Merge pull request #6217 from douzzer/20230321-fixes

20230321-fixes

src/internal.c

@@ -30727,7 +30727,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             case INVALID_PARAMETER:
             case HRR_COOKIE_ERROR:
                 return illegal_parameter;
-                break;
             case INCOMPLETE_DATA:
                 return missing_extension;
             case MATCH_SUITE_ERROR:
@@ -34798,11 +34797,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #ifdef WOLFSSL_32BIT_MILLI_TIME
             ato32(it->timestamp, &ssl->session->ticketSeen);
 #else
-            word32 seenHi, seenLo;
+            {
+                word32 seenHi, seenLo;
 
-            ato32(it->timestamp               , &seenHi);
-            ato32(it->timestamp + OPAQUE32_LEN, &seenLo);
-            ssl->session->ticketSeen = ((sword64)seenHi << 32) + seenLo;
+                ato32(it->timestamp               , &seenHi);
+                ato32(it->timestamp + OPAQUE32_LEN, &seenLo);
+                ssl->session->ticketSeen = ((sword64)seenHi << 32) + seenLo;
+            }
 #endif
             ato32(it->ageAdd, &ssl->session->ticketAdd);
             ssl->session->cipherSuite0 = it->suite[0];

src/tls.c

@@ -4897,7 +4897,6 @@ int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap)
     extension = TLSX_Find(src, TLSX_SUPPORTED_GROUPS);
     if (extension != NULL) {
         SupportedCurve* curve;
-        curve = (SupportedCurve*)extension->data;
         for (curve = (SupportedCurve*)extension->data; curve != NULL;
                 curve = curve->next) {
             ret = TLSX_UseSupportedCurve(dst, curve->name, heap);

src/tls13.c

@@ -3351,8 +3351,10 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz,
 
     /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */
     cookie[cookieSz++] = (byte)hashSz;
-    XMEMCPY(cookie + cookieSz, hash, hashSz);
-    cookieSz += hashSz;
+    if (hashSz > 0) {
+        XMEMCPY(cookie + cookieSz, hash, hashSz);
+        cookieSz += hashSz;
+    }
     cookie[cookieSz++] = cipherSuite0;
     cookie[cookieSz++] = cipherSuite;
     if ((ext = TLSX_Find(*exts, TLSX_KEY_SHARE)) != NULL) {

tests/api.c

@@ -28661,8 +28661,10 @@ static int test_wc_PKCS7_VerifySignedData(void)
     struct tm timearg;
     time_t now;
     struct tm* nowTm = NULL;
+#ifdef NEED_TMP_TIME
     struct tm tmpTimeStorage;
     struct tm* tmpTime = &tmpTimeStorage;
+#endif
 #endif /* !NO_ASN && !NO_ASN_TIME */
 
     /* Success test with RSA certs/key */
@@ -31452,7 +31454,6 @@ static int test_wc_KeyPemToDer(void)
             AssertIntLE(ret, cert_sz);
             free(cert_der);
             cert_der = NULL;
-            ret = 0;
         }
     }
 
@@ -31505,7 +31506,6 @@ static int test_wc_PubKeyPemToDer(void)
             AssertIntGE(ret, 0);
             free(cert_der);
             cert_der = NULL;
-            ret = 0;
         }
     }
 

wolfcrypt/src/pkcs12.c

@@ -156,14 +156,11 @@ static void freeSafe(AuthenticatedSafe* safe, void* heap)
         ContentInfo* ci = safe->CI;
         safe->CI = ci->next;
         XFREE(ci, heap, DYNAMIC_TYPE_PKCS);
-        ci = NULL;
     }
     if (safe->data != NULL) {
         XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS);
-        safe->data = NULL;
     }
     XFREE(safe, heap, DYNAMIC_TYPE_PKCS);
-    safe = NULL;
 
     (void)heap;
 }
@@ -188,29 +185,23 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12)
     if (pkcs12->signData != NULL) {
         if (pkcs12->signData->digest != NULL) {
             XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST);
-            pkcs12->signData->digest = NULL;
         }
         if (pkcs12->signData->salt != NULL) {
             XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT);
-            pkcs12->signData->salt = NULL;
         }
         XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS);
-        pkcs12->signData = NULL;
     }
 
 #ifdef ASN_BER_TO_DER
     if (pkcs12->der != NULL) {
         XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-        pkcs12->der = NULL;
     }
     if (pkcs12->safeDer != NULL) {
         XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-        pkcs12->safeDer = NULL;
     }
 #endif
 
     XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS);
-    pkcs12 = NULL;
 }
 
 
@@ -297,8 +288,8 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
 
 #ifdef ASN_BER_TO_DER
      if (pkcs12->indefinite) {
-        if ((ret = wc_BerToDer(input, safe->dataSz, NULL,
-                            &pkcs12->safeDersz)) != LENGTH_ONLY_E) {
+        if (wc_BerToDer(input, safe->dataSz, NULL,
+                        &pkcs12->safeDersz) != LENGTH_ONLY_E) {
             WOLFSSL_MSG("Not BER sequence");
             return ASN_PARSE_E;
         }
@@ -311,6 +302,10 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input,
         }
 
         ret = wc_BerToDer(input, safe->dataSz, pkcs12->safeDer, &pkcs12->safeDersz);
+        if (ret < 0) {
+            freeSafe(safe, pkcs12->heap);
+            return ret;
+        }
 
         input = pkcs12->safeDer;
      }
@@ -707,36 +702,36 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
 
     #ifdef ASN_BER_TO_DER
      if (size == 0) {
-         if ((ret = wc_BerToDer(der, totalSz, NULL,
-                         (word32*)&size)) != LENGTH_ONLY_E) {
+         if (wc_BerToDer(der, totalSz, NULL,
+                         (word32*)&size) != LENGTH_ONLY_E) {
              WOLFSSL_MSG("Not BER sequence");
              return ASN_PARSE_E;
          }
 
-        pkcs12->der = (byte*)XMALLOC(size, pkcs12->heap, DYNAMIC_TYPE_PKCS);
-        if (pkcs12->der == NULL)
-            return MEMORY_E;
-        ret = wc_BerToDer(der, derSz, pkcs12->der, (word32*)&size);
-        if (ret < 0) {
-            return ret;
-        }
+         pkcs12->der = (byte*)XMALLOC(size, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+         if (pkcs12->der == NULL)
+             return MEMORY_E;
+         ret = wc_BerToDer(der, derSz, pkcs12->der, (word32*)&size);
+         if (ret < 0) {
+             return ret;
+         }
 
-        der  = pkcs12->der;
-        derSz = pkcs12->derSz = size;
-        totalSz = size;
-        idx = 0;
+         der  = pkcs12->der;
+         pkcs12->derSz = size;
+         totalSz = size;
+         idx = 0;
 
-        if ((ret = GetSequence(der, &idx, &size, totalSz)) < 0) {
-            WOLFSSL_MSG("Failed to get PKCS12 sequence");
-            return ASN_PARSE_E;
-        }
+         if (GetSequence(der, &idx, &size, totalSz) < 0) {
+             WOLFSSL_MSG("Failed to get PKCS12 sequence");
+             return ASN_PARSE_E;
+         }
 
-        /* get version */
-        if ((ret = GetMyVersion(der, &idx, &version, totalSz)) < 0) {
-            return ret;
-        }
+         /* get version */
+         if ((ret = GetMyVersion(der, &idx, &version, totalSz)) < 0) {
+             return ret;
+         }
 
-        pkcs12->indefinite = 1;
+         pkcs12->indefinite = 1;
 
      }
      else
@@ -772,7 +767,7 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12)
 #ifdef ASN_BER_TO_DER
     /* If indef, skip EOF */
     if (pkcs12->indefinite) {
-        while(der[idx] == ASN_EOC && idx < totalSz) {
+        while((idx < totalSz) && (der[idx] == ASN_EOC)) {
             idx+=1;
         }
     }
@@ -1280,10 +1275,12 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data,
 
     *idx += SetLength(mergedSz, &data[*idx]);
 
-    /* Copy over concatonated octet strings into data buffer */
-    XMEMCPY(&data[*idx], mergedData, mergedSz);
+    if (mergedSz > 0) {
+        /* Copy over concatonated octet strings into data buffer */
+        XMEMCPY(&data[*idx], mergedData, mergedSz);
 
-    XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+        XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS);
+    }
 
     return ret;
 }

wolfcrypt/src/tfm.c

@@ -5933,4 +5933,4 @@ void mp_memzero_check(mp_int* a)
 }
 #endif /* WOLFSSL_CHECK_MEM_ZERO */
 
-#endif /* USE_FAST_MATH */
+#endif /* USE_FAST_MATH */

wolfssl/internal.h

@@ -2678,13 +2678,13 @@ WOLFSSL_LOCAL int GetEchConfigsEx(WOLFSSL_EchConfig* configs,
     byte* output, word32* outputLen);
 #endif
 
-typedef struct TLSX {
+struct TLSX {
     TLSX_Type    type; /* Extension Type  */
     void*        data; /* Extension Data  */
     word32       val;  /* Extension Value */
     byte         resp; /* IsResponse Flag */
     struct TLSX* next; /* List Behavior   */
-} TLSX;
+};
 
 WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
 WOLFSSL_LOCAL void  TLSX_Remove(TLSX** list, TLSX_Type type, void* heap);
@@ -4233,7 +4233,7 @@ enum cipherState {
     CIPHER_STATE_END,
 };
 
-typedef struct Options {
+struct Options {
 #ifndef NO_PSK
     wc_psk_client_callback client_psk_cb;
     wc_psk_server_callback server_psk_cb;
@@ -4448,7 +4448,7 @@ typedef struct Options {
 #ifdef WOLFSSL_TLS13
     byte            oldMinor;          /* client preferred version < TLS 1.3 */
 #endif
-} Options;
+};
 
 typedef struct Arrays {
     byte*           pendingMsg;         /* defrag buffer */