Commit Graph

7160 Commits

Author SHA1 Message Date
David Garske 23c60b7b9c Merge pull request #6530 from SparkiDev/tests_api_expect_5
Test api.c: change more tests to use Expect instead of Assert
2023-06-26 16:10:52 -07:00
Sean Parkinson 578f56e60c Test api.c: change more tests to use Expect instead of Assert
bio.c:
  wolfSSL_BIO_flush(): check allocation to bio->ip succeeded.

internal.c:
  InitSSL_Ctx(): set ctx->heap to heap if value passed in
ProcessPeerCerts(): check for error MEMORY_E too as a fatal parsing
error

ssl.c:
wolfSSL_shutdown(): SOCKET_ERROR_E is also an indication that the
socket is done, MEMORY_E is a fatal error
  wolfSSL_Cleanup(): move free of memory fail couting to wolfSSL API
  SessionTicketNoncePrealloc(): eror return must be non-zero
AddSessionToCache(): XFREE checks for NULL no need to do it before
call
wolfSSL_set_psk_use_session_callback(): ensure ssl is not NULL before
dereferencing
wolfSSL_SMIME_read_PKCS7(): check for error return from
wolfSSL_BIO_gets()

asn.c:
  wc_MIME_parse_headers(): check allocation succeeded into nextHdr

compress.c:
  wc_DeCompressDynamic(): free tmp on inflateInit2 failure

memory.c: rework where memory allocation failure counting code for when
WOFLSSL_STATIC_MEMORY is defined

wc_port.c:
wolfCrypt_Cleanup(): only call wc_MemFailCount_Free() when no
wolfSSL_Cleanup()
2023-06-27 08:01:33 +10:00
JacobBarthelmeh 18032cdc40 Merge pull request #6535 from dgarske/wpas_small
Fix for `--enable-wpas=small`
2023-06-23 16:19:31 -07:00
David Garske 514ea2d0b1 Merge pull request #6510 from mitchcapper/win32_better_socket_error_msg_pr
Added For TranslateIoError in debug mode use FormatMessage to get a better error message
2023-06-23 15:33:34 -07:00
David Garske af0facad9f Fix for --enable-wpas=small. 2023-06-23 14:25:39 -07:00
Mitch Capper 6185d66b01 For TranslateIoError use FormatMessage to get a better error message on win32 2023-06-23 14:05:38 -07:00
lealem47 06c1dd171a Merge pull request #6466 from dgarske/keilmdk
Fixes and cleanups for Keil MDK examples
2023-06-23 08:41:04 -06:00
David Garske 746ac3c9a3 Merge pull request #6533 from anhu/no_data_junk
make sure that when TLSX_ALPN_GetRequest() returns, data and dataSz...
2023-06-22 22:11:02 -07:00
David Garske a56fe30c2c Fixes and cleanups for Keil MDK examples. Combine duplicate user_settings.h. Use SP math all by default. Disable old/deprecated algorithms. Add CMSIS RTOS timer support for TLS and benchmark. 2023-06-22 16:48:17 -06:00
Anthony Hu 3e821c6f2b make sure that when TLSX_ALPN_GetRequest() returns data and dataSz are not pointing to junk. 2023-06-22 15:01:11 -04:00
jordan 2be3bb4c56 Fix ThreadSanitizer unlock of an unlocked mutex warning 2023-06-22 13:23:08 -05:00
David Garske 6697181081 Merge pull request #6500 from SparkiDev/tests_api_expect_4
Test api.c: change more tests to use Expect instead of Assert
2023-06-21 17:17:37 -07:00
Kareem 75c8d87353 Fix trusted_ca_keys extension allowed logic. 2023-06-21 15:35:29 -07:00
Sean Parkinson e467112a93 Test api.c: change more tests to use Expect instead of Assert
Changed EXPECT_DECL to start of as TEST_SKIPPED.
Modified other EXPECT macros appropriately.
Change test functions to not use 'res' when EXPECT_DECL is used.

