Merge pull request #5578 from douzzer/20220909-fixes

20220909-fixes
2022-09-09 16:37:35 -06:00 · 2022-09-09 16:37:35 -06:00 · fa6bc79f8b
commit fa6bc79f8b
parent 460b6f1ecc 0603031362
4 changed files with 20 additions and 29 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -8326,6 +8326,8 @@ static DtlsFragBucket* DtlsMsgCombineFragBuckets(DtlsMsg* msg,

 static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg)
 {
+    DtlsHandShakeHeader* dtls;
+
    /* We have received all necessary fragments. Reconstruct the header. */
    if (msg->fragBucketListCount != 1 || msg->fragBucketList->m.m.offset != 0 ||
            msg->fragBucketList->m.m.sz != msg->sz) {
@ -8341,9 +8343,9 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg)

    /* frag->padding makes sure we can fit the entire DTLS handshake header
     * before frag->buf */
-    DtlsHandShakeHeader* dtls =
-            (DtlsHandShakeHeader*)(msg->fragBucketList->buf -
-                                    DTLS_HANDSHAKE_HEADER_SZ);
+    dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList
+                                          + OFFSETOF(DtlsFragBucket,buf)
+                                          - DTLS_HANDSHAKE_HEADER_SZ);

    msg->fragBucketList = NULL;
    msg->fragBucketListCount = 0;
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@ -8469,6 +8469,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
 {
    int length, encryptedKeySz = 0, ret = 0;
    int keySz, version, sidType = 0;
+    word32 encOID = 0;
    word32 keyIdx;
    byte   issuerHash[KEYID_SIZE];
    byte*  outKey   = NULL;
@ -8644,30 +8645,19 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                (*idx) += KEYID_SIZE;
            }

-            {
-                word32 encOID = 0;
-
-                if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0)
-                    return ASN_PARSE_E;
-
-                if (encOID != pkcs7->publicKeyOID) {
-                    WOLFSSL_MSG("public key OID found in KTRI doesn't match "
-                                "OID stored earlier.");
-                    WOLFSSL_ERROR(ALGO_ID_E);
-                    return ALGO_ID_E;
-                }
-            }
+            if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0)
+                return ASN_PARSE_E;

            /* key encryption algorithm must be RSA for now */
-            if (pkcs7->publicKeyOID != RSAk
+            if (encOID != RSAk
            #ifndef WC_NO_RSA_OAEP
-                && pkcs7->publicKeyOID != RSAESOAEPk
+                && encOID != RSAESOAEPk
            #endif
                )
                return ALGO_ID_E;

        #ifndef WC_NO_RSA_OAEP
-            if (pkcs7->publicKeyOID == RSAESOAEPk) {
+            if (encOID == RSAESOAEPk) {
                if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) {
                    return ASN_PARSE_E;
                }
@ -8704,7 +8694,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
            FALL_THROUGH;

        case WC_PKCS7_DECRYPT_KTRI_3:
-
        #ifndef NO_PKCS7_STREAM
            if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
                            pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
@ -8778,7 +8767,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
            #endif
                {
            #ifndef WC_NO_RSA_OAEP
-                    if (pkcs7->publicKeyOID != RSAESOAEPk) {
+                    if (encOID != RSAESOAEPk) {
            #endif
                        keySz = wc_RsaPrivateDecryptInline(encryptedKey,
                                                        encryptedKeySz, &outKey,
@ -8827,7 +8816,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
                XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
        #endif
        #ifndef WC_NO_RSA_OAEP
-                if (pkcs7->publicKeyOID == RSAESOAEPk) {
+                if (encOID == RSAESOAEPk) {
                    if (!outKey) {
                        XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                    }
@ -8845,7 +8834,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
            XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
        #endif
        #ifndef WC_NO_RSA_OAEP
-            if (pkcs7->publicKeyOID == RSAESOAEPk) {
+            if (encOID == RSAESOAEPk) {
                if (!outKey) {
                    XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                }
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -4582,7 +4582,7 @@ WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*
 WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*);

 #define WOLF_SK_COMPARE_CB(type, arg) \
-    int (*arg) (const type* const* a, const type* const* b)
+    int (*(arg)) (const type* const* a, const type* const* b)
 typedef unsigned long (*wolf_sk_hash_cb) (const void *v);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(
    WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME, cb));
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -2753,11 +2753,11 @@ extern void uITRON4_free(void *p) ;
 /* Are we using an external private key store like:
 *     PKCS11 / HSM / crypto callback / PK callback */
 #if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \
-	(defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS) || \
-	 defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_KCAPI))
-	 /* Enables support for using wolfSSL_CTX_use_PrivateKey_Id and
-	  *   wolfSSL_CTX_use_PrivateKey_Label */
-	#define WOLF_PRIVATE_KEY_ID
+        (defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS) || \
+         defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_KCAPI))
+         /* Enables support for using wolfSSL_CTX_use_PrivateKey_Id and
+          *   wolfSSL_CTX_use_PrivateKey_Label */
+        #define WOLF_PRIVATE_KEY_ID
 #endif

 /* With titan cache size there is too many sessions to fit with the default