Sean Parkinson
e745de657f
Merge pull request #4761 from haydenroche5/time_cb
...
Add time callback functionality.
2022-01-18 16:49:19 +10:00
Hayden Roche
1b0926a3b8
Add time callback functionality.
...
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
2022-01-17 17:49:51 -08:00
Andrew Hutchings
1a4bc322f7
Fix buffer overflow in PKCS7_VerifySignedData
...
wc_PKCS7_AddDataToStream() was called the first time prior to BERtoDER
conversion, subsequent times afterwards which meant the stream idx
pointer was incorrect. This patch restarts the stream after conversion.
Fixes ZD13476
2022-01-13 14:49:31 +00:00
Andrew Hutchings
92d01611ff
Fix buffer overflow in GetOID
...
When converting BER to DER we switched the pointer for pkiMsg to the DER
but not the size which could cause buffer overflow.
Fixes ZD13471
2022-01-13 13:26:32 +00:00
Daniel Pouzzner
9e76ec8855
wolfcrypt/src/pkcs7.c: fixes for cppcheck complaints: nullPointerArithmeticRedundantCheck
2022-01-08 00:31:07 -06:00
Eric Blankenhorn
3134bd2e71
Fix heap-buffer-overflow in GetBerHeader
2022-01-03 14:51:47 -06:00
JacobBarthelmeh
63df8f0836
add fe_low_mem.c to wolfssl vs project and fix a couple warnings
2021-12-23 16:55:51 +00:00
Sean Parkinson
6d2da74c21
Merge pull request #4625 from dgarske/zd13208
...
Fix for PKCS7 verify to handle content type OID with indef BER encoding
2021-12-20 14:49:59 +10:00
David Garske
2477574a69
Fix for PKCS7 verify to handle pkcs7-data content type OID with indef BER encoding. ZD13208
2021-12-17 14:24:35 -08:00
Lealem Amedie
a79440b95a
Removing extra \n from WOLFSSL_LEAVE and WOLFSSL_ENTER
2021-12-16 13:30:43 -07:00
JacobBarthelmeh
b69a1c860c
Merge pull request #3996 from cconlon/pkcs7_detachedhash
...
adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature
2021-11-30 12:46:46 -08:00
David Garske
5182e2a8c8
Merge pull request #4580 from kareem-wolfssl/minor_fixes
...
Check ssl->arrays in SendClientHello to avoid null dereference. Allow building with fallthrough defined.
2021-11-19 16:55:01 -08:00
David Garske
34346bab4f
Merge pull request #4579 from JacobBarthelmeh/PKCS7
...
BER size adjustment with PKCS7
2021-11-19 14:49:03 -08:00
Kareem
72d4dcce0f
Fix updated FALL_THROUGH macro. Fix a couple of case statements and remove a trailing whitespace.
2021-11-19 14:13:02 -07:00
Jacob Barthelmeh
ddf06b8161
BER size adjustment with PKCS7
2021-11-17 12:03:32 -07:00
David Garske
a626a4fb02
Fixes for spelling errors.
2021-11-12 10:27:49 -08:00
David Garske
6bb7e3900e
Merge pull request #4511 from JacobBarthelmeh/Testing
...
build fixes and PKCS7 BER encoding fix
2021-10-28 10:52:58 -07:00
Jacob Barthelmeh
f585dcd5ab
adjust inSz with BER PKCS7 parsing
2021-10-27 15:12:04 -06:00
John Safranek
75df6508e6
Add a read enable for private keys when in FIPS mode.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
7a4ec22953
pkcs7.c: further smallstack refactor of PKCS7_EncodeSigned().
2021-10-26 20:24:28 -05:00
Chris Conlon
322cb05852
adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature
2021-10-25 14:46:10 -06:00
Daniel Pouzzner
816527e826
scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13.
2021-10-18 21:46:09 -05:00
Daniel Pouzzner
62822be6ce
scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all.
