2751 Commits

Author SHA1 Message Date
Daniel Pouzzner
c08878ac94 configure.ac: include both -I. and -I$srcdir for "circular dependency" test, so that ${build_pwd}/wolfssl/options.h is found in out-of-tree builds; streamline scripting that dynamically sets $TRIM;
linuxkm/module_exports.c.template: include wolfssl/wolfcrypt/wolfmath.h, to bring in wc_GetMathInfo() prototype;

src/ssl.c: move "Global pointer to constant BN on" to src/ssl_bn.c; and in wolfSSL_Cleanup(), call the new wolfSSL_BN_free_one() rather than using ad hoc cleanup logic;

src/ssl_bn.c: add bn_one and wolfSSL_BN_free_one();

src/ssl_asn1.c: fix bugprone-macro-parentheses in bufLenOrNull(); refactor wolfSSL_ASN1_TIME_diff() to avoid floating point math; use intermediate tm_year variable in wolfssl_asn1_time_to_tm() to avoid target-specific type conflicts on tm->tm_year; use "FALL_THROUGH", not "/* fall-through */", in wolfSSL_ASN1_TYPE_set (clang-diagnostic-implicit-fallthrough);

wolfcrypt/src/ecc.c: fix identicalInnerCondition in ecc_mul2add();

wolfcrypt/src/integer.c: refactor OPT_CAST()s in mp_grow() to unconditional casts as elsewhere, to mollify a confused cppcheck-all-intmath;

tests/api.c: reformat some overlong lines.
2023-04-03 15:49:39 -05:00
Andras Fekete
c56e58db5b Remove TODO+bad tests 2023-03-31 15:51:28 -04:00
Andras Fekete
18f4b45129 Fix object size 2023-03-31 15:44:25 -04:00
Andras Fekete
80a0fb548a Zero buffer size test should be implemented another way 2023-03-31 15:44:13 -04:00
Hideki Miyazaki
27f5f3a3e8
fix overwriting serialnum by favouriteDrink 2023-03-31 15:56:31 +09:00
Sean Parkinson
8489095057 Move ASN.1 APIs out to separate file: ssl_asn1.c
Implementations of ASN.1 APIs reworked.

Added tests.

Added wolfssl_bn_set_neg for ASN.1 code.
Added wolfssl_sk_new_type() and wolfssl_sk_pop_type() to generically
handle creating and popping a stack of elements of a type.

No longer freeing pathlen field of ASN1 OBJECT in
wolfSSL_X509_EXTENSION_free(). This is happening in
wolfSSL_ASN1_OBJECT_free().
Stop wolfSSL_i2d_X509_NAME_canon from double freeing ASN.1 STRING's data
field.

Fixed up GetFormattedTime() to be better code.
Added ASN_CLASS_MASK to mask off the class part of an ASN.1 tag.
NO_ASN_TIME means no implementation to get the current time. Disable
features that won'r work without time.
2023-03-31 09:36:01 +10:00
David Garske
22a5a5c45e Add introspection for math build and math cleanups:
* Add introspection for math build.
* Raise build error if more than one multi-precision math library used.
* Fix ESP32 to support using any multi-precision math option.
* Refactor math headers to use `wolfmath.h`
* Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32).
* Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`.
* Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings.

Applies To:
```
WOLFSSL_ESPWROOM32
WOLFSSL_ESPWROOM32SE
MICROCHIP_PIC32
WOLFSSL_PICOTCP_DEMO
WOLFSSL_UTASKER
WOLFSSL_NRF5x
FREERTOS_TCP
WOLFSSL_TIRTOS
EBSNET
FREESCALE_COMMON
FREESCALE_KSDK_BM
WOLFSSL_DEOS
MICRIUM
WOLFSSL_SGX
```
2023-03-30 14:42:55 -07:00
Lealem Amedie
8e730534d5 Free in drbg test when appropriate 2023-03-29 10:26:59 -06:00
Lealem Amedie
65f97482f3 Missed free's in api.c 2023-03-29 10:16:29 -06:00
Juliusz Sosinowicz
f0ad01f552 Send secure renegotiation extension by default
- Add test for terminating the connection
- Add ProcessReplyEx(ssl, 1) to wolfSSL_accept
2023-03-28 12:43:53 +02:00
JacobBarthelmeh
7e8d027a17
Merge pull request from douzzer/20230321-fixes
20230321-fixes
2023-03-22 10:23:07 -06:00
Daniel Pouzzner
49cd3ff872 wolfssl/internal.h: fixes for -Wpedantic "redefinition of typedef" around typedef ... TLSX and Options;
src/internal.c: fix for -Wdeclaration-after-statement and clang-diagnostic-unreachable-code-break;

