From 8851065848ffa9a0615042c5593a0fc32a9b01ad Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 3 Apr 2023 16:51:07 +1000 Subject: [PATCH] cppcheck fixes Fix checking of negative with unsigned variables. Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing by zero. Change XMEMCPY to XMEMSET in renesas_sce_util.c. Fix test.c to free prvTmp and pubTmp on read error. Remove unused variables. XFREE checks for NULL so don't check before call. Move variable declarations to reduce scope. --- IDE/Espressif/ESP-IDF/test/test_wolfssl.c | 2 +- examples/benchmark/tls_bench.c | 4 +- examples/client/client.c | 10 +- examples/echoserver/echoserver.c | 3 +- examples/server/server.c | 22 +-- src/bio.c | 10 +- src/conf.c | 5 +- src/internal.c | 45 +++--- src/keys.c | 4 +- src/ocsp.c | 6 +- src/pk.c | 43 ++---- src/ssl.c | 142 +++++++++--------- src/ssl_bn.c | 2 +- src/tls.c | 26 ++-- src/tls13.c | 45 +++--- src/wolfio.c | 5 +- src/x509.c | 11 +- src/x509_str.c | 29 ++-- wolfcrypt/benchmark/benchmark.c | 7 +- wolfcrypt/src/asn.c | 111 +++++++------- wolfcrypt/src/coding.c | 5 +- wolfcrypt/src/curve25519.c | 2 +- wolfcrypt/src/curve448.c | 11 +- wolfcrypt/src/dh.c | 5 +- wolfcrypt/src/evp.c | 70 +++++---- wolfcrypt/src/kdf.c | 2 +- wolfcrypt/src/logging.c | 20 +-- wolfcrypt/src/memory.c | 6 +- wolfcrypt/src/misc.c | 8 +- wolfcrypt/src/port/Renesas/renesas_sce_util.c | 4 +- wolfcrypt/src/port/caam/caam_aes.c | 1 - wolfcrypt/src/port/caam/caam_driver.c | 2 +- wolfcrypt/src/port/cypress/psoc6_crypto.c | 2 - wolfcrypt/src/port/xilinx/xil-sha3.c | 2 + wolfcrypt/src/pwdbased.c | 9 +- wolfcrypt/src/random.c | 9 +- wolfcrypt/src/rsa.c | 10 +- wolfcrypt/src/sha3.c | 9 +- wolfcrypt/src/wolfmath.c | 21 ++- wolfcrypt/test/test.c | 65 ++++---- wolfssl/test.h | 19 +-- 41 files changed, 394 insertions(+), 420 deletions(-) diff --git a/IDE/Espressif/ESP-IDF/test/test_wolfssl.c b/IDE/Espressif/ESP-IDF/test/test_wolfssl.c index c77b7f7eb2..6b7bbb4831 100644 --- a/IDE/Espressif/ESP-IDF/test/test_wolfssl.c +++ b/IDE/Espressif/ESP-IDF/test/test_wolfssl.c @@ -1125,7 +1125,7 @@ TEST_CASE("wolfssl aes sha256 rsa multi-thread test ", "[wolfssl]") exit_loop = true; /* wait until rsa test finishes */ - while(rsa_elapsedTime<=0){ vTaskDelay(1); } + while(rsa_elapsedTime==0){ vTaskDelay(1); } ESP_LOGI(TAG, "Waiting another %llu s. rsa test would take more time to finish.", (rsa_elapsedTime+3000)/portTICK_PERIOD_MS); diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index 91468bc779..de384cb214 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -1269,12 +1269,10 @@ static int SocketWaitClient(info_t* info) int connd; struct sockaddr_in clientAddr; socklen_t size = sizeof(clientAddr); -#ifdef WOLFSSL_DTLS - char msg[64]; -#endif #ifdef WOLFSSL_DTLS if (info->doDTLS) { + char msg[64]; #ifdef HAVE_PTHREAD if (!info->clientOrserverOnly) { PTHREAD_CHECK_RET(pthread_mutex_lock(&info->dtls_mutex)); diff --git a/examples/client/client.c b/examples/client/client.c index 01553b8219..058c193ce9 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -782,8 +782,8 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, err_sys("Client buffer malloc failed"); } doExit: - if (tx_buffer) XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (rx_buffer) XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); } else { err_sys("wolfSSL_connect failed"); @@ -953,7 +953,6 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str int exitWithRet) { int ret, err; - char buffer[WOLFSSL_MAX_ERROR_SZ]; do { err = 0; /* reset error */ @@ -974,6 +973,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str #endif ); if (ret != msgSz) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "SSL_write%s msg error %d, %s\n", str, err, wolfSSL_ERR_error_string(err, buffer)); if (!exitWithRet) { @@ -4311,9 +4311,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ defined(HAVE_EXT_CACHE)) - if (flatSession) { - XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif wolfSSL_SESSION_free(session); session = NULL; diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 5a01c1226c..e839f0b0f5 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -298,7 +298,6 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) CYASSL* ssl = NULL; CYASSL* write_ssl = NULL; /* may have separate w/ HAVE_WRITE_DUP */ char command[SVR_COMMAND_SIZE+1]; - int echoSz = 0; int clientfd; int firstRead = 1; int gotFirstG = 0; @@ -374,6 +373,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #endif while (1) { + int echoSz; + do { err = 0; /* reset error */ ret = CyaSSL_read(ssl, command, sizeof(command)-1); diff --git a/examples/server/server.c b/examples/server/server.c index 6390dd5547..9b695a44f9 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -269,7 +269,6 @@ static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) WOLFSSL_TEST_DTLS_CTX* dtlsCtx = (WOLFSSL_TEST_DTLS_CTX*)ctx; int sd = dtlsCtx->wfd; int sent; - int err; (void)ssl; @@ -291,7 +290,7 @@ static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) sent = TranslateReturnCode(sent, sd); if (sent < 0) { - err = wolfSSL_LastError(); + int err = wolfSSL_LastError(); WOLFSSL_MSG("Embed Send To error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { @@ -337,8 +336,6 @@ static int NonBlockingSSL_Accept(SSL* ssl) || error == WC_PENDING_E #endif )) { - int currTimeout = 1; - if (error == WOLFSSL_ERROR_WANT_READ) { /* printf("... server would read block\n"); */ } @@ -354,6 +351,8 @@ static int NonBlockingSSL_Accept(SSL* ssl) else #endif { + int currTimeout = 1; + if (error == WOLFSSL_ERROR_WANT_WRITE) { select_ret = tcp_select_tx(sockfd, currTimeout); @@ -408,7 +407,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, { int ret = 0, err; double start = 0, rx_time = 0, tx_time = 0; - int select_ret, len, rx_pos; + int len, rx_pos; size_t xfer_bytes = 0; char* buffer; @@ -420,7 +419,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, while ((echoData && throughput == 0) || (!echoData && xfer_bytes < throughput)) { - select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */ + int select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */ if (select_ret == TEST_RECV_READY) { if (throughput) @@ -611,7 +610,6 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen) { int ret, err; - char buffer[WOLFSSL_MAX_ERROR_SZ]; int len; #ifdef OPENSSL_ALL @@ -642,6 +640,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen) } } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE); if (ret != outputLen) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "SSL_write msg error %d, %s\n", err, ERR_error_string(err, buffer)); err_sys_ex(runWithErrors, "SSL_write failed"); @@ -2193,10 +2192,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) case 262: { /* Note: this requires TSL1.3 (version >= 4) */ #ifdef HAVE_ECC - int idx = 0; /* ecc curve index */ int j = 0; /* our group index */ #endif if (NULL == myoptarg) { + #ifdef HAVE_ECC + int idx = 0; /* ecc curve index */ + #endif Usage(); if (lng_index == 1) { /* TODO: Need Japanese translation */ @@ -3167,10 +3168,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO) if (doDTLS && dtlsUDP) { byte b[1500]; - int n; int isClientHello = 0; while (!isClientHello) { + int n; + client_len = sizeof client_addr; /* For DTLS, peek at the next datagram so we can get the @@ -3411,7 +3413,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) { byte* rnd = NULL; - byte* pt; size_t size; /* get size of buffer then print */ @@ -3438,6 +3439,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } if (rnd) { + byte* pt; printf("Server Random : "); for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt); printf("\n"); diff --git a/src/bio.c b/src/bio.c index 03c5ad7621..035835ea44 100644 --- a/src/bio.c +++ b/src/bio.c @@ -2057,11 +2057,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str) { WOLFSSL_BIO *bio; - const char* port; WOLFSSL_ENTER("wolfSSL_BIO_new_connect"); bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket()); if (bio) { - port = XSTRSTR(str, ":"); + const char* port = XSTRSTR(str, ":"); if (port != NULL) bio->port = (word16)XATOI(port + 1); @@ -2261,8 +2260,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) void wolfSSL_BIO_ssl_shutdown(WOLFSSL_BIO* b) { - int rc; - WOLFSSL_ENTER("wolfSSL_BIO_ssl_shutdown"); if (b == NULL) { @@ -2279,7 +2276,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (b->ptr != NULL) { - rc = wolfSSL_shutdown((WOLFSSL*)b->ptr); + int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr); if (rc == SSL_SHUTDOWN_NOT_DONE) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ @@ -2386,7 +2383,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) long wolfSSL_BIO_set_conn_hostname(WOLFSSL_BIO* b, char* name) { - size_t currLen = 0; size_t newLen = 0; WOLFSSL_ENTER("wolfSSL_BIO_set_conn_hostname"); @@ -2414,7 +2410,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } } else { - currLen = XSTRLEN(b->ip); + size_t currLen = XSTRLEN(b->ip); if (currLen != newLen) { b->ip = (char*)XREALLOC(b->ip, newLen + 1, b->heap, DYNAMIC_TYPE_OPENSSL); diff --git a/src/conf.c b/src/conf.c index 0a63243c41..4693cbd8c9 100644 --- a/src/conf.c +++ b/src/conf.c @@ -158,7 +158,6 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db) long totalLen = 0; char buf[512]; /* Should be more than enough for a single row */ char* bufEnd = buf + sizeof(buf); - int sz; int i; WOLFSSL_ENTER("wolfSSL_TXT_DB_write"); @@ -172,6 +171,7 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db) while (data) { char** fields = (char**)data->data.string; char* idx = buf; + int sz; if (!fields) { WOLFSSL_MSG("Missing row"); @@ -1499,10 +1499,9 @@ static const conf_cmd_tbl* wolfssl_conf_find_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd) { size_t i = 0; - size_t cmdlen = 0; if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) { - cmdlen = XSTRLEN(cmd); + size_t cmdlen = XSTRLEN(cmd); if (cmdlen < 2) { WOLFSSL_MSG("bad cmdline command"); diff --git a/src/internal.c b/src/internal.c index 0fffa2418d..37613373f7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1715,7 +1715,6 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, int ret = 0; int optSz = 0; int rc; - byte validProto = 0; /* did we find a valid protocol */ WOLFSSL_ENTER("wolfSSL_session_import_internal"); /* check at least enough room for protocol and length */ @@ -1725,6 +1724,8 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf, /* Check if is TLS export protocol */ if (ret == 0) { + byte validProto = 0; /* did we find a valid protocol */ + if (buf[idx] == (byte)TLS_EXPORT_PRO && (buf[idx + 1] & 0xF0) == ((byte)TLS_EXPORT_PRO & 0xF0)) { validProto = 1; @@ -8902,7 +8903,6 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket) { int ret = 0; DtlsMsg* pool; - int epochOrder; WOLFSSL_ENTER("DtlsMsgPoolSend"); @@ -8926,6 +8926,8 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket) } while (pool != NULL) { + int epochOrder; + if (pool->epoch == 0) { DtlsRecordLayerHeader* dtls; @@ -10447,9 +10449,6 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, RecordLayerHeader* rh, word16 *size) { byte tls12minor; -#ifdef WOLFSSL_DTLS - int ret; -#endif /* WOLFSSL_DTLS */ #ifdef OPENSSL_ALL word32 start = *inOutIdx; @@ -10469,7 +10468,7 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, } else { #ifdef WOLFSSL_DTLS - ret = GetDtlsRecordHeader(ssl, inOutIdx, rh, size); + int ret = GetDtlsRecordHeader(ssl, inOutIdx, rh, size); if (ret != 0) return ret; #endif @@ -11418,18 +11417,19 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) int MatchDomainName(const char* pattern, int len, const char* str) { int ret = 0; - char p, s; if (pattern == NULL || str == NULL || len <= 0) return 0; while (len > 0) { - p = (char)XTOLOWER((unsigned char)*pattern++); + char p = (char)XTOLOWER((unsigned char)*pattern++); if (p == '\0') break; if (p == '*') { + char s; + while (--len > 0 && (p = (char)XTOLOWER((unsigned char)*pattern++)) == '*') { } @@ -16263,14 +16263,14 @@ static WC_INLINE word32 UpdateHighwaterMark(word32 cur, word32 first, * expected sequence number. 