From 4a85bf81083f06a5fa10a2eb9990e43a5a28c7b3 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 7 May 2020 15:42:14 +0200 Subject: [PATCH 1/4] Additional OpenSSL compat layer stuff - Add X509_get0_notBefore and X509_get0_notAfter - Implement EVP_PKEY_get0_DSA and DSA_bits - OpenSSL_version now prints "wolfSSL $VERSION" - Remove define guards in `wolfSSL_internal_get_version` as all protocols are defined regardless in `wolfssl/internal.h`and this function just returns the string description of the protocol --- configure.ac | 2 +- src/ssl.c | 27 ++++++++++++++++++--------- tests/api.c | 33 +++++++++++++++++---------------- wolfcrypt/src/evp.c | 8 ++++++++ wolfssl/openssl/dsa.h | 2 ++ wolfssl/openssl/evp.h | 1 + wolfssl/openssl/ssl.h | 8 +++++--- wolfssl/ssl.h | 1 + 8 files changed, 53 insertions(+), 29 deletions(-) diff --git a/configure.ac b/configure.ac index bed125b5b..fd49fbeaf 100644 --- a/configure.ac +++ b/configure.ac @@ -1536,7 +1536,7 @@ AC_ARG_ENABLE([dsa], [ ENABLED_DSA=no ] ) -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" then ENABLED_DSA="yes" fi diff --git a/src/ssl.c b/src/ssl.c index bc14865ad..255ec7cc8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19268,21 +19268,14 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version) if (version->major == SSLv3_MAJOR) { switch (version->minor) { - #ifndef NO_OLD_TLS - #ifdef WOLFSSL_ALLOW_SSLV3 case SSLv3_MINOR : return "SSLv3"; - #endif - #ifdef WOLFSSL_ALLOW_TLSV10 case TLSv1_MINOR : return "TLSv1"; - #endif case TLSv1_1_MINOR : return "TLSv1.1"; - #endif case TLSv1_2_MINOR : return "TLSv1.2"; - #ifdef WOLFSSL_TLS13 case TLSv1_3_MINOR : #ifdef WOLFSSL_TLS13_DRAFT #ifdef WOLFSSL_TLS13_DRAFT_18 @@ -19299,7 +19292,6 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version) #else return "TLSv1.3"; #endif - #endif default: return "unknown"; } @@ -19337,6 +19329,13 @@ const char* wolfSSL_lib_version(void) return LIBWOLFSSL_VERSION_STRING; } +#ifdef OPENSSL_EXTRA +const char* wolfSSL_OpenSSL_version(void) +{ + return "wolfSSL " LIBWOLFSSL_VERSION_STRING; +} +#endif + /* current library version in hex */ word32 wolfSSL_lib_version_hex(void) @@ -29954,6 +29953,16 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, return WOLFSSL_SUCCESS; } + +int wolfSSL_DSA_bits(const WOLFSSL_DSA *d) +{ + if (!d) + return WOLFSSL_FAILURE; + if (!d->exSet && SetDsaExternal((WOLFSSL_DSA*)d) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; + return wolfSSL_BN_num_bits(d->p); +} + #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa) @@ -33232,7 +33241,7 @@ size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r, size_t nitems) r[i].comment = wolfSSL_OBJ_nid2sn(r[i].nid); } - return ecc_sets_count; + return min_nitems; } /* Start ECDSA_SIG */ diff --git a/tests/api.c b/tests/api.c index 91f391d6a..c230c3c4a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -27185,7 +27185,7 @@ static void test_wolfSSL_AES_cbc_encrypt() #endif } -#if defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) #if !defined(NO_ASN) static void test_wolfSSL_ASN1_STRING_to_UTF8(void) { @@ -27253,7 +27253,7 @@ static void test_wolfSSL_sk_CIPHER_description(void) printf(testingFmt, "wolfSSL_sk_CIPHER_description"); - AssertNotNull(method = TLSv1_client_method()); + AssertNotNull(method = TLSv1_2_client_method()); AssertNotNull(ctx = SSL_CTX_new(method)); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); @@ -27311,7 +27311,7 @@ static void test_wolfSSL_get_ciphers_compat(void) printf(testingFmt, "wolfSSL_get_ciphers_compat"); - AssertNotNull(method = TLSv1_client_method()); + AssertNotNull(method = SSLv23_client_method()); AssertNotNull(ctx = SSL_CTX_new(method)); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); @@ -27618,14 +27618,18 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS); /* Initialize pkey with der format dsa key */ - AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_DSA, &pkey, + AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer ,(long)dsaKeySz)); /* Test wolfSSL_EVP_PKEY_get1_DSA */ /* Should Fail: NULL argument */ - AssertNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(NULL)); + AssertNull(dsa = EVP_PKEY_get0_DSA(NULL)); + AssertNull(dsa = EVP_PKEY_get1_DSA(NULL)); /* Should Pass: Initialized pkey argument */ - AssertNotNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(pkey)); + AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey)); + AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey)); + + AssertIntEQ(DSA_bits(dsa), 2048); /* Sign */ AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS); @@ -27635,17 +27639,17 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) /* Test wolfSSL_EVP_PKEY_set1_DSA */ /* Should Fail: set1Pkey not initialized */ - AssertIntNE(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); /* Initialize set1Pkey */ - set1Pkey = wolfSSL_EVP_PKEY_new(); + set1Pkey = EVP_PKEY_new(); /* Should Fail Verify: setDsa not initialized from set1Pkey */ AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), WOLFSSL_SUCCESS); /* Should Pass: set dsa into set1Pkey */ - AssertIntEQ(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); printf(resultFmt, passed); DSA_free(dsa); @@ -28041,7 +28045,7 @@ static void test_wolfSSL_OBJ_ln(void) { int nCurves = 27; EC_builtin_curve r[nCurves]; - EC_get_builtin_curves(r,nCurves); + nCurves = EC_get_builtin_curves(r,nCurves); for (i = 0; i < nCurves; i++) { AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid); @@ -28080,7 +28084,7 @@ static void test_wolfSSL_OBJ_sn(void) printf(resultFmt, passed); } -#endif /* WOLFSSL_QT */ +#endif /* OPENSSL_ALL */ static void test_wolfSSL_X509V3_EXT_get(void) { @@ -32172,8 +32176,7 @@ void ApiTest(void) test_wolfSSL_EVP_PKEY_derive(); test_wolfSSL_RSA_padding_add_PKCS1_PSS(); -#if defined(WOLFSSL_QT) - printf("\n----------------Qt Unit Tests-------------------\n"); +#if defined(OPENSSL_ALL) test_wolfSSL_X509_PUBKEY_get(); test_wolfSSL_sk_CIPHER_description(); test_wolfSSL_get_ciphers_compat(); @@ -32190,9 +32193,7 @@ void ApiTest(void) test_wolfSSL_OBJ_ln(); test_wolfSSL_OBJ_sn(); - printf("\n-------------End Of Qt Unit Tests---------------\n"); - -#endif /* WOLFSSL_QT */ +#endif /* OPENSSL_ALL */ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 4a0bb8103..9681a37cd 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -5800,6 +5800,14 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) return WOLFSSL_SUCCESS; } +WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey) +{ + if (!pkey) { + return NULL; + } + return pkey->dsa; +} + WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) { WOLFSSL_DSA* local; diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 9267cf479..2729c09bd 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -80,6 +80,8 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck); +WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d); + WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void); WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig); WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 084ccaf00..e8846609c 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -521,6 +521,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 6a435f649..485e8bb1c 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -340,8 +340,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define DSA_dup_DH wolfSSL_DSA_dup_DH /* wolfSSL does not support DSA as the cert public key */ -#define EVP_PKEY_get0_DSA(...) NULL -#define DSA_bits(...) 