Merge pull request #10064 from julek-wolfssl/master

douzzer · web-flow · commit 7a6e37d69786 · 2026-04-02T22:54:10.000-05:00
Fixes for wolfclu
diff --git a/examples/ocsp_responder/ocsp_responder.c b/examples/ocsp_responder/ocsp_responder.c
@@ -434,7 +434,7 @@ static int PopulateResponderFromIndex(OcspResponder* responder,
         word32 serialLen = 0;
         enum Ocsp_Cert_Status status;
         time_t revTime = 0;
-        enum WC_CRL_Reason revReason = CRL_REASON_UNSPECIFIED;
+        enum WC_CRL_Reason revReason = WC_CRL_REASON_UNSPECIFIED;
         word32 validity = 86400;
         char* p = entry->serial;
         word32 i;
@@ -487,7 +487,7 @@ static int PopulateResponderFromIndex(OcspResponder* responder,
         else if (entry->status == 'R') {
             status = CERT_REVOKED;
             revTime = entry->revocationTime;
-            revReason = CRL_REASON_UNSPECIFIED;
+            revReason = WC_CRL_REASON_UNSPECIFIED;
             validity = 0;
         }
         else {
diff --git a/src/internal.c b/src/internal.c
@@ -31027,7 +31027,7 @@ static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key)
             XMEMSET(pms, 0, sz);
             pms += sz;
         }
-        c16toa(arrays->psk_keySz, pms);
+        c16toa((word16)arrays->psk_keySz, pms);
         pms += OPAQUE16_LEN;
         XMEMCPY(pms, arrays->psk_key, arrays->psk_keySz);
         arrays->preMasterSz = sz + arrays->psk_keySz + OPAQUE16_LEN * 2;
diff --git a/src/ocsp.c b/src/ocsp.c
@@ -2556,8 +2556,8 @@ int wc_OcspResponder_SetCertStatus(OcspResponder* responder,
     if (status == CERT_REVOKED) {
         if (revocationTime <= 0)
             goto out;
-        if (revocationReason < CRL_REASON_UNSPECIFIED ||
-            revocationReason > CRL_REASON_AA_COMPROMISE)
+        if (revocationReason < WC_CRL_REASON_UNSPECIFIED ||
+            revocationReason > WC_CRL_REASON_AA_COMPROMISE)
             goto out;
         /* Skip value 7 which is not used */
         if (revocationReason == 7)
diff --git a/tests/api/test_ocsp.c b/tests/api/test_ocsp.c
@@ -1561,7 +1561,7 @@ int test_ocsp_responder(void)
             "./certs/ca-key.der",
             "./certs/server-cert.der",
             CERT_GOOD,
-            0, CRL_REASON_UNSPECIFIED,
+            0, WC_CRL_REASON_UNSPECIFIED,
             86400, /* validityPeriod - 24 hours */
             0,
             "RSA server cert - GOOD status"
@@ -1572,7 +1572,7 @@ int test_ocsp_responder(void)
             "./certs/ca-key.der",
             "./certs/server-cert.der",
             CERT_REVOKED,
-            now, CRL_REASON_KEY_COMPROMISE,  /* Revoked due to key compromise */
+            now, WC_CRL_REASON_KEY_COMPROMISE,  /* Revoked due to key compromise */
             0,     /* validityPeriod (not used for REVOKED) */
             OCSP_CERT_REVOKED,
             "RSA server cert - REVOKED status"
@@ -1583,7 +1583,7 @@ int test_ocsp_responder(void)
             "./certs/ca-key.der",
             "./certs/server-cert.der",
             CERT_UNKNOWN,
-            0, CRL_REASON_UNSPECIFIED,
+            0, WC_CRL_REASON_UNSPECIFIED,
             0,     /* validityPeriod (not used for UNKNOWN) */
             OCSP_CERT_UNKNOWN,
             "RSA server cert - UNKNOWN status"
@@ -1594,7 +1594,7 @@ int test_ocsp_responder(void)
             "./certs/ocsp/ocsp-responder-key.der",
             "./certs/ocsp/intermediate1-ca-cert.der",
             CERT_GOOD,
-            0, CRL_REASON_UNSPECIFIED,
+            0, WC_CRL_REASON_UNSPECIFIED,
             86400, /* validityPeriod - 24 hours */
             0,
             "RSA int1 cert with responder - GOOD status"
@@ -1605,7 +1605,7 @@ int test_ocsp_responder(void)
             "./certs/ocsp/ocsp-responder-key.der",
             "./certs/ocsp/intermediate1-ca-cert.der",
             CERT_REVOKED,
-            now, CRL_REASON_KEY_COMPROMISE,  /* Revoked due to key compromise */
+            now, WC_CRL_REASON_KEY_COMPROMISE,  /* Revoked due to key compromise */
             0,     /* validityPeriod (not used for REVOKED) */
             OCSP_CERT_REVOKED,
             "RSA int1 cert with responder - REVOKED status"
@@ -1616,7 +1616,7 @@ int test_ocsp_responder(void)
             "./certs/ocsp/ocsp-responder-key.der",
             "./certs/ocsp/intermediate1-ca-cert.der",
             CERT_UNKNOWN,
-            0, CRL_REASON_UNSPECIFIED,
+            0, WC_CRL_REASON_UNSPECIFIED,
             0,     /* validityPeriod (not used for UNKNOWN) */
             OCSP_CERT_UNKNOWN,
             "RSA int1 cert with responder - UNKNOWN status"
@@ -1628,7 +1628,7 @@ int test_ocsp_responder(void)
             "./certs/ca-ecc-key.der",
             "./certs/server-ecc.der",
             CERT_GOOD,
-            0, CRL_REASON_UNSPECIFIED,
+            0, WC_CRL_REASON_UNSPECIFIED,
             86400, /* validityPeriod - 24 hours */
             0,
             "ECC server cert - GOOD status"
@@ -1639,7 +1639,7 @@ int test_ocsp_responder(void)
             "./certs/ca-ecc-key.der",
             "./certs/server-ecc.der",
             CERT_REVOKED,
-            now, CRL_REASON_AFFILIATION_CHANGED,
+            now, WC_CRL_REASON_AFFILIATION_CHANGED,
             0,     /* validityPeriod (not used for REVOKED) */
             OCSP_CERT_REVOKED,
             "ECC server cert - REVOKED status"
@@ -1650,7 +1650,7 @@ int test_ocsp_responder(void)
             "./certs/ca-ecc-key.der",
             "./certs/server-ecc.der",
             CERT_UNKNOWN,
-            0, CRL_REASON_UNSPECIFIED,
+            0, WC_CRL_REASON_UNSPECIFIED,
             0,     /* validityPeriod (not used for UNKNOWN) */
             OCSP_CERT_UNKNOWN,
             "ECC server cert - UNKNOWN status"
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -23330,6 +23330,15 @@ static wcchar kDecInfoHeader = "DEK-Info";
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
     static wcchar kEncTypeAesCbc256 = "AES-256-CBC";
 #endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
+    static wcchar kEncTypeAesCtr128 = "AES-128-CTR";
+#endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
+    static wcchar kEncTypeAesCtr192 = "AES-192-CTR";
+#endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
+    static wcchar kEncTypeAesCtr256 = "AES-256-CTR";
+#endif
 
