diff --git a/certs/test-pathlen/include.am b/certs/test-pathlen/include.am index 3f94b14cc..adaa02511 100644 --- a/certs/test-pathlen/include.am +++ b/certs/test-pathlen/include.am @@ -64,4 +64,25 @@ EXTRA_DIST += \ certs/test-pathlen/chainH-ICA4-pathlen2.pem \ certs/test-pathlen/chainH-assembled.pem \ certs/test-pathlen/chainH-entity-key.pem \ - certs/test-pathlen/chainH-entity.pem + certs/test-pathlen/chainH-entity.pem \ + certs/test-pathlen/chainI-ICA1-key.pem \ + certs/test-pathlen/chainI-ICA1-no_pathlen.pem \ + certs/test-pathlen/chainI-ICA2-key.pem \ + certs/test-pathlen/chainI-ICA2-no_pathlen.pem \ + certs/test-pathlen/chainI-ICA3-key.pem \ + certs/test-pathlen/chainI-ICA3-pathlen2.pem \ + certs/test-pathlen/chainI-assembled.pem \ + certs/test-pathlen/chainI-entity-key.pem \ + certs/test-pathlen/chainI-entity.pem \ + certs/test-pathlen/chainJ-ICA1-key.pem \ + certs/test-pathlen/chainJ-ICA1-no_pathlen.pem \ + certs/test-pathlen/chainJ-ICA2-key.pem \ + certs/test-pathlen/chainJ-ICA2-no_pathlen.pem \ + certs/test-pathlen/chainJ-ICA3-key.pem \ + certs/test-pathlen/chainJ-ICA3-no_pathlen.pem \ + certs/test-pathlen/chainJ-ICA4-key.pem \ + certs/test-pathlen/chainJ-ICA4-pathlen2.pem \ + certs/test-pathlen/chainJ-assembled.pem \ + certs/test-pathlen/chainJ-entity-key.pem \ + certs/test-pathlen/chainJ-entity.pem + diff --git a/examples/client/client.c b/examples/client/client.c index 223bfce28..0127aa61b 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2966,12 +2966,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (sendGET) { printf("SSL connect ok, sending GET...\n"); - msgSz = 28; - strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); + msgSz = sizeof("GET /index.html HTTP/1.0\r\n\r\n"); + XSTRNCPY(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); msg[msgSz] = '\0'; resumeSz = msgSz; - strncpy(resumeMsg, "GET /index.html HTTP/1.0\r\n\r\n", resumeSz); + XSTRNCPY(resumeMsg, "GET /index.html HTTP/1.0\r\n\r\n", resumeSz); resumeMsg[resumeSz] = '\0'; } diff --git a/src/internal.c b/src/internal.c index 7f3c2220e..5cf931605 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1788,7 +1788,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) /* In case contexts are held in array and don't want to free actual ctx */ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) { -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(NO_WOLFSSL_SERVER) int i; #endif @@ -10315,7 +10315,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->fatal = TLSX_CSR_InitRequest(ssl->extensions, args->dCert, ssl->heap); doLookup = 0; - #ifdef WOLFSSL_TLS13 + #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) if (ssl->options.tls1_3) { TLSX* ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); diff --git a/src/ocsp.c b/src/ocsp.c index de9d6dce0..e7dade0ce 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -898,21 +898,26 @@ int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, return WOLFSSL_FAILURE; size = wolfSSL_i2d_OCSP_REQUEST(req, NULL); - if (size > 0) - data = (unsigned char*) XMALLOC(size,NULL,DYNAMIC_TYPE_TMP_BUFFER); - if (data != NULL) + if (size > 0) { + data = (unsigned char*) XMALLOC(size, out->heap, + DYNAMIC_TYPE_TMP_BUFFER); + } + + if (data != NULL) { size = wolfSSL_i2d_OCSP_REQUEST(req, &data); + } if (size <= 0) { - XFREE(data,NULL,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(data, out->heap, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(out,data,size) == (int)size) { - XFREE(data,NULL,DYNAMIC_TYPE_TMP_BUFFER); + if (wolfSSL_BIO_write(out, data, size) == (int)size) { + XFREE(data, out->heap, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_SUCCESS; } + XFREE(data, out->heap, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } #endif /* OPENSSL_ALL || APACHE_HTTPD */ diff --git