From f17470b42b2287dd6fab287bcbd7940a348d4b74 Mon Sep 17 00:00:00 2001 From: abrahamsonn Date: Tue, 14 Nov 2017 15:05:32 -0700 Subject: [PATCH 1/4] Added more of the requested changes & made an attempt to remove merge conflicts --- examples/client/client.c | 4 ++-- examples/server/server.c | 2 +- src/internal.c | 18 +++++++++++++----- src/ssl.c | 15 ++++++++------- src/tls.c | 30 +++++++++++++++--------------- wolfcrypt/src/asn.c | 3 ++- wolfcrypt/src/cmac.c | 2 +- wolfcrypt/src/ecc.c | 6 +++--- wolfcrypt/src/ge_operations.c | 2 +- wolfcrypt/src/sha3.c | 7 ++++--- wolfcrypt/src/tfm.c | 5 ++--- wolfssl/wolfio.h | 8 ++++++++ 12 files changed, 60 insertions(+), 42 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 26004b5de..cbcbd591f 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1663,8 +1663,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_SNI if (sniHostName) - if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) - != WOLFSSL_SUCCESS) { + if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, + (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); err_sys("UseSNI failed"); } diff --git a/examples/server/server.c b/examples/server/server.c index 08c0cf000..b3371dd51 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1114,7 +1114,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef HAVE_SNI if (sniHostName) if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName, - XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) + (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "UseSNI failed"); #endif diff --git a/src/internal.c b/src/internal.c index 540376aa9..c548bcfe7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8159,7 +8159,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef WOLFSSL_NGINX if (args->certIdx > args->untrustedDepth) - args->untrustedDepth = args->certIdx + 1; + args->untrustedDepth = (char) args->certIdx + 1; #endif /* already verified above */ @@ -13252,7 +13252,7 @@ int SendCertificateRequest(WOLFSSL* ssl) while (names != NULL) { byte seq[MAX_SEQ_SZ]; - c16toa(names->data.name->rawLen + + c16toa((word16)names->data.name->rawLen + SetSequence(names->data.name->rawLen, seq), &output[i]); i += OPAQUE16_LEN; i += SetSequence(names->data.name->rawLen, output + i); @@ -17190,6 +17190,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, DskeArgs args[1]; #endif + (void)input; + (void)size; + WOLFSSL_ENTER("DoServerKeyExchange"); #ifdef WOLFSSL_ASYNC_CRYPT @@ -19540,6 +19543,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) #else (void)length; #endif + (void)idx; + (void)keySz; /* make sure private key exists */ if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { @@ -20127,7 +20132,7 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length) ssl->session.ticket = sessionTicket; ssl->session.isDynamic = 1; } - ssl->session.ticketLen = length; + ssl->session.ticketLen = (word16)length; if (length > 0) { XMEMCPY(ssl->session.ticket, ticket, length); @@ -20274,8 +20279,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* now write to output */ /* first version */ - output[idx++] = ssl->version.major; - output[idx++] = ssl->version.minor; + output[idx++] = (byte)ssl->version.major; + output[idx++] = (byte)ssl->version.minor; /* then random and session id */ if (!ssl->options.resuming) { @@ -23584,6 +23589,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, DckeArgs args[1]; #endif + (void)size; + WOLFSSL_ENTER("DoClientKeyExchange"); #ifdef WOLFSSL_ASYNC_CRYPT @@ -24270,6 +24277,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case ecc_diffie_hellman_kea: { void* private_key = ssl->eccTempKey; + (void)private_key; #ifdef HAVE_CURVE25519 if (ssl->ecdhCurveOID == ECC_X25519_OID) { diff --git a/src/ssl.c b/src/ssl.c index 