wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 14:42:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,888 Commits 12 Branches 184 Tags
4bc04673d1466a72bde576f6b68c07f2d2c49e2a
Commit Graph

7936 Commits

Author SHA1 Message Date
Daniel Pouzzner
4bc04673d1 suppress 4 uninitvar warnings, all associated with passing partially written arrays (true but benign positives). newly detected by cppcheck 2.14.2. 2024-07-18 17:22:17 -05:00
Daniel Pouzzner
c36ab59f24 fixes for defects identified by nightly testing: 
* ecc.c: in wc_ecc_free(), fix gating around handling for key->sign_k to resolve memory leak, and in wc_ecc_gen_deterministic_k(), fix -Wconversion.

* test.c: add missing mp_free()s to ecdsa_test_deterministic_k_rs() and ecc521_test_deterministic_k().

* wc_HashType: change several occurrences of int to enum wc_HashType, including ecc_key.hashType and API wc_ecc_set_deterministic_ex(), to resolve C++ warnings.

* fixes for various C++ warnings/errors in crypto and TLS layers and test and benchmark code -- implicit casts, negative initializers for unsigned type, jumped initializers, and missing enums in switch()es.
 2024-07-17 18:07:08 -05:00
Daniel Pouzzner
ee7748f2e3 PR7648 20240418-exosip-apis peer review: 
* tweak typography;
* move wolfSSL_i2d_X509_PUBKEY() from ssl.c to x509.c;
* in asn.h, add !NO_ASN_OLD_TYPE_NAMES macros to remap old names (ISSUER, SUBJECT, BEFORE, AFTER) by default unless the macros are already defined.
 2024-07-16 19:12:19 -05:00
Daniel Pouzzner
9023aeef75 BIO/wolfio: refactor TranslateReturnCode(), wolfSSL_LastError(), and TranslateIoError() into complete+consistent wolfSSL_LastError() and TranslateIoReturnCode(), handling all special cases correctly, and correctly returning WOLFSSL_CBIO_ERR_WANT_WRITE and WOLFSSL_CBIO_ERR_TIMEOUT. use TranslateIoReturnCode() directly in wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), wolfIO_SendTo(), and remove now-superfluous TranslateIoError() calls from EmbedReceive(), EmbedSend(), EmbedReceiveFrom(), EmbedSendTo(), EmbedReceiveFromMcast(). 2024-07-16 19:12:19 -05:00
Daniel Pouzzner
5298039d09 fixes from peer review: move OS-specific code from wolfSSL_BIO_read() and wolfSSL_BIO_write() to wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), and wolfIO_SendTo(); add SOCKET_ETIMEDOUT definitions to wolfio.h; misc cleanups. 2024-07-16 19:12:19 -05:00
Daniel Pouzzner
0c1163f01f src/bio.c: restore inadvertently removed update of bio->connected in wolfSSL_BIO_ctrl() case BIO_CTRL_DGRAM_SET_CONNECTED. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
1159fc333f src/bio.c: in wolfSSL_BIO_ADDR_size(), add missing gate on HAVE_SYS_UN_H for AF_UNIX. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
51c49b678e src/bio.c: fix gating for WOLFSSL_BIO_DGRAM handling. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
0a928ead3f address peer review around WOLFSSL_HAVE_BIO_ADDR: 
refactor housekeeping for bio->bytes_read and bio->bytes_write, and add WOLFSSL_BIO_HAVE_FLOW_STATS gate;

add WOLFSSL_BIO_FLAG_RETRY housekeeping for WOLFSSL_BIO_SOCKET and WOLFSSL_BIO_DGRAM;

refactor WOLFSSL_BIO.peer_addr to be inline rather than a pointer;

add wolfSSL_set_mtu_compat() and wolfSSL_CTX_load_verify_locations_compat() implementations;

