wolfSSL · douzzer · Oct 8, 2024 · Sep 24, 2024 · Sep 24, 2024 · Sep 25, 2024
diff --git a/.github/workflows/win-csharp-test.yml b/.github/workflows/win-csharp-test.yml
@@ -0,0 +1,57 @@
+name: Windows CSharp Build Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: windows-latest
+
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Debug
+      BUILD_PLATFORM: x64
+
+    steps:
+        - name: Pull wolfssl
+          uses: actions/checkout@master
+          with:
+            repository: wolfssl/wolfssl
+            path: wolfssl
+
+        - name: Create FIPS stub files (autogen)
+          working-directory: wolfssl
+          run: |
+            echo $null >> wolfcrypt\src\fips.c
+            echo $null >> wolfcrypt\src\fips_test.c
+            echo $null >> wolfcrypt\src\wolfcrypt_first.c
+            echo $null >> wolfcrypt\src\wolfcrypt_last.c
+
+        - name: Add MSBuild to PATH
+          uses: microsoft/setup-msbuild@v1
+
+        - name: Build
+          working-directory: ${{env.GITHUB_WORKSPACE}}
+          # Add additional options to the MSBuild command line here (like platform or verbosity level).
+          # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+          run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+
+        - name: Run wolfCrypt test
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfCrypt-test.exe
+
+        - name: Run wolfSSL client/server example
+          working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
+          run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe
diff --git a/mcapi/crypto.h b/mcapi/crypto.h
@@ -173,9 +173,9 @@ enum {
 typedef struct CRYPT_AES_CTX {
     /* big enough to hold internal, but check on init */
     #ifdef WOLF_PRIVATE_KEY_ID
-    int holder[110];
+    int holder[114];
     #else
-    int holder[92];
+    int holder[96];
     #endif
 } CRYPT_AES_CTX;
 

diff --git a/src/pk.c b/src/pk.c
@@ -354,7 +354,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
     int ret = 0;
     int paddingSz = 0;
     word32 idx;
-    word32 cipherInfoSz;
+    word32 cipherInfoSz = 0;
 #ifdef WOLFSSL_SMALL_STACK
     EncryptedInfo* info = NULL;
 #else
@@ -3300,7 +3300,7 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits,
 #endif
     int initTmpRng = 0;
     WC_RNG* rng = NULL;
-    long en;
+    long en = 0;
 #endif
 
     (void)cb;

diff --git a/src/ssl.c b/src/ssl.c
@@ -16138,11 +16138,14 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
         else {
             /* Only preserve overlapping suites */
             Suites tmpSuites;
-            word16 in, out, haveECDSAsig = 0;
-            word16 haveStaticECC = ssl->options.haveStaticECC;
+            word16 in, out;
+            word16 haveECDSAsig, haveStaticECC;
 #ifdef NO_RSA
             haveECDSAsig = 1;
             haveStaticECC = 1;
+#else
+            haveECDSAsig = 0;
+            haveStaticECC = ssl->options.haveStaticECC;
 #endif
             XMEMSET(&tmpSuites, 0, sizeof(Suites));
             /* Get all possible ciphers and sigalgs for the version. Following
@@ -21962,9 +21965,9 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
     #endif /* HAVE_SUPPORTED_CURVES */
     }
 
-    if (ssl)
+    if (ssl != NULL)
         ssl->disabledCurves = disabled;
-    else
+    else if (ctx != NULL)
         ctx->disabledCurves = disabled;
     ret = WOLFSSL_SUCCESS;
 

diff --git a/tests/api.c b/tests/api.c
@@ -27665,7 +27665,7 @@ static int test_wc_EccPrivateKeyToDer(void)
     byte    output[ONEK_BUF];
     ecc_key eccKey;
     WC_RNG  rng;
-    word32  inLen;
+    word32  inLen = 0;
     word32  outLen = 0;
     int     ret;
 
@@ -27681,12 +27681,13 @@ static int test_wc_EccPrivateKeyToDer(void)
 #endif
     ExpectIntEQ(ret, 0);
 
-    inLen = (word32)sizeof(output);
     /* Bad Cases */
     ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    inLen = wc_EccPrivateKeyToDer(&eccKey, NULL, 0);
+    ExpectIntGT(inLen, 0);
     ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
     /* Good Case */
     ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0);
 
@@ -52516,7 +52517,7 @@ static int test_wolfSSL_ASN1_INTEGER(void)
     ASN1_INTEGER_free(a);
     a = NULL;
 
-    p = longDer;
+    p = invalidLenDer;
     ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer)));
 
     p = longDer;

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
@@ -10539,6 +10539,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
         if (ret == 0)
             ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz,
                                   authTag, authTagSz, authIn, authInSz);
+        aes->isAllocated = 0;
         wc_AesFree(aes);
     }
     ForceZero(aes, sizeof *aes);
@@ -10580,6 +10581,8 @@ int wc_GmacVerify(const byte* key, word32 keySz,
         if (ret == 0)
             ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz,
                                   authTag, authTagSz, authIn, authInSz);
+
+        aes->isAllocated = 0;
         wc_AesFree(aes);
     }
     ForceZero(aes, sizeof *aes);
@@ -11296,6 +11299,20 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
 
