wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 18:19:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,639 Commits 12 Branches 184 Tags
f19b426a3fa85d3c8dcc5fcad9b2157817cdd310
Commit Graph

1147 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
9763030675 Merge pull request #4845 from cconlon/pkcs7compat 2022-03-21 15:26:37 +01:00
Chris Conlon
582f0d82e4 address review feedback for PKCS7 compat additions 2022-03-18 12:07:44 -06:00
JacobBarthelmeh
bfee3dffc6 Merge pull request #4967 from dgarske/pubkey_size 
Fix for `wc_EccPublicKeyToDer` incorrectly requiring too much buffer
 2022-03-18 09:22:52 -06:00
David Garske
bb27fa4555 Fix for wc_EccPublicKeyToDer incorrectly requiring too much buffer. Merge error included old ASN code and incorrectly excluded ASN template. ZD13904. 2022-03-17 18:51:37 -07:00
David Garske
b546b2a5ec Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID. 2022-03-17 14:48:30 -07:00
Chris Conlon
ce514e6fc5 add PKCS7_sign, PKCS7_final, SMIME_write_PKCS7. add signer cert verify support to PKCS7_verify, support for PKCS7_TEXT, PKCS7_DETACHED, PKCS7_STREAM 2022-03-15 10:21:22 -06:00
Daniel Pouzzner
4966eb7897 Merge pull request #4944 from douzzer/20220310-asn-template-EncodeExtensions-overrun 
wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions() and leak in ParseCRL_Extensions()
 2022-03-13 21:21:07 -05:00
Sean Parkinson
20562b3f78 DecodeNameConstraints (ASN Template): free ASNGetData 2022-03-14 09:14:19 +10:00
Sean Parkinson
c3eab0dcdd Fixes from sanitizer build 
Fix OID index in SetNameRdnItems for multi attributes.
Stop warning about strncpy to small.
Fix casting in ASN1_SIMPLE to use consistent type.
 2022-03-11 14:27:50 +10:00
David Garske
570daa6a7f Enable support for STM32U585 and PQ on M4 2022-03-10 14:19:01 -05:00
Daniel Pouzzner
227804f034 wolfcrypt/src/asn.c: in ParseCRL_Extensions(), add missing FREE_ASNGETDATA(). 2022-03-10 11:45:37 -06:00
Daniel Pouzzner
170b125b39 wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions(), due to faulty iteration limit calculation, when smallstack build. 2022-03-10 09:38:19 -06:00
Sean Parkinson
6b7f0d4ee7 Merge pull request #4905 from anhu/custom_ext_parse 
Injection and parsing of custom extensions in X.509 certificates.
 2022-03-10 10:39:05 +10:00
Anthony Hu
98f733767b Use MAX_OID_SZ 2022-03-09 17:20:50 -05:00
Anthony Hu
b043225dbd Fixes inspired by review by SparkiDev. 2022-03-09 13:39:53 -05:00
Anthony Hu
2cbe28fcf9 Sequences are constructed 2022-03-07 18:50:38 -05:00
David Garske
0c3b9c733f Fixes for KCAPI ECDH/DH and page alignment. ZD 13763 2022-03-04 15:06:16 -08:00
Anthony Hu
3ad94c63f5 Pass the tests! 2022-03-03 17:02:26 -05:00
Anthony Hu
7ec61dfe05 Make jenkins happy 2022-03-03 15:44:00 -05:00
David Garske
2567cd5e5a Merge pull request #4912 from julek-wolfssl/ZD13742 
Check `input` size in `DecodeNsCertType`
 2022-03-03 08:22:49 -08:00
Anthony Hu
949f8b5be1 Revert back to word16 API. 2022-03-03 10:41:05 -05:00
Anthony Hu
a54045113a fixes from review by dgarske 2022-03-02 17:39:15 -05:00
Anthony Hu
0053bd3af1 Now we can inject as wellgit checkout custom_ext_parse 2022-03-02 15:16:39 -05:00
Juliusz Sosinowicz
f846aceee2 Check input size in DecodeNsCertType 2022-03-02 17:17:17 +01:00
Sean Parkinson
8b24be04e8 ASN PemToDer: remove padding when AES_CBC encrypted 2022-03-02 11:33:44 +10:00
Anthony Hu
cb95aed41b Parsing of custom extensions in X.509 certificates. 2022-02-28 16:35:19 -05:00
David Garske
ce6b6951d2 Fix issue with missing OID's for ASN template. 2022-02-25 14:23:01 -08:00
David Garske
ae1072afad Cleanup mess of ASN_NAME_MAX. 2022-02-25 14:23:01 -08:00
David Garske
a2381ba954 Adds CSR userId support in subject name. Minor build fixes for ASN template. 2022-02-25 14:22:59 -08:00
David Garske
08d1e5cb60 Merge pull request #4897 from anhu/bad_macro 
Correct bad macros
 2022-02-25 14:18:57 -08:00
Anthony Hu
1a9faa1f7e fix suggested by dgarske 2022-02-25 14:00:07 -05:00
Anthony Hu
997a3aabc6 Correct bad macros 2022-02-25 13:19:35 -05:00
Sean Parkinson
bb50777f1a ASN template: handle short OIDs 
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
 2022-02-24 15:36:56 +10:00
Lealem Amedie
f9ff551992 Fix for OpenSSL x509_NAME_hash mismatch 2022-02-04 16:59:51 -08:00
Lealem Amedie
e135ea7338 Fix for certreq and certgen options with openssl compatability 2022-01-28 12:39:00 -08:00
David Garske
50e3565df6 Merge pull request #4779 from SparkiDev/dyn_cert 
Cert: allow allocation of fields even with WOLFSSL_NO_MALLOC
 2022-01-24 14:17:41 -08:00
Sean Parkinson
1dd213db76 ParseCert: check index in DecodeSubtree before accessing tag 2022-01-24 12:30:48 +10:00
Daniel Pouzzner
bfada558bd remove extraneous build gates and fix whitespace justification in a comment (peer review re PR #4772). 2022-01-21 01:26:44 -06:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Sean Parkinson
1af3ea56c8 Cert: allow allocation of fields even with WOLFSSL_NO_MALLOC 
subjectCN and publicKey in a DecodedCert are needed by the certificate
store in some cases. For embedded, allow them to be allocated even with
WOLFSSL_NO_MALLOC defined.
 2022-01-20 16:16:09 +10:00
Hayden Roche
1b0926a3b8 Add time callback functionality. 
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
 2022-01-17 17:49:51 -08:00
Daniel Pouzzner
11f72877a2 wolfcrypt/src/asn.c: fixes for cppcheck complaints: invalidPrintfArgType_uint nullPointerRedundantCheck 2022-01-08 00:29:09 -06:00
John Safranek
66ade8006b Fix a couple typos in asn.c 2022-01-05 10:24:25 -08:00
Jacob Barthelmeh
5a4e59c09d fix warning about NULL compare 2021-12-27 10:02:16 -07:00
Sean Parkinson
4c6af465c4 ASN template: get compiling 2021-12-24 11:21:18 +10:00
Chris Conlon
8670e33baf Merge pull request #4651 from TakayukiMatsuo/tsip_sce 2021-12-22 15:00:32 -07:00
Juliusz Sosinowicz
618599656f items needs to be initialized as the compiler complains 2021-12-22 10:42:48 +01:00
TakayukiMatsuo
cd96330f2a Integrate Renesas TSIP specific code into Renesas common logics 2021-12-22 13:18:32 +09:00
Juliusz Sosinowicz
dd9b1afb72 Remove magic numbers from WOLFSSL_ASN_TEMPLATE code (#4582) 
* pkcs8KeyASN and other misc asn fixes

- Test fixes for testing with `USE_CERT_BUFFERS_1024`

* intASN

* bitStringASN

* objectIdASN

* algoIdASN

* rsaKeyASN

* pbes2ParamsASN

* pbes1ParamsASN

* pkcs8DecASN

* p8EncPbes1ASN

* rsaPublicKeyASN

* dhParamASN

* dhKeyPkcs8ASN

* dsaKeyASN

* dsaPubKeyASN

- Add `wc_SetDsaPublicKey` without header testing

* dsaKeyOctASN

* rsaCertKeyASN

* eccCertKeyASN

* rdnASN

* certNameASN

* digestInfoASN

* otherNameASN

* altNameASN

* basicConsASN

* crlDistASN

* accessDescASN

* authKeyIdASN

* keyUsageASN

* keyPurposeIdASN

* subTreeASN

* nameConstraintsASN

* policyInfoASN

* certExtHdrASN

* certExtASN

* x509CertASN

* reqAttrASN

* strAttrASN

* certReqASN

* eccPublicKeyASN

* edPubKeyASN

* ekuASN

* nameASN

* certExtsASN

* sigASN

* certReqBodyASN_IDX_EXT_BODY

* dsaSigASN

* eccSpecifiedASN

* eccKeyASN

* edKeyASN

* singleResponseASN

* respExtHdrASN

* ocspRespDataASN

* ocspBasicRespASN

* ocspResponseASN

* ocspNonceExtASN

* ocspRequestASN

* revokedASN

* crlASN

* pivASN

* pivCertASN

* dateASN

* `wc_SetDsaPublicKey` was not including `y` in the sequence length

* All index names changed to uppercase

* Shorten names in comments

* Make sure extensions have sequence header when in cert gen

* Fix/refactor size calc in `SetNameEx`

* Pad blocks for encryption

* Add casting for increased enum portability

* Use stack for small ASN types
 2021-12-22 11:28:01 +10:00
Anthony Hu
7d4c13b9a4 --with-liboqs now defines HAVE_LIBOQS and HAVE_PQC 
AKA: The Great Rename of December 2021
 2021-12-20 11:48:03 -05:00