wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 06:52:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,715 Commits 12 Branches 184 Tags
4efbb2fc705ef553ed3a49af3d321d02f0320b90
Commit Graph

12715 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JacobBarthelmeh
4efbb2fc70 Merge pull request #3418 from cconlon/zd11003 
PKCS#7: check PKCS7 VerifySignedData content length against total bundle size
 2020-11-16 18:14:41 +07:00
David Garske
e9f0cb234b Merge pull request #3425 from haydenroche5/cmake 
CMake improvements
 2020-11-14 08:35:54 -08:00
David Garske
d4e1340027 Merge pull request #3486 from douzzer/refactor-gccish-macros 
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions
 2020-11-13 09:26:00 -08:00
Hayden Roche
8f6c21d600 CMake improvements. 
- Begin adding options to enable/disable different features.
- Increase minimum CMake version to 3.2.
- Support installation of the built files.
- Add checks for necessary include files, functions etc.
- Generate options.h and config.h.
- Use GNUInstallDirs to support installation, which is designed to be somewhat
  cross-platform.
- Export wolfssl CMake target during installation, so others using CMake can
  link against wolfssl easily.
- Disallow in-source builds.
- Place the generation of BUILD_* flags (controlled with AM_CONDITIONALs
  in configure.ac) in a separate function in functions.cmake,
  generate_build_flags.
- Implement the logic to conditionally add source files from
  src/include.am in a function in functions.cmake, generate_lib_src_list.
- Exclude tls_bench from Windows. Doesn't compile with MSVC. WIP.
- Update INSTALL with latest CMake build instructions.
- Add a cmake/include.am to ensure CMake files get added to the distribution.
 2020-11-13 11:25:04 -06:00
David Garske
7f559b1d1a Merge pull request #3487 from ejohnstown/sbf 
Scan-Build Fixes
 2020-11-13 09:24:17 -08:00
John Safranek
28be1d0cb3 Scan-Build Fixes 
1. Fix some potential uninitialized pointer errors in the functions sp_RsaPublic_2048, sp_RsaPublic_3072, and sp_RsaPublic_4096 for small stack builds.

To recreate:
    $ scan-build ./configure --enable-sp=small --enable-smallstack --enable-smallstackcache CPPFLAGS="-DECC_CACHE_CURVE -DHAVE_WOLF_BIGINT"
 2020-11-12 20:58:25 -08:00
John Safranek
1e348b991d Scan-Build Fixes 
1. Fix a potential dereference of NULL pointer.

To recreate:
    $ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
 2020-11-12 20:58:17 -08:00
Chris Conlon
53c6698678 Merge pull request #3445 from kojo1/EVP-gcm 
set tag for zero inl case
 2020-11-12 15:49:45 -07:00
Chris Conlon
735fb19ea9 break out on error parsing PKCS#7 SignedData inner OCTET_STRING 2020-11-12 15:44:25 -07:00
David Garske
b931b1bd4d Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning. 2020-11-12 12:51:41 -08:00
John Safranek
38867ae2bf Scan-Build Fixes 
1. Added a check to see if the "d" in sp_div() ended up with a negative used length. Return error if so.

To recreate:
    $ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
 2020-11-12 10:24:11 -08:00
John Safranek
e996a7d15b Scan-Build Fixes 
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.