memory.c:
  wc_MemFailCount_Init(): don't declare variable after a statement

conf.c:
wolfSSL_TXT_DB_read(): free the whole WOLFSSL_TXT_DB on failure
instead of just the memory
wolfSSL_CONF_add_string(): pop the value added into section->value
(sk) if it can't be pushed onto conf->data
  wolfSSL_NCONF_load(): free the new value if it wasn't able to be added

ocsp.c:
  wolfSSL_OCSP_cert_to_id():
free the decoded certificate if parsing failed (is freed after use
otherwise)
free the certificate id on failure and make it NULL and continue
freeing other variables

pk.c:
wolfSSL_RSA_set0_crt_params(): set dmp1, dmq1 and iqmp fields to NULL
if setting the internal failed - returns error and caller needs to free
the passed in BNs
wolfSSL_RSA_set0_factors(): set p and q fields to NULL if setting the
internal failed - returns error and caller needs to free the passed in
BNs
wolfSSL_RSA_set0_key(): set n, e abd d fields to NULL if setting the
internal failed - returns error and caller needs to free the passed in
BNs

x509.c:
wolfSSL_X509_set_serialNumber(): explicit NULL
checkwolfSSL_X509_REQ_add1_attr_by_NID(): check whether push succeeded
and on failure free attribute

asn.c:
ConfirmSignature(): for DSA, allocate separately to ensure no leak on
memory allocation failure.

dh.c:
wc_DhGenerateParams(): ensure tmp and tmp2 are able to be cleared on
error

evp.c:
wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(): fix realloc use to no leak on
failure
  wolfSSL_EVP_CIPHER_CTX_iv_length(): handle ctx being NULL.
2023-06-22 08:21:17 +10:00
David Garske 9204101e94 Merge pull request #6517 from douzzer/20230615-opensslextra-wolfSSL_ERR_reason_error_string
20230615-opensslextra-wolfSSL_ERR_reason_error_string
2023-06-21 11:06:51 -07:00
Sean Parkinson beef8b0014 outputBuffer - use idx field
dtls13.c:
Change end of outputBuffer data calculations to use function
GetOutputBuffer().
  Use idx when calculating unused byte count of outputBuffer.

internal.c:
Change end of outputBuffer data calculations to use function
GetOutputBuffer().
  Use GetOutputBuffer() to calculate end of data in outputBuffer.
  GrowOutputBuffer():
Calculate new size to allocate to include already written data in
case of static buffer.
    Copy all data including already written count (idx).
  CheckAvailableSize():
    Don't subtract idx from length when checking MTU size.
Do subtract idx from bufferSize to determine count of unused bytes
in outputBuffer.
2023-06-16 10:29:52 +10:00
Daniel Pouzzner 970663f8a1 in wolfSSL_ERR_reason_error_string(), unconditionally convert positive error codes to negative, and in switch(), match against negated values of OpenSSL positive codes like WOLFSSL_ERROR_WANT_READ. fixes #6514 2023-06-15 17:42:03 -05:00
JacobBarthelmeh 5b81dc47d2 adjust location used for writing to output buffer 2023-06-14 21:01:12 -07:00
JacobBarthelmeh 9e0c13bbdb sanity check on send fatal alert return 2023-06-14 11:08:56 -07:00
JacobBarthelmeh 938a48d9b1 sanity check on socket return value for timeout with DTLS13 2023-06-08 02:37:21 -06:00
JacobBarthelmeh 4a4a769512 check on allocation of new node before dereferencing 2023-06-07 15:20:23 -06:00
JacobBarthelmeh 84979900a7 avoid use after free in error case 2023-06-07 15:13:13 -06:00
JacobBarthelmeh 14990ad92d set return bio to null after free on error 2023-06-07 15:05:52 -06:00
JacobBarthelmeh ebc62f8d17 clear extension string and avoid potential double free 2023-06-07 14:41:47 -06:00
JacobBarthelmeh d796aa12fc free up memory with othername object on error 2023-06-07 13:29:41 -06:00
JacobBarthelmeh c399fba4ce set ext pointer to null after free'ing it 2023-06-07 13:23:43 -06:00
JacobBarthelmeh 8583cc65fa Merge pull request #6471 from SparkiDev/tests_api_expect_3
Test api.c: change more tests to use Expect instead of Assert
2023-06-07 11:22:23 -06:00
JacobBarthelmeh 1445a6a832 Merge pull request #6482 from SparkiDev/regression_fixes_7
Regression testing fixes
2023-06-07 11:18:36 -06:00
JacobBarthelmeh 2b054e223b Merge pull request #6483 from SparkiDev/cppcheck_fixes_10
cppcheck: fixes from scan
2023-06-07 11:13:53 -06:00
Sean Parkinson ed01b14356 cppcheck: fixes from scan
wolfssl_sce_unit_test.c:
  sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
  wolfSSL_i2t_ASN1_OBJECT(): done is not needed
  MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
  Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
  KcapiRsa_Decrypt(): fix ret check by using else
  KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
  KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
  XFREE checks for NULL

