Commit Graph

6307 Commits

Author SHA1 Message Date
Sean Parkinson 7b9c214b3c Merge pull request #4985 from kareem-wolfssl/iarWarningsFix
Fix compilation warnings from IAR.
2022-07-04 08:23:26 +10:00
Kareem 96aedc2f47 Fix SetCurve max sizes. Add fix for potentially uninitialized type in ProcessReplyEx. 2022-07-01 13:18:33 -07:00
David Garske bd75e1d6a4 Merge pull request #5307 from kareem-wolfssl/miscfixes2
Fix a couple of STM32 bugs, and add some missing mutex frees.
2022-07-01 09:46:22 -07:00
David Garske 0459e83a59 Merge pull request #5310 from SparkiDev/memusage_fix_1
TLS memusage: reduce usage
2022-07-01 09:13:05 -07:00
Sean Parkinson 7d58dc5678 TLS memusage: reduce usage
Reduce the amount allocated to reduce maximum overall dynamic memory
usage.
Rework ServerKeyExchange by extracting the handling of the signed data.
2022-07-01 14:24:59 +10:00
Kareem b2e7f4a8eb Fix cast spacing. Don't cast in wolfSSL_X509_set_version, check is valid as is. 2022-06-30 16:26:43 -07:00
Kareem 7555cd0685 Fix a couple of STM32 bugs, and add some missing mutex frees. 2022-06-30 16:11:16 -07:00
Daniel Pouzzner 2bdcbcc8be src/tls13.c: fix whitespace. 2022-06-30 17:17:50 -05:00
Daniel Pouzzner 4f6527353b src/{pk.c,x509.c}: style/clarity cleanups from dgarske. 2022-06-30 17:07:35 -05:00
Daniel Pouzzner 1a9388b935 src/pk.c: fix misuses around snprintf(). 2022-06-30 17:07:35 -05:00
Daniel Pouzzner 28213ad198 src/x509.c: fix wolfSSL_X509_signature_print() to print raw signature algorithm as hex digits, not as an (unprintable) string; fix printed-null bug in wolfSSL_X509_NAME_print_ex() (relates particularly to calls from wolfSSL_X509_NAME_print_ex_fp()). 2022-06-30 17:07:35 -05:00
Daniel Pouzzner 5bd8288b37 fix printed-null bug in wolfssl_print_number(). 2022-06-30 17:07:35 -05:00
Chris Conlon 867a1f7afa Merge pull request #5289 from TakayukiMatsuo/tls13 2022-06-30 15:49:53 -06:00
Kareem e09bbb1989 Fix compilation warnings from IAR. 2022-06-30 14:30:06 -07:00
TakayukiMatsuo ba19737627 Add support for TLS1.3 2022-06-30 23:00:05 +09:00
Sean Parkinson 1ba9ea9759 Fix mismatched dynamic types 2022-06-30 13:00:57 +10:00
Sean Parkinson f2acaa8ee9 Merge pull request #5242 from SKlimaRA/SKlimaRA/strict-verification
zd14249
2022-06-30 08:19:42 +10:00
Kaleb Himes 2257030792 Merge pull request #5296 from dgarske/sniffer
Sniffer fixes (async TLS v1.3, async removal of `WC_HW_WAIT_E` and sanitize leak)
2022-06-29 09:16:54 -07:00
David Garske d76c46a96f Fix for sniffer async issue with TLS v1.3. 2022-06-28 16:01:06 -07:00
Sean Parkinson 092b37f709 Merge pull request #5287 from haydenroche5/aes_ctr_clear_left_on_iv_set
Clear the leftover byte count in Aes struct when setting IV.
2022-06-29 08:30:01 +10:00
David Garske e49f07694e Fix for sniffer possible malloc of zero size causing a -fsanitize=address leak report. 2022-06-28 12:54:25 -07:00
David Garske 5ade360d9e Fix to avoid using WC_HW_WAIT_E for sniffer. ZD14398 2022-06-28 12:38:57 -07:00
David Garske b84b808b1b Merge pull request #5167 from ejohnstown/cac-ext
Add support for some FPKI certificate cases, UUID, FASC-N, PIV extension
2022-06-27 09:06:15 -07:00
Hayden Roche 10dfd8d129 Clear the leftover byte count in Aes struct when setting IV.
Setting the key already does this. The same needs to be done when setting the
IV.