2021-10-18 21:46:09 -05:00
JacobBarthelmeh
4bd87a0c41
sanity check on pkcs7 input size ( #4386 )
2021-09-13 08:34:23 +10:00
JacobBarthelmeh
bac0497c35
PKCS7 fix for double free on error case and sanity check on set serial number ( #4356 )
...
* check for error value on set serial number
* set pointer in fail case
2021-09-02 09:13:35 +10:00
John Safranek
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template
...
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
Sean Parkinson
d486b89c61
ASN1 Template: stricter and simpler DER/BER parsing/construction
...
Reduce debug output noise
2021-08-19 11:32:41 +10:00
David Garske
c5f9e55567
Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.
2021-08-18 11:30:18 -07:00
David Garske
89904ce82e
Fixes for building without AES CBC and support for PKCS7 without AES CBC.
2021-08-17 10:47:19 -07:00
Jacob Barthelmeh
293755917e
sanity check on pkcs7 stream amount read
2021-07-30 22:11:45 +07:00
Jacob Barthelmeh
263e03748e
fix issue of handling partially streamed PKCS7 input
2021-07-08 15:25:40 +07:00
Jacob Barthelmeh
ae00b5acd0
some minor changes for unintialized and null infer reports
2021-07-06 14:13:45 +07:00
David Garske
d16e374972
Merge pull request #4160 from JacobBarthelmeh/fuzzing
...
better checking on length of streaming buffer
2021-07-01 17:04:49 -07:00
David Garske
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7
...
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
2021-07-01 17:03:56 -07:00
Elms
dc7beab784
address errors with -fsanitize=undefined
...
- fix null dereferences or undefined `memcpy` calls
- fix alignment in `myCryptoDevCb`
- fix default dtls context assignment
- add align configure option to force data alignment
TESTED:
`./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
2021-06-30 21:58:30 -07:00
Jacob Barthelmeh
893b71e8c1
remove dead code
2021-06-30 19:54:25 +07:00
Jacob Barthelmeh
23eededc36
simplify and fix max stream buffer length
2021-06-30 15:26:44 +07:00
Chris Conlon
9179071af5
Merge pull request #4153 from JacobBarthelmeh/Testing
...
fix for keyid with ktri cms
2021-06-29 11:40:00 -06:00
Jacob Barthelmeh
5038a27cda
add test cases and set content oid with decode encrypted data
2021-06-25 21:16:01 +07:00
Jacob Barthelmeh
55002c56d2
update for ber padding
2021-06-25 18:57:28 +07:00
Juliusz Sosinowicz
656e49cc3b
Expand SHA-3 support
...
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
2021-06-24 19:31:43 +02:00
Jacob Barthelmeh
b826083fbf
better checking on length of streaming buffer
2021-06-24 23:06:37 +07:00
Jacob Barthelmeh
2b1a6cfb54
add setting contentOID with decode enveloped data
2021-06-22 22:06:16 +07:00
Jacob Barthelmeh
a4b5ebb62f
remove contentOID check
2021-06-22 21:59:57 +07:00
Jacob Barthelmeh
31e8784057
fix for compressedData eContent encoding with PKCS7
2021-06-22 21:59:57 +07:00
Jacob Barthelmeh
9c2de0e40a
wc_PKCS7_DecodeCompressedData optionally handle a packet without content wrapping
2021-06-22 21:59:57 +07:00
Jacob Barthelmeh
3cd43cf692
fix for keyid with ktri cms
2021-06-22 21:33:12 +07:00
Sean Parkinson
d8cd7cbee1
Merge pull request #4024 from kabuobeid/zd12245
...
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
2021-06-09 10:06:02 +10:00
Jacob Barthelmeh
f4959cca8d
set content type parsed
2021-05-21 01:42:10 +07:00
Kareem Abuobeid
cba029a436
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
2021-05-11 14:35:41 -07:00