From 9e56ad262cb587f310c45e9ee5e2f70502a892ff Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 10 Dec 2013 16:17:43 -0800
Subject: [PATCH 1/5] fix snifftest pcap frees on file mode, close TraceFile on
 ssl_Free

---
 src/sniffer.c                         |  7 +++++++
 sslSniffer/sslSnifferTest/snifftest.c | 24 ++++++++++++++++--------
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 7eb272f87..8e0bff995 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -417,6 +417,13 @@ void ssl_FreeSniffer(void)
 
     FreeMutex(&SessionMutex);
     FreeMutex(&ServerListMutex);
+
+    if (TraceFile) {
+        TraceOn = 0;
+        fclose(TraceFile);
+        TraceFile = NULL;
+    }
+
     CyaSSL_Cleanup();
 }
 
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 7d5a7561e..2570a65bc 100755
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -69,18 +69,25 @@ enum {
 };
 
 
-pcap_t* pcap = 0;
-pcap_if_t *alldevs;
+pcap_t* pcap = NULL;
+pcap_if_t* alldevs = NULL;
+
+
+static void FreeAll(void)
+{
+    if (pcap)
+        pcap_close(pcap);
+    if (alldevs)
+        pcap_freealldevs(alldevs);
+#ifndef _WIN32
+    ssl_FreeSniffer();
+#endif
+}
 
 static void sig_handler(const int sig) 
 {
     printf("SIGINT handled = %d.\n", sig);
-    if (pcap)
-        pcap_close(pcap);
-	pcap_freealldevs(alldevs);
-#ifndef _WIN32
-    ssl_FreeSniffer();
-#endif
+    FreeAll();
     if (sig)
         exit(EXIT_SUCCESS);
 }
@@ -286,6 +293,7 @@ int main(int argc, char** argv)
         else if (saveFile)
             break;      /* we're done reading file */
     }
+    FreeAll();
 
     return EXIT_SUCCESS;
 }

From b41d09b1a227d7beb13faf7b69c2fc23fd74d6c3 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 11 Dec 2013 12:03:09 -0800
Subject: [PATCH 2/5] fix newer clang warnings

---
 ctaocrypt/src/asn.c | 2 ++
 src/internal.c      | 6 +++++-
 src/ssl.c           | 4 +++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index f19ce79b0..d2fe3f0ad 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -2563,6 +2563,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
     (void)sigSz;
     (void)heap;
     (void)ret;
+    (void)typeH;
 
     switch (sigOID) {
 #ifndef NO_MD5
@@ -3339,6 +3340,7 @@ static void DecodeCertExtensions(DecodedCert* cert)
         }
         idx += length;
     }
+    (void)critical;
 
     CYASSL_LEAVE("DecodeCertExtensions", 0);
     return;
diff --git a/src/internal.c b/src/internal.c
index ffa120a2d..037ae1372 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -622,6 +622,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
 
     (void)tls;  /* shut up compiler */
     (void)tls1_2;
+    (void)haveRSA;
     (void)haveDH;
     (void)havePSK;
     (void)haveNTRU;
@@ -8118,7 +8119,7 @@ static void PickHashSigAlgo(CYASSL* ssl,
             case ecc_diffie_hellman_kea:
                 {
                     ecc_key  myKey;
-                    ecc_key* peerKey = &myKey;
+                    ecc_key* peerKey = NULL;
                     word32   size = sizeof(encSecret);
 
                     if (ssl->specs.static_ecdh) {
@@ -8133,6 +8134,9 @@ static void PickHashSigAlgo(CYASSL* ssl,
                         peerKey = ssl->peerEccKey;
                     }
 
+                    if (peerKey == NULL)
+                        return NO_PEER_KEY;
+
                     ecc_init(&myKey);
                     ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
                     if (ret != 0)
diff --git a/src/ssl.c b/src/ssl.c
index 827369fcf..8196e46db 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1730,6 +1730,7 @@ int CyaSSL_Init(void)
         der.buffer    = 0;
 