 int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
 {
@@ -23385,6 +23394,30 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
         if (info->ivSz == 0) info->ivSz  = AES_IV_SIZE;
     }
     else
+#endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
+    if (XSTRCMP(cipherInfo, kEncTypeAesCtr128) == 0) {
+        info->cipherType = WC_CIPHER_AES_CTR;
+        info->keySz = AES_128_KEY_SIZE;
+        if (info->ivSz == 0) info->ivSz  = AES_IV_SIZE;
+    }
+    else
+#endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
+    if (XSTRCMP(cipherInfo, kEncTypeAesCtr192) == 0) {
+        info->cipherType = WC_CIPHER_AES_CTR;
+        info->keySz = AES_192_KEY_SIZE;
+        if (info->ivSz == 0) info->ivSz  = AES_IV_SIZE;
+    }
+    else
+#endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
+    if (XSTRCMP(cipherInfo, kEncTypeAesCtr256) == 0) {
+        info->cipherType = WC_CIPHER_AES_CTR;
+        info->keySz = AES_256_KEY_SIZE;
+        if (info->ivSz == 0) info->ivSz  = AES_IV_SIZE;
+    }
+    else
 #endif
     {
         ret = NOT_COMPILED_IN;
diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c
@@ -1147,7 +1147,7 @@ static byte* PKCS12_ConcatenateContent(WC_PKCS12* pkcs12,byte* mergedData,
 {
     byte* oldContent;
     word32 oldContentSz;
-    word32 newSz;
+    word32 newSz = 0;
 
