mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,224 Commits 5 Branches 162 Tags
Commit Graph

2113 Commits

Author SHA1 Message Date
Daniel Pouzzner
2955d7339e remove a debugging printf, fix whitespace/indentation, and add a comment re gethostbyname_r buffer size. 2022-01-21 13:00:22 -06:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Sean Parkinson
848f5eeb0c
Merge pull request #4755 from dgarske/dtls_srtp 
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
 2022-01-21 10:43:47 +10:00
Marco Oliverio
231a0bbb84 dtls-srtp: no ekm cross check on single threaded/no pthread conf 2022-01-20 16:12:04 +01:00
David Garske
7adbf59f22
Merge pull request #4767 from anhu/kill_hc128 
Get rid of HC-128
 2022-01-19 12:20:18 -08:00
David Garske
8e0ece920b Test cleanups. Fix possible leak in TLSX_UseSRTP. 2022-01-19 09:22:02 -08:00
Marco Oliverio
86ba0ef643 tests: support test for SRTP 
the test will check that the same Exported Keying Material is generated between
client and server
 2022-01-19 13:35:29 +01:00
Sean Parkinson
e745de657f
Merge pull request #4761 from haydenroche5/time_cb 
Add time callback functionality.
 2022-01-18 16:49:19 +10:00
Hayden Roche
1b0926a3b8 Add time callback functionality. 
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
 2022-01-17 17:49:51 -08:00
Anthony Hu
c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
David Garske
d38c5003d0
Merge pull request #4762 from ejohnstown/old-gcc 
Old Compiler Warning Cleanup (GCC 4.0.2)
 2022-01-17 09:44:44 -08:00
John Safranek
b68b14b499
Merge pull request #4724 from embhorn/zd13462 
Improve param checks of enc
 2022-01-16 15:35:54 -08:00
Sean Parkinson
15f501358d
Merge pull request #4716 from julek-wolfssl/issue-4592 
Verification: Domain check should only be performed on leaf certs
 2022-01-17 08:40:14 +10:00
John Safranek
001469589b
Old Compiler Warning Cleanup (GCC 4.0.2) 
Fixed a lot of shadowed global values. Some were prototype and function
declaration parameter name conflicts. Some conflicted with typenames.
Some conflicted with globals in libc.
 2022-01-14 17:43:21 -08:00
John Safranek
2cf21a3f69
Old Compiler Warning Cleanup (GCC 4.0.2) 
ecc.c,api.c: Initialize some variables to fix warning for possible
uninitialized variable use.
 2022-01-14 17:33:49 -08:00
Juliusz Sosinowicz
31e84d82b8 Domain check should only be performed on leaf certs 
- Refactor `*_set_verify` functions into common logic
- NULL protect `wolfSSL_X509_VERIFY_PARAM_set1_host` and add debug info
 2022-01-14 18:16:42 +01:00
Daniel Pouzzner
355b5821b2 WOLFSSL_SESSION_EXPORT: fixes for scan-build complaints (deadcode.DeadStores) building --enable-all --enable-sessionexport. 2022-01-08 11:43:56 -06:00
Eric Blankenhorn
f74831a7da Improve param checks of enc 2022-01-06 09:12:18 -06:00
Marco Oliverio
7edc916057 wolfcrypt/wolfssl: tests: adding missing wc_Aes*Free() 
In some Aes implementation this may leak resources
 2021-12-30 20:30:33 +01:00
David Garske
930cad649e Fix to resolve possible memory leak with DSA wc_DsaPublicKeyDecode in API unit test when used with HAVE_WOLF_BIGINT. 2021-12-28 16:34:54 -08:00
David Garske
569c066fab Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use wolfSSL_get1_sesson for reference logic, that requires calling wolfSSL_SESSION_free. To disable this feature use NO_SESSION_CACHE_REF. 2021-12-23 14:25:45 -08:00
David Garske
57d2555ac8
Merge pull request #4695 from douzzer/20211222-fips-config-update-and-fix-test_RsaDecryptBoundsCheck 
fips config update and test-driven cleanup
 2021-12-23 10:38:36 -08:00
Chris Conlon
9892f1f2d5
Merge pull request #4679 from dgarske/fips_ecc_pct 2021-12-23 10:27:51 -07:00
Daniel Pouzzner
b0a5b16068 api.c: fix logic in test_RsaDecryptBoundsCheck(). 2021-12-22 17:32:36 -06:00
David Garske
38214bd083 Disable the FIPS consistency checks in ECC and DH for key generation by default. 2021-12-22 10:06:19 -08:00
David Garske
9d137668c7
Merge pull request #4675 from julek-wolfssl/openssh-8.8 
Fix macro name conflicts with openssh
 2021-12-22 08:31:36 -08:00
Juliusz Sosinowicz
8435eb4644 Add WC_ namespace to variable handling defines 2021-12-22 12:16:02 +01:00
Juliusz Sosinowicz
dd9b1afb72
Remove magic numbers from WOLFSSL_ASN_TEMPLATE code (#4582) 
* pkcs8KeyASN and other misc asn fixes