0 +#define EVP_PKEY_get0_DSA wolfSSL_EVP_PKEY_get0_DSA +#define DSA_bits wolfSSL_DSA_bits #define i2d_X509_bio wolfSSL_i2d_X509_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio @@ -381,7 +381,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_get_pubkey wolfSSL_X509_get_pubkey #define X509_get0_pubkey wolfSSL_X509_get_pubkey #define X509_get_notBefore wolfSSL_X509_get_notBefore +#define X509_get0_notBefore wolfSSL_X509_get_notBefore #define X509_get_notAfter wolfSSL_X509_get_notAfter +#define X509_get0_notAfter wolfSSL_X509_get_notAfter #define X509_get_serialNumber wolfSSL_X509_get_serialNumber #define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr #define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index @@ -1227,7 +1229,7 @@ enum { #define X509_OBJECT_free wolfSSL_X509_OBJECT_free #define X509_OBJECT_get_type(x) 0 -#define OpenSSL_version(x) wolfSSL_lib_version() +#define OpenSSL_version(x) wolfSSL_OpenSSL_version() #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5522c7d61..798c5d6b5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2088,6 +2088,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void); /* which library version do we have */ WOLFSSL_API const char* wolfSSL_lib_version(void); +WOLFSSL_API const char* wolfSSL_OpenSSL_version(void); /* which library version do we have in hex */ WOLFSSL_API word32 wolfSSL_lib_version_hex(void); From 5f7832909b9500e8d97291c3095ae095f58be5e5 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 20 May 2020 16:53:05 +0200 Subject: [PATCH 2/4] BIO_new_mem_buf with negative len should take strlen of buf as len --- src/ssl.c | 5 ++++- tests/api.c | 3 +-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 255ec7cc8..95e228442 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14913,7 +14913,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_BIO* bio = NULL; - if (buf == NULL || len < 0) { + if (buf == NULL) { return bio; } @@ -14922,6 +14922,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return bio; } + if (len < 0) { + len = XSTRLEN(buf); + } bio->num = bio->wrSz = len; bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); if (bio->ptr == NULL) { diff --git a/tests/api.c b/tests/api.c index c230c3c4a..507d59116 100644 --- a/tests/api.c +++ b/tests/api.c @@ -24983,10 +24983,9 @@ static void test_wolfSSL_BIO_gets(void) /* try with bad args */ AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg))); - AssertNull(bio = BIO_new_mem_buf((void*)msg, -1)); /* try with real msg */ - AssertNotNull(bio = BIO_new_mem_buf((void*)msg, sizeof(msg))); + AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1)); XMEMSET(bio_buffer, 0, bufferSz); AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio()))); AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE)); From 70c55ce30a676113a9a5ffd6d14ffdeed1e50ca0 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 21 May 2020 12:51:23 +0200 Subject: [PATCH 3/4] Set offset in cipher struct --- src/ssl.c | 31 ++++++++++++++++++++++--------- wolfssl/internal.h | 3 +-- wolfssl/ssl.h | 2 +- 3 files changed, 24 insertions(+), 12 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 95e228442..5daad9676 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19261,7 +19261,7 @@ void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) /* helper function that takes in a protocol version struct and returns string */ -static const char* wolfSSL_internal_get_version(ProtocolVersion* version) +static const char* wolfSSL_internal_get_version(const ProtocolVersion* version) { WOLFSSL_ENTER("wolfSSL_get_version"); @@ -19315,7 +19315,7 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version) } -const char* wolfSSL_get_version(WOLFSSL* ssl) +const char* wolfSSL_get_version(const WOLFSSL* ssl) { if (ssl == NULL) { WOLFSSL_MSG("Bad argument"); @@ -21092,6 +21092,8 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) cipher_names = GetCipherNames(); offset = cipher->offset; + if (offset >= (unsigned long)GetCipherNamesSize()) + return WOLFSSL_FAILURE; pv.major = cipher_names[offset].major; pv.minor = cipher_names[offset].minor; protocol = wolfSSL_internal_get_version(&pv); @@ -26628,9 +26630,6 @@ int