0 is special where it is an overflow. */ static void _DtlsUpdateWindowGTSeq(word32 diff, word32* window) { - word32 idx, temp, i; word32 oldWindow[WOLFSSL_DTLS_WINDOW_WORDS]; if (diff == 0 || diff >= DTLS_SEQ_BITS) XMEMSET(window, 0, DTLS_SEQ_SZ); else { - temp = 0; - idx = diff / DTLS_WORD_BITS; + word32 i; + word32 temp = 0; + word32 idx = diff / DTLS_WORD_BITS; diff %= DTLS_WORD_BITS; XMEMCPY(oldWindow, window, sizeof(oldWindow)); @@ -18303,14 +18303,13 @@ static byte MaskPadding(const byte* data, int sz, int macSz) int i; int checkSz = sz - 1; byte paddingSz = data[sz - 1]; - byte mask; byte good = ctMaskGT(paddingSz, sz - 1 - macSz); if (checkSz > TLS_MAX_PAD_SZ) checkSz = TLS_MAX_PAD_SZ; for (i = 0; i < checkSz; i++) { - mask = ctMaskLTE(i, paddingSz); + byte mask = ctMaskLTE(i, paddingSz); good |= mask & (data[sz - 1 - i] ^ paddingSz); } @@ -18769,7 +18768,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) byte level; byte code; word32 dataSz = (word32)ssl->curSize; - int ivExtra = 0; #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) if (ssl->hsInfoOn) @@ -18787,6 +18785,7 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) #endif if (IsEncryptionOn(ssl, 0)) { + int ivExtra = 0; #ifndef WOLFSSL_AEAD_ONLY if (ssl->specs.cipher_type == block) { if (ssl->options.tls1_1) @@ -18858,7 +18857,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) static int GetInputData(WOLFSSL *ssl, word32 size) { - int in; int inSz; int maxLength; int usedLength; @@ -18900,7 +18898,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size) /* read data from network */ do { - in = wolfSSLReceive(ssl, + int in = wolfSSLReceive(ssl, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.length, inSz); @@ -18968,7 +18966,6 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, int content, word32* padSz) { #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) - int ivExtra = 0; int ret; word32 pad = 0; word32 padByte = 0; @@ -18982,6 +18979,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, if (ssl->specs.cipher_type == block) { + int ivExtra = 0; if (ssl->options.tls1_1) ivExtra = ssl->specs.block_size; pad = *(input + msgSz - ivExtra - 1); @@ -23032,10 +23030,8 @@ int RetrySendAlert(WOLFSSL* ssl) /* send alert message */ int SendAlert(WOLFSSL* ssl, int severity, int type) { - int ret; - if (ssl->pendingAlert.level != alert_none) { - ret = RetrySendAlert(ssl); + int ret = RetrySendAlert(ssl); if (ret != 0) { if (ssl->pendingAlert.level == alert_none || (ssl->pendingAlert.level != alert_fatal && @@ -24740,13 +24736,13 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) #endif /* OPENSSL_EXTRA */ for (i = 0; i < suiteSz; i++) { - int j; - if (XSTRNCMP(name, cipher_names[i].name, sizeof(name)) == 0 #ifndef NO_ERROR_STRINGS || XSTRNCMP(name, cipher_names[i].name_iana, sizeof(name)) == 0 #endif ) { + int j; + #ifdef WOLFSSL_DTLS /* don't allow stream ciphers with DTLS */ if (ctx->method->version.major == DTLS_MAJOR) { @@ -26929,10 +26925,11 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->options.haveEMS = 0; /* If no extensions, no EMS */ #else { - int allowExt = 0; byte pendingEMS = 0; if ( (i - begin) < helloSz) { + int allowExt = 0; + if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >= TLSv1_MINOR) { @@ -36668,7 +36665,6 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], { byte *tmpRsa; byte mask; - int i; /* Add the signature length to idx */ args->idx += args->length; @@ -36703,6 +36699,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ctMaskCopy(~mask, (byte*)&args->output, (byte*)&tmpRsa, sizeof(args->output)); if (args->output != NULL) { + int i; /* Use random secret on error */ for (i = VERSION_SZ; i < SECRET_LEN; i++) { ssl->arrays->preMasterSecret[i] = diff --git a/src/keys.c b/src/keys.c index 8f960ba0e0..8251279363 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3326,7 +3326,7 @@ int DeriveKeys(WOLFSSL* ssl) int length = 2 * ssl->specs.hash_size + 2 * ssl->specs.key_size + 2 * ssl->specs.iv_size; - int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE, i; + int rounds = (length + WC_MD5_DIGEST_SIZE - 1 ) / WC_MD5_DIGEST_SIZE; int ret = 0; #ifdef WOLFSSL_SMALL_STACK @@ -3375,6 +3375,8 @@ int DeriveKeys(WOLFSSL* ssl) ret = wc_InitSha(sha); } if (ret == 0) { + int i; + XMEMCPY(md5Input, ssl->arrays->masterSecret, SECRET_LEN); for (i = 0; i < rounds; ++i) { diff --git a/src/ocsp.c b/src/ocsp.c index d3954a68bf..796b80f55b 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1260,9 +1260,6 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, WOLFSSL_ASN1_OBJECT **pmd, WOLFSSL_ASN1_STRING **keyHash, WOLFSSL_ASN1_INTEGER **serial, WOLFSSL_OCSP_CERTID *cid) { - int i = 0; - WOLFSSL_ASN1_INTEGER* ser; - WOLFSSL_ENTER("wolfSSL_OCSP_id_get0_info"); if (cid == NULL) @@ -1270,6 +1267,9 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, /* build up ASN1_INTEGER for serial */ if (serial != NULL) { + int i = 0; + WOLFSSL_ASN1_INTEGER* ser; + ser = wolfSSL_ASN1_INTEGER_new(); if (ser == NULL) return 0; diff --git a/src/pk.c b/src/pk.c index 1c371454ea..e8be529211 100644 --- a/src/pk.c +++ b/src/pk.c @@ -584,7 +584,6 @@ static int wolfssl_print_value(WOLFSSL_BIO* bio, mp_int* value, int ret = 1; int len; char line[PRINT_NUM_MAX_VALUE_LINE + 1]; - word32 v; /* Get the length of hex encoded value. */ len = mp_unsigned_bin_size(value); @@ -599,7 +598,7 @@ static int wolfssl_print_value(WOLFSSL_BIO* bio, mp_int* value, } if (ret == 1) { /* Get 32-bits of value. */ - v = (word32)value->dp[0]; + word32 v = (word32)value->dp[0]; /* Print the line to the string. */ len = (int)XSNPRINTF(line, sizeof(line), "%s %u (0x%x)\n", name, v, v); @@ -2296,7 +2295,6 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent) int sz = 0; RsaKey* key = NULL; char line[RSA_PRINT_MAX_HEADER_LINE]; - int len; int i = 0; mp_int *num = NULL; /* Header strings. */ @@ -2328,7 +2326,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent) } if (ret == 1) { /* Print header line. */ - len = XSNPRINTF(line, sizeof(line), "\nRSA %s: (%d bit)\n", + int len = XSNPRINTF(line, sizeof(line), "\nRSA %s: (%d bit)\n", (!mp_iszero(&key->d)) ? "Private-Key" : "Public-Key", sz); if (len >= (int)sizeof(line)) { WOLFSSL_ERROR_MSG("Buffer overflow while formatting key preamble"); @@ -4577,7 +4575,6 @@ int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bnCtx) int wolfSSL_DSA_print_fp(XFILE fp, WOLFSSL_DSA* dsa, int indent) { int ret = 1; - int pBits; WOLFSSL_ENTER("wolfSSL_DSA_print_fp"); @@ -4586,7 +4583,7 @@ int wolfSSL_DSA_print_fp(XFILE fp, WOLFSSL_DSA* dsa, int indent) } if (ret == 1 && dsa->p != NULL) { - pBits = wolfSSL_BN_num_bits(dsa->p); + int pBits = wolfSSL_BN_num_bits(dsa->p); if (pBits == 0) { ret = 0; } @@ -9693,7 +9690,6 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, { static const char* hexDigit = "0123456789ABCDEF"; char* hex = NULL; - int id; int i; int sz = 0; int len = 0; @@ -9713,7 +9709,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, if (!err) { /* Get curve id to look up ordinate size. */ - id = wc_ecc_get_curve_id(group->curve_idx); + int id = wc_ecc_get_curve_id(group->curve_idx); /* Get size of ordinate. */ if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0) { err = 1; @@ -9808,7 +9804,6 @@ int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *point, unsigned char *out, unsigned int *len) { int res = 1; - int ret; WOLFSSL_ENTER("wolfSSL_ECPoint_i2d"); @@ -9830,7 +9825,7 @@ int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, if (res == 1) { /* DER encode point in uncompressed format. */ - ret = wc_ecc_export_point_der(group->curve_idx, + int ret = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)point->internal, out, len); /* Check return. When out is NULL, return will be length only error. */ if ((ret != MP_OKAY) && ((out != NULL) || (ret != LENGTH_ONLY_E))) { @@ -9965,8 +9960,6 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, } /* Not infinity. */ else if (!err) { - int ret; - /* Validate format. */ if (form != POINT_CONVERSION_UNCOMPRESSED #ifndef HAVE_SELFTEST @@ -9977,23 +9970,18 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, err = 1; } - #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) if (!err) { + int ret; + + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) /* Encode as compressed or uncompressed. */ ret = wc_ecc_export_point_der_ex(group->curve_idx, (ecc_point*)point->internal, buf, &enc_len, compressed); - /* Check return. When buf is NULL, return will be length only - * error. - */ - if (ret != ((buf != NULL) ? MP_OKAY : LENGTH_ONLY_E)) { - err = 1; - } - } #else - if (!err) { /* Encode uncompressed point in DER format. */ ret = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)point->internal, buf, &enc_len); + #endif /* !HAVE_SELFTEST */ /* Check return. When buf is NULL, return will be length only * error. */ @@ -10001,7 +9989,6 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, err = 1; } } - #endif /* !HAVE_SELFTEST */ } /* On error, return encoding length of 0. */ @@ -11747,7 +11734,8 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *key, unsigned char **out) /* Calculate the length of the private key DER encoding using internal EC * key. */ - if ((!err) && ((len = wc_EccKeyDerSize((ecc_key*)key->internal, 0)) <= 0)) { + if ((!err) && ((int)(len = wc_EccKeyDerSize((ecc_key*)key->internal, 0)) <= + 0)) { WOLFSSL_MSG("wc_EccKeyDerSize error"); err = 1; } @@ -13222,8 +13210,6 @@ WOLFSSL_ECDSA_SIG* wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG** sig, */ int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp) { - word32 rLen; - word32 sLen; word32 len = 0; /* Validate parameter. */ @@ -13233,10 +13219,10 @@ int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp) * top bit set. */ /* Get total length of r including any prepended zero. */ - rLen = mp_leading_bit((mp_int*)sig->r->internal) + + word32 rLen = mp_leading_bit((mp_int*)sig->r->internal) + mp_unsigned_bin_size((mp_int*)sig->r->internal); /* Get total length of s including any prepended zero. */ - sLen = mp_leading_bit((mp_int*)sig->s->internal) + + word32 sLen = mp_leading_bit((mp_int*)sig->s->internal) + mp_unsigned_bin_size((mp_int*)sig->s->internal); /* Calculate length of data in sequence. */ len = 1 + ASN_LEN_SIZE(rLen) + rLen + @@ -13629,7 +13615,6 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outLen, int err = 0; word32 len = 0; ecc_key* key = NULL; - int ret; #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) int setGlobalRNG = 0; @@ -13658,6 +13643,8 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outLen, } if (!err) { + int ret; + /* Get the internal key. */ key = (ecc_key*)privKey->internal; /* Set length into variable of type suitable for wolfSSL API. */ diff --git a/src/ssl.c b/src/ssl.c index 5077a21f8f..cf3b8188ea 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1817,14 +1817,13 @@ int wolfSSL_get_ciphers(char* buf, int len) const CipherSuiteInfo* ciphers = GetCipherNames(); int ciphersSz = GetCipherNamesSize(); int i; - int cipherNameSz; if (buf == NULL || len <= 0) return BAD_FUNC_ARG; /* Add each member to the buffer delimited by a : */ for (i = 0; i < ciphersSz; i++) { - cipherNameSz = (int)XSTRLEN(ciphers[i].name); + int cipherNameSz = (int)XSTRLEN(ciphers[i].name); if (cipherNameSz + 1 < len) { XSTRNCPY(buf, ciphers[i].name, len); buf += cipherNameSz; @@ -4563,14 +4562,13 @@ int wolfSSL_want_write(WOLFSSL* ssl) char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data) { - static char tmp[WOLFSSL_MAX_ERROR_SZ] = {0}; - WOLFSSL_ENTER("wolfSSL_ERR_error_string"); if (data) { SetErrorString((int)errNumber, data); return data; } else { + static char tmp[WOLFSSL_MAX_ERROR_SZ] = {0}; SetErrorString((int)errNumber, tmp); return tmp; } @@ -4583,10 +4581,9 @@ void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len) if (len >= WOLFSSL_MAX_ERROR_SZ) wolfSSL_ERR_error_string(e, buf); else { - char tmp[WOLFSSL_MAX_ERROR_SZ]; - WOLFSSL_MSG("Error buffer too short, truncating"); if (len) { + char tmp[WOLFSSL_MAX_ERROR_SZ]; wolfSSL_ERR_error_string(e, tmp); XMEMCPY(buf, tmp, len-1); buf[len-1] = '\0'; @@ -5102,11 +5099,12 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void) void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) { - int doFree = 0; - int ret; WOLFSSL_ENTER("wolfSSL_CertManagerFree"); if (cm) { + int doFree = 0; + int ret; + wolfSSL_RefDec(&cm->ref, &doFree, &ret); #ifdef WOLFSSL_REFCNT_ERROR_RETURN if (ret != 0) { @@ -6495,9 +6493,6 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff, { int ret = 0; void* heap = wolfSSL_CTX_GetHeap(ctx, ssl); -#ifdef WOLFSSL_TLS13 - int cnt = 0; -#endif if ((type == CA_TYPE) && (ctx == NULL)) { WOLFSSL_MSG("Need context for CA load"); @@ -6517,6 +6512,9 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff, long consumed = info->consumed; word32 idx = 0; int gotOne = 0; + #ifdef WOLFSSL_TLS13 + int cnt = 0; + #endif /* Calculate max possible size, including max headers */ bufferSz = (word32)(sz - consumed) + (CERT_HEADER_SZ * MAX_CHAIN_DEPTH); @@ -8709,9 +8707,7 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, { int ret = WOLFSSL_SUCCESS; #ifndef NO_WOLFSSL_DIR - int fileRet; int successCount = 0; - int failCount = 0; #endif int verify; @@ -8743,6 +8739,8 