PEM example converts PEM to DER and DER to PEM.
Supports encrypting DER and writing out as PEM.
Added better support for 40-bit RC2-CBC PBE.
Added AES-128-CBC encryption support with PKCS#5v2.
Fixed handling of iterations to support writing 24-bit values.
Declared enum types for pass to PKCS#8 encryption APIs.
Add more DER and PEM files to certs directory.
Add testing of 'pem' with pem.test script.
Importing an EC point ordinate with one being zero will result in
different errors based on different implementations. Check both known
error codes.
Benchmark usage fixed.
bio.c:
wolfSSL_BIO_flush(): check allocation to bio->ip succeeded.
internal.c:
InitSSL_Ctx(): set ctx->heap to heap if value passed in
ProcessPeerCerts(): check for error MEMORY_E too as a fatal parsing
error
ssl.c:
wolfSSL_shutdown(): SOCKET_ERROR_E is also an indication that the
socket is done, MEMORY_E is a fatal error
wolfSSL_Cleanup(): move free of memory fail couting to wolfSSL API
SessionTicketNoncePrealloc(): eror return must be non-zero
AddSessionToCache(): XFREE checks for NULL no need to do it before
call
wolfSSL_set_psk_use_session_callback(): ensure ssl is not NULL before
dereferencing
wolfSSL_SMIME_read_PKCS7(): check for error return from
wolfSSL_BIO_gets()
asn.c:
wc_MIME_parse_headers(): check allocation succeeded into nextHdr
compress.c:
wc_DeCompressDynamic(): free tmp on inflateInit2 failure
memory.c: rework where memory allocation failure counting code for when
WOFLSSL_STATIC_MEMORY is defined
wc_port.c:
wolfCrypt_Cleanup(): only call wc_MemFailCount_Free() when no
wolfSSL_Cleanup()
Changed EXPECT_DECL to start of as TEST_SKIPPED.
Modified other EXPECT macros appropriately.
Change test functions to not use 'res' when EXPECT_DECL is used.
memory.c:
wc_MemFailCount_Init(): don't declare variable after a statement
conf.c:
wolfSSL_TXT_DB_read(): free the whole WOLFSSL_TXT_DB on failure
instead of just the memory
wolfSSL_CONF_add_string(): pop the value added into section->value
(sk) if it can't be pushed onto conf->data
wolfSSL_NCONF_load(): free the new value if it wasn't able to be added
ocsp.c:
wolfSSL_OCSP_cert_to_id():
free the decoded certificate if parsing failed (is freed after use
otherwise)
free the certificate id on failure and make it NULL and continue
freeing other variables
pk.c:
wolfSSL_RSA_set0_crt_params(): set dmp1, dmq1 and iqmp fields to NULL
if setting the internal failed - returns error and caller needs to free
the passed in BNs
wolfSSL_RSA_set0_factors(): set p and q fields to NULL if setting the
internal failed - returns error and caller needs to free the passed in
BNs
wolfSSL_RSA_set0_key(): set n, e abd d fields to NULL if setting the
internal failed - returns error and caller needs to free the passed in
BNs
x509.c:
wolfSSL_X509_set_serialNumber(): explicit NULL
checkwolfSSL_X509_REQ_add1_attr_by_NID(): check whether push succeeded
and on failure free attribute
asn.c:
ConfirmSignature(): for DSA, allocate separately to ensure no leak on
memory allocation failure.
dh.c:
wc_DhGenerateParams(): ensure tmp and tmp2 are able to be cleared on
error
evp.c:
wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(): fix realloc use to no leak on
failure
wolfSSL_EVP_CIPHER_CTX_iv_length(): handle ctx being NULL.
The modular exponentiation implementations in sp_int.c and tfm.c are not
safe when using Encrypted Memory.
Cannot have two pieces of memory where one changes and the other doesn't
based on private value.
Use extra variable to hold the two new values and assign them both back
at the same time in a safe manner.
Alternative implementations used when WC_PROTECT_ENCRYPTED_MEM is
defined.
