diff --git a/apps/dtls/dtlsServer.c b/apps/dtls/dtlsServer.c index eeab234..0e7ba90 100644 --- a/apps/dtls/dtlsServer.c +++ b/apps/dtls/dtlsServer.c @@ -470,19 +470,17 @@ int main(int argc, char ** argv) rc = 0; ssl = NULL; dtlsCtx = NULL; + CAstream = NULL; sock = INVALID_SOCKET; - /* parse input arguments */ if (0 != process_cmd_options(argc, argv)) { usage(); return 0; } - if (sigsetup() < 0) { _psTrace("Init error creating signal handlers\n"); return DTLS_FATAL; } - if (matrixSslOpen() < 0) { _psTrace("Init error opening MatrixDTLS library\n"); return DTLS_FATAL; @@ -492,19 +490,11 @@ int main(int argc, char ** argv) matrixSslClose(); return DTLS_FATAL; } - if ((rc = initClientList(MAX_CLIENTS)) < 0) { _psTrace("Init error opening client list\n"); goto MATRIX_EXIT; } - recvfromBufLen = matrixDtlsGetPmtu(); - if ((recvfromBuf = psMalloc(MATRIX_NO_POOL, recvfromBufLen)) == NULL) { - rc = PS_MEM_FAIL; - _psTrace("Init error allocating receive buffer\n"); - goto CLIENT_EXIT; - } - #ifdef USE_HEADER_KEYS /* In-memory based keys @@ -564,17 +554,14 @@ int main(int argc, char ** argv) break; default: _psTraceInt("Invalid RSA key length (%d)\n", g_rsaKeySize); - return -1; + goto CLIENT_EXIT; } if ((rc = matrixSslLoadRsaKeysMem(keys, (const unsigned char *)certValue, certLen, (const unsigned char *)keyValue, keyLen, CAstream, CAstreamLen)) < 0) { _psTrace("No certificate material loaded. Exiting\n"); - psFree(CAstream, NULL); - matrixSslDeleteKeys(keys); - matrixSslClose(); - return rc; + goto CLIENT_EXIT; } #endif @@ -595,17 +582,14 @@ int main(int argc, char ** argv) break; default: _psTraceInt("Invalid ECDH_RSA key length (%d)\n", g_ecdhKeySize); - return -1; + goto CLIENT_EXIT; } if ((rc = matrixSslLoadEcKeysMem(keys, (const unsigned char *)certValue, certLen, (const unsigned char *)keyValue, keyLen, CAstream, CAstreamLen)) < 0) { _psTrace("No certificate material loaded. Exiting\n"); - psFree(CAstream, NULL); - matrixSslDeleteKeys(keys); - matrixSslClose(); - return rc; + goto CLIENT_EXIT; } #endif @@ -643,28 +627,22 @@ int main(int argc, char ** argv) break; default: _psTraceInt("Invalid ECC key length (%d)\n", g_eccKeySize); - return -1; + goto CLIENT_EXIT; } if ((rc = matrixSslLoadEcKeysMem(keys, certValue, certLen, keyValue, keyLen, CAstream, CAstreamLen)) < 0) { _psTrace("No certificate material loaded. Exiting\n"); - psFree(CAstream, NULL); - matrixSslDeleteKeys(keys); - matrixSslClose(); - return rc; + goto CLIENT_EXIT; } #endif #ifdef REQUIRE_DH_PARAMS - if (matrixSslLoadDhParamsMem(keys, DHPARAM2048, DHPARAM2048_SIZE) - < 0) { + if (matrixSslLoadDhParamsMem(keys, DHPARAM2048, DHPARAM2048_SIZE) < 0) { _psTrace("Unable to load DH parameters\n"); } #endif /* DH_PARAMS */ - - psFree(CAstream, NULL); #else /* USE_HEADER_KEYS */ /* File based keys @@ -672,13 +650,14 @@ int main(int argc, char ** argv) */ CAstreamLen = 0; #ifdef USE_RSA - if (g_rsaKeySize == 3072) + if (g_rsaKeySize == 3072) { CAstreamLen += (int32)strlen(rsaCA3072File) + 1; - else + } else { CAstreamLen += (int32)strlen(rsaCAFile) + 1; -#ifdef USE_ECC + } + #ifdef USE_ECC CAstreamLen += (int32)strlen(ecdhRsaCAFile) + 1; -#endif + #endif #endif #ifdef USE_ECC CAstreamLen += (int32)strlen(ecCAFile) + 1; @@ -691,8 +670,7 @@ int main(int argc, char ** argv) if (g_rsaKeySize == 3072) { memcpy(CAstream, rsaCA3072File, strlen(rsaCA3072File)); CAstreamLen += strlen(rsaCA3072File); - } - else { + } else { memcpy(CAstream, rsaCAFile, strlen(rsaCAFile)); CAstreamLen += strlen(rsaCAFile); } @@ -714,22 +692,15 @@ int main(int argc, char ** argv) if ((rc = matrixSslLoadRsaKeys(keys, rsaCertFile, rsaPrivkeyFile, NULL, (char*)CAstream)) < 0) { _psTrace("No certificate material loaded. Exiting\n"); - psFree(CAstream); - matrixSslDeleteKeys(keys); - matrixSslClose(); - return rc; + goto CLIENT_EXIT; } #endif - #ifdef EXAMPLE_ECDH_RSA_KEYS if ((rc = matrixSslLoadEcKeys(keys, ecdhRsaCertFile, ecdhRsaPrivkeyFile, NULL, (char*)CAstream)) < 0) { _psTrace("No certificate material loaded. Exiting\n"); - psFree(CAstream); - matrixSslDeleteKeys(keys); - matrixSslClose(); - return rc; + goto CLIENT_EXIT; } #endif @@ -737,10 +708,7 @@ int main(int argc, char ** argv) if ((rc = matrixSslLoadEcKeys(keys, ecCertFile, ecPrivkeyFile, NULL, (char*)CAstream)) < 0) { _psTrace("No certificate material loaded. Exiting\n"); - psFree(CAstream); - matrixSslDeleteKeys(keys); - matrixSslClose(); - return rc; + goto CLIENT_EXIT; } #endif @@ -750,10 +718,10 @@ int main(int argc, char ** argv) } #endif - - psFree(CAstream); #endif /* USE_HEADER_KEYS */ + psFree(CAstream, NULL); + CAstream = NULL; #ifdef USE_PSK_CIPHER_SUITE /* The first ID is considered as null-terminiated string for @@ -775,6 +743,12 @@ int main(int argc, char ** argv) } #endif /* PSK */ + recvfromBufLen = matrixDtlsGetPmtu(); + if ((recvfromBuf = psMalloc(MATRIX_NO_POOL, recvfromBufLen)) == NULL) { + rc = PS_MEM_FAIL; + _psTrace("Init error allocating receive buffer\n"); + goto CLIENT_EXIT; + } if ((sock = newUdpSocket(NULL, DTLS_PORT, &err)) == INVALID_SOCKET) { _psTrace("Error creating UDP socket\n"); @@ -782,9 +756,7 @@ int main(int argc, char ** argv) } _psTraceInt("DTLS server running on port %d\n", DTLS_PORT); -/* - Server loop -*/ + /* Server loop */ for (exitFlag = 0; exitFlag == 0;) { timeout.tv_sec = 1; timeout.tv_usec = 0; @@ -960,6 +932,9 @@ PROCESS_MORE_FROM_BUFFER: DTLS_EXIT: psFree(recvfromBuf, NULL); CLIENT_EXIT: + if (CAstream) { + psFree(CAstream, NULL); + } closeClientList(); MATRIX_EXIT: matrixSslDeleteKeys(keys); @@ -1058,7 +1033,7 @@ static int32 handleResends(SOCKET sock) */ static int32_t setSocketOptions(SOCKET fd) { - int32_t rc; + int32 rc; #ifdef POSIX if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) { diff --git a/apps/ssl/client.c b/apps/ssl/client.c index f0bc32b..def3232 100644 --- a/apps/ssl/client.c +++ b/apps/ssl/client.c @@ -858,11 +858,11 @@ static int32 process_cmd_options(int32 argc, char **argv) */ int32 main(int32 argc, char **argv) { - int32 rc, CAstreamLen, i; - sslKeys_t *keys; - sslSessionId_t *sid; + int32 rc, CAstreamLen, i; + sslKeys_t *keys; + sslSessionId_t *sid = NULL; struct g_sslstats stats; - unsigned char *CAstream; + unsigned char *CAstream; #ifdef USE_CRL int32 numLoaded; #endif @@ -920,7 +920,6 @@ int32 main(int32 argc, char **argv) #ifdef USE_ECC_CIPHER_SUITE CAstreamLen += sizeof(ECCAS); #endif - #if defined(USE_RSA_CIPHER_SUITE) || defined(USE_ECC_CIPHER_SUITE) CAstream = psMalloc(NULL, CAstreamLen); #else @@ -941,6 +940,7 @@ int32 main(int32 argc, char **argv) CAstreamLen += sizeof(ECCAS); #endif + #ifdef ID_RSA rc = loadRsaKeys(g_key_len, keys, CAstream, CAstreamLen); if (rc < 0) { @@ -1065,7 +1065,6 @@ int32 main(int32 argc, char **argv) _psTraceInt("CRLs loaded: %d\n", numLoaded); #endif - memset(&stats, 0x0, sizeof(struct g_sslstats)); printf("=== %d new connections ===\n", g_new); @@ -1074,7 +1073,7 @@ int32 main(int32 argc, char **argv) the server for automated tests */ g_closeServer = 1; g_bytes_requested = 0; /* Disable data exchange in this case */ - g_new++; + g_new = 1; } for (i = 0; i < g_new; i++) { @@ -1089,7 +1088,7 @@ int32 main(int32 argc, char **argv) /* Leave the final sessionID for resumed connections */ if (i + 1 < g_new) matrixSslDeleteSessionId(sid); } - if (g_new) printf("\n"); + printf("\n"); if (g_bytes_requested > 0) { psAssert(g_bytes_requested * g_new == stats.rbytes); } @@ -1322,9 +1321,9 @@ static int32 certCb(ssl_t *ssl, psX509Cert_t *cert, int32 alert) _psTrace("ERROR: Problem in certificate validation. Exiting.\n"); } - - if (g_trace && alert == 0) _psTraceStr("SUCCESS: Validated cert for: %s.\n", - cert->subject.commonName); + if (g_trace && alert == 0 && cert) { + _psTraceStr("SUCCESS: Validated cert for: %s.\n", cert->subject.commonName); + } #endif /* !USE_ONLY_PSK_CIPHER_SUITE */ return alert; diff --git a/core/POSIX/osdep.c b/core/POSIX/osdep.c index d9bf8dc..db3b739 100644 --- a/core/POSIX/osdep.c +++ b/core/POSIX/osdep.c @@ -490,7 +490,7 @@ int32 psGetFileBuf(psPool_t *pool, const char *fileName, unsigned char **buf, psTraceStrCore("Unable to open %s\n", (char*)fileName); return PS_PLATFORM_FAIL; } - if (fstat(fileno(fp), &f_stat) != 0) { + if (fstat(fileno(fp), &f_stat) != 0) { fclose(fp); psTraceStrCore("Unable to stat %s\n", (char*)fileName); return PS_PLATFORM_FAIL; diff --git a/crypto/cryptoCheck.h b/crypto/cryptoCheck.h index 1a40151..1479d0d 100644 --- a/crypto/cryptoCheck.h +++ b/crypto/cryptoCheck.h @@ -103,27 +103,6 @@ #endif #endif -/******************************************************************************/ -/** - Below this point, no configurations should be automatically set or unset - Above, it's allowed to a point. -*/ - -/** - Allow only FIPS approved algorithm configuration. - FIPSLib runtime will not support these algorithms anyway, but this is a configuration - time check -*/ - -/** - NIST mode configuration checks. - Allow NIST_SHALL NIST_SHOULD and NIST_MAY algorithm configuration. - Warn on NIST_SHOULD_NOT - Error on NIST_SHALL_NOT -*/ -#ifdef USE_NIST_RECOMMENDATIONS -#endif - #endif /* _h_PS_CRYPTOCHECK */ /******************************************************************************/ diff --git a/crypto/keyformat/pkcs.c b/crypto/keyformat/pkcs.c index 74c333f..872f97a 100644 --- a/crypto/keyformat/pkcs.c +++ b/crypto/keyformat/pkcs.c @@ -1446,7 +1446,7 @@ int32_t pkcs1ParsePrivFile(psPool_t *pool, const char *fileName, int32_t pkcs1DecodePrivFile(psPool_t *pool, const char *fileName, const char *password, unsigned char **DERout, uint16_t *DERlen) { - unsigned char *keyBuf; + unsigned char *keyBuf, *dout; char *start, *end, *endTmp; int32 keyBufLen, rc; uint32 PEMlen = 0; @@ -1529,20 +1529,20 @@ int32_t pkcs1DecodePrivFile(psPool_t *pool, const char *fileName, } /* Take the raw input and do a base64 decode */ - *DERout = psMalloc(pool, PEMlen); - if (*DERout == NULL) { + dout = psMalloc(pool, PEMlen); + if (dout == NULL) { psFree(keyBuf, pool); psError("Memory allocation error in pkcs1DecodePrivFile\n"); return PS_MEM_FAIL; } *DERlen = PEMlen; - if ((rc = psBase64decode((unsigned char*)start, PEMlen, *DERout, - DERlen)) != 0) { + if ((rc = psBase64decode((unsigned char*)start, PEMlen, dout, + DERlen)) < 0) { psTraceCrypto("Error base64 decode of private key\n"); if (password) { psTraceCrypto("Is it possible the password is incorrect?\n"); } - psFree(*DERout, pool); + psFree(dout, pool); psFree(keyBuf, pool); return rc; } @@ -1551,19 +1551,19 @@ int32_t pkcs1DecodePrivFile(psPool_t *pool, const char *fileName, #ifdef USE_PKCS5 if (encrypted == 1 && password) { psDes3Init(&dctx, cipherIV, passKey); - psDes3Decrypt(&dctx, *DERout, *DERout, *DERlen); + psDes3Decrypt(&dctx, dout, dout, *DERlen); memset_s(&dctx, sizeof(psDes3_t), 0x0, sizeof(psDes3_t)); } if (encrypted == 2 && password) { /* AES 128 */ psAesInitCBC(&actx, cipherIV, passKey, 16, PS_AES_DECRYPT); - psAesDecryptCBC(&actx, *DERout, *DERout, *DERlen); + psAesDecryptCBC(&actx, dout, dout, *DERlen); memset_s(&actx, sizeof(psAesCbc_t), 0x0, sizeof(psAesCbc_t)); } /* SECURITY - zero out keys when finished */ memset_s(passKey, sizeof(passKey), 0x0, sizeof(passKey)); - #endif /* USE_PKCS5 */ + *DERout = dout; return PS_SUCCESS; } diff --git a/crypto/keyformat/x509.c b/crypto/keyformat/x509.c index c482d58..44ff817 100644 --- a/crypto/keyformat/x509.c +++ b/crypto/keyformat/x509.c @@ -2950,7 +2950,6 @@ int32 psX509AuthenticateCert(psPool_t *pool, psX509Cert_t *subjectCert, The magic 10 is comprised of the SEQUENCE and ALGORITHM ID overhead. The magic 9, 8, or 5 is the OID length of the corresponding algorithm. */ - sigType = PS_UNSUPPORTED_FAIL; switch (sc->sigAlgorithm) { #ifdef USE_RSA #ifdef ENABLE_MD5_SIGNED_CERTS diff --git a/crypto/pubkey/ecc.c b/crypto/pubkey/ecc.c index 7463a0f..66fa8dd 100644 --- a/crypto/pubkey/ecc.c +++ b/crypto/pubkey/ecc.c @@ -2504,13 +2504,12 @@ int32_t psEccDsaSign(psPool_t *pool, const psEccKey_t *privKey, pstm_int r, s; pstm_int e, p; uint16_t radlen; - int32_t err; + int32_t err = PS_MEM_FAIL; uint16_t olen, rLen, sLen; uint32_t rflag, sflag, sanity; unsigned char *negative; rflag = sflag = 0; - err = 0; /* is this a private key? */ if (privKey->type != PS_PRIVKEY) { @@ -2521,7 +2520,6 @@ int32_t psEccDsaSign(psPool_t *pool, const psEccKey_t *privKey, if (buflen > privKey->curve->size) { buflen = privKey->curve->size; } - err = PS_MEM_FAIL; radlen = privKey->curve->size * 2; if (pstm_init_for_read_unsigned_bin(pool, &p, privKey->curve->size) < 0) { @@ -2667,9 +2665,7 @@ int32_t psEccDsaSign(psPool_t *pool, const psEccKey_t *privKey, if ((err = pstm_to_unsigned_bin(pool, &s, sig)) != PSTM_OKAY) { goto error; } - sig += sLen - sflag; /* Moved forward sflag already */ *siglen += sLen + 2; - err = PS_SUCCESS; goto errnokey; diff --git a/matrixssl/dtls.c b/matrixssl/dtls.c index efb2c8d..6d15782 100644 --- a/matrixssl/dtls.c +++ b/matrixssl/dtls.c @@ -890,15 +890,13 @@ static int32 dtlsGetNextRecordLen(ssl_t *ssl, int32 pmtu, sslBuf_t *out, unsigned char *newend; newend = out->start; - tlen = len = 0; /* If pmtu is <= 0 the user wants a single