enable WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_DTLS_MTU when OPENSSL_ALL.
 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
61eb6987d0 src/ssl.c: remove old version of wolfSSL_set_bio(). 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
62db3533ae wolfSSL_CTX_load_verify_locations(): set up with OpenSSL-compatible behavior (WOLFSSL_LOAD_FLAG_IGNORE_ERR). 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
2d370f3e4e wolfSSL_BIO_read(): return MEMORY_E if wolfSSL_BIO_ADDR_new() fails. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
7216a543dd checkpoint: complete test_wolfSSL_BIO_datagram(); fix some WOLFSSL_HAVE_BIO_ADDR gates to also gate on WOLFSSL_DTLS and OPENSSL_EXTRA; use DTLS_RECVFROM_FUNCTION, DTLS_SENDTO_FUNCTION, SOCKET_T, SOCKADDR, SOCKADDR_IN, and SOCKADDR_IN6 macros and types, and add SOCKADDR_UN type. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
bd7f7c8bdf checkpoint: add wolfSSL_BIO_ADDR_free to wolfSSL_BIO_free(); tweak EXPECT_SUCCESS() to tolerate TEST_SKIPPED; add WIP test_wolfSSL_BIO_datagram. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
29ec038aa6 checkpoint: add WOLFSSL_BIO_ADDR, wolfSSL_BIO_ADDR_new(), wolfSSL_BIO_ADDR_free(), wolfSSL_BIO_ADDR_clear(), wolfIO_SendTo(), wolfIO_RecvFrom(); fix name of wolfSSL_BIO_s_datagram(). 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
08940866c3 checkpoint progress: add macro definitions for BIO_CTRL_DGRAM_SET_CONNECTED, BIO_CTRL_DGRAM_SET_PEER, WOLFSSL_MULTI_LABEL_WILDCARDS, WOLFSSL_MULTI_LABEL_WILDCARDS, NID_id_GostR3410_2001, NID_id_GostR3410_2012_256, NID_id_GostR3410_2012_512; fix flag arithmetic in wolfSSL_X509_check_host(); add compat macros for i2d_X509_PUBKEY, BIO_new_dgram. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
3f921e0a32 checkpoint progress: add wolfSSL_BIO_s_dgram, wolfSSL_BIO_new_dgram, WOLFSSL_BIO_DGRAM, and remove now-duplicate prototype and definition of wolfSSL_X509_STORE_get0_param. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
8468a70b72 add wolfSSL_i2d_X509_PUBKEY, wolfSSL_X509_VERIFY_PARAM_lookup, and wolfSSL_X509_STORE_get0_param, and make wolfSSL_X509_VERIFY_PARAM_inherit a public API; add macros to openssl compat layer: DTLS_client_method, DTLS_server_method, X509_VERIFY_PARAM_lookup, X509_VERIFY_PARAM_inherit, X509_STORE_get0_param; add "const char *name" slot to struct WOLFSSL_X509_VERIFY_PARAM to support wolfSSL_X509_VERIFY_PARAM_lookup. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
1e7810153f add wolfSSL_set_rbio, wolfSSL_set_wbio, wolfSSL_BIO_number_read, wolfSSL_BIO_number_written, and compat layer shim macros SSL_set0_rbio, SSL_set0_wbio, BIO_number_read, BIO_number_written, BIO_reset. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
41efa0492c add ASN_ prefixes to ISSUER, SUBJECT, BEFORE, and AFTER enum constants defined in wolfssl/wolfcrypt/asn.h. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
198f4030e8 add stub implementations of wolfSSL_COMP_get_name(), wolfSSL_get_current_compression(), and wolfSSL_get_current_expansion(), and add compat layer shim macros for them. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner
685bfd1f9d add wolfSSL_get0_peername() and SSL_set_mtu(). 2024-07-16 19:12:18 -05:00
Sean Parkinson
f2f3a8273d Merge pull request #7732 from kaleb-himes/NUCLEUS-FIPS-SRTP-KDF 
Check-in Nucleus Plus 2.3 port work
 2024-07-16 09:37:15 +10:00
JacobBarthelmeh
baec0ced59 Merge pull request #7731 from ColtonWilley/zephyr_tls_support 
Changes needed for default TLS support in zephyr kernel
 2024-07-11 16:46:43 -06:00
Colton Willey
978456e39d Remove get cipher bytes from header 2024-07-11 14:51:38 -07:00
Colton Willey
7b089f548e Remove get cipher list bytes 2024-07-11 14:39:44 -07:00
Sean Parkinson
3cc7bbea67 Merge pull request #7737 from JacobBarthelmeh/staticmemory-singlethreaded 
fix for staticmemory and singlethreaded build
 2024-07-11 09:57:08 +10:00
JacobBarthelmeh
6703a58c51 fix for staticmemory and singlethreaded build 2024-07-10 09:44:10 -06:00
Sean Parkinson
fea7a89b86 Coverity fixes 
pk.c:
	EncryptDerKey - setting wrong ret value on allocation failure.
	wolfssl_rsa_generate_key_native - now checks e is a valid long
before passing in.
	Fix formatting.

