Commit Graph

8229 Commits

Author SHA1 Message Date
Andras Fekete d99a1c6a13 Fix another compilation issue
In file included from ./wolfssl/error-ssl.h:27,
                 from ./wolfssl/ssl.h:35,
                 from ./wolfssl/internal.h:28,
                 from src/ssl.c:36:
./src/x509_str.c: In function 'int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE*, byte*, word32, int)':
./wolfssl/wolfcrypt/error-crypt.h:336:37: error: 'CONST_NUM_ERR_WOLFSSL_SUCCESS' was not declared in this scope; did you mean 'CONST_NUM_ERR_WOLFSSL_UNKNOWN'?
  336 |     #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label)
      |                                     ^~~~~~~~~~~~~~
./src/x509_str.c:1456:15: note: in expansion of macro 'WC_NO_ERR_TRACE'
 1456 |     int ret = WC_NO_ERR_TRACE(WOLFSSL_SUCCESS);
      |               ^~~~~~~~~~~~~~~
2024-11-15 10:12:13 -05:00
David Garske e22d17c09f Merge pull request #8185 from SparkiDev/kyber_fixes_4
Kyber: Fix wolfSSL_get_curve_name()
2024-11-14 17:57:24 -08:00
David Garske c06b5fadc1 Merge pull request #8180 from JacobBarthelmeh/staticmemory
wc_UnloadStaticMemory should be used to free mutex
2024-11-14 17:54:56 -08:00
David Garske 21bfcaf666 Merge pull request #8136 from anhu/csr_version
Fix for setting wrong version in CSRs.
2024-11-14 17:52:58 -08:00
David Garske 54bdb39454 Merge pull request #8176 from SparkiDev/x509_coverage
X509: improve testing coverage
2024-11-14 17:49:33 -08:00
Daniel Pouzzner 469c410393 src/sniffer.c: remove build-time assert on HAVE_THREAD_LS || SINGLE_THREADED, as it breaks existing build tests. fix more later. 2024-11-14 18:22:42 -06:00
Daniel Pouzzner 4ad0dce84e src/sniffer.c: revert refactor pending proper fixes. 2024-11-14 18:00:52 -06:00
Daniel Pouzzner dd9f6378cb rename WOLFSSL_GLOBAL to WC_THREADSHARED, and refactor mutex handling in src/sniffer.c for consistency and correctness, also adding gating on !SINGLE_THREADED for efficiency;
add wc_static_assert in wolfcrypt/test/test.h to assure that WC_TEST_RET_ENC() can correctly handle all error codes.
2024-11-14 16:35:04 -06:00
Sean Parkinson b98af853f2 Kyber: Fix wolfSSL_get_curve_name()
Fix protection around Kyber hybrid strings when compiling for original
with wolfSSL implementation.
2024-11-15 08:17:02 +10:00
Daniel Pouzzner 6af54d3de2 Merge pull request #8183 from SparkiDev/kyber_fixes_3
Kyber: fixes to configure and wolfSSL_get_curve_name
2024-11-14 12:47:09 -06:00
Sean Parkinson 886f5b0a5b Kyber: fixes to configure and wolfSSL_get_curve_name
Remote original-only option for kyber in configure.ac.
Default is ML-KEM only.
original is Kyber only.
ml-lem is ML-KEM.
to have both: all,original,ml-kem.

Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the
inclusion of kyber headers.
2024-11-14 16:25:41 +10:00
Daniel Pouzzner 0ebd86d668 add second wolfCrypt error code span, and add DEADLOCK_AVERTED_E. 2024-11-13 13:01:00 -06:00
JacobBarthelmeh f74e73e8ce wc_UnloadStaticMemory should be used to free mutex 2024-11-13 11:51:53 -07:00
Daniel Pouzzner 524f0f5799 peer review on "WOLFSSL_CLEANUP_THREADSAFE":
* add WOLFSSL_ATOMIC_INITIALIZER() to wc_port.h;
* rename feature macro to WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS for clarity;
* remove spin lock logic in wolfSSL_Init() and instead return DEADLOCK_AVERTED_E on contended initialization;
* unless WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS is user-defined to 0, automatically enable it when appropriate.
2024-11-12 23:57:35 -06:00
Daniel Pouzzner b8aeaf4fa8 src/ssl.c: implement WOLFSSL_CLEANUP_THREADSAFE in wolfSSL_Init() / wolfSSL_Cleanup(). 2024-11-12 17:37:45 -06:00
Sean Parkinson 86ad96ca29 X509: improve testing coverage 2024-11-13 09:10:22 +10:00
Anthony Hu b1ccbbc7fa Addressing review comments from dgarske 2024-11-12 16:36:12 -05:00
Daniel Pouzzner 878cf3afaa Merge pull request #8155 from JacobBarthelmeh/x509_req
fix for memory leak due to missed WOLFSSL_GENERAL_NAME capability cha…
2024-11-11 23:03:52 -06:00
JacobBarthelmeh ce935fddad cast return of XMALLOC 2024-11-11 09:57:33 -07:00
Daniel Pouzzner 165b4afbeb Merge pull request #8143 from SparkiDev/kyber_plus_mlkem
Kyber/ML-KEM: make both available
2024-11-09 00:09:51 -06:00
Daniel Pouzzner aa18bbca55 assorted cleanups and refactors for C89 conformance, codespell and check-source-text, and consistent heap shim usage.
.github/workflows/codespell.yml: remove */README_jp.txt from "skip" list.

IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt: convert from SHIFT_JIS to UTF-8.

cmake/options.h.in: use "#cmakedefine HAVE_PTHREAD 1" to avoid conflict with config.h.

configure.ac: add --enable-c89, and remove !ENABLED_OPENSSLEXTRA dependency from AM_CONDITIONAL([BUILD_CRYPTONLY],...).

wolfcrypt/src/asn.c: refactor SetOthername() for efficiency, and add PRAGMA_GCC to suppress false positive -Wstringop-overflow associated with -fstack-protector.

wolfssl/wolfcrypt/rsa.h: add WC_ prefixes to RSA_PKCS1_PADDING_SIZE and RSA_PKCS1_OAEP_PADDING_SIZE, and define unprefixed compat aliases only if !OPENSSL_COEXIST.

wolfssl/wolfcrypt/types.h:

  #ifdef WOLF_C89, #define WC_BITFIELD unsigned;
  enhance WOLF_ENUM_DUMMY_LAST_ELEMENT() to include the line number, to construct unique labels given a per-filename argument, to accommodate anonymous enums.

examples/asn1/asn1.c:
examples/client/client.c:
examples/pem/pem.c:
examples/server/server.c:
wolfcrypt/src/sp_dsp32.c:
wolfcrypt/src/wc_port.c:
wolfssl/test.h:

  use XMALLOC/XREALLOC/XFREE consistently, not malloc/realloc/free.

wolfcrypt/benchmark/benchmark.c:
wolfcrypt/src/memory.c:
wolfcrypt/test/test.c:
wolfssl/wolfcrypt/mem_track.h:
wolfssl/wolfcrypt/settings.h:
wolfssl/wolfcrypt/types.h:

  annotate intentional native heap access with "/* native heap */".

wolfcrypt/src/asn.c:
wolfssl/callbacks.h:
wolfssl/openssl/ec.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/hpke.h:
wolfssl/wolfcrypt/types.h:

  fix enum trailing commas.

wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/rsa.h:
wolfssl/openssl/ssl.h:

  use WC_BITFIELD in bitfield elements, not byte or word16, to allow for pedantic C89 conformant builds.

wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/pem.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/logging.h:
avoid variadic macros wherever possible, and where unavoidable, #ifdef WOLF_NO_VARIADIC_MACROS, define them with empty arg lists, rather than ..., to support Watcom compiler.