Reduce scope of varialbes.
Condition same.
2023-06-07 17:27:51 +10:00
John Safranek d67ce722ff Merge pull request #6476 from kareem-wolfssl/dtlsBlankCert
Send blank certificate message in DTLS when no client cert is loaded.
2023-06-06 22:43:01 -07:00
Sean Parkinson b07c5d7ce8 Regression testing fixes
Fix: ./configure --disable-shared  --enable-smallstack --enable-all
CFLAGS=-DNO_ASN_TIME

Don't compile mp_test when compiling for SP Math All and RSA
verification only - very few functions available.

ssl.c:
wolfSSL_Rehandshake(): wolfSSL_UseSessionTicket only available when
not NO_WOLFSSL_CLIENT
api.c:
  test_wolfSSL_ticket_keys(): meant to be tested on server
2023-06-07 14:26:45 +10:00
Sean Parkinson e542e51d9f Test api.c: change more tests to use Expect instead of Assert
bio.c:
  wolfSSL_BIO_push(): handles NULL for top and append.

crl.c:
InitCRL_Entry(): set toBeSigned to NULL after freeing when allocation
fails.
  AddCRL(): free CRL entry properly on error.
wolfSSL_X509_STORE_add_crl(): check for NULL after
wolfSSL_X509_crl_new call.

ssl.c:
wolfSSL_CertManagerGetCerts(): free the certificate if it didn't get
pushed onto stack
  wolfSSL_RAND_Init(): returns success if global already initialized.

ssl_asn1.c: wolfSSL_ASN1_TYPE_set now avaiable when OPENSSL_EXTRA
defined for function wolfssl_dns_entry_othername_to_gn().

x509.c:
Added support for creating a valid General Name of type GEN_OTHERNAME.
Extracted some code out into wolfssl_x509_alt_names_to_gn().
  wolfSSL_X509_set_ext(): free data correctly on errors
wolfSSL_X509_PUBKEY_set(): free str if DSA parameters cannot be
retrieved; wolfSSL_OBJ_nid2obj() called separately to handle when
returning NULL.
wolfSSL_X509_NAME_copy(): check for failure when
wolfSSL_X509_NAME_add_entry() is called.

x509_str.c:
wolfSSL_X509_STORE_CTX_new(): check for error from calling
wolfSSL_X509_STORE_CTX_init().
wolfSSL_X509_STORE_get0_objects(): don't double free x509; free memory
correctly on error
2023-06-07 14:10:42 +10:00
JacobBarthelmeh ee289fdf89 Merge pull request #6429 from embhorn/zd16184
Allow wolfSSL_RAND_Init to pass if already initialized
2023-06-06 16:23:42 -06:00
Daniel Pouzzner 3b48bc97ed Merge pull request #6381 from SparkiDev/type_conversion_fixes_1
Fix type conversion warnings by gcc
2023-06-06 11:25:31 -05:00
Sean Parkinson 3230d27700 Merge pull request #6436 from lealem47/sanitizer
Miscellaneous fixes for sanitizer
2023-06-06 11:55:52 +10:00
Kareem ebac138e77 Send blank certificate message in DTLS when no client cert is loaded. 2023-06-05 10:49:42 -07:00
Marco Oliverio e53453a7ed fix: add guards to compile w !HAVE_SUPPORTED_CURVES && NO_CERTS
This configuration can be used to build a static PSK only build
2023-06-05 16:13:11 +00:00
JacobBarthelmeh 35e59a3569 Merge pull request #6456 from SparkiDev/tests_api_expect_2
Test api.c: change more tests to use Expect instead of Assert
2023-06-01 10:29:52 -06:00
Chris Conlon 806c75d28b Merge pull request #6450 from miyazakh/fix_jenkins_android
fix to cast diff type, int and uint
2023-06-01 08:33:02 -06:00
Sean Parkinson 7259351a3f Test api.c: change more tests to use Expect instead of Assert
Added a new version of 'nofail' handshaking that doesn't use threads.
More tests can be run in single threaded.