ssl_load.c:
	ProcessBufferPrivPkcs8Dec - now checking password is not NULL
before zeroizing. Allocation may fail and ForceZero doesn't check for
NULL.
	Fix formatting.

tests/api.c:
	test_RsaSigFailure_cm - Check cert_sz is greater than zero
before use.
	send_new_session_ticket - assert that building the message
doesn't return error or 0.
	test_ticket_nonce_malloc - fix setting of medium and big to use
preprocessor. Fix big to be medium + 20.

asn.c:
	GetLength_ex - Fix type of bytes so that it can go negative.

sp_int.h:
	sp_clamp - add one to ii while it is a signed.
	Fix formatting.
 2024-07-10 11:40:48 +10:00
kaleb-himes
c333fdf545 Check-in Nucleus Plus 2.3 port work 2024-07-09 15:53:00 -06:00
Colton Willey
4ec07bb5a8 Changes needed for default TLS support in zephyr kernel 2024-07-09 12:00:34 -07:00
Daniel Pouzzner
780fd98f40 src/internal.c: in ProcessPeerCerts(), smallstack refactor of a span gated on HAVE_CERTIFICATE_STATUS_REQUEST_V2, to get DecodedCert off the stack. 2024-07-06 10:04:06 -05:00
Daniel Pouzzner
88af1a2932 fixes for Coverity #394680, #394682, #394693, #394712. 2024-07-05 20:42:32 -05:00
JacobBarthelmeh
b948f6797c account for negative return value, fixes coverity issue 394678 2024-07-05 15:34:28 -06:00
JacobBarthelmeh
f8eb0c3776 fix for coverity issue 394676 possible null dereference 2024-07-05 14:06:19 -06:00
JacobBarthelmeh
25d52dde3f fix coverity issue 367842 possible null dereference 2024-07-05 11:56:45 -06:00
JacobBarthelmeh
50a7243486 fix for coverity issue 394670 possible overflow 2024-07-05 11:53:19 -06:00
JacobBarthelmeh
8946e3fb4b Merge pull request #7702 from rizlik/ocspv2 
ocsp stapling improvements
 2024-07-05 10:29:25 -06:00
Marco Oliverio
053170613a fixup! csrv2multi: pending ca list 2024-07-05 15:26:41 +00:00
Marco Oliverio
3e58cfd864 fixup! ocsp: improvements 2024-07-04 10:21:20 +02:00
Marco Oliverio
fe932b893c fixup! csrv2multi: pending ca list 2024-07-04 10:21:20 +02:00
JacobBarthelmeh
1c23d2222c Merge pull request #7693 from philljj/zd18204 
Fixes ZD 18204: check hashsigalgo matches ssl suites.
 2024-07-03 17:12:43 -06:00
jordan
f7f3ba9c76 check hashsigalgo matches ssl suites on client side. 2024-07-03 11:59:18 -05:00
JacobBarthelmeh
6409b68b21 Merge pull request #7698 from dgarske/asan_compat_list 
Fix ASAN warning with compatibility layer cipher list parsing
 2024-07-02 17:12:38 -06:00
JacobBarthelmeh
a490d4fdf7 Merge pull request #7628 from SparkiDev/alert_after_ch 
TLS: wrong TLS version in alert after ClientHello
 2024-07-02 17:10:24 -06:00
Marco Oliverio
9222cb1304 ocsp: improvements 2024-07-02 09:51:34 +02:00
Marco Oliverio
b5206e8504 csrv2multi: pending ca list 2024-07-02 09:51:34 +02:00
Juliusz Sosinowicz
7814e4c264 DoCertificateStatus: Clean up logic in WOLFSSL_CSR2_OCSP_MULTI 2024-07-02 01:29:44 +02:00
Sean Parkinson
1e3f623ff3 Regression testing: fix compilation for unusual configs 
Disable ECC but have OPENSSL_EXTRA and curve25519 - fix #ifdef
protection in ssl.c.

tests/api.c:
SSL_SESSION_get_max_fragment_length is not available when no session
cache.
ASN1 APIs using generalized time disabled when NO_ASN_TIME defined so
disable tests.
 2024-07-01 21:52:56 +10:00
jordan
7dfef18cf4 Refactor unneeded PickHashSigAlgo_ex function. 2024-06-28 18:32:13 -05:00