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, if (ret == WOLFSSL_SUCCESS && path) { #ifndef NO_WOLFSSL_DIR char* name = NULL; + int fileRet; + int failCount = 0; #ifdef WOLFSSL_SMALL_STACK ReadDirCtx* readCtx; readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, @@ -10099,7 +10097,6 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, word32 keyIdx = 0; DhKey* key = NULL; int ret; - int elements; #ifdef WOLFSSL_SMALL_STACK DhKey* dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); if (dh == NULL) @@ -10147,7 +10144,8 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, keyIdx = 0; if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) == 0) { - elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB; + int elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | + ELEMENT_PUB; if (priv) elements |= ELEMENT_PRV; if(SetDhExternal_ex(pkey->dh, elements) @@ -10480,7 +10478,6 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, /* helper function to get raw pointer to DER buffer from WOLFSSL_EVP_PKEY */ static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, unsigned char** der) { - unsigned char* pt; int sz; word16 pkcs8HeaderSz; @@ -10494,7 +10491,7 @@ static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, unsigned char** pkcs8HeaderSz = key->pkcs8HeaderSz; sz = key->pkey_sz - pkcs8HeaderSz; if (der) { - pt = (unsigned char*)key->pkey.ptr; + unsigned char* pt = (unsigned char*)key->pkey.ptr; if (*der) { /* since this function signature has no size value passed in it is * assumed that the user has allocated a large enough buffer */ @@ -15014,7 +15011,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI word16 useTicket) { int error = -1; - word32 clientRow = 0, clientIdx = 0, sessionIDHash = 0; + word32 clientRow = 0, clientIdx = 0; (void)useTicket; if (side == WOLFSSL_CLIENT_END && row != INVALID_SESSION_ROW @@ -15046,7 +15043,8 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx; if (sessionID != NULL) { - sessionIDHash = HashObject(sessionID, ID_LEN, &error); + word32 sessionIDHash = HashObject(sessionID, ID_LEN, + &error); if (error == 0) { ClientCache[clientRow].Clients[clientIdx].sessionIDHash = sessionIDHash; @@ -15477,9 +15475,6 @@ void AddSession(WOLFSSL* ssl) const byte* id = NULL; byte idSz = 0; WOLFSSL_SESSION* session = ssl->session; -#ifdef HAVE_EXT_CACHE - int cbRet = 0; -#endif (void)error; @@ -15592,6 +15587,7 @@ void AddSession(WOLFSSL* ssl) #ifdef HAVE_EXT_CACHE if (error == 0 && ssl->ctx->new_sess_cb != NULL) { + int cbRet = 0; wolfSSL_SESSION_up_ref(session); cbRet = ssl->ctx->new_sess_cb(ssl, session); if (cbRet == 0) @@ -21312,8 +21308,6 @@ WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session) void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) { - int isZero; - session = ClientSessionToSession(session); if (session == NULL) return; @@ -21322,6 +21316,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) if (session->ref.count > 0) { int ret; + int isZero; wolfSSL_RefDec(&session->ref, &isZero, &ret); (void)ret; if (!isZero) { @@ -21851,7 +21846,6 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) {NULL, NID_undef} }; - const struct authnid* sa; const char* authStr; char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; @@ -21863,6 +21857,7 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) authStr = GetCipherAuthStr(n); if (authStr != NULL) { + const struct authnid* sa; for(sa = authnid_tbl; sa->alg_name != NULL; sa++) { if (XSTRCMP(sa->alg_name, authStr) == 0) { return sa->nid; @@ -21896,7 +21891,6 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher) {NULL, NID_undef} }; - const struct ciphernid* c; const char* encStr; char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; @@ -21910,6 +21904,7 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher) encStr = GetCipherEncStr(n); if (encStr != NULL) { + const struct ciphernid* c; for(c = ciphernid_tbl; c->alg_name != NULL; c++) { if (XSTRCMP(c->alg_name, encStr) == 0) { return c->nid; @@ -21935,7 +21930,6 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher) {NULL, NID_undef} }; - const struct macnid* mc; const char* name; const char* macStr; char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; @@ -21956,6 +21950,7 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher) macStr = GetCipherMacStr(n); if (macStr != NULL) { + const struct macnid* mc; for(mc = macnid_tbl; mc->alg_name != NULL; mc++) { if (XSTRCMP(mc->alg_name, macStr) == 0) { return mc->nid; @@ -21986,7 +21981,6 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher) {NULL, NID_undef} }; - const struct kxnid* k; const char* keaStr; char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; @@ -22005,6 +21999,7 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher) keaStr = GetCipherKeaStr(n); if (keaStr != NULL) { + const struct kxnid* k; for(k = kxnid_table; k->name != NULL; k++) { if (XSTRCMP(k->name, keaStr) == 0) { return k->nid; @@ -22558,7 +22553,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) word32 inOutIdx = 0; #endif word32 pub_derSz = 0; - int ret = 0; + int ret; int key_type = 0; if (key == NULL) { @@ -22567,7 +22562,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) key_type = key->type; if ((key_type != EVP_PKEY_EC) && (key_type != EVP_PKEY_RSA)) { - ret = WOLFSSL_FATAL_ERROR; + return WOLFSSL_FATAL_ERROR; } #ifndef NO_RSA @@ -22583,20 +22578,18 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) /* We need to get the DER, then convert it to a public key. But what we get * might be a buffered private key so we need to decode it and then encode * the public part. */ - if (ret == 0) { - ret = wolfSSL_EVP_PKEY_get_der(key, &local_der); - if (ret <= 0) { - /* In this case, there was no buffered DER at all. This could be the - * case where the key that was passed in was generated. So now we - * have to create the local DER. */ - local_derSz = wolfSSL_i2d_ECPrivateKey(key->ecc, &local_der); - if (local_derSz == 0) { - ret = WOLFSSL_FATAL_ERROR; - } - } else { - local_derSz = ret; - ret = 0; + ret = wolfSSL_EVP_PKEY_get_der(key, &local_der); + if (ret <= 0) { + /* In this case, there was no buffered DER at all. This could be the + * case where the key that was passed in was generated. So now we + * have to create the local DER. */ + local_derSz = wolfSSL_i2d_ECPrivateKey(key->ecc, &local_der); + if (local_derSz == 0) { + ret = WOLFSSL_FATAL_ERROR; } + } else { + local_derSz = ret; + ret = 0; } if (ret == 0) { @@ -22621,7 +22614,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) if (ret == 0) { pub_derSz = wc_EccPublicKeyDerSize(eccKey, 0); - if (pub_derSz <= 0) { + if ((int)pub_derSz <= 0) { ret = WOLFSSL_FAILURE; } } @@ -22637,7 +22630,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) if (ret == 0) { pub_derSz = wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 0); - if (pub_derSz <= 0) { + if ((int)pub_derSz <= 0) { ret = WOLFSSL_FATAL_ERROR; } } @@ -23234,13 +23227,12 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl) */ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) { - int sz; (void)w; WOLFSSL_ENTER("wolfSSL_PEM_def_callback"); /* We assume that the user passes a default password as userdata */ if (key) { - sz = (int)XSTRLEN((const char*)key); + int sz = (int)XSTRLEN((const char*)key); sz = (sz > num) ? num : sz; XMEMCPY(name, key, sz); return sz; @@ -23891,11 +23883,9 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) { byte* chain = NULL; - long chainSz = 0; int derSz; const byte* der; int ret; - int idx = 0; DerBuffer *derBuffer = NULL; WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert"); @@ -23923,6 +23913,9 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) } } else { + long chainSz = 0; + int idx = 0; + /* TODO: Do this elsewhere. */ ret = AllocDer(&derBuffer, derSz, CERT_TYPE, ctx->heap); if (ret != 0) { @@ -25187,7 +25180,6 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) #ifdef SESSION_CERTS int i; #endif - unsigned char *data; WOLFSSL_ENTER("wolfSSL_i2d_SSL_SESSION"); @@ -25256,6 +25248,8 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) #endif if (p != NULL) { + unsigned char *data; + if (*p == NULL) *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL); if (*p == NULL) @@ -26562,8 +26556,6 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data, int len) { - int hmac_error = 0; - WOLFSSL_MSG("wolfSSL_HMAC_Update"); if (ctx == NULL) { @@ -26572,6 +26564,8 @@ int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data, } if (data) { + int hmac_error = 0; + WOLFSSL_MSG("updating hmac"); hmac_error = wc_HmacUpdate(&ctx->hmac, data, (word32)len); if (hmac_error < 0){ @@ -27392,7 +27386,6 @@ int wolfSSL_get_signature_nid(WOLFSSL *ssl, int* nid) static int populate_groups(int* groups, int max_count, char *list) { char *end; - int len; int count = 0; const WOLF_EC_NIST_NAME* nist_name; @@ -27401,6 +27394,8 @@ static int populate_groups(int* groups, int max_count, char *list) } for (end = list; ; list = ++end) { + int len; + if (count > max_count) { WOLFSSL_MSG("Too many curves in list"); return -1; @@ -27476,7 +27471,6 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey = NULL; DerBuffer* der = NULL; int keyFormat = 0; - int type = -1; WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey"); @@ -27486,6 +27480,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &keyFormat, &der) >= 0) { const unsigned char* ptr = der->buffer; + int type = -1; if (keyFormat) { /* keyFormat is Key_Sum enum */ @@ -28418,13 +28413,13 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) WOLFSSL_EVP_PKEY* pkey = NULL; DerBuffer* der = NULL; int keyFormat = 0; - int type = -1; WOLFSSL_ENTER("wolfSSL_PEM_read_PrivateKey"); if (pem_read_file_key(fp, cb, pass, PRIVATEKEY_TYPE, &keyFormat, &der) >= 0) { const unsigned char* ptr = der->buffer; + int type = -1; if (keyFormat) { /* keyFormat is Key_Sum enum */ @@ -28490,7 +28485,6 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) char* nameStr = NULL; int nameLen = 0; char* headerStr = NULL; - int headerLen; int headerFound = 0; unsigned char* der = NULL; word32 derLen = 0; @@ -28528,6 +28522,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) ret = WOLFSSL_FAILURE; } if (ret == WOLFSSL_SUCCESS) { + int headerLen; + XSTRNCPY(nameStr, pem + PEM_BEGIN_SZ, nameLen); nameStr[nameLen] = '\0'; @@ -29461,7 +29457,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) int wolfSSL_OBJ_ln2nid(const char *ln) { const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; - size_t i, lnlen; + size_t lnlen; WOLFSSL_ENTER("wolfSSL_OBJ_ln2nid"); if (ln && (lnlen = XSTRLEN(ln)) > 0) { /* Accept input like "/commonName=" */ @@ -29470,6 +29466,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) lnlen--; } if (lnlen) { + size_t i; + if (ln[lnlen-1] == '=') { lnlen--; } @@ -30465,10 +30463,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, unsigned char* mem = NULL; int memSz = 0; WOLFSSL_EVP_PKEY* key = NULL; - int i = 0, j = 0; unsigned char* extraBioMem = NULL; - int extraBioMemSz = 0; - int derLength = 0; WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio"); @@ -30490,6 +30485,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, } if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { + int extraBioMemSz; + int derLength; + /* Determines key type and returns the new private EVP_PKEY object */ if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == NULL) { WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure"); @@ -30501,6 +30499,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, derLength = key->pkey_sz; extraBioMemSz = (memSz - derLength); if (extraBioMemSz > 0) { + int i; + int j = 0; + extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (extraBioMem == NULL) { @@ -30589,7 +30590,6 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx, int i; int error = 0; SessionRow* sessRow = NULL; - WOLFSSL_SESSION* cacheSession = NULL; const byte* id; byte foundCache = 0; @@ -30619,6 +30619,7 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx, } for (i = 0; i < SESSIONS_PER_ROW && i < sessRow->totalCount; i++) { + WOLFSSL_SESSION* cacheSession; #ifdef SESSION_CACHE_DYNAMIC_MEM cacheSession = sessRow->Sessions[i]; #else @@ -34411,10 +34412,8 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, byte* pem = NULL; int pemSz = 0; int type = PKCS8_PRIVATEKEY_TYPE; - int algId; const byte* curveOid; word32 oidSz; - int encAlgId = 0; if (bio == NULL || pkey == NULL) return -1; @@ -34435,6 +34434,7 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, WC_RNG rng; ret = wc_InitRng(&rng); if (ret == 0) { + int encAlgId = 0; #ifndef NO_DES3 if (enc == EVP_DES_CBC) encAlgId = DESb; @@ -34465,6 +34465,7 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, type = PKCS8_ENC_PRIVATEKEY_TYPE; } if (ret == 0 && enc == NULL) { + int algId; type = PKCS8_PRIVATEKEY_TYPE; #ifdef HAVE_ECC if (pkey->type == EVP_PKEY_EC) { @@ -34627,9 +34628,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, const byte* der = *pp; word32 idx = 0; int len = 0; - word32 end = 0; int cnt = 0; - int type; word32 algId; word32 keyLen = (word32)length; @@ -34645,7 +34644,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, */ ret = GetSequence(der, &idx, &len, keyLen); if (ret >= 0) { - end = idx + len; + word32 end = idx + len; while (ret >= 0 && idx < end) { /* Skip type */ idx++; @@ -34664,6 +34663,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, } if (ret >= 0) { + int type; /* ECC includes version, private[, curve][, public key] */ if (cnt >= 2 && cnt <= 4) type = EVP_PKEY_EC; @@ -35917,7 +35917,6 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) WC_RNG tmpRNG[1]; #endif int initTmpRng = 0; - int blockCount = 0; #ifdef HAVE_GLOBAL_RNG int used_global = 0; #endif @@ -35964,7 +35963,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) } if (rng) { /* handles size greater than RNG_MAX_BLOCK_LEN */ - blockCount = num / RNG_MAX_BLOCK_LEN; + int blockCount = num / RNG_MAX_BLOCK_LEN; while (blockCount--) { ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN); @@ -38087,13 +38086,14 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_EVP_PKEY* pkey, } if (ca != NULL) { - WC_DerCertList* cur; unsigned long numCerts = ca->num; - byte* curDer; - int curDerSz = 0; WOLFSSL_STACK* sk = ca; while (numCerts > 0 && sk != NULL) { + byte* curDer; + WC_DerCertList* cur; + int curDerSz = 0; + cur = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), NULL, DYNAMIC_TYPE_PKCS); if (cur == NULL) { diff --git a/src/ssl_bn.c b/src/ssl_bn.c index 474259688b..a86b65e24d 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -1273,7 +1273,6 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, int sub) { int ret = 1; - int rc = 0; #if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) #ifdef WOLFSSL_SMALL_STACK mp_int* w_mp = NULL; @@ -1304,6 +1303,7 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, } if (ret == 1) { + int rc = 0; #if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) if (w > (WOLFSSL_BN_ULONG)MP_MASK) { /* Initialize temporary MP integer. */ diff --git a/src/tls.c b/src/tls.c index 8e2e665508..8ea2dff1f5 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1030,7 +1030,7 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, byte dummy[WC_MAX_BLOCK_SIZE] = {0}; int ret; word32 msgSz, blockSz, macSz, padSz, maxSz, realSz; - word32 currSz, offset = 0; + word32 offset = 0; int msgBlocks, blocks, blockBits; int i; @@ -1102,7 +1102,7 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); if (ret == 0) { /* Fill the rest of the block with any available data. */ - currSz = ctMaskLT(msgSz, blockSz) & msgSz; + word32 currSz = ctMaskLT(msgSz, blockSz) & msgSz; currSz |= ctMaskGTE(msgSz, blockSz) & blockSz; currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; currSz &= ~(0 - (currSz >> 31)); @@ -2027,7 +2027,6 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length, int cacheOnly = 0; SNI *sni = NULL; byte type; - int matchStat; byte matched; #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) WOLFSSL_ECH* ech = NULL; @@ -2144,6 +2143,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length, #endif if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { + int matchStat; int r = TLSX_UseSNI(&ssl->extensions, type, input + offset, size, ssl->heap); if (r != WOLFSSL_SUCCESS) @@ -4443,7 +4443,6 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) TLSX* ext = NULL; TLSX* extension; SupportedCurve* clientGroup; - SupportedCurve* serverGroup; SupportedCurve* group; int found = 0; @@ -4476,6 +4475,8 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) ret = TLSX_PopulateSupportedGroups(ssl, &priority); if (ret == WOLFSSL_SUCCESS) { + SupportedCurve* serverGroup; + ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS); serverGroup = (SupportedCurve*)ext->data; @@ -5933,8 +5934,6 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, byte msgType, word16* pSz) { WOLFSSL* ssl = (WOLFSSL*)data; - byte major; - byte* cnt; byte tls13minor, tls12minor, tls11minor, isDtls = 0; tls13minor = (byte)TLSv1_3_MINOR; @@ -5955,9 +5954,9 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, #endif /* WOLFSSL_DTLS13 */ if (msgType == client_hello) { - major = ssl->ctx->method->version.major; + byte major = ssl->ctx->method->version.major; - cnt = output++; + byte* cnt = output++; *cnt = 0; if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13minor) @@ -6049,11 +6048,8 @@ int TLSX_SupportedVersions_Parse(const WOLFSSL* ssl, const byte* input, word16 length, byte msgType, ProtocolVersion* pv, Options* opts, TLSX** exts) { - int i; - int len; /* The client's greatest minor version that we support */ byte clientGreatestMinor = SSLv3_MINOR; - int set = 0; int ret; byte major, minor; byte tls13minor, tls12minor; @@ -6072,6 +6068,10 @@ int TLSX_SupportedVersions_Parse(const WOLFSSL* ssl, const byte* input, #endif /* WOLFSSL_DTLS13 */ if (msgType == client_hello) { + int i; + int len; + int set = 0; + /* Must contain a length and at least one version. */ if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1) return BUFFER_ERROR; @@ -9655,8 +9655,6 @@ int TLSX_PreSharedKey_Parse_ClientHello(TLSX** extensions, const byte* input, static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType) { - TLSX* extension; - PreSharedKey* list; if (msgType == client_hello) { return TLSX_PreSharedKey_Parse_ClientHello(&ssl->extensions, input, @@ -9665,6 +9663,8 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, const byte* input, if (msgType == server_hello) { word16 idx; + PreSharedKey* list; + TLSX* extension; /* Index of identity chosen by server. */ if (length != OPAQUE16_LEN) diff --git a/src/tls13.c b/src/tls13.c index 7371462204..b81e92e72c 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7702,7 +7702,6 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo, int ret = 0; byte sigData[MAX_SIG_DATA_SZ]; word16 sigDataSz; - word32 sigSz; ret = CreateSigData(ssl, sigData, &sigDataSz, 1); if (ret != 0) @@ -7710,6 +7709,7 @@ static int CheckRSASignature(WOLFSSL* ssl, int sigAlgo, int hashAlgo, if (sigAlgo == rsa_pss_sa_algo) { enum wc_HashType hashType = WC_HASH_TYPE_NONE; + word32 sigSz; ret = ConvertHashPss(hashAlgo, &hashType, NULL); if (ret < 0) @@ -9411,7 +9411,6 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, */ static int SendTls13Finished(WOLFSSL* ssl) { - int sendSz; int finishedSz = ssl->specs.hash_size; byte* input; byte* output; @@ -9519,26 +9518,26 @@ static int SendTls13Finished(WOLFSSL* ssl) } else #endif /* WOLFSSL_DTLS13 */ { - /* This message is always encrypted. */ - sendSz = BuildTls13Message(ssl, output, outputSz, input, - headerSz + finishedSz, handshake, 1, 0, 0); - if (sendSz < 0) { - WOLFSSL_ERROR_VERBOSE(BUILD_MSG_ERROR); - return BUILD_MSG_ERROR; - } - - #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) - if (ssl->hsInfoOn) AddPacketName(ssl, "Finished"); - if (ssl->toInfoOn) { - ret = AddPacketInfo(ssl, "Finished", handshake, output, sendSz, - WRITE_PROTO, 0, ssl->heap); - if (ret != 0) - return ret; + /* This message is always encrypted. */ + int sendSz = BuildTls13Message(ssl, output, outputSz, input, + headerSz + finishedSz, handshake, 1, 0, 0); + if (sendSz < 0) { + WOLFSSL_ERROR_VERBOSE(BUILD_MSG_ERROR); + return BUILD_MSG_ERROR; } - #endif - ssl->buffers.outputBuffer.length += sendSz; - ssl->options.buildingMsg = 0; + #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) + if (ssl->hsInfoOn) AddPacketName(ssl, "Finished"); + if (ssl->toInfoOn) { + ret = AddPacketInfo(ssl, "Finished", handshake, output, sendSz, + WRITE_PROTO, 0, ssl->heap); + if (ret != 0) + return ret; + } + #endif + + ssl->buffers.outputBuffer.length += sendSz; + ssl->options.buildingMsg = 0; } if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -9679,7 +9678,6 @@ static int SendTls13Finished(WOLFSSL* ssl) */ static int SendTls13KeyUpdate(WOLFSSL* ssl) { - int sendSz; byte* input; byte* output; int ret; @@ -9733,7 +9731,7 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ { /* This message is always encrypted. */ - sendSz = BuildTls13Message(ssl, output, outputSz, input, + int sendSz = BuildTls13Message(ssl, output, outputSz, input, headerSz + OPAQUE8_LEN, handshake, 0, 0, 0); if (sendSz < 0) return BUILD_MSG_ERROR; @@ -12535,7 +12533,6 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) #if !defined(NO_CERTS) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) word16 havePSK = 0; #endif - int advanceState; int ret = 0; WOLFSSL_ENTER("wolfSSL_accept_TLSv13"); @@ -12647,7 +12644,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) /* fragOffset is non-zero when sending fragments. On the last * fragment, fragOffset is zero again, and the state can be * advanced. */ - advanceState = + int advanceState = (ssl->options.acceptState == TLS13_ACCEPT_CLIENT_HELLO_DONE || ssl->options.acceptState == TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE || diff --git a/src/wolfio.c b/src/wolfio.c index 014f60f9c8..8c475aea43 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -2647,13 +2647,12 @@ void wolfSSL_SetIO_Mynewt(WOLFSSL* ssl, struct mn_socket* mnSocket, struct mn_so int uIPSend(WOLFSSL* ssl, char* buf, int sz, void* _ctx) { uip_wolfssl_ctx *ctx = (struct uip_wolfssl_ctx *)_ctx; - int ret; - unsigned int max_sendlen; int total_written = 0; (void)ssl; do { + int ret; unsigned int bytes_left = sz - total_written; - max_sendlen = tcp_socket_max_sendlen(&ctx->conn.tcp); + unsigned int max_sendlen = tcp_socket_max_sendlen(&ctx->conn.tcp); if (bytes_left > max_sendlen) { fprintf(stderr, "uIPSend: Send limited by buffer\r\n"); bytes_left = max_sendlen; diff --git a/src/x509.c b/src/x509.c index efef2954f6..a7a3e8430b 100644 --- a/src/x509.c +++ b/src/x509.c @@ -12114,7 +12114,6 @@ static int wolfSSL_EscapeString_RFC2253(char* in, word32 inSz, { word32 inIdx = 0; word32 outIdx = 0; - char c = 0; if (in == NULL || out == NULL || inSz == 0 || outSz == 0) { return BAD_FUNC_ARG; @@ -12122,7 +12121,7 @@ static int wolfSSL_EscapeString_RFC2253(char* in, word32 inSz, for (inIdx = 0; inIdx < inSz; inIdx++) { - c = in[inIdx]; + char c = in[inIdx]; if (((inIdx == 0) && (c == ' ' || c == '#')) || ((inIdx == (inSz-1)) && (c == ' ')) || @@ -12169,7 +12168,7 @@ static int wolfSSL_EscapeString_RFC2253(char* in, word32 inSz, int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, int indent, unsigned long flags) { - int i, count = 0, len = 0, tmpSz = 0, nameStrSz = 0, escapeSz = 0; + int i, count = 0, nameStrSz = 0, escapeSz = 0; char* tmp = NULL; char* nameStr = NULL; const char *buf = NULL; @@ -12190,6 +12189,9 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, count = wolfSSL_X509_NAME_entry_count(name); for (i = 0; i < count; i++) { + int len; + int tmpSz; + /* reverse name order for RFC2253 and DN_REV */ if ((flags & XN_FLAG_RFC2253) || (flags & XN_FLAG_DN_REV)) { ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1); @@ -12913,7 +12915,6 @@ int wolfSSL_sk_X509_OBJECT_push(WOLFSSL_STACK* sk, WOLFSSL_X509_OBJECT* obj) int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to) { int i; - WOLFSSL_X509_NAME_ENTRY* ne; WOLFSSL_ENTER("wolfSSL_X509_NAME_copy"); @@ -12943,7 +12944,7 @@ int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to) to->sz = from->sz; for (i = 0; i < MAX_NAME_ENTRIES; i++) { - ne = wolfSSL_X509_NAME_get_entry(from, i); + WOLFSSL_X509_NAME_ENTRY* ne = wolfSSL_X509_NAME_get_entry(from, i); if (ne != NULL) wolfSSL_X509_NAME_add_entry(to, ne, i, 1); } diff --git a/src/x509_str.c b/src/x509_str.c index 0164eb76f1..52f8c775a1 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -61,7 +61,6 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void) int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk) { - WOLFSSL_X509* x509_cert; int ret = 0; (void)sk; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init"); @@ -83,7 +82,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, ctx->chain = sk; /* Add intermediate certificates from stack to store */ while (sk != NULL) { - x509_cert = sk->data.x509; + WOLFSSL_X509* x509_cert = sk->data.x509; if (x509_cert != NULL && x509_cert->isCa) { ret = wolfSSL_X509_STORE_add_cert(store, x509_cert); if (ret < 0) { @@ -195,22 +194,21 @@ int GetX509Error(int e) */ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) { - int ret = 0; - int depth = 0; - int