a/src/ssl.c b/src/ssl.c index f930d16f0..2b7599054 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19765,7 +19765,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) x509->pubKey.length, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (key->pkey.ptr == NULL) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(key); return NULL; } XMEMCPY(key->pkey.ptr, x509->pubKey.buffer, x509->pubKey.length); @@ -19781,16 +19781,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) key->ownRsa = 1; key->rsa = wolfSSL_RSA_new(); if (key->rsa == NULL) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(key); return NULL; } if (wolfSSL_RSA_LoadDer_ex(key->rsa, (const unsigned char*)key->pkey.ptr, key->pkey_sz, WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { - wolfSSL_RSA_free(key->rsa); - key->rsa = NULL; - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(key); return NULL; } } @@ -19804,7 +19802,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) key->ownEcc = 1; key->ecc = wolfSSL_EC_KEY_new(); if (key->ecc == NULL || key->ecc->internal == NULL) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(key); return NULL; } @@ -19813,17 +19811,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) if (wc_EccPublicKeyDecode((const unsigned char*)key->pkey.ptr, &idx, (ecc_key*)key->ecc->internal, key->pkey_sz) < 0) { WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); - wolfSSL_EC_KEY_free(key->ecc); - key->ecc = NULL; - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(key); return NULL; } if (SetECKeyExternal(key->ecc) != SSL_SUCCESS) { WOLFSSL_MSG("SetECKeyExternal failed"); - wolfSSL_EC_KEY_free(key->ecc); - key->ecc = NULL; - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(key); return NULL; } @@ -40127,8 +40121,8 @@ int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, if (ctx == NULL || ctx->cm == NULL) return WOLFSSL_FAILURE; -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) /* Ensure stapling is on for callback to be used. */ wolfSSL_CTX_EnableOCSPStapling(ctx); diff --git a/src/tls.c b/src/tls.c index e09f43907..fd441f171 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2526,6 +2526,7 @@ static word16 TLSX_TCA_Write(TCA* list, byte* output) return offset; } +#ifndef NO_WOLFSSL_SERVER static TCA* TLSX_TCA_Find(TCA *list, byte type, const byte* id, word16 idSz) { TCA* tca = list; @@ -2536,6 +2537,7 @@ static TCA* TLSX_TCA_Find(TCA *list, byte type, const byte* id, word16 idSz) return tca; } +#endif /* NO_WOLFSSL_SERVER */ /** Parses a buffer of TCA extensions. */ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length, @@ -3015,10 +3017,12 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, byte* input, word16 length, if (offset + resp_length != length) ret = BUFFER_ERROR; } + #if !defined(NO_WOLFSSL_SERVER) if (ret == 0) { csr->response.buffer = input + offset; csr->response.length = resp_length; } + #endif return ret; } diff --git a/tests/api.c b/tests/api.c index f920c0ca7..29614ab57 100644 --- a/tests/api.c +++ b/tests/api.c @@ -516,12 +516,20 @@ static void test_wolfSSL_Method_Allocators(void) #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_SSLV3 + #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); + #endif #endif #ifdef WOLFSL_ALLOW_TLSV10 + #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); + #endif #endif #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); @@ -558,12 +566,20 @@ static void test_wolfSSL_Method_Allocators(void) #ifdef WOLFSSL_DTLS #ifndef NO_OLD_TLS + #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method); + #endif #endif #ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method); + #endif #endif #endif /* WOLFSSL_DTLS */ @@ -3936,7 +3952,7 @@ static void test_wolfSSL_UseSupportedCurve(void) #endif } -#ifdef HAVE_ALPN +#if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl) { @@ -4192,7 +4208,7 @@ static void test_wolfSSL_UseALPN_params(void) static void test_wolfSSL_UseALPN(void) { -#ifdef HAVE_ALPN +#if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) test_wolfSSL_UseALPN_connection(); test_wolfSSL_UseALPN_params(); #endif @@ -4547,7 +4563,7 @@ static void test_wolfSSL_PKCS12(void) #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \ - (!defined(NO_RSA) || defined(HAVE_ECC)) + (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5) #define TEST_PKCS8_ENC #endif @@ -19232,7 +19248,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) /* key is DES encrypted */ #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ - !defined(NO_RSA) && !defined(NO_FILESYSTEM) + !defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5) { XFILE f; pem_password_cb* passwd_cb; @@ -19447,7 +19463,11 @@ static void test_wolfSSL_tmp_dh(void) AssertNotNull(dh); AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS); + #ifndef NO_WOLFSSL_SERVER AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS); + #else + AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR); + #endif BIO_free(bio); DSA_free(dsa); @@ -20181,7 +20201,7 @@ static void test_wolfSSL_X509_STORE_CTX(void) for (i = 0; i < MAX_EX_DATA; i++) { AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), WOLFSSL_SUCCESS); - tmpDataRet = X509_STORE_CTX_get_ex_data(ctx, i); + tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); AssertNotNull(tmpDataRet); AssertIntEQ(tmpData, *tmpDataRet); } @@ -21167,7 +21187,7 @@ static void test_wolfSSL_sk_SSL_CIPHER(void) */ static void test_wolfSSL_set_tlsext_status_type(void){ #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ - !defined(NO_RSA) + !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) SSL* ssl; SSL_CTX* ctx; @@ -27177,7 +27197,7 @@ static void test_wolfSSL_PEM_read(void) AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL, (void*)"yassl123"), WOLFSSL_FAILURE); -#ifndef NO_DES3 +#if !defined(NO_DES3) && !defined(NO_MD5) AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack, (void*)"yassl123"), WOLFSSL_SUCCESS); #endif diff --git a/tests/suites.c b/tests/suites.c index 1bffb53a2..252481cc1 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -899,7 +899,7 @@ int SuiteTest(int argc, char** argv) } #endif #endif -#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_MD5) /* test encrypted keys */ strcpy(argv0[1], "tests/test-enckeys.conf"); printf("starting encrypted keys extra cipher suite tests\n"); diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c index 045d0aad4..3cd6cc841 100644 --- a/wolfcrypt/src/wc_pkcs11.c +++ b/wolfcrypt/src/wc_pkcs11.c @@ -1326,7 +1326,7 @@ static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session, CK_OBJECT_HANDLE pubKey) { int ret = 0; - int i = 0; + word32 i = 0; int curveIdx; unsigned char* point = NULL; int pointSz; @@ -1670,6 +1670,7 @@ static int Pkcs11ECDSASig_Decode(const byte* in, word32 inSz, byte* sig, { int ret = 0; word32 i = 0; + byte tag; int len, seqLen = 2; /* Make sure zeros in place when decoding short integers. */ @@ -1695,7 +1696,7 @@ static int Pkcs11ECDSASig_Decode(const byte* in, word32 inSz, byte* sig, /* Check INT */ if (ret == 0 && GetASNTag(in, &i, &tag, inSz) != 0) ret = ASN_PARSE_E; - if (ret == 0 && tag != ASN_INTGER) + if (ret == 0 && tag != ASN_INTEGER) ret = ASN_PARSE_E; if (ret == 0 && (len = in[i++]) > sz + 1) ret = ASN_PARSE_E; @@ -1719,7 +1720,7 @@ static int Pkcs11ECDSASig_Decode(const byte* in, word32 inSz, byte* sig, /* Check INT */ if (ret == 0 && GetASNTag(in, &i, &tag, inSz) != 0) ret = ASN_PARSE_E; - if (ret == 0 && tag != ASN_INTGER) + if (ret == 0 && tag != ASN_INTEGER) ret = ASN_PARSE_E; if (ret == 0 && (len = in[i++]) > sz + 1) ret = ASN_PARSE_E;