diff --git a/src/internal.c b/src/internal.c index 69e4859cf6..7c1903c4f6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25910,16 +25910,7 @@ int SendData(WOLFSSL* ssl, const void* data, size_t sz) } #endif /* WOLFSSL_DTLS13 */ -#ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent); - } - else -#endif - { - buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent); - - } + buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent); if (sent == (word32)sz) break; diff --git a/src/pk.c b/src/pk.c index 8bc1c75c05..4da27c439a 100644 --- a/src/pk.c +++ b/src/pk.c @@ -737,8 +737,13 @@ static int wolfssl_print_indent(WOLFSSL_BIO* bio, char* line, int lineLen, int ret = 1; if (indent > 0) { + int len_wanted; + /* Cap indent to buffer size to avoid format truncation warning */ + if (indent >= lineLen) { + indent = lineLen - 1; + } /* Print indent spaces. */ - int len_wanted = XSNPRINTF(line, (size_t)lineLen, "%*s", indent, " "); + len_wanted = XSNPRINTF(line, (size_t)lineLen, "%*s", indent, " "); if ((len_wanted < 0) || (len_wanted >= lineLen)) { WOLFSSL_ERROR_MSG("Buffer overflow formatting indentation"); ret = 0; diff --git a/src/ssl_bn.c b/src/ssl_bn.c index 139684bd8c..b3016a5bbb 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -1138,6 +1138,8 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) ret = 1; } else { + PRAGMA_GCC_DIAG_PUSH + PRAGMA_GCC("GCC diagnostic ignored \"-Wduplicated-branches\"") /* Compare big numbers with wolfCrypt. */ ret = mp_cmp((mp_int*)a->internal, (mp_int*)b->internal); /* Convert wolfCrypt return value. */ @@ -1151,8 +1153,11 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) ret = -1; } else { + /* ignored warning here because the same return value + was intentional */ ret = WOLFSSL_FATAL_ERROR; /* also -1 */ } + PRAGMA_GCC_DIAG_POP } return ret; diff --git a/src/tls.c b/src/tls.c index 5759e344d9..cd2586de0a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5329,9 +5329,14 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) SupportedCurve* serverGroup; ext = TLSX_Find(priority, TLSX_SUPPORTED_GROUPS); - serverGroup = (SupportedCurve*)ext->data; - - ret = tlsx_ffdhe_find_group(ssl, clientGroup, serverGroup); + if (ext == NULL) { + WOLFSSL_MSG("Could not find supported groups extension"); + ret = 0; + } + else { + serverGroup = (SupportedCurve*)ext->data; + ret = tlsx_ffdhe_find_group(ssl, clientGroup, serverGroup); + } } TLSX_FreeAll(priority, ssl->heap); diff --git a/src/x509.c b/src/x509.c index 74efb78c38..479775772b 100644 --- a/src/x509.c +++ b/src/x509.c @@ -1474,6 +1474,12 @@ static WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data_internal( #ifndef NO_BIO + +#ifndef MAX_INDENT + #define MAX_INDENT 40 +#endif + + /* Return 0 on success and 1 on failure. Copies ext data to bio, using indent * to pad the output. flag is ignored. */ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, @@ -1488,6 +1494,9 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, int tmpLen = 0; WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print"); + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if ((out == NULL) || (ext == NULL)) { WOLFSSL_MSG("NULL parameter error"); return rc; @@ -6320,6 +6329,9 @@ static int X509PrintKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) "Decipher Only" }; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if (bio == NULL || x509 == NULL) { ret = WOLFSSL_FAILURE; } @@ -6491,6 +6503,9 @@ static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) unsigned char serial[32]; int sz = sizeof(serial); + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + XMEMSET(serial, 0, sz); if (wolfSSL_X509_get_serial_number(x509, serial, &sz) == WOLFSSL_SUCCESS) { X509PrintSerial_ex(bio, serial, sz, 1, indent); @@ -6583,6 +6598,9 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) int count, i; char* buf = NULL; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + count = wolfSSL_X509_get_ext_count(x509); if (count <= 0) return WOLFSSL_SUCCESS; @@ -6996,6 +7014,9 @@ static int X509PrintPubKey(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) int len; int ret = WOLFSSL_SUCCESS; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if (bio == NULL || x509 == NULL) return BAD_FUNC_ARG; @@ -7083,6 +7104,9 @@ static int X509PrintVersion(WOLFSSL_BIO* bio, int version, int indent) char scratch[MAX_WIDTH]; int scratchLen; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*s%s", indent, "", "Version:"); if ((scratchLen < 0) || (scratchLen >= MAX_WIDTH)) { return WOLFSSL_FAILURE; @@ -7116,6 +7140,9 @@ static int X509PrintReqAttributes(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int scratchLen; int i = 0; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*s%s", indent, "", "Attributes: \n")) >= MAX_WIDTH) @@ -8863,6 +8890,9 @@ static int X509RevokedPrintSerial(WOLFSSL_BIO* bio, RevokedCert* rev, unsigned char serial[32]; int sz = sizeof(serial); + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + XMEMSET(serial, 0, sz); if (wolfSSL_X509_REVOKED_get_serial_number(rev, serial, &sz) == WOLFSSL_SUCCESS) { @@ -8924,6 +8954,9 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, char tmp[MAX_WIDTH]; /* buffer for XSNPRINTF */ int ret = 0; + if (indent < 0) indent = 0; + if (indent > MAX_INDENT) indent = MAX_INDENT; + if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent, "", "CRL extensions:") >= MAX_WIDTH) { ret = WOLFSSL_FAILURE; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 2840f22676..c0b2fcab33 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6820,7 +6820,7 @@ void wolfSSL_EVP_init(void) } static int EvpCipherAesGCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, - byte* src, word32 len) + const byte* src, word32 len) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); @@ -7012,7 +7012,7 @@ void wolfSSL_EVP_init(void) } static int EvpCipherAesCCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, - byte* src, word32 len) + const byte* src, word32 len) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); @@ -8517,8 +8517,8 @@ void wolfSSL_EVP_init(void) } /* Return length on ok */ - int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, - word32 len) + int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, + const byte* src, word32 len) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 0d9cf860c7..9939b2b8cc 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -892,7 +892,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, int ivLen); WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, - unsigned char* dst, unsigned char* src, + unsigned char* dst, const unsigned char* src, unsigned int len); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int id);