Commit Graph

6884 Commits

Author SHA1 Message Date
David Garske a4ffe085a0 Merge pull request #6052 from rizlik/fix_ret_create
fix: propagate WOLFSSL_TICKET_RET_CREATE from DoDecryptTicket()
2023-02-03 17:32:26 -08:00
David Garske 1027c0667a Merge pull request #6049 from SparkiDev/sp_int_used_size
SP int: make used and size fields unsigned
2023-02-03 09:38:40 -08:00
Marco Oliverio a2bf82397a fix: propagate WOLFSSL_TICKET_RET_CREATE from DoDecryptTicket() 2023-02-03 17:33:24 +00:00
Sean Parkinson 3455e726f9 SP int: make used and size fields unsigned
used and size have no reason to be negative - change type.
Change code to match unsigned change. Mostly change variables to be
unsigned where possible.
integer.c: Only have mp_rand_prime available when needed and
mp_prime_is_prime_ex is available.
Fixes from regression testing.
2023-02-03 17:09:56 +10:00
David Garske ef266d7e0b Merge pull request #6047 from SparkiDev/refinc_ret_check
Ref counting: rework for static analysers
2023-02-02 18:46:34 -08:00
Sean Parkinson f6da3a26ac Ref counting: rework for static analysers
When always reference counting APIs always return 0 don't check return
value for error.
Reference decrement set isZero to false on error.
2023-02-03 10:13:32 +10:00
John Safranek ca999f932c SRTP Marshaling
1. Changed the loop over the SRTP setting bitfield when it is encoded
   for the TLS extension.
2023-02-02 14:51:12 -08:00
Sean Parkinson 447991a9c2 Merge pull request #5949 from JacobBarthelmeh/Testing
add pragram around sanity check for vcpkg build warning
2023-02-02 10:34:14 +10:00
Daniel Pouzzner 38c057a084 fix resource leak (missing calls to wc_AesFree()) in wolfSSL_EVP_CIPHER_CTX_cleanup();
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;

fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();

fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);

fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());

also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
2023-02-01 00:49:34 -06:00
David Garske 9defb9a356 Merge pull request #6035 from gojimmypi/PK_SSL_init_vars
Initialize `OPENSSL_ALL` local size / length / type vars
2023-01-31 09:09:18 -08:00
David Garske 934d8e274f Merge pull request #5926 from SparkiDev/openssl_ec_api_rework
EC OpenSSL compat: rework EC API
2023-01-31 09:08:26 -08:00
gojimmypi b10adae48f Initialize OPENSSL_ALL local size / length / type vars 2023-01-30 17:30:56 -08:00
Sean Parkinson 7691cd4b45 EC OpenSSL compat: rework EC API
Reworked the implementations of the EC APIs including:
wolfSSL_EC_curve, wolfSSL_EC_METHOD, wolfSSL_EC_GROUP,
wolfSSL_EC_POINT, wolfSSL_EC_KEY, wolfSSL_ECDSA_SIG, wolfSSL_ECDSA and
wolfSSL_ECDH.

Added support for EC parameters to PEM decoding.

EccEnumToNID() moved out of wolfCrypt - it maps NIDs defined in
wolfssl/openssl/ec.h to those in wolfssl/wolfcrypt/ecc.h.
Moved wc_OBJ_sn2nid() out of wolfCrypt - implementation uses
EccEnumToNID().

Changed reference counding to use wolfSSL_Ref.

Added tests to api.c that increase coverage of EC APIs.
2023-01-31 10:19:57 +10:00
Anthony Hu 242dcb0141 Closing and opening scope around case statement.
Related: ZD 15451
2023-01-30 13:45:03 -05:00
Sean Parkinson 53dfcd00e2 Ref count: change to use wolfSSL_Ref
Data structures changed:
WOLFSSL_CERT_MANAGER, WOLFSSL_CTX, WOLFSSL_SESSION, WOLFSSL_X509,
WOLFSSL_X509, WOLFSSL_EVP_PKEY, WOLFSSL_BIO, WOLFSSL_X509_STORE
2023-01-23 16:29:12 +10:00
Daniel Pouzzner aa776057ff fixes: shellcheck gripes on Docker/OpenWrt/runTests.sh; null pointer derefs and duplicate tests and assigns in src/tls.c and wolfcrypt/src/hpke.c found by cppcheck (nullPointerRedundantCheck, identicalInnerCondition, duplicateAssignExpression). 2023-01-21 00:51:57 -06:00
Daniel Pouzzner d711e4b9f8 Merge pull request #5995 from jpbland1/ech-no-recursion
stop ech from using a recursive function call
2023-01-20 23:47:22 -06:00
tmael 9d73c197e6 Move X509_V errors from enums to defines for HAProxy CLI (#5901)
* Move X509_V errors to openssl/ssl.h

