Chris Conlon
3640bf241c
Merge pull request #3507 from ethanlooney/32nd_branch
...
Doxygen - Removed link/button to annotated.html page as it is currently broken
2020-11-17 13:40:27 -07:00
David Garske
8fe6186621
Merge pull request #3496 from haydenroche5/pre_commit_stash_fix
...
Modify pre-commit.sh to only stash and stash pop if there are modified files not add to the index
2020-11-17 07:54:50 -08:00
Ethan Looney
7467b4c456
Removed link/button to annotated.html page as it is currently broken
2020-11-16 14:25:22 -07:00
Chris Conlon
4e37036cba
Merge pull request #3499 from ethanlooney/31st_branch
...
Added blake2s unit tests
2020-11-16 09:37:31 -07:00
JacobBarthelmeh
4efbb2fc70
Merge pull request #3418 from cconlon/zd11003
...
PKCS#7: check PKCS7 VerifySignedData content length against total bundle size
2020-11-16 18:14:41 +07:00
David Garske
e9f0cb234b
Merge pull request #3425 from haydenroche5/cmake
...
CMake improvements
2020-11-14 08:35:54 -08:00
Ethan Looney
0541a59edd
Added blake2s unit tests
2020-11-13 14:43:50 -07:00
Hayden Roche
cd61fbd0fe
Modify pre-commit.sh to only stash and stash pop if there are modified files not
...
added to the index.
Before this change, if there was nothing to stash, the last thing you stashed
would get popped at the end of the script.
2020-11-13 13:38:58 -06:00
David Garske
d4e1340027
Merge pull request #3486 from douzzer/refactor-gccish-macros
...
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions
2020-11-13 09:26:00 -08:00
Hayden Roche
8f6c21d600
CMake improvements.
...
- Begin adding options to enable/disable different features.
- Increase minimum CMake version to 3.2.
- Support installation of the built files.
- Add checks for necessary include files, functions etc.
- Generate options.h and config.h.
- Use GNUInstallDirs to support installation, which is designed to be somewhat
cross-platform.
- Export wolfssl CMake target during installation, so others using CMake can
link against wolfssl easily.
- Disallow in-source builds.
- Place the generation of BUILD_* flags (controlled with AM_CONDITIONALs
in configure.ac) in a separate function in functions.cmake,
generate_build_flags.
- Implement the logic to conditionally add source files from
src/include.am in a function in functions.cmake, generate_lib_src_list.
- Exclude tls_bench from Windows. Doesn't compile with MSVC. WIP.
- Update INSTALL with latest CMake build instructions.
- Add a cmake/include.am to ensure CMake files get added to the distribution.
2020-11-13 11:25:04 -06:00
David Garske
7f559b1d1a
Merge pull request #3487 from ejohnstown/sbf
...
Scan-Build Fixes
2020-11-13 09:24:17 -08:00
John Safranek
28be1d0cb3
Scan-Build Fixes
...
1. Fix some potential uninitialized pointer errors in the functions sp_RsaPublic_2048, sp_RsaPublic_3072, and sp_RsaPublic_4096 for small stack builds.
To recreate:
$ scan-build ./configure --enable-sp=small --enable-smallstack --enable-smallstackcache CPPFLAGS="-DECC_CACHE_CURVE -DHAVE_WOLF_BIGINT"
2020-11-12 20:58:25 -08:00
John Safranek
1e348b991d
Scan-Build Fixes
...
1. Fix a potential dereference of NULL pointer.
To recreate:
$ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
2020-11-12 20:58:17 -08:00
Chris Conlon
53c6698678
Merge pull request #3445 from kojo1/EVP-gcm
...
set tag for zero inl case
2020-11-12 15:49:45 -07:00
Chris Conlon
735fb19ea9
break out on error parsing PKCS#7 SignedData inner OCTET_STRING
2020-11-12 15:44:25 -07:00
David Garske
b931b1bd4d
Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning.
2020-11-12 12:51:41 -08:00
John Safranek
38867ae2bf
Scan-Build Fixes
...
1. Added a check to see if the "d" in sp_div() ended up with a negative used length. Return error if so.
To recreate:
$ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
2020-11-12 10:24:11 -08:00
John Safranek
e996a7d15b
Scan-Build Fixes
...
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.
To recreate:
$ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
$ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-12 09:06:59 -08:00
David Garske
c7bb602a30
Merge pull request #3482 from douzzer/scan-build-fixes-20201110
...
scan-build fixes -- 1 null deref, 34 unused results
2020-11-12 07:45:45 -08:00
toddouska
d3e3b21c83
Merge pull request #3393 from dgarske/zd11104
...