 #endif /* HAVE_AESCCM */
 
+Aes* wc_AesNew(void* heap, int devId)
+{
+    Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
+    if (aes != NULL) {
+        if (wc_AesInit(aes, heap, devId) != 0) {
+            XFREE(aes, heap, DYNAMIC_TYPE_AES);
+            aes = NULL;
+        }
+        else {
+            aes->isAllocated = 1;
+        }
+    }
+    return aes;
+}
 
 /* Initialize Aes for use with async hardware */
 int wc_AesInit(Aes* aes, void* heap, int devId)
@@ -11305,6 +11322,7 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
     if (aes == NULL)
         return BAD_FUNC_ARG;
 
+    aes->isAllocated = 0;
     aes->heap = heap;
     aes->rounds = 0;
 
@@ -11430,11 +11448,18 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId)
 /* Free Aes from use with async hardware */
 void wc_AesFree(Aes* aes)
 {
-    if (aes == NULL)
+    void* heap;
+    byte isAllocated;
+
+    if (aes == NULL) {
         return;
+    }
+
+    heap = aes->heap;
+    isAllocated = aes->isAllocated;
 
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
-    (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1);
+    (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1);
 #endif
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
@@ -11472,7 +11497,7 @@ void wc_AesFree(Aes* aes)
 #endif
 #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \
     !defined(WOLFSSL_AESNI)
-    XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES);
+    XFREE(aes->streamData, heap, DYNAMIC_TYPE_AES);
     aes->streamData = NULL;
 #endif
 
@@ -11499,6 +11524,11 @@ void wc_AesFree(Aes* aes)
 #ifdef WOLFSSL_CHECK_MEM_ZERO
     wc_MemZero_Check(aes, sizeof(Aes));
 #endif
+
+    if (isAllocated) {
+        XFREE(aes, heap, DYNAMIC_TYPE_AES);
+    }
+
 }
 
 int wc_AesGetKeySize(Aes* aes, word32* keySize)
@@ -14003,6 +14033,13 @@ static WARN_UNUSED_RESULT int AesSivCipher(
         }
     }
 
+#ifndef WOLFSSL_SMALL_STACK
+    /* make aes has heap hint and isAllocated initialized for cleanup below */
+    if (ret != 0) {
+        XMEMSET(aes, 0, sizeof(Aes));
+    }
+#endif
+
     if (ret == 0 && dataSz > 0) {
         sivTmp[12] &= 0x7f;
         sivTmp[8] &= 0x7f;
@@ -14032,10 +14069,15 @@ static WARN_UNUSED_RESULT int AesSivCipher(
         }
     }
 
-    wc_AesFree(aes);
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    if (aes != NULL)
 #endif
+    {
+        wc_AesFree(aes);
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(aes, NULL, DYNAMIC_TYPE_AES);
+    #endif
+    }
 
     return ret;
 }

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -22659,7 +22659,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
 {
     DECL_ASNGETDATA(dataASN, certReqASN_Length);
     int ret = 0;
-    byte version;
+    byte version = 0;
     word32 idx;
 
     CALLOC_ASNGETDATA(dataASN, certReqASN_Length, ret, cert->heap);
@@ -23552,7 +23552,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz,
     const unsigned char** pubKey, word32* pubKeySz)
 {
     int ret = 0;
-    int l;
+    int l = 0;
     word32 o = 0;
     int i;
     static DecodeInstr ops[] = {
@@ -27841,7 +27841,7 @@ static int SetCertificatePolicies(byte *output,
     byte   oid[MAX_OID_SZ];
     word32 oidSz;
     word32 sz = 0;
-    int    piSz;
+    int    piSz = 0;
 
     if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) {
         ret = BAD_FUNC_ARG;
@@ -30399,8 +30399,8 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
     return (int)(idx + seqSz);
 #else
     DECL_ASNSETDATA(dataASN, sigASN_Length);
-    word32 seqSz;
-    int sz;
+    word32 seqSz = 0;
+    int sz = 0;
     int ret = 0;
 
     CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL);
@@ -35106,6 +35106,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
 
 /* Write a Private ecc key, including public to DER format,
  * length on success else < 0 */
+/* Note: use wc_EccKeyDerSize to get length only */
 WOLFSSL_ABI
 int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
@@ -35117,10 +35118,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 int wc_EccKeyDerSize(ecc_key* key, int pub)
 {
     word32 sz = 0;
-    int ret;
-
-    ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
-
+    int ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1);
     if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
         return ret;
     }
@@ -35131,7 +35129,11 @@ int wc_EccKeyDerSize(ecc_key* key, int pub)
  * length on success else < 0 */
 int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
-    return wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
+    int ret = wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
+    if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
+        return (int)inLen;
+    }
+    return ret;
 }
 
 #ifdef HAVE_PKCS8
@@ -35673,7 +35675,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz;
 #else
     DECL_ASNSETDATA(dataASN, edKeyASN_Length);
-    int sz;
+    int sz = 0;
 #endif
 
     /* validate parameters */