Commit Graph

19145 Commits

Author SHA1 Message Date
David Garske 6ea3fe2f7a Merge pull request #6089 from kaleb-himes/stunnel-5_67_support_fix
Fix unused variable warning when configuring with --enable-apachehttpd
2023-02-15 08:39:30 -08:00
Sean Parkinson 089ef86587 Merge pull request #6090 from douzzer/20230214-mollify-iso-c-pedantic
20230214-mollify-iso-c-pedantic
2023-02-15 17:04:07 +10:00
Daniel Pouzzner ca87a99646 src/ssl.c and src/x509.c: use the customary function pointers (WOLFSSL_CRYPTO_EX_*()), not void *, in the arg lists of wolfSSL_CTX_get_ex_new_index() and wolfSSL_X509_get_ex_new_index(), to avoid "ISO C forbids passing argument ... between function pointer and ‘void *’";
move typedefs for WOLFSSL_CRYPTO_EX_*() from wolfssl/openssl/compat_types.h to wolfssl/wolfcrypt/types.h, grouped with the other EX_DATA-related typedefs, as they are needed whenever defined(HAVE_EX_DATA) regardless of openssl compatness;

properly gate wolfSSL_CTX_get_ex_new_index() and wolfSSL_X509_get_ex_new_index() prototypes on defined(HAVE_EX_DATA).
2023-02-14 19:28:40 -06:00
Kaleb Himes dead56b3cb Merge pull request #6086 from julek-wolfssl/explicit-rwlock
Make rwlock an explicit enable option
2023-02-14 15:04:13 -07:00
kaleb-himes 2719943ffd Fix unused variable warning when configuring with --enable-apachehttpd 2023-02-14 14:25:57 -07:00
Juliusz Sosinowicz 0cedc4e1ac stunnel 5.67 support (#6020)
* stunnel 5.67 support

- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
  - Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
  - Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION

* Upref the session for stunnel instead of duplicating it

* Add small stack option for wolfSSL_parse_cipher_list
2023-02-14 09:38:28 -08:00
tmael c4fa013800 Fix for BIO_reset() (#5887)
* Fix for BIO_reset
* Introduced BIO_FLAGS_MEM_RDONLY
2023-02-14 08:54:25 -08:00
Juliusz Sosinowicz bcfd5fb66b Make rwlock an explicit enable option 2023-02-14 13:55:59 +01:00
Sean Parkinson 2fe34facba Merge pull request #6084 from philljj/zd15607
Check keyLen matches cipher in wolfSSL_CMAC_Init.
2023-02-14 12:51:20 +10:00
David Garske 6e21b8c907 Merge pull request #6085 from anhu/env_shell
Invoke shell for shell scripts.
2023-02-13 14:53:47 -08:00
gojimmypi ed79545a27 Espressif examples run with local wolfSSL (no setup!) (#6018)
* Espressif examples run with local wolfSSL (no setup!)
* include.am Espressif local no-setup component files
* cleanup Espressif Example CMakeLists.txt, use function
* multiple wolfSSL installs is now a fatal Espressif build error
* Examples no longer need setup
* CompileAll builds local examples, not IDF_PATH ones
* Espressif compileAllExamples both local & ESP-IDF components
* add wolfssl_test_idf test project
* move VisualGDB projects to subdirectories
* move VisualGDB wolfssl_server to subdirectory
* update include.am for moved VisualGDB project files
2023-02-13 14:37:56 -08:00
David Garske 6877c98d82 Merge pull request #6081 from douzzer/20230211-wolfcrypttest-fixes
20230211-wolfcrypttest-fixes
2023-02-13 14:28:43 -08:00
Anthony Hu eedc8fa0b3 Invoke shell for shell scripts. 2023-02-13 15:58:15 -05:00
Daniel Pouzzner a945017a88 wolfcrypt/test/test.c: around ecc_ctx_kdf_salt_test(): fix fips gating, fix length handling for "message", fix memory leaks;
in crypto_ecc_verify(), crypto_ecc_sign(), ecc_test_nonblock_dhe(), and ecc_test_nonblock_ecdsa(), add codepoint-specific retvals.
2023-02-13 14:21:50 -06:00
David Garske 405b98aaa4 Merge pull request #6078 from SparkiDev/rsapss_openssl_compat
X509 RSA PSS: fixes for OpenSSL compat layer
2023-02-13 08:43:10 -08:00
Daniel Pouzzner 295da3232a Merge pull request #6082 from SparkiDev/asn_dsa_mp_int_leak
ASN template, DSA: Clear the mp_int before re-reading data
2023-02-12 22:28:11 -06:00
Sean Parkinson 0a8753d2b2 ASN template, DSA: Clear the mp_int before re-reading data
Make sure the mp_int is cleared so that any exisiting bigint is freed.
Tidy up api.c code.
2023-02-13 11:08:18 +10:00
jordan 909aa86d2d Check keyLen matches cipher in wolfSSL_CMAC_Init.
Fixes ZD15607.
2023-02-12 18:26:40 -06:00
tmael 55a7e24cfe Support pthread_rwlock (#5952)
* Support rwlock