wolfssl/wolfcrypt/settings.h: if defined(__WATCOMC__), define WOLF_NO_VARIADIC_MACROS.
2024-11-07 22:36:24 -06:00
JacobBarthelmeh a896c16ebd fix for memory leak due to missed WOLFSSL_GENERAL_NAME capability changes 2024-11-06 17:10:54 -07:00
Anthony Hu 0508151ddf Quick fix 2024-11-06 16:07:18 -05:00
Sean Parkinson 256c6708e0 Testing fixes
Fix header inclusion: settings.h after options.h.
pkcs8_encode(): dh is not available if NO_DH is defined.
2024-11-06 15:23:49 +10:00
Daniel Pouzzner 8ecf064314 Merge pull request #8098 from dgarske/x86_notwindows_2
More fixes for building x86 in Visual Studio for non-windows OS
2024-11-05 00:13:13 -06:00
David Garske aad0f6e08d Peer review feedback: Improve workaround for variadic macros and cast warnings. 2024-11-04 11:15:00 -08:00
Sean Parkinson 7d42ddae48 Kyber/ML-KEM: make both available
Make Kyber and ML-KEM individually available as well as at the same
time.
Modified TLS layer to support both Kyber and ML-KEM.
Added new identifiers in TLS layer for ML-KEM.
2024-11-04 23:51:51 +10:00
Daniel Pouzzner 6f7c968c56 rename MAX_CERT_VERIFY_SZ to WC_MAX_CERT_VERIFY_SZ, and move its setup from wolfssl/internal.h to wolfssl/wolfcrypt/asn.h.
rename WOLFSSL_MAX_RSA_BITS to WC_MAX_RSA_BITS, and move its setup from wolfssl/internal.h to wolfssl/wolfcrypt/asn.h, preceding setup for WC_MAX_CERT_VERIFY_SZ.

configure.ac: restore opensslextra-linuxkm assertion, with a twist: "--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm."

wolfcrypt/src/asn.c: fix trailing comma in enum.

wolfcrypt/src/port/arm/armv8-aes.c: fix wc_AesCcmEncrypt() and wc_AesCcmDecrypt() for test_wolfssl_EVP_aes_ccm_zeroLen().
2024-11-02 23:50:34 -05:00
Daniel Pouzzner 6119c52802 Merge pull request #8043 from bandi13/addCodespell
Add Codespell test to PRs
2024-11-01 21:20:29 -05:00
David Garske 836b741402 Merge pull request #8132 from douzzer/20241024-opensslcoexist-opensslextra
20241024-opensslcoexist-opensslextra
2024-11-01 14:34:11 -07:00
Daniel Pouzzner b41ce0427c src/pk.c: in pem_read_bio_key(), fix invalid read (ZD#18875). 2024-11-01 12:43:08 -05:00
Andras Fekete 0915012b72 Fix new spelling errors 2024-11-01 13:00:59 -04:00
Andras Fekete 34298e8ada More spelling fixes 2024-11-01 12:59:01 -04:00
Andras Fekete b3fe71d9d9 Spelling fixes 2024-11-01 12:59:01 -04:00
Anthony Hu d959d9de7f cast 1 to long 2024-11-01 11:34:22 -04:00
Anthony Hu 2254ec89d3 Fix for setting wrong version in CSRs. 2024-10-31 17:08:42 -04:00
Daniel Pouzzner a2bcbf7ecf additional fixes and peer review for -DOPENSSL_EXTRA -DOPENSSL_COEXIST: cover -DWOLFSSL_QUIC, fix -DNO_ASN, rename WOLFSSL_ASN1_TYPE_* to WOLFSSL_V_ASN1_*, completed nativization of NID_*, and switch to prefix WC_NID_ rather than wc_NID_. 2024-10-31 00:10:21 -05:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
Sean Parkinson 89d2964320 Merge pull request #8115 from miyazakh/ocsp_tls13_client
Check Intermediate cert OCSP when using tls1.3 for client side
2024-10-31 11:13:01 +10:00
Daniel Pouzzner 4b8c9bbb6d Merge pull request #8130 from anhu/cks_tlsver_downgrade
Consider downgrade to TLS 1.2 when parsing CKS.
2024-10-30 19:20:24 -05:00
Anthony Hu 69f2529aa5 Consider downgrade to TLS 1.2 when parsing CKS. 2024-10-30 16:50:59 -04:00
David Garske 72306b9a67 Merge pull request #7973 from bandi13/fixSniffer
Fix sniffer
2024-10-29 15:21:41 -07:00
David Garske b982314ac6 Merge pull request #8101 from miyazakh/tsip_ca_add
Check Root CA by TSIP before adding it to ca-table
2024-10-29 14:23:47 -07:00
Andras Fekete 2cdecd85a2 If we have a capture on device 'any', then we need to handle the offset
Detect reading of packet errors

