wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 06:39:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,194 Commits 12 Branches 184 Tags
10b8f56fec7bc0c8d67f062f5ff44ed7582435e4
Commit Graph

5874 Commits

Author SHA1 Message Date
Daniel Pouzzner
10b8f56fec wolfio.c: in wolfIO_TcpConnect(), test for usability of gethostbyname_r by (__GLIBC__ >= 2) && defined(__USE_MISC), not defined(__GNUC__). 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
bb07d0a490 wolfio.c: refactor wolfIO_TcpConnect(() to use gethostbyname_r() if GNUC && !SINGLE_THREADED, for thread safety. 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Sean Parkinson
848f5eeb0c Merge pull request #4755 from dgarske/dtls_srtp 
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
 2022-01-21 10:43:47 +10:00
David Garske
427b67d51b Merge pull request #4756 from kareem-wolfssl/noBio 
Fix building with OPENSSL_EXTRA and NO_BIO defined.
 2022-01-20 10:41:22 -08:00
Marco Oliverio
40f573df72 dtls-srtp: NIT: fix EKM size in comments 2022-01-20 16:55:44 +01:00
Marco Oliverio
d5aa76b161 dtsl-srtp: use PRF according to the DTLS version used 
RFC 5764 sec 4.1.2
 2022-01-20 16:55:30 +01:00
Marco Oliverio
cdb2936244 dtls-srtp: PRF: fix correct order of client/server random in seed 
see RFC 5705 Section 4
 2022-01-20 16:12:04 +01:00
David Garske
609d6442b1 Merge pull request #4753 from SparkiDev/siphash 
Add SipHash algorithm
 2022-01-19 18:51:44 -08:00
Sean Parkinson
a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
David Garske
7adbf59f22 Merge pull request #4767 from anhu/kill_hc128 
Get rid of HC-128
 2022-01-19 12:20:18 -08:00
David Garske
8e0ece920b Test cleanups. Fix possible leak in TLSX_UseSRTP. 2022-01-19 09:22:02 -08:00
Marco Oliverio
9b69f693e4 dtls-srtp: check that length of strings matched before memcomparing 
otherwise if profile_str_len is > strlen(gSrtpProfiles[i].name) we end up
comparing memory past gSrtpProfiles[i].name. -fsanitize=address catches this:

```
==100159==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f40d8d533b2 at pc 0x7f40d8eb014f bp 0x7f40d50fe240 sp 0x7f40d50fd9e8
READ of size 21 at 0x7f40d8d533b2 thread T107
    #0 0x7f40d8eb014e in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
    #1 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
    #2 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
    #3 0x7f40d8c2e830 in DtlsSrtpFindProfile src/ssl.c:1310
    #4 0x7f40d8c2e9ed in DtlsSrtpSelProfiles src/ssl.c:1347
    #5 0x7f40d8c2eada in wolfSSL_CTX_set_tlsext_use_srtp src/ssl.c:1359
    #6 0x563bf381b4c5 in server_test examples/server/server.c:2278
    #7 0x7f40d88f0258 in start_thread (/usr/lib/libpthread.so.0+0x9258)
    #8 0x7f40d88195e2 in __GI___clone (/usr/lib/libc.so.6+0xfe5e2)
```
 2022-01-19 13:14:58 +01:00
David Garske
ba589955f7 Improve the DTLS SRTP client side parsing. 2022-01-18 11:23:13 -08:00
Sean Parkinson
e745de657f Merge pull request #4761 from haydenroche5/time_cb 
Add time callback functionality.
 2022-01-18 16:49:19 +10:00
Hayden Roche
1b0926a3b8 Add time callback functionality. 
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
 2022-01-17 17:49:51 -08:00
David Garske
f3f5b0f53b Peer review fixes. Improve profile not found handling or errors. Improve inline function. 2022-01-17 15:52:40 -08:00
Anthony Hu
c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
David Garske
d38c5003d0 Merge pull request #4762 from ejohnstown/old-gcc 
Old Compiler Warning Cleanup (GCC 4.0.2)
 2022-01-17 09:44:44 -08:00
John Safranek
b68b14b499 Merge pull request #4724 from embhorn/zd13462 
Improve param checks of enc
 2022-01-16 15:35:54 -08:00
Sean Parkinson
15f501358d Merge pull request #4716 from julek-wolfssl/issue-4592 
Verification: Domain check should only be performed on leaf certs
 2022-01-17 08:40:14 +10:00
John Safranek
001469589b Old Compiler Warning Cleanup (GCC 4.0.2) 
Fixed a lot of shadowed global values. Some were prototype and function
declaration parameter name conflicts. Some conflicted with typenames.
Some conflicted with globals in libc.
 2022-01-14 17:43:21 -08:00
John Safranek
153b9abc31 Old Compiler Warning Cleanup (GCC 4.0.2) 
ssl.c: Fix a couple of checks on hashType enum that were using a `< 0`
for the lower bound on an unsigned.
 2022-01-14 16:32:18 -08:00
David Garske
eade8ecdf1 DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles. 2022-01-14 13:43:29 -08:00
Kareem
1ed152daeb Fix building with OPENSSL_EXTRA and NO_BIO defined. 2022-01-14 11:19:01 -07:00
Juliusz Sosinowicz
31e84d82b8 Domain check should only be performed on leaf certs 
- Refactor `*_set_verify` functions into common logic
- NULL protect `wolfSSL_X509_VERIFY_PARAM_set1_host` and add debug info
 2022-01-14 18:16:42 +01:00
David Garske
6ccbd8776f DTLS SRTP (RFC5764) support (adds --enable-srtp). Used with WebRTC to agree on profile for new real-time session keys. 2022-01-14 07:35:45 -08:00
David Garske
f81e15f342 Merge pull request #4750 from SparkiDev/etm-disable 
TLS EncryptThenMac; fix when extension response sent
 2022-01-13 13:33:57 -08:00
Sean Parkinson
70b169e3f2 TLS EncryptThenMac; fix when extension response sent 
Only respond with the extension when negotiated a block cipher.
 2022-01-13 12:46:21 +10:00
elms
336e595ebb Remove some lingering oldname return values 2022-01-11 17:09:52 -08:00
elms
efe2cea8d1 TLS: Default secure renegotiation compatability 
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746

