From 5a77eaa5792df9a47042336ee0d859b2b8c8a582 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 26 Apr 2017 08:45:05 -0700
Subject: [PATCH 1/2] Fix issue with XFREE in asn.c using invalid heap pointer.
 Fix issue with bad variable names and missing asterisk in test.c
 `pkcs7_load_certs_keys`.

---
 wolfcrypt/src/asn.c   | 2 +-
 wolfcrypt/test/test.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index c6b592fb5..a69f48860 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -4686,7 +4686,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
                     }
 
                 #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(encodedSig, heap, DYNAMIC_TYPE_TMP_BUFFER);
+                    XFREE(encodedSig, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER);
                 #endif
                     break;
                 }
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 8f3a5543b..ee52a128c 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -12366,7 +12366,7 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz,
         return -202;
 
     XMEMCPY(rsaCert, client_cert_der_2048, sizeof_client_cert_der_2048);
-    rsaCertSz = sizeof_client_cert_der_2048;
+    *rsaCertSz = sizeof_client_cert_der_2048;
 #else
     certFile = fopen(clientCert, "rb");
     if (!certFile)
@@ -12377,13 +12377,13 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz,
 #endif
 
 #ifdef USE_CERT_BUFFERS_1024
-    if (*rsaKeySz < sizeof_client_key_der_1024)
+    if (*rsaPrivKeySz < sizeof_client_key_der_1024)
         return -204;
 
     XMEMCPY(rsaPrivKey, client_key_der_1024, sizeof_client_key_der_1024);
     *rsaPrivKeySz = sizeof_client_key_der_1024;
 #elif defined(USE_CERT_BUFFERS_2048)
-    if (*rsaKeySz < sizeof_client_key_der_2048)
+    if (*rsaPrivKeySz < sizeof_client_key_der_2048)
         return -205;
 
     XMEMCPY(rsaPrivKey, client_key_der_2048, sizeof_client_key_der_2048);

From d612b827b736e02f7db88700cd21a6b8842e4120 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 26 Apr 2017 09:40:33 -0700
Subject: [PATCH 2/2] Fixes for build warnings on Windows. Fix PKCS7 to use
 const for byte array declaration. Cleanup of the pkcs7 MAX_PKCS7_DIGEST_SZ.
 Fix for unsigned / signed comparison warning for pkcs7_load_certs_keys in
 test.c. Fix for cast warning from word16 to byte in asn.c. Fix for build
 error with io.h refactor for InTime RTOS.

---
 wolfcrypt/src/asn.c   |  8 ++++----
 wolfcrypt/src/pkcs7.c | 30 ++++++++++++------------------
 wolfcrypt/test/test.c | 12 ++++++------
 wolfssl/io.h          |  3 +++
 4 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index a69f48860..ed63c3b55 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1049,19 +1049,19 @@ static word32 SetBitString16Bit(word16 val, byte* output)
 
     if ((val >> 8) != 0) {
         len = 2;
-        lastByte = val >> 8;
+        lastByte = (byte)(val >> 8);
     }
     else {
         len = 1;
-        lastByte = val;
+        lastByte = (byte)val;
     }
 
     while (((lastByte >> unusedBits) & 0x01) == 0x00)
         unusedBits++;
 
     idx = SetBitString(len, unusedBits, output);
-    output[idx++] = val;
-    output[idx++] = val >> 8;
+    output[idx++] = (byte)val;
+    output[idx++] = (byte)(val >> 8);
 
     return idx;
 }
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index fb4aab9ea..4c47f6066 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -52,6 +52,9 @@ typedef enum {
     WC_PKCS7_DECODE
 } pkcs7Direction;
 
+#define MAX_PKCS7_DIGEST_SZ (MAX_SEQ_SZ + MAX_ALGO_SZ + \
+                             MAX_OCTET_STR_SZ + WC_MAX_DIGEST_SIZE)
+
 
 /* placed ASN.1 contentType OID into *output, return idx on success,
  * 0 upon failure */
@@ -755,12 +758,11 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7,
 #ifdef HAVE_ECC
     int hashSz;
 #endif
-    word32 digestInfoSz = MAX_SEQ_SZ + MAX_ALGO_SZ +
-                          MAX_OCTET_STR_SZ + WC_MAX_DIGEST_SIZE;
+    word32 digestInfoSz = MAX_PKCS7_DIGEST_SZ;
 #ifdef WOLFSSL_SMALL_STACK
     byte* digestInfo;
 #else
-    byte digestInfo[digestInfoSz];
+    byte digestInfo[MAX_PKCS7_DIGEST_SZ];
 #endif
 
     if (pkcs7 == NULL || esd == NULL)
@@ -1142,8 +1144,6 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
                               byte* hash, word32 hashSz)
 {
-    #define  MAX_PKCS7_DIGEST_SZ (MAX_SEQ_SZ + MAX_ALGO_SZ +\
-                                  MAX_OCTET_STR_SZ + WC_MAX_DIGEST_SIZE)
     int ret = 0;
     word32 scratch = 0;
 #ifdef WOLFSSL_SMALL_STACK
@@ -1219,8 +1219,6 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
 static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
                                 byte* hash, word32 hashSz)
 {
-    #define  MAX_PKCS7_DIGEST_SZ (MAX_SEQ_SZ + MAX_ALGO_SZ +\
-                                  MAX_OCTET_STR_SZ + WC_MAX_DIGEST_SIZE)
     int ret = 0;
     int stat = 0;
 #ifdef WOLFSSL_SMALL_STACK
@@ -1301,7 +1299,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
  *
  * returns 0 on success, negative on error */
 static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
-                                      word32 signedAttribSz, byte* pkcs7Digest, 
+                                      word32 signedAttribSz, byte* pkcs7Digest,
                                       word32* pkcs7DigestSz, byte** plainDigest,
                                       word32* plainDigestSz)
 {
@@ -1313,12 +1311,10 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
     byte digestStr[MAX_OCTET_STR_SZ];
     byte algoId[MAX_ALGO_SZ];
     word32 digestInfoSeqSz, digestStrSz, algoIdSz;
-    word32 digestInfoSz = MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
-                          WC_MAX_DIGEST_SIZE;
 #ifdef WOLFSSL_SMALL_STACK
     byte* digestInfo;
 #else
-    byte digestInfo[digestInfoSz];
+    byte digestInfo[MAX_PKCS7_DIGEST_SZ];
 #endif
 
