Commit Graph

20 Commits

Author SHA1 Message Date
Tobias Frauenschläger 9a58301ab1 Fix PQC and hybrid certificate regressions
Due to recent changes in the logic to decode private keys and to parse
the TLS1.3 CertificateVerify message, some regressions regarding PQC
private keys and hybrid certificates have been introduced:
* Decoding PQC private keys fails as the PKCS8 header of a decoded DER
  file is now already removed before parsing the key.
* The key size wasn't properly stored in the context for PQC keys after
  decoding a certificate (always the maximum size)
* The two 16-bit size values in case of a hybrid signature in the
  CertificateVerify message have been incorrectly decoded as 32-bit
  values instead of 16-bit values. This resulted in wrong values,
  leading to segmentation faults.

All three regressions are fixed with the changes in this commit.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-05-23 16:01:28 +02:00
gojimmypi 84032fa24c Correct error message file name in ssl_load.c 2024-05-20 17:20:39 -07:00
jordan 040e0c956a Used codespell and fixed obvious typos. 2024-05-16 13:53:26 -05:00
gasbytes 2f24b35ab1 added check that checks if the SEQ's length is > than the buff's length 2024-05-15 18:20:33 +02:00
Andras Fekete a59a3d109f Explicit cast 2024-05-14 11:03:20 -04:00
Sean Parkinson b7eca574bb SSL/TLS: blind private key DER
When WOLFSSL_BLIND_PRIVATE_KEY is defined, blind the private key DER
encoding so that stored private key data is always changing.
2024-05-14 09:47:51 +10:00
Daniel Pouzzner 009ea6640b Merge pull request #7493 from SparkiDev/sm3_benchmark_fix
Benchmark, SM3: fix full hash testing
2024-05-13 19:22:22 -04:00
Andras Fekete e5a0c0d5bf Unused variable error 2024-05-13 13:18:20 -04:00
Sean Parkinson add7428d1c TLS, SM2: fixes to get SM handshakes working
Pass around the algorithm id from the private key so that the WOLFSSL or
WOLFSSL_CTX get the correct key format set.
Use different verification context when self-signed certificate with SM2
and SM3 signature but public key OID is ECC.
2024-05-10 10:15:47 +10:00
Daniel Pouzzner d53abc2e37 Merge pull request #7441 from kareem-wolfssl/zd17857
Allow using wolfSSL_CTX_set_default_verify_paths without WOLFSSL_SYS_CA_CERTS defined.
2024-05-09 00:38:04 -04:00
Sean Parkinson 41eaa8466d Mem fail fix: ProcessingBuffer()
When ProcessBufferCertTypes() is not called, 'der' is not freed.
2024-04-29 23:05:29 +10:00
Kareem c1f23cc505 Allow using wolfSSL_CTX_set_default_verify_paths without WOLFSSL_SYS_CA_CERTS defined. 2024-04-26 10:22:40 -07:00
Sean Parkinson 5bb22d8343 Merge pull request #7439 from JacobBarthelmeh/build_test
fix for WOLFSSL_NO_PEM build
2024-04-22 10:48:57 +10:00
Daniel Pouzzner 39e2405e2f src/ssl_load.c: fix double-free in wolfSSL_CTX_SetTmpDH(). 2024-04-19 11:43:32 -05:00
Daniel Pouzzner e48f06bd53 fixes for WOLFSSL_DUAL_ALG_CERTS: "cannot take address of bit-field ‘altKeyType’" and "‘altPrivateKeyType’" in ProcessBufferTryDecode(), "‘heap’ undeclared" in ProcessBufferCertAltPublicKey(), "‘consumed’ undeclared" in ProcessFile(), "‘keySz’ undeclared" in wolfSSL_CTX_use_PrivateKey_Id(). 2024-04-18 13:49:44 -05:00
JacobBarthelmeh 41f31f4635 Merge pull request #7440 from douzzer/20240417-fix-LoadSystemCaCertsWindows
20240417-fix-LoadSystemCaCertsWindows
2024-04-17 15:47:48 -06:00
Daniel Pouzzner 6e3a9d5447 src/ssl_load.c: in LoadSystemCaCertsWindows(), fix flub introduced in 8e9810e87e. 2024-04-17 13:24:26 -05:00
JacobBarthelmeh c2e60d523f fix for WOLFSSL_NO_PEM build 2024-04-17 11:16:18 -06:00
Daniel Pouzzner 3df11e7eab fixes for cppcheck uninitvar src/pk.c (false positives) and nullPointerRedundantCheck in src/ssl_load.c (true positive). 2024-04-17 01:00:41 -05:00
Sean Parkinson 8e9810e87e ssl.c: Move functions out to separate files
Moved E[CD][25519||448] APIs to pk.c
Move public key PEM APIs to pk.c.
Move wolfSSL loading and using of private keys and certificates to
ssl_load.c
Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c.
Move session and session cache APIs to ssl_sess.c.
Other minor fixes.
2024-04-16 10:30:59 +10:00