error; -#ifndef NO_ASN_TIME - byte *afterDate, *beforeDate; -#endif - WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { - ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, - ctx->current_cert->derCert->buffer, - ctx->current_cert->derCert->length, - WOLFSSL_FILETYPE_ASN1); + int ret = 0; + int depth = 0; + int error; + #ifndef NO_ASN_TIME + byte *afterDate, *beforeDate; + #endif + ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, + ctx->current_cert->derCert->buffer, + ctx->current_cert->derCert->length, + WOLFSSL_FILETYPE_ASN1); /* If there was an error, process it and add it to CTX */ if (ret < 0) { /* Get corresponding X509 error */ @@ -1000,7 +998,6 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, WOLFSSL_CTX* ctx; char *name = NULL; int ret = WOLFSSL_SUCCESS; - int successes = 0; #ifdef WOLFSSL_SMALL_STACK ReadDirCtx* readCtx = NULL; #else @@ -1044,6 +1041,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, /* Load files in dir */ if (dir && ret == WOLFSSL_SUCCESS) { + int successes = 0; + #ifdef WOLFSSL_SMALL_STACK readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -1094,7 +1093,6 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) { - int i = 0; int cnt_ret = 0; Signer **table; @@ -1107,6 +1105,7 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) table = store->cm->caTable; if (table){ if (wc_LockMutex(&store->cm->caLock) == 0){ + int i = 0; for (i = 0; i < CA_TABLE_SIZE; i++) { Signer* signer = table[i]; while (signer) { diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 3c8b0178b4..0b31777b28 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1621,10 +1621,9 @@ typedef enum bench_stat_type { void bench_stats_print(void) { int i; - bench_stats_t* bstat; for (i=0; itype == BENCH_STAT_SYM) { printf("%-16s %8.3f %s/s\n", bstat->desc, bstat->perfsec, base2 ? "MB" : "mB"); @@ -6209,7 +6208,7 @@ static void bench_rsaKeyGen_helper(int useDeviceID, int keySz) void bench_rsaKeyGen(int useDeviceID) { - int k, keySz; + int k; #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) const int keySizes[2] = {1024, 2048}; #else @@ -6217,7 +6216,7 @@ void bench_rsaKeyGen(int useDeviceID) #endif for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) { - keySz = keySizes[k]; + int keySz = keySizes[k]; bench_rsaKeyGen_helper(useDeviceID, keySz); } } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ddae9aff73..a7c72c021a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -241,11 +241,13 @@ static word32 BytePrecision(word32 value) */ WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output) { - word32 i = 0, j; + word32 i = 0; if (length < ASN_LONG_LENGTH) output[i++] = (byte)length; else { + word32 j; + output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); for (j = BytePrecision(length); j; --j) { @@ -2901,7 +2903,6 @@ static int SetASNIntMP(mp_int* n, int maxSz, byte* output) int idx = 0; int leadingBit; int length; - int err; leadingBit = mp_leading_bit(n); length = mp_unsigned_bin_size(n); @@ -2912,7 +2913,7 @@ static int SetASNIntMP(mp_int* n, int maxSz, byte* output) return BUFFER_E; if (output) { - err = mp_to_unsigned_bin(n, output + idx); + int err = mp_to_unsigned_bin(n, output + idx); if (err != MP_OKAY) return MP_TO_E; } @@ -2939,7 +2940,6 @@ static int SetASNIntRSA(void* n, byte* output) int idx = 0; int leadingBit; int length; - int err; leadingBit = wc_Rsa_leading_bit(n); length = wc_Rsa_unsigned_bin_size(n); @@ -2948,7 +2948,7 @@ static int SetASNIntRSA(void* n, byte* output) return BUFFER_E; if (output) { - err = wc_Rsa_to_unsigned_bin(n, output + idx, length); + int err = wc_Rsa_to_unsigned_bin(n, output + idx, length); if (err != MP_OKAY) return MP_TO_E; } @@ -6432,7 +6432,6 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, #else DECL_ASNGETDATA(dataASN, rsaKeyASN_Length); int ret = 0; - int i; byte version = (byte)-1; #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) word32 algId = 0; @@ -6455,6 +6454,7 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, CALLOC_ASNGETDATA(dataASN, rsaKeyASN_Length, ret, key->heap); if (ret == 0) { + int i; /* Register variable to hold version field. */ GetASN_Int8Bit(&dataASN[RSAKEYASN_IDX_VER], &version); /* Setup data to store INTEGER data in mp_int's in RSA object. */ @@ -8065,7 +8065,6 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, int encOidSz = 0; word32 padSz = 0; word32 innerLen = 0; - word32 outerLen = 0; const byte* pbeOidBuf = NULL; word32 pbeOidBufSz = 0; word32 pbeLen = 0; @@ -8119,7 +8118,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, if (ret == 0) { /* outerLen = length of PBE encoding + octet string data */ /* Plus 2 for tag and length for pbe */ - outerLen = 2 + pbeLen; + word32 outerLen = 2 + pbeLen; /* Octet string tag, length */ outerLen += 1 + SetLength(keySz + padSz, NULL); /* Octet string bytes */ @@ -8679,13 +8678,14 @@ int ToTraditionalEnc(byte* input, word32 sz, const char* password, #define PKCS8_MIN_BLOCK_SIZE 8 static int Pkcs8Pad(byte* buf, int sz, int blockSz) { - int i, padSz; + int padSz; /* calculate pad size */ padSz = blockSz - (sz & (blockSz - 1)); /* pad with padSz value */ if (buf) { + int i; for (i = 0; i < padSz; i++) { buf[sz+i] = (byte)(padSz & 0xFF); } @@ -8946,9 +8946,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, int version; int id; int blockSz = 0; - byte* pkcs8; word32 pkcs8Sz = 0; - byte cbcIv[MAX_IV_SIZE]; (void)heap; @@ -9017,8 +9015,10 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, } } if (ret == 0) { + byte cbcIv[MAX_IV_SIZE]; /* Store PKCS#8 key in output buffer. */ - pkcs8 = (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data; + byte* pkcs8 = + (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data; XMEMCPY(pkcs8, input, inputSz); Pkcs8Pad(pkcs8, inputSz, blockSz); @@ -10254,7 +10254,6 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, /* dsaPubKeyASN is longer than dsaPublicKeyASN. */ DECL_ASNGETDATA(dataASN, dsaPubKeyASN_Length); int ret = 0; - int i; /* Validated parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL)) { @@ -10264,6 +10263,8 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, ALLOC_ASNGETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap); if (ret == 0) { + int i; + /* Clear dynamic data items. */ XMEMSET(dataASN, 0, sizeof(ASNGetData) * dsaPublicKeyASN_Length); /* seq @@ -10450,7 +10451,6 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, /* dsaKeyASN is longer than dsaKeyOctASN. */ DECL_ASNGETDATA(dataASN, dsaKeyASN_Length); int ret = 0; - int i; byte version = 0; /* Sanity checks on input */ @@ -10461,6 +10461,8 @@ int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, CALLOC_ASNGETDATA(dataASN, dsaKeyASN_Length, ret, key->heap); if (ret == 0) { + int i; + /* Try dsaKeyOctASN */ /* Initialize key data and set mp_ints for params */ for (i = 0; i < DSA_INTS - 2; i++) { @@ -10787,9 +10789,9 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, int ints, int includeVersion) { #ifndef WOLFSSL_ASN_TEMPLATE - word32 seqSz = 0, verSz = 0, rawLen, intTotalLen = 0; + word32 seqSz = 0, verSz = 0, intTotalLen = 0; word32 sizes[DSA_INTS]; - int i, j, outLen, ret = 0, mpSz; + int i, j, outLen, ret = 0; byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; @@ -10804,9 +10806,10 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, /* write all big ints from key to DER tmps */ for (i = 0; i < ints; i++) { + int mpSz; mp_int* keyInt = GetDsaInt(key, i); + word32 rawLen = mp_unsigned_bin_size(keyInt) + 1; - rawLen = mp_unsigned_bin_size(keyInt) + 1; tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, DYNAMIC_TYPE_DSA); if (tmps[i] == NULL) { @@ -10861,7 +10864,6 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, #else DECL_ASNSETDATA(dataASN, dsaKeyASN_Length); int ret = 0; - int i; int sz = 0; (void)ints; @@ -10876,6 +10878,8 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, CALLOC_ASNSETDATA(dataASN, dsaKeyASN_Length, ret, key->heap); if (ret == 0) { + int i; + if (includeVersion) { /* Set the version. */ SetASN_Int8Bit(&dataASN[DSAKEYASN_IDX_VER], 0); @@ -13378,8 +13382,6 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) ASNGetData dataASN[certNameASN_Length]; word32 idx = cert->srcIdx; int ret = 0; - char* full; - byte* hash; WOLFSSL_MSG("Getting Name"); @@ -13389,6 +13391,9 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) ret = GetASN_Items(certNameASN, dataASN, certNameASN_Length, 0, cert->source, &idx, maxIdx); if (ret == 0) { + char* full; + byte* hash; + /* Store offset of SEQUENCE that is start of name. */ cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset; @@ -13589,7 +13594,7 @@ int GetAsnTimeString(void* currTime, byte* buf, word32 len) XMEMSET(uf_time, 0, sizeof(uf_time)); /* GetFormattedTime returns length with null terminator */ data_len = GetFormattedTime(currTime, uf_time, (word32)sizeof(uf_time)); - if (data_len <= 0) { + if ((int)data_len <= 0) { return ASN_TIME_E; } /* ensure room to add 2 bytes (ASN type and length) before proceeding */ @@ -13757,7 +13762,6 @@ int wc_ValidateDate(const byte* date, byte format, int dateType) int i = 0; int timeDiff = 0; int diffHH = 0, diffMM = 0; - int diffSign = 0; #if defined(NEED_TMP_TIME) struct tm tmpTimeStorage; @@ -13795,6 +13799,8 @@ int wc_ValidateDate(const byte* date, byte format, int dateType) } if ((date[i] == '+') || (date[i] == '-')) { + int diffSign; + WOLFSSL_MSG("Using time differential, not Zulu") ; diffSign = date[i++] == '+' ? 1 : -1 ; if (GetTime(&diffHH, date, &i) != 0) @@ -13946,7 +13952,6 @@ static int GetDateInfo(const byte* source, word32* idx, const byte** pDate, return 0; #else ASNGetData dataASN[dateASN_Length]; - int i; int ret = 0; if ((source == NULL) || (idx == NULL)) { @@ -13961,8 +13966,8 @@ static int GetDateInfo(const byte* source, word32* idx, const byte** pDate, } if (ret == 0) { /* Determine which tag was seen. */ - i = (dataASN[DATEASN_IDX_UTC].tag != 0) ? DATEASN_IDX_UTC - : DATEASN_IDX_GT; + int i = (dataASN[DATEASN_IDX_UTC].tag != 0) ? DATEASN_IDX_UTC + : DATEASN_IDX_GT; /* Return data from seen item. */ if (pFormat != NULL) { *pFormat = dataASN[i].tag; @@ -17870,7 +17875,6 @@ static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) while ((ret == 0) && (idx < (word32)sz) && (count < MAX_AIA_SZ)) { ASNGetData dataASN[accessDescASN_Length]; - word32 sz32; /* Clear dynamic data and retrieve OID and name. */ XMEMSET(dataASN, 0, sizeof(dataASN)); @@ -17880,6 +17884,8 @@ static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) ret = GetASN_Items(accessDescASN, dataASN, accessDescASN_Length, 0, input, &idx, sz); if (ret == 0) { + word32 sz32; + /* Check we have OCSP and URI. */ if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_OCSP_OID) && (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI)) { @@ -19874,7 +19880,6 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, DECL_ASNGETDATA(dataASN, x509CertASN_Length); int ret = 0; int badDate = 0; - int i; byte version; word32 idx; word32 serialSz; @@ -19908,6 +19913,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, ret = ASN_PARSE_E; } if (ret == 0) { + int i; + /* Set fields extracted from data. */ cert->version = version; cert->serialSz = serialSz; @@ -21263,8 +21270,6 @@ int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm) int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) { int ret = 0; - int checkPathLen = 0; - int decrementMaxPathLen = 0; #ifndef WOLFSSL_ASN_TEMPLATE word32 confirmOID = 0; #ifdef WOLFSSL_CERT_REQ @@ -21631,6 +21636,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) */ if (cert->ca && cert->pathLengthSet) { + int checkPathLen = 0; + int decrementMaxPathLen = 0; cert->maxPathLen = cert->pathLength; if (cert->isCA) { WOLFSSL_MSG("\tCA boolean set"); @@ -22514,12 +22521,6 @@ int wc_EncryptedInfoParse(EncryptedInfo* info, const char** pBuffer, const char* bufferStart; const char* bufferEnd; char* line; - word32 lineSz; - char* finish; - word32 finishSz; - char* start = NULL; - word32 startSz; - const char* newline = NULL; if (info == NULL || pBuffer == NULL || bufSz == 0) return BAD_FUNC_ARG; @@ -22531,6 +22532,13 @@ int wc_EncryptedInfoParse(EncryptedInfo* info, const char** pBuffer, line = XSTRNSTR(bufferStart, kProcTypeHeader, min((word32)bufSz, PEM_LINE_LEN)); if (line != NULL) { + word32 lineSz; + char* finish; + word32 finishSz; + char* start; + word32 startSz; + const char* newline = NULL; + if (line >= bufferEnd) { return BUFFER_E; } @@ -22802,14 +22810,6 @@ int PemToDer(const unsigned char* buff, long longSz, int type, DerBuffer* der; word32 algId = 0; word32 idx; -#if defined(WOLFSSL_ENCRYPTED_KEYS) - #if ((defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3)) || \ - (!defined(NO_AES) && defined(HAVE_AES_CBC) && \ - defined(HAVE_AES_DECRYPT))) && \ - !defined(NO_WOLFSSL_SKIP_TRAILING_PAD) - int padVal = 0; - #endif -#endif #ifdef OPENSSL_EXTRA char beginBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */ char endBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */ @@ -22903,11 +22903,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (!headerEnd) { #ifdef OPENSSL_EXTRA if (type == PRIVATEKEY_TYPE) { - const char* beginEnd; - int endLen; /* see if there is a -----BEGIN * PRIVATE KEY----- header */ headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz); if (headerEnd) { + const char* beginEnd; + int endLen; + beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX); if (beginEnd >= (char*)buff + sz) { return BUFFER_E; @@ -23140,6 +23141,13 @@ int PemToDer(const unsigned char* buff, long longSz, int type, ret = NO_PASSWORD; } else { + #if ((defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3)) || \ + (!defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(HAVE_AES_DECRYPT))) && \ + !defined(NO_WOLFSSL_SKIP_TRAILING_PAD) + int padVal = 0; + #endif + ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, (byte*)password, passwordSz, WC_MD5); @@ -23390,9 +23398,7 @@ int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der) byte staticBuffer[FILE_BUFFER_SIZE]; #endif byte* fileBuf = staticBuffer; - int dynamic = 0; int ret = 0; - long sz = 0; XFILE file = NULL; WOLFSSL_ENTER("wc_PemCertToDer"); @@ -23408,6 +23414,9 @@ int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der) } if (ret == 0) { + int dynamic = 0; + long sz = 0; + if (XFSEEK(file, 0, XSEEK_END) != 0) { ret = BUFFER_E; } @@ -30546,7 +30555,7 @@ int wc_SetDatesBuffer(Cert* cert, const byte* der, int derSz) /* Encode OID string representation to ITU-T X.690 format */ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) { - word32 val, idx = 0, nb_val; + word32 idx = 0, nb_val; char *token, *str, *ptr; word32 len; @@ -30568,7 +30577,7 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) token = XSTRTOK(str, ".", &ptr); while (token != NULL) { - val = (word32)XATOI(token); + word32 val = (word32)XATOI(token); if (nb_val == 0) { if (val > 2) { @@ -30592,12 +30601,12 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) out[idx++] += (byte)val; } else { - word32 tb = 0, x; + word32 tb = 0; int i = 0; byte oid[MAX_OID_SZ]; while (val >= 128) { - x = val % 128; + word32 x = val % 128; val /= 128; oid[i++] = (byte) (((tb++) ? 0x80 : 0) | x); } diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 6247263e18..6d836a0488 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -558,7 +558,6 @@ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) { word32 outIdx = 0; word32 i; - byte hb, lb; if (in == NULL || out == NULL || outLen == NULL) return BAD_FUNC_ARG; @@ -567,8 +566,8 @@ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) return BAD_FUNC_ARG; for (i = 0; i < inLen; i++) { - hb = in[i] >> 4; - lb = in[i] & 0x0f; + byte hb = in[i] >> 4; + byte lb = in[i] & 0x0f; /* ASCII value */ hb += '0'; diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index 33293560f2..1d36cf8abd 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -83,8 +83,8 @@ static WC_INLINE int curve25519_priv_clamp_check(const byte* priv) static WC_INLINE void curve25519_copy_point(byte* out, const byte* point, int endian) { - int i; if (endian == EC25519_BIG_ENDIAN) { + int i; /* put shared secret key in Big Endian format */ for (i = 0; i < CURVE25519_KEYSIZE; i++) { out[i] = point[CURVE25519_KEYSIZE - i -1]; diff --git a/wolfcrypt/src/curve448.c b/wolfcrypt/src/curve448.c index c8bba158d6..57cc6ac70f 100644 --- a/wolfcrypt/src/curve448.c +++ b/wolfcrypt/src/curve448.c @@ -236,7 +236,6 @@ int wc_curve448_export_public_ex(curve448_key* key, byte* out, word32* outLen, int endian) { int ret = 0; - int i; if ((key == NULL) || (out == NULL) || (outLen == NULL)) { ret = BAD_FUNC_ARG; @@ -258,6 +257,7 @@ int wc_curve448_export_public_ex(curve448_key* key, byte* out, word32* outLen, if (ret == 0) { *outLen = CURVE448_PUB_KEY_SIZE; if (endian == EC448_BIG_ENDIAN) { + int i; /* read keys in Big Endian format */ for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { out[i] = key->p[CURVE448_PUB_KEY_SIZE - i - 1]; @@ -304,7 +304,6 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen, curve448_key* key, int endian) { int ret = 0; - int i; /* sanity check */ if ((key == NULL) || (in == NULL)) { @@ -318,6 +317,7 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen, if (ret == 0) { if (endian == EC448_BIG_ENDIAN) { + int i; /* read keys in Big Endian format */ for (i = 0; i < CURVE448_PUB_KEY_SIZE; i++) { key->p[i] = in[CURVE448_PUB_KEY_SIZE - i - 1]; @@ -345,7 +345,6 @@ int wc_curve448_import_public_ex(const byte* in, word32 inLen, int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian) { int ret = 0; - word32 i; if (pub == NULL) { ret = BAD_FUNC_ARG; @@ -362,6 +361,8 @@ int wc_curve448_check_public(const byte* pub, word32 pubSz, int endian) } if (ret == 0) { + word32 i; + if (endian == EC448_LITTLE_ENDIAN) { /* Check for value of zero or one */ for (i = CURVE448_PUB_KEY_SIZE - 1; i > 0; i--) { @@ -465,7 +466,6 @@ int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out, word32* outLen, int endian) { int ret = 0; - int i; /* sanity check */ if ((key == NULL) || (out == NULL) || (outLen == NULL)) { @@ -481,6 +481,7 @@ int wc_curve448_export_private_raw_ex(curve448_key* key, byte* out, *outLen = CURVE448_KEY_SIZE; if (endian == EC448_BIG_ENDIAN) { + int i; /* put the key in Big Endian format */ for (i = 0; i < CURVE448_KEY_SIZE; i++) { out[i] = key->k[CURVE448_KEY_SIZE - i - 1]; @@ -630,7 +631,6 @@ int wc_curve448_import_private_ex(const byte* priv, word32 privSz, curve448_key* key, int endian) { int ret = 0; - int i; /* sanity check */ if ((key == NULL) || (priv == NULL)) { @@ -644,6 +644,7 @@ int wc_curve448_import_private_ex(const byte* priv, word32 privSz, if (ret == 0) { if (endian == EC448_BIG_ENDIAN) { + int i; /* read the key in Big Endian format */ for (i = 0; i < CURVE448_KEY_SIZE; i++) { key->k[i] = priv[CURVE448_KEY_SIZE - i - 1]; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index ef65ed15f0..adb1337219 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2375,14 +2375,13 @@ int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, byte* pub, word32* pPubSz) { int ret = 0; - word32 pubSz, privSz; if (key == NULL || (priv && pPrivSz == NULL) || (pub && pPubSz == NULL)) { return BAD_FUNC_ARG; } if (priv) { - privSz = mp_unsigned_bin_size(&key->priv); + word32 privSz = mp_unsigned_bin_size(&key->priv); if (privSz > *pPrivSz) { return BUFFER_E; } @@ -2391,7 +2390,7 @@ int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, } if (pub) { - pubSz = mp_unsigned_bin_size(&key->pub); + word32 pubSz = mp_unsigned_bin_size(&key->pub); if (pubSz > *pPubSz) { return BUFFER_E; } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 9940b22dda..2a44c4af48 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -438,9 +438,9 @@ int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz) { - int fill; - if (sz > 0) { + int fill; + if ((sz+ctx->bufUsed) > ctx->block_size) { fill = ctx->block_size - ctx->bufUsed; } else { @@ -736,7 +736,6 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int inl) { int blocks; - int fill; WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate"); if ((ctx == NULL) || (outl == NULL)) { @@ -820,7 +819,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, return WOLFSSL_SUCCESS; } if (ctx->bufUsed > 0) { /* concatenate them if there is anything */ - fill = fillBuff(ctx, in, inl); + int fill = fillBuff(ctx, in, inl); inl -= fill; in += fill; } @@ -946,13 +945,7 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int fl; int ret = WOLFSSL_SUCCESS; -#if (defined(HAVE_AESGCM) || defined(HAVE_AESCCM)) && \ - ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ - || FIPS_VERSION_GE(2,0)) - byte tmp = 0; -#endif if (!ctx || !outl) return WOLFSSL_FAILURE; @@ -1149,6 +1142,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, ret = WOLFSSL_FAILURE; } else if (ctx->lastUsed) { + int fl; PRINT_BUF(ctx->lastBlock, ctx->block_size); if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) { XMEMCPY(out, ctx->lastBlock, fl); @@ -1177,6 +1171,8 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, #if (defined(HAVE_AESGCM) || defined(HAVE_AESCCM)) && \ ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) + byte tmp = 0; + /* * This flag needs to retain its value between wolfSSL_EVP_CipherFinal * calls. wolfSSL_EVP_CipherInit will clear it, so we save and restore @@ -1907,7 +1903,6 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ int len; #ifdef HAVE_HKDF enum wc_HashType hkdfHashType; - int hkdfHashSz; #endif WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive"); @@ -2045,7 +2040,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ return WOLFSSL_FAILURE; } else { - hkdfHashSz = wolfSSL_EVP_MD_size(ctx->pkey->hkdfMd); + int hkdfHashSz = wolfSSL_EVP_MD_size(ctx->pkey->hkdfMd); if (hkdfHashSz <= 0) { WOLFSSL_MSG("Failed to get block size for HKDF hash."); return WOLFSSL_FAILURE; @@ -2502,9 +2497,9 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, switch (ctx->pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int len; unsigned int usiglen = (unsigned int)*siglen; if (!sig) { + int len; if (!ctx->pkey->rsa) return WOLFSSL_FAILURE; len = wc_RsaEncryptSize((RsaKey*)ctx->pkey->rsa->internal); @@ -3418,9 +3413,8 @@ static const struct s_ent { static enum wc_HashType EvpMd2MacType(const WOLFSSL_EVP_MD *md) { - const struct s_ent *ent ; - if (md != NULL) { + const struct s_ent *ent; for (ent = md_tbl; ent->name != NULL; ent++) { if (XSTRCMP((const char *)md, ent->name) == 0) { return ent->macType; @@ -3714,7 +3708,6 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, if (pkey->type == EVP_PKEY_HMAC) { int hashType; - const unsigned char* key; #ifndef NO_SHA256 if (XSTRCMP(type, "SHA256") == 0) { @@ -3772,6 +3765,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, { size_t keySz = 0; + const unsigned char* key; key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz); @@ -5043,11 +5037,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) /* returns the NID of message digest used by the ctx */ int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) { - const struct s_ent *ent; - WOLFSSL_ENTER("EVP_MD_CTX_type"); if (ctx) { + const struct s_ent *ent; + if (ctx->isHMAC) { return NID_hmac; } @@ -5084,11 +5078,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, const WOLFSSL_EVP_MD_CTX* src) { - int ret; if (src->isHMAC) { return wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); } else { + int ret; + switch (src->macType) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 @@ -5792,8 +5787,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) int arg, void *ptr) { int ret = WOLFSSL_FAILURE; +#if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) #ifndef WC_NO_RNG WC_RNG rng; +#endif #endif if (ctx == NULL) return WOLFSSL_FAILURE; @@ -9760,8 +9757,6 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, word32 eSz; /* size of public exponent */ const byte* n = NULL; const byte* e = NULL; /* pointer to modulus/exponent */ - int idx; - int wsz; word32 i; unsigned long exponent = 0; #ifdef WOLFSSL_SMALL_STACK @@ -9794,6 +9789,9 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } do { + int idx; + int wsz; + /* parse key to get modulus and exponent */ if (wc_RsaPublicKeyDecode_ex(pkey, &inOutIdx, pkeySz, &n, &nSz, &e, &eSz) != 0) { @@ -9916,7 +9914,6 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, word32 oidSz = 0; const char* OIDName = NULL; const char* nistCurveName = NULL; - int nid; int idx = 0; int wsz = 0; #ifdef WOLFSSL_SMALL_STACK @@ -9982,7 +9979,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* get NIST curve name */ if (res == WOLFSSL_SUCCESS) { - nid = EccEnumToNID(curveId); + int nid = EccEnumToNID(curveId); if (nid != -1) { /* look up object name and nist curve name*/ OIDName = wolfSSL_OBJ_nid2sn(nid); @@ -10111,10 +10108,6 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, word32 inOutIdx = 0; word32 oid; byte tagFound; - byte *p = NULL, * q = NULL, * g = NULL, * y = NULL; - int pSz, qSz, gSz, ySz; - int idx; - int wsz; #ifdef WOLFSSL_SMALL_STACK mp_int* a = NULL; #else @@ -10147,6 +10140,11 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } do { + byte *p = NULL, * q = NULL, * g = NULL, * y = NULL; + int pSz, qSz, gSz, ySz; + int idx; + int wsz; + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) { break; } @@ -10329,12 +10327,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, word32 oid; byte tagFound; byte* prime = NULL; - int primeSz; byte generator; byte* publicKey = NULL; - int publicKeySz; - int idx; - int wsz; word32 outSz; byte outHex[3]; #ifdef WOLFSSL_SMALL_STACK @@ -10369,6 +10363,11 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } do { + int primeSz; + int publicKeySz; + int idx; + int wsz; + if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) { break; } @@ -10835,7 +10834,6 @@ void wolfSSL_EVP_EncodeInit(WOLFSSL_EVP_ENCODE_CTX* ctx) int wolfSSL_EVP_EncodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, unsigned char* out, int* outl, const unsigned char* in, int inl) { - int cpysz; int res; word32 outsz = 0; @@ -10850,7 +10848,7 @@ int wolfSSL_EVP_EncodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, * to create a block(48bytes) for encoding */ if (ctx->remaining > 0 && inl > 0) { - cpysz = min((BASE64_ENCODE_BLOCK_SIZE - ctx->remaining), inl); + int cpysz = min((BASE64_ENCODE_BLOCK_SIZE - ctx->remaining), inl); XMEMCPY(ctx->data + ctx->remaining, in, cpysz); ctx->remaining += cpysz; in += cpysz; @@ -10968,7 +10966,6 @@ int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, int res; int pad = 0; int i; - int cpySz; unsigned char c; int pad3 = 0; int pad4 = 0; @@ -10996,7 +10993,7 @@ int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx, a block(4bytes) for decoding*/ if ( ctx->remaining > 0 && inl > 0) { - cpySz = min((BASE64_DECODE_BLOCK_SIZE - ctx->remaining), inl); + int cpySz = min((BASE64_DECODE_BLOCK_SIZE - ctx->remaining), inl); for ( i = 0; cpySz > 0 && inLen > 0; i++) { if (Base64_SkipNewline(in, &inLen, &j) == ASN_INPUT_E) { @@ -11165,7 +11162,6 @@ int wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx, word32 outsz = 0; word32 inLen; word32 j = 0; - int res; WOLFSSL_ENTER("wolfSSL_EVP_DecodeFinal"); @@ -11178,6 +11174,8 @@ int wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx, } if (ctx->remaining > 0) { + int res; + inLen = ctx->remaining; if ((res = Base64_SkipNewline(ctx->data, &inLen, &j)) != 0) { *outl = 0; diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index 556ee9ea7e..480753cb6f 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -767,7 +767,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz, } digestSz = wc_HmacSizeByType(enmhashId); - if (digestSz < 0) { + if (digestSz <= 0) { return BAD_FUNC_ARG; } diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 7c87925d3e..939700b57c 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -358,7 +358,7 @@ void WOLFSSL_MSG(const char* msg) #endif void WOLFSSL_BUFFER(const byte* buffer, word32 length) { - int i, buflen = (int)length, bufidx; + int i, buflen = (int)length; char line[(LINE_LEN * 4) + 3]; /* \t00..0F | chars...chars\0 */ if (!loggingEnabled) { @@ -371,7 +371,7 @@ void WOLFSSL_BUFFER(const byte* buffer, word32 length) } while (buflen > 0) { - bufidx = 0; + int bufidx = 0; XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t"); bufidx++; @@ -621,10 +621,10 @@ int wc_AddErrorNode(int error, int line, char* reason, char* file) */ void wc_RemoveErrorNode(int relative_idx) { - int last_idx, abs_idx = get_abs_idx(relative_idx); - size_t move_count; + int abs_idx = get_abs_idx(relative_idx); if (abs_idx >= 0) { + size_t move_count; if (abs_idx >= (int)wc_errors.head_idx) { /* removed entry sits "above" head (or is head), * move entries below it "up" */ @@ -640,7 +640,7 @@ void wc_RemoveErrorNode(int relative_idx) else { /* removed entry sits "below" head (wrap around), * move entries above it "down" */ - last_idx = get_abs_idx(-1); + int last_idx = get_abs_idx(-1); if (last_idx >= abs_idx) { /* this SHOULD always be true */ move_count = (last_idx - abs_idx); if (move_count > 0) { @@ -693,8 +693,6 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, const char **data, int *flags, int (*ignore_err)(int err)) { - int ret = 0; - WOLFSSL_ENTER("wc_PeekErrorNodeLineData"); /* No data or flags stored - error display only in Nginx. */ @@ -706,7 +704,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, } while (1) { - ret = wc_PeekErrorNode(0, file, NULL, line); + int ret = wc_PeekErrorNode(0, file, NULL, line); if (ret == BAD_STATE_E) { WOLFSSL_MSG("Issue peeking at error node in queue"); return 0; @@ -757,7 +755,6 @@ unsigned long wc_GetErrorNodeErr(void) void wc_ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) { - struct wc_error_entry *entry; size_t i; WOLFSSL_ENTER("wc_ERR_print_errors_cb"); @@ -768,7 +765,7 @@ void wc_ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), } for (i = 0; i < wc_errors.count; ++i) { - entry = get_entry((int)i); + struct wc_error_entry *entry = get_entry((int)i); if (entry == NULL) break; cb(entry->reason, XSTRLEN(entry->reason), u); @@ -1200,7 +1197,6 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, const char **data, int *flags, int (*ignore_err)(int err)) { - int ret = 0; int idx; WOLFSSL_ENTER("wc_PeekErrorNodeLineData"); @@ -1220,7 +1216,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, idx = getErrorNodeCurrentIdx(); while (1) { - ret = peekErrorNode(idx, file, NULL, line); + int ret = peekErrorNode(idx, file, NULL, line); if (ret == BAD_MUTEX_E || ret == BAD_FUNC_ARG || ret == BAD_STATE_E) { WOLFSSL_MSG("Issue peeking at error node in queue"); return 0; diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 39639cc337..1e0cbf30af 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -242,7 +242,6 @@ void wc_MemZero_Check(void* addr, size_t len) memZero[i].name, memZero[i].addr, j); fprintf(stderr, "[MEM_ZERO] Checking %p:%ld\n", addr, len); abort(); - break; } } /* Update next index to write to. */ @@ -602,7 +601,6 @@ int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag, /* divide into chunks of memory and add them to available list */ while (ava >= (heap->sizeList[0] + padSz + memSz)) { - int i; /* creating only IO buffers from memory passed in, max TLS is 16k */ if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) { if ((ret = create_memory_buckets(pt, ava, @@ -622,6 +620,7 @@ int wolfSSL_load_static_memory(byte* buffer, word32 sz, int flag, ava -= ret; } else { + int i; /* start at largest and move to smaller buckets */ for (i = (WOLFMEM_MAX_BUCKETS - 1); i >= 0; i--) { if ((heap->sizeList[i] + padSz + memSz) <= ava) { @@ -1054,7 +1053,6 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) { void* res = 0; wc_Memory* pt = NULL; - word32 prvSz; int i; /* check for testing heap hint was set */ @@ -1120,7 +1118,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) res = pt->buffer; /* copy over original information and free ptr */ - prvSz = ((wc_Memory*)((byte*)ptr - padSz - + word32 prvSz = ((wc_Memory*)((byte*)ptr - padSz - sizeof(wc_Memory)))->sz; prvSz = (prvSz > pt->sz)? pt->sz: prvSz; XMEMCPY(pt->buffer, ptr, prvSz); diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index ab4f2fcaa2..e0cc5b0573 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -181,18 +181,18 @@ WC_MISC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value) WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, word32 byteCount) { - word32 count, i; + word32 i; #ifdef WOLFSSL_USE_ALIGN if ((((size_t)in & 0x3) == 0) && (((size_t)out & 0x3) == 0)) - { #endif - count = byteCount/(word32)sizeof(word32); + { + word32 count = byteCount/(word32)sizeof(word32); for (i = 0; i < count; i++) out[i] = ByteReverseWord32(in[i]); -#ifdef WOLFSSL_USE_ALIGN } +#ifdef WOLFSSL_USE_ALIGN else { byte *in_bytes = (byte *)in; byte *out_bytes = (byte *)out; diff --git a/wolfcrypt/src/port/Renesas/renesas_sce_util.c b/wolfcrypt/src/port/Renesas/renesas_sce_util.c index 1ed11489ec..f6bd06f56a 100644 --- a/wolfcrypt/src/port/Renesas/renesas_sce_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_sce_util.c @@ -291,7 +291,7 @@ WOLFSSL_LOCAL int wc_SCE_EccVerify(WOLFSSL* ssl, const uint8_t* sig, return MEMORY_E; } /* initialization */ - XMEMCPY(sigforSCE, 0, HW_SCE_ECDSA_DATA_BYTE_SIZE); + XMEMSET(sigforSCE, 0, HW_SCE_ECDSA_DATA_BYTE_SIZE); /* r */ if (sig[offset] == 0x20) { @@ -945,7 +945,7 @@ WOLFSSL_LOCAL int wc_sce_tls_CertVerify( return MEMORY_E; } /* initialization */ - XMEMCPY(sigforSCE, 0, HW_SCE_ECDSA_DATA_BYTE_SIZE); + XMEMSET(sigforSCE, 0, HW_SCE_ECDSA_DATA_BYTE_SIZE); if (signature[offset] == 0x20) { XMEMCPY(sigforSCE, &signature[offset+1], rs_size); diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c index 1abcfc717b..56efdacf10 100644 --- a/wolfcrypt/src/port/caam/caam_aes.c +++ b/wolfcrypt/src/port/caam/caam_aes.c @@ -58,7 +58,6 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, if (len > 32) { byte out[32]; /* max AES key size */ word32 outSz; - int ret; if (len != 64 && len != 72 && len != 80) { return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c index 17e1d449e8..b78cbdf812 100644 --- a/wolfcrypt/src/port/caam/caam_driver.c +++ b/wolfcrypt/src/port/caam/caam_driver.c @@ -1163,7 +1163,7 @@ int caamECDSAMake(DESCSTRUCT* desc, CAAM_BUFFER* buf, unsigned int args[4]) /* create secure partition for private key out */ part = caamFindUnusedPartition(); - if (part < 0) { + if ((int)part < 0) { WOLFSSL_MSG("error finding an unused partition for new key"); return -1; } diff --git a/wolfcrypt/src/port/cypress/psoc6_crypto.c b/wolfcrypt/src/port/cypress/psoc6_crypto.c index 56dc8e8549..15f3d207cc 100644 --- a/wolfcrypt/src/port/cypress/psoc6_crypto.c +++ b/wolfcrypt/src/port/cypress/psoc6_crypto.c @@ -101,7 +101,6 @@ int wc_Sha512GetHash(wc_Sha512* sha, byte* hash) int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) { - cy_en_crypto_status_t res; if ((!dst) || (!src)) return BAD_FUNC_ARG; Cy_Crypto_Core_MemCpy(crypto_base, dst, src, sizeof(wc_Sha512)); @@ -158,7 +157,6 @@ int wc_Sha256GetHash(wc_Sha256* sha, byte* hash) int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) { - cy_en_crypto_status_t res; if ((!dst) || (!src)) return BAD_FUNC_ARG; Cy_Crypto_Core_MemCpy(crypto_base, dst, src, sizeof(wc_Sha256)); diff --git a/wolfcrypt/src/port/xilinx/xil-sha3.c b/wolfcrypt/src/port/xilinx/xil-sha3.c index 9ce130af9b..459e8d6d7d 100644 --- a/wolfcrypt/src/port/xilinx/xil-sha3.c +++ b/wolfcrypt/src/port/xilinx/xil-sha3.c @@ -202,7 +202,9 @@ void wc_Sha3_384_Free(wc_Sha3* sha) */ int wc_Sha3_384_GetHash(wc_Sha3* sha, byte* out) { +#ifdef WOLFSSL_XILINX_CRYPTO_OLD wc_Sha3 s; +#endif if (sha == NULL || out == NULL) { return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index 99afc17765..6b769f65c2 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -51,7 +51,7 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, { int err; int keyLeft, ivLeft, i; - int digestLeft, store; + int store; int keyOutput = 0; int diestLen; byte digest[WC_MAX_DIGEST_SIZE]; @@ -96,7 +96,7 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, keyLeft = keyLen; ivLeft = ivLen; while (keyOutput < (keyLen + ivLen)) { - digestLeft = diestLen; + int digestLeft = diestLen; /* D_(i - 1) */ if (keyOutput) { /* first time D_0 is empty */ err = wc_HashUpdate(hash, hashT, digest, diestLen); @@ -176,9 +176,8 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int hashType, void* heap, int devId) { - word32 i = 1; int hLen; - int j, ret; + int ret; #ifdef WOLFSSL_SMALL_STACK byte* buffer; Hmac* hmac; @@ -213,11 +212,13 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt, ret = wc_HmacInit(hmac, heap, devId); if (ret == 0) { + word32 i = 1; /* use int hashType here, since HMAC FIPS uses the old unique value */ ret = wc_HmacSetKey(hmac, hashType, passwd, pLen); while (ret == 0 && kLen) { int currentLen; + int j; ret = wc_HmacUpdate(hmac, salt, sLen); if (ret != 0) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index b289dbc929..1e5c939d26 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -617,10 +617,9 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V) static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) { - word16 carry = 0; - if (dLen > 0 && sLen > 0 && dLen >= sLen) { int sIdx, dIdx; + word16 carry = 0; dIdx = dLen - 1; for (sIdx = sLen - 1; sIdx >= 0; sIdx--) { @@ -3164,7 +3163,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #include "nrf_drv_rng.h" int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { - int remaining = sz, length, pos = 0; + int remaining = sz, pos = 0; word32 err_code; byte available; static byte initialized = 0; @@ -3185,6 +3184,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } while (remaining > 0) { + int length; available = 0; nrf_drv_rng_bytes_available(&available); /* void func */ length = (remaining < available) ? remaining : available; @@ -3798,14 +3798,13 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_hwrng_generate_block(byte *output, word32 sz) { int fd; - int len; int ret = 0; fd = open("/dev/hwrng", O_RDONLY); if (fd == -1) return OPEN_RAN_E; while(sz) { - len = (int)read(fd, output, sz); + int len = (int)read(fd, output, sz); if (len == -1) { ret = READ_RAN_E; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index c91599ec08..c15f000403 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1888,9 +1888,6 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, { int ret = BAD_FUNC_ARG; word16 i; -#ifndef WOLFSSL_RSA_VERIFY_ONLY - byte invalid = 0; -#endif if (output == NULL || pkcsBlockLen < 2 || pkcsBlockLen > 0xFFFF) { return BAD_FUNC_ARG; @@ -1923,6 +1920,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, else { unsigned int j; word16 pastSep = 0; + byte invalid = 0; i = 0; /* Decrypted with private key - unpad must be constant time. */ @@ -3579,11 +3577,6 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, if (rsa_type == RSA_PUBLIC_DECRYPT && ret > (int)outLen) ret = RSA_BUFFER_E; else if (ret >= 0 && pad != NULL) { -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ - !defined(WOLFSSL_NO_MALLOC) - signed char c; -#endif - /* only copy output if not inline */ if (outPtr == NULL) { #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ @@ -3594,6 +3587,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, int start = (int)((size_t)pad - (size_t)key->data); for (j = 0; j < key->dataLen; j++) { + signed char c; out[i] = key->data[j]; c = ctMaskGTE(j, start); c &= ctMaskLT(i, outLen); diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index c9b69c321c..2710f203b0 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -641,12 +641,11 @@ static int InitSha3(wc_Sha3* sha3) static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) { word32 i; - byte l; - byte *t; word32 blocks; if (sha3->i > 0) { - l = p * 8 - sha3->i; + byte *t; + byte l = p * 8 - sha3->i; if (l > len) { l = (byte)len; } @@ -1300,10 +1299,10 @@ int wc_Shake128_Final(wc_Shake* shake, byte* hash, word32 hashLen) int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len) { int ret; - byte hash[1]; ret = Sha3Update(shake, data, len, WC_SHA3_128_COUNT); if (ret == 0) { + byte hash[1]; ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_128_COUNT, 0); } /* No partial data. */ @@ -1429,10 +1428,10 @@ int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen) int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len) { int ret; - byte hash[1]; ret = Sha3Update(shake, data, len, WC_SHA3_256_COUNT); if (ret == 0) { + byte hash[1]; ret = Sha3Final(shake, 0x1f, hash, WC_SHA3_256_COUNT, 0); } /* No partial data. */ diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c index bf2070f34a..bb86781bd3 100644 --- a/wolfcrypt/src/wolfmath.c +++ b/wolfcrypt/src/wolfmath.c @@ -76,7 +76,6 @@ void mp_reverse(unsigned char *s, int len) { int ix, iy; - unsigned char t; if (s == NULL) return; @@ -84,7 +83,7 @@ void mp_reverse(unsigned char *s, int len) ix = 0; iy = len - 1; while (ix < iy) { - t = s[ix]; + unsigned char t = s[ix]; s[ix] = s[iy]; s[iy] = t; ++ix; @@ -120,11 +119,6 @@ mp_digit get_digit(const mp_int* a, int n) int mp_cond_copy(mp_int* a, int copy, mp_int* b) { int err = MP_OKAY; -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) - unsigned int i; -#else - int i; -#endif #if defined(SP_WORD_SIZE) && SP_WORD_SIZE == 8 unsigned int mask = (unsigned int)0 - copy; #else @@ -138,6 +132,11 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) if (err == MP_OKAY) err = mp_grow(b, a->used + 1); if (err == MP_OKAY) { + #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + unsigned int i; + #else + int i; + #endif /* When mask 0, b is unchanged2 * When mask all set, b ^ b ^ a = a */ @@ -173,9 +172,6 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) { int ret = 0; int cnt = digits * sizeof(mp_digit); -#ifdef USE_INTEGER_HEAP_MATH - int i; -#endif if (rng == NULL) { ret = MISSING_RNG_E; @@ -208,6 +204,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) } if (ret == MP_OKAY) { #ifdef USE_INTEGER_HEAP_MATH + int i; /* Mask down each digit to only bits used */ for (i = 0; i < a->used; i++) { a->dp[i] &= MP_MASK; @@ -374,7 +371,7 @@ void wc_bigint_free(WC_BIGINT* a) int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz) { int err; - word32 x, y; + word32 x; if (src == NULL || dst == NULL) return BAD_FUNC_ARG; @@ -388,7 +385,7 @@ int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz) err = wc_bigint_alloc(dst, sz); if (err == MP_OKAY && sz > 0) { /* leading zero pad */ - y = sz - x; + word32 y = sz - x; XMEMSET(dst->buf, 0, y); /* export src as unsigned bin to destination buf */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 82b4244d9d..28d9f4967d 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -19981,7 +19981,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) EVP_MD_CTX_cleanup(&md_ctx); if (ret != WOLFSSL_SUCCESS) return WC_TEST_RET_ENC_NC; - if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) + if (XMEMCMP(hash, b.output, b.outLen) != 0) return WC_TEST_RET_ENC_NC; #endif /* NO_SHA */ @@ -20001,8 +20001,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { return WC_TEST_RET_ENC_NC; } #endif /* WOLFSSL_SHA224 */ @@ -20023,8 +20022,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) { return WC_TEST_RET_ENC_NC; } #endif /* !NO_SHA256 */ @@ -20047,8 +20045,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { return WC_TEST_RET_ENC_NC; } #endif /* WOLFSSL_SHA384 */ @@ -20072,8 +20069,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -20095,8 +20091,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, f.output, WC_SHA512_224_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { return WC_TEST_RET_ENC_NC; } #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */ @@ -20119,8 +20114,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, f.output, WC_SHA512_256_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { return WC_TEST_RET_ENC_NC; } #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */ @@ -20143,8 +20137,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, e.output, WC_SHA3_224_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { return WC_TEST_RET_ENC_NC; } #endif /* WOLFSSL_NOSHA3_224 */ @@ -20166,8 +20159,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, d.output, WC_SHA3_256_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) { return WC_TEST_RET_ENC_NC; } #endif /* WOLFSSL_NOSHA3_256 */ @@ -20189,8 +20181,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) ret = EVP_DigestFinal(&md_ctx, hash, 0); } EVP_MD_CTX_cleanup(&md_ctx); - if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, e.output, WC_SHA3_384_DIGEST_SIZE) != 0) { + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { return WC_TEST_RET_ENC_NC; } @@ -20214,7 +20205,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) } EVP_MD_CTX_cleanup(&md_ctx); if (ret != WOLFSSL_SUCCESS || - XMEMCMP(hash, f.output, WC_SHA3_512_DIGEST_SIZE) != 0) { + XMEMCMP(hash, f.output, f.outLen) != 0) { return WC_TEST_RET_ENC_NC; } #endif /* WOLFSSL_NOSHA3_512 */ @@ -20239,7 +20230,7 @@ WOLFSSL_TEST_SUBROUTINE int openssl_test(void) #else if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0) == NULL || - XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0) + XMEMCMP(hash, c.output, c.outLen) != 0) #endif { return WC_TEST_RET_ENC_NC; @@ -21238,8 +21229,11 @@ WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void) } prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); XFCLOSE(keyFile); - if (prvBytes == 0) + if (prvBytes == 0) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return WC_TEST_RET_ENC_ERRNO; + } keypubFile = XFOPEN(cliKeypub, "rb"); if (!keypubFile) { XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -21250,8 +21244,11 @@ WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void) } pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); XFCLOSE(keypubFile); - if (pubBytes == 0) + if (pubBytes == 0) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return WC_TEST_RET_ENC_ERRNO; + } #endif /* USE_CERT_BUFFERS */ prvRsa = wolfSSL_RSA_new(); @@ -21657,8 +21654,11 @@ WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void) } prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); XFCLOSE(keyFile); - if (prvBytes == 0) + if (prvBytes == 0) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return WC_TEST_RET_ENC_ERRNO; + } keypubFile = XFOPEN(cliKeypub, "rb"); if (!keypubFile) { XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -21669,8 +21669,11 @@ WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void) } pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); XFCLOSE(keypubFile); - if (pubBytes == 0) + if (pubBytes == 0) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return WC_TEST_RET_ENC_ERRNO; + } #endif /* USE_CERT_BUFFERS */ prvRsa = wolfSSL_RSA_new(); @@ -24737,7 +24740,9 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT); #endif word32 x = 0; -#if defined(HAVE_ECC_SIGN) && !defined(WOLFSSL_KCAPI_ECC) +#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ + !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \ + defined(HAVE_ECC_SIGN) WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); int i; @@ -24771,7 +24776,9 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); #endif -#if defined(HAVE_ECC_SIGN) && !defined(WOLFSSL_KCAPI_ECC) +#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ + !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \ + defined(HAVE_ECC_SIGN) if (sig == NULL || digest == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); #endif @@ -44228,11 +44235,13 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx) #ifdef OPENSSL_EXTRA EVP_PKEY* privKey = NULL; EVP_PKEY* pubKey = NULL; + #ifdef USE_CERT_BUFFERS_256 ecc_key* pkey; + const unsigned char* cp; + #endif EVP_MD_CTX mdCtx; const char testData[] = "Hi There"; size_t checkSz = -1; - const unsigned char* cp; const unsigned char* p; const unsigned char check_v[256] = { 0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09, diff --git a/wolfssl/test.h b/wolfssl/test.h index 98e0fc9ccc..0da86d9392 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1219,7 +1219,6 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, if ((XSTRCMP(peer, "localhost") != 0) && (XSTRCMP(peer, "127.0.0.1") != 0)) { FILE* fp; - char host_out[100]; char cmd[100]; XSTRNCPY(cmd, "host ", 6); @@ -1227,6 +1226,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, found = 0; fp = popen(cmd, "r"); if (fp != NULL) { + char host_out[100]; while (fgets(host_out, sizeof(host_out), fp) != NULL) { int i; int j = 0; @@ -2455,7 +2455,6 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) int i; - int b = 0x01; WOLFSSL_SESSION* lsess; char buf[256]; const char* cipher_id = "TLS13-AES128-GCM-SHA256"; @@ -2486,8 +2485,9 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, } if (i != numCiphers) { + int b = 0x01; SSL_SESSION_set_cipher(lsess, cipher); - for (i = 0; i < 32; i++, b += 0x22) { + for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) b = 0x01; local_psk[i] = b; @@ -2857,7 +2857,6 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) WOLFSSL_BIO* bio = NULL; WOLFSSL_STACK* sk = NULL; X509* x509 = NULL; - int i = 0; #endif #endif @@ -2900,6 +2899,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) /* avoid printing duplicate certs */ if (store->depth == 1) { + int i; /* retrieve x509 certs and display them on stdout */ sk = wolfSSL_X509_STORE_GetCerts(store); @@ -3074,10 +3074,10 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type) { #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) && \ !defined(NETOS) - int depth, res; - XFILE keyFile; + int depth; for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) { - keyFile = XFOPEN(dhParamFile, "rb"); + int res; + XFILE keyFile = XFOPEN(dhParamFile, "rb"); if (keyFile != NULL) { fclose(keyFile); return depth; @@ -4814,13 +4814,13 @@ static WC_INLINE int SimulateWantWriteIOSendCb(WOLFSSL *ssl, char *buf, int sz, { static int wantWriteFlag = 1; - int sent; int sd = *(int*)ctx; (void)ssl; if (!wantWriteFlag) { + int sent; wantWriteFlag = 1; sent = wolfIO_Send(sd, buf, sz, 0); @@ -5164,7 +5164,6 @@ static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl) static WC_INLINE int process_handshake_messages(WOLFSSL* ssl, int blocking, int* zero_return) { - int timeout = DEFAULT_TIMEOUT_SEC; char foo[1]; int ret = 0; int dtls; @@ -5177,6 +5176,8 @@ static WC_INLINE int process_handshake_messages(WOLFSSL* ssl, int blocking, *zero_return = 0; if (!blocking) { + int timeout = DEFAULT_TIMEOUT_SEC; + #ifdef WOLFSSL_DTLS if (dtls) { timeout = wolfSSL_dtls_get_current_timeout(ssl);