Skip to content

Commit

Permalink
Merge pull request #8064 from SparkiDev/regression_fixes_14
Browse files Browse the repository at this point in the history 
Regression test fixes
  • Loading branch information
@douzzer
douzzer authored Oct 15, 2024
2 parents 0f8b4db + 5f1ddad commit 3e1f365
Show file tree
Hide file tree
Showing 6 changed files with 204 additions and 55 deletions.
4 changes: 3 additions & 1 deletion src/bio.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -834,7 +834,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
(const char*)data, len, 0, ret);
}

XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (front != NULL) {
XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER);
}

#ifdef WOLFSSL_BASE64_ENCODE
if (retB64 > 0 && ret > 0)
Expand Down
17 changes: 14 additions & 3 deletions src/internal.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6849,10 +6849,14 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
if (ssl->buffers.key != NULL) {
FreeDer(&ssl->buffers.key);
}
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
if (ret != 0) {
return ret;
}
ssl->buffers.weOwnKey = 1;
ret = WOLFSSL_SUCCESS;
}
else {
ssl->buffers.key = ctx->privateKey;
Expand All @@ -6862,9 +6866,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif
#else
if (ctx->privateKey != NULL) {
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
if (ret != 0) {
return ret;
}
ssl->buffers.weOwnKey = 1;
/* Blind the private key for the SSL with new random mask. */
wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
Expand All @@ -6885,16 +6892,20 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->buffers.altKey = ctx->altPrivateKey;
#else
if (ctx->altPrivateKey != NULL) {
AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
ctx->altPrivateKey->length, ctx->altPrivateKey->type,
ctx->altPrivateKey->heap);
if (ret != 0) {
return ret;
}
/* Blind the private key for the SSL with new random mask. */
wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
&ssl->buffers.altKeyMask);
if (ret != 0) {
return ret;
}
ret = WOLFSSL_SUCCESS;
}
#endif
ssl->buffers.altKeyType = ctx->altPrivateKeyType;
Expand Down
35 changes: 28 additions & 7 deletions src/ssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19793,11 +19793,15 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
return;

/* ctx still owns certificate, certChain, key, dh, and cm */
if (ssl->buffers.weOwnCert)
if (ssl->buffers.weOwnCert) {
FreeDer(&ssl->buffers.certificate);
ssl->buffers.weOwnCert = 0;
}
ssl->buffers.certificate = NULL;
if (ssl->buffers.weOwnCertChain)
if (ssl->buffers.weOwnCertChain) {
FreeDer(&ssl->buffers.certChain);
ssl->buffers.weOwnCertChain = 0;
}
ssl->buffers.certChain = NULL;
#ifdef WOLFSSL_TLS13
ssl->buffers.certChainCnt = 0;
Expand All @@ -19807,6 +19811,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
FreeDer(&ssl->buffers.keyMask);
#endif
ssl->buffers.weOwnKey = 0;
}
ssl->buffers.key = NULL;
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
Expand All @@ -19823,6 +19828,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
FreeDer(&ssl->buffers.altKeyMask);
#endif
ssl->buffers.weOwnAltKey = 0;
}
ssl->buffers.altKey = NULL;
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
Expand Down Expand Up @@ -20402,11 +20408,13 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
if (ctx->certificate != NULL) {
if (ssl->buffers.certificate != NULL) {
FreeDer(&ssl->buffers.certificate);
ssl->buffers.certificate = NULL;
}
ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer,
ctx->certificate->length, ctx->certificate->type,
ctx->certificate->heap);
if (ret != 0) {
ssl->buffers.weOwnCert = 0;
return NULL;
}

Expand All @@ -20416,11 +20424,13 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
if (ctx->certChain != NULL) {
if (ssl->buffers.certChain != NULL) {
FreeDer(&ssl->buffers.certChain);
ssl->buffers.certChain = NULL;
}
ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer,
ctx->certChain->length, ctx->certChain->type,
ctx->certChain->heap);
if (ret != 0) {
ssl->buffers.weOwnCertChain = 0;
return NULL;
}

Expand All @@ -20440,10 +20450,15 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
if (ctx->privateKey != NULL) {
if (ssl->buffers.key != NULL) {
FreeDer(&ssl->buffers.key);
ssl->buffers.key = NULL;
}
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
if (ret != 0) {
ssl->buffers.weOwnKey = 0;
return NULL;
}
ssl->buffers.weOwnKey = 1;
}
else {
Expand All @@ -20454,15 +20469,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#endif
#else
if (ctx->privateKey != NULL) {
AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
ctx->privateKey->length, ctx->privateKey->type,
ctx->privateKey->heap);
if (ret != 0) {
return NULL;
}
/* Blind the private key for the SSL with new random mask. */
wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask);
ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
&ssl->buffers.keyMask);
if (ret != 0) {
return ret;
return NULL;
}
}
#endif
Expand All @@ -20484,15 +20502,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
ssl->buffers.altKey = ctx->altPrivateKey;
#else
if (ctx->altPrivateKey != NULL) {
AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer,
ctx->altPrivateKey->length, ctx->altPrivateKey->type,
ctx->altPrivateKey->heap);
if (ret != 0) {
return NULL;
}
/* Blind the private key for the SSL with new random mask. */
wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask);
ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
&ssl->buffers.altKeyMask);
if (ret != 0) {
return ret;
return NULL;
}
}
#endif
Expand Down
1 change: 1 addition & 0 deletions src/ssl_asn1.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -580,6 +580,7 @@ static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem,
if (impBuf != NULL) {
tmp = *src + (tmp - impBuf); /* for the next calculation */
XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
impBuf = NULL;
}
if (asnLen >= 0 && (int)(tmp - *src) != asnLen) {
WOLFSSL_MSG("ptr not advanced enough");
Expand Down
7 changes: 4 additions & 3 deletions src/x509.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -562,7 +562,6 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns,
/* Create a WOLFSSL_ASN1_STRING from the DER. */
str = wolfSSL_ASN1_STRING_type_new(tag);
if (str == NULL) {
wolfSSL_ASN1_OBJECT_free(obj);
goto err;
}
wolfSSL_ASN1_STRING_set(str, p, (int)len);
Expand Down Expand Up @@ -15087,12 +15086,14 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR;
}
}
if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) {
if ((req->reqAttributes != NULL) &&
(req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) {
ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
else
else {
ret = WOLFSSL_FAILURE;
}
if (ret != WOLFSSL_SUCCESS)
wolfSSL_X509_ATTRIBUTE_free(attr);
}
Expand Down
Loading

0 comments on commit 3e1f365

Please sign in to comment.