,10 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input, WOLFSSL_MSG("Process client ticket rejected, bad TLS version"); ssl->options.rejectTicket = 1; ret = 0; /* not fatal */ - } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) { + } else if (ret == WOLFSSL_TICKET_RET_FATAL) { WOLFSSL_MSG("Process client ticket fatal error, not using"); + } else if (ret < 0) { + WOLFSSL_MSG("Process client ticket unknown error, not using"); } } } @@ -10242,6 +10244,9 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) } } } + if (ret != 0) { + return ret; + } #endif #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) diff --git a/src/tls13.c b/src/tls13.c index 6b476dbf1..d631a6543 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2303,7 +2303,7 @@ static void FreeBuildMsg13Args(WOLFSSL* ssl, void* pArgs) int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay) { - int ret = 0; + int ret; BuildMsg13Args* args; BuildMsg13Args lcl_args; #ifdef WOLFSSL_ASYNC_CRYPT @@ -2314,8 +2314,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, WOLFSSL_ENTER("BuildTls13Message"); - ret = WC_NOT_PENDING_E; #ifdef WOLFSSL_ASYNC_CRYPT + ret = WC_NOT_PENDING_E; if (asyncOkay) { ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState); if (ret != WC_NOT_PENDING_E) { @@ -2331,7 +2331,10 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } /* Reset state */ - if (ret == WC_NOT_PENDING_E) { +#ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NOT_PENDING_E) +#endif + { ret = 0; ssl->options.buildMsgState = BUILD_MSG_BEGIN; XMEMSET(args, 0, sizeof(BuildMsg13Args)); @@ -3292,8 +3295,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return INVALID_PARAMETER; } -#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (*extMsgType == server_hello) { +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); if (ext != NULL) psk = (PreSharedKey*)ext->data; @@ -3306,10 +3309,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } else if ((ret = SetupPskKey(ssl, psk)) != 0) return ret; - } #endif - if (*extMsgType == server_hello) { ssl->keys.encryptionOn = 1; ssl->options.serverState = SERVER_HELLO_COMPLETE; } @@ -3356,7 +3357,7 @@ static int DoTls13EncryptedExtensions(WOLFSSL* ssl, const byte* input, #endif /* Length field of extension data. */ - if (totalSz < i - begin + OPAQUE16_LEN) + if (totalSz < OPAQUE16_LEN) return BUFFER_ERROR; ato16(&input[i], &totalExtSz); i += OPAQUE16_LEN; @@ -3433,7 +3434,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, if (ssl->toInfoOn) AddLateName("CertificateRequest", &ssl->timeoutInfo); #endif - if ((*inOutIdx - begin) + OPAQUE8_LEN > size) + if (OPAQUE8_LEN > size) return BUFFER_ERROR; /* Length of the request context. */ @@ -3733,6 +3734,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, continue; } + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) ssl->options.sendVerify = 0; /* Derive the Finished message secret. */ @@ -3755,6 +3757,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, current->chosen = 1; ext->resp = 1; break; + #endif } /* Hash the rest of the ClientHello. */ @@ -3762,7 +3765,10 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, if (ret != 0) return ret; - if (current == NULL) { +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + if (current == NULL) +#endif + { #ifdef WOLFSSL_PSK_ID_PROTECTION #ifndef NO_CERTS if (ssl->buffers.certChainCnt != 0) @@ -4098,9 +4104,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 i = *inOutIdx; word32 begin = i; word16 totalExtSz = 0; - int usingPSK = 0; byte sessIdSz = 0; int wantDowngrade = 0; +#if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \ + defined(HAVE_TLS_EXTENSIONS) + int usingPSK = 0; +#endif WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO); WOLFSSL_ENTER("DoTls13ClientHello"); @@ -4114,7 +4123,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* protocol version, random and session id length check */ - if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz) + if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz) return BUFFER_ERROR; /* Protocol version */ @@ -4298,7 +4307,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } - if (!usingPSK) { +#if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \ + defined(HAVE_TLS_EXTENSIONS) + if (!usingPSK) +#endif + { /* Not using PSK so don't require no KE. */ ssl->options.noPskDheKe = 0; @@ -5119,7 +5132,9 @@ static int SendTls13Certificate(WOLFSSL* ssl) word32 offset = OPAQUE16_LEN; byte* p = NULL; byte certReqCtxLen = 0; +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH byte* certReqCtx = NULL; +#endif #ifdef OPENSSL_EXTRA WOLFSSL_X509* x509 = NULL; @@ -5249,10 +5264,12 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* Request context. */ output[i++] = certReqCtxLen; + #ifdef WOLFSSL_POST_HANDSHAKE_AUTH if (certReqCtxLen > 0) { XMEMCPY(output + i, certReqCtx, certReqCtxLen); i += certReqCtxLen; } + #endif length -= OPAQUE8_LEN + certReqCtxLen; fragSz -= OPAQUE8_LEN + certReqCtxLen; /* Certificate list length. */ @@ -8426,17 +8443,18 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl, */ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) { +#if !defined(NO_CERTS) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) word16 havePSK = 0; +#endif WOLFSSL_ENTER("SSL_accept_TLSv13()"); #ifdef HAVE_ERRNO_H errno = 0; #endif -#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) +#if !defined(NO_CERTS) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) havePSK = ssl->options.havePSK; #endif - (void)havePSK; if (ssl->options.side != WOLFSSL_SERVER_END) { WOLFSSL_ERROR(ssl->error = SIDE_ERROR); @@ -8457,7 +8475,10 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) #ifndef NO_CERTS /* allow no private key if using PK callbacks and CB is set */ - if (!havePSK) { +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + if (!havePSK) +#endif + { if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) { @@ -8478,7 +8499,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; } } -#endif +#endif /* NO_CERTS */ if (ssl->buffers.outputBuffer.length > 0 #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/tests/api.c b/tests/api.c index 480585ea7..33f699ae2 100644 --- a/tests/api.c +++ b/tests/api.c @@ -19110,7 +19110,7 @@ static int test_wc_curve25519_make_key (void) /* * Testing wc_curve25519_shared_secret_ex */ -static int test_wc_curve25519_shared_secret_ex (void) +static int test_wc_curve25519_shared_secret_ex(void) { int ret = 0; #if defined(HAVE_CURVE25519) @@ -19126,9 +19126,9 @@ static int test_wc_curve25519_shared_secret_ex (void) ret = wc_curve25519_init(&private_key); if (ret == 0) { ret = wc_InitRng(&rng); - if (ret == 0) { - ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key); - } + } + if (ret == 0) { + ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key); @@ -19142,6 +19142,9 @@ static int test_wc_curve25519_shared_secret_ex (void) if (ret == 0) { ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian); + if (ret == 0) { + ret = -1; + } if (ret == BAD_FUNC_ARG) { ret = 0; } @@ -19149,28 +19152,40 @@ static int test_wc_curve25519_shared_secret_ex (void) if (ret == 0) { ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen, endian); - if (ret == BAD_FUNC_ARG) { + if (ret == 0) { + ret = -1; + } + else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen, endian); - if (ret == BAD_FUNC_ARG) { + if (ret == 0) { + ret = -1; + } + else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL, &outLen, endian); - if (ret == BAD_FUNC_ARG) { + if (ret == 0) { + ret = -1; + } + else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, NULL, endian); - if (ret == BAD_FUNC_ARG) { + if (ret == 0) { + ret = -1; + } + else if (ret == BAD_FUNC_ARG) { ret = 0; } } @@ -19181,7 +19196,10 @@ static int test_wc_curve25519_shared_secret_ex (void) public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F; ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); - if (ret == ECC_BAD_ARG_E) { + if (ret == 0) { + ret = -1; + } + else if (ret == ECC_BAD_ARG_E) { ret = 0; } } @@ -19190,7 +19208,10 @@ static int test_wc_curve25519_shared_secret_ex (void) if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); - if (ret == BAD_FUNC_ARG) { + if (ret == 0) { + ret = -1; + } + else if (ret == BAD_FUNC_ARG) { ret = 0; } } @@ -23293,6 +23314,9 @@ static int test_wc_SetSubjectBuffer (void) derSz = (word32)XFREAD(der, 1, FOURK_BUF, file); XFCLOSE(file); } + else { + ret = -1; + } } if (ret == 0) { ret = wc_InitCert(&cert); @@ -23350,7 +23374,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) if (ret == 0) { /*ED25519*/ ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); + ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, @@ -23375,7 +23399,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) if (ret == 0) { /*ECC*/ ret = wc_ecc_init(&eccKey); if (ret == 0) { - wc_ecc_make_key(&rng, KEY14, &eccKey); + ret = wc_ecc_make_key(&rng, KEY14, &eccKey); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey); @@ -23389,7 +23413,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) if (ret == 0) { /*ED448*/ ret = wc_ed448_init(&ed448Key); if (ret == 0) { - wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); + ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, @@ -23441,7 +23465,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) if (ret == 0) { /*ED25519*/ ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); + ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, @@ -23466,7 +23490,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) if (ret == 0) { /*ECC*/ ret = wc_ecc_init(&eccKey); if (ret == 0) { - wc_ecc_make_key(&rng, KEY14, &eccKey); + ret = wc_ecc_make_key(&rng, KEY14, &eccKey); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey); @@ -23480,7 +23504,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) if (ret == 0) { /*ED448*/ ret = wc_ed448_init(&ed448Key); if (ret == 0) { - wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); + ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, @@ -25971,22 +25995,26 @@ static int test_wc_HashSetFlags(void) } /* For loop to test not supported cases */ int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType)); - for (j = 0; j < notSupportedLen; j++){ + for (j = 0; ret == 0 && j < notSupportedLen; j++){ + ret = wc_HashInit(&hash, notSupported[j]); if (ret == 0) { - ret = wc_HashInit(&hash, notSupported[j]); - if (ret == BAD_FUNC_ARG){ + ret = -1; + } + else if (ret == BAD_FUNC_ARG){ + ret = wc_HashSetFlags(&hash, notSupported[j], flags); + if (ret == 0) { + ret = -1; + } + else if (ret == BAD_FUNC_ARG) { ret = 0; - if (ret == 0){ - ret = wc_HashSetFlags(&hash, notSupported[j], flags); - if (ret == BAD_FUNC_ARG) { - ret = 0; - } - } } } if (ret == 0) { ret = wc_HashFree(&hash, notSupported[j]); - if (ret == BAD_FUNC_ARG) { + if (ret == 0) { + ret = -1; + } + else if (ret == BAD_FUNC_ARG) { ret = 0; } } @@ -26068,22 +26096,26 @@ static int test_wc_HashGetFlags(void) } /* For loop to test not supported cases */ int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType)); - for (j = 0; j < notSupportedLen; j++){ + for (j = 0; ret == 0 && j < notSupportedLen; j++){ + ret = wc_HashInit(&hash, notSupported[j]); if (ret == 0) { - ret = wc_HashInit(&hash, notSupported[j]); - if (ret == BAD_FUNC_ARG){ + ret = -1; + } + else if (ret == BAD_FUNC_ARG){ + ret = wc_HashGetFlags(&hash, notSupported[j], &flags); + if (ret == 0) { + ret = -1; + } + else if (ret == BAD_FUNC_ARG) { ret = 0; - if (ret == 0){ - ret = wc_HashGetFlags(&hash, notSupported[j], &flags); - if (ret == BAD_FUNC_ARG) { - ret = 0; - } - } } } if (ret == 0) { ret = wc_HashFree(&hash, notSupported[j]); - if (ret == BAD_FUNC_ARG) { + if (ret == 0) { + ret = -1; + } + if (ret == BAD_FUNC_ARG) { ret = 0; } } @@ -36550,6 +36582,9 @@ static void test_wolfSSL_EVP_PKEY_assign(void) AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); #endif /* HAVE_ECC */ + + (void)type; + printf(resultFmt, passed); #endif /* OPENSSL_ALL */ } @@ -42890,6 +42925,7 @@ static int test_wolfSSL_THREADID_hash(void) AssertTrue(1); res = CRYPTO_THREADID_hash(NULL); AssertTrue( res == 0UL); + XMEMSET(&id, 0, sizeof(id)); res = CRYPTO_THREADID_hash(&id); AssertTrue( res == 0UL); printf(resultFmt, passed); @@ -42918,6 +42954,8 @@ static void test_wolfSSL_CTX_get_min_proto_version(void) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) WOLFSSL_CTX *ctx; + (void)ctx; + printf(testingFmt, "wolfSSL_CTX_get_min_proto_version()"); #ifndef NO_OLD_TLS @@ -43027,6 +43065,9 @@ static void test_wolfSSL_SSL_in_init(void) #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; +#else + testCertFile = NULL; + testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, @@ -43208,6 +43249,9 @@ static void test_wolfSSL_set_psk_use_session_callback(void) #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; +#else + testCertFile = NULL; + testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 718ec2162..a066476e5 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -10064,7 +10064,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->ca->keyOID, cert->signature, cert->sigLength, cert->signatureOID, tsip_encRsaKeyIdx)) != 0) { - if (ret != 0 && ret != WC_PENDING_E) { + if (ret != WC_PENDING_E) { WOLFSSL_MSG("Confirm signature failed"); } return ret; @@ -11176,8 +11176,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, * then strip this padding before proceeding: * der->length -= padVal; */ - if (der->length > 0 && - der->length > DES_BLOCK_SIZE && + if (der->length > DES_BLOCK_SIZE && (der->length % DES_BLOCK_SIZE) != 0) { padVal = der->buffer[der->length-1]; if (padVal < DES_BLOCK_SIZE) { @@ -16525,10 +16524,12 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, totalSz = prvidx + pubidx + curveidx + verSz + seqSz; if (output == NULL) { *inLen = totalSz; + #ifndef WOLFSSL_NO_MALLOC XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (pubIn) { + if (pub) { XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } + #endif return LENGTH_ONLY_E; } if (inLen != NULL && totalSz > (int)*inLen) { @@ -18126,7 +18127,10 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf, word32* inOutIdx, int sz) { word32 oid, dateIdx, idx, checkIdx; - int version, doNextDate = 1; + int version; +#ifdef WOLFSSL_NO_CRL_NEXT_DATE + int doNextDate = 1; +#endif byte tag; if (dcrl == NULL || inOutIdx == NULL || buf == NULL) { @@ -18165,7 +18169,10 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf, #endif } - if (doNextDate) { +#ifdef WOLFSSL_NO_CRL_NEXT_DATE + if (doNextDate)x +#endif + { #ifndef NO_ASN_TIME if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 6132e7017..265aea482 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -112,13 +112,12 @@ int wc_curve25519_generic(int public_size, byte* pub, int private_size, const