Commit Graph

12442 Commits

Author SHA1 Message Date
David Garske b18d43abb9 Fix for possible uninitialized use of prev. 2020-10-14 15:52:51 -07:00
David Garske 751f64b4aa Fix for OCSP single response last optional part handling and restore original size arg since its required for the ASN elements. 2020-10-14 14:55:18 -07:00
David Garske 10b1884993 Added support for handling an OCSP response with multiple status responses. 2020-10-14 14:47:24 -07:00
Tesfa Mael 5ac3e7d542 Process multiple ocsp responses 2020-10-14 01:10:07 -07:00
David Garske 232028d03b Merge pull request #3386 from ejohnstown/dh-maint
Fuzz Fix
2020-10-13 15:47:11 -07:00
David Garske b68828d3c9 Merge pull request #3361 from tmael/ocsp-nocheck
Add support for id-pkix-ocsp-nocheck
2020-10-13 15:46:02 -07:00
David Garske 048a3a8d5b Merge pull request #3374 from JacobBarthelmeh/Testing
NO_FILESYSTEM build on Windows
2020-10-13 13:26:46 -07:00
John Safranek 422683f4c3 Fuzz Fix
GetPublicDhKey() assumes the ssl session owns the DH public key parts, and
tries to free them. They belong to the CTX initially, so it shouldn't be
freeing them, necessarily.