record regardless */ if (pmtu <= 0) { newend += ssl->recordHeadLen - 2; /* Find the last two bytes of len */ - len += (int32)*newend << 8; newend++; - len += (int32)*newend; newend++; - newend += len; + len = (int32)(newend[0]) << 8; + len += newend[1]; len += ssl->recordHeadLen; /* add record header length to the total */ *recordLen = len; return 0; @@ -916,6 +914,7 @@ static int32 dtlsGetNextRecordLen(ssl_t *ssl, int32 pmtu, sslBuf_t *out, /* Otherwise, send as much as will fit */ + tlen = len = 0; while (out->end > newend) { newend += ssl->recordHeadLen - 2; /* Find the last two bytes of len */ len = (int32)*newend << 8; newend++; diff --git a/matrixssl/extDecode.c b/matrixssl/extDecode.c index d5c1292..3956f49 100644 --- a/matrixssl/extDecode.c +++ b/matrixssl/extDecode.c @@ -291,6 +291,7 @@ static int ClientHelloExt(ssl_t *ssl, unsigned short extType, unsigned short ext ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; return MATRIXSSL_ERROR; } + (void)i; /* TODO - validate against length determined below */ extLen -= 3; i = *c << 8; c++; i += *c; c++; diff --git a/matrixssl/sslDecode.c b/matrixssl/sslDecode.c index eed8279..c4872cf 100644 --- a/matrixssl/sslDecode.c +++ b/matrixssl/sslDecode.c @@ -117,7 +117,7 @@ int32 matrixSslDecode(ssl_t *ssl, unsigned char **buf, uint32 *len, { unsigned char *c, *p, *end, *pend, *ctStart, *origbuf; unsigned char *mac; - volatile unsigned char macError; + unsigned char macError; int32 rc; unsigned char padLen; #ifdef USE_CLIENT_SIDE_SSL @@ -761,6 +761,7 @@ ADVANCE_TO_APP_DATA: macError = 1; /* not really an error. reset below */ } } + (void)macError; /* Suppress static analysis warnings */ macError = 0; } else { /* Lucky 13 step 3 and 4 condition: Then let P' denote the first diff --git a/matrixssl/sslEncode.c b/matrixssl/sslEncode.c index cd220a3..7f73d79 100644 --- a/matrixssl/sslEncode.c +++ b/matrixssl/sslEncode.c @@ -1012,7 +1012,7 @@ static int32 nowDoCkePka(ssl_t *ssl) */ int32 sslEncodeResponse(ssl_t *ssl, psBuf_t *out, uint32 *requiredLen) { - int32 messageSize; + int32 messageSize = 0; int32 rc = MATRIXSSL_ERROR; uint32 alertReqLen; #if defined(USE_SERVER_SIDE_SSL) || defined(USE_CLIENT_AUTH) @@ -1339,7 +1339,7 @@ int32 sslEncodeResponse(ssl_t *ssl, psBuf_t *out, uint32 *requiredLen) This is the entry point for a server encoding the first flight of a non-DH, non-client-auth handshake. */ - messageSize = stotalCertLen = 0; + stotalCertLen = 0; #ifdef USE_PSK_CIPHER_SUITE if (ssl->flags & SSL_FLAGS_PSK_CIPHER) { /* @@ -2164,7 +2164,7 @@ void clearFlightList(ssl_t *ssl) { flightEncode_t *msg, *next; - next = msg = ssl->flightEncode; + msg = ssl->flightEncode; while (msg) { next = msg->next; psFree(msg, ssl->flightPool); @@ -4161,7 +4161,7 @@ static int32 writeMultiRecordCertificate(ssl_t *ssl, sslBuf_t *out, certLen = cert->binLen; midWrite = 0; if (certLen > 0) { - if (countDown < 3) { + if (countDown <= 3) { /* Fragment falls right on cert len write. Has to be at least one byte or countDown would have been 0 and got us out of here already*/ @@ -4204,9 +4204,10 @@ static int32 writeMultiRecordCertificate(ssl_t *ssl, sslBuf_t *out, } out->end = c; } else { -/* - Not-first fragments -*/ + /* Not-first fragments */ + if (!cert) { + return PS_FAIL; + } if (midSizeWrite > 0) { messageSize = midSizeWrite; } else { @@ -4270,9 +4271,12 @@ static int32 writeMultiRecordCertificate(ssl_t *ssl, sslBuf_t *out, while (countDown > 0) { cert = cert->next; + if (!cert) { + return PS_FAIL; + } certLen = cert->binLen; midWrite = 0; - if (countDown < 3) { + if (countDown <= 3) { /* Fragment falls right on cert len write */ *c = (unsigned char)((certLen & 0xFF0000) >> 16); c++; countDown--; @@ -4281,9 +4285,6 @@ static int32 writeMultiRecordCertificate(ssl_t *ssl, sslBuf_t *out, *c = (certLen & 0xFF00) >> 8; c++; countDown--; midSizeWrite = 1; if (countDown != 0) { -#ifdef TODO -/* Cannot reach here!, countdown is always zero */ -#endif *c = (certLen & 0xFF); c++; countDown--; midSizeWrite = 0; } @@ -6560,6 +6561,9 @@ static int32 writeCertificateRequest(ssl_t *ssl, sslBuf_t *out, int32 certLen, *c = ((certLen + (certCount * 2))& 0xFF00) >> 8; c++; *c = (certLen + (certCount * 2)) & 0xFF; c++; while (cert) { + if (cert->subject.dnenc == NULL) { + return PS_FAIL; + } *c = (cert->subject.dnencLen & 0xFF00) >> 8; c++; *c = cert->subject.dnencLen & 0xFF; c++; memcpy(c, cert->subject.dnenc, cert->subject.dnencLen); @@ -6587,7 +6591,7 @@ static int32 writeMultiRecordCertRequest(ssl_t *ssl, sslBuf_t *out, psX509Cert_t *cert, *future; unsigned char *c, *end, *encryptStart; uint8_t padLen; - uint16_t messageSize, dnencLen; + uint16_t messageSize, dnencLen = 0; int32 midWrite, midSizeWrite, countDown, firstOne = 1; int32_t rc; @@ -6664,6 +6668,9 @@ static int32 writeMultiRecordCertRequest(ssl_t *ssl, sslBuf_t *out, *c = (certLen + (certCount * 2)) & 0xFF; c++; countDown -= ssl->hshakeHeadLen + 2; while (cert) { + if (cert->subject.dnenc == NULL) { + return PS_FAIL; + } midWrite = 0; dnencLen = cert->subject.dnencLen; if (dnencLen > 0) { @@ -6698,6 +6705,9 @@ static int32 writeMultiRecordCertRequest(ssl_t *ssl, sslBuf_t *out, } out->end = c; } else { + if (cert == NULL || cert->subject.dnenc == NULL) { + return PS_FAIL; + } /* Not-first fragments */ if (midSizeWrite > 0) { messageSize = midSizeWrite; @@ -6752,6 +6762,9 @@ static int32 writeMultiRecordCertRequest(ssl_t *ssl, sslBuf_t *out, } while (countDown > 0) { cert = cert->next; + if (cert == NULL || cert->subject.dnenc == NULL) { + return PS_FAIL; + } dnencLen = cert->subject.dnencLen; midWrite = 0; if (countDown < 2) { @@ -6774,7 +6787,6 @@ static int32 writeMultiRecordCertRequest(ssl_t *ssl, sslBuf_t *out, if (countDown == 0) { break; } - } if ((rc = postponeEncryptRecord(ssl, SSL_RECORD_TYPE_HANDSHAKE, SSL_HS_CERTIFICATE_REQUEST, messageSize, padLen, @@ -6789,11 +6801,9 @@ static int32 writeMultiRecordCertRequest(ssl_t *ssl, sslBuf_t *out, out->end = c; return MATRIXSSL_SUCCESS; } - #endif /* USE_SERVER_SIDE && USE_CLIENT_AUTH */ #endif /* !USE_ONLY_PSK_CIPHER_SUITE */ - #ifdef USE_DTLS #ifdef USE_SERVER_SIDE_SSL /******************************************************************************/ diff --git a/matrixssl/test/certValidate.c b/matrixssl/test/certValidate.c index af6a401..15ce451 100644 --- a/matrixssl/test/certValidate.c +++ b/matrixssl/test/certValidate.c @@ -68,7 +68,7 @@ static char *flagstostr(int flags) if (flags & PS_CERT_AUTH_FAIL_DATE_FLAG) { s += sprintf(s, "DATE "); } - s += sprintf(s, ")"); + sprintf(s, ")"); return f; } return "";