         (void)dynamicType;
+        (void)rsaKey;
 
         if (used)
             *used = sz;     /* used bytes default to sz, PEM chain may shorten*/
@@ -1980,7 +1981,8 @@ int CyaSSL_Init(void)
                 }
                 ecc_free(&key);
                 eccKey = 1;
-                ctx->haveStaticECC = 1;
+                if (ctx)
+                    ctx->haveStaticECC = 1;
                 if (ssl)
                     ssl->options.haveStaticECC = 1;
             }

From e5b0000ee46645673cdba772aa15c4b4d913b61c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 11 Dec 2013 14:59:46 -0800
Subject: [PATCH 3/5] switch enable-sniffer w/o libpcap to error out again

---
 configure.ac | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/configure.ac b/configure.ac
index e49e55d58..ca1f24783 100644
--- a/configure.ac
+++ b/configure.ac
@@ -311,14 +311,14 @@ fi
 
 # SNIFFER
 AC_ARG_ENABLE([sniffer],
-              [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[
-               AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[ 
-                      ENABLED_SNIFFER=yes 
-                      AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
-                      ],[ ENABLED_SNIFFER=no ]) ])
-               ],[
-                  ENABLED_SNIFFER=no
-                  ])
+   [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[
+   AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[ 
+       ENABLED_SNIFFER=yes 
+       AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
+   ],[ AC_MSG_ERROR([cannot enable sniffer without having libpcap available.]) ]) ])
+   ],[
+       ENABLED_SNIFFER=no
+   ])
 
 AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
 

From ba95c33ed45787e60f85e58f26c3c2c385a64a6d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 11 Dec 2013 15:47:40 -0800
Subject: [PATCH 4/5] more clang warnings

---
 ctaocrypt/src/asn.c | 2 +-
 src/internal.c      | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index d2fe3f0ad..8b4463229 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -2563,7 +2563,6 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
     (void)sigSz;
     (void)heap;
     (void)ret;
-    (void)typeH;
 
     switch (sigOID) {
 #ifndef NO_MD5
@@ -2647,6 +2646,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
             CYASSL_MSG("Verify Signautre has unsupported type");
             return 0;
     }
+    (void)typeH;  /* some builds won't read */
 
     switch (keyOID) {
     #ifndef NO_RSA
diff --git a/src/internal.c b/src/internal.c
index 037ae1372..e36fb4aec 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -622,7 +622,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
 
     (void)tls;  /* shut up compiler */
     (void)tls1_2;
-    (void)haveRSA;
     (void)haveDH;
     (void)havePSK;
     (void)haveNTRU;
@@ -636,8 +635,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
     if (suites->setSuites)
         return;      /* trust user settings, don't override */
 
-    if (side == CYASSL_SERVER_END && haveStaticECC)
+    if (side == CYASSL_SERVER_END && haveStaticECC) {
         haveRSA = 0;   /* can't do RSA with ECDSA key */
+        (void)haveRSA; /* some builds won't read */
+    }
 
     if (side == CYASSL_SERVER_END && haveECDSAsig) {
         haveRSAsig = 0;     /* can't have RSA sig if signed by ECDSA */

From 8c7f5817acdfd0ff6239ce177f1bb5b9f930331f Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 11 Dec 2013 16:19:09 -0800
Subject: [PATCH 5/5] NO_FILESYSTEM fix for CyaSSL_X509_load_certificate_file

---
 cyassl/ssl.h | 2 +-
 src/ssl.c    | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index b504218d1..6cbfc6f01 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -823,9 +823,9 @@ CYASSL_API CYASSL_X509*
 #ifndef NO_FILESYSTEM
 CYASSL_API CYASSL_X509*
     CyaSSL_X509_d2i_fp(CYASSL_X509** x509, FILE* file);
-#endif
 CYASSL_API CYASSL_X509*
     CyaSSL_X509_load_certificate_file(const char* fname, int format);
+#endif
 
 #ifdef CYASSL_SEP
     CYASSL_API unsigned char*
diff --git a/src/ssl.c b/src/ssl.c
index 827369fcf..d9a3950ab 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7561,6 +7561,8 @@ CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
 }
 
 
+#ifndef NO_FILESYSTEM
+
 CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
 {
     CYASSL_X509* newX509 = NULL;
@@ -7684,6 +7686,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
     return x509;
 }
 
+#endif /* NO_FILESYSTEM */
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */