diff --git a/src/bio.c b/src/bio.c index b265456a1d..3e483437d5 100644 --- a/src/bio.c +++ b/src/bio.c @@ -80,14 +80,14 @@ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) bio->flags &= ~(WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY); sz1 = wolfSSL_BIO_nread(bio, &pt, len); if (sz1 > 0) { - XMEMCPY(buf, pt, sz1); + XMEMCPY(buf, pt, (size_t)sz1); buf = (char*)buf + sz1; len -= sz1; if (len > 0) { /* try again to see if maybe we wrapped around the ring buffer */ sz2 = wolfSSL_BIO_nread(bio, &pt, len); if (sz2 > 0) { - XMEMCPY(buf, pt, sz2); + XMEMCPY(buf, pt, (size_t)sz2); sz1 += sz2; } } @@ -142,7 +142,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) return WOLFSSL_BIO_ERROR; } - XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz); + XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, (size_t)sz); bio->rdIdx += sz; if (bio->rdIdx >= bio->wrSz) { @@ -167,14 +167,14 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) /* Resize the memory so we are not taking up more than necessary. * memmove reverts internally to memcpy if areas don't overlap */ XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx, - bio->wrSz - bio->rdIdx); + (long unsigned int)bio->wrSz - (size_t)bio->rdIdx); bio->wrSz -= bio->rdIdx; bio->rdIdx = 0; /* Resize down to WOLFSSL_BIO_RESIZE_THRESHOLD for fewer * allocations. */ if (wolfSSL_BUF_MEM_resize(bio->mem_buf, - bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? bio->wrSz : - WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) { + bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? + (size_t)bio->wrSz : WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) { WOLFSSL_MSG("wolfSSL_BUF_MEM_resize error"); return WOLFSSL_BIO_ERROR; } @@ -564,7 +564,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_MSG("Error in wolfSSL_BIO_nwrite"); return sz1; } - XMEMCPY(buf, data, sz1); + XMEMCPY(buf, data, (size_t)sz1); data = (char*)data + sz1; len -= sz1; @@ -572,7 +572,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, /* try again to see if maybe we wrapped around the ring buffer */ sz2 = wolfSSL_BIO_nwrite(bio, &buf, len); if (sz2 > 0) { - XMEMCPY(buf, data, sz2); + XMEMCPY(buf, data, (size_t)sz2); sz1 += sz2; if (len > sz2) bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY; @@ -610,8 +610,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, if (len == 0) return WOLFSSL_SUCCESS; /* Return early to make logic simpler */ - if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, bio->wrSz + len, 0) - == 0) { + if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, ((size_t)bio->wrSz) + + ((size_t)len), 0) == 0) { WOLFSSL_MSG("Error growing memory area"); return WOLFSSL_FAILURE; } @@ -621,7 +621,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, return WOLFSSL_FAILURE; } - XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len); + XMEMCPY(bio->mem_buf->data + bio->wrSz, data, (size_t)len); bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; bio->num.length = bio->mem_buf->max; bio->wrSz += len; @@ -1138,7 +1138,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) ret = wolfSSL_BIO_nread(bio, &c, cSz); if (ret > 0 && ret < sz) { - XMEMCPY(buf, c, ret); + XMEMCPY(buf, c, (size_t)ret); } break; } @@ -1256,13 +1256,13 @@ size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio) return 0; if (bio->type == WOLFSSL_BIO_MEMORY) { - return bio->wrSz; + return (size_t)bio->wrSz; } /* type BIO_BIO then check paired buffer */ if (bio->type == WOLFSSL_BIO_BIO && bio->pair != NULL) { WOLFSSL_BIO* pair = bio->pair; - return pair->wrIdx; + return (size_t)pair->wrIdx; } return 0; @@ -1308,12 +1308,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) #ifndef WOLFCRYPT_ONLY if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) { - return (long)wolfSSL_pending(bio->ptr.ssl); + return (size_t)wolfSSL_pending(bio->ptr.ssl); } #endif if (bio->type == WOLFSSL_BIO_MEMORY) { - return bio->wrSz - bio->rdIdx; + return (size_t)(bio->wrSz - bio->rdIdx); } /* type BIO_BIO then check paired buffer */ @@ -1322,11 +1322,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) { /* in wrap around state where beginning of buffer is being * overwritten */ - return pair->wrSz - pair->rdIdx + pair->wrIdx; + return ((size_t)pair->wrSz) - ((size_t)pair->rdIdx) + + ((size_t)pair->wrIdx); } else { /* simple case where has not wrapped around */ - return pair->wrIdx - pair->rdIdx; + return (size_t)(pair->wrIdx - pair->rdIdx); } } return 0; @@ -1423,7 +1424,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap, + bio->ptr.mem_buf_data = (byte*)XMALLOC((size_t)size, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->ptr.mem_buf_data == NULL) { WOLFSSL_MSG("Memory allocation error"); @@ -1439,7 +1440,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } bio->wrSz = (int)size; - bio->num.length = size; + bio->num.length = (size_t)size; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { @@ -2381,10 +2382,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) else port = str + XSTRLEN(str); /* point to null terminator */ - bio->ip = (char*)XMALLOC((port - str) + 1, /* +1 for null char */ + bio->ip = (char*)XMALLOC( + (size_t)(port - str) + 1, /* +1 for null char */ bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->ip != NULL) { - XMEMCPY(bio->ip, str, port - str); + XMEMCPY(bio->ip, str, (size_t)(port - str)); bio->ip[port - str] = '\0'; bio->type = WOLFSSL_BIO_SOCKET; } @@ -2926,7 +2928,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->wrSz = len; bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; if (len > 0 && bio->ptr.mem_buf_data != NULL) { - XMEMCPY(bio->ptr.mem_buf_data, buf, len); + XMEMCPY(bio->ptr.mem_buf_data, buf, (size_t)len); bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -3295,11 +3297,11 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) count = XVSNPRINTF(NULL, 0, format, args); if (count >= 0) { - pt = (char*)XMALLOC(count + 1, bio->heap, + pt = (char*)XMALLOC((size_t)count + 1, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pt != NULL) { - count = XVSNPRINTF(pt, count + 1, format, copy); + count = XVSNPRINTF(pt, (size_t)count + 1, format, copy); if (count >= 0) { ret = wolfSSL_BIO_write(bio, pt, count); @@ -3369,18 +3371,20 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%02x ", (unsigned char)buf[i]); else - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), + " "); if (i == 7) - (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); + (void)XSNPRINTF(line + o + 2, (size_t)((int)sizeof(line) - + (o + 2)), "-"); o += 3; } - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/conf.c b/src/conf.c index b614148552..8f92fe465e 100644 --- a/src/conf.c +++ b/src/conf.c @@ -202,10 +202,7 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db) return WOLFSSL_FAILURE; } } - if (idx > buf) - idx[-1] = '\n'; - else - return WOLFSSL_FAILURE; + idx[-1] = '\n'; sz = (int)(idx - buf); if (wolfSSL_BIO_write(out, buf, sz) != sz) { diff --git a/src/internal.c b/src/internal.c index b4743f0f9e..f98a618829 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6905,8 +6905,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) * then we possibly already have a side defined. Don't overwrite unless * the context has a well defined role. */ if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END) - ssl->options.side = ctx->method->side; - ssl->options.downgrade = ctx->method->downgrade; + ssl->options.side = (word16)(ctx->method->side); + ssl->options.downgrade = (word16)(ctx->method->downgrade); ssl->options.minDowngrade = ctx->minDowngrade; ssl->options.haveRSA = ctx->haveRSA; @@ -6918,7 +6918,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->options.haveDilithiumSig = ctx->haveDilithiumSig; #ifndef NO_PSK - ssl->options.havePSK = ctx->havePSK; + ssl->options.havePSK = (word16)(ctx->havePSK); ssl->options.client_psk_cb = ctx->client_psk_cb; ssl->options.server_psk_cb = ctx->server_psk_cb; ssl->options.psk_ctx = ctx->psk_ctx; @@ -7262,7 +7262,7 @@ void FreeHandshakeHashes(WOLFSSL* ssl) (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \ !defined(WOLFSSL_NO_CLIENT_AUTH) if (ssl->hsHashes->messages != NULL) { - ForceZero(ssl->hsHashes->messages, ssl->hsHashes->length); + ForceZero(ssl->hsHashes->messages, (word32)ssl->hsHashes->length); XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); ssl->hsHashes->messages = NULL; } @@ -7330,8 +7330,9 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \ !defined(WOLFSSL_NO_CLIENT_AUTH) if (ret == 0 && source->messages != NULL) { - (*destination)->messages = (byte*)XMALLOC(source->length, ssl->heap, - DYNAMIC_TYPE_HASHES); + (*destination)->messages = (byte*)XMALLOC((size_t)source->length, + ssl->heap, + (int)DYNAMIC_TYPE_HASHES); (*destination)->length = source->length; (*destination)->prevLen = source->prevLen; @@ -7340,7 +7341,7 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, } else { XMEMCPY((*destination)->messages, source->messages, - source->length); + (size_t)source->length); } } #endif @@ -9830,7 +9831,7 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket) WriteSEQ(ssl, epochOrder, dtls->sequence_number); DtlsSEQIncrement(ssl, epochOrder); - if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0) { + if ((ret = CheckAvailableSize(ssl, (int)pool->sz)) != 0) { WOLFSSL_ERROR(ret); return ret; } @@ -10303,10 +10304,10 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz) #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) - wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz); + wc_ShaUpdate(&ssl->hsHashes->hashSha, data, (word32)(sz)); #endif #if !defined(NO_MD5) && !defined(NO_OLD_TLS) - wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz); + wc_Md5Update(&ssl->hsHashes->hashMd5, data, (word32)(sz)); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -10626,7 +10627,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, if (!ssl->options.buildingMsg) { /* Hash it before the loop as we modify the input with * encryption on */ - ret = HashRaw(ssl, input + rHdrSz, inputSz + hsHdrSz); + ret = HashRaw(ssl, input + rHdrSz, (int)(inputSz) + hsHdrSz); if (ret != 0) return ret; #ifdef WOLFSSL_DTLS @@ -10886,7 +10887,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree) if (!forcedFree && usedLength > 0) { XMEMCPY(ssl->buffers.inputBuffer.staticBuffer, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, - usedLength); + (size_t)(usedLength)); } ForceZero(ssl->buffers.inputBuffer.buffer, @@ -11194,7 +11195,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) if (usedLength) XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer + - ssl->buffers.inputBuffer.idx, usedLength); + ssl->buffers.inputBuffer.idx, (size_t)(usedLength)); if (ssl->buffers.inputBuffer.dynamicFlag) { if (IsEncryptionOn(ssl, 1)) { @@ -14009,7 +14010,7 @@ int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, if (subjectCNLen > ASN_NAME_MAX-1) subjectCNLen = ASN_NAME_MAX-1; if (subjectCNLen > 0) { - XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen); + XMEMCPY(domain, args->dCert->subjectCN, (size_t)(subjectCNLen)); domain[subjectCNLen] = '\0'; } } @@ -15855,7 +15856,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG( "\tCallback override available, will continue"); /* check if fatal error */ - args->fatal = (args->verifyErr) ? 1 : 0; + args->fatal = (args->verifyErr) ? (word16)(1) + : (word16)(0); if (args->fatal) DoCertFatalAlert(ssl, ret); } @@ -19512,7 +19514,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, additionalSz = writeAeadAuthData(ssl, /* Length of the plain text minus the explicit * IV length minus the authentication tag size. */ - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, type, ssl->encrypt.additional, 0, NULL, CUR_ORDER); if (additionalSz < 0) { ret = additionalSz; @@ -19536,19 +19538,19 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.nonce, AESGCM_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->encrypt.additional, additionalSz); + ssl->encrypt.additional, (word32)(additionalSz)); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif /* HAVE_PK_CALLBACKS */ { ret = aes_auth_fn(ssl->encrypt.aes, - out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->encrypt.nonce, AESGCM_NONCE_SZ, - out + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - ssl->encrypt.additional, additionalSz); + out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, + ssl->encrypt.nonce, AESGCM_NONCE_SZ, + out + sz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + ssl->encrypt.additional, (word32)(additionalSz)); } #ifdef WOLFSSL_ASYNC_CRYPT @@ -20004,24 +20006,24 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0, plain + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, ssl->decrypt.nonce, AESGCM_NONCE_SZ, (byte *)(input + sz - ssl->specs.aead_mac_size), ssl->specs.aead_mac_size, - ssl->decrypt.additional, additionalSz); + ssl->decrypt.additional, (word32)(additionalSz)); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif /* HAVE_PK_CALLBACKS */ { if ((ret = aes_auth_fn(ssl->decrypt.aes, - plain + AESGCM_EXP_IV_SZ, - input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.nonce, AESGCM_NONCE_SZ, - input + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - ssl->decrypt.additional, additionalSz)) < 0) { + plain + AESGCM_EXP_IV_SZ, + input + AESGCM_EXP_IV_SZ, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, + ssl->decrypt.nonce, AESGCM_NONCE_SZ, + input + sz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + ssl->decrypt.additional, (word32)(additionalSz))) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, @@ -20782,7 +20784,7 @@ static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; #endif - XMEMSET(mac, 0, macSz); + XMEMSET(mac, 0, (size_t)(macSz)); for (i = scanStart; i < sz; i += macSz) { for (j = 0; j < macSz && j + i < sz; j++) { started = ctMaskGTE(i + j, macStart); @@ -20933,7 +20935,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) } #endif - dataSz = msgSz - ssl->keys.padSz; + dataSz = (int)(msgSz - ssl->keys.padSz); if (dataSz < 0) { WOLFSSL_MSG("App data buffer error, malicious input?"); if (sniff == NO_SNIFF) { @@ -21311,7 +21313,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size) if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0) XMEMMOVE(ssl->buffers.inputBuffer.buffer, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, - usedLength); + (size_t)(usedLength)); /* remove processed data */ ssl->buffers.inputBuffer.idx = 0; @@ -23372,7 +23374,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, min(args->ivSz, MAX_IV_SZ)); args->idx += min(args->ivSz, MAX_IV_SZ); } - XMEMCPY(output + args->idx, input, inSz); + XMEMCPY(output + args->idx, input, (size_t)(inSz)); args->idx += (word32)inSz; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) { @@ -24141,12 +24143,12 @@ int SendCertificate(WOLFSSL* ssl) else { fragSz = maxFragment - HANDSHAKE_HEADER_SZ; } - sendSz += fragSz + HANDSHAKE_HEADER_SZ; + sendSz += (int)(fragSz) + HANDSHAKE_HEADER_SZ; i += HANDSHAKE_HEADER_SZ; } else { fragSz = min(length, maxFragment); - sendSz += fragSz; + sendSz += (int)(fragSz); } if (IsEncryptionOn(ssl, 1)) @@ -24275,7 +24277,7 @@ int SendCertificate(WOLFSSL* ssl) DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); } #ifndef WOLFSSL_DTLS @@ -24502,7 +24504,7 @@ int SendCertificateRequest(WOLFSSL* ssl) if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, @@ -25635,7 +25637,7 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) size = (int)min((word32)sz, ssl->buffers.clearOutputBuffer.length); - XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size); + XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, (size_t)(size)); if (peek == 0) { ssl->buffers.clearOutputBuffer.length -= (word32)size; @@ -29074,7 +29076,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) (ssl->buffers.keyType == dilithium_level3_sa_algo) || (ssl->buffers.keyType == dilithium_level5_sa_algo)) ssl->hsType = DYNAMIC_TYPE_DILITHIUM; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_dpk; } @@ -29088,9 +29090,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } else if (ssl->buffers.keyId) { ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey, - ssl->buffers.key->buffer, - ssl->buffers.key->length, ssl->heap, - ssl->buffers.keyDevId); + (ssl->buffers.key->buffer), + (int)(ssl->buffers.key->length), + ssl->heap, + ssl->buffers.keyDevId); } if (ret == 0) { if (ssl->buffers.keySz < ssl->options.minRsaKeySz) { @@ -29114,7 +29117,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } else if (ssl->buffers.keyId) { ret = wc_ecc_init_id((ecc_key*)ssl->hsKey, - ssl->buffers.key->buffer, + (ssl->buffers.key->buffer), ssl->buffers.key->length, ssl->heap, ssl->buffers.keyDevId); } @@ -30382,7 +30385,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, (void)idx; /* suppress analyzer warning, keep idx current */ #else if (extSz != 0) { - c16toa(extSz, output + idx); + c16toa((word16)(extSz), output + idx); idx += HELLO_EXT_SZ_SZ; if (IsAtLeastTLSv1_2(ssl)) { @@ -30427,7 +30430,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, @@ -30929,7 +30932,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, else i += extSz; - totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz; + totalExtSz -= (word16)(OPAQUE16_LEN) + + (word16)(OPAQUE16_LEN) + + extSz; } *inOutIdx = i; @@ -31241,7 +31246,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif *inOutIdx += dnSz; - len -= OPAQUE16_LEN + dnSz; + len -= (word16)(OPAQUE16_LEN) + dnSz; } #ifdef OPENSSL_EXTRA @@ -31753,7 +31758,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* get PSK server hint from the wire */ srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, - srvHintLen); + (size_t)(srvHintLen)); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ args->idx += length; break; @@ -31973,7 +31978,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* get PSK server hint from the wire */ srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, - srvHintLen); + (size_t)(srvHintLen)); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ args->idx += length; @@ -32879,7 +32884,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create private key */ ssl->hsType = DYNAMIC_TYPE_CURVE25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -32930,7 +32935,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create ephemeral private key */ ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -32981,7 +32986,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create private key */ ssl->hsType = DYNAMIC_TYPE_CURVE25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -35045,7 +35050,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello)) != 0) { @@ -37506,8 +37511,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR) pv.minor = TLSv1_2_MINOR; - lesserVersion = !ssl->options.dtls && ssl->version.minor > pv.minor; - lesserVersion |= ssl->options.dtls && ssl->version.minor < pv.minor; + lesserVersion = (byte)(!ssl->options.dtls && + ssl->version.minor > pv.minor); + lesserVersion |= ssl->options.dtls &&ssl->version.minor < pv.minor; if (lesserVersion) { byte belowMinDowngrade; @@ -37965,7 +37971,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else i += extSz; - totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz; + totalExtSz -= (word16)(OPAQUE16_LEN + OPAQUE16_LEN) + extSz; } #endif *inOutIdx = i; @@ -38590,7 +38596,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello_done)) != 0) { @@ -41403,8 +41409,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ret = args->lastErr; args->lastErr = 0; /* reset */ /* On error 'ret' will be negative */ - mask = ((unsigned int)ret >> - ((sizeof(ret) * 8) - 1)) - 1; + mask = (byte)((ret >> ((sizeof(ret) * 8) - 1)) & 0xFF) - 1; /* build PreMasterSecret */ ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; diff --git a/src/keys.c b/src/keys.c index 4ff687ed90..eb3cd1aadb 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3908,7 +3908,8 @@ int DeriveKeys(WOLFSSL* ssl) XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); if (ret == 0) { ret = wc_ShaUpdate(sha, shaInput, - (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j); + (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + + (word32)(j)); } if (ret == 0) { ret = wc_ShaFinal(sha, shaOutput); @@ -3942,12 +3943,13 @@ int DeriveKeys(WOLFSSL* ssl) static int CleanPreMaster(WOLFSSL* ssl) { - int i, ret, sz = ssl->arrays->preMasterSz; + int i, ret, sz = (int)(ssl->arrays->preMasterSz); for (i = 0; i < sz; i++) ssl->arrays->preMasterSecret[i] = 0; - ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); + ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, + (word32)(sz)); if (ret != 0) return ret; @@ -4035,8 +4037,8 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) } idx = 0; - XMEMCPY(shaInput, prefix, i + 1); - idx += i + 1; + XMEMCPY(shaInput, prefix, (size_t)(i + 1)); + idx += (word32)(i + 1); XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz); idx += pmsSz; diff --git a/src/pk.c b/src/pk.c index 6c55bee228..a2db41c7d7 100644 --- a/src/pk.c +++ b/src/pk.c @@ -414,7 +414,7 @@ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, if (ret == 0) { /* Generate a random salt. */ - if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != 1) { + if (wolfSSL_RAND_bytes(info->iv, (int)info->ivSz) != 1) { WOLFSSL_MSG("generate iv failed"); ret = WOLFSSL_FATAL_ERROR; } @@ -422,7 +422,7 @@ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, if (ret == 0) { /* Calculate padding size - always a padding block. */ - paddingSz = info->ivSz - ((*derSz) % info->ivSz); + paddingSz = (int)info->ivSz - ((*derSz) % (int)info->ivSz); /* Check der is big enough. */ if (maxDerSz < (*derSz) + paddingSz) { WOLFSSL_MSG("not enough DER buffer allocated"); @@ -431,7 +431,7 @@ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, } if (ret == 0) { /* Set padding bytes to padding length. */ - XMEMSET(der + (*derSz), (byte)paddingSz, paddingSz); + XMEMSET(der + (*derSz), (byte)paddingSz, (size_t)paddingSz); /* Add padding to DER size. */ (*derSz) += (int)paddingSz; @@ -5630,7 +5630,8 @@ static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig, ret = dLen == WC_SHA_DIGEST_SIZE ? wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG; #else - ret = wc_DsaVerify_ex(d, dLen, sig, (DsaKey*)dsa->internal, dsacheck); + ret = wc_DsaVerify_ex(d, (word32)dLen, sig, (DsaKey*)dsa->internal, + dsacheck); #endif if (ret != 0) { WOLFSSL_MSG("DsaVerify failed"); @@ -9475,16 +9476,16 @@ int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid * is just the numerical representation. */ - if (wc_ecc_get_oid(grp->curve_oid, &oid, &oidSz) < 0) + if (wc_ecc_get_oid((word32)grp->curve_oid, &oid, &oidSz) < 0) return WOLFSSL_FATAL_ERROR; - len = SetObjectId(oidSz, NULL) + oidSz; + len = SetObjectId((int)oidSz, NULL) + (int)oidSz; if (pp == NULL) return len; if (*pp == NULL) { - out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (out == NULL) return WOLFSSL_FATAL_ERROR; } @@ -9492,7 +9493,7 @@ int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) out = *pp; } - idx = SetObjectId(oidSz, out); + idx = SetObjectId((int)oidSz, out); XMEMCPY(out + idx, oid, oidSz); if (*pp == NULL) *pp = out; @@ -10273,7 +10274,7 @@ WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group, key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8; if (hex[0] == '0' && hex[1] == '4') { /* uncompressed mode */ - str_sz = key_sz * 2; + str_sz = (size_t)key_sz * 2; XMEMSET(strGx, 0x0, str_sz + 1); XMEMCPY(strGx, hex + 2, str_sz); @@ -10299,7 +10300,7 @@ WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group, if (hex_to_bytes(hex + 2, octGx + 1, sz) != sz) { goto err; } - if (wolfSSL_ECPoint_d2i(octGx, key_sz + 1, group, p) + if (wolfSSL_ECPoint_d2i(octGx, (word32)key_sz + 1, group, p) != WOLFSSL_SUCCESS) { goto err; } @@ -15473,7 +15474,7 @@ int wolfSSL_PEM_def_callback(char* buf, int num, int rwFlag, void* userData) if ((buf != NULL) && (userData != NULL)) { sz = (int)XSTRLEN((const char*)userData); sz = (int)min((word32)sz, (word32)num); - XMEMCPY(buf, userData, sz); + XMEMCPY(buf, userData, (size_t)sz); } else { WOLFSSL_MSG("Error, default password cannot be created."); @@ -15967,7 +15968,7 @@ static void pem_find_pattern(char* pem, int pemLen, int idx, const char* prefix, /* Find prefix part. */ for (; idx < pemLen - prefixLen; idx++) { if ((pem[idx] == prefix[0]) && - (XMEMCMP(pem + idx, prefix, prefixLen) == 0)) { + (XMEMCMP(pem + idx, prefix, (size_t)prefixLen) == 0)) { idx += prefixLen; *start = idx; break; @@ -15976,7 +15977,7 @@ static void pem_find_pattern(char* pem, int pemLen, int idx, const char* prefix, /* Find postfix part. */ for (; idx < pemLen - postfixLen; idx++) { if ((pem[idx] == postfix[0]) && - (XMEMCMP(pem + idx, postfix, postfixLen) == 0)) { + (XMEMCMP(pem + idx, postfix, (size_t)postfixLen) == 0)) { *len = idx - *start; break; } @@ -16012,7 +16013,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, /* Find header. */ pem_find_pattern(pem, pemLen, 0, PEM_BEGIN, PEM_HDR_FIN, &start, &nameLen); /* Allocate memory for header name. */ - *name = (char*)XMALLOC(nameLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *name = (char*)XMALLOC((size_t)nameLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (*name == NULL) { ret = MEMORY_E; } @@ -16023,7 +16024,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, ret = ASN_NO_PEM_HEADER; } else { - XMEMCPY(*name, pem + start, nameLen); + XMEMCPY(*name, pem + start, (size_t)nameLen); } } if (ret == 0) { @@ -16035,7 +16036,8 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, hdrLen++; } /* Allocate memory for encryption header string. */ - *header = (char*)XMALLOC(hdrLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *header = (char*)XMALLOC((size_t)hdrLen + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (*header == NULL) { ret = MEMORY_E; } @@ -16044,7 +16046,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, /* Put in encryption header string. */ (*header)[hdrLen] = '\0'; if (hdrLen > 0) { - XMEMCPY(*header, pem + startHdr, hdrLen); + XMEMCPY(*header, pem + startHdr, (size_t)hdrLen); start = startHdr + hdrLen + 1; } @@ -16053,7 +16055,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, &endLen); /* Validate header name and footer name are the same. */ if ((endLen != nameLen) || - (XMEMCMP(*name, pem + startEnd, nameLen) != 0)) { + (XMEMCMP(*name, pem + startEnd, (size_t)nameLen) != 0)) { ret = ASN_NO_PEM_HEADER; } } @@ -16103,13 +16105,13 @@ static int pem_write_data(const char *name, const char *header, pemLen = (derLen + 2) / 3 * 4; pemLen += (pemLen + 63) / 64; /* Header */ - pemLen += PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; + pemLen += (word32)(PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ); if (headerLen > 0) { /* Encryption lines plus extra carriage return. */ - pemLen += headerLen + 1; + pemLen += (word32)headerLen + 1; } /* Trailer */ - pemLen += PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; + pemLen += (word32)(PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ); pem = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { @@ -16121,14 +16123,14 @@ static int pem_write_data(const char *name, const char *header, /* Add header. */ XMEMCPY(p, PEM_BEGIN, PEM_BEGIN_SZ); p += PEM_BEGIN_SZ; - XMEMCPY(p, name, nameLen); + XMEMCPY(p, name, (size_t)nameLen); p += nameLen; XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ); p += PEM_HDR_FIN_EOL_SZ; if (headerLen > 0) { /* Add encryption header. */ - XMEMCPY(p, header, headerLen); + XMEMCPY(p, header, (size_t)headerLen); p += headerLen; /* Blank line after a header and before body. */ *(p++) = '\n'; @@ -16144,7 +16146,7 @@ static int pem_write_data(const char *name, const char *header, /* Add trailer. */ XMEMCPY(p, PEM_END, PEM_END_SZ); p += PEM_END_SZ; - XMEMCPY(p, name, nameLen); + XMEMCPY(p, name, (size_t)nameLen); p += nameLen; XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ); p += PEM_HDR_FIN_EOL_SZ; @@ -16192,13 +16194,13 @@ int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, } if ((res == 1) && (!memAlloced)) { /* Need to return allocated memory - make sure it is allocated. */ - char* p = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + char* p = (char*)XMALLOC((size_t)pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (p == NULL) { res = 0; } else { /* Copy the data into new buffer. */ - XMEMCPY(p, pem, pemLen); + XMEMCPY(p, pem, (size_t)pemLen); pem = p; } } @@ -16250,7 +16252,7 @@ int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name, } XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return (!err) ? pemLen : 0; + return (!err) ? (int)pemLen : 0; } #endif /* !NO_BIO */ @@ -16475,7 +16477,7 @@ int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, if (ret == 0) { /* Encrypt private into buffer. */ - ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz, + ret = TraditionalEnc((byte*)pkey->pkey.ptr, (word32)pkey->pkey_sz, key, keySz, passwd, passwdSz, PKCS5, PBES2, encAlgId, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL); if (ret > 0) { @@ -16509,7 +16511,7 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) if (pkey->type == WC_EVP_PKEY_EC) { /* ECC private and get curve OID information. */ algId = ECDSAk; - ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid, + ret = wc_ecc_get_oid((word32)pkey->ecc->group->curve_oid, &curveOid, &oidSz); } else @@ -16536,7 +16538,7 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) if (keySz == NULL) return BAD_FUNC_ARG; - *keySz = pkey->pkey_sz; + *keySz = (word32)pkey->pkey_sz; if (key == NULL) return LENGTH_ONLY_E; @@ -16557,7 +16559,7 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) if (ret >= 0) { /* Encode private key in PKCS#8 format. */ ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr, - pkey->pkey_sz, algId, curveOid, oidSz); + (word32)pkey->pkey_sz, algId, curveOid, oidSz); } return ret; diff --git a/src/ssl.c b/src/ssl.c index 6e3f279d0e..3335f423ce 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1689,7 +1689,7 @@ int wolfSSL_get_ciphers(char* buf, int len) for (i = 0; i < ciphersSz; i++) { int cipherNameSz = (int)XSTRLEN(ciphers[i].name); if (cipherNameSz + 1 < len) { - XSTRNCPY(buf, ciphers[i].name, len); + XSTRNCPY(buf, ciphers[i].name, (size_t)len); buf += cipherNameSz; if (i < ciphersSz - 1) @@ -1726,7 +1726,7 @@ int wolfSSL_get_ciphers_iana(char* buf, int len) #endif cipherNameSz = (int)XSTRLEN(ciphers[i].name_iana); if (cipherNameSz + 1 < len) { - XSTRNCPY(buf, ciphers[i].name_iana, len); + XSTRNCPY(buf, ciphers[i].name_iana, (size_t)len); buf += cipherNameSz; if (i < ciphersSz - 1) @@ -1752,7 +1752,7 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len) cipher = wolfSSL_get_cipher_name_iana(ssl); len = (int)min((word32)len, (word32)(XSTRLEN(cipher) + 1)); - XMEMCPY(buf, cipher, len); + XMEMCPY(buf, cipher, (size_t)len); return buf; } @@ -2187,7 +2187,7 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl, return BUFFER_E; } - return wolfSSL_export_keying_material(ssl, out, profile->kdfBits, + return wolfSSL_export_keying_material(ssl, out, (size_t)profile->kdfBits, DTLS_SRTP_KEYING_MATERIAL_LABEL, XSTR_SIZEOF(DTLS_SRTP_KEYING_MATERIAL_LABEL), NULL, 0, 0); } @@ -3665,7 +3665,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz) *list = NULL; return WOLFSSL_FAILURE; } - XMEMCPY(p, s + i, len); + XMEMCPY(p, s + i, (size_t)len); } *p = 0; @@ -7109,7 +7109,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } pkey->pkey_sz = (int)keyIdx; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL) { @@ -7281,7 +7281,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } pkey->pkey_sz = (int)keyIdx; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL) { @@ -7365,14 +7365,14 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } pkey->pkey_sz = (int)memSz; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL) { ret = 0; } if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, memSz); + XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz); pkey->type = WC_EVP_PKEY_DH; pkey->ownDh = 1; @@ -7450,14 +7450,14 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, ret = 1; pkey->type = WC_EVP_PKEY_DH; pkey->pkey_sz = (int)memSz; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL) { ret = 0; } if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, memSz); + XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz); pkey->ownDh = 1; pkey->dh = wolfSSL_DH_new(); if (pkey->dh == NULL) { @@ -7778,16 +7778,16 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( pkcs8Der->length, &algId); if (ret >= 0) { if (advanceLen == 0) /* Set only if not PEM */ - advanceLen = inOutIdx + ret; + advanceLen = (int)inOutIdx + ret; if (algId == DHk) { /* Special case for DH as we expect the DER buffer to be always * be in PKCS8 format */ rawDer.buffer = pkcs8Der->buffer; - rawDer.length = inOutIdx + ret; + rawDer.length = inOutIdx + (word32)ret; } else { rawDer.buffer = pkcs8Der->buffer + inOutIdx; - rawDer.length = ret; + rawDer.length = (word32)ret; } ret = 0; /* good DER */ } @@ -7849,7 +7849,7 @@ int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp) return len; if (*pp == NULL) { - out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (out == NULL) return WOLFSSL_FATAL_ERROR; } @@ -7939,7 +7939,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, return NULL; } - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (mem == NULL) { return NULL; } @@ -7998,15 +7999,16 @@ static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, if (*der) { /* since this function signature has no size value passed in it is * assumed that the user has allocated a large enough buffer */ - XMEMCPY(*der, pt + pkcs8HeaderSz, sz); + XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz); *der += sz; } else { - *der = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); + *der = (unsigned char*)XMALLOC((size_t)sz, NULL, + DYNAMIC_TYPE_OPENSSL); if (*der == NULL) { return WOLFSSL_FATAL_ERROR; } - XMEMCPY(*der, pt + pkcs8HeaderSz, sz); + XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz); } } return sz; @@ -8078,14 +8080,15 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, local->type = type; local->pkey_sz = (int)inSz; local->pkcs8HeaderSz = pkcs8HeaderSz; - local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + local->pkey.ptr = (char*)XMALLOC((size_t)inSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); if (local->pkey.ptr == NULL) { wolfSSL_EVP_PKEY_free(local); local = NULL; return NULL; } else { - XMEMCPY(local->pkey.ptr, *in, inSz); + XMEMCPY(local->pkey.ptr, *in, (size_t)inSz); } switch (type) { @@ -12718,7 +12721,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_ERR_get_error"); #ifdef WOLFSSL_HAVE_ERROR_QUEUE - return wc_GetErrorNodeErr(); + return (unsigned long)wc_GetErrorNodeErr(); #else return (unsigned long)(0 - NOT_COMPILED_IN); #endif @@ -12789,7 +12792,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) do { ret = wc_PeekErrorNode(0, &file, &reason, &line); if (ret >= 0) { - const char* r = wolfSSL_ERR_reason_error_string(0 - ret); + const char* r = wolfSSL_ERR_reason_error_string( + (unsigned long)(0 - ret)); if (XSNPRINTF(buf, sizeof(buf), "error:%d:wolfSSL library:%s:%s:%d\n", ret, r, file, line) @@ -14638,9 +14642,9 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) } #ifndef WOLFSSL_X509_STORE_CERTS ssl->ourCert = wolfSSL_X509_d2i_ex(NULL, - ssl->buffers.certificate->buffer, - ssl->buffers.certificate->length, - ssl->heap); + ssl->buffers.certificate->buffer, + (int)ssl->buffers.certificate->length, + ssl->heap); #endif } return ssl->ourCert; @@ -14654,9 +14658,9 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) } #ifndef WOLFSSL_X509_STORE_CERTS ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, - ssl->ctx->certificate->buffer, - ssl->ctx->certificate->length, - ssl->heap); + ssl->ctx->certificate->buffer, + (int)ssl->ctx->certificate->length, + ssl->heap); #endif ssl->ctx->ownOurCert = 1; } @@ -14678,7 +14682,8 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx) #ifndef WOLFSSL_X509_STORE_CERTS ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, ctx->certificate->buffer, - ctx->certificate->length, ctx->heap); + (int)ctx->certificate->length, + ctx->heap); #endif ctx->ownOurCert = 1; } @@ -15421,42 +15426,42 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) /* Build up the string by copying onto the end. */ - XSTRNCPY(dp, name, len); + XSTRNCPY(dp, name, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " ", len); + XSTRNCPY(dp, " ", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, protocol, len); + XSTRNCPY(dp, protocol, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " Kx=", len); + XSTRNCPY(dp, " Kx=", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, keaStr, len); + XSTRNCPY(dp, keaStr, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " Au=", len); + XSTRNCPY(dp, " Au=", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, authStr, len); + XSTRNCPY(dp, authStr, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " Enc=", len); + XSTRNCPY(dp, " Enc=", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, encStr, len); + XSTRNCPY(dp, encStr, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " Mac=", len); + XSTRNCPY(dp, " Mac=", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - XSTRNCPY(dp, macStr, len); + len -= strLen; dp += (size_t)strLen; + XSTRNCPY(dp, macStr, (size_t)len); dp[len-1] = '\0'; return WOLFSSL_SUCCESS; @@ -15714,7 +15719,7 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, */ if (cipher->in_stack == TRUE) { wolfSSL_sk_CIPHER_description((WOLFSSL_CIPHER*)cipher); - XSTRNCPY(in,cipher->description,len); + XSTRNCPY(in,cipher->description,(size_t)len); return ret; } #endif @@ -15727,32 +15732,32 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm); /* Build up the string by copying onto the end. */ - XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), len); + XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " ", len); + XSTRNCPY(in, " ", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), len); + XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " Kx=", len); + XSTRNCPY(in, " Kx=", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, keaStr, len); + XSTRNCPY(in, keaStr, (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " Au=", len); + XSTRNCPY(in, " Au=", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, authStr, len); + XSTRNCPY(in, authStr, (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " Enc=", len); + XSTRNCPY(in, " Enc=", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, encStr, len); + XSTRNCPY(in, encStr, (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " Mac=", len); + XSTRNCPY(in, " Mac=", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, macStr, len); + XSTRNCPY(in, macStr, (size_t)len); in[len-1] = '\0'; return ret; @@ -16882,8 +16887,8 @@ long wolfSSL_clear_options(WOLFSSL* ssl, long opt) WOLFSSL_ENTER("wolfSSL_clear_options"); if(ssl == NULL) return WOLFSSL_FAILURE; - ssl->options.mask &= ~opt; - return ssl->options.mask; + ssl->options.mask &= (unsigned long)~opt; + return (long)ssl->options.mask; } #ifdef HAVE_PK_CALLBACKS @@ -17148,7 +17153,7 @@ long wolfSSL_get_verify_result(const WOLFSSL *ssl) return WOLFSSL_FAILURE; } - return ssl->peerVerifyRet; + return (long)ssl->peerVerifyRet; } #endif @@ -17825,7 +17830,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) if (sz > (long)sizeof(staticBuffer)) { WOLFSSL_MSG("Getting dynamic buffer"); - myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); + myBuffer = (byte*)XMALLOC((size_t)sz, ctx->heap, DYNAMIC_TYPE_FILE); dynamic = 1; } @@ -18704,7 +18709,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx) #endif { InitDecodedCert(cert, chain->certs[idx].buffer, - chain->certs[idx].length, NULL); + (word32)chain->certs[idx].length, NULL); if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) != 0) { WOLFSSL_MSG("Failed to parse cert"); @@ -18766,10 +18771,11 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, /* Null output buffer return size needed in outLen */ if(!buf) { - if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length, + if(Base64_Encode(chain->certs[idx].buffer, + (word32)chain->certs[idx].length, NULL, &szNeeded) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return WOLFSSL_FAILURE; - *outLen = szNeeded + headerLen + footerLen; + *outLen = (int)szNeeded + headerLen + footerLen; return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } @@ -18778,7 +18784,7 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, return BAD_FUNC_ARG; /* header */ - if (XMEMCPY(buf, header, headerLen) == NULL) + if (XMEMCPY(buf, header, (size_t)headerLen) == NULL) return WOLFSSL_FATAL_ERROR; i = headerLen; @@ -18786,14 +18792,15 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, /* body */ *outLen = inLen; /* input to Base64_Encode */ if ( (err = Base64_Encode(chain->certs[idx].buffer, - chain->certs[idx].length, buf + i, (word32*)outLen)) < 0) + (word32)chain->certs[idx].length, buf + i, + (word32*)outLen)) < 0) return err; i += *outLen; /* footer */ if ( (i + footerLen) > inLen) return BAD_FUNC_ARG; - if (XMEMCPY(buf + i, footer, footerLen) == NULL) + if (XMEMCPY(buf + i, footer, (size_t)footerLen) == NULL) return WOLFSSL_FATAL_ERROR; *outLen += headerLen + footerLen; @@ -19513,7 +19520,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; } else { - obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; + obj->dynamic &= (unsigned char)~WOLFSSL_ASN1_DYNAMIC_DATA; } } XMEMCPY((byte*)obj->obj, objBuf, obj->objSz); @@ -19628,7 +19635,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) bufSz = bufLen - 1; } if (bufSz) { - XMEMCPY(buf, name, bufSz); + XMEMCPY(buf, name, (size_t)bufSz); } else if (a->type == WOLFSSL_GEN_DNS || a->type == WOLFSSL_GEN_EMAIL || a->type == WOLFSSL_GEN_URI) { @@ -19639,7 +19646,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) if ((desc = oid_translate_num_to_str(buf))) { bufSz = (int)XSTRLEN(desc); bufSz = (int)min((word32)bufSz,(word32) bufLen - 1); - XMEMCPY(buf, desc, bufSz); + XMEMCPY(buf, desc, (size_t)bufSz); } } else { @@ -19795,19 +19802,21 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) if (o->nid > 0) return o->nid; - if ((ret = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) { + if ((ret = GetObjectId(o->obj, &idx, &oid, + (word32)o->grp, o->objSz)) < 0) { if (ret == WC_NO_ERR_TRACE(ASN_OBJECT_ID_E)) { /* Put ASN object tag in front and try again */ - int len = SetObjectId(o->objSz, NULL) + o->objSz; - byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + int len = SetObjectId((int)o->objSz, NULL) + (int)o->objSz; + byte* buf = (byte*)XMALLOC((size_t)len, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (!buf) { WOLFSSL_MSG("malloc error"); return WOLFSSL_FATAL_ERROR; } - idx = SetObjectId(o->objSz, buf); + idx = (word32)SetObjectId((int)o->objSz, buf); XMEMCPY(buf + idx, o->obj, o->objSz); idx = 0; - ret = GetObjectId(buf, &idx, &oid, o->grp, len); + ret = GetObjectId(buf, &idx, &oid, (word32)o->grp, (word32)len); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret < 0) { WOLFSSL_MSG("Issue getting OID of object"); @@ -19946,13 +19955,13 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) /* try as a short name */ len = (int)XSTRLEN(s); if ((int)XSTRLEN(wolfssl_object_info[i].sName) == len && - XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) { + XSTRNCMP(wolfssl_object_info[i].sName, s, (word32)len) == 0) { return wolfssl_object_info[i].nid; } /* try as a long name */ if ((int)XSTRLEN(wolfssl_object_info[i].lName) == len && - XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) { + XSTRNCMP(wolfssl_object_info[i].lName, s, (word32)len) == 0) { return wolfssl_object_info[i].nid; } } @@ -20007,7 +20016,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; i = SetObjectId((int)outSz, (byte*)obj->obj); XMEMCPY((byte*)obj->obj + i, out, outSz); - obj->objSz = i + outSz; + obj->objSz = (word32)i + outSz; return obj; } @@ -20693,7 +20702,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, return NULL; } - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (mem == NULL) { WOLFSSL_MSG("Malloc failure"); return NULL; @@ -20718,7 +20728,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, int i; int j = 0; - extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, + extraBioMem = (unsigned char *)XMALLOC((size_t)extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (extraBioMem == NULL) { WOLFSSL_MSG("Malloc failure"); @@ -21480,8 +21490,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, } #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if !defined(WOLFSSL_USER_IO) /* converts an IPv6 or IPv4 address into an octet string for use with rfc3280 @@ -21649,7 +21658,7 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) } return ssl->suitesStack; } -#endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) @@ -22531,13 +22540,13 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, if (len > MAX_CURVE_NAME_SZ - 1) goto leave; - XMEMCPY(name, names + start, len); + XMEMCPY(name, names + start, (size_t)len); name[len] = 0; curve = WOLFSSL_NAMED_GROUP_INVALID; for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { if (len == nist_name->name_len && - XSTRNCMP(name, nist_name->name, len) == 0) { + XSTRNCMP(name, nist_name->name, (size_t)len) == 0) { curve = nist_name->curve; break; } @@ -22560,7 +22569,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, goto leave; } - curve = GetCurveByOID(eccSet->oidSum); + curve = GetCurveByOID((int)eccSet->oidSum); #else WOLFSSL_MSG("API not present to search farther using name"); goto leave; @@ -23691,7 +23700,7 @@ static int bio_get_data(WOLFSSL_BIO* bio, byte** data) ret = wolfSSL_BIO_get_len(bio); if (ret > 0) { - mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL); + mem = (byte*)XMALLOC((size_t)ret, bio->heap, DYNAMIC_TYPE_OPENSSL); if (mem == NULL) { WOLFSSL_MSG("Memory error"); ret = MEMORY_E; @@ -23784,7 +23793,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, */ ret = GetSequence(der, &idx, &len, keyLen); if (ret >= 0) { - word32 end = idx + len; + word32 end = idx + (word32)len; while (ret >= 0 && idx < end) { /* Skip type */ idx++; @@ -23792,10 +23801,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, len = 0; ret = GetLength(der, &idx, &len, keyLen); if (ret >= 0) { - if (idx + len > end) + if (idx + (word32)len > end) ret = ASN_PARSE_E; else { - idx += len; + idx += (word32)len; cnt++; } } diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 5ebad81a6b..00b90fd87d 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -271,7 +271,7 @@ static int wolfssl_i2d_asn1_items(const void* obj, byte* buf, break; } innerLen = ret; - hdrLen = SetExplicit((byte)mem->tag, (word32)innerLen, buf, 0); + hdrLen = (int)SetExplicit((byte)mem->tag, (word32)innerLen, buf, 0); len += hdrLen; if (buf != NULL) buf += hdrLen; @@ -536,14 +536,14 @@ static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src, WOLFSSL_MSG("asn tag error"); return WOLFSSL_FATAL_ERROR; } - *asnLen += idx; /* total buffer length */ - *impBuf = (byte*)XMALLOC(*asnLen, NULL, + *asnLen += (int)idx; /* total buffer length */ + *impBuf = (byte*)XMALLOC((size_t)*asnLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (*impBuf == NULL) { WOLFSSL_MSG("malloc error"); return WOLFSSL_FATAL_ERROR; } - XMEMCPY(*impBuf, *src, *asnLen); + XMEMCPY(*impBuf, *src, (size_t)*asnLen); (*impBuf)[0] = mem->first_byte; } } @@ -930,7 +930,7 @@ WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING( return NULL; } - XMEMCPY(ret->data, *src + idx, length); + XMEMCPY(ret->data, *src + idx, (size_t)length); *src += idx + (word32)length; if (out != NULL) { @@ -2122,7 +2122,7 @@ int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len, if (obj->obj != NULL) { XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); obj->obj = NULL; - obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; + obj->dynamic &= (unsigned char)~WOLFSSL_ASN1_DYNAMIC_DATA; } obj->obj =(unsigned char*)XMALLOC(idx + len, obj->heap, DYNAMIC_TYPE_ASN1); @@ -2179,12 +2179,13 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, return NULL; } - if (wolfssl_asn1_obj_set(ret, *der, idx + len, 0) != WOLFSSL_SUCCESS) { + if (wolfssl_asn1_obj_set(ret, *der, idx + (word32)len, 0) != + WOLFSSL_SUCCESS) { wolfSSL_ASN1_OBJECT_free(ret); return NULL; } - *der += idx + len; + *der += idx + (word32)len; if (a != NULL) { if (*a != NULL) wolfSSL_ASN1_OBJECT_free(*a); @@ -2832,13 +2833,14 @@ static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s, if (s == NULL || s->data == NULL || s->length == 0) return WOLFSSL_FATAL_ERROR; - len = SetHeader(tag, s->length, NULL, 0) + s->length; + len = (int)((word32)SetHeader(tag, (word32)s->length, NULL, 0) + + (word32)s->length); if (pp == NULL) return len; if (*pp == NULL) { - out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (out == NULL) return WOLFSSL_FATAL_ERROR; } @@ -2846,8 +2848,8 @@ static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s, out = *pp; } - idx = (int)SetHeader(tag, s->length, out, 0); - XMEMCPY(out + idx, s->data, s->length); + idx = (int)SetHeader(tag, (word32)s->length, out, 0); + XMEMCPY(out + idx, s->data, (size_t)s->length); if (*pp == NULL) *pp = out; else @@ -2889,7 +2891,8 @@ int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s, return s->length; if (*pp == NULL) { - out = (unsigned char*)XMALLOC(s->length, NULL, DYNAMIC_TYPE_ASN1); + out = (unsigned char*)XMALLOC((size_t)s->length, + NULL, DYNAMIC_TYPE_ASN1); if (out == NULL) return WOLFSSL_FATAL_ERROR; } @@ -2897,7 +2900,7 @@ int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s, out = *pp; } - XMEMCPY(out, s->data, s->length); + XMEMCPY(out, s->data, (size_t)s->length); if (*pp == NULL) *pp = out; else @@ -2940,7 +2943,7 @@ static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out, wolfSSL_ASN1_STRING_free(*out); *out = ret; } - *src += idx + length; + *src += idx + (word32)length; return ret; } @@ -4120,7 +4123,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, ret->data[0] = '2'; ret->data[1] = '0'; } /* Append rest of the data as it is the same. */ - XMEMCPY(&ret->data[2], t->data, t->length); + XMEMCPY(&ret->data[2], t->data, (size_t)t->length); } /* Check for pointer to return result through. */ diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c index f2ff78193e..98a49f2e7d 100644 --- a/src/ssl_crypto.c +++ b/src/ssl_crypto.c @@ -2543,21 +2543,23 @@ WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in, if ((!err) && (dataSz % DES_BLOCK_SIZE)) { /* Allocate a buffer big enough to hold padded input. */ dataSz += DES_BLOCK_SIZE - (dataSz % DES_BLOCK_SIZE); - data = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + data = (unsigned char*)XMALLOC((size_t)dataSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (data == NULL) { WOLFSSL_MSG("Issue creating temporary buffer"); err = 1; } else { /* Copy input and pad with 0s. */ - XMEMCPY(data, in, length); - XMEMSET(data + length, 0, dataSz - length); + XMEMCPY(data, in, (size_t)length); + XMEMSET(data + length, 0, (size_t)(dataSz - length)); } } if (!err) { /* Allocate buffer to hold encrypted data. */ - tmp = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (unsigned char*)XMALLOC((size_t)dataSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { WOLFSSL_MSG("Issue creating temporary buffer"); err = 1; @@ -2637,7 +2639,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output, if (lb_sz != 0) { /* Create a 0 padded block from remaining bytes. */ XMEMSET(lastBlock, 0, DES_BLOCK_SIZE); - XMEMCPY(lastBlock, input + len, lb_sz); + XMEMCPY(lastBlock, input + len, (size_t)lb_sz); /* Encrypt last block into output. */ wc_Des_CbcEncrypt(des, output + len, lastBlock, (word32)DES_BLOCK_SIZE); @@ -2651,7 +2653,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output, wc_Des_CbcDecrypt(des, lastBlock, input + len, (word32)DES_BLOCK_SIZE); /* Copy out the required amount of the decrypted block. */ - XMEMCPY(output + len, lastBlock, lb_sz); + XMEMCPY(output + len, lastBlock, (size_t)lb_sz); } } } @@ -2775,7 +2777,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, if (lb_sz != 0) { /* Create a 0 padded block from remaining bytes. */ XMEMSET(lastBlock, 0, DES_BLOCK_SIZE); - XMEMCPY(lastBlock, input + len, lb_sz); + XMEMCPY(lastBlock, input + len, (size_t)lb_sz); /* Encrypt last block into output. */ ret = wc_Des3_CbcEncrypt(des3, output + len, lastBlock, (word32)DES_BLOCK_SIZE); @@ -2825,7 +2827,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, (void)ret; #endif /* Copy out the required amount of the decrypted block. */ - XMEMCPY(output + len, lastBlock, lb_sz); + XMEMCPY(output + len, lastBlock, (size_t)lb_sz); } } } @@ -2940,7 +2942,7 @@ static int wolfssl_aes_set_key(const unsigned char *key, const int bits, return WOLFSSL_FATAL_ERROR; } - if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, enc) != 0) { + if (wc_AesSetKey((Aes*)aes, key, (word32)((bits)/8), NULL, enc) != 0) { WOLFSSL_MSG("Error in setting AES key"); return WOLFSSL_FATAL_ERROR; } diff --git a/src/ssl_load.c b/src/ssl_load.c index 004cb65949..80969f1d26 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -132,7 +132,7 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format, /* Data in buffer has PEM format - extract DER data. */ if (format == WOLFSSL_FILETYPE_PEM) { #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buff, len, type, der, heap, info, algId); + ret = PemToDer(buff, (long)(len), type, der, heap, info, algId); if (ret != 0) { FreeDer(der); } @@ -1213,7 +1213,7 @@ static int ProcessBufferPrivPkcs8Dec(EncryptedInfo* info, DerBuffer* der, } if (ret >= 0) { /* Zero out encrypted data not overwritten. */ - ForceZero(der->buffer + ret, der->length - ret); + ForceZero(der->buffer + ret, der->length - (word32)ret); /* Set decrypted data length. */ der->length = (word32)ret; } @@ -5113,7 +5113,8 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) if (ret == 1) { /* Allocate memory to hold DER encoding.. */ - der = (unsigned char*)XMALLOC(derSize, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (unsigned char*)XMALLOC((size_t)derSize, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { WOLFSSL_MSG("Malloc failure"); ret = MEMORY_E; @@ -5355,8 +5356,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, } if (ret == 1) { /* Copy p and g into allocated buffers. */ - XMEMCPY(pAlloc, p, pSz); - XMEMCPY(gAlloc, g, gSz); + XMEMCPY(pAlloc, p, (size_t)pSz); + XMEMCPY(gAlloc, g, (size_t)gSz); /* Set the buffers into SSL. */ ret = wolfssl_set_tmp_dh(ssl, pAlloc, pSz, gAlloc, gSz); } @@ -5514,8 +5515,8 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, if (ret == 1) { /* Copy p and g into allocated buffers. */ - XMEMCPY(pAlloc, p, pSz); - XMEMCPY(gAlloc, g, gSz); + XMEMCPY(pAlloc, p, (size_t)pSz); + XMEMCPY(gAlloc, g, (size_t)gSz); /* Set the buffers into SSL context. */ ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz); } @@ -5567,8 +5568,8 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) if (ret == 1) { /* Allocate buffers for p and g to be assigned into SSL. */ - p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + p = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((p == NULL) || (g == NULL)) { ret = MEMORY_E; } @@ -5633,8 +5634,8 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) if (ret == 1) { /* Allocate buffers for p and g to be assigned into SSL. */ - p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + p = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((p == NULL) || (g == NULL)) { ret = MEMORY_E; } diff --git a/src/ssl_sess.c b/src/ssl_sess.c index 1471b9d611..3bb6a5ee49 100644 --- a/src/ssl_sess.c +++ b/src/ssl_sess.c @@ -375,7 +375,7 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession) WOLFSSL_MSG("Valid ServerID not cached already"); ssl->session->idLen = (word16)len; - XMEMCPY(ssl->session->serverID, id, len); + XMEMCPY(ssl->session->serverID, id, (size_t)len); } #ifdef HAVE_EXT_CACHE else { @@ -1819,7 +1819,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, ticLen = addSession->ticketLen; /* Alloc Memory here to avoid syscalls during lock */ if (ticLen > SESSION_TICKET_LEN) { - ticBuff = (byte*)XMALLOC(ticLen, NULL, + ticBuff = (byte*)XMALLOC((size_t)ticLen, NULL, DYNAMIC_TYPE_SESSION_TICK); if (ticBuff == NULL) { return MEMORY_E; @@ -1978,7 +1978,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, /* Copy in the certs from the session */ addSession->chain.count = cacheSession->chain.count; XMEMCPY(addSession->chain.certs, cacheSession->chain.certs, - sizeof(x509_buffer) * cacheSession->chain.count); + sizeof(x509_buffer) * (size_t)cacheSession->chain.count); } #endif /* SESSION_CERTS */ #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) @@ -2669,7 +2669,8 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) unsigned char *data; if (*p == NULL) - *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL); + *p = (unsigned char*)XMALLOC((size_t)size, NULL, + DYNAMIC_TYPE_OPENSSL); if (*p == NULL) return 0; data = *p; @@ -2693,7 +2694,7 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) c16toa((word16)sess->chain.certs[i].length, data + idx); idx += OPAQUE16_LEN; XMEMCPY(data + idx, sess->chain.certs[i].buffer, - sess->chain.certs[i].length); + (size_t)sess->chain.certs[i].length); idx += sess->chain.certs[i].length; } #endif @@ -3524,7 +3525,7 @@ int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, size = outSz; } - XMEMCPY(out, ses->masterSecret, size); + XMEMCPY(out, ses->masterSecret, (size_t)size); return size; } diff --git a/src/tls.c b/src/tls.c index 0e5f43b1fd..925d47a5ac 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1024,7 +1024,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, if (ret != 0) return ret; - XMEMSET(hmac->innerHash, 0, macLen); + XMEMSET(hmac->innerHash, 0, (size_t)macLen); if (safeBlocks > 0) { ret = Hmac_HashUpdate(hmac, header, headerSz); @@ -1039,7 +1039,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, else safeBlocks = 0; - XMEMSET(digest, 0, macLen); + XMEMSET(digest, 0, (size_t)macLen); k = (unsigned int)(safeBlocks * blockSz); for (i = safeBlocks; i < blocks; i++) { unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; @@ -1190,8 +1190,8 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, ret = wc_HmacUpdate(hmac, header, headerSz); if (ret == 0) { /* Fill the rest of the block with any available data. */ - word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz; - currSz |= ctMaskGTE((int)msgSz, blockSz) & blockSz; + word32 currSz = ctMaskLT((int)msgSz, (int)blockSz) & msgSz; + currSz |= ctMaskGTE((int)msgSz, (int)blockSz) & blockSz; currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; currSz &= ~(0 - (currSz >> 31)); ret = wc_HmacUpdate(hmac, in, currSz); @@ -1338,7 +1338,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, #ifdef HAVE_BLAKE2 if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { ret = Hmac_UpdateFinal(&hmac, digest, in, - sz + hashSz + padSz + 1, myInner, innerSz); + sz + hashSz + (word32)padSz + 1, myInner, innerSz); } else #endif @@ -1349,8 +1349,9 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, } #else - ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, - myInner, innerSz); + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + + (word32)(padSz) + 1, + myInner, innerSz); #endif } else { @@ -3451,7 +3452,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, if (request) { XMEMCPY(request->nonce, csr->request.ocsp[0].nonce, - csr->request.ocsp[0].nonceSz); + (size_t)csr->request.ocsp[0].nonceSz); request->nonceSz = csr->request.ocsp[0].nonceSz; } } @@ -3655,14 +3656,14 @@ int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, csr->requests--; } /* preserve nonce */ - XMEMCPY(nonce, request->nonce, nonceSz); + XMEMCPY(nonce, csr->request.ocsp->nonce, (size_t)nonceSz); if (req_cnt < MAX_CERT_EXTENSIONS) { if ((ret = InitOcspRequest(request, cert, 0, heap)) != 0) return ret; /* restore nonce */ - XMEMCPY(request->nonce, nonce, nonceSz); + XMEMCPY(csr->request.ocsp->nonce, nonce, (size_t)nonceSz); request->nonceSz = nonceSz; csr->requests++; } @@ -3977,7 +3978,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length, if (request) { XMEMCPY(request->nonce, csr2->request.ocsp[0].nonce, - csr2->request.ocsp[0].nonceSz); + (size_t)csr2->request.ocsp[0].nonceSz); request->nonceSz = csr2->request.ocsp[0].nonceSz; @@ -4189,7 +4190,8 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, int nonceSz = csr2->request.ocsp[0].nonceSz; /* preserve nonce, replicating nonce of ocsp[0] */ - XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); + XMEMCPY(nonce, csr2->request.ocsp[0].nonce, + (size_t)nonceSz); if ((ret = InitOcspRequest( &csr2->request.ocsp[csr2->requests], cert, @@ -4198,7 +4200,7 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, /* restore nonce */ XMEMCPY(csr2->request.ocsp[csr2->requests].nonce, - nonce, nonceSz); + nonce, (size_t)nonceSz); csr2->request.ocsp[csr2->requests].nonceSz = nonceSz; csr2->requests++; } @@ -13781,6 +13783,11 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) word64 now, milli; #endif + if (sess->ticketLen > MAX_PSK_ID_LEN) { + WOLFSSL_MSG("Session ticket length for PSK ext is too large"); + return BUFFER_ERROR; + } + /* Determine the MAC algorithm for the cipher suite used. */ ssl->options.cipherSuite0 = sess->cipherSuite0; ssl->options.cipherSuite = sess->cipherSuite; diff --git a/src/tls13.c b/src/tls13.c index f09fe7027c..000d1870d7 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1024,7 +1024,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen, ret = Tls13HKDFExpandLabel(ssl, firstExpand, hashLen, ssl->arrays->exporterSecret, hashLen, protocol, protocolLen, (byte*)label, (word32)labelLen, - emptyHash, hashLen, hashType); + emptyHash, hashLen, (int)hashType); if (ret != 0) return ret; @@ -1035,7 +1035,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen, ret = Tls13HKDFExpandLabel(ssl, out, (word32)outLen, firstExpand, hashLen, protocol, protocolLen, exporterLabel, EXPORTER_LABEL_SZ, - hashOut, hashLen, hashType); + hashOut, hashLen, (int)hashType); return ret; } @@ -7434,7 +7434,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) /* replace the last 8 bytes of server random with the accept */ if (((WOLFSSL_ECH*)echX->data)->state == ECH_PARSED_INTERNAL) { ret = EchWriteAcceptance(ssl, output + RECORD_HEADER_SZ, - serverRandomOffset - RECORD_HEADER_SZ, + (int)serverRandomOffset - RECORD_HEADER_SZ, sendSz - RECORD_HEADER_SZ); /* remove ech so we don't keep sending it in write */ @@ -8438,7 +8438,7 @@ static word32 NextCert(byte* data, word32 length, word32* idx) * offset index offset * returns Total number of bytes written. */ -static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, +static int WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, word16* extSz, word16 extSz_num) { int ret = 0; @@ -8456,7 +8456,7 @@ static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, if (csr) { for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) { - tmpSz = TLSX_CSR_GetSize_ex(csr, 0, extIdx); + tmpSz = TLSX_CSR_GetSize_ex(csr, 0, (int)extIdx); if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) && certExts[extIdx] == NULL) { @@ -8491,7 +8491,7 @@ static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, /* chain cert empty extension size */ totalSz += OPAQUE16_LEN * extSz_num; } - return totalSz; + return (int)totalSz; } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ /* Add certificate data and empty extension to output up to the fragment size. diff --git a/src/wolfio.c b/src/wolfio.c index 8d0b2f089b..ec793f6f52 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1475,7 +1475,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) sin = (SOCKADDR_IN *)&addr; sin->sin_family = AF_INET; sin->sin_port = XHTONS(port); - XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0], entry->h_length); + XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0], + (size_t)entry->h_length); #endif } diff --git a/src/x509.c b/src/x509.c index 744655480b..a2c8c05508 100644 --- a/src/x509.c +++ b/src/x509.c @@ -194,7 +194,7 @@ int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert) FreeDecodedCert(cert); return WOLFSSL_FAILURE; } - idx += length; + idx += (word32)length; extCount++; } @@ -516,8 +516,8 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, const unsigned char* oid; word32 oidSz; - if ((oid = OidFromId(dns->oidSum, oidCertAltNameType, &oidSz)) == - NULL) { + if ((oid = OidFromId((word32)dns->oidSum, oidCertAltNameType, + &oidSz)) == NULL) { if (dns->oidSum == UPN_OID) { oid = upn_oid; oidSz = (word32)sizeof(upn_oid); @@ -633,7 +633,8 @@ static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns) if (gn->d.registeredID == NULL) { return WOLFSSL_FAILURE; } - gn->d.registeredID->obj = (const unsigned char*)XMALLOC(dns->len, + gn->d.registeredID->obj = (const unsigned char*)XMALLOC( + (size_t)dns->len, gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1); if (gn->d.registeredID->obj == NULL) { /* registeredID gets free'd up by caller after failure */ @@ -641,7 +642,7 @@ static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns) } gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len); - gn->d.registeredID->objSz = dns->len; + gn->d.registeredID->objSz = (unsigned int)dns->len; gn->d.registeredID->grp = oidCertExtType; gn->d.registeredID->nid = WC_NID_registeredAddress; break; @@ -669,7 +670,7 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509, #ifdef OPENSSL_ALL ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->subjAltNameSrc, - x509->subjAltNameSz); + (int)x509->subjAltNameSz); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); goto err; @@ -869,7 +870,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) /* Continue while loop until extCount == loc or idx > sz */ if (extCount != loc) { - idx += length; + idx += (word32)length; extCount++; continue; } @@ -914,8 +915,9 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) /* Skip the critical information */ if (input[dataIdx] == ASN_BOOLEAN) { dataIdx++; - ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0; - dataIdx += dataLen; + ret = GetLength(input, &dataIdx, &dataLen, + (word32)sz) >= 0; + dataIdx += (word32)dataLen; } } if (ret) { @@ -1041,7 +1043,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) break; ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->authKeyId, - x509->authKeyIdSz); + (int)x509->authKeyIdSz); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_X509_EXTENSION_free(ext); @@ -1059,7 +1061,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) break; ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->subjKeyId, - x509->subjKeyIdSz); + (int)x509->subjKeyIdSz); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_X509_EXTENSION_free(ext); @@ -1103,7 +1105,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) break; ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->extKeyUsageSrc, - x509->extKeyUsageSz); + (int)x509->extKeyUsageSz); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); wolfSSL_X509_EXTENSION_free(ext); @@ -1151,7 +1153,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) #endif return NULL; } - oidBuf = (byte*)XMALLOC(length+1+MAX_LENGTH_SZ, NULL, + oidBuf = (byte*)XMALLOC((size_t)length+1+MAX_LENGTH_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (oidBuf == NULL) { WOLFSSL_MSG("Failed to malloc tmp buffer"); @@ -1164,7 +1166,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } oidBuf[0] = ASN_OBJECT_ID; objSz++; - objSz += SetLength(length, oidBuf + 1); + objSz += SetLength((word32)length, oidBuf + 1); objSz += length; /* Set object size and reallocate space in object buffer */ @@ -1210,7 +1212,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) ext->crit = 0; /* Get extension data and copy as ASN1_STRING */ - tmpIdx = idx + length; + tmpIdx = idx + (word32)length; if ((tmpIdx >= (word32)sz) || (input[tmpIdx] != ASN_OCTET_STRING)) { @@ -1236,7 +1238,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) #endif return NULL; } - ext->value.data = (char*)XMALLOC(length, NULL, + ext->value.data = (char*)XMALLOC((size_t)length, NULL, DYNAMIC_TYPE_ASN1); ext->value.isDynamic = 1; if (ext->value.data == NULL) { @@ -1287,7 +1289,7 @@ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf, if (*buf) XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT); *len = 0; - *buf = (byte*)XMALLOC(str->length, heap, DYNAMIC_TYPE_X509_EXT); + *buf = (byte*)XMALLOC((size_t)str->length, heap, DYNAMIC_TYPE_X509_EXT); if (!*buf) { WOLFSSL_MSG("malloc error"); return WOLFSSL_FAILURE; @@ -1371,7 +1373,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, } else if (!gn || !gn->d.ia5 || wolfSSL_X509_add_altname_ex(x509, gn->d.ia5->data, - gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) { + (word32)gn->d.ia5->length, gn->type) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Subject alternative name missing extension"); return WOLFSSL_FAILURE; } @@ -1458,7 +1460,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, /* This is a viable custom extension. */ oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap, DYNAMIC_TYPE_X509_EXT); - val = (byte*)XMALLOC(ext->value.length, x509->heap, + val = (byte*)XMALLOC((size_t)ext->value.length, x509->heap, DYNAMIC_TYPE_X509_EXT); if ((oid == NULL) || (val == NULL)) { WOLFSSL_MSG("Memory allocation failure.\n"); @@ -1825,7 +1827,7 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i( /* Set the URI into GENERAL_NAME. */ ret = wolfSSL_ASN1_STRING_set(ad->location->d.uniformResourceIdentifier, - aiaEntry->obj, aiaEntry->objSz); + aiaEntry->obj, (int)aiaEntry->objSz); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set() failed"); err = 1; @@ -2172,7 +2174,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) } } - idx += length; + idx += (word32)length; extCount++; } /* while(idx < sz) */ @@ -2296,13 +2298,13 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, { int localIdx = 0; unsigned char* n = (unsigned char*)XMALLOC( - dns->len + MAX_SEQ_SZ, x509->heap, - DYNAMIC_TYPE_TMP_BUFFER); + (size_t)dns->len + MAX_SEQ_SZ, x509->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (n == NULL) { goto err; } - localIdx += SetSequence(dns->len, n); + localIdx += SetSequence((word32)dns->len, n); XMEMCPY(n + localIdx, dns->name, dns->len); gn->d.dirn = wolfSSL_d2i_X509_NAME(NULL, &n, dns->len + localIdx); @@ -3028,7 +3030,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, asn1str = (WOLFSSL_ASN1_STRING*)data; ext->value = *asn1str; if (asn1str->isDynamic) { - ext->value.data = (char*)XMALLOC(asn1str->length, NULL, + ext->value.data = (char*)XMALLOC((size_t)asn1str->length, NULL, DYNAMIC_TYPE_OPENSSL); if (!ext->value.data) { WOLFSSL_MSG("malloc failed"); @@ -3237,8 +3239,8 @@ int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, return WOLFSSL_FAILURE; } - ret = wolfSSL_EVP_Digest(x509->derCert->buffer, x509->derCert->length, buf, - len, digest, NULL); + ret = wolfSSL_EVP_Digest(x509->derCert->buffer, + (int)x509->derCert->length, buf, len, digest, NULL); WOLFSSL_LEAVE("wolfSSL_X509_digest", ret); return ret; } @@ -3370,7 +3372,7 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) WOLFSSL_MSG("Using static memory -- please pass in a buffer"); return NULL; #else - in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL); + in = (char*)XMALLOC((size_t)name->sz, NULL, DYNAMIC_TYPE_OPENSSL); if (!in) return in; copySz = name->sz; @@ -3562,7 +3564,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) */ if (i != count - 1) { strSz = (int)XSTRLEN(sn) + nameSz + 4; - str = (char*)XMALLOC(strSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = (char*)XMALLOC((size_t)strSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) { WOLFSSL_MSG("Memory error"); return NULL; @@ -3580,7 +3582,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) * Add extra strSz for '=' and '\0' characters in XSNPRINTF. */ strSz = (int)XSTRLEN(sn) + nameSz + 2; - str = (char*)XMALLOC(strSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = (char*)XMALLOC((size_t)strSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (str == NULL) { WOLFSSL_MSG("Memory error"); return NULL; @@ -4158,7 +4160,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509) } -/* return number of elements on success 0 on fail */ +/* return 1 on success 0 on fail */ int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509) { @@ -4303,7 +4305,7 @@ void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk) wolfSSL_sk_X509_CRL_pop_free(sk, NULL); } -/* return number of elements on success 0 on fail */ +/* return 1 on success 0 on fail */ int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl) { @@ -4337,7 +4339,7 @@ int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk) #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) -/* return number of elements on success 0 on fail */ +/* return 1 on success 0 on fail */ int wolfSSL_sk_ACCESS_DESCRIPTION_push(WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk, WOLFSSL_ACCESS_DESCRIPTION* a) { @@ -4546,7 +4548,7 @@ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen, return WOLFSSL_SUCCESS; } -/* return number of elements on success 0 on fail */ +/* return 1 on success 0 on fail */ int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk, WOLFSSL_GENERAL_NAME* gn) { @@ -4724,7 +4726,7 @@ void wolfSSL_DIST_POINTS_free(WOLFSSL_DIST_POINTS *dps) wolfSSL_sk_free(dps); } -/* return number of elements on success 0 on fail */ +/* return 1 on success 0 on fail */ int wolfSSL_sk_DIST_POINT_push(WOLFSSL_DIST_POINTS* sk, WOLFSSL_DIST_POINT* dp) { WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_push"); @@ -12672,9 +12674,15 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, static void wolfssl_x509_name_entry_set(WOLFSSL_X509_NAME_ENTRY* ne, int nid, int type, const unsigned char *data, int dataSz) { + WOLFSSL_ASN1_OBJECT* object; + ne->nid = nid; /* Reuse the object if already available. */ - ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); + object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); + if (object != NULL) { + /* Set the object when no error. */ + ne->object = object; + } if (ne->value == NULL) { ne->value = wolfSSL_ASN1_STRING_type_new(type); } @@ -13557,7 +13565,7 @@ void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk) /* Adds the WOLFSSL_X509_INFO to the stack "sk". "sk" takes control of "in" and * tries to free it when the stack is free'd. * - * return number of elements on success 0 on fail + * return 1 on success 0 on fail */ int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, WOLFSSL_X509_INFO* in) diff --git a/tests/api.c b/tests/api.c index 77c21a4ebf..fc8d2caa03 100644 --- a/tests/api.c +++ b/tests/api.c @@ -846,7 +846,7 @@ static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data, if (bio->wrSz - bio->wrIdx < len) { len = bio->wrSz - bio->wrIdx; } - XMEMCPY(bio->ptr.mem_buf_data + bio->wrIdx, data, len); + XMEMCPY(bio->ptr.mem_buf_data + bio->wrIdx, data, (size_t)len); bio->wrIdx += len; } @@ -862,7 +862,7 @@ static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len) if (bio->wrSz - bio->rdIdx < len) { len = bio->wrSz - bio->rdIdx; } - XMEMCPY(data, bio->ptr.mem_buf_data + bio->rdIdx, len); + XMEMCPY(data, bio->ptr.mem_buf_data + bio->rdIdx, (size_t)len); bio->rdIdx += len; } @@ -2476,7 +2476,7 @@ static int test_wolfSSL_CTX_load_verify_locations(void) /* Get cert cache size */ ExpectIntGT(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), 0); - ExpectNotNull(cache = (byte*)XMALLOC(cacheSz, NULL, + ExpectNotNull(cache = (byte*)XMALLOC((size_t)cacheSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, NULL), @@ -3270,7 +3270,7 @@ static int test_wolfSSL_CertManagerNameConstraint(void) WOLFSSL_FILETYPE_ASN1)); ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); if (EXPECT_SUCCESS() && (der != NULL)) { - XMEMCPY(der, pt, derSz); + XMEMCPY(der, pt, (size_t)derSz); /* find the name constraint extension and alter it */ pt = der; @@ -4075,73 +4075,72 @@ static int test_wolfSSL_CertManagerCRL(void) const char* crl_rsapss = "./certs/crl/crl_rsapss.pem"; const char* ca_rsapss = "./certs/rsapss/ca-rsapss.pem"; #endif - /* ./certs/crl/crl.der */ const unsigned char crl_buff[] = { - 0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xED, 0x02, - 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, - 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, + 0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xed, 0x02, + 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, - 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, - 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, - 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, + 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, + 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, - 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, - 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, - 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x17, 0x0D, 0x32, 0x34, 0x30, 0x31, 0x30, 0x39, - 0x30, 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x17, - 0x0D, 0x32, 0x36, 0x31, 0x30, 0x30, 0x35, 0x30, - 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x30, 0x14, - 0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0D, 0x32, - 0x34, 0x30, 0x31, 0x30, 0x39, 0x30, 0x30, 0x33, - 0x34, 0x33, 0x30, 0x5A, 0xA0, 0x0E, 0x30, 0x0C, - 0x30, 0x0A, 0x06, 0x03, 0x55, 0x1D, 0x14, 0x04, - 0x03, 0x02, 0x01, 0x02, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, - 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0xB3, 0x6F, 0xED, 0x72, 0xD2, 0x73, 0x6A, 0x77, - 0xBF, 0x3A, 0x55, 0xBC, 0x54, 0x18, 0x6A, 0x71, - 0xBC, 0x6A, 0xCC, 0xCD, 0x5D, 0x90, 0xF5, 0x64, - 0x8D, 0x1B, 0xF0, 0xE0, 0x48, 0x7B, 0xF2, 0x7B, - 0x06, 0x86, 0x53, 0x63, 0x9B, 0xD8, 0x24, 0x15, - 0x10, 0xB1, 0x19, 0x96, 0x9B, 0xD2, 0x75, 0xA8, - 0x25, 0xA2, 0x35, 0xA9, 0x14, 0xD6, 0xD5, 0x5E, - 0x53, 0xE3, 0x34, 0x9D, 0xF2, 0x8B, 0x07, 0x19, - 0x9B, 0x1F, 0xF1, 0x02, 0x0F, 0x04, 0x46, 0xE8, - 0xB8, 0xB6, 0xF2, 0x8D, 0xC7, 0xC0, 0x15, 0x3E, - 0x3E, 0x8E, 0x96, 0x73, 0x15, 0x1E, 0x62, 0xF6, - 0x4E, 0x2A, 0xF7, 0xAA, 0xA0, 0x91, 0x80, 0x12, - 0x7F, 0x81, 0x0C, 0x65, 0xCC, 0x38, 0xBE, 0x58, - 0x6C, 0x14, 0xA5, 0x21, 0xA1, 0x8D, 0xF7, 0x8A, - 0xB9, 0x24, 0xF4, 0x2D, 0xCA, 0xC0, 0x67, 0x43, - 0x0B, 0xC8, 0x1C, 0xB4, 0x7D, 0x12, 0x7F, 0xA2, - 0x1B, 0x19, 0x0E, 0x94, 0xCF, 0x7B, 0x9F, 0x75, - 0xA0, 0x08, 0x9A, 0x67, 0x3F, 0x87, 0x89, 0x3E, - 0xF8, 0x58, 0xA5, 0x8A, 0x1B, 0x2D, 0xDA, 0x9B, - 0xD0, 0x1B, 0x18, 0x92, 0xC3, 0xD2, 0x6A, 0xD7, - 0x1C, 0xFC, 0x45, 0x69, 0x77, 0xC3, 0x57, 0x65, - 0x75, 0x99, 0x9E, 0x47, 0x2A, 0x20, 0x25, 0xEF, - 0x90, 0xF2, 0x5F, 0x3B, 0x7D, 0x9C, 0x7D, 0x00, - 0xEA, 0x92, 0x54, 0xEB, 0x0B, 0xE7, 0x17, 0xAF, - 0x24, 0x1A, 0xF9, 0x7C, 0x83, 0x50, 0x68, 0x1D, - 0xDC, 0x5B, 0x60, 0x12, 0xA7, 0x52, 0x78, 0xD9, - 0xA9, 0xB0, 0x1F, 0x59, 0x48, 0x36, 0xC7, 0xA6, - 0x97, 0x34, 0xC7, 0x87, 0x3F, 0xAE, 0xFD, 0xA9, - 0x56, 0x5D, 0x48, 0xCC, 0x89, 0x7A, 0x79, 0x60, - 0x8F, 0x9B, 0x2B, 0x63, 0x3C, 0xB3, 0x04, 0x1D, - 0x5F, 0xF7, 0x20, 0xD2, 0xFD, 0xF2, 0x51, 0xB1, - 0x96, 0x93, 0x13, 0x5B, 0xAB, 0x74, 0x82, 0x8B + 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, + 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, + 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x17, 0x0d, 0x32, 0x32, 0x31, 0x32, 0x31, 0x36, + 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x17, + 0x0d, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, 0x32, + 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x30, 0x14, + 0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0d, 0x32, + 0x32, 0x31, 0x32, 0x31, 0x36, 0x32, 0x31, 0x31, + 0x37, 0x35, 0x30, 0x5a, 0xa0, 0x0e, 0x30, 0x0c, + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x14, 0x04, + 0x03, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x39, 0x44, 0xff, 0x39, 0xf4, 0x04, 0x45, 0x79, + 0x7e, 0x73, 0xe2, 0x42, 0x48, 0xdb, 0x85, 0x66, + 0xfd, 0x99, 0x76, 0x94, 0x7c, 0xb5, 0x79, 0x5d, + 0x15, 0x71, 0x36, 0xa9, 0x87, 0xf0, 0x73, 0x05, + 0x50, 0x08, 0x6b, 0x1c, 0x6e, 0xde, 0x96, 0x45, + 0x31, 0xc3, 0xc0, 0xba, 0xba, 0xf5, 0x08, 0x1d, + 0x05, 0x4a, 0x52, 0x39, 0xe9, 0x03, 0xef, 0x59, + 0xc8, 0x1d, 0x4a, 0xf2, 0x86, 0x05, 0x99, 0x7b, + 0x4b, 0x74, 0xf6, 0xd3, 0x75, 0x8d, 0xb2, 0x57, + 0xba, 0xac, 0xa7, 0x11, 0x14, 0xd6, 0x6c, 0x71, + 0xc4, 0x4c, 0x1c, 0x68, 0xbc, 0x49, 0x78, 0xf0, + 0xc9, 0x52, 0x8a, 0xe7, 0x8b, 0x54, 0xe6, 0x20, + 0x58, 0x20, 0x60, 0x66, 0xf5, 0x14, 0xd8, 0xcb, + 0xff, 0xe0, 0xa0, 0x45, 0xbc, 0xb4, 0x81, 0xad, + 0x1d, 0xbc, 0xcf, 0xf8, 0x8e, 0xa8, 0x87, 0x24, + 0x55, 0x99, 0xd9, 0xce, 0x47, 0xf7, 0x5b, 0x4a, + 0x33, 0x6d, 0xdb, 0xbf, 0x93, 0x64, 0x1a, 0xa6, + 0x46, 0x5f, 0x27, 0xdc, 0xd8, 0xd4, 0xf9, 0xc2, + 0x42, 0x2a, 0x7e, 0xb2, 0x7c, 0xdd, 0x98, 0x77, + 0xf5, 0x88, 0x7d, 0x15, 0x25, 0x08, 0xbc, 0xe0, + 0xd0, 0x8d, 0xf4, 0xc3, 0xc3, 0x04, 0x41, 0xa4, + 0xd1, 0xb1, 0x39, 0x4a, 0x6b, 0x2c, 0xb5, 0x2e, + 0x9a, 0x65, 0x43, 0x0d, 0x0e, 0x73, 0xf4, 0x06, + 0xe1, 0xb3, 0x49, 0x34, 0x94, 0xb0, 0xb7, 0xff, + 0xc0, 0x27, 0xc1, 0xb5, 0xea, 0x06, 0xf7, 0x71, + 0x71, 0x97, 0xbb, 0xbc, 0xc7, 0x1a, 0x9f, 0xeb, + 0xf6, 0x3d, 0xa5, 0x7b, 0x55, 0xa7, 0xbf, 0xdd, + 0xd7, 0xee, 0x97, 0xb8, 0x9d, 0xdc, 0xcd, 0xe3, + 0x06, 0xdb, 0x9a, 0x2c, 0x60, 0xbf, 0x70, 0x84, + 0xfa, 0x6b, 0x8d, 0x70, 0x7d, 0xde, 0xe8, 0xb7, + 0xab, 0xb0, 0x38, 0x68, 0x6c, 0xc0, 0xb1, 0xe1, + 0xba, 0x45, 0xe0, 0xd7, 0x12, 0x3d, 0x71, 0x5b }; WOLFSSL_CERT_MANAGER* cm = NULL; @@ -4304,8 +4303,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, /* ......in */ 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */ 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, /* sl.com.. */ - 0x32, 0x30, 0x32, 0x34, 0x31, 0x32, 0x32, 0x30, /* 20241220 */ - 0x31, 0x37, 0x30, 0x37, 0x30, 0x34, 0x5a, 0x30, /* 170704Z0 */ + 0x32, 0x30, 0x32, 0x33, 0x31, 0x31, 0x30, 0x38, /* 20231108 */ + 0x30, 0x30, 0x32, 0x36, 0x33, 0x37, 0x5a, 0x30, /* 002637Z0 */ 0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, /* d0b0:0.. */ 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, /* .+...... */ 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, /* ..qM.#@Y */ @@ -4314,50 +4313,50 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, /* ..:.,... */ 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, /* ..L.*.q. */ 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, /* dD...... */ - 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x31, /* ...20241 */ - 0x32, 0x32, 0x30, 0x31, 0x37, 0x30, 0x37, 0x30, /* 22017070 */ - 0x34, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 4Z....20 */ - 0x35, 0x32, 0x30, 0x35, 0x30, 0x36, 0x31, 0x37, /* 52050617 */ - 0x30, 0x37, 0x30, 0x34, 0x5a, 0xa1, 0x23, 0x30, /* 0704Z.#0 */ + 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x33, 0x31, /* ...20231 */ + 0x31, 0x30, 0x38, 0x30, 0x30, 0x32, 0x36, 0x33, /* 10800263 */ + 0x37, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 7Z....20 */ + 0x35, 0x31, 0x30, 0x33, 0x32, 0x35, 0x30, 0x30, /* 51032500 */ + 0x32, 0x36, 0x33, 0x37, 0x5a, 0xa1, 0x23, 0x30, /* 2637Z.#0 */ 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, /* !0...+.. */ 0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, /* ...0.... */ - 0x04, 0x10, 0x12, 0x7c, 0x27, 0xbd, 0x22, 0x28, /* ...|'."( */ - 0x5e, 0x62, 0x81, 0xed, 0x6d, 0x2c, 0x2d, 0x59, /* ^b..m,-Y */ - 0x42, 0xd7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* B.0...*. */ + 0x04, 0x10, 0xdb, 0xbc, 0x2a, 0x76, 0xa0, 0xb4, /* ....*v.. */ + 0x1e, 0x5d, 0xf6, 0x2b, 0x8e, 0x38, 0x62, 0xdb, /* .].+.8b. */ + 0x90, 0xed, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* ..0...