byte* priv, int basepoint_size, const byte* basepoint) { - int ret; - #ifdef FREESCALE_LTC_ECC /* unsupported with NXP LTC, onlly supports single basepoint with * nxp_ltc_curve25519_GetBasePoint() */ return WC_HW_E; #else + int ret; if ((public_size != CURVE25519_KEYSIZE) || (private_size != CURVE25519_KEYSIZE) || @@ -147,7 +146,6 @@ int wc_curve25519_generic(int public_size, byte* pub, #endif return ret; - #endif /* FREESCALE_LTC_ECC */ } diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 97ead9717..62b21c812 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -719,9 +719,17 @@ int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { int ret = 0; - byte* dkey1 = (byte*)des->key[0]; - byte* dkey2 = (byte*)des->key[1]; - byte* dkey3 = (byte*)des->key[2]; + byte* dkey1; + byte* dkey2; + byte* dkey3; + + if (des == NULL || key == NULL) { + return BAD_FUNC_ARG; + } + + dkey1 = (byte*)des->key[0]; + dkey2 = (byte*)des->key[1]; + dkey3 = (byte*)des->key[2]; XMEMCPY(dkey1, key, 8); /* set key 1 */ XMEMCPY(dkey2, key + 8, 8); /* set key 2 */ @@ -835,9 +843,17 @@ int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { int i = 0, ret = 0; - byte* dkey1 = (byte*)des->key[0]; - byte* dkey2 = (byte*)des->key[1]; - byte* dkey3 = (byte*)des->key[2]; + byte* dkey1; + byte* dkey2; + byte* dkey3; + + if (des == NULL || key == NULL) { + return BAD_FUNC_ARG; + } + + dkey1 = (byte*)des->key[0]; + dkey2 = (byte*)des->key[1]; + dkey3 = (byte*)des->key[2]; XMEMCPY(dkey1, key, 8); /* set key 1 */ XMEMCPY(dkey2, key + 8, 8); /* set key 2 */ @@ -1771,9 +1787,9 @@ int wc_Des3_SetIV(Des3* des, const byte* iv) if (des == NULL) { return BAD_FUNC_ARG; } - if (des && iv) + if (iv) XMEMCPY(des->reg, iv, DES_BLOCK_SIZE); - else if (des) + else XMEMSET(des->reg, 0, DES_BLOCK_SIZE); return 0; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 17fcd06b5..f1320f019 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -5081,7 +5081,8 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, } hash_mode = cc310_hashModeECC(msgLenInBytes); if (hash_mode == CRYS_ECPKI_HASH_OpModeLast) { - hash_mode = cc310_hashModeECC(keysize); + (void)cc310_hashModeECC(keysize); + /* Ignoring returned value */ hash_mode = CRYS_ECPKI_HASH_SHA256_mode; } @@ -8139,22 +8140,24 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, if (err == MP_OKAY) err = mp_set(key->pubkey.z, 1); -#ifdef WOLFSSL_SILABS_SE_ACCEL - err = silabs_ecc_import(key, keysize); -#endif #ifdef WOLFSSL_CRYPTOCELL - pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id)); + if (err == MP_OKAY) { + pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id)); - /* create public key from external key buffer */ - err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain, - (byte*)in-1, /* re-adjust */ - inLen+1, /* original input */ - &key->ctx.pubKey, - &tempBuff); + /* create public key from external key buffer */ + err = CRYS_ECPKI_BuildPublKeyFullCheck(pDomain, + (byte*)in-1, /* re-adjust */ + inLen+1, /* original input */ + &key->ctx.pubKey, + &tempBuff); - if (err != SA_SILIB_RET_OK){ - WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed"); + if (err != SA_SILIB_RET_OK){ + WOLFSSL_MSG("CRYS_ECPKI_BuildPublKeyFullCheck failed"); + } } +#elif defined(WOLFSSL_SILABS_SE_ACCEL) + if (err == MP_OKAY) + err = silabs_ecc_import(key, keysize); #endif #ifdef WOLFSSL_VALIDATE_ECC_IMPORT if (err == MP_OKAY) @@ -8345,8 +8348,8 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, #ifdef WOLFSSL_CRYPTOCELL pDomain = CRYS_ECPKI_GetEcDomain(cc310_mapCurve(key->dp->id)); - /* import private key */ - if (priv != NULL && priv[0] != '\0') { + /* import private key - priv checked for NULL at top */ + if (priv[0] != '\0') { /* Create