Commit Graph

12718 Commits

Author SHA1 Message Date
David Garske 508ba85b69 Fixes for SP math only with ECC check key. Fix SP math when loading an ECC public only and calling wc_ecc_check_key. Fix for missing ecc_check_privkey_gen with SP math only. Applies to: /configure --enable-sp --enable-sp-math CFLAGS="-DWOLFSSL_VALIDATE_ECC_IMPORT". 2020-11-17 08:13:08 -08:00
Chris Conlon 4e37036cba Merge pull request #3499 from ethanlooney/31st_branch
Added blake2s unit tests
2020-11-16 09:37:31 -07:00
JacobBarthelmeh 4efbb2fc70 Merge pull request #3418 from cconlon/zd11003
PKCS#7: check PKCS7 VerifySignedData content length against total bundle size
2020-11-16 18:14:41 +07:00
David Garske e9f0cb234b Merge pull request #3425 from haydenroche5/cmake
CMake improvements
2020-11-14 08:35:54 -08:00
Ethan Looney 0541a59edd Added blake2s unit tests 2020-11-13 14:43:50 -07:00
David Garske d4e1340027 Merge pull request #3486 from douzzer/refactor-gccish-macros
sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions
2020-11-13 09:26:00 -08:00
Hayden Roche 8f6c21d600 CMake improvements.
- Begin adding options to enable/disable different features.
- Increase minimum CMake version to 3.2.
- Support installation of the built files.
- Add checks for necessary include files, functions etc.
- Generate options.h and config.h.
- Use GNUInstallDirs to support installation, which is designed to be somewhat
  cross-platform.
- Export wolfssl CMake target during installation, so others using CMake can
  link against wolfssl easily.
- Disallow in-source builds.
- Place the generation of BUILD_* flags (controlled with AM_CONDITIONALs
  in configure.ac) in a separate function in functions.cmake,
  generate_build_flags.
- Implement the logic to conditionally add source files from
  src/include.am in a function in functions.cmake, generate_lib_src_list.
- Exclude tls_bench from Windows. Doesn't compile with MSVC. WIP.
- Update INSTALL with latest CMake build instructions.
- Add a cmake/include.am to ensure CMake files get added to the distribution.
2020-11-13 11:25:04 -06:00
David Garske 7f559b1d1a Merge pull request #3487 from ejohnstown/sbf
Scan-Build Fixes
2020-11-13 09:24:17 -08:00
John Safranek 28be1d0cb3 Scan-Build Fixes
1. Fix some potential uninitialized pointer errors in the functions sp_RsaPublic_2048, sp_RsaPublic_3072, and sp_RsaPublic_4096 for small stack builds.

To recreate:
    $ scan-build ./configure --enable-sp=small --enable-smallstack --enable-smallstackcache CPPFLAGS="-DECC_CACHE_CURVE -DHAVE_WOLF_BIGINT"
2020-11-12 20:58:25 -08:00
John Safranek 1e348b991d Scan-Build Fixes
1. Fix a potential dereference of NULL pointer.

To recreate:
    $ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
2020-11-12 20:58:17 -08:00
Chris Conlon 53c6698678 Merge pull request #3445 from kojo1/EVP-gcm
set tag for zero inl case
2020-11-12 15:49:45 -07:00
Chris Conlon 735fb19ea9 break out on error parsing PKCS#7 SignedData inner OCTET_STRING 2020-11-12 15:44:25 -07:00
David Garske b931b1bd4d Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning. 2020-11-12 12:51:41 -08:00
John Safranek 38867ae2bf Scan-Build Fixes
1. Added a check to see if the "d" in sp_div() ended up with a negative used length. Return error if so.

To recreate:
    $ scan-build ./configure --enable-sp --enable-sp-asm --enable-sp-math
2020-11-12 10:24:11 -08:00
John Safranek e996a7d15b Scan-Build Fixes
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.

