From c42573096a7db0c69d6f09ceaa8ff0587adc254a Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Mon, 13 Sep 2021 10:25:19 +1000
Subject: [PATCH] Fixes for configurations and a cppcheck fix

configure --disable-shared --enable-opensslextra --enable-dsa
--enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448
--enable-ocsp --enable-all --enable-asn=template
  GetCertName() sets raw in ASN template code too.
  GetBasicDate() not needed for template ASN.
SetAsymKeyDer() ASN template version now returns 0 when output is NULL
too.

./configure '--disable-shared' '--enable-curve25519' '--enable-ed25519'
'--disable-rsa' '--disable-ecc'
  SetBitString() is needed now.

Close the file before return in wolfSSL_save_session_cache() and
wolfSSL_restore_session_cache().
---
 src/ssl.c           |  6 ++++++
 wolfcrypt/src/asn.c | 23 ++++++++++++++++++-----
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 26bfa28b7..91f1075b4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -11924,6 +11924,7 @@ int wolfSSL_save_session_cache(const char *fname)
 #ifndef ENABLE_SESSION_CACHE_ROW_LOCK
     if (wc_LockMutex(&session_mutex) != 0) {
         WOLFSSL_MSG("Session cache mutex lock failed");
+        XFCLOSE(file);
         return BAD_MUTEX_E;
     }
 #endif
@@ -11932,6 +11933,7 @@ int wolfSSL_save_session_cache(const char *fname)
     #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
         if (SESSION_ROW_LOCK(&SessionCache[i]) != 0) {
             WOLFSSL_MSG("Session row cache mutex lock failed");
+            XFCLOSE(file);
             return BAD_MUTEX_E;
         }
     #endif
@@ -11954,6 +11956,7 @@ int wolfSSL_save_session_cache(const char *fname)
     /* client cache */
     if (wc_LockMutex(&clisession_mutex) != 0) {
         WOLFSSL_MSG("Client cache mutex lock failed");
+        XFCLOSE(file);
         return BAD_MUTEX_E;
     }
 
@@ -12012,6 +12015,7 @@ int wolfSSL_restore_session_cache(const char *fname)
 #ifndef ENABLE_SESSION_CACHE_ROW_LOCK
     if (wc_LockMutex(&session_mutex) != 0) {
         WOLFSSL_MSG("Session cache mutex lock failed");
+        XFCLOSE(file);
         return BAD_MUTEX_E;
     }
 #endif
@@ -12020,6 +12024,7 @@ int wolfSSL_restore_session_cache(const char *fname)
     #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
         if (SESSION_ROW_LOCK(&SessionCache[i]) != 0) {
             WOLFSSL_MSG("Session row cache mutex lock failed");
+            XFCLOSE(file);
             return BAD_MUTEX_E;
         }
     #endif
@@ -12043,6 +12048,7 @@ int wolfSSL_restore_session_cache(const char *fname)
     /* client cache */
     if (wc_LockMutex(&clisession_mutex) != 0) {
         WOLFSSL_MSG("Client cache mutex lock failed");
+        XFCLOSE(file);
         return BAD_MUTEX_E;
     }
     for (i = 0; i < cache_header.rows; ++i) {
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 69f03006a..5aa3f92dd 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -3210,10 +3210,13 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len,
 /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 OR ED448 (with CertGen or
  * KeyGen) */
 #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
-        (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \
+     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
+      defined(OPENSSL_EXTRA))) || \
     (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) || \
     ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
-        (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \
+     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
+      defined(OPENSSL_EXTRA))) || \
+    (defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(NO_CERT)) || \
     (!defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN))
 
 /* Set the DER/BER encoding of the ASN.1 BIT STRING header.
@@ -11324,9 +11327,19 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
 #ifdef WOLFSSL_X509_NAME_AVAILABLE
         /* Store X509_NAME in certificate. */
         if (nameType == ISSUER) {
+        #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
+             defined(HAVE_LIGHTY)) && \
+            (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
+            dName->rawLen = min(cert->issuerRawLen, ASN_NAME_MAX);
+            XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen);
+        #endif
             cert->issuerName = dName;
         }
         else {
+        #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
+            dName->rawLen = min(cert->subjectRawLen, ASN_NAME_MAX);
+            XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen);
+        #endif
             cert->subjectName = dName;
         }
     }
@@ -27162,7 +27175,7 @@ static int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) {
         ret = BAD_FUNC_ARG;
     }
-    if (ret == 0 && output != NULL) {
+    if ((ret == 0) && (output != NULL)) {
         /* Encode private key. */
         SetASN_Items(edKeyASN, dataASN, edKeyASN_Length, output);
 
@@ -27173,9 +27186,7 @@ static int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
             /* Put public value into space provided. */
             XMEMCPY((byte*)dataASN[8].data.buffer.data, pubKey, pubKeyLen);
         }
-    }
 
-    if (ret == 0) {
         /* Return size of encoding. */
         ret = sz;
     }
@@ -27408,6 +27419,7 @@ int wc_Curve448PublicKeyToDer(curve448_key* key, byte* output, word32 inLen,
 #endif /* HAVE_CURVE448 && HAVE_CURVE448_KEY_EXPORT */
 
 
+#ifndef WOLFSSL_ASN_TEMPLATE
 #if defined(HAVE_OCSP) || defined(HAVE_CRL)
 
 /* Get raw Date only, no processing, 0 on success */
@@ -27429,6 +27441,7 @@ static int GetBasicDate(const byte* source, word32* idx, byte* date,
 }
 
 #endif /* HAVE_OCSP || HAVE_CRL */
+#endif /* WOLFSSL_ASN_TEMPLATE */
 
 
 #ifdef HAVE_OCSP