*. */ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, /* H....... */ - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6c, 0xce, /* ......l. */ - 0xa8, 0xe8, 0xfe, 0xaf, 0x33, 0xe2, 0xce, 0x4e, /* ....3..N */ - 0x63, 0x8d, 0x61, 0x16, 0x0f, 0x70, 0xb2, 0x0c, /* c.a..p.. */ - 0x9a, 0xe3, 0x01, 0xd5, 0xca, 0xe5, 0x9b, 0x70, /* .......p */ - 0x81, 0x6f, 0x94, 0x09, 0xe8, 0x88, 0x98, 0x1a, /* .o...... */ - 0x67, 0xa0, 0xc2, 0xe7, 0x8f, 0x9b, 0x5f, 0x13, /* g....._. */ - 0x17, 0x8d, 0x93, 0x8c, 0x31, 0x61, 0x7d, 0x72, /* ....1a}r */ - 0x34, 0xbd, 0x21, 0x48, 0xca, 0xb2, 0xc9, 0xae, /* 4.!H.... */ - 0x28, 0x5f, 0x97, 0x19, 0xcb, 0xdf, 0xed, 0xd4, /* (_...... */ - 0x6e, 0x89, 0x30, 0x89, 0x11, 0xd1, 0x05, 0x08, /* n.0..... */ - 0x81, 0xe9, 0xa7, 0xba, 0xf7, 0x16, 0x0c, 0xbe, /* ........ */ - 0x48, 0x2e, 0xc0, 0x05, 0xac, 0x90, 0xc2, 0x35, /* H......5 */ - 0xce, 0x6c, 0x94, 0x5d, 0x2b, 0xad, 0x4f, 0x19, /* .l.]+.O. */ - 0xea, 0x7b, 0xd9, 0x4f, 0x49, 0x20, 0x8d, 0x98, /* .{.OI .. */ - 0xa9, 0xe4, 0x53, 0x6d, 0xca, 0x34, 0xdb, 0x4a, /* ..Sm.4.J */ - 0x28, 0xb3, 0x33, 0xfb, 0xfd, 0xcc, 0x4b, 0xfa, /* (.3...K. */ - 0xdb, 0x70, 0xe1, 0x96, 0xc8, 0xd4, 0xf1, 0x85, /* .p...... */ - 0x99, 0xaf, 0x06, 0xeb, 0xfd, 0x96, 0x21, 0x86, /* ......!. */ - 0x81, 0xee, 0xcf, 0xd2, 0xf4, 0x83, 0xc9, 0x1d, /* ........ */ - 0x8f, 0x42, 0xd1, 0xc1, 0xbc, 0x50, 0x0a, 0xfb, /* .B...P.. */ - 0x95, 0x39, 0x4c, 0x36, 0xa8, 0xfe, 0x2b, 0x8e, /* .9L6..+. */ - 0xc5, 0xb5, 0xe0, 0xab, 0xdb, 0xc0, 0xbf, 0x1d, /* ........ */ - 0x35, 0x4d, 0xc0, 0x52, 0xfb, 0x08, 0x04, 0x4c, /* 5M.R...L */ - 0x98, 0xf0, 0xb5, 0x5b, 0xff, 0x99, 0x74, 0xce, /* ...[..t. */ - 0xb7, 0xc9, 0xe3, 0xe5, 0x70, 0x2e, 0xd3, 0x1d, /* ....p... */ - 0x46, 0x38, 0xf9, 0x51, 0x17, 0x73, 0xd1, 0x08, /* F8.Q.s.. */ - 0x8d, 0x3d, 0x12, 0x47, 0xd0, 0x66, 0x77, 0xaf, /* .=.G.fw. */ - 0xfd, 0x4c, 0x75, 0x1f, 0xe9, 0x6c, 0xf4, 0x5a, /* .Lu..l.Z */ - 0xde, 0xec, 0x37, 0xc7, 0xc4, 0x0a, 0xbe, 0x91, /* ..7..... */ - 0xbc, 0x05, 0x08, 0x86, 0x47, 0x30, 0x2a, 0xc6, /* ....G0*. */ - 0x85, 0x4b, 0x55, 0x6c, 0xef, 0xdf, 0x2d, 0x5a, /* .KUl..-Z */ - 0xf7, 0x5b, 0xb5, 0xba, 0xed, 0x38, 0xb0, 0xcb, /* .[...8.. */ - 0xeb, 0x7e, 0x84, 0x3a, 0x69, 0x2c, 0xa0, 0x82, /* .~.:i,.. */ + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x87, 0xde, /* ........ */ + 0xfb, 0xf9, 0x3a, 0x90, 0x1f, 0x90, 0xde, 0xcf, /* ..:..... */ + 0xfe, 0xad, 0x64, 0x19, 0x34, 0x17, 0xf8, 0x15, /* ..d.4... */ + 0x01, 0x22, 0x5f, 0x67, 0x41, 0xa4, 0x18, 0xf7, /* ."_gA... */ + 0x16, 0xb7, 0xc9, 0xf3, 0xe1, 0x9f, 0xcd, 0x40, /* .......@ */ + 0x56, 0x77, 0x6e, 0x6a, 0xfb, 0x92, 0x6a, 0x6f, /* Vwnj..jo */ + 0x28, 0x3e, 0x22, 0x48, 0xa1, 0xc2, 0xd8, 0x1d, /* (>"H.... */ + 0xc7, 0xe6, 0x78, 0x7f, 0xb6, 0x09, 0xfe, 0x2c, /* ..x...., */ + 0xb5, 0xef, 0x29, 0x7c, 0xc5, 0x51, 0x16, 0x7b, /* ..)|.Q.{ */ + 0x8f, 0xfb, 0x44, 0xa8, 0xcd, 0xf5, 0x5c, 0x0f, /* ..D...\. */ + 0x46, 0x0e, 0xb1, 0xa4, 0xeb, 0x5b, 0xf5, 0x86, /* F....[.. */ + 0x11, 0x0f, 0xcd, 0xe2, 0xe5, 0x3c, 0x91, 0x72, /* .....<.r */ + 0x0d, 0x6a, 0xcb, 0x95, 0x99, 0x39, 0x91, 0x48, /* .j...9.H */ + 0x65, 0x97, 0xb9, 0x78, 0xb5, 0x88, 0x7f, 0x76, /* e..x...v */ + 0xa1, 0x43, 0x2f, 0xf6, 0x1f, 0x49, 0xb7, 0x08, /* .C/..I.. */ + 0x36, 0xe4, 0x2e, 0x34, 0x25, 0xda, 0x16, 0x74, /* 6..4%..t */ + 0x47, 0x62, 0x56, 0xff, 0x2f, 0x02, 0x03, 0x44, /* GbV./..D */ + 0x89, 0x04, 0xe7, 0xb8, 0xde, 0x0a, 0x35, 0x43, /* ......5C */ + 0xae, 0xd7, 0x54, 0xbe, 0xc3, 0x7c, 0x95, 0xa5, /* ..T..|.. */ + 0xc8, 0xe0, 0x2e, 0x52, 0xb6, 0xea, 0x99, 0x45, /* ...R...E */ + 0xfd, 0xda, 0x4b, 0xd5, 0x79, 0x07, 0x64, 0xca, /* ..K.y.d. */ + 0x64, 0xba, 0x52, 0x12, 0x62, 0x8c, 0x08, 0x9a, /* d.R.b... */ + 0x32, 0xeb, 0x85, 0x65, 0x05, 0x39, 0x07, 0x5d, /* 2..e.9.] */ + 0x39, 0x4a, 0xcf, 0xa5, 0x30, 0xf6, 0xd1, 0xf7, /* 9J..0... */ + 0x29, 0xaa, 0x23, 0x42, 0xc6, 0x85, 0x16, 0x7f, /* ).#B.... */ + 0x64, 0x16, 0xb1, 0xb0, 0x5d, 0xcd, 0x88, 0x2d, /* d...]..- */ + 0x06, 0xb0, 0xa9, 0xdf, 0xa3, 0x9f, 0x25, 0x41, /* ......%A */ + 0x89, 0x9a, 0x19, 0xe1, 0xaa, 0xcd, 0xdf, 0x51, /* .......Q */ + 0xcb, 0xa9, 0xc3, 0x7e, 0x27, 0xbc, 0x7d, 0x9b, /* ...~'.}. */ + 0x6f, 0x4d, 0x79, 0x87, 0x09, 0x3f, 0xac, 0xd2, /* oMy..?.. */ + 0x4a, 0x3b, 0xbe, 0xf8, 0x7a, 0xa4, 0x93, 0x45, /* J;..z..E */ + 0x11, 0x64, 0x40, 0xc5, 0x03, 0xc9, 0x24, 0x5b, /* .d@...$[ */ + 0xe9, 0x6d, 0xfc, 0x94, 0x08, 0xbe, 0xa0, 0x82, /* .m...... */ 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, /* ..0...0. */ 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, /* ..0..... */ 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, /* ......0. */ @@ -4382,10 +4381,10 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, /* .......i */ 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, /* nfo@wolf */ 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, /* ssl.com0 */ - 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, /* ...24121 */ - 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, /* 8212531Z */ - 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, /* ..270914 */ - 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, /* 212531Z0 */ + 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x31, 0x32, 0x31, /* ...22121 */ + 0x36, 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, /* 6211750Z */ + 0x17, 0x0d, 0x32, 0x35, 0x30, 0x39, 0x31, 0x31, /* ..250911 */ + 0x32, 0x31, 0x31, 0x37, 0x35, 0x30, 0x5a, 0x30, /* 211750Z0 */ 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, /* ..1.0... */ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, /* U....US1 */ 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, /* .0...U.. */ @@ -4479,38 +4478,38 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, /* ....0... */ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */ 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, /* ........ */ - 0x4d, 0xa2, 0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, /* M..U.+.. */ - 0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2, /* e..5.`.. */ - 0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, /* k....XW7 */ - 0xbd, 0x2e, 0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, /* ..(n.V*5 */ - 0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a, /* ..>.=G!. */ - 0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, /* ......>. */ - 0xaf, 0x9b, 0xef, 0x23, 0x88, 0x56, 0x95, 0x73, /* ...#.V.s */ - 0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7, /* .....Ki. */ - 0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, /* .:.....Y */ - 0xfd, 0xe2, 0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, /* .....L., */ - 0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6, /* .W..:.2. */ - 0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, /* J.r...&i */ - 0xd6, 0x6a, 0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, /* .jLLx.<. */ - 0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27, /* ....#.[' */ - 0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, /* ..\+.Mx. */ - 0x6b, 0x25, 0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, /* k%./.... */ - 0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b, /* ..D!F.4k */ - 0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, /* [...\`.. */ - 0xe6, 0x66, 0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, /* .f..cVP} */ - 0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58, /* .,/{G..X */ - 0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, /* w..' .r. */ - 0x4c, 0x7e, 0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, /* L~O.._.. */ - 0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22, /* .Yz..Sw" */ - 0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, /* A....... */ - 0x65, 0xbd, 0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, /* e..q<... */ - 0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4, /* ........ */ - 0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, /* ....+.[. */ - 0x28, 0xc1, 0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, /* (..1s\+. */ - 0x60, 0x97, 0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83, /* `..6.... */ - 0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, /* .u.)B..A */ - 0x55, 0xb9, 0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, /* U.p..... */ - 0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57 /* A.%..j.W */ + 0x2f, 0xb7, 0x6b, 0xec, 0xb7, 0x12, 0x63, 0xb9, /* /.k...c. */ + 0x57, 0xdc, 0x04, 0x4d, 0x9c, 0x67, 0x74, 0x98, /* W..M.gt. */ + 0x06, 0x28, 0x68, 0x37, 0x34, 0xc2, 0x50, 0xe9, /* .(h74.P. */ + 0x2a, 0xd4, 0x1a, 0xb2, 0x32, 0x1a, 0x9d, 0x2b, /* *...2..+ */ + 0x4f, 0x23, 0x50, 0xea, 0xb4, 0x95, 0x86, 0xc3, /* O#P..... */ + 0xb9, 0x5f, 0x34, 0x3e, 0x99, 0x91, 0xa7, 0x80, /* ._4>.... */ + 0x5f, 0x6e, 0x1b, 0x6e, 0xdb, 0xe9, 0x02, 0x38, /* _n.n...8 */ + 0x6f, 0xdf, 0xc5, 0x9b, 0x0d, 0xa3, 0x1c, 0xa9, /* o....... */ + 0x15, 0x76, 0x16, 0x66, 0xa8, 0x4e, 0xfb, 0xd3, /* .v.f.N.. */ + 0x43, 0x76, 0xf1, 0x72, 0xb7, 0xd1, 0xfa, 0xee, /* Cv.r.... */ + 0x39, 0xa6, 0x96, 0xc1, 0xa2, 0x93, 0xa4, 0x9b, /* 9....... */ + 0x1e, 0x9f, 0xba, 0x71, 0x8f, 0xba, 0xbd, 0x67, /* ...q...g */ + 0x6a, 0xf2, 0x15, 0x5f, 0xf1, 0x64, 0xe7, 0xcf, /* j.._.d.. */ + 0x26, 0xb8, 0x4c, 0xc0, 0xeb, 0x85, 0x04, 0x58, /* &.L....X */ + 0xd9, 0x4a, 0x6b, 0xd9, 0x86, 0xf5, 0x80, 0x21, /* .Jk....! */ + 0xbf, 0x91, 0xc8, 0x4b, 0x9f, 0x04, 0xed, 0x57, /* ...K...W */ + 0x7a, 0xd2, 0x58, 0xac, 0x5b, 0x47, 0xaf, 0x4d, /* z.X.[G.M */ + 0x7f, 0x5b, 0x1d, 0x6d, 0x68, 0x9b, 0x84, 0x98, /* .[.mh... */ + 0x2a, 0x31, 0x02, 0x2c, 0xe9, 0x1b, 0xaf, 0x11, /* *1.,.... */ + 0x0b, 0x78, 0x49, 0xbe, 0x68, 0x68, 0xcb, 0x9c, /* .xI.hh.. */ + 0x41, 0x56, 0xe8, 0xb5, 0x59, 0xda, 0xff, 0xca, /* AV..Y... */ + 0x59, 0x99, 0x17, 0x3e, 0x11, 0x0a, 0x8f, 0x49, /* Y..>...I */ + 0x24, 0x0b, 0x81, 0x42, 0x63, 0xcd, 0x4f, 0xf6, /* $..Bc.O. */ + 0x2b, 0x9d, 0xd1, 0x79, 0x75, 0xd7, 0x4a, 0xcc, /* +..yu.J. */ + 0x4c, 0xb7, 0x2b, 0xd7, 0xe8, 0xe7, 0xd4, 0x48, /* L.+....H */ + 0x3c, 0x14, 0x3b, 0x1c, 0x28, 0xe8, 0x46, 0x7a, /* <.;.(.Fz */ + 0xdc, 0x11, 0x9d, 0x7f, 0x1c, 0xab, 0x10, 0x95, /* ........ */ + 0x17, 0xb2, 0xc7, 0x7a, 0xbb, 0x17, 0x44, 0x59, /* ...z..DY */ + 0x69, 0x8e, 0x16, 0x05, 0x94, 0x8c, 0x88, 0xd9, /* i....... */ + 0xdc, 0x9a, 0xfd, 0xf2, 0x93, 0xbe, 0x68, 0xba, /* ......h. */ + 0x3c, 0xd6, 0x2b, 0x61, 0x3a, 0x8b, 0xf7, 0x66, /* <.+a:..f */ + 0xcb, 0x54, 0xe8, 0xe4, 0xdb, 0x9f, 0xcc, 0x9e /* .T...... */ }; OcspEntry entry[1]; CertStatus status[1]; @@ -53663,7 +53662,7 @@ static int test_wolfSSL_ASN1_get_object(void) /* SEQUENCE */ ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0); - ExpectIntEQ(asnLen, 862); + ExpectIntEQ(asnLen, 861); ExpectIntEQ(tag, 0x10); ExpectIntEQ(cls, 0); @@ -54855,7 +54854,7 @@ static int test_wolfSSL_ASN1_TIME_print(void) ExpectIntEQ(ASN1_TIME_print(bio, notBefore), 1); ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - ExpectIntEQ(XMEMCMP(buf, "Dec 18 21:25:29 2024 GMT", sizeof(buf) - 1), 0); + ExpectIntEQ(XMEMCMP(buf, "Dec 13 22:19:28 2023 GMT", sizeof(buf) - 1), 0); /* Test BIO_write fails. */ ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); @@ -65331,8 +65330,8 @@ static int test_wolfSSL_X509_sign2(void) const unsigned char expected[] = { 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B, 0xB7, - 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23, 0xF2, 0xEC, 0x30, + 0x02, 0x02, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55, 0x8A, + 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, 0xB8, 0xE8, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, @@ -65411,34 +65410,34 @@ static int test_wolfSSL_X509_sign2(void) 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x82, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B, - 0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23, 0xF2, 0xEC, + 0x6F, 0x6D, 0x82, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55, + 0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, 0xB8, 0xE8, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0xB9, 0x6C, 0xC2, 0xFA, 0x02, 0xC4, 0x3B, 0xB4, 0x68, - 0xB2, 0xF3, 0xE3, 0x0D, 0xFA, 0x61, 0xAF, 0xB5, 0x54, 0x14, 0x4C, 0x59, - 0xFC, 0xF8, 0xD0, 0x48, 0x09, 0xAC, 0x0E, 0x16, 0x73, 0x1F, 0xF2, 0x5B, - 0x43, 0xD8, 0x41, 0xD1, 0x62, 0x8C, 0x07, 0x76, 0x88, 0x3F, 0x73, 0x6E, - 0xD1, 0xE4, 0x66, 0x3D, 0x6A, 0x57, 0xC8, 0x85, 0x86, 0xBE, 0xAE, 0x7B, - 0x48, 0xCB, 0x67, 0xB3, 0x80, 0x21, 0x3E, 0xFE, 0x7C, 0x7C, 0x0C, 0x76, - 0x9F, 0x54, 0xBC, 0xA5, 0x89, 0xDE, 0x6C, 0x0B, 0x0A, 0x26, 0xCA, 0x66, - 0x4F, 0xC0, 0xB9, 0xDF, 0x3A, 0x14, 0x88, 0xB8, 0x90, 0x7E, 0x32, 0x6D, - 0x45, 0xF4, 0x14, 0x7B, 0x28, 0x69, 0xCE, 0x80, 0x59, 0x2D, 0x7B, 0x98, - 0x8D, 0x33, 0xDB, 0x4B, 0x16, 0xAA, 0x5E, 0x5E, 0xED, 0x15, 0x6A, 0x01, - 0x9F, 0x16, 0xC1, 0xE4, 0x23, 0x89, 0x30, 0xD4, 0xD8, 0xC9, 0xAD, 0x5A, - 0x05, 0xC0, 0xE7, 0x9D, 0xF8, 0xD2, 0xD1, 0x80, 0x53, 0x9A, 0x00, 0xB6, - 0xA3, 0xD6, 0x54, 0xFC, 0xFC, 0x4A, 0x9D, 0x31, 0x3F, 0xBB, 0xCD, 0xBC, - 0xDD, 0x43, 0xFC, 0x25, 0x1A, 0x8F, 0xAE, 0x03, 0x39, 0xC8, 0x1D, 0x32, - 0x86, 0x3F, 0xDE, 0xD1, 0xD4, 0xD8, 0x7F, 0xC0, 0x2F, 0x11, 0x56, 0x18, - 0xC6, 0x27, 0x42, 0x2C, 0xB9, 0x10, 0xEC, 0xA9, 0xDE, 0x11, 0x25, 0x0C, - 0xF3, 0xD6, 0x49, 0x22, 0x1E, 0x6A, 0x9D, 0x64, 0x06, 0x61, 0x26, 0xCE, - 0x27, 0x3E, 0x22, 0x94, 0xEC, 0x6B, 0x25, 0xE0, 0xDC, 0x33, 0xF6, 0x91, - 0x7D, 0x6E, 0x2E, 0x13, 0xFB, 0x36, 0x6C, 0x48, 0x1B, 0xAC, 0x3C, 0x1B, - 0x7A, 0x60, 0x32, 0xCC, 0xE4, 0x05, 0xB4, 0x61, 0x2E, 0xCC, 0x14, 0xA4, - 0xCE, 0xD0, 0xE9, 0xD6, 0xAF, 0x18, 0x9D, 0x51, 0x0E, 0xEF, 0x8B, 0xE4, - 0xE0, 0x63, 0x86, 0x83, 0x6A, 0x4B, 0x7F + 0x01, 0x01, 0x00, 0x14, 0xFB, 0xD0, 0xCE, 0x31, 0x7F, 0xA5, 0x59, 0xFA, + 0x7C, 0x68, 0x26, 0xA7, 0xE8, 0x0D, 0x9F, 0x50, 0x57, 0xFA, 0x1C, 0x7C, + 0x5E, 0x43, 0xA4, 0x97, 0x47, 0xB6, 0x41, 0xAC, 0x63, 0xD3, 0x61, 0x8C, + 0x1F, 0x42, 0xEF, 0x53, 0xD0, 0xBA, 0x31, 0x4D, 0x99, 0x74, 0xA4, 0x60, + 0xDC, 0xC6, 0x6F, 0xCC, 0x1E, 0x25, 0x98, 0xE1, 0xA4, 0xA0, 0x67, 0x69, + 0x97, 0xE3, 0x97, 0x7C, 0x83, 