* Fix typo, ENABLE_SESSION_CACHE_ROW_LOCK with TITAN_SESSION_CACHE

* Implement read lock

- Use read lock for the SessionCache
- Don't copy the

* TLS 1.3: Don't push ticket to cache if we don't retrieve from it

* Detect rwlock support with PTHREAD_RWLOCK_INITIALIZER

* Implement explicit rwlocks

- Mutex's still necessary for signals. Implement explicit rwlocks and we can migrate critical mutexs to rwlocks when necessary.

* Remove WOLFSSL_USE_RWLOCK guard around mutex condLock

* condLock not necessary after all

* Use configure.ac to check for pthread_rwlock_destroy support

* Can't include config.h in wc_port.h as that breaks make distcheck

* Check for pthread_rwlock_t to determine if rwlock is available

* Code review

---------

Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2023-02-10 10:42:38 -08:00
John Bland 338d8db274 Ecc ctx state fix (#6077)
* set the client state correctly when wc_ecc_ctx_set_kdf_salt is called
* add test that covers wc_ecc_ctx_set_kdf_salt
* use shared key and smallstack to reduce test stack usage
2023-02-10 10:05:52 -08:00
philljj 5b8fda1ac6 Fix overflow in fp_to_unsigned_bin_len length check. (#6075)
* Fix overflow in fp_to_unsigned_bin_len length check.
* Add a second check when i == a->used - 1.
2023-02-10 08:46:37 -08:00
Daniel Pouzzner c2384674d8 Merge pull request #6079 from SparkiDev/aes-ecb-len-aesni
AES ECB/CTR/XTS: enable AES-NI usage
2023-02-09 21:17:50 -06:00
Sean Parkinson b359dd27e4 AES ECB/CTR/XTS: enable AES-NI usage
Perform multiple blocks of encryption/decryption in assembly call with
ECB.
This improves performance of ECB, CTR and XTS on Intel x64.
2023-02-10 11:14:06 +10:00
Sean Parkinson 9750fc4485 X509 RSA PSS: fixes for OpenSSL compat layer
Add NIDs for RSA-PSS to OpenSSL compat layer.
Have wc_RsaPublicKeyDecode call wc_RsaPublicKeyDecode_ex where logic for
RSA-PSS handling is already done.
2023-02-10 10:25:49 +10:00
Hideki Miyazaki d336e22b85 Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey (#6055)
* fix qt qsslkey unit test
2023-02-09 14:48:52 -08:00
Sean Parkinson 7a6f7ff6b7 Merge pull request #6076 from dgarske/fix_async
Fix for possible uses of NULL with heap hint in pk.c
2023-02-10 08:26:44 +10:00
David Garske 8929b31b84 Fix for possible uses of NULL in heap hint. The api.c has expected "bad" test cases where the key is passed in as NULL and the XFREE tries to use it. Tested with: ./configure --enable-asynccrypt --with-intelqa=../QAT1.8 --enable-all && make && sudo ./tests/unit.test 2023-02-09 10:18:37 -08:00
David Garske 05f8abd524 Merge pull request #6064 from embhorn/gh6063
Add WOLFSSL_IP_ALT_NAME to --enable-curl; fix unused error in FindPsk
2023-02-09 08:38:38 -08:00
