mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,717 Commits 5 Branches 162 Tags
Commit Graph

15717 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Masashi Honma
30a01a0758 Fix failure of check at commiting when linuxkm is enabled 
Making check in linuxkm
make[2]: Entering directory '/home/honma/git/wolfssl/linuxkm'
make[2]: warning: -j13 forced in submake: resetting jobserver mode.
make[2]: *** No rule to make target 'check'.  Stop.
make[2]: Leaving directory '/home/honma/git/wolfssl/linuxkm'
make[1]: *** [Makefile:6431: check-recursive] Error 1
make[1]: Leaving directory '/home/honma/git/wolfssl'
make: *** [Makefile:6901: check] Error 2

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-22 05:50:38 +09:00
David Garske
5182e2a8c8
Merge pull request #4580 from kareem-wolfssl/minor_fixes 
Check ssl->arrays in SendClientHello to avoid null dereference.  Allow building with fallthrough defined.
 2021-11-19 16:55:01 -08:00
David Garske
f6c48bf7dc
Merge pull request #4560 from kaleb-himes/OE30-OE31-non-fips-changes 
OE30 and OE31 changes external to FIPS module for NetBSD builds
 2021-11-19 15:49:30 -08:00
David Garske
34346bab4f
Merge pull request #4579 from JacobBarthelmeh/PKCS7 
BER size adjustment with PKCS7
 2021-11-19 14:49:03 -08:00
Kareem
8de281c1d4 Fix minimum clang version for FALL_THROUGH. Not working properly before clang 11. 2021-11-19 15:16:56 -07:00
David Garske
617668b9aa
Merge pull request #4585 from kareem-wolfssl/encryptMacFix 
Fix building Import/ExportOptions with HAVE_ENCRYPT_THEN_MAC undefined.
 2021-11-19 13:45:16 -08:00
Kareem
fd6d479888 Rework ssl and ssl->arrays NULL checks, and add to SendTls13ClientHello as well. 2021-11-19 14:19:27 -07:00
Kareem
72d4dcce0f Fix updated FALL_THROUGH macro. Fix a couple of case statements and remove a trailing whitespace. 2021-11-19 14:13:02 -07:00
Kareem
0772635972 Rework FALL_THROUGH definition to use fallthrough if defined. 2021-11-19 14:06:54 -07:00
Kareem
930e1ac473 Check ssl->arrays in SendClientHello to avoid null dereference. Allow building with fallthrough defined. 2021-11-19 14:06:54 -07:00
Chris Conlon
c3500fa24e
Merge pull request #4581 from miyazakh/max_earlydata 
add get_max_eraly_data
 2021-11-19 09:42:01 -07:00
Sean Parkinson
7e81372131
Merge pull request #4583 from dgarske/zd13242 
Improve `ret` handling in the `ProcessPeerCerts` verify step.
 2021-11-19 10:22:08 +10:00
Kareem
757f3b8105 Fix building Import/ExportOptions with HAVE_ENCRYPT_THEN_MAC undefined. 2021-11-18 16:06:22 -07:00
David Garske
3054f20c6a Improve ret handling in the ProcessPeerCerts verify step. 2021-11-18 14:51:09 -08:00
David Garske
2841b5c93b
Merge pull request #3010 from kaleb-himes/ZD10203 
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
 2021-11-18 14:47:25 -08:00
Hideki Miyazaki
9bc159a5ec
addressed review comment 2021-11-19 07:24:46 +09:00
kaleb-himes
4324cf8f0a Correct cast from uint to uchar 2021-11-18 10:18:25 -07:00
David Garske
e33156d0dc
Merge pull request #4578 from kaleb-himes/OE33_NON_FIPS_CHANGES 
OE33: Fix issues found by XCODE and add user_settings.h
 2021-11-18 06:59:43 -08:00
David Garske
d02e819e4c
Merge pull request #4575 from SparkiDev/dh_enc_fix_2 
ASN: DH private key encoding
 2021-11-18 06:57:40 -08:00
Sean Parkinson
618b9619c5
Merge pull request #4571 from anhu/init_sig_algs 
Uninitialized var.
 2021-11-18 22:46:37 +10:00
Sean Parkinson
db3c0f7829
Merge pull request #4574 from masap/fix-asn1-integer-get 
Fix invalid return value of ASN1_INTEGER_get()
 2021-11-18 17:20:15 +10:00
Hideki Miyazaki
483be08b1f
add definition for early_data_status compat 2021-11-18 14:21:47 +09:00
Daniel Pouzzner
6ba00f66cd
Merge pull request #4573 from ejohnstown/fips-check-fix 
Fix FIPS Check Script
 2021-11-17 21:30:45 -06:00
Hideki Miyazaki
7da0d524ff
add get_max_eraly_data 
support set/get_max_eraly_data compatibility layer
 2021-11-18 09:07:32 +09:00
Sean Parkinson
370570d19b ASN: DH private key encoding 
Proper fix for sequence length when small keys.
 2021-11-18 08:28:49 +10:00
Masashi Honma
4800db1f9d Enable max/min int test even when non 64bit platform 
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-18 06:58:21 +09:00
Masashi Honma
cb3fc0c7ce Fix invalid return value of ASN1_INTEGER_get() 
When DIGIT_BIT is less than SIZEOF_LONG * CHAR_BIT, ASN1_INTEGER_get() can
return invalid value. For example, with trailing program, ASN1_INTEGER_get()
unexpectedly returns -268435449 (0xf0000007) on i386.

