Skip to content

Fixes and refactor for static ephemeral key support #4522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SparkiDev merged 6 commits into from
Nov 9, 2021
Merged

Fixes and refactor for static ephemeral key support #4522

SparkiDev merged 6 commits into from
Nov 9, 2021

Conversation

@dgarske
Copy link
Contributor

@dgarske dgarske commented Nov 1, 2021
edited
Loading

  • Added x448 static ephemeral support.
  • Refactor of the static ephemeral key internals and addition of mutex protection.
  • Fix for possible use after free if loaded in CTX and used in SSL then reloaded in CTX.
  • Fix to allow calls to get TLS session random even if wolfSSL_KeepArrays has not been called.
  • Eliminate EIGHTK_BUF use in asn.
  • Cleanup uses of 0 in set_verify for callback.
@dgarske dgarske self-assigned this Nov 1, 2021
@dgarske dgarske requested a review from SparkiDev November 2, 2021 01:23
@dgarske dgarske assigned SparkiDev and unassigned dgarske Nov 2, 2021
SparkiDev
SparkiDev requested changes Nov 2, 2021
View reviewed changes
@dgarske dgarske assigned dgarske and unassigned SparkiDev Nov 2, 2021
@dgarske dgarske requested a review from SparkiDev November 5, 2021 18:06
@dgarske dgarske assigned SparkiDev and unassigned dgarske Nov 5, 2021
@dgarske dgarske mentioned this pull request Nov 8, 2021
Merged
@anhu
Copy link
Member

anhu commented Nov 8, 2021
edited
Loading

Got this building on Linux.

./configure --enable-sniffer --enable-all  CFLAGS="-DWOLFSSL_DH_EXTRA"

src/sniffer.c: In function ‘SetupKeys’:
src/sniffer.c:2722:12: error: ‘ret’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
 2722 |         if (ret == 0 && keyBuf == NULL) {
      |            ^

make check also fails:

FAIL: scripts/ocsp.test
FAIL: scripts/ocsp-stapling.test
FAIL: scripts/ocsp-stapling2.test
FAIL: scripts/unit.test
@SparkiDev
Copy link
Contributor

SparkiDev commented Nov 9, 2021

Configuration fails unit.test:
./configure --enable-sniffer --enable-curve448
@SparkiDev SparkiDev assigned dgarske and unassigned SparkiDev Nov 9, 2021
@dgarske
Copy link
Contributor Author

dgarske commented Nov 9, 2021

Configuration fails unit.test:
./configure --enable-sniffer --enable-curve448

@SparkiDev : Thank you for finding that! Very good bug report with this PR. Ready for another review pass once Jenkins is done.
@dgarske dgarske assigned SparkiDev and unassigned dgarske Nov 9, 2021
@SparkiDev SparkiDev merged commit 8e0fdc6 into wolfSSL:master Nov 9, 2021
@dgarske dgarske deleted the static_eph branch November 9, 2021 23:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants

@dgarske @anhu @SparkiDev