diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 3c66e60b7..3b5395a71 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -29,7 +29,6 @@ #include "config.h" -#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C) #include "asn1.h" #include "dhm.h" #include "md.h" @@ -709,5 +708,4 @@ int x509_self_test( int verbose ); } #endif -#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */ #endif /* x509.h */ diff --git a/library/oid.c b/library/oid.c index 81b313e33..0386ba1d4 100644 --- a/library/oid.c +++ b/library/oid.c @@ -32,6 +32,10 @@ #include "polarssl/oid.h" #include "polarssl/rsa.h" +#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C) +#include "polarssl/x509.h" +#endif + #include /* diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 8edc57f0d..0ffe886b5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -105,7 +105,6 @@ static int ssl_save_session( const ssl_session *session, static int ssl_load_session( ssl_session *session, const unsigned char *buf, size_t len ) { - int ret; const unsigned char *p = buf; const unsigned char * const end = buf + len; #if defined(POLARSSL_X509_PARSE_C) @@ -131,6 +130,8 @@ static int ssl_load_session( ssl_session *session, } else { + int ret; + if( p + cert_len > end ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); @@ -1834,14 +1835,19 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) { int ret; size_t n = 0, len; - unsigned char hash[64]; - md_type_t md_alg = POLARSSL_MD_NONE; - unsigned int hashlen = 0; unsigned char *p = ssl->out_msg + 4; + const ssl_ciphersuite_t *ciphersuite_info; + +#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) unsigned char *dig_signed = p; size_t dig_signed_len = 0; + ((void) dig_signed); + ((void) dig_signed_len); +#endif - const ssl_ciphersuite_t *ciphersuite_info; ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); @@ -1959,6 +1965,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) { size_t signature_len = 0; + unsigned int hashlen = 0; + unsigned char hash[64]; + md_type_t md_alg = POLARSSL_MD_NONE; /* * Choose hash algorithm. NONE means MD5 + SHA1 here. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 208e69b7d..24cee1c31 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -72,14 +72,14 @@ static unsigned int mfl_code_to_length[SSL_MAX_FRAG_LEN_INVALID] = static int ssl_session_copy( ssl_session *dst, const ssl_session *src ) { - int ret; - ssl_session_free( dst ); memcpy( dst, src, sizeof( ssl_session ) ); #if defined(POLARSSL_X509_PARSE_C) if( src->peer_cert != NULL ) { + int ret; + if( ( dst->peer_cert = polarssl_malloc( sizeof(x509_cert) ) ) == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 6448f2678..dba9c5e07 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -22,7 +22,7 @@ void string_debug(void *data, int level, const char *str) * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:POLARSSL_FS_IO */ +/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_PARSE_C */ void debug_print_crt( char *crt_file, char *file, int line, char *prefix, char *result_str ) {