- Test fixes for testing with `USE_CERT_BUFFERS_1024`

* intASN

* bitStringASN

* objectIdASN

* algoIdASN

* rsaKeyASN

* pbes2ParamsASN

* pbes1ParamsASN

* pkcs8DecASN

* p8EncPbes1ASN

* rsaPublicKeyASN

* dhParamASN

* dhKeyPkcs8ASN

* dsaKeyASN

* dsaPubKeyASN

- Add `wc_SetDsaPublicKey` without header testing

* dsaKeyOctASN

* rsaCertKeyASN

* eccCertKeyASN

* rdnASN

* certNameASN

* digestInfoASN

* otherNameASN

* altNameASN

* basicConsASN

* crlDistASN

* accessDescASN

* authKeyIdASN

* keyUsageASN

* keyPurposeIdASN

* subTreeASN

* nameConstraintsASN

* policyInfoASN

* certExtHdrASN

* certExtASN

* x509CertASN

* reqAttrASN

* strAttrASN

* certReqASN

* eccPublicKeyASN

* edPubKeyASN

* ekuASN

* nameASN

* certExtsASN

* sigASN

* certReqBodyASN_IDX_EXT_BODY

* dsaSigASN

* eccSpecifiedASN

* eccKeyASN

* edKeyASN

* singleResponseASN

* respExtHdrASN

* ocspRespDataASN

* ocspBasicRespASN

* ocspResponseASN

* ocspNonceExtASN

* ocspRequestASN

* revokedASN

* crlASN

* pivASN

* pivCertASN

* dateASN

* `wc_SetDsaPublicKey` was not including `y` in the sequence length

* All index names changed to uppercase

* Shorten names in comments

* Make sure extensions have sequence header when in cert gen

* Fix/refactor size calc in `SetNameEx`

* Pad blocks for encryption

* Add casting for increased enum portability

* Use stack for small ASN types
 2021-12-22 11:28:01 +10:00
Sean Parkinson
bf37845e2d
Merge pull request #4680 from JacobBarthelmeh/certs 
update certificate expiration dates and fix autorenew
 2021-12-22 08:48:35 +10:00
JacobBarthelmeh
c0f8fd5f5d update certificate dates and fix autorenew 2021-12-20 16:04:05 -08:00
Anthony Hu
7d4c13b9a4 --with-liboqs now defines HAVE_LIBOQS and HAVE_PQC 
AKA: The Great Rename of December 2021
 2021-12-20 11:48:03 -05:00
David Garske
ce4f436d0f
Merge pull request #4587 from SparkiDev/dis_algs_fix_1 
Disable algorithms: fixes
 2021-12-19 20:12:30 -08:00
Juliusz Sosinowicz
21a5a571e8 Fix test_wolfSSL_BIO_should_retry test 
When `OPENSSL_COMPATIBLE_DEFAULTS` is defined then `SSL_MODE_AUTO_RETRY` is set on context creation. For this test we need to clear this mode so that the `WOLFSSL_CBIO_ERR_WANT_READ` can propagate up to the user.
 2021-12-17 12:32:25 +01:00
David Garske
dec78169bf
Merge pull request #4658 from julek-wolfssl/apache-2.4.51 
Add Apache 2.4.51 support
 2021-12-16 08:52:10 -08:00
Juliusz Sosinowicz
e78f7f734e Add Apache 2.4.51 support 
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
 2021-12-16 12:39:38 +01:00
Chris Conlon
5172130287 add wc_GetPubKeyDerFromCert(), get pub key DER from DecodedCert 2021-12-15 11:04:52 -07:00
David Garske
a6c7d56c32
