Commit Graph

7134 Commits

Author SHA1 Message Date
JacobBarthelmeh 8583cc65fa Merge pull request #6471 from SparkiDev/tests_api_expect_3
Test api.c: change more tests to use Expect instead of Assert
2023-06-07 11:22:23 -06:00
JacobBarthelmeh 1445a6a832 Merge pull request #6482 from SparkiDev/regression_fixes_7
Regression testing fixes
2023-06-07 11:18:36 -06:00
JacobBarthelmeh 2b054e223b Merge pull request #6483 from SparkiDev/cppcheck_fixes_10
cppcheck: fixes from scan
2023-06-07 11:13:53 -06:00
Sean Parkinson ed01b14356 cppcheck: fixes from scan
wolfssl_sce_unit_test.c:
  sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
  wolfSSL_i2t_ASN1_OBJECT(): done is not needed
  MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
  Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
  KcapiRsa_Decrypt(): fix ret check by using else
  KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
  KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
  XFREE checks for NULL

Reduce scope of varialbes.
Condition same.
2023-06-07 17:27:51 +10:00
John Safranek d67ce722ff Merge pull request #6476 from kareem-wolfssl/dtlsBlankCert
Send blank certificate message in DTLS when no client cert is loaded.
2023-06-06 22:43:01 -07:00
Sean Parkinson b07c5d7ce8 Regression testing fixes
Fix: ./configure --disable-shared  --enable-smallstack --enable-all
CFLAGS=-DNO_ASN_TIME

Don't compile mp_test when compiling for SP Math All and RSA
verification only - very few functions available.

ssl.c:
wolfSSL_Rehandshake(): wolfSSL_UseSessionTicket only available when
not NO_WOLFSSL_CLIENT
api.c:
  test_wolfSSL_ticket_keys(): meant to be tested on server
2023-06-07 14:26:45 +10:00
Sean Parkinson e542e51d9f Test api.c: change more tests to use Expect instead of Assert
bio.c:
  wolfSSL_BIO_push(): handles NULL for top and append.

crl.c:
InitCRL_Entry(): set toBeSigned to NULL after freeing when allocation
fails.
  AddCRL(): free CRL entry properly on error.
wolfSSL_X509_STORE_add_crl(): check for NULL after
wolfSSL_X509_crl_new call.

ssl.c:
wolfSSL_CertManagerGetCerts(): free the certificate if it didn't get
pushed onto stack
  wolfSSL_RAND_Init(): returns success if global already initialized.

ssl_asn1.c: wolfSSL_ASN1_TYPE_set now avaiable when OPENSSL_EXTRA
defined for function wolfssl_dns_entry_othername_to_gn().

x509.c:
Added support for creating a valid General Name of type GEN_OTHERNAME.
Extracted some code out into wolfssl_x509_alt_names_to_gn().
  wolfSSL_X509_set_ext(): free data correctly on errors
wolfSSL_X509_PUBKEY_set(): free str if DSA parameters cannot be
retrieved; wolfSSL_OBJ_nid2obj() called separately to handle when
returning NULL.
wolfSSL_X509_NAME_copy(): check for failure when
wolfSSL_X509_NAME_add_entry() is called.

x509_str.c:
wolfSSL_X509_STORE_CTX_new(): check for error from calling
wolfSSL_X509_STORE_CTX_init().
wolfSSL_X509_STORE_get0_objects(): don't double free x509; free memory
correctly on error
2023-06-07 14:10:42 +10:00
JacobBarthelmeh ee289fdf89 Merge pull request #6429 from embhorn/zd16184
Allow wolfSSL_RAND_Init to pass if already initialized
2023-06-06 16:23:42 -06:00
Daniel Pouzzner 3b48bc97ed Merge pull request #6381 from SparkiDev/type_conversion_fixes_1
Fix type conversion warnings by gcc
2023-06-06 11:25:31 -05:00
Sean Parkinson 3230d27700 Merge pull request #6436 from lealem47/sanitizer
Miscellaneous fixes for sanitizer
2023-06-06 11:55:52 +10:00
Kareem ebac138e77 Send blank certificate message in DTLS when no client cert is loaded. 2023-06-05 10:49:42 -07:00
Marco Oliverio e53453a7ed fix: add guards to compile w !HAVE_SUPPORTED_CURVES && NO_CERTS
This configuration can be used to build a static PSK only build
2023-06-05 16:13:11 +00:00
JacobBarthelmeh 35e59a3569 Merge pull request #6456 from SparkiDev/tests_api_expect_2
Test api.c: change more tests to use Expect instead of Assert
2023-06-01 10:29:52 -06:00
Chris Conlon 806c75d28b Merge pull request #6450 from miyazakh/fix_jenkins_android
fix to cast diff type, int and uint
2023-06-01 08:33:02 -06:00
Sean Parkinson 7259351a3f Test api.c: change more tests to use Expect instead of Assert
Added a new version of 'nofail' handshaking that doesn't use threads.
More tests can be run in single threaded.

