diff --git a/src/internal.c b/src/internal.c index d3543883e..0201261ef 100755 --- a/src/internal.c +++ b/src/internal.c @@ -644,6 +644,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) FreeDer(&ctx->privateKey); FreeDer(&ctx->certificate); #ifdef OPENSSL_EXTRA + FreeX509(ctx->ourCert); if (ctx->ourCert) { XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); } @@ -11170,10 +11171,17 @@ const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl) if (cipher_name_idx[i] == ssl->options.cipherSuite) { const char* nameFound = cipher_names[i]; + /* extra sanity check on returned cipher name */ + if (nameFound == NULL) { + continue; + } + /* if first is null then not any */ - if (first == NULL && !XSTRSTR(nameFound, "CHACHA") && + if (first == NULL) { + if (!XSTRSTR(nameFound, "CHACHA") && !XSTRSTR(nameFound, "EC") && !XSTRSTR(nameFound, "CCM")) { - return cipher_names[i]; + return cipher_names[i]; + } } else if (XSTRSTR(nameFound, first)) { return cipher_names[i]; diff --git a/src/ssl.c b/src/ssl.c index ab0a958b1..84aba0757 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3470,6 +3470,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, if (ssl->buffers.weOwnCert) { FreeDer(&ssl->buffers.certificate); #ifdef OPENSSL_EXTRA + FreeX509(ssl->ourCert); if (ssl->ourCert) { XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); } @@ -3486,6 +3487,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, else if (ctx) { FreeDer(&ctx->certificate); /* Make sure previous is free'd */ #ifdef OPENSSL_EXTRA + FreeX509(ctx->ourCert); if (ctx->ourCert) { XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); } @@ -8042,6 +8044,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG("Unloading cert"); FreeDer(&ssl->buffers.certificate); #ifdef OPENSSL_EXTRA + FreeX509(ssl->ourCert); if (ssl->ourCert) { XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); } diff --git a/tests/api.c b/tests/api.c index 630588d75..9e6932941 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1703,6 +1703,7 @@ static void test_wolfSSL_X509_NAME_get_entry(void) subCN = (char*)ASN1_STRING_data(asn); AssertNotNull(subCN); + wolfSSL_FreeX509(x509); #endif } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e5fc798e0..17d3aa7eb 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3013,8 +3013,8 @@ int ExtractDate(const unsigned char* date, unsigned char format, certTime->tm_year = 2000; } else { /* format == GENERALIZED_TIME */ - certTime->tm_year += btoi(date[*idx++]) * 1000; - certTime->tm_year += btoi(date[*idx++]) * 100; + certTime->tm_year += btoi(date[*idx]) * 1000; *idx = *idx + 1; + certTime->tm_year += btoi(date[*idx]) * 100; *idx = *idx + 1; } /* adjust tm_year, tm_mon */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index de105ab30..f581f27a9 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -59,7 +59,6 @@ extern "C" { #endif - enum { ISSUER = 0, SUBJECT = 1, @@ -610,8 +609,10 @@ WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length); WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); +typedef struct tm wolfssl_tm; + WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, - struct tm* certTime, int* idx); + wolfssl_tm* certTime, int* idx); WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); /* ASN.1 helper functions */