1. Changed the ASN1_OBJECT member of the X509_NAME_ENTRY to be a pointer
rather than an object. It could lead to a double free on the name
entry.
2. The ASN1_OBJECT allocator should set the dynamic flag, as the
deallocator is the one that uses it.
3. General changes to treat the member as a pointer rather than a
member.
4. In the api test, we were iterating over the name members in the name
checking the NIDs. After the loop we freed the name member object.
This led to a double free error.
client was checking it too strictly. The pubkey value should be checked
as strictly as the generator, for too large. The public key value is
checked mathematically elsewhere.
1. Changed the bounds of checking the key from comparisons to constants
to comparisons against WOLFSSL object settings for the DH key bounds.
2. Removed redundant bounds check on the server's prime.
1. Check the length values for the DH key domain and public key in the
server key exchange message to make sure they are within the bounds
set by the configuration. (Minimum key size is 2048 bits for DH.)
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
doesn't need to be in the check for weOwnDh before freeing. There
could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
destination buffer should be stored at the location pointed to by the
size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
value before generating or getting the DH keys.
GetPublicDhKey() assumes the ssl session owns the DH public key parts, and
tries to free them. They belong to the CTX initially, so it shouldn't be
freeing them, necessarily.
1. Add a check for weOwnDh first, then free the buffers if needed.
2. If there is a problem reading the keys, free the new buffers before exiting.
3. Set weOwnDh once the buffers and values have been stored
successfully.
Decrypted session ticket using encrypted ticket buffer.
Alignment not correct on platforms requiring 32-bit aligned access.
Copy the decrypted data into temporary for access.
Also zeroize the unencrypted tickets after use.
Digest size compared to key size - P521 has large key size.
Fixed to round down.
Added P-521 keys and certificates.
Added testing of P-521 keys and certificcates to unittest.
If `curLT` then diff needs to be decremented. For example: `diff` = 1 represents last packet so it would be the `window[idx] & (1 << 0)` bit of the window variable.
When handshake message is processed in wolfSSL_peek() then return
WANT_READ from peek instead of blocking waiting for application data.
Server may send an alert if the client certificate is invalid.
The server also may send NewSesionTicket after client has sent finished
message.
To detect alert before handling application data, then the socket needs
to be checked for data. If the data is an alert then wolfSSL_peek() will
handle the alert, but if it is a NewSessionTicket then wolfSSL_peek()
will process it and block waiting for application data - so return
WANT_READ if no application data seen after processing handshake
message.
