Commit Graph

350 Commits

Author SHA1 Message Date
Sean Parkinson e745de657f Merge pull request #4761 from haydenroche5/time_cb
Add time callback functionality.
2022-01-18 16:49:19 +10:00
Hayden Roche 1b0926a3b8 Add time callback functionality.
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
2022-01-17 17:49:51 -08:00
Andrew Hutchings 1a4bc322f7 Fix buffer overflow in PKCS7_VerifySignedData
wc_PKCS7_AddDataToStream() was called the first time prior to BERtoDER
conversion, subsequent times afterwards which meant the stream idx
pointer was incorrect. This patch restarts the stream after conversion.

Fixes ZD13476
2022-01-13 14:49:31 +00:00
Andrew Hutchings 92d01611ff Fix buffer overflow in GetOID
When converting BER to DER we switched the pointer for pkiMsg to the DER
but not the size which could cause buffer overflow.

Fixes ZD13471
2022-01-13 13:26:32 +00:00
Daniel Pouzzner 9e76ec8855 wolfcrypt/src/pkcs7.c: fixes for cppcheck complaints: nullPointerArithmeticRedundantCheck 2022-01-08 00:31:07 -06:00
Eric Blankenhorn 3134bd2e71 Fix heap-buffer-overflow in GetBerHeader 2022-01-03 14:51:47 -06:00
JacobBarthelmeh 63df8f0836 add fe_low_mem.c to wolfssl vs project and fix a couple warnings 2021-12-23 16:55:51 +00:00
Sean Parkinson 6d2da74c21 Merge pull request #4625 from dgarske/zd13208
Fix for PKCS7 verify to handle content type OID with indef BER encoding
2021-12-20 14:49:59 +10:00
David Garske 2477574a69 Fix for PKCS7 verify to handle pkcs7-data content type OID with indef BER encoding. ZD13208 2021-12-17 14:24:35 -08:00
Lealem Amedie a79440b95a Removing extra \n from WOLFSSL_LEAVE and WOLFSSL_ENTER 2021-12-16 13:30:43 -07:00
JacobBarthelmeh b69a1c860c Merge pull request #3996 from cconlon/pkcs7_detachedhash
adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature
2021-11-30 12:46:46 -08:00
David Garske 5182e2a8c8 Merge pull request #4580 from kareem-wolfssl/minor_fixes
Check ssl->arrays in SendClientHello to avoid null dereference.  Allow building with fallthrough defined.
2021-11-19 16:55:01 -08:00
David Garske 34346bab4f Merge pull request #4579 from JacobBarthelmeh/PKCS7
BER size adjustment with PKCS7
2021-11-19 14:49:03 -08:00
Kareem 72d4dcce0f Fix updated FALL_THROUGH macro. Fix a couple of case statements and remove a trailing whitespace. 2021-11-19 14:13:02 -07:00
Jacob Barthelmeh ddf06b8161 BER size adjustment with PKCS7 2021-11-17 12:03:32 -07:00
David Garske a626a4fb02 Fixes for spelling errors. 2021-11-12 10:27:49 -08:00
David Garske 6bb7e3900e Merge pull request #4511 from JacobBarthelmeh/Testing
build fixes and PKCS7 BER encoding fix
2021-10-28 10:52:58 -07:00
Jacob Barthelmeh f585dcd5ab adjust inSz with BER PKCS7 parsing 2021-10-27 15:12:04 -06:00
John Safranek 75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner 7a4ec22953 pkcs7.c: further smallstack refactor of PKCS7_EncodeSigned(). 2021-10-26 20:24:28 -05:00
Chris Conlon 322cb05852 adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature 2021-10-25 14:46:10 -06:00
Daniel Pouzzner 816527e826 scan-build fixes: back out all "#ifndef __clang_analyzer__" wrappers added to suppress false and frivolous positives from alpha.deadcode.UnreachableCode, and rename new macro WC_UNUSED to WC_MAYBE_UNUSED to make its meaning more precisely apparent. build is still clean with -Wunreachable-code-break -Wunreachable-code-return under scan-build-13. 2021-10-18 21:46:09 -05:00
Daniel Pouzzner 62822be6ce scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all. 2021-10-18 21:46:09 -05:00
JacobBarthelmeh 4bd87a0c41 sanity check on pkcs7 input size (#4386) 2021-09-13 08:34:23 +10:00
JacobBarthelmeh bac0497c35 PKCS7 fix for double free on error case and sanity check on set serial number (#4356)
* check for error value on set serial number