tests/api.c: fix for -Wunused-variable and clang-analyzer-deadcode.DeadStores;

olfcrypt/src/pkcs12.c: fixes for cppcheck uselessAssignmentPtrArg and arrayIndexThenCheck, and clang-tidy clang-analyzer-deadcode.DeadStores and clang-analyzer-core.NonNullParamChecker;

wolfssl/src/tls.c: fix for clang-analyzer-deadcode.DeadStores;

wolfcrypt/src/tfm.c: fix for clang-diagnostic-newline-eof;

src/tls13.c: fix for clang-analyzer-core.NonNullParamChecker.
2023-03-21 22:52:56 -05:00
JacobBarthelmeh
147395476f
Merge pull request from SparkiDev/regression_fixes_6
Regression testing fixes
2023-03-21 20:17:30 -06:00
Sean Parkinson
9ec742b11f Regression testing fixes
HAVE_ECH only used by TLS 1.3 add protection around all code.
ssl->options.onlyPskDheKe only available when HAVE_SUPPORTED_CURVES.
CleanupClientTickets() defined when HAVE_SUPPORTED_CURVES.
TLSX_KeyShare_DeriveSecret only defined when HAVE_SUPPORTED_CURVES.
DecodeResponseData - initialize variable single.
New OpenSSL compatibility BN code requires mp_read_radix - turn on in
integer.c, sp_int.c when OPENSSL_EXTRA defined.
rsa.c:_CheckProbablePrime - make sure tmp1 and tmp2 are initialized
before error handling jumps to freeing them.

test_remove_hs_message uses 1024-bit DH key which is not supported when
using SP math with SP.
2023-03-22 08:57:20 +10:00
Sean Parkinson
17e20b8c36 Server ID - long id, TLS 1.3 - cache client session for tickets
Long server IDs were being truncated. Hash long IDs instead.
TLS 1.3 session ticket on client side no longer added session to client
cache. Explicit call added.
2023-03-21 15:29:07 +10:00
JacobBarthelmeh
0e431c3eaa add given name test case 2023-03-17 13:07:15 -07:00
JacobBarthelmeh
06d970c999
Merge pull request from kareem-wolfssl/zd15767
Fix not ignoring date errors when VERIFY_SKIP_DATE is set
2023-03-17 10:53:41 -06:00
JacobBarthelmeh
042ceff08e
Merge pull request from lealem47/indefPKCS12
Adding support for indefinite length PKCS12
2023-03-17 10:45:46 -06:00
Sean Parkinson
21c5ecc371
Merge pull request from tim-weller-wolfssl/zd14527-pemtoder-return-size
zd14527 - Update `PubKey` and `Key` PEM-to-DER APIs to support return of needed DER size
2023-03-17 08:37:51 +10:00
Kareem
cc51b2d52e Add additional fix for absolute URN issue from PR and add test. 2023-03-16 14:56:44 -07:00
Kareem
28f39f6b3d Fix unit test failure when building OPENSSL_EXTRA without HAVE_EXT_CACHE. 2023-03-16 14:25:42 -07:00
Marco Oliverio
94d983f94a tests: add WOLFSSL_EXTRA_ALERTS tests 2023-03-14 13:27:40 +00:00
tim-weller-wolfssl
52105a10c9 Add means to get size of DER buffer size needed for PEM-to-DER conversion to Key and PubKey APis 2023-03-14 06:33:12 -05:00
JacobBarthelmeh
694b527e67
Merge pull request from julek-wolfssl/dtls13-stateless
DTLS 1.3 stateless server ClientHello parsing
2023-03-13 09:22:58 -06:00
Lealem Amedie
1c9fa5c5ae Set some freed data to NULL 2023-03-10 13:40:25 -07:00
Chris Conlon
d03347d79c fix GetAsnTimeString() to correctly increment data_ptr, fixes PKCS#7 signedData signingTime attribute 2023-03-08 16:39:49 -07:00
Juliusz Sosinowicz
335722c586 Async fixes 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
f5f67f43d7 Reset DTLS sequence number 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
b0d7656ad2 Rebase fixes 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
885cca67fe Check for shared ctx in all configs 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
5f39c594aa TLS 1.3: hold decrypted ticket to check which ciphersuite matches
DTLS 1.3: Move stateless ticket decoding to FindPskSuiteFromExt
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
aa9dcca624 Rebase and Jenkins fixes 2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
984d709db0 dtls 1.3: Stateless ClientHello parsing 2023-03-07 12:02:54 +01:00
Chris Conlon
9bc3b867e0
Merge pull request from miyazakh/add_favouriteDrinkNID 2023-03-06 16:45:14 -07:00
David Garske
86e1b0d8ab
Merge pull request from SparkiDev/bn_move
BN compatibility API: move implementation out to separate API
2023-03-06 09:27:24 -08:00
Sean Parkinson
e4c2386b61 BN compatibility API: move implementation out to separate API
BN APIs from ssl.c have been moved out to ssl_bn.c that is included in
ssl.c.
Added defines for BN_rand() and BN_pseudo_rand() to indicate which bits
are to be set.
'internal' field now always maps to the ;mpi' field that is a MP
integer.
SetIndividualInternal/External renamed to wolfssl_bn_get/set_value.
Fixed BN APIs to work as closely to OpenSSL as possible.
Added tests.
Moved wolfssl_make_rng out to ssl.c as BN APIs are using it now.
SP int and TFM now check trials are in a valid range for
mp_prime_is_prime_ex().
2023-03-06 14:32:10 +10:00
Hideki Miyazaki
05b0796361
add favourite drink pilot attibute type to get it from the encoding 2023-03-04 14:20:48 +09:00
Daniel Pouzzner
ab71f6fd4c extend C89 build to whole codebase including examples:
configure.ac: remove implied --disable-examples when --disable-inline;