2022-06-26 15:56:05 +04:00
Daniel Pouzzner 047c662af8 fix math errors unmasked by change to sp-math-all as default math back end. 2022-06-24 15:56:54 -05:00
JacobBarthelmeh 8dfcc76f50 Merge pull request #5279 from embhorn/gh5273
Fix config with WOLFSSL_WPAS_SMALL
2022-06-24 11:22:58 -06:00
Stanislav Klima ce977e8c0b requested review changes 2 2022-06-24 15:37:10 +02:00
David Garske 00b82888bc Merge pull request #4759 from dgarske/sp_math_default
Enable wolfSSL SP Math all (sp_int.c) by default
2022-06-23 16:14:54 -07:00
Eric Blankenhorn 1cdc81546d Fix config with WOLFSSL_WPAS_SMALL 2022-06-23 09:19:14 -05:00
Chris Conlon 7dbf1a5154 Merge pull request #5262 from miyazakh/qt_unit_failure 2022-06-21 16:35:37 -06:00
Anthony Hu 099afe4419 errant if 2022-06-21 11:33:08 -04:00
Anthony Hu beddc777d4 milliseconds not only for DTLS13 2022-06-21 11:07:19 -04:00
Anthony Hu f05bcb30e0 div by 4 in milliseconds 2022-06-21 10:48:48 -04:00
Anthony Hu ff4eabb17f same fix to MicriumReceive 2022-06-21 10:42:20 -04:00
Anthony Hu 1e84d1eb67 Change inspired by Rizlik review comments. 2022-06-21 10:22:44 -04:00
Anthony Hu 73435389ed Fix missing WOLFSSL_DTLS in Micrium build 2022-06-20 16:33:04 -04:00
Stanislav Klima 7c827d3a82 requested review changes 2022-06-20 11:27:09 +02:00
Sean Parkinson fab05f2527 DH: Fix names wolSSL_* -> wolfSSL_* 2022-06-20 08:58:35 +10:00
Hideki Miyazaki b5cac49be9 fix qt_unit_test_failure
add/remove spaces and line-feed to be the same as before
2022-06-18 10:04:10 +09:00
David Garske 390908bccc Merge pull request #5236 from SparkiDev/mem_zero
Check memory is zeroized
2022-06-17 12:01:34 -07:00
Sean Parkinson 6a0682d422 i2d AIPs move pointer on when a pointer to a buffer is passed in
Restore behaviour to be compatible with OpenSSL.
Replace comparison of DER data using AsserStrEQ to use memcmp.
2022-06-17 12:36:06 +10:00
Sean Parkinson 4fc709d2af Merge pull request #5256 from dgarske/cert_chain_der
Fixes for loading a DER/ASN.1 certificate chain
2022-06-17 11:55:49 +10:00
David Garske 128ebf54e9 Fix for loading certificate DER chain longer than 2 deep. Fix to properly trap BUFFER_E in ProcessUserChain. ZD14048. 2022-06-16 16:19:37 -07:00
Sean Parkinson 2834c22ce0 Merge pull request #5204 from lealem47/basicConst
Encoding the X509 Basic Constraint when CA:FALSE
2022-06-17 08:33:57 +10:00
Lealem Amedie 911f361285 Call RSA_To_Der instead of RSA_To_Der_ex in i2d_RSA key funcs 2022-06-16 12:26:47 -07:00
John Safranek 8f7db87f01 Merge pull request #5249 from dgarske/rsa_ifc
Cleanup the RSA consistency check
2022-06-16 09:14:08 -07:00
Lealem Amedie 5e63740c6c Ensuring that X509 Basic Constraint is set when CA:FALSE 2022-06-16 08:46:52 -07:00
Marco Oliverio 6a0c6049ce dtls: abide deadstore static analyzer warnings 2022-06-16 14:02:09 +02:00
David Garske 6d2a41b9fd Enable wolfSSL SP Math all (sp_int.c) by default. If --enable-fastmath or USE_FAST_MATH is set the older tfm.c fast math will be used. To use the old integer.c heap math use --enable-heapmath or USE_INTEGER_HEAP_MATH. 2022-06-16 10:57:30 +10:00
Sean Parkinson 1b29f7353a Check memory is zeroized
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.

wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.

Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
2022-06-16 10:22:32 +10:00