Merge pull request #4655 from haydenroche5/wc_pkcs12_from_file 
Add wc_d2i_PKCS12_fp to parse a PKCS #12 file directly in wolfCrypt.
 2021-12-14 08:58:57 -08:00
John Safranek
2359045b28
Merge pull request #4649 from kaleb-himes/KCAPI_FIPS_READY 
The minimal changes needed to add KCAPI support with fips-ready
 2021-12-13 17:33:03 -08:00
Hayden Roche
92d207a1cd Add wc_d2i_PKCS12_fp to parse a PKCS #12 file directly in wolfCrypt. 2021-12-13 15:28:34 -08:00
Daniel Pouzzner
355b779a3e feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c. 2021-12-11 14:08:04 -06:00
kaleb-himes
7cccaa98b7 The minimal changes needed to add KCAPI support with fips-ready 2021-12-10 14:44:20 -07:00
Hayden Roche
6764e7c15f Make wolfCrypt ASN cert parsing functionality public. 
Currently, the `ParseCert` function is only available if `WOLFSSL_ASN_API` is
defined to `WOLFSSL_API`. The only way to achieve this without enabling the
compatibility layer is to define `WOLFSSL_TEST_CERT`. There are users defining
this so that they can parse certs with wolfCrypt, even though this doesn't seem
to be the original intent of the define. This commit adds the function
`wc_ParseCert` to the public wolfCrypt API. It's simply a wrapper around
`ParseCert`. Similarly, this commit adds `wc_InitDecodedCert` and
`wc_FreeDecodedCert` to the public API, which are wrappers around
`InitDecodedCert` and `FreeDecodedCert`, respectively.
 2021-12-10 10:43:28 -08:00
Sean Parkinson
6da0cc1ced
Merge pull request #4600 from dgarske/cust_oid 
Support for Custom OID in subject and CSR request extension
 2021-12-09 11:24:30 +10:00
David Garske
b4c6140b64
Merge pull request #4442 from julek-wolfssl/kerberos 
Add Kerberos 5 support
 2021-12-02 09:07:34 -08:00
David Garske
5c172ca955
Merge pull request #4622 from douzzer/fix-wolfsentry-build 
wolfsentry fixes re HAVE_EX_DATA and wolfsentry_sockaddr
 2021-12-01 08:16:07 -08:00
Sean Parkinson
d06ada2ccc
Merge pull request #4610 from julek-wolfssl/nginx-1.21.4 
Add support for Nginx 1.21.4
 2021-12-01 22:27:12 +10:00
Juliusz Sosinowicz
aac1b406df Add support for Nginx 1.21.4 
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
 2021-12-01 09:49:52 +01:00
Daniel Pouzzner
3f65916f3a HAVE_EX_DATA: fix wolfssl/ssl.h and tests/api.c to build -DHAVE_EX_DATA but -UOPENSSL_EXTRA. 2021-11-30 23:39:16 -06:00
JacobBarthelmeh
b69a1c860c
Merge pull request #3996 from cconlon/pkcs7_detachedhash 
adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature
 2021-11-30 12:46:46 -08:00
David Garske
7524ededd3 Support for Custom OID in subject and CSR request extension: 
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
 2021-11-23 09:51:13 -08:00