diff --git a/src/internal.c b/src/internal.c index b72b5ccba..c587ea27b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1854,10 +1854,6 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) wolfSSL_CertManagerFree(ctx->cm); ctx->cm = NULL; #ifdef OPENSSL_EXTRA - /* ctx->cm was free'd so cm of x509 store should now be NULL */ - if (ctx->x509_store_pt != NULL) { - ctx->x509_store_pt->cm = NULL; - } wolfSSL_X509_STORE_free(ctx->x509_store_pt); while (ctx->ca_names != NULL) { WOLFSSL_STACK *next = ctx->ca_names->next; @@ -3461,6 +3457,11 @@ void FreeX509(WOLFSSL_X509* x509) x509->key.pkey = NULL; } #endif /* OPENSSL_ALL */ + #ifdef WOLFSSL_CERT_REQ + if (x509->challengePwAttr) { + wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr); + } + #endif /* WOLFSSL_CERT_REQ */ if (x509->altNames) { FreeAltNames(x509->altNames, x509->heap); x509->altNames = NULL; diff --git a/src/ssl.c b/src/ssl.c index 7728bb19b..77141f26e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15491,10 +15491,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->x509_store.cm = str->cm; /* free existing store if it exists */ - if (ctx->x509_store_pt != NULL) { - /* cert manager was free'd a little earlier in this function */ - ctx->x509_store_pt->cm = NULL; - } wolfSSL_X509_STORE_free(ctx->x509_store_pt); ctx->x509_store.cache = str->cache; ctx->x509_store_pt = str; /* take ownership of store and free it @@ -19509,55 +19505,6 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void) return ret; } -WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section, - char* name, char* value) -{ - WOLFSSL_CONF_VALUE* ret; - int len; - - WOLFSSL_ENTER("wolfSSL_CONF_VALUE_new_values"); - - if (!(ret = wolfSSL_CONF_VALUE_new())) { - WOLFSSL_MSG("wolfSSL_CONF_VALUE_new error"); - return NULL; - } - - if (section) { - len = XSTRLEN(section); - ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); - if (!ret->section) { - WOLFSSL_MSG("malloc error"); - wolfSSL_X509V3_conf_free(ret); - return NULL; - } - XMEMCPY(ret->section, section, len+1); - } - - if (name) { - len = XSTRLEN(name); - ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); - if (!ret->name) { - WOLFSSL_MSG("malloc error"); - wolfSSL_X509V3_conf_free(ret); - return NULL; - } - XMEMCPY(ret->name, name, len+1); - } - - if (value) { - len = XSTRLEN(value); - ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); - if (!ret->value) { - WOLFSSL_MSG("malloc error"); - wolfSSL_X509V3_conf_free(ret); - return NULL; - } - XMEMCPY(ret->value, value, len+1); - } - - return ret; -} - int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf, WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value) { @@ -19773,6 +19720,55 @@ WOLFSSL_STACK *wolfSSL_NCONF_get_section( return NULL; } +static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section, + char* name, char* value) +{ + WOLFSSL_CONF_VALUE* ret; + int len; + + WOLFSSL_ENTER("wolfSSL_CONF_VALUE_new_values"); + + if (!(ret = wolfSSL_CONF_VALUE_new())) { + WOLFSSL_MSG("wolfSSL_CONF_VALUE_new error"); + return NULL; + } + + if (section) { + len = XSTRLEN(section); + ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); + if (!ret->section) { + WOLFSSL_MSG("malloc error"); + wolfSSL_X509V3_conf_free(ret); + return NULL; + } + XMEMCPY(ret->section, section, len+1); + } + + if (name) { + len = XSTRLEN(name); + ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); + if (!ret->name) { + WOLFSSL_MSG("malloc error"); + wolfSSL_X509V3_conf_free(ret); + return NULL; + } + XMEMCPY(ret->name, name, len+1); + } + + if (value) { + len = XSTRLEN(value); + ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL); + if (!ret->value) { + WOLFSSL_MSG("malloc error"); + wolfSSL_X509V3_conf_free(ret); + return NULL; + } + XMEMCPY(ret->value, value, len+1); + } + + return ret; +} + static char* expandValue(WOLFSSL_CONF *conf, const char* section, char *str) { @@ -20001,7 +19997,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) goto cleanup; } - if (!