Fix for TLS ECDH (static DH) with non-standard curves
2020-11-11 14:22:37 -08:00
toddouska
197c85289b
Merge pull request #3468 from SparkiDev/sp_c_mul_d
...
SP C32/64 mul_d: large div needs mul_d to propagate carry
2020-11-11 14:06:25 -08:00
Daniel Pouzzner
f96fbdb7d1
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions.
2020-11-11 13:44:26 -06:00
Daniel Pouzzner
5fe1586688
fix 34 deadcode.DeadStores detected by llvm11 scan-build.
2020-11-11 13:04:14 -06:00
JacobBarthelmeh
fe2dcf76fe
Merge pull request #3413 from cconlon/zd11011
...
PKCS#7: check PKCS7 SignedData private key is valid before using it
2020-11-11 22:55:03 +07:00
Takashi Kojo
d7ea8b953b
fold long lines
2020-11-11 08:43:16 +09:00
Takashi Kojo
eab3bf9ab4
Add a test case for zero len plain text
2020-11-11 08:43:16 +09:00
Takashi Kojo
417ff1b0f2
set tag for zero len case
2020-11-11 08:43:16 +09:00
David Garske
68209f91fb
Merge pull request #3465 from kaleb-himes/DOX_UPDATE_wc_RsaPublicEncrypt
...
Address report on issue #3161
2020-11-10 14:52:20 -08:00
David Garske
fcd73135f5
Merge pull request #3479 from tmael/ocsp_NULL
...
Check <hash> input parameter in GetCA
2020-11-10 14:46:05 -08:00
Daniel Pouzzner
958fec3b45
internal.c:ProcessPeerCerts(): fix a core.NullDereference detected by llvm9 and llvm11 scan-builds.
2020-11-10 16:40:28 -06:00
Chris Conlon
7b50cddf8c
Merge pull request #3387 from ethanlooney/27th_branch
...
Added unit test for evp.c
2020-11-10 13:27:33 -07:00
David Garske
8645e9754e
Only set ssl->ecdhCurveOID if not already populated.
2020-11-10 09:47:38 -08:00
David Garske
1d531fe13b
Peer review fixes.
2020-11-10 09:47:37 -08:00
David Garske
fa1af37470
Fix for FIPS ready CAVP tests. For now it requires ECC 192-bit.
2020-11-10 09:47:37 -08:00
David Garske
5de80d8e41
Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used.
2020-11-10 09:47:37 -08:00
David Garske
b13848e568
Fix tests to handle ECC < 224 not enabled.
2020-11-10 09:47:37 -08:00
David Garske
6bd98afdd0
Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined.
2020-11-10 09:47:37 -08:00
David Garske
c697520826
Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits.
2020-11-10 09:47:36 -08:00
David Garske
62dca90e74
Fix for server-side reporting of curve in wolfSSL_get_curve_name if client_hello includes ffdhe, but ECC curve is used.
2020-11-10 09:47:36 -08:00
David Garske
d7dee5d9e6
Fix for ECC minimum key size, which is 112 bits.
2020-11-10 09:47:36 -08:00
David Garske
6ac1fc5cff
Fix include.am typo.
2020-11-10 09:47:36 -08:00
David Garske
10f459f891
Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256.
2020-11-10 09:47:36 -08:00
David Garske
fb9ed686cb
Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available).
2020-11-10 09:47:36 -08:00
David Garske
045fc4d686
Fixes to support overriding minimum key sizes for examples.
2020-11-10 09:47:36 -08:00
David Garske
bfb6138fc5
Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow
...
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
2020-11-10 09:37:36 -08:00
Daniel Pouzzner
5625929c83
scripts/external.test: skip test when -UHAVE_ECC.
2020-11-10 01:27:45 -06:00
Daniel Pouzzner
196ae63eb2
scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible).
2020-11-10 00:03:02 -06:00
Daniel Pouzzner
bd38124814
ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount.
2020-11-09 21:24:34 -06:00
toddouska
3050f28890
Merge pull request #3467 from cconlon/rc2vs
...
rc2.c to Visual Studio projects, fix warnings
2020-11-09 13:52:03 -08:00
David Garske
f02c3aab2e
Merge pull request #3475 from ejohnstown/nsup
...
Hush Unused Param Warning
2020-11-09 11:04:05 -08:00