0x28, 0xF1, 0xF4, 0x7D, 0x03, 0xA8, 0x31, + 0x77, 0xCC, 0xD1, 0x37, 0xEF, 0x7B, 0x4A, 0x71, 0x2D, 0x11, 0x7E, 0x92, + 0xF5, 0x67, 0xB7, 0x56, 0xBA, 0x28, 0xF8, 0xD6, 0xCE, 0x2A, 0x71, 0xE3, + 0x70, 0x6B, 0x09, 0x0F, 0x67, 0x6F, 0x7A, 0xE0, 0x89, 0xF6, 0x5E, 0x23, + 0x0C, 0x0A, 0x44, 0x4E, 0x65, 0x8E, 0x7B, 0x68, 0xD0, 0xAD, 0x76, 0x3E, + 0x2A, 0x0E, 0xA2, 0x05, 0x11, 0x74, 0x24, 0x08, 0x60, 0xED, 0x9F, 0x98, + 0x18, 0xE9, 0x91, 0x58, 0x36, 0xEC, 0xEC, 0x25, 0x6B, 0xBA, 0x9C, 0x87, + 0x38, 0x68, 0xDC, 0xDC, 0x15, 0x6F, 0x20, 0x68, 0xC4, 0xBF, 0x05, 0x5B, + 0x4A, 0x0C, 0x44, 0x2B, 0x92, 0x3F, 0x10, 0x99, 0xDC, 0xF6, 0x6C, 0x0E, + 0x34, 0x26, 0x6E, 0x6D, 0x4E, 0x12, 0xBC, 0x60, 0x8F, 0x27, 0x1D, 0x7A, + 0x00, 0x50, 0xBE, 0x23, 0xDE, 0x48, 0x47, 0x9F, 0xAD, 0x2F, 0x94, 0x3D, + 0x16, 0x73, 0x48, 0x6B, 0xC8, 0x97, 0xE6, 0xB4, 0xB3, 0x4B, 0xE1, 0x68, + 0x08, 0xC3, 0xE5, 0x34, 0x5F, 0x9B, 0xDA, 0xAB, 0xCA, 0x6D, 0x55, 0x32, + 0xEF, 0x6C, 0xEF, 0x9B, 0x8B, 0x5B, 0xC7, 0xF0, 0xC2, 0x0F, 0x8E, 0x93, + 0x09, 0x60, 0x3C, 0x0B, 0xDC, 0xBD, 0xDB, 0x4A, 0x2D, 0xD0, 0x98, 0xAA, + 0xAB, 0x6C, 0x6F, 0x6D, 0x6B, 0x6A, 0x5C, 0x33, 0xAC, 0xAD, 0xA8, 0x1B, + 0x38, 0x5D, 0x9F, 0xDA, 0xE7, 0x70, 0x07 }; pt = ca_key_der_2048; @@ -72890,9 +72889,6 @@ static int test_wolfSSL_GENERAL_NAME_print(void) wolfSSL_ASN1_STRING_free(gn->d.ia5); gn->d.registeredID = ridObj; } - else { - wolfSSL_ASN1_OBJECT_free(ridObj); - } ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); @@ -101587,7 +101583,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_X509_STORE_CTX), TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex), TEST_DECL(test_X509_STORE_untrusted), -#if defined(OPENSSL_ALL) && !defined(NO_RSA) +#if defined(OPENSSL_ALL) TEST_DECL(test_X509_STORE_InvalidCa), #endif TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), diff --git a/tests/quic.c b/tests/quic.c index c58625db48..f0d90aedce 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -554,7 +554,7 @@ static int ctx_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t if (ctx->verbose) { printf("[%s] send_alert: level=%d, err=%d\n", ctx->name, level, err); } - ctx->alert_level = level; + ctx->alert_level = (int)level; ctx->alert = alert; return 1; } diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 2f5d5d40f5..ffa98e4d96 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -212,7 +212,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) #endif { ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz, - NULL, NULL, cmac->type, NULL); + NULL, NULL, (int)cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -294,8 +294,8 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) if (cmac->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type, - NULL); + ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, + (int)cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 70717964cb..de9c7aed3f 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -300,7 +300,7 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 maxSz, else if (e < sizeof(base64Encode)) basic = base64Encode[e]; else - return BAD_FUNC_ARG; + basic = base64Encode[e]; /* check whether to escape. Only escape for EncodeEsc */ if (escaped == WC_ESC_NL_ENC) { diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ef87516d10..85aa1ad9eb 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -7505,7 +7505,7 @@ static int _HMAC_K(byte* K, word32 KSz, byte* V, word32 VSz, ret = init = wc_HmacInit(&hmac, heap, INVALID_DEVID); if (ret == 0) - ret = wc_HmacSetKey(&hmac, hashType, K, KSz); + ret = wc_HmacSetKey(&hmac, (int)hashType, K, KSz); if (ret == 0) ret = wc_HmacUpdate(&hmac, V, VSz); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c3eb12edeb..8aea883190 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2633,7 +2633,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ return WOLFSSL_FAILURE; } if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) { - if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, + if (wc_HKDF((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, (word32)*keylen) != 0) { @@ -2642,7 +2642,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ } } else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) { - if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt, + if (wc_HKDF_Extract((int)hkdfHashType, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, key) != 0) { WOLFSSL_MSG("wc_HKDF_Extract failed."); @@ -2659,7 +2659,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ } } else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { - if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey, + if (wc_HKDF_Expand((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, (word32)*keylen) != 0) { @@ -4867,6 +4867,7 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, { const char *nostring = ""; int ret = 0; + enum wc_HashType pbkdf2HashType; if (pass == NULL) { passlen = 0; @@ -4875,8 +4876,10 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, passlen = (int)XSTRLEN(pass); } + pbkdf2HashType = EvpMd2MacType(digest); + ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, - iter, keylen, EvpMd2MacType(digest)); + iter, keylen, pbkdf2HashType); if (ret == 0) return WOLFSSL_SUCCESS; else @@ -6299,14 +6302,16 @@ void wolfSSL_EVP_init(void) case WC_AES_256_OFB_TYPE: #endif wc_AesFree(&ctx->cipher.aes); - ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; + ctx->flags &= + (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) case WC_AES_128_XTS_TYPE: case WC_AES_256_XTS_TYPE: wc_AesXtsFree(&ctx->cipher.xts); - ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; + ctx->flags &= + (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #endif #endif /* AES */ diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index c45c63563b..255fb2adc5 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -814,7 +814,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz, return BAD_FUNC_ARG; } - ret = wc_HmacSizeByType(enmhashId); + ret = wc_HmacSizeByType((int)enmhashId); if (ret <= 0) { return BAD_FUNC_ARG; } diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index d548cd6149..d4c47e57f4 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -904,7 +904,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, * Get the error value at the HEAD of the ERR queue or 0 if the queue * is empty. The HEAD entry is removed by this call. */ -unsigned long wc_GetErrorNodeErr(void) +int wc_GetErrorNodeErr(void) { int ret; @@ -923,7 +923,7 @@ unsigned long wc_GetErrorNodeErr(void) wc_ClearErrorNodes(); } } - return (unsigned long)ret; + return ret; } #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) @@ -1171,7 +1171,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file) sz = WOLFSSL_MAX_ERROR_SZ - 1; } if (sz > 0) { - XMEMCPY(err->error, buf, sz); + XMEMCPY(err->error, buf, (size_t)sz); } sz = (int)XSTRLEN(file); @@ -1179,7 +1179,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file) sz = WOLFSSL_MAX_ERROR_SZ - 1; } if (sz > 0) { - XMEMCPY(err->file, file, sz); + XMEMCPY(err->file, file, (size_t)sz); } err->value = error; @@ -1420,7 +1420,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, } } -unsigned long wc_GetErrorNodeErr(void) +int wc_GetErrorNodeErr(void) { int ret; @@ -1428,7 +1428,7 @@ unsigned long wc_GetErrorNodeErr(void) if (ERRQ_LOCK() != 0) { WOLFSSL_MSG("Lock debug mutex failed"); - return (unsigned long)(0 - BAD_MUTEX_E); + return (0 - BAD_MUTEX_E); } ret = pullErrorNode(NULL, NULL, NULL); @@ -1595,10 +1595,10 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, return (unsigned long)(0 - NOT_COMPILED_IN); } -unsigned long wc_GetErrorNodeErr(void) +int wc_GetErrorNodeErr(void) { WOLFSSL_ENTER("wc_GetErrorNodeErr"); - return (unsigned long)(0 - NOT_COMPILED_IN); + return (0 - NOT_COMPILED_IN); } #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index 76b5cd5d77..d947d37e95 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -2074,24 +2074,17 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64)); state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); - while (outLen > 0) { - unsigned int len = min(outLen, WC_SHA3_256_BLOCK_SIZE); - - if (IS_INTEL_BMI2(cpuid_flags)) { - sha3_block_bmi2(state); - } - else if (IS_INTEL_AVX2(cpuid_flags) && - (SAVE_VECTOR_REGISTERS2() == 0)) { - sha3_block_avx2(state); - RESTORE_VECTOR_REGISTERS(); - } - else { - BlockSha3(state); - } - XMEMCPY(out, state, len); - out += len; - outLen -= len; + if (IS_INTEL_BMI2(cpuid_flags)) { + sha3_block_bmi2(state); + } + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } + else { + BlockSha3(state); + } + XMEMCPY(out, state, outLen); return 0; #else diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a397691b1c..747b2ec60a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -845,7 +845,7 @@ static void render_error_message(const char* msg, wc_test_ret_t es) #else err_sys_printf("%s error L=%d code=%d (%s)\n", msg, WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es), - wolfSSL_ERR_reason_error_string(-WC_TEST_RET_DEC_I(es)) + wolfSSL_ERR_reason_error_string((unsigned long)-WC_TEST_RET_DEC_I(es)) ); #endif break; @@ -9134,7 +9134,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, return MEMORY_E; #endif - cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + cipher = (byte*)XMALLOC((size_t)plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (cipher == NULL) { ret = WC_TEST_RET_ENC_ERRNO; goto EVP_TEST_END; @@ -9160,7 +9160,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, } cipherSz += idx; - if (XMEMCMP(cipher, expected, plainSz)) { + if (XMEMCMP(cipher, expected, (size_t)plainSz)) { ret = WC_TEST_RET_ENC_NC; goto EVP_TEST_END; } @@ -9194,7 +9194,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, } cipherSz += idx; - if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) { + if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, (size_t)plainSz)) { ret = WC_TEST_RET_ENC_NC; goto EVP_TEST_END; } @@ -11139,9 +11139,11 @@ static wc_test_ret_t aes_xts_128_test(void) for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { if ((j - k) < WC_AES_BLOCK_SIZE*2) - ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + ret = wc_AesXtsEncryptFinal(aes, large_input + k, + large_input + k, (word32)(j - k), &stream); else - ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream); + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, + large_input + k, WC_AES_BLOCK_SIZE, &stream); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11201,9 +11203,11 @@ static wc_test_ret_t aes_xts_128_test(void) for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { if ((j - k) < WC_AES_BLOCK_SIZE*2) - ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + ret = wc_AesXtsDecryptFinal(aes, large_input + k, + large_input + k, (word32)(j - k), &stream); else - ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream); + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, + large_input + k, WC_AES_BLOCK_SIZE, &stream); #if defined(WOLFSSL_ASYNC_CRYPT) #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, @@ -11790,7 +11794,7 @@ static wc_test_ret_t aes_xts_192_test(void) ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1, + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); @@ -11801,7 +11805,7 @@ static wc_test_ret_t aes_xts_192_test(void) ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1, + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS @@ -11839,9 +11843,11 @@ static wc_test_ret_t aes_xts_192_test(void) for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { if ((j - k) < WC_AES_BLOCK_SIZE*2) - ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + ret = wc_AesXtsEncryptFinal(aes, large_input + k, + large_input + k, (word32)(j - k), &stream); else - ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream); + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, + large_input + k, WC_AES_BLOCK_SIZE, &stream); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -11901,9 +11907,11 @@ static wc_test_ret_t aes_xts_192_test(void) for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { if ((j - k) < WC_AES_BLOCK_SIZE*2) - ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + ret = wc_AesXtsDecryptFinal(aes, large_input + k, + large_input + k, (word32)(j - k), &stream); else - ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream); + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, + large_input + k, WC_AES_BLOCK_SIZE, &stream); #if defined(WOLFSSL_ASYNC_CRYPT) #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, @@ -12246,7 +12254,7 @@ static wc_test_ret_t aes_xts_256_test(void) ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1, + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); @@ -12257,7 +12265,7 @@ static wc_test_ret_t aes_xts_256_test(void) ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1, + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, sizeof(i1)); #if defined(WOLFSSL_ASYNC_CRYPT) #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS @@ -12864,7 +12872,7 @@ static wc_test_ret_t aes_cbc_oneshot_test(void) } #endif -#if defined(WOLFSSL_AES_COUNTER) +#if defined(WOLFSSL_AES_COUNTER) && defined(HAVE_AES_DECRYPT) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 4cedf122f8..3f3c036a38 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5765,8 +5765,7 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA const Suites* clSuites; #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher * suites */ #endif diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index a60f70b499..354fa5e4c4 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -135,7 +135,7 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); WOLFSSL_LOCAL unsigned long wc_PeekErrorNodeLineData( const char **file, int *line, const char **data, int *flags, int (*ignore_err)(int err)); - WOLFSSL_LOCAL unsigned long wc_GetErrorNodeErr(void); + WOLFSSL_LOCAL int wc_GetErrorNodeErr(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str,