diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 50590c2988a..e147b902c69 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -866,7 +866,6 @@ WOLFSSL_PSK_IDENTITY_ALERT WOLFSSL_PSK_ID_PROTECTION WOLFSSL_PSK_MULTI_ID_PER_CS WOLFSSL_PSK_TLS13_CB -WOLFSSL_PYTHON WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY WOLFSSL_RENESAS_RA6M3 WOLFSSL_RENESAS_RA6M3G diff --git a/configure.ac b/configure.ac index 5e5ee7eb957..64a215fc671 100644 --- a/configure.ac +++ b/configure.ac @@ -1211,7 +1211,11 @@ then test "$enable_ocsp" = "" && enable_ocsp=yes test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes - test "$enable_ocsp_responder" = "" && test "$enable_ocsp" != "no" && test "$ASN_IMPL" = "template" && enable_ocsp_responder=yes + test "$enable_ocsp_responder" = "" && + test "$enable_ocsp" != "no" && + test "$enable_sha" != "no" && + test "$ASN_IMPL" = "template" && + enable_ocsp_responder=yes test "$enable_savesession" = "" && enable_savesession=yes test "$enable_savecert" = "" && enable_savecert=yes test "$enable_postauth" = "" && enable_postauth=yes @@ -1485,7 +1489,6 @@ then test "$enable_ocsp" = "" && enable_ocsp=yes test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes - test "$enable_ocsp_responder" = "" && test "$enable_ocsp" != "no" && test "$ASN_IMPL" = "template" && enable_ocsp_responder=yes test "$enable_crl" = "" && enable_crl=yes test "$enable_supportedcurves" = "" && enable_supportedcurves=yes test "$enable_tlsx" = "" && enable_tlsx=yes diff --git a/src/tls.c b/src/tls.c index ec949a752fc..011c22eee6f 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2394,9 +2394,10 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length, else #endif { - matched = cacheOnly || (XSTRLEN(sni->data.host_name) == size && - XSTRNCMP(sni->data.host_name, (const char*)input + offset, - size) == 0); + const char* hostName = (sni != NULL) ? sni->data.host_name : NULL; + matched = cacheOnly || (hostName != NULL && + XSTRLEN(hostName) == size && + XSTRNCMP(hostName, (const char*)input + offset, size) == 0); } #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) @@ -2415,7 +2416,8 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length, } #endif - if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { + if (matched || + (sni != NULL && (sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH))) { int matchStat; int r = TLSX_UseSNI(&ssl->extensions, type, input + offset, size, ssl->heap); @@ -2441,7 +2443,8 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length, if (!cacheOnly) TLSX_SetResponse(ssl, TLSX_SERVER_NAME); } - else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { + else if ((sni == NULL) || + !(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { SendAlert(ssl, alert_fatal, unrecognized_name); WOLFSSL_ERROR_VERBOSE(UNKNOWN_SNI_HOST_NAME_E); return UNKNOWN_SNI_HOST_NAME_E; diff --git a/tests/api.c b/tests/api.c index b6037309da1..635eff20963 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33583,7 +33583,10 @@ static int test_lms_write_key(const byte* priv, word32 privSz, void* context) FILE* f = fopen((const char*)context, "wb"); if (f == NULL) return -1; - fwrite(priv, 1, privSz, f); + if (fwrite(priv, 1, privSz, f) != privSz) { + fclose(f); + return -1; + } fclose(f); return WC_LMS_RC_SAVED_TO_NV_MEMORY; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2451b8624e0..a704ad60a3d 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12374,14 +12374,16 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, /* dsaPubKeyASN is longer than dsaPublicKeyASN. */ DECL_ASNGETDATA(dataASN, dsaPubKeyASN_Length); int ret = 0; + void* heap = NULL; /* Validated parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL)) { ret = BAD_FUNC_ARG; } + heap = (key != NULL) ? key->heap : NULL; if (ret == 0) { - ALLOC_ASNGETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap); + ALLOC_ASNGETDATA(dataASN, dsaPubKeyASN_Length, ret, heap); } if (ret == 0) { @@ -12420,7 +12422,7 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, key->type = DSA_PUBLIC; } - FREE_ASNGETDATA(dataASN, key->heap); + FREE_ASNGETDATA(dataASN, heap); return ret; #endif } @@ -37536,6 +37538,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, /* eccKeyASN is longer than eccPublicKeyASN. */ DECL_ASNGETDATA(dataASN, eccKeyASN_Length); int ret = 0; + void* heap = NULL; int curve_id = ECC_CURVE_DEF; int oidIdx = ECCPUBLICKEYASN_IDX_ALGOID_CURVEID; #ifdef WOLFSSL_CUSTOM_CURVES @@ -37546,9 +37549,10 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { ret = BAD_FUNC_ARG; } + heap = (key != NULL) ? key->heap : NULL; if (ret == 0) { - ALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap); + ALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, heap); } if (ret == 0) { @@ -37622,7 +37626,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, } } - FREE_ASNGETDATA(dataASN, key->heap); + FREE_ASNGETDATA(dataASN, heap); return ret; #endif /* WOLFSSL_ASN_TEMPLATE */ } diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 2658c922dd2..75e7ca7b0da 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -3278,8 +3278,10 @@ int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) q.sign = a->sign; w = 0; - if (a->used == 0) + if (a->used == 0) { + mp_clear(&q); return MP_VAL; + } for (ix = a->used - 1; ix >= 0; ix--) { w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);