Merge pull request #9743 from douzzer/20260205-fixes

20260205-fixes

Author: dgarske

src/ssl_sk.c

@@ -259,6 +259,50 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node)
     return ret;
 }
 
+/* Pushes the node onto the back of the stack.
+ *
+ * If *stack is NULL, node becomes the head.
+ *
+ * @param [in, out] stack  Stack of nodes.
+ * @param [in]      node   Node to append.
+ *
+ * @return WOLFSSL_SUCCESS on success
+ * @return WOLFSSL_FAILURE when stack or node is NULL.
+ */
+int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node)
+{
+    int ret = WOLFSSL_SUCCESS;
+
+    /* Validate parameters. */
+    if (stack == NULL || node == NULL) {
+        ret = WOLFSSL_FAILURE;
+    }
+    if (ret == WOLFSSL_SUCCESS) {
+        node->next = NULL;
+        /* Tail node has num of 1, indicating 1 node till the end */
+        node->num = 1;
+
+        if (*stack == NULL) {
+            /* First node. */
+            *stack = node;
+        }
+        else {
+            /* Walk to the end and append.  Each node's num field holds the
+             * count of nodes from that node to the tail (inclusive), so
+             * every existing node's num increases by one. */
+            WOLFSSL_STACK* cur = *stack;
+            while (cur->next != NULL) {
+                cur->num++;
+                cur = cur->next;
+            }
+            cur->num++;
+            cur->next = node;
+        }
+    }
+
+    return ret;
+}
+
 /* Removes the node at the index from the stack and returns data.
  *
  * This is an internal API.

src/x509.c

@@ -14986,50 +14986,38 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
 
 void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk)
 {
-    WOLFSSL_STACK *curr;
-
-    while (sk != NULL) {
-        curr = sk;
-        sk = sk->next;
-
-        XFREE(curr, NULL, DYNAMIC_TYPE_OPENSSL);
-    }
+    wolfSSL_sk_pop_free(sk, NULL);
 }
 
-static WOLFSSL_STACK* x509_aia_append_string(WOLFSSL_STACK** head,
+static int x509_aia_append_string(WOLFSSL_STACK** head,
     const byte* uri, word32 uriSz)
 {
     WOLFSSL_STACK* node;
     char*          url;
 
-    node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + uriSz + 1, NULL,
-            DYNAMIC_TYPE_OPENSSL);
-    if (node == NULL)
-        return NULL;
+    url = (char*)XMALLOC(uriSz + 1, NULL, DYNAMIC_TYPE_OPENSSL);
+    if (url == NULL)
+        return WOLFSSL_FAILURE;
 
-    url = (char*)node;
-    url += sizeof(WOLFSSL_STACK);
     XMEMCPY(url, uri, uriSz);
     url[uriSz] = '\0';
 
+    node = wolfSSL_sk_new_node(*head != NULL ? (*head)->heap : NULL);
+    if (node == NULL) {
+        XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL);
+        return WOLFSSL_FAILURE;
+    }
+
+    node->type = STACK_TYPE_STRING;
     node->data.string = url;
-    node->next = NULL;
-    node->num = 1;
 
-    if (*head == NULL) {
-        *head = node;
-    }
-    else {
-        WOLFSSL_STACK* cur = *head;
-        while (cur->next != NULL) {
-            cur->num++;
-            cur = cur->next;
-        }
-        cur->num++;
-        cur->next = node;
+    if (wolfSSL_sk_push_back_node(head, node) != WOLFSSL_SUCCESS) {
+        XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL);
+        wolfSSL_sk_free_node(node);
+        return WOLFSSL_FAILURE;
     }
 
-    return node;
+    return WOLFSSL_SUCCESS;
 }
 
 static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method,
@@ -15041,8 +15029,8 @@ static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method,
     if (x == NULL)
         return NULL;
 
-    /* Build from multi-entry list when available; otherwise fall back to the
-     * legacy single-entry fields to preserve previous behavior. */
+    /* Collect matching URIs from the multi-entry list into a new stack;
+     * fall back to the legacy single-entry field for compatibility. */
     if (x->authInfoListSz > 0) {
         for (i = 0; i < x->authInfoListSz; i++) {
             if (x->authInfoList[i].method != method ||
@@ -15052,15 +15040,16 @@ static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method,
             }
 
             if (x509_aia_append_string(&head, x->authInfoList[i].uri,
-                    x->authInfoList[i].uriSz) == NULL) {
-                wolfSSL_X509_email_free(head);
+                    x->authInfoList[i].uriSz) != WOLFSSL_SUCCESS) {
+                wolfSSL_sk_pop_free(head, NULL);
                 return NULL;
             }
         }
     }
     if (head == NULL && fallback != NULL && fallbackSz > 0) {
-        if (x509_aia_append_string(&head, fallback, (word32)fallbackSz) == NULL) {
-            wolfSSL_X509_email_free(head);
+        if (x509_aia_append_string(&head, fallback, (word32)fallbackSz)
+                != WOLFSSL_SUCCESS) {
+            wolfSSL_sk_pop_free(head, NULL);
             return NULL;
         }
     }

wolfssl/ssl.h

@@ -1917,6 +1917,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
 #endif
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
+WOLFSSL_API int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack,
+    WOLFSSL_STACK* in);
 
 WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
 WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk);

wolfssl/wolfcrypt/asn.h

@@ -2075,8 +2075,8 @@ struct DecodedCert {
 #endif /* WOLFSSL_DUAL_ALG_CERTS */
 
     WOLFSSL_AIA_ENTRY extAuthInfoList[WOLFSSL_MAX_AIA_ENTRIES];
-    byte    extAuthInfoListSz:7;
-    byte    extAuthInfoListOverflow:1;
+    WC_BITFIELD extAuthInfoListSz:7;
+    WC_BITFIELD extAuthInfoListOverflow:1;
 };
 
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)