1. Add a check for weOwnDh first, then free the buffers if needed.
2. If there is a problem reading the keys, free the new buffers before exiting.
3. Set weOwnDh once the buffers and values have been stored
   successfully.
2020-10-13 10:15:58 -07:00
Jacob Barthelmeh 6aa0eacc62 use correct key buffer for example private key 2020-10-13 09:26:54 -06:00
David Garske 0d685e4f28 Merge pull request #3358 from douzzer/wolfSSL_get_ocsp_producedDate
add wolfSSL_get_ocsp_producedDate().
2020-10-12 15:21:10 -07:00
David Garske de6164df5a Merge pull request #3382 from ejohnstown/aes-clear
AES Clear Temp
2020-10-12 15:17:00 -07:00
David Garske 4396e10500 Merge pull request #3379 from ejohnstown/mfix
Maintenance Fixes
2020-10-12 14:53:56 -07:00
Chris Conlon 1f78297c5c Merge pull request #3372 from miyazakh/Renesas_APRA6M
added set up guide for APRA6M board
2020-10-12 14:23:06 -06:00
Chris Conlon 2a1efda140 Merge pull request #3380 from kojo1/mqx
minor fix for MQX, Kinetis
2020-10-12 14:03:20 -06:00
John Safranek 5ead4386b3 AES Clear Temp
ForceZero()'ed a couple local variables that have keying material at some point.
2020-10-12 10:30:34 -07:00
John Safranek 0ca202f389 Rename SKIP_SUITE to something more descriptive. Add some comments. 2020-10-12 09:49:02 -07:00
Tesfa Mael a4bfa0dec7 Add support for id-pkix-ocsp-nocheck 2020-10-11 19:47:50 -07:00
Takashi Kojo ce97eadae1 fix for MQX 2020-10-11 06:57:33 +09:00
Daniel Pouzzner 9de5eea1d9 configure.ac: supplement AC_CHECK_FUNCS() (function link test) with AC_CHECK_DECLS() (function declaration test) to avoid false positives. fixes various build failure modes. 2020-10-09 22:18:51 -05:00
Hideki Miyazaki bf59d169dd Update include.am to include new README files 2020-10-10 09:57:05 +09:00
John Safranek a05a305d70 Fix unused parameters in SKIP_SUITE. 2020-10-09 15:59:14 -07:00
John Safranek 6cfb038d11 Fix a bad ifdef. 2020-10-09 15:54:44 -07:00
John Safranek 2d85061c47 Maintenance Fixes
Improve the reporting of the NTRU based cipher suites with the function
wolfSSL_sk_CIPHER_description().
2020-10-09 15:01:39 -07:00
John Safranek d8299e2764 Maintenance Fixes
When building the list of ciphers with wolfSSL_get_ciphers_compat(),
skip the fake indicator ciphers like the renegotiation indication
and the quantum-safe hybrid since they do not have encryption or mac
algorithms associated to them.
2020-10-09 15:01:38 -07:00
John Safranek aeeeb666a7 Maintenance Fixes
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
   changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
   variable getting the output in decodedCertCache_test().
2020-10-09 15:01:32 -07:00
John Safranek 724eb96047 Merge pull request #3377 from douzzer/PR3371
fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244.
2020-10-09 15:00:15 -07:00
Daniel Pouzzner 29d4de6307 fix pkcs7compressed_test() (test gated on HAVE_LIBZ), broken by PR#3244. 2020-10-09 12:42:14 -05:00
JacobBarthelmeh bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
David Garske 3e69318ac7 Merge pull request #3373 from danielinux/imx-rt1060-shaonly-fix
Fixed SHA256 support for IMX-RT1060
2020-10-09 09:30:11 -07:00
Daniele Lacamera 9cb2c9f1ac Fixed SHA256 support for IMX-RT1060 2020-10-09 13:36:53 +02:00
Hideki Miyazaki 1765eeddb2 added set up guide for APRA6M board
added TLS 1.3 settings into user_settings.h
2020-10-09 19:52:20 +09:00
Daniel Pouzzner 570f55a0e3 wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac. 2020-10-08 23:26:28 -05:00
Daniel Pouzzner 7a77b6d990 rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true). 2020-10-08 22:47:16 -05:00
Daniel Pouzzner e162d0f889 add wolfSSL_get_ocsp_producedDate(). 2020-10-08 22:47:16 -05:00
toddouska 4d11e3c83b Merge pull request #3365 from SparkiDev/ticket_align
SSL session ticket: decrypted ticket access aligned
2020-10-08 15:01:41 -07:00
toddouska 8bc3d33c4e Merge pull request #3360 from SparkiDev/ecc_safe_add
ECC add points: more cases where add point is a double or infinity
2020-10-08 14:55:04 -07:00
toddouska f0c5fb76bb Merge pull request #3359 from ejohnstown/tfm-read-radix-16
TFM Read Radix 16 OOB Read
2020-10-08 14:52:42 -07:00
toddouska c69e9927fa Merge pull request #3354 from SparkiDev/mac_arm_asm_2
ARM ASM ChaCha20: Fix calc of left over bytes
2020-10-08 14:49:33 -07:00
toddouska 6b4b92a549 Merge pull request #3356 from embhorn/zd11044
Allow wolfSSL_EVP_get_hashinfo with x509small
2020-10-08 14:48:28 -07:00
toddouska e0f3ceefa2 Merge pull request #3349 from vaintroub/remove_gccism
#3348  - Fix MSVC build
2020-10-08 14:47:15 -07:00
JacobBarthelmeh 46f8f53268 Merge pull request #3367 from kaleb-himes/NTRU_MAINTENANCE
Fix NTRU + QSH build
2020-10-08 14:04:21 -06:00
kaleb-himes d9eaeb4a3b Fix NTRU + QSH build 2020-10-08 09:13:00 -06:00
Sean Parkinson 4f6c1db9a2 Merge pull request #3355 from douzzer/enable-more-all
--enable-all coverage update, plus --enable-all-crypto and --enable-linuxkm-defaults
2020-10-08 09:52:56 +10:00
Sean Parkinson 257551b134 ECC add points: more cases where add point is a double or infinity
Extract method to perform safe point add (handling double and infinity
result).
Replace all instances of the extracted code.
2020-10-08 09:26:10 +10:00
Sean Parkinson 8d82fb2add SSL session ticket: decrypted ticket access aligned
Decrypted session ticket using encrypted ticket buffer.
Alignment not correct on platforms requiring 32-bit aligned access.
Copy the decrypted data into temporary for access.
Also zeroize the unencrypted tickets after use.
2020-10-08 08:56:49 +10:00
Sean Parkinson 270da3c33c Merge pull request #3364 from dgarske/zd11064
Fix for sniffer without TLS v1.3
2020-10-08 08:10:21 +10:00
David Garske 4f3632c7a6 Fix for sniffer without TLS v1.3 (--enable-sniffer --disable-tls13). ZD11064. 2020-10-07 11:08:05 -07:00
Daniel Pouzzner 1c492dc0b6 cosmetic cleanups. 2020-10-06 22:14:08 -05:00
John Safranek 413b0d171d TFM Read Radix 16 OOB Read
Change the location of the update of the write index when in
fp_read_radix_16(). It will do multiple writes into a word, and update
the index when the word is full and there is more to write. If there
isn't more to write, the index isn't incremented. This ensures the used
value in the mp_digit is correct, and not off-by-one when the last word
is full.
2020-10-06 17:03:03 -07:00
Eric Blankenhorn 6bc34cb1a8 Allow wolfSSL_EVP_get_hashinfo with x509small 2020-10-06 11:18:08 -05:00