private key from external key buffer*/ ret = CRYS_ECPKI_BuildPrivKey(pDomain, @@ -8368,10 +8371,11 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, if (ret == MP_OKAY) { if (pub) { ret = silabs_ecc_import(key, key->dp->size); - } else - { + } + else { ret = silabs_ecc_import_private(key, key->dp->size); } + } #elif defined(WOLFSSL_QNX_CAAM) if ((wc_ecc_size(key) + WC_CAAM_MAC_SZ) == (int)privSz) { int part = caamFindUnusuedPartition(); diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index ca58c893b..4b29dead1 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -543,7 +543,7 @@ static int eccsi_decode_point(ecc_point* point, word32 size, const byte* data, { int err = 0; - if ((err == 0) && (sz != size * 2) && (sz != size * 2 + 1)) { + if ((sz != size * 2) && (sz != size * 2 + 1)) { err = BUFFER_E; } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 03f25e107..bf6ecd033 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -4289,14 +4289,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = WOLFSSL_FAILURE; break; } + /* arg is 4...(ctx->ivSz - 8) */ + XMEMCPY(ctx->iv, ptr, arg); if (wc_InitRng(&rng) != 0) { WOLFSSL_MSG("wc_InitRng failed"); ret = WOLFSSL_FAILURE; break; } - if (arg) { - XMEMCPY(ctx->iv, ptr, arg); - } if (wc_RNG_GenerateBlock(&rng, ctx->iv + arg, ctx->ivSz - arg) != 0) { /* rng is freed immediately after if block so no need @@ -6373,7 +6372,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) ret = wc_DhParamsToDer(dhkey,NULL,&derSz); } - if (derSz <= 0 || ret != LENGTH_ONLY_E) { + if (derSz == 0 || ret != LENGTH_ONLY_E) { WOLFSSL_MSG("Failed to get size of DH Key"); return WOLFSSL_FAILURE; } diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 5dd9e15fc..11f9d92c8 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -686,7 +686,8 @@ int mp_mod_2d (mp_int * a, int b, mp_int * c) /* clear the digit that is not completely outside/inside the modulus */ x = DIGIT_BIT - (b % DIGIT_BIT); if (x != DIGIT_BIT) { - c->dp[b / DIGIT_BIT] &= ~((mp_digit)0) >> (x + ((sizeof(mp_digit)*8) - DIGIT_BIT)); + c->dp[b / DIGIT_BIT] &= + ((mp_digit)~((mp_digit)0)) >> (x + ((sizeof(mp_digit)*8) - DIGIT_BIT)); } mp_clamp (c); return MP_OKAY; diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 9b581c0ac..7c3eb8994 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -58,6 +58,7 @@ enum { WC_PKCS12_ENCRYPTED_DATA = 656, WC_PKCS12_DATA_OBJ_SZ = 11, + WC_PKCS12_MAC_SALT_SZ = 8, }; static const byte WC_PKCS12_ENCRYPTED_OID[] = @@ -1442,7 +1443,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, word32 sz; word32 totalSz = 0; int ret; - + byte* pkcs8Key = NULL; if (outSz == NULL || pkcs12 == NULL || rng == NULL || key == NULL || pass == NULL) { @@ -1455,6 +1456,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, if (out != NULL) { tmpIdx += MAX_LENGTH_SZ + 1; /* save room for length and tag (+1) */ sz = *outSz - tmpIdx; + pkcs8Key = out + tmpIdx; } /* case of no encryption */ @@ -1472,8 +1474,8 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, } /* PKCS#8 wrapping around key */ - ret = wc_CreatePKCS8Key(out + tmpIdx, &sz, key, keySz, algoID, - curveOID, oidSz); + ret = wc_CreatePKCS8Key(pkcs8Key, &sz, key, keySz, algoID, curveOID, + oidSz); } else { WOLFSSL_MSG("creating PKCS12 Shrouded Key Bag"); @@ -1483,7 +1485,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, vAlgo = 10; } - ret = UnTraditionalEnc(key, keySz, out + tmpIdx, &sz, pass, passSz, + ret = UnTraditionalEnc(key, keySz, pkcs8Key, &sz, pass, passSz, vPKCS, vAlgo, NULL, 0, itt, rng, heap); } if (ret == LENGTH_ONLY_E) { @@ -2354,8 +2356,9 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name, mac->itt = macIter; /* set mac salt */ - mac->saltSz = 8; - mac->salt = (byte*)XMALLOC(mac->saltSz, heap, DYNAMIC_TYPE_PKCS); + mac->saltSz = WC_PKCS12_MAC_SALT_SZ; + mac->salt = (byte*)XMALLOC(WC_PKCS12_MAC_SALT_SZ, heap, + DYNAMIC_TYPE_PKCS); if (mac->salt == NULL) { wc_PKCS12_free(pkcs12); wc_FreeRng(&rng); diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c index ee82f003b..09ec8aa5a 100644 --- a/wolfcrypt/src/port/ti/ti-hash.c +++ b/wolfcrypt/src/port/ti/ti-hash.c @@ -107,6 +107,9 @@ static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 XMEMSET(h, 0, sizeof(h)); #endif + if (result == NULL) { + return BAD_FUNC_ARG; + } XMEMCPY(result, h, hsize); return 0; diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 3906e70a5..2d3b9507b 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -363,10 +363,8 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type, #endif if (ret != 0) break; - - if (ret == 0) #endif - ret = wc_Sha256Update(sha, &ctr, sizeof(ctr)); + ret = wc_Sha256Update(sha, &ctr, sizeof(ctr)); if (ret == 0) { ctr++; ret = wc_Sha256Update(sha, (byte*)&bits, sizeof(bits)); diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 87ba82770..5dafef47e 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1282,11 +1282,10 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock, } } - #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) - if (msg != NULL) { - XFREE(msg, heap, DYNAMIC_TYPE_RSA_BUFFER); - } - #endif +#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) + /* msg is always not NULL as we bail on allocation failure */ + XFREE(msg, heap, DYNAMIC_TYPE_RSA_BUFFER); +#endif return ret; } #endif /* WC_RSA_PSS */ @@ -2284,16 +2283,19 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, tmp = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_RSA); if (tmp == NULL) return MEMORY_E; -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) #ifdef WC_RSA_BLINDING +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) rnd = (mp_int*)XMALLOC(sizeof(mp_int) * 2, key->heap, DYNAMIC_TYPE_RSA); if (rnd == NULL) { XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); return MEMORY_E; } rndi = rnd + 1; -#endif /* WC_RSA_BLINDING */ +#else + rnd = NULL; + rndi = NULL; #endif +#endif /* WC_RSA_BLINDING */ #endif /* WOLFSSL_SMALL_STACK */ if (mp_init(tmp) != MP_OKAY) diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index 8468d08b5..b2bf0b42e 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -862,7 +862,7 @@ static int sakke_decode_point(ecc_point* point, word32 size, const byte* data, { int err = 0; - if ((err == 0) && (sz != size * 2) && (sz != size * 2 + 1)) { + if ((sz != size * 2) && (sz != size * 2 + 1)) { err = BUFFER_E; } @@ -2522,9 +2522,8 @@ static int sakke_modexp_loop(SakkeKey* key, mp_int* b, mp_int* e, mp_proj* r, /* Set c[0] to [mont_one, zero] */ if (err == 0) { mp_zero(c[0]->y); - } - /* Set by is montgomery form of b - base */ - if (err == 0) { + + /* Set 'by' to montgomery form of 'b' - base */ err = mp_mulmod(b, c[0]->x, prime, by); } for (i = mp_count_bits(&key->params.q) - 1; (err == 0) && (i >= 0); i--) { @@ -6120,7 +6119,7 @@ static int sakke_hash_to_range(SakkeKey* key, enum wc_HashType hashType, int err = 0; byte h[WC_MAX_DIGEST_SIZE]; byte v[WC_MAX_DIGEST_SIZE]; - word32 hashSz = 0; + word32 hashSz = 1; word32 i; /* Step 1: A = hashfn( s ), where s = data | extra diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index a891f588a..cb3c575e2 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -479,7 +479,7 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size) return MP_INIT_E; /* v = g ^ x % N */ - if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v); + r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v); if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY; if (!r) r = mp_to_unsigned_bin(&v, verifier); if (!r) *size = mp_unsigned_bin_size(&v); @@ -511,7 +511,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size) r = mp_init(&p); if (r != MP_OKAY) return MP_INIT_E; - if (!r) r = mp_read_unsigned_bin(&p, priv, size); + r = mp_read_unsigned_bin(&p, priv, size); if (!r) r = mp_mod(&p, &srp->N, &srp->priv); if (!r) r = mp_iszero(&srp->priv) == MP_YES ? SRP_BAD_KEY_E : 0; diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 434f92faf..7e3d87a65 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1601,7 +1601,7 @@ int wolfSSL_CryptHwMutexUnLock(void) void *uITRON4_realloc(void *p, size_t sz) { ER ercd; - void *newp; + void *newp = NULL; if(p) { ercd = get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp); if (ercd == E_OK) { @@ -1695,7 +1695,7 @@ int wolfSSL_CryptHwMutexUnLock(void) void *uTKernel_realloc(void *p, unsigned int sz) { ER ercd; - void *newp; + void *newp = NULL; if (p) { ercd = tk_get_mpl(ID_wolfssl_MPOOL, sz, (VP)&newp, TMO_FEVR); if (ercd == E_OK) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b74e2de90..29dbfe6b2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4639,6 +4639,8 @@ static int rc2_ecb_test(void) h.keyLen = 33; h.effectiveKeyBits = 129; + a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL; + test_rc2[0] = a; test_rc2[1] = b; test_rc2[2] = c; @@ -4723,7 +4725,6 @@ static int rc2_cbc_test(void) /* key length = 8, effective key bits = 64 */ c.input = "\x10\x00\x00\x00\x00\x00\x00\x01" "\x10\x00\x00\x00\x00\x00\x00\x01"; - c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2"; c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D" "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05"; c.key = "\x30\x00\x00\x00\x00\x00\x00\x00"; @@ -14769,8 +14770,10 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ !defined(NO_FILESYSTEM) XFILE file; +#ifdef WOLFSSL_TEST_CERT XFILE file2; #endif +#endif #ifdef WOLFSSL_TEST_CERT #ifdef WOLFSSL_SMALL_STACK DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -15410,6 +15413,13 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) return ret; #endif +#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \ + !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + (void)clientCert; +#endif + +#ifdef WOLFSSL_TEST_CERT #if defined(WOLFSSL_MDK_ARM) #define sizeof(s) XSTRLEN((char *)(s)) #endif @@ -15443,7 +15453,6 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) #undef sizeof #endif -#ifdef WOLFSSL_TEST_CERT InitDecodedCert(cert, tmp, (word32)bytes, 0); ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, 0); @@ -15453,7 +15462,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void) } FreeDecodedCert(cert); -#endif +#endif /* WOLFSSL_TEST_CERT */ #ifdef WOLFSSL_CERT_EXT @@ -18044,8 +18053,9 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestInit(&md_ctx, EVP_md5()); if (ret == WOLFSSL_SUCCESS) { ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen); - if (ret == WOLFSSL_SUCCESS) - ret = EVP_DigestFinal(&md_ctx, hash, 0); + } + if (ret == WOLFSSL_SUCCESS) { + ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); if (ret != WOLFSSL_SUCCESS || @@ -23470,6 +23480,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) #ifndef WC_NO_RNG if (ret != 0) return -10300; +#else + (void)ret; #endif #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index 2a993ade0..0ff20ff86 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -1644,7 +1644,7 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, { int sz, pSz, qSz; IppStatus ret; - word32 outSz = outLen; + word32 outSz; IppsMontState* pMont = NULL; IppsMontState* qMont = NULL;