Commit Graph

22165 Commits

Author SHA1 Message Date
Brett Nicholas 5277065c3c fix typo in WOLFSSL_ENTER function name 2023-10-26 13:01:05 -06:00
JacobBarthelmeh 45ba778692 Merge pull request #6911 from douzzer/20231025-sp_to_unsigned_bin_len_ct-Wconversion-cast
20231025-sp_to_unsigned_bin_len_ct-Wconversion-cast
2023-10-26 10:33:50 -06:00
Daniel Pouzzner 7821c48e65 wolfcrypt/src/sp_int.c: add cast in sp_to_unsigned_bin_len_ct() to mollify -Wconversion. 2023-10-25 23:40:21 -05:00
David Garske fc858ec33b Merge pull request #6908 from JacobBarthelmeh/static-analysis
minor warning fixes from static analysis tests
2023-10-25 17:28:54 -07:00
Brett 89d445a5a5 added --sys-ca-certs client connection to external test 2023-10-25 15:13:08 -06:00
Brett 60f75ea5a8 simplified apple header detection used in code 2023-10-25 15:13:06 -06:00
JacobBarthelmeh 6538ed1c39 coverity fix for CID 327268 2023-10-25 09:52:35 -06:00
JacobBarthelmeh b46545315c fix for possible null dereference warning 2023-10-25 08:44:11 -06:00
JacobBarthelmeh d801dc1c85 Merge pull request #6906 from SparkiDev/pkcs8_info_free_fix
ProcessBuffer: fix free call
2023-10-25 08:38:56 -06:00
JacobBarthelmeh 6d8136c63e Merge pull request #6896 from SparkiDev/rsa_to_bin_len_ct
RSA: convert to bin with length in constant time
2023-10-25 08:34:37 -06:00
Sean Parkinson d87cd2cc05 ProcessBuffer: fix free call
'info' was freed before use when OPENSSL_EXTRA is defined.
2023-10-25 17:23:04 +10:00
András Fekete 5da7efacc9 Merge pull request #6894 from julek-wolfssl/fix-possible-hang
Fix static analyzer possible leak
2023-10-24 09:13:58 -04:00
András Fekete a74228b5b0 Merge pull request #6904 from julek-wolfssl/suites-allocation
Don't try to allocate 0 size suites copy. Fixes `--enable-trackmemory --enable-smallstack CFLAGS="-DALT_ECC_SIZE" --enable-opensslextra` errors.
2023-10-24 09:07:42 -04:00
Juliusz Sosinowicz dc5a246fdd Do NULL check in FreeCRL 2023-10-24 10:31:17 +02:00
Juliusz Sosinowicz 8f60fb0053 Advance pointer in wolfSSL_i2d_X509 2023-10-24 10:25:06 +02:00
Juliusz Sosinowicz 4aad7589d6 Don't try to allocate 0 size suites copy 2023-10-24 10:10:08 +02:00
Sean Parkinson 13cadbbe55 Merge pull request #6903 from douzzer/20231021-fix-null-derefs
20231021-fix-null-derefs
2023-10-24 13:12:09 +10:00
JacobBarthelmeh 1de048826e Merge pull request #6895 from bigbrett/ios-ca-api
Fix WOLFSSL_SYS_CA_CERTS bug on Apple devices
2023-10-23 07:57:08 -06:00
Juliusz Sosinowicz 3c5d3c0fa9 bwrap ocsp renew script 2023-10-23 15:53:42 +02:00
gojimmypi 1a113c5429 Espressif add TLS Client/Server local user_settings.h 2023-10-22 16:59:54 +02:00
gojimmypi 8eaf09d7a0 Update Espressif TLS Client/Server CMakeLists.txt 2023-10-22 16:53:56 +02:00
gojimmypi 9fe071fe73 Espressif remove pre-existing /include/user_settings.h during compile all. 2023-10-22 16:21:06 +02:00
Daniel Pouzzner 501299bc31 fix null pointer derefs in examples/pem/pem.c:pemApp_ReadFile() and tests/api.c:LoadPKCS7SignedDataCerts() detected by clang-tidy. 2023-10-21 13:34:04 -05:00
David Garske cf1dcdf402 Fix for adding signature where OID is not found. Currently our AddSignature function will add without OID, which is invalid. For example RSA is disabled and CSR tries to use CTC_SHA256wRSA. The wc_SignCert_ex will succeed and report success, but the CSR/Cert will be invalid (missing sigType OID). 2023-10-20 16:29:59 -07:00
David Garske 6887281361 Fix for ./configure --enable-pkcs7 --disable-rsa && make check. 2023-10-20 16:27:54 -07:00
JacobBarthelmeh 9db828a099 Merge pull request #6898 from SparkiDev/ed25519_g++
Ed25519: add missing C++ directives for C functions
2023-10-20 15:52:12 -06:00
JacobBarthelmeh 5018d6c2bb Merge pull request #6897 from SparkiDev/tls13_psk_one_id_var_decl
TLS 1.3: compiling with WOLFSSL_PSK_ONE_ID fix
2023-10-20 15:48:59 -06:00
JacobBarthelmeh ca2a6d7daa Merge pull request #6878 from SparkiDev/sha256_armv7a_vmov_fix
ARMv7a SHA256: explicit size on vmov
2023-10-20 15:46:58 -06:00
Brett 2387579880 added FIPS warning for Apple native cert validation 2023-10-20 15:40:49 -06:00
Brett dd12e5a39e Fix WOLFSSL_SYS_CA_CERTS bug that accepted intermediate CA certs with invalid
signatures. Also adds --sys-ca-certs to client in unit.test to detect
regressions
2023-10-20 15:40:44 -06:00
Andras Fekete 0925f8ab18 Use 'unsigned char' 2023-10-20 16:16:48 -04:00
Andras Fekete ec0a2f2683 Fix 'negative character value'
In a number of libc implementations, isalpha()/isalnum() is implemented using lookup tables (arrays): passing in a negative value can result in a read underrun.
