diff --git a/src/hash/clu_hash.c b/src/hash/clu_hash.c index 019436d3..fc28ec4f 100644 --- a/src/hash/clu_hash.c +++ b/src/hash/clu_hash.c @@ -121,7 +121,8 @@ int wolfCLU_hash(WOLFSSL_BIO* bioIn, WOLFSSL_BIO* bioOut, const char* alg, } #endif #ifndef NO_SHA - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha", 3) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha", 3) == 0 + && XSTRLEN(alg) == 3) { ret = wc_ShaHash(input, inputSz, output); } #endif diff --git a/src/hash/clu_hash_setup.c b/src/hash/clu_hash_setup.c index 86d904ae..3e3454dc 100644 --- a/src/hash/clu_hash_setup.c +++ b/src/hash/clu_hash_setup.c @@ -81,7 +81,7 @@ int wolfCLU_hashSetup(int argc, char** argv) for (i = 0; i < (int)algsSz; ++i) { /* checks for acceptable algorithms */ - if (XSTRNCMP(argv[2], algs[i], XSTRLEN(algs[i])) == 0) { + if (XSTRCMP(argv[2], algs[i]) == 0) { alg = argv[2]; algCheck = 1; } @@ -140,7 +140,7 @@ int wolfCLU_hashSetup(int argc, char** argv) #endif #ifndef NO_SHA - if (XSTRNCMP(alg, "sha", 3) == 0) + if ((XSTRNCMP(alg, "sha", 3) == 0) && (XSTRLEN(alg) == 3)) size = WC_SHA_DIGEST_SIZE; #endif diff --git a/src/x509/clu_x509_sign.c b/src/x509/clu_x509_sign.c index 7d5625cd..ab409042 100644 --- a/src/x509/clu_x509_sign.c +++ b/src/x509/clu_x509_sign.c @@ -257,7 +257,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey, const char *altSigAlgOid = "2.5.29.73"; const char *altSigValOid = "2.5.29.74"; - /* + /* * LARGE_TEMO_SZ defines the size of temporary buffers used for signature key, * verification key and signature value buffers. * The value 11264 is enough for P-521 and ML-DSA-87 PEM certs. @@ -397,7 +397,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey, ret = WOLFCLU_FATAL_ERROR; } } - + if (ret == 0) { XMEMSET(caKeyBuf, 0, caKeySz); /* clear original buffer */ caKeySz = derObj->length; @@ -667,13 +667,13 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey, if (ret == WOLFCLU_SUCCESS) { switch (level) { - case 2: + case 2: newCert.sigType = CTC_SHA256wECDSA; break; - case 3: + case 3: newCert.sigType = CTC_SHA384wECDSA; break; - case 5: + case 5: newCert.sigType = CTC_SHA512wECDSA; break; } @@ -691,7 +691,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey, else { ret = WOLFCLU_SUCCESS; } - } + } } if (ret == WOLFCLU_SUCCESS) { @@ -715,7 +715,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey, } if (ret == WOLFCLU_SUCCESS && isCA) { - ret = wc_MakeCert(&newCert, scratchBuf, + ret = wc_MakeCert(&newCert, scratchBuf, scratchSz, NULL, &caKey, &rng); if (ret <= 0) { wolfCLU_LogError("Error making certificate"); @@ -732,7 +732,7 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey, scratchSz = ret; ret = WOLFCLU_SUCCESS; } - } + } } else if (ret == WOLFCLU_SUCCESS && !isCA) { ret = wc_MakeCert(&newCert, scratchBuf, scratchSz, @@ -1274,7 +1274,13 @@ int wolfCLU_CertSign(WOLFCLU_CERT_SIGN* csign, WOLFSSL_X509* x509) case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: - #if LIBWOLFSSL_VERSION_HEX > 0x05001000 + #if LIBWOLFSSL_VERSION_HEX >= 0x05009000 + case WC_HASH_TYPE_SHA512_224: + case WC_HASH_TYPE_SHA512_256: + case WC_HASH_TYPE_SHAKE128: + case WC_HASH_TYPE_SHAKE256: + case WC_HASH_TYPE_SM3: + #elif LIBWOLFSSL_VERSION_HEX > 0x05001000 #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #endif diff --git a/tests/ocsp/ocsp-interop-test.sh b/tests/ocsp/ocsp-interop-test.sh index 49c8a75a..2ceda899 100755 --- a/tests/ocsp/ocsp-interop-test.sh +++ b/tests/ocsp/ocsp-interop-test.sh @@ -293,7 +293,7 @@ if [ $RESULT = 0 ]; then fi # Check for error message -grep -qi "fail\|error\|not found\|unable" "$TEST_DIR/test6.log" +grep -qi "fail\|error\|not found\|unable\|no such\|could not" "$TEST_DIR/test6.log" if [ $? != 0 ]; then echo "Test 6 failed: expected error message about invalid file" exit 99