Changed tests over to use test_wolfSSL_client_server_nofail() or
test_wolfSSL_client_server_nofail_memio() to simplfy test cases.

Changed tests to use Expect.

CRL:
BufferLoadCRL wasn't freeing allocated data when currentEntry
couldn't be allocated.

ssl.c:
DecodeToX509(): Needs to call FreeDecodedCert even if
ParseCertRelative fails.
wolfSSL_PEM_read_PUBKEY(): Need to check result of
wolfSSL_d2i_PUBKEY is NULL rather than the passed in WOLFSSL_EVP_PKEY.

X509:
wolfSSL_X509_set_ext(): Must free allocated WOLFSSL_X509_EXTENSION
if not pushed on to stack regardless of stack being NULL.
wolfSSL_X509V3_EXT_i2d(): Don't free asn1str on error as it is the
data passed in.
wolfSSL_i2d_X509_NAME_canon(): free names and cano_data when call to
wolfSSL_ASN1_STRING_canon() fails.

PKCS7:
    wc_PKCS7_InitWithCert(): Check memory allocation of cert for NULL.
2023-06-01 14:22:00 +10:00
Sean Parkinson b62e0b7ceb Fix type conversion warnings by gcc 2023-06-01 14:21:41 +10:00
JacobBarthelmeh 80311975ce Merge pull request #6452 from anhu/no_rsa_sigalgs
For NO_RSA, don't advertise support for RSA.
2023-05-31 13:41:56 -06:00
Hideki Miyazaki 554e6472b5 addressed review comments 2023-05-31 06:54:14 +09:00
jordan 1bdd1cb157 Used codespell and fixed obvious typos in src and wolfssl. 2023-05-30 11:36:43 -05:00
Anthony Hu ea6155c924 For NO_RSA, don't advertise support for RSA. 2023-05-30 12:34:23 -04:00
Hideki Miyazaki 63a5fe3229 fix to cast diff type, int and uint 2023-05-30 17:32:42 +09:00
Sean Parkinson 541ea51ad5 Tests api.c: rework for malloc failure testing
Modified number of tests to not crash on failure and cleanup allocations
on failure.
Added memory fail count option to set which memory allocation to start
failing on.
Fix issues found from testing.

bio.c:
BIO_new() move ref count up so that calls to wolfSSL_BIO_free()
work.
internal.c:
ImportCipherSpecState wasn't checking SetKeySide for failure. Crash
when pointer is NULL and accessed directly.
ocsp.c:
wolfSSL_OCSP_response_get1_basic() doesn't need to free vs->source
as it is freed in WOLFSSL_OCSP_RESPONSE_free().
ssl.c:
ProcessBuffer() Don't strip PKCS#8 header if failed to create DER.
Crasged as directly accessing 'der' which was NULL.
ssl_asn.c:
wolfssl_asn1_integer_require_len was checking wrong variable to see
if allocation failed.
x509,c:
wolfSSL_X509_ALGOR_set0 needs to set aobj only when no failure
possible.
wolfSSL_X509_chain_up_ref needs to call cleanup to ensure everything
is freed.
2023-05-30 12:01:21 +10:00
Sean Parkinson 37c03e3f11 Merge pull request #6442 from embedded-specialties/int-sequence
ASN.1 Integer sequence
2023-05-30 09:37:55 +10:00
Joe Hamman 8fb4e7813b Added braces to support older compilers 2023-05-28 18:59:16 -04:00