fix to not stomp on sz with XOF function, restore comment, remove early XFREE call

2025-07-30 18:57:27 +02:00 · 2025-01-24 11:40:53 -07:00
parent 8eb6b5a3e4
commit 69be9aa211
4 changed files with 12 additions and 3 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -7790,8 +7790,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
        if (wolfSSL_X509_VERIFY_PARAM_set_flags(wolfSSL_get0_param(ssl),
            (unsigned long)wolfSSL_X509_VERIFY_PARAM_get_flags(
            wolfSSL_CTX_get0_param(ctx))) != WOLFSSL_SUCCESS) {
-
-            XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
+            WOLFSSL_MSG("ssl->param set flags error");
            return WOLFSSL_FAILURE;
        }
 #endif
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@ -2803,6 +2803,7 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
        }

        if (file != NULL) {
+            /* Load the PEM formatted CA file */
            ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0,
                NULL, verify);
    #ifndef NO_WOLFSSL_DIR
--- a/tests/api.c
+++ b/tests/api.c
@ -75785,15 +75785,21 @@ static int test_wolfSSL_EVP_DigestFinalXOF(void)
 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) && defined(OPENSSL_ALL)
    WOLFSSL_EVP_MD_CTX mdCtx;
    unsigned char      shake[256];
+    unsigned char      zeros[10];
    unsigned char      data[] = "Test data";
    unsigned int sz;

+    XMEMSET(zeros, 0, sizeof(zeros));
    wolfSSL_EVP_MD_CTX_init(&mdCtx);
    ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS);
    ExpectIntEQ(EVP_MD_flags(EVP_shake256()), EVP_MD_FLAG_XOF);
    ExpectIntEQ(EVP_MD_flags(EVP_sha3_256()), 0);
    ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS);
+    XMEMSET(shake, 0, sizeof(shake));
    ExpectIntEQ(EVP_DigestFinalXOF(&mdCtx, shake, 10), WOLFSSL_SUCCESS);
+
+    /* make sure was only size of 10 */
+    ExpectIntEQ(XMEMCMP(&shake[11], zeros, 10), 0);
    ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);

    wolfSSL_EVP_MD_CTX_init(&mdCtx);
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@ -10962,10 +10962,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
        size_t sz)
    {
        unsigned int len;
+        enum wc_HashType macType;

        WOLFSSL_ENTER("wolfSSL_EVP_DigestFinalXOF");
        len = (unsigned int)sz;
-        return wolfSSL_EVP_DigestFinal(ctx, md, &len);
+
+        macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
+        return wolfSSL_EVP_DigestFinal_Common(ctx, md, &len, macType);
    }