2023-10-20 16:16:48 -04:00
Juliusz Sosinowicz 8cd6cd175d EVP_EncodeBlock should not append a newline 2023-10-20 13:20:11 +02:00
Sean Parkinson fcf1406675 RSA: convert to bin with length in constant time
Add mp_to_unsigned_bin_len_ct() which puts a number into a buffer with
padding in constant time.
Call mp_to_unsigned_bin_len_ct() in RSA when encoding result of
exponentiation.
2023-10-20 14:04:36 +10:00
Sean Parkinson c88dcac80e Ed25519: add missing C++ directives for C functions
Assembly code has C function names.
Need to tell C++ that these are C function and not to mangle names.
2023-10-20 12:02:51 +10:00
Sean Parkinson ce1e44d5e8 TLS 1.3: compiling with WOLFSSL_PSK_ONE_ID fix
Move use of 'suites' into non-WOLFSSL_PSK_ONE_ID path as variable
declared and used only in that case.
2023-10-20 10:32:45 +10:00
Sean Parkinson 4ac795961b ARMv7a SHA256: explicit size on vmov
For SHA256 using NEON on ARM32, change vmov instruction that is moving
from scalar to general-purpose register to have explicit size (32 bits).
May be needed by some compilers.
2023-10-20 10:21:57 +10:00
JacobBarthelmeh 1abaa94120 Merge pull request #6889 from SparkiDev/sm2_priv_import_range
ECC SM2 import private key: check less than order-1
2023-10-19 17:12:07 -06:00
JacobBarthelmeh 22be42a161 Merge pull request #6885 from bigbrett/aes-eax
Move AesEax definition to aes.h
2023-10-19 16:49:10 -06:00
Juliusz Sosinowicz d13d446c2e Add missing guard 2023-10-19 20:05:59 +02:00
Juliusz Sosinowicz 2ccbdd3a7e Log correct message 2023-10-19 19:07:45 +02:00
Juliusz Sosinowicz cecc5f6b19 Call wc_UnLockRwLock only once 2023-10-19 17:04:41 +02:00
Juliusz Sosinowicz 8a8acbd55f Add log about allocation failure 2023-10-19 17:00:49 +02:00
Juliusz Sosinowicz 2dd8e713f2 Fix static analyzer possible leak
crl would never be null there but clean up code to make sure newcrl->crlLock gets free'd
2023-10-19 16:58:28 +02:00
Eric Blankenhorn 962e35aa24 Add error reporting to loadX509orX509REQFromBuffer 2023-10-19 09:31:30 -05:00
Sean Parkinson abd7bb3ac3 ECC SM2 import private key: check less than order-1
SM2 curves must have private key less than order-1 instead of order.
2023-10-19 17:29:25 +10:00
Juliusz Sosinowicz 1ae248018f Implement untrusted certs in wolfSSL_X509_STORE_CTX_init 2023-10-18 22:24:19 +02:00
JacobBarthelmeh a3bf7a66a4 Merge pull request #6886 from julek-wolfssl/openvpn-master-fix
Define SSL_get_peer_tmp_key
2023-10-18 13:17:15 -06:00
David Garske 22ab21749c Merge pull request #6869 from bigbrett/ios-ca-api
Add support for new Apple trust APIs with WOLFSSL_SYS_CA_CERTS
2023-10-18 10:29:41 -07:00
Juliusz Sosinowicz f99c7cbb21 Define SSL_get_peer_tmp_key 2023-10-18 19:24:11 +02:00