On the i386 platform (DIGIT_BIT=28), the input value 0x7fffffff is separated
into 0xfffffff and 0x7 and stored in the dp array of mp_int. Previously,
wolfSSL_BN_get_word_1() returned 0xfffffff shifted by 28 bits plus 0x7, so this
patch fixed it to return 0xfffffff plus 0x7 shifted by 28 bits.

int main(void)
{
    ASN1_INTEGER *a;
    long val;
    int ret;

    a = ASN1_INTEGER_new();
    val = 0x7fffffff;
    ret = ASN1_INTEGER_set(a, val);
    if (ret != 1) {
        printf("ret=%d\n", ret);
    }

    if (ASN1_INTEGER_get(a) != val) {
        printf("ASN1_INTEGER_get=%ld\n", ASN1_INTEGER_get(a));
    }

    ASN1_INTEGER_free(a);

    return 0;
}

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-18 06:58:21 +09:00
Anthony Hu
ab0654bb64 remove something that slipped in 2021-11-17 16:38:30 -05:00
Anthony Hu
39edf8d206 pulled up a line. 2021-11-17 16:38:30 -05:00
Anthony Hu
49c7abb875 Changes suggested by SparkiDev. 2021-11-17 16:38:30 -05:00
Anthony Hu
5c48e74c7f 0xFF 2021-11-17 16:38:30 -05:00
Anthony Hu
0ae0b31509 The following config: 
./configure --with-liboqs --enable-all --disable-psk --enable-intelasm --enable-aesni --enable-sp-math-all --enable-sp-asm CFLAGS="-O3"

Yeilds the following erorr:

src/internal.c: In function ‘DoServerKeyExchange’:
src/internal.c:24487:28: error: ‘sigAlgo’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
24487 |                         if (sigAlgo == ed448_sa_algo &&
      |                            ^

This fixes it.
 2021-11-17 16:38:30 -05:00
kaleb-himes
38ec0bb31f Merge branch 'master' of github.com:wolfssl/wolfssl into OE33_NON_FIPS_CHANGES 2021-11-17 14:02:56 -07:00
David Garske
995ef60ff1
Merge pull request #4577 from kaleb-himes/WINDOWS_AES_OFB_ON 
Turn on AES-OFB mode in windows for FIPS=v5
 2021-11-17 12:20:19 -08:00
kaleb-himes
37db5a9ab3 Add include.am(s) for new file(s) 2021-11-17 12:05:05 -07:00
Jacob Barthelmeh
ddf06b8161 BER size adjustment with PKCS7 2021-11-17 12:03:32 -07:00
kaleb-himes
f638df3575 Fix issues found by XCODE and add user_settings.h 
Disable internal test settings by default
 2021-11-17 11:00:56 -07:00
John Safranek
ef62fab4ea
Update 
1. WIN10 FIPS build should use version 5,2 now.
2. Update the v5-ready build ot use version 5,2.
3. Remove eol-whitespace from the benchmark source.
 2021-11-17 09:19:34 -08:00
Kaleb Himes
c7c682ba2a
Move up to avoid breaking the patch applied for windows 2021-11-17 09:37:26 -07:00
kaleb-himes
dc6ec2b849 Turn on AES-OFB mode in windows for FIPS=v5 2021-11-17 09:22:58 -07:00
John Safranek
158ebcaa0a
Add v5-RC10 to the list of allowed versions 2021-11-16 16:36:38 -08:00
Sean Parkinson
a5e581506e
Merge pull request #4570 from dgarske/android_keystore 
Fixes for building wolfSSL with Android WPA Supplicant and KeyStore
 2021-11-17 08:30:01 +10:00
David Garske
e8e0bc0d49
Merge pull request #4552 from SparkiDev/sp_mod_exp_zero 
SP: mod_exp with exponent of 0 is invalid
 2021-11-16 08:29:13 -08:00
David Garske
2b3ab855dd Fixes for building wolfSSL with Android WPA Supplicant and KeyStore. 2021-11-16 08:27:30 -08:00
Sean Parkinson
33a6b8c779
Merge pull request #4531 from dgarske/cryptocb_aesccm 
Added crypto callback support for AES CCM
 2021-11-16 22:45:11 +10:00
Daniel Pouzzner
ceae7d56fa
Merge pull request #4551 from ejohnstown/aes-ofb 
Add AES-OFB to FIPS boundary
WCv5.0-RC12 WCv5.0-RC11 WCv5.0-RC10 		2021-11-15 22:56:43 -06:00
Daniel Pouzzner
cae3fcb9ce
Merge pull request #4569 from masap/i386-segfault 
dsa.c: fix error-path mp_clear()s on uninitialized mp_ints in wc_DsaSign() and wc_DsaVerify().
 2021-11-15 22:51:23 -06:00
Sean Parkinson
8606788198 SP: mod_exp with exponent of 0 is invalid 
Don't allow exponenetiation by 0 as it is cryptographically invalid and
not supported by the implementation.
Also check for even modulus in mod_exp.
 2021-11-16 11:27:26 +10:00
Masashi Honma
6086728968 Fix possible segfault occurs when mp_clear() is executed for uninitialized mp_int 
If NULL is passed as the digest argument of wc_DsaSign(), mp_clear() will be
called before mp_init() is called. This can cause segmentation fault.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-16 09:57:02 +09:00
Masashi Honma
f621defefe Fix the segfault occurs when mp_clear() is executed for uninitialized mp_int on i386 
test_wc_DsaSignVerify() passes the tests but causes an error.

free(): invalid pointer

If NULL is passed as the digest argument of wc_DsaVerify(), mp_clear() will be
called before mp_init() is called. On qemu-i386, the dp field of the mp_int
structure is non-null by default, which causes a segmentation fault when calling
mp_clear(). However, if WOLFSSL_SMALL_STACK is enabled, this problem does not
occur.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-16 09:56:56 +09:00