--enable-all and --enable-sniffer exposed this issue

Don't need variable

Rework argument parsing

Need a way to allow arguments to be supplied more granularly. Partucilarly, I needed a "-tracefile" argument without requiring the use of a PCAP file

Fix error prints to STDERR

Fix setting of port filtering

Fix 80 char limit

Not actually a bad packet when there are no more packets

Fix strcat size

Allow the sniffer to print the trace to STDOUT

Fix indexing

Take out superfluous error which is handled later

Set default port to 11111

Single return point

Combine chain to one contiguous memory block

Fix return

Add in error handling for XMALLOC

Add in debugging output when --enable-debug

It makes no sense to allocate a ton of small buffers to process chains

Ultimately, the code is slower because of the several small memcpy instead of a single large contiguous memcpy

Pass in a device name

Fix unused variable

Fix cast

Addressing PR comments

Add new flags to --help
2024-10-29 16:55:20 -04:00
David Garske 84b5d6613d More fixes for building x86 in Visual Studio for non-windows OS (Watcom C compiler). Followup to PR #7884. Fixes ZD 18465
* Consolidate the USE_WINDOWS_API to a single place.
* Expand the `WOLFSSL_NOT_WINDOWS_API` improvement for intrinsics and word sizes.
* Fix for macro variadic `...` when no variables are used (some compilers like Watcom C have issue with this).
* Fix for Watcom C compiler "long long" -> "__int64".
* Fix a couple of minor cast warnings reported from VS.
2024-10-29 11:50:24 -07:00
Daniel Pouzzner 57a5895d0e Merge pull request #8110 from philljj/fix_infer
infer: fix uninit values in pkcs8_encode.
2024-10-29 01:16:04 -05:00
Hideki Miyazaki 79a9e0a709 intermediate cert check when using tls1.3 for client side 2024-10-26 14:09:58 +09:00
Daniel Pouzzner 6f87f57d7a fixes for gating and ARM32 alignment defects:
wolfcrypt/src/port/arm/armv8-aes.c: in the WOLFSSL_ARMASM_NO_HW_CRYPTO version of wc_AesSetKey(), copy the supplied userKey to a properly aligned buffer if necessary before calling AES_set_encrypt_key();

src/dtls13.c: in Dtls13GetRnMask(), if defined(WOLFSSL_LINUXKM)), return retval of wc_AesEncryptDirect();

wolfcrypt/src/misc.c: add readUnalignedWord32(), writeUnalignedWord32(), readUnalignedWords32(), and writeUnalignedWords32();

wolfcrypt/src/siphash.c: use readUnalignedWord64(), readUnalignedWord32(), and writeUnalignedWord64(), to avoid unaligned access faults, and fix cast in byte-reversing version of GET_U32().
2024-10-25 23:52:32 -05:00
jordan ce31b15608 infer: fix uninit values in pkcs8_encode. 2024-10-23 20:11:51 -05:00
Hideki Miyazaki a14d7db58c move trailing space 2024-10-24 09:31:00 +09:00