(newVal = wolfSSL_CONF_VALUE_new_values(section->section, + if (!(newVal = wolfSSL_CONF_VALUE_new_values(NULL, name, exValue))) { WOLFSSL_MSG("wolfSSL_CONF_VALUE_new_values error"); if (exValue != value) @@ -20089,7 +20085,6 @@ WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc) */ void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk) { - WOLFSSL_STACK* node; WOLFSSL_STACK* tmp; WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_free"); @@ -20097,16 +20092,12 @@ void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk) return; /* parse through stack freeing each node */ - node = sk->next; - while (node) { - tmp = node; - node = node->next; - wolfSSL_X509V3_conf_free(tmp->data.conf); - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + while (sk) { + tmp = sk->next; + wolfSSL_X509V3_conf_free(sk->data.conf); + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); + sk = tmp; } - - /* free head of stack */ - XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); } int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk) @@ -24355,6 +24346,7 @@ static WOLFSSL_X509* wolfSSL_d2i_X509_X509_REQ_bio(WOLFSSL_BIO* bio, *x509 = localX509; } + XFREE(mem, NULL, DYNAMIC_TYPE_OPENSSL); return localX509; } #endif /* !NO_BIO */ @@ -29354,6 +29346,9 @@ void wolfSSL_sk_free(WOLFSSL_STACK* sk) case STACK_TYPE_OBJ: wolfSSL_sk_ASN1_OBJECT_free(sk); break; + case STACK_TYPE_STRING: + wolfSSL_sk_WOLFSSL_STRING_free(sk); + break; #ifdef OPENSSL_ALL case STACK_TYPE_X509_INFO: wolfSSL_sk_X509_INFO_free(sk); @@ -40155,52 +40150,6 @@ cleanup: return wolfSSL_X509_sign(x509, ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(ctx)); } - - /* Converts the x509 name structure into DER format. - * - * out pointer to either a pre setup buffer or a pointer to null for - * creating a dynamic buffer. In the case that a pre-existing buffer is - * used out will be incremented the size of the DER buffer on success. - * - * returns the size of the buffer on success, or negative value with failure - */ - int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) - { - CertName cName; - unsigned char buf[256]; /* ASN_MAX_NAME */ - int sz; - WOLFSSL_ENTER("wolfSSL_i2d_X509_NAME"); - - if (out == NULL || name == NULL) { - return BAD_FUNC_ARG; - } - XMEMSET(&cName, 0, sizeof(CertName)); - - if (CopyX509NameToCertName(name, &cName) != SSL_SUCCESS) { - WOLFSSL_MSG("Error converting x509 name to internal CertName"); - return SSL_FATAL_ERROR; - } - - sz = SetName(buf, sizeof(buf), &cName); - if (sz < 0) { - return sz; - } - - /* using buffer passed in */ - if (*out != NULL) { - XMEMCPY(*out, buf, sz); - *out += sz; - } - else { - *out = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); - if (*out == NULL) { - return MEMORY_E; - } - XMEMCPY(*out, buf, sz); - } - - return sz; - } #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) @@ -41587,8 +41536,6 @@ err: name->entry[loc].set = 0; return ret; } - #endif /* !NO_CERTS */ - /* NID variables are dependent on compatibility header files currently * @@ -42863,7 +42810,6 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, #endif /* !NO_BIO */ #endif /* NO_DSA */ #endif /* OPENSSL_EXTRA */ -#endif /* WOLFCRYPT_ONLY */ #if defined(OPENSSL_EXTRA) @@ -47389,32 +47335,6 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject) return X509_V_OK; } -char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, - int idx) -{ - for (; idx > 0 && strings != NULL; idx--) - strings = strings->next; - if (strings == NULL) - return NULL; - return strings->data.string; -} - -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - -WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) -{ - WOLFSSL_ENTER("wolfSSL_X509_dup"); - - if (x == NULL) { - WOLFSSL_MSG("Error: NULL certificate passed in"); - return NULL; - } - - return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length); -} - WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void) { WOLF_STACK_OF(WOLFSSL_STRING)* ret = wolfSSL_sk_new_node(NULL); @@ -47426,6 +47346,23 @@ WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void) return ret; } +void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk) +{ + WOLFSSL_STACK* tmp; + WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_STRING_free"); + + if (sk == NULL) + return; + + /* parse through stack freeing each node */ + while (sk) { + tmp = sk->next; + XFREE(sk->data.string, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); + sk = tmp; + } +} + WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx) { @@ -47444,6 +47381,20 @@ int wolfSSL_sk_WOLFSSL_STRING_num(WOLF_STACK_OF(WOLFSSL_STRING)* strings) } #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) +{ + WOLFSSL_ENTER("wolfSSL_X509_dup"); + + if (x == NULL) { + WOLFSSL_MSG("Error: NULL certificate passed in"); + return NULL; + } + + return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length); +} +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) #ifdef HAVE_ALPN diff --git a/tests/api.c b/tests/api.c index 0076322b2..5608029d8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -25933,7 +25933,7 @@ static void test_wolfSSL_X509_check_private_key(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ defined(USE_CERT_BUFFERS_2048) X509* x509; - EVP_PKEY* pkey; + EVP_PKEY* pkey = NULL; const byte* key; printf(testingFmt, "wolfSSL_X509_check_private_key()"); @@ -25946,6 +25946,7 @@ static void test_wolfSSL_X509_check_private_key(void) &key, (long)sizeof_client_key_der_2048)); AssertIntEQ(X509_check_private_key(x509, pkey), 1); EVP_PKEY_free(pkey); + pkey = NULL; /* Check with wrong key */ key = server_key_der_2048; @@ -27698,10 +27699,10 @@ static void test_wolfSSL_PKCS7_certs(void) if (i == 0) { PKCS7_free(p7); - /* Reset certs to force p7 to regenerate them */ - ((WOLFSSL_PKCS7*)p7)->certs = NULL; AssertNotNull(d2i_PKCS7(&p7, &p, buflen)); - /* p7 free's the certs */ + /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */ + ((WOLFSSL_PKCS7*)p7)->certs = NULL; + /* PKCS7_free free's the certs */ AssertNotNull(wolfSSL_PKCS7_to_stack(p7)); } @@ -27746,6 +27747,7 @@ static void test_wolfSSL_X509_STORE_CTX(void) X509_STORE_CTX_set_error(NULL, -5); X509_STORE_CTX_free(ctx); + sk_X509_free(sk); X509_STORE_free(str); X509_free(x509); @@ -27774,7 +27776,8 @@ static void test_wolfSSL_X509_STORE_CTX(void) X509_STORE_free(str); /* CTX certs not freed yet */ X509_free(x5092); - /* sk2 freed as part of X509_STORE_CTX_free(), sk3 is dup so free here */ + sk_X509_free(sk); + /* sk3 is dup so free here */ sk_X509_free(sk3); #endif @@ -29682,7 +29685,6 @@ static void test_wolfSSL_X509_sign(void) #endif EVP_MD_CTX_free(mctx); - X509_NAME_free(name); EVP_PKEY_free(priv); EVP_PKEY_free(pub); X509_free(x509); @@ -29839,6 +29841,7 @@ static void test_wolfSSL_X509_PUBKEY(void) X509_PUBKEY_free(pubKey2); X509_free(x509); + EVP_PKEY_free(evpKey); printf(resultFmt, passed); #endif @@ -34963,6 +34966,7 @@ static void test_wolfSSL_TXT_DB(void) "unknown", "/CN=rsa doe", }; + char** fields_copy; printf(testingFmt, "wolfSSL_TXT_DB"); @@ -34970,7 +34974,10 @@ static void test_wolfSSL_TXT_DB(void) AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0); AssertNotNull(db = TXT_DB_read(bio, columns)); - AssertIntEQ(TXT_DB_insert(db, (WOLFSSL_STRING*)fields), 1); + AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL, + DYNAMIC_TYPE_OPENSSL)); + XMEMCPY(fields_copy, fields, sizeof(fields)); + AssertIntEQ(TXT_DB_insert(db, fields_copy), 1); BIO_free(bio); /* Test write */ @@ -38178,6 +38185,7 @@ static void