Changed tests over to use test_wolfSSL_client_server_nofail() or
test_wolfSSL_client_server_nofail_memio() to simplfy test cases.

Changed tests to use Expect.

CRL:
BufferLoadCRL wasn't freeing allocated data when currentEntry
couldn't be allocated.

ssl.c:
DecodeToX509(): Needs to call FreeDecodedCert even if
ParseCertRelative fails.
wolfSSL_PEM_read_PUBKEY(): Need to check result of
wolfSSL_d2i_PUBKEY is NULL rather than the passed in WOLFSSL_EVP_PKEY.

X509:
wolfSSL_X509_set_ext(): Must free allocated WOLFSSL_X509_EXTENSION
if not pushed on to stack regardless of stack being NULL.
wolfSSL_X509V3_EXT_i2d(): Don't free asn1str on error as it is the
data passed in.
wolfSSL_i2d_X509_NAME_canon(): free names and cano_data when call to
wolfSSL_ASN1_STRING_canon() fails.

PKCS7:
    wc_PKCS7_InitWithCert(): Check memory allocation of cert for NULL.
2023-06-01 14:22:00 +10:00
Sean Parkinson b62e0b7ceb Fix type conversion warnings by gcc 2023-06-01 14:21:41 +10:00
JacobBarthelmeh 80311975ce Merge pull request #6452 from anhu/no_rsa_sigalgs
For NO_RSA, don't advertise support for RSA.
2023-05-31 13:41:56 -06:00
Hideki Miyazaki 554e6472b5 addressed review comments 2023-05-31 06:54:14 +09:00
jordan 1bdd1cb157 Used codespell and fixed obvious typos in src and wolfssl. 2023-05-30 11:36:43 -05:00
Anthony Hu ea6155c924 For NO_RSA, don't advertise support for RSA. 2023-05-30 12:34:23 -04:00
Hideki Miyazaki 63a5fe3229 fix to cast diff type, int and uint 2023-05-30 17:32:42 +09:00
Sean Parkinson 541ea51ad5 Tests api.c: rework for malloc failure testing
Modified number of tests to not crash on failure and cleanup allocations
on failure.
Added memory fail count option to set which memory allocation to start
failing on.
Fix issues found from testing.

