Fixed several coverity issues and a small issue in configuration files (accidental #can_define) statements.
This commit is contained in:
@@ -62,6 +62,7 @@
|
||||
|
||||
#define USE_HEADER_KEYS
|
||||
#define ALLOW_ANON_CONNECTIONS 1
|
||||
#define CRL_MAX_LENGTH 1048576 /* Maximum length for CRL: 1 megabyte. */
|
||||
|
||||
/* If the algorithm type is supported, load a CA for it */
|
||||
#ifdef USE_HEADER_KEYS
|
||||
@@ -1826,6 +1827,15 @@ int32 fetchCRL(psPool_t *pool, char *url, uint32_t urlLen,
|
||||
psAssert((replyPtr+4) < (char*)&(crlChunk[HTTP_REPLY_CHUNK_SIZE]));
|
||||
replyPtr += 4; /* Move past that "\r\n\r\n" to get to start */
|
||||
|
||||
/* Check buffer length appears acceptable */
|
||||
if (crlBinLen < 1 || crlBinLen > CRL_MAX_LENGTH) {
|
||||
_psTrace("fetchCRL: Unacceptable size for CRL\n");
|
||||
/* Note: If this fails you may need to check CRL_MAX_LENGTH,
|
||||
as you possibly need to allow larger CRL. */
|
||||
close(fd);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Allocate the CRL buffer. Will be full size if sawContentLength */
|
||||
if ((crlBin = psMalloc(pool, crlBinLen)) == NULL) {
|
||||
_psTrace("fetchCRL: Memory allocation error for CRL buffer\n");
|
||||
|
||||
@@ -309,8 +309,8 @@ extern "C" {
|
||||
SSL_DEFAULT_x_BUF_SIZE value in bytes, maximum SSL_MAX_BUF_SIZE
|
||||
*/
|
||||
#ifndef USE_DTLS
|
||||
#can_define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#can_define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#else
|
||||
/******************************************************************************/
|
||||
/**
|
||||
@@ -320,9 +320,9 @@ extern "C" {
|
||||
limitation in MatrixDTLS so connections will not succeed if a peer has a
|
||||
PTMU set larger than this value.
|
||||
*/
|
||||
#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define DTLS_PMTU 1500 /* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
|
||||
//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
|
||||
#endif
|
||||
|
||||
@@ -309,8 +309,8 @@ extern "C" {
|
||||
SSL_DEFAULT_x_BUF_SIZE value in bytes, maximum SSL_MAX_BUF_SIZE
|
||||
*/
|
||||
#ifndef USE_DTLS
|
||||
#can_define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#can_define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#else
|
||||
/******************************************************************************/
|
||||
/**
|
||||
@@ -320,9 +320,9 @@ extern "C" {
|
||||
limitation in MatrixDTLS so connections will not succeed if a peer has a
|
||||
PTMU set larger than this value.
|
||||
*/
|
||||
#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define DTLS_PMTU 1500 /* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
|
||||
//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
|
||||
#endif
|
||||
|
||||
@@ -309,8 +309,8 @@ extern "C" {
|
||||
SSL_DEFAULT_x_BUF_SIZE value in bytes, maximum SSL_MAX_BUF_SIZE
|
||||
*/
|
||||
#ifndef USE_DTLS
|
||||
#can_define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#can_define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#else
|
||||
/******************************************************************************/
|
||||
/**
|
||||
@@ -320,9 +320,9 @@ extern "C" {
|
||||
limitation in MatrixDTLS so connections will not succeed if a peer has a
|
||||
PTMU set larger than this value.
|
||||
*/
|
||||
#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define DTLS_PMTU 1500 /* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
|
||||
//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
|
||||
#endif
|
||||
|
||||
@@ -309,8 +309,8 @@ extern "C" {
|
||||
SSL_DEFAULT_x_BUF_SIZE value in bytes, maximum SSL_MAX_BUF_SIZE
|
||||
*/
|
||||
#ifndef USE_DTLS
|
||||
#can_define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#can_define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#else
|
||||
/******************************************************************************/
|
||||
/**
|
||||
@@ -320,9 +320,9 @@ extern "C" {
|
||||
limitation in MatrixDTLS so connections will not succeed if a peer has a
|
||||
PTMU set larger than this value.
|
||||
*/
|
||||
#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define DTLS_PMTU 1500 /* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
|
||||
//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
|
||||
#endif
|
||||
|
||||
@@ -399,7 +399,7 @@ static int32_t nextUpdateTest(char *c, int32 timeType)
|
||||
if (sysTime.wDay > d) {
|
||||
return -1;
|
||||
} else if (sysTime.wDay == d) {
|
||||
if (sysTime.wHour > h)
|
||||
if (sysTime.wHour > h) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1898,8 +1898,6 @@ static int32 pkcs_1_mgf1(psPool_t *pool, const unsigned char *seed,
|
||||
psSha512Update(&md.sha512, buf, 4);
|
||||
psSha512Final(&md.sha512, buf);
|
||||
#endif
|
||||
} else {
|
||||
return PS_UNSUPPORTED_FAIL;
|
||||
}
|
||||
|
||||
/* store it */
|
||||
@@ -2268,10 +2266,6 @@ int32 pkcs1OaepDecode(psPool_t *pool, const unsigned char *msg, uint32 msglen,
|
||||
psMd5Update(&md.md5, lparam, lparamlen);
|
||||
psMd5Final(&md.md5, seed);
|
||||
}
|
||||
if (err < 0) {
|
||||
psTraceCrypto("Hash error in OAEP decode\n");
|
||||
goto LBL_ERR;
|
||||
}
|
||||
} else {
|
||||
/* can't pass hash routine a NULL so use DB with zero length */
|
||||
if (hash_idx == PKCS1_SHA1_ID) {
|
||||
@@ -2283,10 +2277,6 @@ int32 pkcs1OaepDecode(psPool_t *pool, const unsigned char *msg, uint32 msglen,
|
||||
psMd5Update(&md.md5, DB, 0);
|
||||
psMd5Final(&md.md5, seed);
|
||||
}
|
||||
if (err < 0) {
|
||||
psTraceCrypto("Zero hash error in OAEP decode\n");
|
||||
goto LBL_ERR;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@@ -1334,7 +1334,7 @@ int32_t psX509GetConcatenatedDomainComponent(const x509DNattributes_t *DN,
|
||||
dc->len - DN_NUM_TERMINATING_NULLS);
|
||||
pos += dc->len - DN_NUM_TERMINATING_NULLS;
|
||||
if (i != 0) {
|
||||
strncpy(*out_str + pos, ".", 1);
|
||||
(*out_str)[pos] = '.';
|
||||
pos++;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -816,7 +816,7 @@ int32 psAesTestGCM(void)
|
||||
}
|
||||
memcpy(iv, tests[i].iv, 12);
|
||||
psAesInitGCM(&eCtx, tests[i].key, tests[i].keylen);
|
||||
res = psAesReadyGCMRandomIV(&eCtx, iv, tests[i].aad, tests[i].aadlen,
|
||||
res |= psAesReadyGCMRandomIV(&eCtx, iv, tests[i].aad, tests[i].aadlen,
|
||||
NULL);
|
||||
if (res != PS_SUCCESS) {
|
||||
memset(ciphertext_rand, 0, sizeof ciphertext_rand);
|
||||
@@ -3487,8 +3487,13 @@ static int test_hmac_vector(int32 size,
|
||||
din, din_len,
|
||||
md_res,
|
||||
key_out, &key_length);
|
||||
} else {
|
||||
_psTraceInt("FAILED: HMAC vector unsupported size: %d\n",
|
||||
(int) size);
|
||||
return PS_FAILURE;
|
||||
}
|
||||
|
||||
|
||||
equals = (rv == PS_SUCCESS && memcmp(dout, md_res, size) == 0);
|
||||
if (equals != should_succeed)
|
||||
{
|
||||
|
||||
@@ -173,6 +173,11 @@ int main(int argc, char **argv)
|
||||
|
||||
#ifdef DO_GEN_SECRET
|
||||
psDhExportParameters(misc, &dhParams, &p, &pLen, &g, &gLen);
|
||||
if (p == NULL || g == NULL) {
|
||||
_psTrace(" DH parameters could not be used\n");
|
||||
fprintf(stderr, "FAIL: DH parameters did not work.\n");
|
||||
exit(1);
|
||||
}
|
||||
if (psDhGenKeyInts(misc, dhParams.size, &dhParams.p, &dhParams.g,
|
||||
&dhKeyPriv, NULL) < 0) {
|
||||
_psTrace(" FAILED OPERATION\n");
|
||||
@@ -198,8 +203,8 @@ int main(int argc, char **argv)
|
||||
_psTraceInt(TIME_UNITS " genSecret\n", psDiffMsecs(start, end, NULL));
|
||||
#endif /* DO_GEN_SECRET */
|
||||
|
||||
psFree(p, misc);
|
||||
psFree(g, misc);
|
||||
psFreeAndClear(&p, misc);
|
||||
psFreeAndClear(&g, misc);
|
||||
pkcs3ClearDhParams(&dhParams);
|
||||
i++;
|
||||
}
|
||||
|
||||
@@ -309,8 +309,8 @@ extern "C" {
|
||||
SSL_DEFAULT_x_BUF_SIZE value in bytes, maximum SSL_MAX_BUF_SIZE
|
||||
*/
|
||||
#ifndef USE_DTLS
|
||||
#can_define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#can_define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE 1500 /* Base recv buf size, bytes */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE 1500 /* Base send buf size, bytes */
|
||||
#else
|
||||
/******************************************************************************/
|
||||
/**
|
||||
@@ -320,9 +320,9 @@ extern "C" {
|
||||
limitation in MatrixDTLS so connections will not succeed if a peer has a
|
||||
PTMU set larger than this value.
|
||||
*/
|
||||
#define DTLS_PMTU 1500/* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU/* See PMTU comments above */
|
||||
#define DTLS_PMTU 1500 /* 1500 Default/Maximum datagram len */
|
||||
#define SSL_DEFAULT_IN_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
#define SSL_DEFAULT_OUT_BUF_SIZE DTLS_PMTU /* See PMTU comments above */
|
||||
|
||||
//#define DTLS_SEND_RECORDS_INDIVIDUALLY /* Max one record per datagram */
|
||||
#endif
|
||||
|
||||
@@ -4360,7 +4360,8 @@ static int32 writeCertificateStatus(ssl_t *ssl, sslBuf_t *out)
|
||||
} response;
|
||||
} CertificateStatus; */
|
||||
*c = 0x1; c++;
|
||||
*c = (unsigned char)((ocspLen & 0xFF0000) >> 16); c++;
|
||||
/* ocspLen is 16 bit value. */
|
||||
*c = 0; c++;
|
||||
*c = (ocspLen & 0xFF00) >> 8; c++;
|
||||
*c = (ocspLen & 0xFF); c++;
|
||||
memcpy(c, ssl->keys->OCSPResponseBuf, ocspLen);
|
||||
|
||||
Reference in New Issue
Block a user