test_wolfSSL_d2i_X509_REQ(void) X509_free(req); BIO_free(bio); + EVP_PKEY_free(pub_key); } { AssertNotNull(bio = BIO_new_file(csrPopFile, "rb")); @@ -38200,6 +38208,7 @@ static void test_wolfSSL_d2i_X509_REQ(void) X509_free(req); BIO_free(bio); + EVP_PKEY_free(pub_key); } { AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb")); @@ -38217,6 +38226,7 @@ static void test_wolfSSL_d2i_X509_REQ(void) X509_free(req); BIO_free(bio); + EVP_PKEY_free(pub_key); } } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 30cbf187d..473b692e6 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1904,6 +1904,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); return WOLFSSL_FAILURE; } + to->ownEcc = 1; to->ecc->group->curve_idx = from->ecc->group->curve_idx; to->ecc->group->curve_nid = from->ecc->group->curve_nid; to->ecc->group->curve_oid = from->ecc->group->curve_oid; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index b11660029..66d92001d 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -2442,7 +2442,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs, flatSignedAttribsSz, esd); if (ret < 0) { - if (pkcs7->signedAttribsSz != 0) + if (flatSignedAttribs) XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -2507,7 +2507,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, /* if using header/footer, we are not returning the content */ if (output2 && output2Sz) { if (total2Sz > *output2Sz) { - if (pkcs7->signedAttribsSz != 0) + if (flatSignedAttribs) XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -2530,7 +2530,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, } if (totalSz > *outputSz) { - if (pkcs7->signedAttribsSz != 0) + if (flatSignedAttribs) XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -2543,7 +2543,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd, } if (output == NULL) { - if (pkcs7->signedAttribsSz != 0) + if (flatSignedAttribs) XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -4915,9 +4915,15 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if (ret == 0) { + byte isDynamic = pkcs7->isDynamic; #ifndef NO_PKCS7_STREAM PKCS7State* stream = pkcs7->stream; + pkcs7->stream = NULL; #endif + /* Free pkcs7 resources but not the structure itself */ + pkcs7->isDynamic = 0; + wc_PKCS7_Free(pkcs7); + pkcs7->isDynamic = isDynamic; /* This will reset PKCS7 structure and then set the * certificate */ ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz); diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 24d7f6635..af047ac3c 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -325,12 +325,14 @@ int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size) if (!srp || !username) return BAD_FUNC_ARG; - srp->user = (byte*)XMALLOC(size, srp->heap, DYNAMIC_TYPE_SRP); + /* +1 for NULL char */ + srp->user = (byte*)XMALLOC(size + 1, srp->heap, DYNAMIC_TYPE_SRP); if (srp->user == NULL) return MEMORY_E; srp->userSz = size; XMEMCPY(srp->user, username, srp->userSz); + srp->user[size] = '\0'; return 0; } diff --git a/wolfssl/openssl/conf.h b/wolfssl/openssl/conf.h index 9dbe20ae0..f7369ec67 100644 --- a/wolfssl/openssl/conf.h +++ b/wolfssl/openssl/conf.h @@ -50,8 +50,6 @@ typedef WOLFSSL_CONF_VALUE CONF_VALUE; typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void); -WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section, - char* name, char* value); WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf, WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value); WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 79e230a53..40e4dda5a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3939,6 +3939,7 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void); +WOLFSSL_API void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk); WOLFSSL_API WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value( WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num(