Remote attestation #1
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joeftiger
commented
Jun 19, 2023
joeftiger
commented
Jun 19, 2023
joeftiger
commented
Jun 19, 2023
joeftiger
commented
Jun 19, 2023
joeftiger
commented
Jun 20, 2023
src/tls13.c
Outdated
joeftiger
force-pushed
the
remote-attestation
branch
from
cdac00b to
9afaef8
Compare
…IG_INT as a math option in settings.h
- use 'theirs' merge strategy
* wolfcrypt polish: init, checks, corrections
Public API wc_ecc_is_point() needs to validate the parameters. Ensure that the x and y are in range [0, p-1] and z is one (affine ordinates). Made the API a wrapper around existing calculation code. When x-ordinate is a large negative, then it will spend large amounts of time adding the prime to a large negative intermediate value.
New creation of mp_ints r and s to be minimal size must not be re-initialized. Changes to ASN.1 code to handle r and s being initialized and to not initialize again.
Fix to not overwrite error when sp_div fails in sp_mod.
…teKeyValidate() prototype.
…t-only headers, missed in earlier passes; in tests/unit.h, add a WOLF_C89 definition of AssertPtr() without pragmas, to avoid a -Wdeclaration-after-statement.
…E_WOLF_STR[N]CASECMP) in types.h for targets lacking native implementations (including WOLF_C89); define USE_WOLF_STRSEP if defined(WOLF_C89).
Fix: ./configure --disable-shared --enable-smallstack --enable-all CFLAGS=-DNO_ASN_TIME Don't compile mp_test when compiling for SP Math All and RSA verification only - very few functions available. ssl.c: wolfSSL_Rehandshake(): wolfSSL_UseSessionTicket only available when not NO_WOLFSSL_CLIENT api.c: test_wolfSSL_ticket_keys(): meant to be tested on server
bio.c: wolfSSL_BIO_push(): handles NULL for top and append. crl.c: InitCRL_Entry(): set toBeSigned to NULL after freeing when allocation fails. AddCRL(): free CRL entry properly on error. wolfSSL_X509_STORE_add_crl(): check for NULL after wolfSSL_X509_crl_new call. ssl.c: wolfSSL_CertManagerGetCerts(): free the certificate if it didn't get pushed onto stack wolfSSL_RAND_Init(): returns success if global already initialized. ssl_asn1.c: wolfSSL_ASN1_TYPE_set now avaiable when OPENSSL_EXTRA defined for function wolfssl_dns_entry_othername_to_gn(). x509.c: Added support for creating a valid General Name of type GEN_OTHERNAME. Extracted some code out into wolfssl_x509_alt_names_to_gn(). wolfSSL_X509_set_ext(): free data correctly on errors wolfSSL_X509_PUBKEY_set(): free str if DSA parameters cannot be retrieved; wolfSSL_OBJ_nid2obj() called separately to handle when returning NULL. wolfSSL_X509_NAME_copy(): check for failure when wolfSSL_X509_NAME_add_entry() is called. x509_str.c: wolfSSL_X509_STORE_CTX_new(): check for error from calling wolfSSL_X509_STORE_CTX_init(). wolfSSL_X509_STORE_get0_objects(): don't double free x509; free memory correctly on error
Fixes from coverity scan in the file api.c.
…om /usr/src/linux/include/linux/const.h with warning-free __builtin_constant_p().
1. Typecast the return of strlen() to int for the variable used.
…not have improper 'U' suffix; wolfssl/wolfcrypt/types.h: add 'U' suffix to W64LIT() macro defs, and add SW64LIT() macro defs (not yet used anywhere); wolfcrypt/src/asn.c: add !WOLFSSL_ECC_CURVE_STATIC gate around DataToHexStringAlloc() to resolve -Wunused; wolfcrypt/src/ecc.c: guard against zero-valued "len" arg to wc_ecc_get_curve_id_from_oid(); wolfcrypt/src/wc_port.c: fix several argument implicit sign changes in USE_WINDOWS_API paths; wolfssl/wolfcrypt/ecc.h: remove const attribute from inline buffers in WOLFSSL_ECC_CURVE_STATIC struct ecc_set_type.
The modular exponentiation implementations in sp_int.c and tfm.c are not safe when using Encrypted Memory. Cannot have two pieces of memory where one changes and the other doesn't based on private value. Use extra variable to hold the two new values and assign them both back at the same time in a safe manner. Alternative implementations used when WC_PROTECT_ENCRYPTED_MEM is defined.
dtls13.c:
Change end of outputBuffer data calculations to use function
GetOutputBuffer().
Use idx when calculating unused byte count of outputBuffer.
internal.c:
Change end of outputBuffer data calculations to use function
GetOutputBuffer().
Use GetOutputBuffer() to calculate end of data in outputBuffer.
GrowOutputBuffer():
Calculate new size to allocate to include already written data in
case of static buffer.
Copy all data including already written count (idx).
CheckAvailableSize():
Don't subtract idx from length when checking MTU size.
Do subtract idx from bufferSize to determine count of unused bytes
in outputBuffer.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
23 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Please describe the scope of the fix or feature addition.
Fixes zd#
Testing
How did you test?
Checklist