diff --git a/src/internal.c b/src/internal.c index 36c59eced..ec9dd2d78 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8326,6 +8326,8 @@ static DtlsFragBucket* DtlsMsgCombineFragBuckets(DtlsMsg* msg, static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg) { + DtlsHandShakeHeader* dtls; + /* We have received all necessary fragments. Reconstruct the header. */ if (msg->fragBucketListCount != 1 || msg->fragBucketList->m.m.offset != 0 || msg->fragBucketList->m.m.sz != msg->sz) { @@ -8341,9 +8343,9 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg) /* frag->padding makes sure we can fit the entire DTLS handshake header * before frag->buf */ - DtlsHandShakeHeader* dtls = - (DtlsHandShakeHeader*)(msg->fragBucketList->buf - - DTLS_HANDSHAKE_HEADER_SZ); + dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList + + OFFSETOF(DtlsFragBucket,buf) + - DTLS_HANDSHAKE_HEADER_SZ); msg->fragBucketList = NULL; msg->fragBucketListCount = 0; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 7b7644b39..1b4c2f478 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -8469,6 +8469,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, { int length, encryptedKeySz = 0, ret = 0; int keySz, version, sidType = 0; + word32 encOID = 0; word32 keyIdx; byte issuerHash[KEYID_SIZE]; byte* outKey = NULL; @@ -8644,30 +8645,19 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, (*idx) += KEYID_SIZE; } - { - word32 encOID = 0; - - if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0) - return ASN_PARSE_E; - - if (encOID != pkcs7->publicKeyOID) { - WOLFSSL_MSG("public key OID found in KTRI doesn't match " - "OID stored earlier."); - WOLFSSL_ERROR(ALGO_ID_E); - return ALGO_ID_E; - } - } + if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0) + return ASN_PARSE_E; /* key encryption algorithm must be RSA for now */ - if (pkcs7->publicKeyOID != RSAk + if (encOID != RSAk #ifndef WC_NO_RSA_OAEP - && pkcs7->publicKeyOID != RSAESOAEPk + && encOID != RSAESOAEPk #endif ) return ALGO_ID_E; #ifndef WC_NO_RSA_OAEP - if (pkcs7->publicKeyOID == RSAESOAEPk) { + if (encOID == RSAESOAEPk) { if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) { return ASN_PARSE_E; } @@ -8704,7 +8694,6 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, FALL_THROUGH; case WC_PKCS7_DECRYPT_KTRI_3: - #ifndef NO_PKCS7_STREAM if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected, &pkiMsg, idx)) != 0) { @@ -8778,7 +8767,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, #endif { #ifndef WC_NO_RSA_OAEP - if (pkcs7->publicKeyOID != RSAESOAEPk) { + if (encOID != RSAESOAEPk) { #endif keySz = wc_RsaPrivateDecryptInline(encryptedKey, encryptedKeySz, &outKey, @@ -8827,7 +8816,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif #ifndef WC_NO_RSA_OAEP - if (pkcs7->publicKeyOID == RSAESOAEPk) { + if (encOID == RSAESOAEPk) { if (!outKey) { XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -8845,7 +8834,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif #ifndef WC_NO_RSA_OAEP - if (pkcs7->publicKeyOID == RSAESOAEPk) { + if (encOID == RSAESOAEPk) { if (!outKey) { XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index dab5bd854..bb3a63390 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4582,7 +4582,7 @@ WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)* WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); #define WOLF_SK_COMPARE_CB(type, arg) \ - int (*arg) (const type* const* a, const type* const* b) + int (*(arg)) (const type* const* a, const type* const* b) typedef unsigned long (*wolf_sk_hash_cb) (const void *v); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new( WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME, cb)); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 5e959e36e..04975e6e8 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2753,11 +2753,11 @@ extern void uITRON4_free(void *p) ; /* Are we using an external private key store like: * PKCS11 / HSM / crypto callback / PK callback */ #if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \ - (defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS) || \ - defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_KCAPI)) - /* Enables support for using wolfSSL_CTX_use_PrivateKey_Id and - * wolfSSL_CTX_use_PrivateKey_Label */ - #define WOLF_PRIVATE_KEY_ID + (defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS) || \ + defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_KCAPI)) + /* Enables support for using wolfSSL_CTX_use_PrivateKey_Id and + * wolfSSL_CTX_use_PrivateKey_Label */ + #define WOLF_PRIVATE_KEY_ID #endif /* With titan cache size there is too many sessions to fit with the default