Commit Graph

11142 Commits

Author SHA1 Message Date
David Garske 80aa431689 Fixes multiple Jenkins warnings/failures. First is PickHashSigAlgo is required for client builds or if certs are enabled. Fixed scan-build warning with OCSP not recognized ForceZero as cleaning memory and using possible garbage value. Also cleaned up the OCSP functions to use struct buffer* instead of void* for clarity with a little forward declaration. 2016-03-10 09:38:11 -08:00
toddouska 1435a6ce92 Merge pull request #341 from JacobBarthelmeh/master
SEP and CERTEXT, QSH debug
2016-03-10 09:36:25 -08:00
Kaleb Joseph Himes 0a1871e77c Merge pull request #337 from dgarske/WarnDoubleFree
Fixes scan-build warning with "--enable-opensslextra --disable-memory"
2016-03-09 16:28:18 -08:00
Jacob Barthelmeh 6e1c5b3801 disable CERT_EXT policies check when SEP is used instead 2016-03-09 17:22:38 -07:00
Jacob Barthelmeh 49b547db08 make QSH debug compile for C89 2016-03-09 17:15:28 -07:00
toddouska ceafb25f49 Merge pull request #338 from dgarske/DerBufferRefactor2
Refactor of DerBuffer, so WOLFSSL object doesn't have to grow as a re…
2016-03-09 12:36:22 -08:00
toddouska 2f060dd860 Merge pull request #312 from dgarske/LeanTls
New LeanTLS configure option
2016-03-09 10:13:00 -08:00
David Garske f17dfa5b03 Moved the x509 XFREE to outside the FreeX509 function. Internally FreeX509 is only used in two places. One is for the ssl->peerCert, which is not dynamic anyways. The second is in the ExternalFreeX509 where it calls FreeX509 if its dynamic and will XFREE there. 2016-03-09 09:15:00 -08:00
David Garske c863300805 Fixed scan-build error with possibly using a NULL pointer. 2016-03-08 09:34:56 -08:00
David Garske 0f93b86b61 Fixes for PK_CALLBACKS and sniffer after DerBuffer refactor #2. 2016-03-08 08:56:14 -08:00
David Garske ce9f14f713 Refactor of DerBuffer, so WOLFSSL object doesn't have to grow as a result of additional functionality. Removed InitDer. Changed all DerBuffers to use pointer and pass pointer to DerBuffer* to AllocDer and FreeDer. Result is more efficient code and reduced WOLFSSL object size. AllocDer uses first part of the allocated buffer for the actual DerBuffer. 2016-03-08 08:56:14 -08:00
David Garske daa1cd634e Fixes scan-build warning with "--enable-opensslextra --disable-memory". Problem was different #if defines on the InitX509 and FreeX509, which caused the static analyzer to think the "x509->dynamicMemory" was always true. 2016-03-08 08:38:02 -08:00
David Garske 0ed26ad262 Updated build for "leantls" to support building only the client, by splitting BUILD_EXAMPLES into 3 parts (BUILD_EXAPLE_SERVERS, BUILD_EXAMPLE_CLIENTS and BUILD_TESTS). This allows the make check to perform the external tests to validate the client only "leantls" configuration option. 2016-03-08 08:35:28 -08:00
David Garske 2891939098 Remove NO_CERT and NO_CODING. Enable building of the client with leantls. 2016-03-08 08:35:28 -08:00
David Garske 8e8ee45828 LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System). 2016-03-08 08:35:28 -08:00
JacobBarthelmeh 375d85fe9a Merge pull request #336 from dgarske/ASNCertPolicyExtFix
Fixed bug with ASN.1 X509V3 Certificate Policy extension parsing
2016-03-08 08:59:24 -07:00
David Garske b549c81337 Fix the WOLFSSL_SEP (--enable-sep) build scenario where extCertPoliciesNb is not available. 2016-03-07 14:49:24 -08:00
David Garske 05fb648747 Remove white-space. 2016-03-07 14:33:22 -08:00
David Garske 9b79d8643e Added checks for total length and the cert policy OID len to make sure they don't exceed buffer. 2016-03-07 14:20:37 -08:00
David Garske dee3645c4e Fixed bug with ASN.1 X509V3 Certificate Policy extension parsing. Bug had to do with parsing when OID contains multiple items such as example 2 below. The wolfssl.com server key now contains a URL in the certificate policy "https://secure.comodo.com/CPS0", which wasn't being parsed over correctly. Also cleanup to use loop instead of duplicate code.
Example 1:
30 12
30 06 06 04 55 1D 20 00
30 08 06 06 67 81 0C 01 02 01

Result:
2.5.29.32.0
2.23.140.1.2.1

Example 2:
30 46
30 3A 06 0B 2B 06 01 04 01 B2 31 01 02 02 07
   30 2B 30 29 06 08 2B 06 01 05 05 07 02 01 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53
30 08 06 06 67 81 0C 01 02 01