72e90abcd..41a9fa6b3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4926,6 +4926,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #endif (void)rsaKey; + (void)devId; if (used) *used = sz; /* used bytes default to sz, PEM chain may shorten*/ @@ -9986,7 +9987,7 @@ int AddSession(WOLFSSL* ssl) } if (error == 0) { - session->ticketLen = ticLen; + session->ticketLen = (word16)ticLen; XMEMCPY(session->ticket, ssl->session.ticket, ticLen); } else { /* cleanup, reset state */ session->ticket = session->staticTicket; @@ -17972,11 +17973,11 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) XMEMCPY(data + idx, sess->sessionID, sess->sessionIDSz); idx += sess->sessionIDSz; XMEMCPY(data + idx, sess->masterSecret, SECRET_LEN); idx += SECRET_LEN; - data[idx++] = sess->haveEMS; + data[idx++] = (byte)sess->haveEMS; #ifdef SESSION_CERTS - data[idx++] = sess->chain.count; + data[idx++] = (byte)sess->chain.count; for (i = 0; i < sess->chain.count; i++) { - c16toa(sess->chain.certs[i].length, data + idx); + c16toa((word16)sess->chain.certs[i].length, data + idx); idx += OPAQUE16_LEN; XMEMCPY(data + idx, sess->chain.certs[i].buffer, sess->chain.certs[i].length); @@ -18240,7 +18241,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) if ((myBuffer != NULL) && (sz > 0) && (XFREAD(myBuffer, 1, sz, file) == sz) && - (PemToDer(myBuffer, sz, CERT_TYPE, + (PemToDer(myBuffer, (long)sz, CERT_TYPE, &fileDer, ctx->heap, info, &eccKey) == 0) && (fileDer->length != 0) && (fileDer->length == peer_cert->derCert->length) && @@ -24031,7 +24032,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) (void)depth; WOLFSSL_STUB("wolfSSL_CTX_set_verify_depth"); #else - ctx->verifyDepth = depth; + ctx->verifyDepth = (byte)depth; #endif } @@ -24966,7 +24967,7 @@ int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name) int ret; WOLFSSL_ENTER("wolfSSL_set_tlsext_host_name"); ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, - host_name, XSTRLEN(host_name)); + host_name, (word16)XSTRLEN(host_name)); WOLFSSL_LEAVE("wolfSSL_set_tlsext_host_name", ret); return ret; } diff --git a/src/tls.c b/src/tls.c index e8495bd41..64c7b067b 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1642,7 +1642,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length, matchStat = WOLFSSL_SNI_FAKE_MATCH; } - TLSX_SNI_SetStatus(ssl->extensions, type, matchStat); + TLSX_SNI_SetStatus(ssl->extensions, type, (byte)matchStat); if(!cacheOnly) TLSX_SetResponse(ssl, TLSX_SERVER_NAME); @@ -4512,7 +4512,7 @@ static word16 TLSX_SupportedVersions_GetSize(void* data) if (!ssl->options.downgrade) cnt = 1; - return OPAQUE8_LEN + cnt * OPAQUE16_LEN; + return (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN); } /* Writes the SupportedVersions extension into the buffer. @@ -4537,7 +4537,7 @@ static word16 TLSX_SupportedVersions_Write(void* data, byte* output) if (!ssl->options.downgrade) cnt = 1; - *(output++) = cnt * OPAQUE16_LEN; + *(output++) = (byte)(cnt * OPAQUE16_LEN); for (i = 0; i < cnt; i++) { /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ if (pv.minor - i == TLSv1_3_MINOR) { @@ -4549,10 +4549,10 @@ static word16 TLSX_SupportedVersions_Write(void* data, byte* output) } *(output++) = pv.major; - *(output++) = pv.minor - i; + *(output++) = (byte)(pv.minor - i); } - return OPAQUE8_LEN + cnt * OPAQUE16_LEN; + return (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN); } /* Parse the SupportedVersions extension. @@ -4705,7 +4705,7 @@ static word16 TLSX_Cookie_Write(Cookie* cookie, byte* output, byte msgType) return OPAQUE16_LEN + cookie->len; } - return SANITY_MSG_E; + return SANITY_MSG_E; /* ! */ } /* Parse the Cookie extension. @@ -4798,7 +4798,7 @@ int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len, byte* mac, XMEMCPY(&cookie->data + len, mac, macSz); extension->data = (void*)cookie; - extension->resp = resp; + extension->resp = (byte)resp; return 0; } @@ -5303,10 +5303,10 @@ static word16 TLSX_KeyShare_GetSize(KeyShareEntry* list, byte msgType) if (!isRequest && current->key == NULL) continue; - len += KE_GROUP_LEN + OPAQUE16_LEN + current->keLen; + len += (int)(KE_GROUP_LEN + OPAQUE16_LEN + current->keLen); } - return len; + return (word16)len; } /* Writes the key share extension into the output buffer. @@ -5620,7 +5620,7 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) int ret; #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - ssl->session.namedGroup = keyShareEntry->group; + ssl->session.namedGroup = (byte)keyShareEntry->group; #endif /* Use Key Share Data from server. */ if (keyShareEntry->group & NAMED_DH_MASK) @@ -7895,11 +7895,11 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) return ret; ret = TLSX_PreSharedKey_Use(ssl, - (byte*)ssl->arrays->client_identity, - XSTRLEN(ssl->arrays->client_identity), - 0, ssl->specs.mac_algorithm, - cipherSuite0, cipherSuite, 0, - NULL); + (byte*)ssl->arrays->client_identity, + (word16)XSTRLEN(ssl->arrays->client_identity), + 0, ssl->specs.mac_algorithm, + cipherSuite0, cipherSuite, 0, + NULL); if (ret != 0) return ret; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index cc7352dcd..e23425311 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1715,6 +1715,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) { int ret; + (void)keySz; if (key == NULL || der == NULL) { return BAD_FUNC_ARG; @@ -3543,7 +3544,7 @@ int GetTimeString(byte* date, int format, char* buf, int len) struct tm t; int idx = 0; - if (!ExtractDate(date, format, &t, &idx)) { + if (!ExtractDate(date, (unsigned char)format, &t, &idx)) { return 0; } diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 69e2f385b..f7e01f581 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -50,7 +50,7 @@ static void ShiftAndXorRb(byte* out, byte* in) for (i = 1, j = AES_BLOCK_SIZE - 1; i <= AES_BLOCK_SIZE; i++, j--) { last = (in[j] & 0x80) ? 1 : 0; - out[j] = (in[j] << 1) | mask; + out[j] = (byte)((in[j] << 1) | mask); mask = last; if (xorRb) { out[j] ^= Rb; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 1f1850a93..14b736b4c 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6492,7 +6492,7 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* a, } while ((unsigned)x < y) { - z = kb[x]; kb[x] = kb[y]; kb[y] = z; + z = kb[x]; kb[x] = kb[y]; kb[y] = (byte)z; ++x; --y; } @@ -6680,7 +6680,7 @@ static int accel_fp_mul2add(int idx1, int idx2, } mp_clear(&tka); while ((unsigned)x < y) { - z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z; + z = kb[0][x]; kb[0][x] = kb[0][y]; (byte)(kb[0][y] = z); ++x; --y; } @@ -6701,7 +6701,7 @@ static int accel_fp_mul2add(int idx1, int idx2, } while ((unsigned)x < y) { - z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z; + z = kb[1][x]; kb[1][x] = kb[1][y]; (byte)(kb[1][y] = z); ++x; --y; } diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index 2c19ee7c2..88b1964bd 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -745,7 +745,7 @@ static unsigned char equal(signed char b,signed char c) uint32_t y = x; /* 0: yes; 1..255: no */ y -= 1; /* 4294967295: yes; 0..254: no */ y >>= 31; /* 1: yes; 0: no */ - return y; + return (unsigned char) y; } diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index d1f47f140..fe15f0981 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -431,8 +431,9 @@ static int Sha3Update(Sha3* sha3, const byte* data, word32 len, byte p) if (sha3->i > 0) { l = p * 8 - sha3->i; - if (l > len) - l = len; + if (l > len) { + l = (byte)len; + } t = &sha3->t[sha3->i]; for (i = 0; i < l; i++) @@ -449,7 +450,7 @@ static int Sha3Update(Sha3* sha3, const