* Have X509_V define errors in wolfssl/ssl.h

* Refactor X509_V errors

* Add wolfSSL_SESSION_set1_id_*

* Fix overlong line
2023-01-20 17:50:26 -08:00
John Bland d14d29e32a stop ech from using a recursive function call
update bad return value for when retry_configs is returned, add locks around hkdf functions for private key use
2023-01-20 18:37:19 -05:00
JacobBarthelmeh fc19aed8c8 Merge pull request #5623 from dgarske/hpke
Adds support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption)
2023-01-19 10:03:28 -07:00
David Garske 6b6ad38e4f Adds support for TLS v1.3 Encrypted Client Hello (ECH) draft-ietf-tls-esni) and HPKE (Hybrid Public Key Encryption) RFC9180. 2023-01-18 11:37:27 -08:00
David Garske 41c35b1249 Fix line length and whitespace issues. Fix macro argument missing parentheses. 2023-01-18 11:10:19 -08:00
Juliusz Sosinowicz 50cb3a7b8c Address code review 2023-01-18 09:55:33 -08:00
Juliusz Sosinowicz 0e662dea6e TLSX_SetSignatureAlgorithms: free sa when TLSX_Push fails 2023-01-18 09:55:33 -08:00
Juliusz Sosinowicz 281bb32edf DtlsMsgCreateFragBucket: heap param might be unused 2023-01-18 09:55:33 -08:00
Juliusz Sosinowicz a58e83847e Don't allocate Suites object on renegotiation 2023-01-18 09:55:33 -08:00
Juliusz Sosinowicz 2f63fdc6ce Allocate CTX->suites in InitSSL when not already allocated 2023-01-18 09:55:33 -08:00
Juliusz Sosinowicz 5b8026899b Refactor SigAlgs to use a custom struct that can override ssl->suites 2023-01-18 09:55:32 -08:00
Juliusz Sosinowicz e431688ca6 ssl->suites: use ssl->ctx->suites when possible
- Allocate ssl->suites when necessary for the WOLFSSL object to have its own instance. Use AllocateSuites() to allocate the object.
- Move cipher negotiation options from Suites into Options

ZD15346
2023-01-18 09:55:32 -08:00
Sean Parkinson b15bc3d236 Merge pull request #5977 from dgarske/kcapi_opensslextra
Fixes for building KCAPI with opensslextra enabled
2023-01-17 02:13:50 +10:00
Juliusz Sosinowicz b01e42a96c Merge pull request #5970 from ejohnstown/dtls-seq
DTLS Handshake Sequence
2023-01-16 07:39:53 -08:00
David Garske fec4fe6095 Fixes for building KCAPI with opensslextra enabled. 2023-01-13 16:33:55 -08:00
John Safranek af379f0a0f DTLS Handshake Sequence
The DTLS server needs to save the message_seq number of the client
hello for use in both the hello verify request in the stateless start
and for the server hello. Move the stashing of the value earlier in
DoClientHello(). (Issue #5224)
2023-01-12 20:43:05 -08:00
David Garske b2d8b1c2fd Merge pull request #5954 from JacobBarthelmeh/Compatibility-Layer
very basic support for public key types in cipher list string with '+'
2023-01-09 15:46:50 -08:00
John Safranek 86aa3cc836 Merge pull request #5942 from bandi13/evpaesccm
Evpaesccm
2023-01-06 11:25:37 -08:00
JacobBarthelmeh 99a489dec3 improve test and handling of public key type cipher suite string 2023-01-06 09:53:51 -08:00
Daniel Pouzzner d44130d807 src/ssl.c: revert 2c2740d0dc, as it duplicates optimizer functionality, and produces bugprone-sizeof-expression on clang-tidy and sizeofwithnumericparameter on cppcheck. 2023-01-05 18:40:51 -06:00
JacobBarthelmeh 10c324e9ad Merge pull request #5953 from anhu/wolfSSL_CertManagerLoadCABuffer_ex
Add wolfSSL_CertManagerLoadCABuffer_ex()
2023-01-05 15:20:58 -07:00
JacobBarthelmeh ab33788cdb treat ECDHE,RSA cipher suite list as mixed TLS 1.3 and pre TLS 1.3 2023-01-05 13:48:34 -08:00
Anthony Hu 5de817b0c1 Add wolfSSL_CertManagerLoadCABuffer_ex()
Also add unit tests.
2023-01-05 15:34:13 -05:00
tim-weller-wolfssl 2c2740d0dc Update comparison of WOLFSSL_BN_ULONG value to MP_MASK to include check for potential type size differences which can lead to pointless-comparison warnings with IAR tools 2023-01-04 17:35:46 -06:00
JacobBarthelmeh a3e085f204 very basic support for public key types in cipher list string with '+' 2023-01-04 10:49:18 -08:00
JacobBarthelmeh 114471d6cf add pragram around sanity check for vcpkg build warning 2023-01-03 15:23:43 -08:00
David Garske 023db01aca * Fixed some build configuration variations.
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
2023-01-03 10:59:59 -08:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Andras Fekete 1192d41f0e First successful implementation of EVP_aes_*_ccm 2022-12-29 17:02:43 -05:00
Andras Fekete 27b5ac421e Use the actual size of the structure 2022-12-29 17:02:43 -05:00
David Garske 5c0abfd7ad Merge pull request #5936 from embhorn/zd15400
Fix unguarded XFPRINTF calls
2022-12-28 12:47:19 -08:00
Eric Blankenhorn 004705b38f Fix unguarded XFPRINTF calls 2022-12-28 12:23:40 -06:00
Chris Conlon aadce3af9c Merge pull request #5930 from miyazakh/subscript_has_char 2022-12-28 10:18:43 -07:00