wolfSSL_sk_num(WOLFSSL_STACK* sk) void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i) { -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - int offset = i; -#endif WOLFSSL_ENTER("wolfSSL_sk_value"); for (; sk != NULL && i > 0; i--) @@ -26642,9 +26641,6 @@ void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i) case STACK_TYPE_X509: return (void*)sk->data.x509; case STACK_TYPE_CIPHER: - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - sk->data.cipher.offset = offset; - #endif return (void*)&sk->data.cipher; case STACK_TYPE_GEN_NAME: return (void*)sk->data.gn; @@ -42940,6 +42936,8 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) { WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; Suites* suites; + const CipherSuiteInfo* cipher_names = GetCipherNames(); + int cipherSz = GetCipherNamesSize(); WOLFSSL_ENTER("wolfSSL_get_ciphers_compat"); if (ssl == NULL || (ssl->suites == NULL && ssl->ctx->suites == NULL)) { @@ -42956,15 +42954,30 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) /* check if stack needs populated */ if (suites->stack == NULL) { int i; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + int j; +#endif for (i = 0; i < suites->suiteSz; i+=2) { WOLFSSL_STACK* add = wolfSSL_sk_new_node(ssl->heap); if (add != NULL) { add->type = STACK_TYPE_CIPHER; add->data.cipher.cipherSuite0 = suites->suites[i]; add->data.cipher.cipherSuite = suites->suites[i+1]; + add->data.cipher.ssl = ssl; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + for (j = 0; j < cipherSz; j++) { + if (cipher_names[j].cipherSuite0 == + add->data.cipher.cipherSuite0 && + cipher_names[j].cipherSuite == + add->data.cipher.cipherSuite) { + add->data.cipher.offset = j; + break; + } + } +#endif #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) /* in_stack is checked in wolfSSL_CIPHER_description */ - add->data.cipher.in_stack = 1; + add->data.cipher.in_stack = 1; #endif add->next = ret; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5cfcc9b85..961ef3d2c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1840,11 +1840,10 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #define MAX_DESCRIPTION_SZ 255 #endif -/* wolfSSL Cipher type just points back to SSL */ struct WOLFSSL_CIPHER { byte cipherSuite0; byte cipherSuite; - WOLFSSL* ssl; + const WOLFSSL* ssl; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) char description[MAX_DESCRIPTION_SZ]; unsigned long offset; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 798c5d6b5..96a3e1d0e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1157,7 +1157,7 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*); -WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*); +WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL*); WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); From a67e1fc2adb798cb754df39f5ace1830a4d8e4b8 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 21 May 2020 12:58:58 +0200 Subject: [PATCH 4/4] Fix implicit conversions --- src/ssl.c | 2 +- tests/api.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5daad9676..6029f0a09 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14923,7 +14923,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } if (len < 0) { - len = XSTRLEN(buf); + len = (int)XSTRLEN((const char*)buf); } bio->num = bio->wrSz = len; bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); diff --git a/tests/api.c b/tests/api.c index 507d59116..f70a7b46c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28034,7 +28034,7 @@ static void test_wolfSSL_OBJ_ln(void) "jurisdictionStateOrProvinceName", "emailAddress", }; - int i = 0, maxIdx = sizeof(ln_set)/sizeof(char*); + size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*); printf(testingFmt, "wolfSSL_OBJ_ln"); @@ -28042,7 +28042,7 @@ static void test_wolfSSL_OBJ_ln(void) #ifdef HAVE_ECC { - int nCurves = 27; + size_t nCurves = 27; EC_builtin_curve r[nCurves]; nCurves = EC_get_builtin_curves(r,nCurves);