diff --git a/src/ssl_sk.c b/src/ssl_sk.c index 9696a820aa..aeefa5a95b 100644 --- a/src/ssl_sk.c +++ b/src/ssl_sk.c @@ -259,6 +259,50 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node) return ret; } +/* Pushes the node onto the back of the stack. + * + * If *stack is NULL, node becomes the head. + * + * @param [in, out] stack Stack of nodes. + * @param [in] node Node to append. + * + * @return WOLFSSL_SUCCESS on success + * @return WOLFSSL_FAILURE when stack or node is NULL. + */ +int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node) +{ + int ret = WOLFSSL_SUCCESS; + + /* Validate parameters. */ + if (stack == NULL || node == NULL) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS) { + node->next = NULL; + /* Tail node has num of 1, indicating 1 node till the end */ + node->num = 1; + + if (*stack == NULL) { + /* First node. */ + *stack = node; + } + else { + /* Walk to the end and append. Each node's num field holds the + * count of nodes from that node to the tail (inclusive), so + * every existing node's num increases by one. */ + WOLFSSL_STACK* cur = *stack; + while (cur->next != NULL) { + cur->num++; + cur = cur->next; + } + cur->num++; + cur->next = node; + } + } + + return ret; +} + /* Removes the node at the index from the stack and returns data. * * This is an internal API. diff --git a/src/x509.c b/src/x509.c index 5fb4470307..ef9794829b 100644 --- a/src/x509.c +++ b/src/x509.c @@ -14986,50 +14986,38 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk) { - WOLFSSL_STACK *curr; - - while (sk != NULL) { - curr = sk; - sk = sk->next; - - XFREE(curr, NULL, DYNAMIC_TYPE_OPENSSL); - } + wolfSSL_sk_pop_free(sk, NULL); } -static WOLFSSL_STACK* x509_aia_append_string(WOLFSSL_STACK** head, +static int x509_aia_append_string(WOLFSSL_STACK** head, const byte* uri, word32 uriSz) { WOLFSSL_STACK* node; char* url; - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + uriSz + 1, NULL, - DYNAMIC_TYPE_OPENSSL); - if (node == NULL) - return NULL; + url = (char*)XMALLOC(uriSz + 1, NULL, DYNAMIC_TYPE_OPENSSL); + if (url == NULL) + return WOLFSSL_FAILURE; - url = (char*)node; - url += sizeof(WOLFSSL_STACK); XMEMCPY(url, uri, uriSz); url[uriSz] = '\0'; + node = wolfSSL_sk_new_node(*head != NULL ? (*head)->heap : NULL); + if (node == NULL) { + XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL); + return WOLFSSL_FAILURE; + } + + node->type = STACK_TYPE_STRING; node->data.string = url; - node->next = NULL; - node->num = 1; - if (*head == NULL) { - *head = node; - } - else { - WOLFSSL_STACK* cur = *head; - while (cur->next != NULL) { - cur->num++; - cur = cur->next; - } - cur->num++; - cur->next = node; + if (wolfSSL_sk_push_back_node(head, node) != WOLFSSL_SUCCESS) { + XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL); + wolfSSL_sk_free_node(node); + return WOLFSSL_FAILURE; } - return node; + return WOLFSSL_SUCCESS; } static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method, @@ -15041,8 +15029,8 @@ static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method, if (x == NULL) return NULL; - /* Build from multi-entry list when available; otherwise fall back to the - * legacy single-entry fields to preserve previous behavior. */ + /* Collect matching URIs from the multi-entry list into a new stack; + * fall back to the legacy single-entry field for compatibility. */ if (x->authInfoListSz > 0) { for (i = 0; i < x->authInfoListSz; i++) { if (x->authInfoList[i].method != method || @@ -15052,15 +15040,16 @@ static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method, } if (x509_aia_append_string(&head, x->authInfoList[i].uri, - x->authInfoList[i].uriSz) == NULL) { - wolfSSL_X509_email_free(head); + x->authInfoList[i].uriSz) != WOLFSSL_SUCCESS) { + wolfSSL_sk_pop_free(head, NULL); return NULL; } } } if (head == NULL && fallback != NULL && fallbackSz > 0) { - if (x509_aia_append_string(&head, fallback, (word32)fallbackSz) == NULL) { - wolfSSL_X509_email_free(head); + if (x509_aia_append_string(&head, fallback, (word32)fallbackSz) + != WOLFSSL_SUCCESS) { + wolfSSL_sk_pop_free(head, NULL); return NULL; } } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index e5fa2c188c..ed88c09002 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1917,6 +1917,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx); #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); +WOLFSSL_API int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack, + WOLFSSL_STACK* in); WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 3953e323ee..35247a8a6e 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2075,8 +2075,8 @@ struct DecodedCert { #endif /* WOLFSSL_DUAL_ALG_CERTS */ WOLFSSL_AIA_ENTRY extAuthInfoList[WOLFSSL_MAX_AIA_ENTRIES]; - byte extAuthInfoListSz:7; - byte extAuthInfoListOverflow:1; + WC_BITFIELD extAuthInfoListSz:7; + WC_BITFIELD extAuthInfoListOverflow:1; }; #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)