To recreate:
    $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
    $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
2020-11-12 09:06:59 -08:00
David Garske c7bb602a30 Merge pull request #3482 from douzzer/scan-build-fixes-20201110
scan-build fixes -- 1 null deref, 34 unused results
2020-11-12 07:45:45 -08:00
toddouska d3e3b21c83 Merge pull request #3393 from dgarske/zd11104
Fix for TLS ECDH (static DH) with non-standard curves
2020-11-11 14:22:37 -08:00
toddouska 197c85289b Merge pull request #3468 from SparkiDev/sp_c_mul_d
SP C32/64 mul_d: large div needs mul_d to propagate carry
2020-11-11 14:06:25 -08:00
Daniel Pouzzner f96fbdb7d1 sha256.c/sha512.c: refactor 4 instances of gccism ({}) to WC_INLINE functions. 2020-11-11 13:44:26 -06:00
Daniel Pouzzner 5fe1586688 fix 34 deadcode.DeadStores detected by llvm11 scan-build. 2020-11-11 13:04:14 -06:00
JacobBarthelmeh fe2dcf76fe Merge pull request #3413 from cconlon/zd11011
PKCS#7: check PKCS7 SignedData private key is valid before using it
2020-11-11 22:55:03 +07:00
Takashi Kojo d7ea8b953b fold long lines 2020-11-11 08:43:16 +09:00
Takashi Kojo eab3bf9ab4 Add a test case for zero len plain text 2020-11-11 08:43:16 +09:00
Takashi Kojo 417ff1b0f2 set tag for zero len case 2020-11-11 08:43:16 +09:00
David Garske 68209f91fb Merge pull request #3465 from kaleb-himes/DOX_UPDATE_wc_RsaPublicEncrypt
Address report on issue #3161
2020-11-10 14:52:20 -08:00
David Garske fcd73135f5 Merge pull request #3479 from tmael/ocsp_NULL
Check <hash> input parameter in GetCA
2020-11-10 14:46:05 -08:00
Daniel Pouzzner 958fec3b45 internal.c:ProcessPeerCerts(): fix a core.NullDereference detected by llvm9 and llvm11 scan-builds. 2020-11-10 16:40:28 -06:00
Chris Conlon 7b50cddf8c Merge pull request #3387 from ethanlooney/27th_branch
Added unit test for evp.c
2020-11-10 13:27:33 -07:00
David Garske 8645e9754e Only set ssl->ecdhCurveOID if not already populated. 2020-11-10 09:47:38 -08:00
David Garske 1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske fa1af37470 Fix for FIPS ready CAVP tests. For now it requires ECC 192-bit. 2020-11-10 09:47:37 -08:00
David Garske 5de80d8e41 Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske b13848e568 Fix tests to handle ECC < 224 not enabled. 2020-11-10 09:47:37 -08:00
David Garske 6bd98afdd0 Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined. 2020-11-10 09:47:37 -08:00
David Garske c697520826 Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits. 2020-11-10 09:47:36 -08:00
David Garske 62dca90e74 Fix for server-side reporting of curve in wolfSSL_get_curve_name if client_hello includes ffdhe, but ECC curve is used. 2020-11-10 09:47:36 -08:00
David Garske d7dee5d9e6 Fix for ECC minimum key size, which is 112 bits. 2020-11-10 09:47:36 -08:00
David Garske 6ac1fc5cff Fix include.am typo. 2020-11-10 09:47:36 -08:00
David Garske 10f459f891 Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256. 2020-11-10 09:47:36 -08:00
David Garske fb9ed686cb Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available). 2020-11-10 09:47:36 -08:00
David Garske 045fc4d686 Fixes to support overriding minimum key sizes for examples. 2020-11-10 09:47:36 -08:00
David Garske bfb6138fc5 Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
2020-11-10 09:37:36 -08:00
Daniel Pouzzner 5625929c83 scripts/external.test: skip test when -UHAVE_ECC. 2020-11-10 01:27:45 -06:00
Daniel Pouzzner 196ae63eb2 scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible). 2020-11-10 00:03:02 -06:00
Daniel Pouzzner bd38124814 ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount. 2020-11-09 21:24:34 -06:00
toddouska 3050f28890 Merge pull request #3467 from cconlon/rc2vs
rc2.c to Visual Studio projects, fix warnings
2020-11-09 13:52:03 -08:00
David Garske f02c3aab2e Merge pull request #3475 from ejohnstown/nsup
Hush Unused Param Warning
2020-11-09 11:04:05 -08:00
Daniel Pouzzner 4b1a779fcc tests: fix for fips-test -Wunused-variable on "rng" 2020-11-09 11:54:49 -06:00
David Garske 7e3efa3792 Merge pull request #3474 from douzzer/lighttpd-update-1.4.56
lighttpd support update for v1.4.56
2020-11-09 09:24:58 -08:00
Tesfa Mael a5caf1be01 Check for NULL 2020-11-09 08:45:48 -08:00