To recreate:
    $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
    $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
 2020-11-12 09:06:59 -08:00
David Garske
c7bb602a30 Merge pull request #3482 from douzzer/scan-build-fixes-20201110 
scan-build fixes -- 1 null deref, 34 unused results
 2020-11-12 07:45:45 -08:00
toddouska
d3e3b21c83 Merge pull request #3393 from dgarske/zd11104 
Fix for TLS ECDH (static DH) with non-standard curves
 2020-11-11 14:22:37 -08:00
toddouska
197c85289b Merge pull request #3468 from SparkiDev/sp_c_mul_d 
SP C32/64 mul_d: large div needs mul_d to propagate carry
 2020-11-11 14:06:25 -08:00
Daniel Pouzzner
f96fbdb7d1 sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions. 2020-11-11 13:44:26 -06:00
Daniel Pouzzner
5fe1586688 fix 34 deadcode.DeadStores detected by llvm11 scan-build. 2020-11-11 13:04:14 -06:00
JacobBarthelmeh
fe2dcf76fe Merge pull request #3413 from cconlon/zd11011 
PKCS#7: check PKCS7 SignedData private key is valid before using it
 2020-11-11 22:55:03 +07:00
Takashi Kojo
d7ea8b953b fold long lines 2020-11-11 08:43:16 +09:00
Takashi Kojo
eab3bf9ab4 Add a test case for zero len plain text 2020-11-11 08:43:16 +09:00
Takashi Kojo
417ff1b0f2 set tag for zero len case 2020-11-11 08:43:16 +09:00
David Garske
68209f91fb Merge pull request #3465 from kaleb-himes/DOX_UPDATE_wc_RsaPublicEncrypt 
Address report on issue #3161
 2020-11-10 14:52:20 -08:00
David Garske
fcd73135f5 Merge pull request #3479 from tmael/ocsp_NULL 
Check <hash> input parameter in GetCA
 2020-11-10 14:46:05 -08:00
Daniel Pouzzner
958fec3b45 internal.c:ProcessPeerCerts(): fix a core.NullDereference detected by llvm9 and llvm11 scan-builds. 2020-11-10 16:40:28 -06:00
Chris Conlon
7b50cddf8c Merge pull request #3387 from ethanlooney/27th_branch 
Added unit test for evp.c
 2020-11-10 13:27:33 -07:00
David Garske
8645e9754e Only set ssl->ecdhCurveOID if not already populated. 2020-11-10 09:47:38 -08:00
David Garske
1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske
fa1af37470 Fix for FIPS ready CAVP tests. For now it requires ECC 192-bit. 2020-11-10 09:47:37 -08:00
David Garske
5de80d8e41 Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske
b13848e568 Fix tests to handle ECC < 224 not enabled. 2020-11-10 09:47:37 -08:00
David Garske
6bd98afdd0 Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined. 2020-11-10 09:47:37 -08:00
David Garske
c697520826 Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits. 2020-11-10 09:47:36 -08:00
David Garske
62dca90e74 Fix for server-side reporting of curve in wolfSSL_get_curve_name if client_hello includes ffdhe, but ECC curve is used. 2020-11-10 09:47:36 -08:00
David Garske
d7dee5d9e6 Fix for ECC minimum key size, which is 112 bits. 2020-11-10 09:47:36 -08:00
David Garske
6ac1fc5cff Fix include.am typo. 2020-11-10 09:47:36 -08:00
David Garske
10f459f891 Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256. 2020-11-10 09:47:36 -08:00
David Garske
fb9ed686cb Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available). 2020-11-10 09:47:36 -08:00
David Garske
045fc4d686 Fixes to support overriding minimum key sizes for examples. 2020-11-10 09:47:36 -08:00
David Garske
bfb6138fc5 Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow 
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
 2020-11-10 09:37:36 -08:00
Daniel Pouzzner
5625929c83 scripts/external.test: skip test when -UHAVE_ECC. 2020-11-10 01:27:45 -06:00
Daniel Pouzzner
196ae63eb2 scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible). 2020-11-10 00:03:02 -06:00
Daniel Pouzzner
bd38124814 ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount. 2020-11-09 21:24:34 -06:00
toddouska
3050f28890 Merge pull request #3467 from cconlon/rc2vs 
rc2.c to Visual Studio projects, fix warnings
 2020-11-09 13:52:03 -08:00
David Garske
f02c3aab2e Merge pull request #3475 from ejohnstown/nsup 
Hush Unused Param Warning
 2020-11-09 11:04:05 -08:00
Daniel Pouzzner
4b1a779fcc tests: fix for fips-test -Wunused-variable on "rng" 2020-11-09 11:54:49 -06:00
David Garske
7e3efa3792 Merge pull request #3474 from douzzer/lighttpd-update-1.4.56 
lighttpd support update for v1.4.56
 2020-11-09 09:24:58 -08:00
Tesfa Mael
a5caf1be01 Check for NULL 2020-11-09 08:45:48 -08:00
Daniel Pouzzner
22bcceb2d3 src/sniffer.c: guard against null arguments to TraceSetNamedServer(), to eliminate -Werror=format-overflow= warnings from gcc. 2020-11-06 17:40:12 -06:00
Chris Conlon
c0c452b0a1 reset content length in PKCS7_VerifySignedData for multiPart OCTET_STRING bundles 2020-11-06 16:36:58 -07:00
Kaleb Himes
937a7ce8ce Merge pull request #3448 from dgarske/crypto_cb 
Improve the crypto callback for ASN
 2020-11-06 15:26:11 -07:00