Sean Parkinson 644d92f28c Merge pull request #6074 from douzzer/20230208-fixes
20230208-fixes
2023-02-09 16:18:35 +10:00
Daniel Pouzzner 9dd23fca25 wolfcrypt/src/pwdbased.c: refactor copy in scryptSalsa() as a memcpy(), for efficiency and to work around a bug in clang-17; also fix scratch buffer x in scryptBlockMix() to have correct alignment. 2023-02-08 21:31:56 -06:00
Daniel Pouzzner 63fdc4e843 src/ssl.c: fix PK object on stack in wolfSSL_i2d_PublicKey(). 2023-02-08 21:30:50 -06:00
Daniel Pouzzner ef0eda4091 cleaner fix for bugprone-signed-char-misuse first addressed in 38c057a084. 2023-02-08 21:28:34 -06:00
Sean Parkinson 49a500c2af Merge pull request #6070 from bandi13/coverityFixes
Coverity fixes
2023-02-09 10:21:12 +10:00
Sean Parkinson 008d2962d7 Merge pull request #6072 from bandi13/dsaNoInit
Fix for calling 'mp_clear(tmp)' without having called 'mp_init(tmp)'
2023-02-09 10:18:51 +10:00
John Bland e9aeb1a857 Add nuttx integration (#6043) 2023-02-08 16:04:53 -08:00
David Garske 619a587a7b Merge pull request #6071 from bandi13/extraPackagesForDocker
Add in a few more utilities that we need
2023-02-08 14:53:20 -08:00
David Garske 7f9b764eb5 Merge pull request #6054 from anhu/d2i_publickey_fix
Ensure that i2d APIs for public keys gives appropriate data.
2023-02-08 14:44:29 -08:00
David Garske 1da392c297 Merge pull request #6069 from philljj/spelling_cleanup
Spelling cleanup: configure.ac, ssl.c, ssl.h
2023-02-08 14:40:03 -08:00
Sean Parkinson 7a30617b26 Merge pull request #6073 from dgarske/shake_bench
Fix for benchmarking shake with custom block size
2023-02-09 08:06:24 +10:00
Andras Fekete 767c282c1d Addressing PR comments 2023-02-08 16:35:03 -05:00
Daniel Pouzzner 6a24cdaa42 Merge pull request #6067 from SparkiDev/sp_int_fixup_5
SP int: tidy up ifdef
2023-02-08 13:50:50 -06:00
David Garske cefd55eb74 Fix for benchmarking shake with custom block size. Using ./benchmark -shake 1024 caused seg fault. 2023-02-08 11:25:53 -08:00
Andras Fekete 08c63d55dc Addressing PR comments 2023-02-08 13:18:13 -05:00
Andras Fekete 38f2f43705 Fix for calling 'mp_clear(tmp)' without having called 'mp_init(tmp)' 2023-02-08 13:08:12 -05:00
Andras Fekete 06d6f2d4b6 One more app for debugging 2023-02-08 11:25:11 -05:00
Andras Fekete 94c01d9f4e Add in a few more utilities that we need 2023-02-08 10:52:00 -05:00
Anthony Hu 7a6ed68f2d Ensure that i2d APIs for public keys gives appropriate data. 2023-02-08 09:54:28 -05:00
jordan cc791a7a53 Spelling cleanup: configure.ac, ssl.c, ssl.h 2023-02-07 21:45:06 -06:00
Sean Parkinson 3e82abd002 SP int: tidy up ifdef 2023-02-08 10:45:00 +10:00
Andras Fekete 62cfd8725a Disable latest OpenWrt test 2023-02-07 18:17:39 -05:00