Commit Graph

6139 Commits

Author SHA1 Message Date
David Garske 628a91efda Fix for size calculation for encrypt then mac without openssl extra enabled. Fix for cast warning. 2022-05-02 17:11:48 -06:00
Jacob Barthelmeh 38c01b9d9f fix for infer diff report 2022-04-29 10:34:38 -06:00
JacobBarthelmeh df4dd7d5b3 Merge pull request #5088 from dgarske/sniffer_async_2
Fix to properly trap errors in sniffer (broken after async additions)
2022-04-28 09:47:05 -06:00
David Garske 277d6dc5dd Fix minor clang-tidy warnings for async. 2022-04-27 10:22:19 -07:00
David Garske 8bf228d346 Merge pull request #5083 from SparkiDev/d2i_ecpriv_der
d2i_ECPrivateKey() takes DER encoded data
2022-04-27 09:32:04 -07:00
David Garske fbc2ccca1e Fix to properly trap errors in sniffer SetupKeys after async changes. Fix minor scan-build warnings. 2022-04-27 08:28:36 -07:00
Sean Parkinson f86f4a8ca0 d2i_ECPrivateKey() takes DER encoded data
Code was incorrectly using data as a private key instead of DER
decoding.
Fixed i2d_EcPrivateKey() to output DER encoded data.
2022-04-27 09:39:50 +10:00
David Garske cbc27f7de4 Merge pull request #5085 from douzzer/20220426-multi-test
20220426 multi-test fixups
2022-04-26 11:15:59 -07:00
John Safranek 7436a41bc7 Merge pull request #5046 from SparkiDev/cppcheck_fixes_8
cppcheck: fixes
2022-04-26 10:37:42 -07:00
John Safranek 7e8598f75b Merge pull request #5081 from dgarske/sniffer_decrypt
Restore sniffer internal decrypt function. This allows decrypting TLS…
2022-04-26 09:37:32 -07:00
Daniel Pouzzner e6d267ef16 src/ssl.c wolSSL_DH_new_by_nid(): fix cppcheck nullPointer report. 2022-04-26 09:58:07 -05:00
Sean Parkinson 8737d46bb1 Merge pull request #5018 from haydenroche5/libspdm
Make changes to compatibility layer to support libspdm.
2022-04-26 09:55:22 +10:00
Sean Parkinson d362b6dd08 Merge pull request #5033 from haydenroche5/ec_key_print_fp
Add wolfSSL_EC_KEY_print_fp to compat layer.
2022-04-26 09:51:37 +10:00
David Garske 273ed1df76 Restore sniffer internal decrypt function. This allows decrypting TLS v1.2 traffic ignoring AEAD errors. 2022-04-25 16:28:09 -07:00
Sean Parkinson 20e5e654a3 cppcheck: fixes
CBIORecv/Send are only assigned once.
IOCB_ReadCtx/WriteCtx only assigned once.
BuildMessage checks output and input wiht sizeOnly every call - state
machine doesn't cache these.
Renamed alias_tbl variables to something unique.
Other cppcheck fixes.
Also reworked pem_read_bio_key().
2022-04-26 09:26:41 +10:00
Masashi Honma 3ab5ccd04f Add support for EVP_PKEY_sign/verify functionality (#5056)
* Fix wolfSSL_RSA_public_decrypt() return value to match Openssl
* Add support for EVP_PKEY_verify_init() and EVP_PKEY_verify()
* wpa_supplicant SAE public key functionality requires this function.
* Add DSA support for EVP_PKEY_sign/verify()
* Add ECDSA support for EVP_PKEY_sign/verify()
* Add tests for EVP_PKEY_sign_verify()
* Fix "siglen = keySz" at error cases
* Fix wolfSSL_DSA_do_sign() usage
1. Check wolfSSL_BN_num_bytes() return value
2. Check siglen size
3. Double the siglen
* Check return code of wolfSSL_i2d_ECDSA_SIG() in wolfSSL_EVP_DigestSignFinal()
* Add size calculations to `wolfSSL_EVP_PKEY_sign`
* Add size checks to wolfSSL_EVP_PKEY_sign before writing out signature
* Use wc_ecc_sig_size() to calculate ECC signature size
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-25 14:19:56 -07:00
David Garske 4ecf3545d7 Improve scan-build fix for ProcessPeerCertParse checking of empty dCert. With WOLFSSL_SMALL_CERT_VERIFY it is NULL. 2022-04-22 16:07:24 -07:00
David Garske e9b80e53fa Fix issue with InitX509Name. 2022-04-22 16:02:54 -07:00
David Garske ea2841fa7a Make sure ASN1 isDynamic is always set to 0. SK Cipher doesn't have free (data is contained in the SK). 2022-04-22 16:02:54 -07:00
David Garske 84a33183a6 Various scan-build fixes. 2022-04-22 16:02:54 -07:00
David Garske 3755b88a02 Fix InitX509Name to set dynamicName on init. 2022-04-22 16:02:53 -07:00
David Garske c41b1b1b9b Fix to ensure args->dCert is set for ProcessPeerCertParse. 2022-04-22 16:02:53 -07:00
John Safranek bf16696d8c Merge pull request #5036 from dgarske/sniffer
Fixes for minor sniffer and async issues
2022-04-22 12:24:33 -07:00
David Garske 6606984101 Fix for building sniffer without ECC while Curve25519 is enabled. 2022-04-21 16:54:11 -07:00
Hayden Roche cfab451328 Merge pull request #5024 from dgarske/zd13538 2022-04-20 13:08:13 -07:00
David Garske ec76f79e9d Fixes for sniffer decrypt broken in PR #4875. The TLS v1.2 sniffer decrypt did not have ssl->curRL set for proper auth tag calculation and was placing the data at offset + 8 to leave room for explicit IV. 2022-04-19 16:31:27 -07:00
David Garske 49f510544a Merge pull request #5057 from haydenroche5/pem_write_ec_rsa_pub
Add wolfSSL_PEM_write_RSAPublicKey and wolfSSL_PEM_write_EC_PUBKEY.
