diff --git a/src/tls.c b/src/tls.c index 6e9049a4f..0abad816a 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2324,6 +2324,7 @@ static TCA* TLSX_TCA_New(byte type, const byte* id, word16 idSz, void* heap) case WOLFSSL_TRUSTED_CA_PRE_AGREED: break; + #ifndef NO_SHA case WOLFSSL_TRUSTED_CA_KEY_SHA1: case WOLFSSL_TRUSTED_CA_CERT_SHA1: if (idSz == SHA_DIGEST_SIZE && @@ -2337,6 +2338,7 @@ static TCA* TLSX_TCA_New(byte type, const byte* id, word16 idSz, void* heap) tca = NULL; } break; + #endif case WOLFSSL_TRUSTED_CA_X509_NAME: if (idSz > 0 && @@ -2424,17 +2426,37 @@ static word16 TLSX_TCA_Write(TCA* list, byte* output) switch (tca->type) { case WOLFSSL_TRUSTED_CA_PRE_AGREED: break; + #ifndef NO_SHA case WOLFSSL_TRUSTED_CA_KEY_SHA1: case WOLFSSL_TRUSTED_CA_CERT_SHA1: - XMEMCPY(output + offset, tca->id, tca->idSz); - offset += tca->idSz; + if (tca->id != NULL) { + XMEMCPY(output + offset, tca->id, tca->idSz); + offset += tca->idSz; + } + else { + /* ID missing. Set to an empty string. */ + c16toa(0, output + offset); + offset += OPAQUE16_LEN; + } break; + #endif case WOLFSSL_TRUSTED_CA_X509_NAME: - c16toa(tca->idSz, output + offset); /* tca length */ - offset += OPAQUE16_LEN; - XMEMCPY(output + offset, tca->id, tca->idSz); - offset += tca->idSz; + if (tca->id != NULL) { + c16toa(tca->idSz, output + offset); /* tca length */ + offset += OPAQUE16_LEN; + XMEMCPY(output + offset, tca->id, tca->idSz); + offset += tca->idSz; + } + else { + /* ID missing. Set to an empty string. */ + c16toa(0, output + offset); + offset += OPAQUE16_LEN; + } break; + default: + /* ID unknown. Set to an empty string. */ + c16toa(0, output + offset); + offset += OPAQUE16_LEN; } } @@ -2513,6 +2535,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length, switch (type) { case WOLFSSL_TRUSTED_CA_PRE_AGREED: break; + #ifndef NO_SHA case WOLFSSL_TRUSTED_CA_KEY_SHA1: case WOLFSSL_TRUSTED_CA_CERT_SHA1: if (offset + SHA_DIGEST_SIZE > length) @@ -2521,6 +2544,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length, id = input + offset; offset += idSz; break; + #endif case WOLFSSL_TRUSTED_CA_X509_NAME: if (offset + OPAQUE16_LEN > length) return BUFFER_ERROR; diff --git a/tests/api.c b/tests/api.c index da5767174..9d5dcb4e6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3044,14 +3044,20 @@ static void test_wolfSSL_UseTrustedCA(void) WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5)); +#ifdef NO_SHA + AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); +#endif AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_X509_NAME, id, 0)); /* success cases */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0)); +#ifndef NO_SHA AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); +#endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_X509_NAME, id, 5)); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 6280d9712..b81054044 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2177,9 +2177,6 @@ typedef struct TCA { byte* id; /* TCA identifier */ word16 idSz; /* TCA identifier size */ struct TCA* next; /* List Behavior */ -#ifndef NO_WOLFSSL_CLIENT - byte options; /* Behavior options */ -#endif /* NO_WOLFSSL_CLIENT */ } TCA; WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type,