Result:
1.3.6.1.4.1.6449.1.2.2.7
2.23.140.1.2.1
2016-03-07 13:40:25 -08:00
dgarske 98a72a3f9d Merge pull request #334 from JacobBarthelmeh/master
update wolfssl-ntru vs project and fix warnings
2016-03-03 15:53:52 -08:00
dgarske 8ca1c3935d Merge pull request #322 from ejohnstown/dtls-handshake
DTLS Handshake Update
2016-03-03 14:33:31 -08:00
Jacob Barthelmeh c98c457b9b update wolfssl-ntru vs project and fix warnings 2016-03-03 14:35:39 -07:00
dgarske b9ecd9474c Merge pull request #330 from kaleb-himes/CID-66007-coverity
avoid dereference of null pointer if args is null
2016-03-02 18:22:07 -08:00
Jacob Barthelmeh 112cf1f0c9 fix example client help print out 2016-03-02 16:51:57 -07:00
kaleb-himes 7a599c1309 Account for not used case 2016-03-02 16:31:58 -07:00
dgarske a0f1e1e3ea Merge pull request #331 from kaleb-himes/CID-66006-coverity
Move assignment to after the null check
2016-03-02 15:23:58 -08:00
Jacob Barthelmeh aab44eb26b adjest example server PSK plus flag 2016-03-02 15:43:17 -07:00
Jacob Barthelmeh 267dc48d95 fixs after testing : hash table, using NO_SKID, sanity check, and freeing dCert 2016-03-02 15:23:50 -07:00
Jacob Barthelmeh d969e2ba11 automated test for trusted peer certs 2016-03-02 11:42:00 -07:00
kaleb-himes 85215cc174 clean up braces left over from local declaration of ready 2016-03-02 11:39:34 -07:00
Jacob Barthelmeh 05d2cec7c1 addition to api tests and refactor location of trusted peer cert check 2016-03-02 11:35:03 -07:00
kaleb-himes 01cd43c319 Seperate declaration and assignment per c99 standards 2016-03-02 11:31:08 -07:00
Jacob Barthelmeh 7df22ee210 Trusted peer certificate use 2016-03-02 11:22:34 -07:00
kaleb-himes 1f4ddb20df Move assignment to after the null check 2016-03-01 17:00:27 -07:00
kaleb-himes d15dac04b8 remove unnecessary NULL assignment 2016-03-01 16:33:47 -07:00
kaleb-himes d473452769 avoid dereference of null pointer if args is null 2016-03-01 16:21:03 -07:00
Kaleb Joseph Himes 7c63ac4f6a Merge pull request #329 from dgarske/BuildErrDerBuf
Fixes build error with new DerBuffer with ASN, ECC and RSA disabled.
2016-02-26 08:44:30 -08:00
David Garske 79ef8e232b Fixes build error with new DerBuffer with ASN, ECC and RSA disabled. 2016-02-26 15:39:30 +01:00
toddouska 0c45a7a028 Merge pull request #317 from dgarske/DerBufferRefactor
Refactor of the DER buffer handling
2016-02-25 09:35:50 -08:00
David Garske a46fd6612b Changed CopyDecodedToX509 AllocDer error code handing to return MEMORY_E, since that is an explicitly handled case. Also resolves the issue with "warning: Value stored to 'ret' is never read". 2016-02-25 14:35:54 +01:00
dgarske f549f71912 Merge pull request #325 from kaleb-himes/CID-66016-coverity
Always execute wc_InitRsaKey if we are always going to execute wc_Fre…
2016-02-25 08:45:06 +01:00
dgarske f0b1d2fd9d Merge pull request #324 from JacobBarthelmeh/master
argument peer can be NULL when macro INADDR_ANY is NULL
2016-02-25 08:40:37 +01:00
John Safranek aa7eae3294 Merge pull request #320 from moisesguimaraes/fix-ocsp-dependency-check
fixes ocsp dependency check on asn during configure.
2016-02-24 16:21:51 -08:00
kaleb-himes 16dac5597f prevent buffer overflows if sigSz > MAX_ENCODED_SIG_SZ 2016-02-24 16:08:54 -07:00
Moisés Guimarães fb9697bda6 adds check for missing rsa and ecc at the same time 2016-02-24 18:57:16 -03:00
kaleb-himes 4858a65984 Always execute wc_InitRsaKey if we are always going to execute wc_FreeRsaKey 2016-02-24 14:42:07 -07:00
Jacob Barthelmeh 6ee3c0ae59 argument peer can be NULL when macro INADDR_ANY is NULL 2016-02-24 13:55:44 -07:00
Moisés Guimarães 1824a494d1 adds missing ENABLED_OCSP test 2016-02-24 16:45:07 -03:00
toddouska 35b48250ad Merge pull request #321 from dgarske/FixCryptBenchEdCurve25519
Fixes issue with building crypt benchmark with only ED/Curve25519 ena…
2016-02-24 11:19:30 -08:00