* set pointer in fail case
2021-09-02 09:13:35 +10:00
John Safranek e7ef48d2b7 Merge pull request #3869 from SparkiDev/asn1_template
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
Sean Parkinson d486b89c61 ASN1 Template: stricter and simpler DER/BER parsing/construction
Reduce debug output noise
2021-08-19 11:32:41 +10:00
David Garske c5f9e55567 Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled. 2021-08-18 11:30:18 -07:00
David Garske 89904ce82e Fixes for building without AES CBC and support for PKCS7 without AES CBC. 2021-08-17 10:47:19 -07:00
Jacob Barthelmeh 293755917e sanity check on pkcs7 stream amount read 2021-07-30 22:11:45 +07:00
Jacob Barthelmeh 263e03748e fix issue of handling partially streamed PKCS7 input 2021-07-08 15:25:40 +07:00
Jacob Barthelmeh ae00b5acd0 some minor changes for unintialized and null infer reports 2021-07-06 14:13:45 +07:00
David Garske d16e374972 Merge pull request #4160 from JacobBarthelmeh/fuzzing
better checking on length of streaming buffer
2021-07-01 17:04:49 -07:00
David Garske 43f8c5ba1b Merge pull request #4121 from JacobBarthelmeh/PKCS7
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
2021-07-01 17:03:56 -07:00
Elms dc7beab784 address errors with -fsanitize=undefined
- fix null dereferences or undefined `memcpy` calls
 - fix alignment in `myCryptoDevCb`
 - fix default dtls context assignment
 - add align configure option to force data alignment

TESTED:
 `./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
2021-06-30 21:58:30 -07:00
Jacob Barthelmeh 893b71e8c1 remove dead code 2021-06-30 19:54:25 +07:00
Jacob Barthelmeh 23eededc36 simplify and fix max stream buffer length 2021-06-30 15:26:44 +07:00
Chris Conlon 9179071af5 Merge pull request #4153 from JacobBarthelmeh/Testing
fix for keyid with ktri cms
2021-06-29 11:40:00 -06:00
Jacob Barthelmeh 5038a27cda add test cases and set content oid with decode encrypted data 2021-06-25 21:16:01 +07:00
Jacob Barthelmeh 55002c56d2 update for ber padding 2021-06-25 18:57:28 +07:00
Juliusz Sosinowicz 656e49cc3b Expand SHA-3 support
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
2021-06-24 19:31:43 +02:00
Jacob Barthelmeh b826083fbf better checking on length of streaming buffer 2021-06-24 23:06:37 +07:00
Jacob Barthelmeh 2b1a6cfb54 add setting contentOID with decode enveloped data 2021-06-22 22:06:16 +07:00
Jacob Barthelmeh a4b5ebb62f remove contentOID check 2021-06-22 21:59:57 +07:00
Jacob Barthelmeh 31e8784057 fix for compressedData eContent encoding with PKCS7 2021-06-22 21:59:57 +07:00
Jacob Barthelmeh 9c2de0e40a wc_PKCS7_DecodeCompressedData optionally handle a packet without content wrapping 2021-06-22 21:59:57 +07:00
Jacob Barthelmeh 3cd43cf692 fix for keyid with ktri cms 2021-06-22 21:33:12 +07:00
Sean Parkinson d8cd7cbee1 Merge pull request #4024 from kabuobeid/zd12245
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
2021-06-09 10:06:02 +10:00
Jacob Barthelmeh f4959cca8d set content type parsed 2021-05-21 01:42:10 +07:00
Kareem Abuobeid cba029a436 PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow. 2021-05-11 14:35:41 -07:00