bio.c:
BIO_new() move ref count up so that calls to wolfSSL_BIO_free()
work.
internal.c:
ImportCipherSpecState wasn't checking SetKeySide for failure. Crash
when pointer is NULL and accessed directly.
ocsp.c:
wolfSSL_OCSP_response_get1_basic() doesn't need to free vs->source
as it is freed in WOLFSSL_OCSP_RESPONSE_free().
ssl.c:
ProcessBuffer() Don't strip PKCS#8 header if failed to create DER.
Crasged as directly accessing 'der' which was NULL.
ssl_asn.c:
wolfssl_asn1_integer_require_len was checking wrong variable to see
if allocation failed.
x509,c:
wolfSSL_X509_ALGOR_set0 needs to set aobj only when no failure
possible.
wolfSSL_X509_chain_up_ref needs to call cleanup to ensure everything
is freed.
2023-05-30 12:01:21 +10:00
Sean Parkinson 37c03e3f11 Merge pull request #6442 from embedded-specialties/int-sequence
ASN.1 Integer sequence
2023-05-30 09:37:55 +10:00
Joe Hamman 8fb4e7813b Added braces to support older compilers 2023-05-28 18:59:16 -04:00
JacobBarthelmeh 569a498015 Merge pull request #6443 from SparkiDev/wolfssl_x509_name_entry_leak_2
X509 NAME Entry: fix get object to not leak
2023-05-25 16:15:12 -06:00
JacobBarthelmeh a05f4f4dd9 Merge pull request #6432 from SparkiDev/wolfssl_x509_name_entry_leak
X509 NAME ENTRY create: ensure existing object is not lost
2023-05-25 09:28:45 -06:00
JacobBarthelmeh 6b2fe61d95 Merge pull request #6439 from lealem47/asio_cmake
CMake: add option to enable asio
2023-05-25 09:26:06 -06:00
Sean Parkinson cff8e8e6f7 X509 NAME Entry: fix get object to not leak
wolfSSL_X509_NAME_ENTRY_get_object
 - object field was being reused if it existed but lost on error
 - store object only on success, ie object is not NULL
 - moved function into x509.c
2023-05-25 09:26:22 +10:00
Joe Hamman 2c59bec72c Fixed typo in comment 2023-05-24 17:37:51 -04:00
Joe Hamman 8bd3850e58 Added ASN.1 Integer sequencing 2023-05-24 17:28:53 -04:00
Lealem Amedie 98522fa39d Only clear last ASN_PEM_NO_HEADER error 2023-05-24 14:17:46 -06:00
Lealem Amedie 34c12789c9 CMake: add option to enable asio 2023-05-24 12:46:11 -06:00
Lealem Amedie 5613109fae Miscellaneous fixes for sanitizer 2023-05-23 13:51:46 -06:00
Marco Oliverio 5182fe3f7d wolfio: cleaning: use WOLFSSL_IP6 define instead of AF_INET6 2023-05-22 15:33:06 +00:00
Marco Oliverio 640f9cf967 wolfio: EmbedRecvFrom: check ipv6 peer on non-ipv6 version 2023-05-22 15:33:05 +00:00
Marco Oliverio 73f502e189 wolfio: dtls: retry instead of returning WANT_READ on different peer
If EmbedReceiveFrom() returns WANT_READ, a blocking socket will not know how to
deal with the error. Retry the recvfrom instead adjusting the timeout.
2023-05-22 15:31:58 +00:00
Sean Parkinson 403acadf1a X509 NAME ENTRY create: ensure existing object is not lost
wolfSSL_X509_NAME_ENTRY_create_by_txt and
wolfSSL_X509_NAME_ENTRY_create_by_NID:
 - object field was being reused if it existed but lost on error
 - extracted common code
 - store object only on success, ie object is not NULL
2023-05-22 10:52:51 +10:00
Eric Blankenhorn 3e95ad9549 Allow wolfSSL_RAND_Init to pass if already initialized 2023-05-19 17:08:44 -05:00
David Garske 8b9e13865a Merge pull request #6383 from philljj/zd16072
Fix session ticket leak in wolfSSL_Cleanup
2023-05-19 09:14:07 -07:00
Marco Oliverio 31ed2a2bbb dtls13: support Authentication and Integrity-Only Cipher Suites
See RFC 9150. To enable the feature use HAVE_NULL_CIPHER compilation flag.
2023-05-18 10:03:03 +00:00
Sean Parkinson 5f1ce09dce Merge pull request #6412 from JacobBarthelmeh/tls13
add tls extension sanity check
2023-05-18 09:33:49 +10:00
David Garske 0530ee774f Merge pull request #6418 from douzzer/20230517-linuxkm-benchmarks
20230517-linuxkm-benchmarks
2023-05-17 15:00:49 -07:00
jordan 9d05a4f2ed Don't orphan ticBuff pointer in wolfSSL_DupSessionEx 2023-05-17 16:25:27 -04:00
Daniel Pouzzner 40b598289f src/ssl_asn1.c: in wolfssl_asn1_time_to_tm(), initialize localTm with memset, not the zero initializer, for C++ compatibility. 2023-05-17 01:06:17 -05:00
Daniel Pouzzner 5aceae1d1c src/internal.c: fix for typo (identicalInnerCondition) in DoClientHello(). 2023-05-17 01:05:14 -05:00
JacobBarthelmeh 53ef26bf3a Merge pull request #6392 from rizlik/dtls13-fix-ch-epoch
DTLS v1.3: fix epoch 0 check on plaintext message
2023-05-16 10:07:14 -06:00
JacobBarthelmeh 00f1eddee4 add tls extension sanity check 2023-05-15 15:49:44 -07:00
David Garske c2a7397425 Merge pull request #6406 from JacobBarthelmeh/fuzzing
check for socket errors on SendAlert
2023-05-15 09:16:20 -07:00
JacobBarthelmeh ea40176bee check for socket errors on SendAlert 2023-05-12 09:52:01 -07:00
Kareem 6930179b8e Fix wolfssl_asn1_time_to_tm setting unexpected fields in tm struct. 2023-05-11 15:15:46 -07:00