From 0fa99fcc2e92f7d024090739bd9a929ce58233a2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 12 Jun 2017 20:39:32 -0700 Subject: [PATCH 1/4] Fix for openssl script test reporting `./scripts/openssl.test: line 219: psk: command not found`. --- scripts/openssl.test | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/openssl.test b/scripts/openssl.test index 83c2ad084..03800ef74 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -216,7 +216,7 @@ do fi # check for psk suite and turn on client psk if so - psk = "" + psk="" case $wolfSuite in *PSK*) psk="-s " ;; From 2f9f746053be1154405defb64f96d0f752925185 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 16 Jun 2017 16:02:36 -0700 Subject: [PATCH 2/4] =?UTF-8?q?Fix=20for=20CRL=20serial=20number=20matchin?= =?UTF-8?q?g=20to=20also=20check=20length.=20Fix=20for=20testing=20the=20v?= =?UTF-8?q?erify=20callback=20override=20=E2=80=98-j=E2=80=99=20to=20not?= =?UTF-8?q?=20enable=20CRL=20since=20the=20CA=E2=80=99s=20are=20not=20load?= =?UTF-8?q?ed=20for=20this=20test.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- examples/client/client.c | 2 +- src/crl.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index eab3d10ce..f9a19ef7f 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1729,7 +1729,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #ifdef HAVE_CRL - if (disableCRL == 0) { + if (disableCRL == 0 && !useVerifyCb) { #ifdef HAVE_IO_TIMEOUT wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC); #endif diff --git a/src/crl.c b/src/crl.c index 24a5d8a1d..198b0cf91 100755 --- a/src/crl.c +++ b/src/crl.c @@ -318,7 +318,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr RevokedCert* rc = crle->certs; while (rc) { - if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) { + if (rc->serialSz == cert->serialSz && + XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) { WOLFSSL_MSG("Cert revoked"); ret = CRL_CERT_REVOKED; break; From d75a9f243615f67309e76527d7d7f2512c3db0fd Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 21 Jun 2017 10:35:47 -0700 Subject: [PATCH 3/4] =?UTF-8?q?Fix=20for=20`wc=5FReadDirFirst`=20to=20retu?= =?UTF-8?q?rn=20non-zero=20value=20if=20no=20files=20found.=20Fix=20for=20?= =?UTF-8?q?`wolfSSL=5FCTX=5Fload=5Fverify=5Flocations`=20to=20not=20return?= =?UTF-8?q?=20failure=20due=20to=20`wc=5FReadDirNext`=20=E2=80=9Cno=20more?= =?UTF-8?q?=20files=E2=80=9D=20-1=20response.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/ssl.c | 12 +++++++++--- wolfcrypt/src/wc_port.c | 6 ++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index bcbbbf5a2..8e297c4eb 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -5621,6 +5621,7 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, const char* path) { int ret = SSL_SUCCESS; + int fileRet; WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations"); @@ -5644,16 +5645,21 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, #endif /* try to load each regular file in path */ - ret = wc_ReadDirFirst(readCtx, path, &name); - while (ret == 0 && name) { + fileRet = wc_ReadDirFirst(readCtx, path, &name); + while (fileRet == 0 && name) { ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL); if (ret != SSL_SUCCESS) break; - ret = wc_ReadDirNext(readCtx, path, &name); + fileRet = wc_ReadDirNext(readCtx, path, &name); } wc_ReadDirClose(readCtx); + /* pass directory read failure to response code */ + if (ret == SSL_SUCCESS && fileRet != -1) { + ret = fileRet; + } + #ifdef WOLFSSL_SMALL_STACK XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX); #endif diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 2104ace74..3345e0f55 100755 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -197,9 +197,10 @@ int wolfCrypt_Cleanup(void) #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) /* File Handling Helpers */ +/* returns 0 if file found, -1 if no files or negative error */ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) { - int ret = 0; + int ret = -1; /* default to no files found */ if (name) *name = NULL; @@ -258,9 +259,10 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) return ret; } +/* returns 0 if file found, -1 if no more files */ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name) { - int ret = -1; + int ret = -1; /* default to no file found */ if (name) *name = NULL; From fec75e445eb9c47a7dd3f3552f9e9333c4f2db5e Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 21 Jun 2017 12:52:03 -0700 Subject: [PATCH 4/4] =?UTF-8?q?Fix=20for=20build=20error=20in=20master=20f?= =?UTF-8?q?rom=20QAT=20fixes=20in=20PR=20#967.=20Odd=20that=20this=20build?= =?UTF-8?q?=20error=20didn=E2=80=99t=20show=20up=20till=20just=20now.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 7de85c1c0..02cb4bf9c 100755 --- a/src/internal.c +++ b/src/internal.c @@ -13021,7 +13021,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_TMP_DCERT); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif