wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 02:29:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,288 Commits 12 Branches 184 Tags
f9ff551992abf7cb7ed8e6771585bb7df23b1176
Commit Graph

5914 Commits

Author SHA1 Message Date
Lealem Amedie
f9ff551992 Fix for OpenSSL x509_NAME_hash mismatch 2022-02-04 16:59:51 -08:00
David Garske
1f8ff7d9fe Merge pull request #4822 from embhorn/zd13613 
Fix warnings in VS
 2022-02-04 15:37:31 -08:00
David Garske
2d184348fb Merge pull request #4825 from embhorn/gh4815 
Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM
 2022-02-04 10:42:40 -08:00
Eric Blankenhorn
a0444bf72f Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM 2022-02-03 16:52:08 -06:00
Eric Blankenhorn
7b2e457d04 Fix VS unreachable code warning 2022-02-03 15:53:35 -06:00
Hayden Roche
fab2e99bff Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback. 
At the start of this function, it attempts to find an ALPN extension in the
ssl object's extensions with `TLSX_Find`. If an ALPN select callback has been
set (i.e. via `wolfSSL_CTX_set_alpn_select_cb`), that gets called next. If that
callback finds a match, it removes all existing ALPN extensions found in the
ssl object. It then uses the new protocol name like this:

```
if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap)
                                                           == WOLFSSL_SUCCESS) {
    if (extension == NULL) {
        extension = TLSX_Find(ssl->extensions,
                              TLSX_APPLICATION_LAYER_PROTOCOL);
    }
}
```

The bug is exposed if `extension` is not NULL, i.e. it was found on that initial
`TLSX_Find` call. `extension` is not NULL but it now points to garbage because
all the old ALPN extensions were just removed. It won't have it's value assigned
to the new extension that just got pushed via `TLSX_UseALPN` because of this
NULL check. This results in a segfault later in the function.

The solution is to remove the NULL check and always update `extension` after the
`TLSX_UseALPN` call.

This bug was discovered by a customer when using nginx + wolfSSL. I was able to
reproduce locally with curl acting as the client
 2022-02-03 09:36:18 -08:00
Eric Blankenhorn
f0b953ce0c Fix warnings in VS 2022-02-03 07:19:43 -06:00
David Garske
d3e3f57b77 Merge pull request #4818 from julek-wolfssl/guido-13454 
`object` and `value` need to be `free`'ed
 2022-02-02 16:04:39 -08:00
David Garske
17eee2ba0c Merge pull request #4817 from julek-wolfssl/ZD13495 
ZD13495
 2022-02-02 15:54:08 -08:00
Juliusz Sosinowicz
97dd974a94 object and value need to be free'ed 2022-02-02 23:13:59 +01:00
David Garske
28d3292a16 Merge pull request #4811 from haydenroche5/dh_get_2048_256 
Add DH_get_2048_256 to compatibility layer.
 2022-02-02 12:12:34 -08:00
David Garske
0618b69b6d Merge pull request #4816 from julek-wolfssl/ok-error 
For `0` OpenSSL prints "ok"
 2022-02-02 12:10:35 -08:00
Juliusz Sosinowicz
d5b294edc4 ZD13495 
- `wolfSSLeay_version` now returns the version of wolfSSL
- `wolfssl/openssl/crypto.h` was not enveloped in a `extern "C"` wrapper
 2022-02-02 17:38:36 +01:00
Hayden Roche
c629c3fcaa Add DH_get_2048_256 to compatibility layer. 2022-02-02 07:59:17 -08:00
Juliusz Sosinowicz
1552e89810 For 0 OpenSSL prints "ok" 2022-02-02 15:54:21 +01:00
Sean Parkinson
641576390d wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework 
wolfSSL_BIO_dump(): fix output format and make iterative
wolfSSL_OBJ_obj2txt(): make iterative, test and rework.
 2022-02-02 12:43:06 +10:00
Chris Conlon
59ea65bad3 Merge pull request #4809 from haydenroche5/asn1_int 2022-02-01 13:44:32 -07:00
David Garske
99799a3e3e Merge pull request #4806 from anhu/kill_idea 
Purge IDEA cipher
 2022-02-01 12:27:55 -08:00
Hayden Roche
24a2ed7e9e Merge pull request #4780 from dgarske/ipsec_racoon 2022-01-31 15:10:58 -08:00
Anthony Hu
9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
David Garske
ecb3f215b5 Merge pull request #4808 from lealem47/certreq 
Fix for certreq and certgen options with openssl compatability
 2022-01-31 10:16:22 -08:00
David Garske
5bdaf44354 Merge pull request #4774 from anhu/kill_rabbit 
Purge Rabbit cipher
 2022-01-31 09:17:23 -08:00
Hayden Roche
6b71289ae1 Add new ASN1_INTEGER compatibility functions. 
This commit adds:

- wolfSSL_i2d_ASN1_INTEGER
- wolfSSL_d2i_ASN1_INTEGER
- wolfSSL_ASN1_INTEGER_cmp
 2022-01-29 17:01:16 -08:00
Lealem Amedie
f608b1a731 macro logic fix 2022-01-28 13:54:13 -08:00
Lealem Amedie
e135ea7338 Fix for certreq and certgen options with openssl compatability 2022-01-28 12:39:00 -08:00
David Garske
40fff86807 Merge pull request #4801 from tmael/cert_rr 
cert subset improvements
 2022-01-28 11:00:55 -08:00
Anthony Hu
b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
David Garske
c69010adef Peer review feedback. 2022-01-28 09:21:03 -08:00
David Garske
6615f019f5 Improved HMAC_Init error logging and code comment for FIPS failure on wc_HmacSetKey call. 2022-01-28 09:21:03 -08:00
David Garske
80ae237852 Fixes for building with ipsec-tools/racoon and openvpn: 
* Fix for `EVP_CIPHER_CTX_flags`, which mapped to a missing function (broke openvpn)
* Added stack of name entries for ipsec/racoon support.
* Added `X509_STORE_CTX_set_flags` stub.
* Added PKCS7 NID types.
* Improved FIPS "SHA" logic in `test_wolfSSL_SHA`
* Added some uncommon NID type definitions.
* Expose the DH `DH_set_length` and `DH_set0_pqg` with OPENSSL_ALL
 2022-01-28 09:21:03 -08:00
John Safranek
1465f99b12 Merge pull request #4734 from haydenroche5/fips_v5_des3 
Allow DES3 with FIPS v5-dev.
 2022-01-27 15:07:22 -08:00
Tesfa Mael
1c1bd413e0 cert subset SHA2-256, ecc-256, cert gen, cryptocb 2022-01-26 17:11:00 -08:00
Daniel Pouzzner
85da17bcf8 src/ssl.c: fix argument name in openssl compat layer wrappers of hash final funcs in ssl.c (use "output", not "input"). 2022-01-26 00:27:45 -06:00
Daniel Pouzzner
1e3516d924 src/ssl.c: implement wolfSSL_SHA512_224_Transform() and wolfSSL_SHA512_256_Transform(). 2022-01-26 00:27:07 -06:00
Daniel Pouzzner
7c9f4911c3 src/wolfio.c: protect __GLIBC__ comparison with defined(__GLIBC__). 2022-01-26 00:22:13 -06:00
Hayden Roche
58789991f9 Allow DES3 with FIPS v5-dev. 2022-01-24 15:18:44 -08:00
Daniel Pouzzner
a718637c6f AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2). 2022-01-24 11:44:16 -06:00
Daniel Pouzzner
2955d7339e remove a debugging printf, fix whitespace/indentation, and add a comment re gethostbyname_r buffer size. 2022-01-21 13:00:22 -06:00
Daniel Pouzzner
4f9d0b7ea7 fix whitespace. 2022-01-21 01:26:44 -06:00
Daniel Pouzzner
bfada558bd remove extraneous build gates and fix whitespace justification in a comment (peer review re PR #4772). 2022-01-21 01:26:44 -06:00
Daniel Pouzzner
10b8f56fec wolfio.c: in wolfIO_TcpConnect(), test for usability of gethostbyname_r by (__GLIBC__ >= 2) && defined(__USE_MISC), not defined(__GNUC__). 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
bb07d0a490 wolfio.c: refactor wolfIO_TcpConnect(() to use gethostbyname_r() if GNUC && !SINGLE_THREADED, for thread safety. 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Sean Parkinson
848f5eeb0c Merge pull request #4755 from dgarske/dtls_srtp 
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
 2022-01-21 10:43:47 +10:00
David Garske
427b67d51b Merge pull request #4756 from kareem-wolfssl/noBio 
Fix building with OPENSSL_EXTRA and NO_BIO defined.
 2022-01-20 10:41:22 -08:00
Marco Oliverio
40f573df72 dtls-srtp: NIT: fix EKM size in comments 2022-01-20 16:55:44 +01:00
Marco Oliverio
d5aa76b161 dtsl-srtp: use PRF according to the DTLS version used 
RFC 5764 sec 4.1.2
 2022-01-20 16:55:30 +01:00
Marco Oliverio
cdb2936244 dtls-srtp: PRF: fix correct order of client/server random in seed 
see RFC 5705 Section 4
 2022-01-20 16:12:04 +01:00
David Garske
609d6442b1 Merge pull request #4753 from SparkiDev/siphash 
Add SipHash algorithm
 2022-01-19 18:51:44 -08:00
Sean Parkinson
a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00