tests/api.c: always include wolfcrypt/src/misc.c;

wolfcrypt/src/misc.c: use WC_MISC_STATIC to designate staticness of the misc functions;

wolfssl/wolfcrypt/misc.h: define WC_MISC_STATIC to empty or static depending on #ifdef NO_INLINE or not (respectively);

wolfssl/wolfcrypt/types.h: #ifdef NO_INLINE, #define WC_INLINE WC_MAYBE_UNUSED, and move the definitions of WARN_UNUSED_RESULT and WC_MAYBE_UNUSED above the definition of WC_INLINE for clarity;

wolfssl/wolfcrypt/mem_track.h: always declare TrackMalloc() et al static (no functional change, because the state and callback bindings were and remain unconditionally static, but previously #ifdef NO_INLINE the functions were globals, leading to multiple definitions.
2023-03-03 22:30:08 -06:00
Hideki Miyazaki
0693b66c44 fix init var in for-loop 2023-03-03 17:51:34 +09:00
Andras Fekete
aff4d4a7d3 The size of the packet could vary by up to 5 bytes 2023-02-28 17:04:40 -05:00
Anthony Hu
c2daca1393 Fixes for encoding/decoding ecc public keys. 2023-02-23 13:56:48 -05:00
tim-weller-wolfssl
dea123f88e Minimal changes to avoid Out-of-Bounds write in ASN.1 parsing logic. Add unit tests for ParseCert() API passing badly formed ASN data (should error out gracefully). 2023-02-16 07:49:08 -06:00
David Garske
464c2d19dc
Merge pull request from SparkiDev/tls13_only_psk_dhe_ke
TLS 1.3 PSK: add option to require only PSK with DHE
2023-02-15 21:10:27 -08:00
Sean Parkinson
b624fc8377 TLS 1.3 PSK: add option to require only PSK with DHE
Can specify only PSK without DHE.
Add only PSK with DHE.
2023-02-16 09:21:29 +10:00
David Garske
18bee3142d Fix to use the right cert/key in the API unit test if overridden. 2023-02-15 14:57:43 -08:00
David Garske
47801107da Fix to make sure API unit test always calls init/cleanup when not running all tests. 2023-02-15 14:24:22 -08:00
Juliusz Sosinowicz
0cedc4e1ac
stunnel 5.67 support ()
* stunnel 5.67 support

- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
  - Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
  - Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION

* Upref the session for stunnel instead of duplicating it

* Add small stack option for wolfSSL_parse_cipher_list
2023-02-14 09:38:28 -08:00
tmael
c4fa013800
Fix for BIO_reset() ()
* Fix for BIO_reset
* Introduced BIO_FLAGS_MEM_RDONLY
2023-02-14 08:54:25 -08:00
Sean Parkinson
2fe34facba
Merge pull request from philljj/zd15607
Check keyLen matches cipher in wolfSSL_CMAC_Init.
2023-02-14 12:51:20 +10:00
Sean Parkinson
0a8753d2b2 ASN template, DSA: Clear the mp_int before re-reading data
Make sure the mp_int is cleared so that any exisiting bigint is freed.
Tidy up api.c code.
2023-02-13 11:08:18 +10:00