byte* data, word32 len, byte p) sha3->i = 0; } } - while (len >= p * 8) + while (len >= ((word32)(p * 8))) { for (i = 0; i < p; i++) sha3->s[i] ^= Load64BitBigEndian(data + 8 * i); diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 204410299..a41d5f3b8 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2674,6 +2674,8 @@ static int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d) fp_digit t; int ix; + fp_init(&q); + /* cannot divide by zero */ if (b == 0) { return FP_VAL; @@ -2702,9 +2704,6 @@ static int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d) } if (c != NULL) { - /* no easy answer [c'est la vie]. Just division */ - fp_init(&q); - q.used = a->used; q.sign = a->sign; } diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 9055a51c0..67f8745aa 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -406,9 +406,17 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); #ifndef XINET_NTOP #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d)) + #ifdef _WIN32 /* Windows-friendly definition */ + #undef XINET_NTOP + #define XINET_NTOP(a,b,c,d) InetNtop((a),(b),(c),(d)) + #endif #endif #ifndef XINET_PTON #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) + #ifdef _WIN32 /* Windows-friendly definition */ + #undef XINET_PTON + #define XINET_PTON(a,b,c) InetPton((a),(b),(c)) + #endif #endif #ifndef XHTONS #define XHTONS(a) htons((a)) From fe7318455fa0496a8c3c8d1658613c265268617a Mon Sep 17 00:00:00 2001 From: abrahamsonn Date: Tue, 14 Nov 2017 15:19:40 -0700 Subject: [PATCH 2/4] Incorrect placement of variable casting --- wolfcrypt/src/ecc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 14b736b4c..4e4b1679e 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6680,7 +6680,7 @@ static int accel_fp_mul2add(int idx1, int idx2, } mp_clear(&tka); while ((unsigned)x < y) { - z = kb[0][x]; kb[0][x] = kb[0][y]; (byte)(kb[0][y] = z); + z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = (byte)z; ++x; --y; } @@ -6701,7 +6701,7 @@ static int accel_fp_mul2add(int idx1, int idx2, } while ((unsigned)x < y) { - z = kb[1][x]; kb[1][x] = kb[1][y]; (byte)(kb[1][y] = z); + z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = (byte)z; ++x; --y; } From 6793a7bc4c40cf04d5b7c4581746e8cda3d909d8 Mon Sep 17 00:00:00 2001 From: abrahamsonn Date: Thu, 16 Nov 2017 14:54:54 -0700 Subject: [PATCH 3/4] Voided 2 variables outside of their ifdef's --- src/internal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index c548bcfe7..634c7e1d9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -19540,11 +19540,11 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) int keySz; word32 idx; + (void)idx; + (void)keySz; #else (void)length; #endif - (void)idx; - (void)keySz; /* make sure private key exists */ if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { From 2308b0769a8cff4c796706d8a13199bfa283abc1 Mon Sep 17 00:00:00 2001 From: abrahamsonn Date: Tue, 21 Nov 2017 14:15:47 -0700 Subject: [PATCH 4/4] Changed "ifdef _WIN32" to "ifdef USE_WINDOWS_API" --- wolfssl/wolfio.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 67f8745aa..a0aac6fcc 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -406,14 +406,14 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); #ifndef XINET_NTOP #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d)) - #ifdef _WIN32 /* Windows-friendly definition */ + #ifdef USE_WINDOWS_API /* Windows-friendly definition */ #undef XINET_NTOP #define XINET_NTOP(a,b,c,d) InetNtop((a),(b),(c),(d)) #endif #endif #ifndef XINET_PTON #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) - #ifdef _WIN32 /* Windows-friendly definition */ + #ifdef USE_WINDOWS_API /* Windows-friendly definition */ #undef XINET_PTON #define XINET_PTON(a,b,c) InetPton((a),(b),(c)) #endif