2022-04-19 16:19:38 -07:00
Daniel Pouzzner 5d0654ee56 Merge pull request #5062 from dgarske/clang_str
Fix for issue with `error: format string is not a string literal`
2022-04-19 14:27:36 -05:00
Hayden Roche d7085069d6 Add wolfSSL_PEM_write_RSAPublicKey and wolfSSL_PEM_write_EC_PUBKEY.
These were compatibility layer stubs before.
2022-04-19 09:42:10 -07:00
David Garske 95a85d16d2 Fix for issue with error: format string is not a string literal. 2022-04-19 08:49:05 -07:00
David Garske 70a0983bbc Fix for minor warning with chain input enabled and async disabled. 2022-04-18 16:17:37 -07:00
David Garske 710f49795f Fix for session cache locking with session stats in get_locked_session_stats. 2022-04-18 14:29:42 -07:00
David Garske 659d33fdaf Fixes for minor sniffer and async issues:
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra.
* Fix bound warning with strncpy in sniffer.c.
* Fix for async DH issue.
* Fix for SP math all not initializing raw big int.
* Fix for array bounds warning with "-O3" on SetEccPublicKey.
* Fix a sniffer async edge case with TLS v1.2 static RSA and extended master.
* Improved the sniffer test script detection of features.
* Disable ECC custom curve test with Intel QuickAssist.
2022-04-18 11:46:40 -07:00
Chris Conlon 35cb3c8a79 ECDH_compute_key: allow setting of globalRNG with FIPS 140-3 / Ready 2022-04-15 09:36:14 -06:00
Hayden Roche 0ef7435580 Make changes to compatibility layer to support libspdm.
- Add support for ASN1_TIME_compare, DH_new_by_nid, OBJ_length, OBJ_get0_data,
and ChaCha20-Poly1305 and HKDF in the EVP layer.
- Map EC_POINT_get_affine_coordinates to
wolfSSL_EC_POINT_get_affine_coordinates_GFp and EC_POINT_set_affine_coordinates
to wolfSSL_EC_POINT_set_affine_coordinates_GFp.
- Add kdf.h compatibility header.
2022-04-11 15:07:27 -07:00
Hayden Roche 0717135e49 Add wolfSSL_EC_KEY_print_fp to compat layer. 2022-04-11 13:02:38 -07:00
Eric Blankenhorn ab6dc8d669 Add ability to set ECC Sign userCTX using WOLFSSL_CTX 2022-04-11 08:41:27 -05:00
Chris Conlon 9859492222 Merge pull request #5029 from haydenroche5/asn1_time_diff_2038 2022-04-07 16:45:11 -06:00
David Garske 5ea38b059e For improved compatibility populate the extension value for NID_subject_alt_name. 2022-04-07 11:10:03 -07:00
Daniel Pouzzner 0083afc279 fix whitespace. 2022-04-07 07:59:07 -05:00
Hayden Roche 161d74879a Change time2epoch to TimeToUnixTime. 2022-04-06 21:38:24 -07:00
David Garske 80766566fc Fixes for X509_add_ext and new test case. 2022-04-06 16:35:53 -07:00
Sean Parkinson 25aa0af260 ssl.c break out
Move the X509 API out of ssl.c into x509.c
2022-04-06 17:25:26 +10:00
David Garske 99fbd6f160 Merge pull request #4963 from SparkiDev/tls13_psk_multi_id
TLS 1.3 PSK: multiple ids for a cipher suite
2022-04-05 09:47:14 -07:00
David Garske e9a238ca86 Merge pull request #5021 from JacobBarthelmeh/certs
allow up to and including CTC_MAX_SKID_SIZE (32 byte hash)
2022-04-05 09:46:34 -07:00
Sean Parkinson 77485d987e Merge pull request #5010 from haydenroche5/asn1_time_diff_2038
Fix year 2038 problem in wolfSSL_ASN1_TIME_diff.
2022-04-05 07:58:36 +10:00
Jacob Barthelmeh 68ebb051e5 allow up to and including CTC_MAX_SKID_SIZE (32 byte hash) 2022-04-04 15:19:17 -06:00
David Garske 829a8a4039 Merge pull request #5009 from embhorn/zd13980
Fix build errors for NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
2022-04-04 12:43:49 -07:00
Hayden Roche 9c1e2a83d1 Fix year 2038 problem in wolfSSL_ASN1_TIME_diff.
Prior to this commit, this function used XMKTIME (mktime) to convert the
passed in WOLFSSL_ASN1_TIMEs to Unix timestamps. On platforms where time_t is
32 bits long, times after the year 2038 can't be represented with this type. To
fix this, we need to not use XMKTIME. With this commit, the static function
time2epoch is added to ssl.c, which uses the date time information to compute
seconds since the Unix epoch without the use of mktime. It returns the seconds
as a long long. This is sufficient to make the function work for years > 2038 on
the platform of the user who discovered this problem in the first place (Yocto
Linux on ARMv7).
2022-04-04 11:01:21 -07:00
Daniel Pouzzner 0d6c283f7a fixes for -Werror=declaration-after-statement in debug builds. 2022-04-04 09:29:26 -05:00