     wc_HashAlg hash;
@@ -1330,14 +1326,14 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    digestInfo = (byte*)XMALLOC(digestInfoSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    digestInfo = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (digestInfo == NULL)
         return MEMORY_E;
 #endif
 
     XMEMSET(pkcs7Digest, 0, *pkcs7DigestSz);
     XMEMSET(digest,      0, WC_MAX_DIGEST_SIZE);
-    XMEMSET(digestInfo,  0, digestInfoSz);
+    XMEMSET(digestInfo,  0, MAX_PKCS7_DIGEST_SZ);
 
     hashSz = wc_PKCS7_SetHashType(pkcs7, &hashType);
     if (hashSz < 0) {
@@ -1462,27 +1458,25 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig,
 {
     int ret = 0;
     word32 plainDigestSz, pkcs7DigestSz;
-    word32 maxDigestSz = MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
-                         WC_MAX_DIGEST_SIZE;
 
     byte* plainDigest; /* offset into pkcs7Digest */
 #ifdef WOLFSSL_SMALL_STACK
     byte* pkcs7Digest;
 #else
-    byte  pkcs7Digest[maxDigestSz];
+    byte  pkcs7Digest[MAX_PKCS7_DIGEST_SZ];
 #endif
 
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
 
 #ifdef WOLFSSL_SMALL_STACK
-    pkcs7Digest = (byte*)XMALLOC(maxDigestSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pkcs7Digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (pkcs7Digest == NULL)
         return MEMORY_E;
 #endif
 
     /* build hash to verify against */
-    pkcs7DigestSz = maxDigestSz;
+    pkcs7DigestSz = MAX_PKCS7_DIGEST_SZ;
     ret = wc_PKCS7_BuildSignedDataDigest(pkcs7, signedAttrib,
                                          signedAttribSz, pkcs7Digest,
                                          &pkcs7DigestSz, &plainDigest,
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index ee52a128c..16462562a 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -12356,13 +12356,13 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz,
 #ifndef NO_RSA
 
 #ifdef USE_CERT_BUFFERS_1024
-    if (*rsaCertSz < sizeof_client_cert_der_1024)
+    if (*rsaCertSz < (word32)sizeof_client_cert_der_1024)
         return -201;
 
     XMEMCPY(rsaCert, client_cert_der_1024, sizeof_client_cert_der_1024);
     *rsaCertSz = sizeof_client_cert_der_1024;
 #elif defined(USE_CERT_BUFFERS_2048)
-    if (*rsaCertSz < sizeof_client_cert_der_2048)
+    if (*rsaCertSz < (word32)sizeof_client_cert_der_2048)
         return -202;
 
     XMEMCPY(rsaCert, client_cert_der_2048, sizeof_client_cert_der_2048);
@@ -12377,13 +12377,13 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz,
 #endif
 
 #ifdef USE_CERT_BUFFERS_1024
-    if (*rsaPrivKeySz < sizeof_client_key_der_1024)
+    if (*rsaPrivKeySz < (word32)sizeof_client_key_der_1024)
         return -204;
 
     XMEMCPY(rsaPrivKey, client_key_der_1024, sizeof_client_key_der_1024);
     *rsaPrivKeySz = sizeof_client_key_der_1024;
 #elif defined(USE_CERT_BUFFERS_2048)
-    if (*rsaPrivKeySz < sizeof_client_key_der_2048)
+    if (*rsaPrivKeySz < (word32)sizeof_client_key_der_2048)
         return -205;
 
     XMEMCPY(rsaPrivKey, client_key_der_2048, sizeof_client_key_der_2048);
@@ -12403,7 +12403,7 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz,
 #ifdef HAVE_ECC
 
 #ifdef USE_CERT_BUFFERS_256
-    if (*eccCertSz < sizeof_cliecc_cert_der_256)
+    if (*eccCertSz < (word32)sizeof_cliecc_cert_der_256)
         return -206;
 
     XMEMCPY(eccCert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
@@ -12418,7 +12418,7 @@ static int pkcs7_load_certs_keys(byte* rsaCert, word32* rsaCertSz,
 #endif /* USE_CERT_BUFFERS_256 */
 
 #ifdef USE_CERT_BUFFERS_256
-    if (*eccPrivKeySz < sizeof_ecc_clikey_der_256)
+    if (*eccPrivKeySz < (word32)sizeof_ecc_clikey_der_256)
         return -208;
 
     XMEMCPY(eccPrivKey, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
diff --git a/wolfssl/io.h b/wolfssl/io.h
index 0d56055bf..51d7545a3 100644
--- a/wolfssl/io.h
+++ b/wolfssl/io.h
@@ -90,6 +90,9 @@
         #include <netdb.h>
         #include <netinet/in.h>
         #include <io.h>
+        /* <sys/socket.h> defines these, to avoid conflict, do undef */
+        #undef SOCKADDR
+        #undef SOCKADDR_IN
     #elif defined(WOLFSSL_PRCONNECT_PRO)
         #include <prconnect_pro/prconnect_pro.h>
         #include <sys/types.h>