     (void)pkcs12;
 
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
@@ -2921,17 +2921,17 @@ WOLFSSL_LOCAL int OcspDecodeCertID(const byte* input, word32* inOutIdx, word32 i
 #ifdef HAVE_OCSP_RESPONDER
 /* Revocation reason codes from RFC 5280 */
 enum WC_CRL_Reason {
-    CRL_REASON_UNSPECIFIED             = 0,
-    CRL_REASON_KEY_COMPROMISE          = 1,
-    CRL_REASON_CA_COMPROMISE           = 2,
-    CRL_REASON_AFFILIATION_CHANGED     = 3,
-    CRL_REASON_SUPERSEDED              = 4,
-    CRL_REASON_CESSATION_OF_OPERATION  = 5,
-    CRL_REASON_CERTIFICATE_HOLD        = 6,
+    WC_CRL_REASON_UNSPECIFIED             = 0,
+    WC_CRL_REASON_KEY_COMPROMISE          = 1,
+    WC_CRL_REASON_CA_COMPROMISE           = 2,
+    WC_CRL_REASON_AFFILIATION_CHANGED     = 3,
+    WC_CRL_REASON_SUPERSEDED              = 4,
+    WC_CRL_REASON_CESSATION_OF_OPERATION  = 5,
+    WC_CRL_REASON_CERTIFICATE_HOLD        = 6,
     /* value 7 is not used */
-    CRL_REASON_REMOVE_FROM_CRL         = 8,
-    CRL_REASON_PRIVILEGE_WITHDRAWN     = 9,
-    CRL_REASON_AA_COMPROMISE           = 10
+    WC_CRL_REASON_REMOVE_FROM_CRL         = 8,
+    WC_CRL_REASON_PRIVILEGE_WITHDRAWN     = 9,
+    WC_CRL_REASON_AA_COMPROMISE           = 10
 };
 
 /* Certificate status entry for a single certificate */

Original file line number	Diff line number	Diff line change
`@@ -31027,7 +31027,7 @@ static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key)`
`31027`	`31027`	`XMEMSET(pms, 0, sz);`
`31028`	`31028`	`pms += sz;`
`31029`	`31029`	`}`
`31030`		`- c16toa(arrays->psk_keySz, pms);`
	`31030`	`+ c16toa((word16)arrays->psk_keySz, pms);`
`31031`	`31031`	`pms += OPAQUE16_LEN;`
`31032`	`31032`	`XMEMCPY(pms, arrays->psk_key, arrays->psk_keySz);`
`31033`	`31033`	`arrays->preMasterSz = sz + arrays->psk_keySz + OPAQUE16_LEN * 2;`
Original file line number	Diff line number	Diff line change
`@@ -1147,7 +1147,7 @@ static byte* PKCS12_ConcatenateContent(WC_PKCS12* pkcs12,byte* mergedData,`
`1147`	`1147`	`{`
`1148`	`1148`	`byte* oldContent;`
`1149`	`1149`	`word32 oldContentSz;`
`1150`		`- word32 newSz;`
	`1150`	`+ word32 newSz = 0;`
`1151`	`1151`
`1152`	`1152`	`(void)pkcs12;`
`1153`	`1153`