From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.

With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
 2022-01-11 15:56:35 -08:00
David Garske
5910ada93d Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene 
cppcheck sweep
 2022-01-10 12:52:22 -08:00
David Garske
6ce248e2f9 Improve documentation for wolfSSL_get1_session. Add wolfSSL specific naming on the internal session functions to avoid possible user conflicts. ZD13363 and ZD13487. 2022-01-10 07:47:19 -08:00
Daniel Pouzzner
355b5821b2 WOLFSSL_SESSION_EXPORT: fixes for scan-build complaints (deadcode.DeadStores) building --enable-all --enable-sessionexport. 2022-01-08 11:43:56 -06:00
Daniel Pouzzner
c50964cc35 src/internal.c: fix flubbed edit in wolfSSL_session_import_internal(). 2022-01-08 11:08:57 -06:00
Daniel Pouzzner
56c28ff307 src/ssl.c: in wolfSSL_SESSION_has_ticket(), add (void)sess if !defined(HAVE_SESSION_TICKET), to fix -Wunused-parameter. 2022-01-08 02:39:50 -06:00
Daniel Pouzzner
8ba6027073 src/wolfio.c: fixes for cppcheck complaints: nullPointer uninitvar 2022-01-08 00:28:35 -06:00
Daniel Pouzzner
bb727d2ef2 src/ssl.c: fixes for cppcheck complaints: uselessAssignmentPtrArg autoVariables[not a defect; added suppression] invalidPrintfArgType_sint nullPointerRedundantCheck pointerSize 2022-01-08 00:28:09 -06:00
Daniel Pouzzner
4d3dfc451d src/sniffer.c: fixes for cppcheck complaints: negativeIndex 2022-01-08 00:27:59 -06:00
Daniel Pouzzner
b69dc00bd7 src/internal.c: fixes for cppcheck complaints: nullPointerRedundantCheck uninitvar 2022-01-08 00:27:47 -06:00
Eric Blankenhorn
f74831a7da Improve param checks of enc 2022-01-06 09:12:18 -06:00
David Garske
32223b9c3a Merge pull request #4697 from LinuxJedi/isotp 
Add ISO-TP support to wolfio
 2022-01-05 10:34:43 -08:00
Andrew Hutchings
e847bf7301 ISO-TP buffer fixes 
* Flow control failed on wrap around when there is going to be no more
  flow control packets.
* If ISOTP_Send is provided more than 4095 bytes, limit it to 4095 bytes
  as wolfSSL will retry with the rest.
* Set the default receive size to the max ISO-TP data size.
* A few other cleanups.
 2022-01-05 11:37:15 +00:00
Andrew Hutchings
247cbdeef7 Cleanups for ISO-TP in wolfio 
* Add Doxygen comments
* Make ISOTP_Send, ISOTP_Receive and wolfSSL_SetIO_ISOTP safer
* Reorder isotp_wolfssl_ctx
* Other minor cleanups
 2022-01-04 12:57:11 +00:00
Marco Oliverio
4907696ed4 wolfssl: keys: add missing wc_AesFree() when setting new keys 2021-12-30 20:30:36 +01:00
Jacob Barthelmeh
73b4cc9476 fix for location of xmemset 2021-12-29 10:48:06 -07:00
Jacob Barthelmeh
05a19c852b account for DTLS extra header size when reading msg from pool 2021-12-27 16:52:09 -07:00
Andrew Hutchings
7c2a2229c5 Use XMEMCPY and defined constannts for ISOTP 2021-12-24 11:56:16 +00:00
Daniel Pouzzner
54e9076c45 src/ssl.c: fix whitespace and heap reference in FreeSession() (re 569c066fab). 2021-12-24 01:16:32 -06:00
David Garske
02186dbd23 Fix for TLS v1.3 client session ticket resumption where the server opts to do a new handshake. Fix to make sure preMasterSz is valid. 2021-12-23 18:45:52 -08:00