1d9b86e2b0
Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret. API test cleanups (no sleep needed).
2024-07-30 11:54:17 -07:00
bbbc1e074c
Fixes for clang-tidy.
2024-07-30 10:35:21 -07:00
afb6fe6c5f
Fixes for building due to missing OCSP and DecodePolicyOID (`--enable-curl` and `--enable-openssh`).
2024-07-30 10:35:21 -07:00
20f7d6f9f4
ASN macro simplification. Added new `--enable-asn=all` and `WOLFSSL_ASN_ALL` option. Added granular macros for ASN features like: `WOLFSSL_ASN_CA_ISSUER`, `WOLFSSL_ASN_PARSE_KEYUSAGE`, `WOLFSSL_ASN_TIME_STRING`, `WOLFSSL_OCSP_PARSE_STATUS`.
2024-07-30 10:35:20 -07:00
50d60bf0e7
Code sonar cleanup ( #7782 )
...
* Fix Warning 826814.9284764
* Fix Warning 826836.9285316
Co-authored-by: Andras Fekete <andras@wolfssl.com>
2024-07-30 09:42:43 -07:00
36d01cdb9b
Fix memory leak in wc_GeneratePreTBS()
...
In the wc_GeneratePreTBS() method (used for WOLFSSL_DUAL_ALG_CERTS
support), there was a workaround for alt names in certificates, as the
CopyDecodedToX509() method wasn't properly copying them. As a proper
copy mechanism is implemented now, we have to remove the workaround as
it now causes a memory leak of the copied values.
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
2024-07-30 10:38:48 +02:00
f1e01e4636
RISC-V 64: Add assembly code for SHA-256
...
Move common defines out of AES file to header file.
2024-07-30 12:21:13 +10:00
f9dc5e9f4d
Fixes for uses of deprecated sprintf. If C89 remap XSNPRINTF to use sprintf.
2024-07-29 14:03:44 -07:00
2d5462d77d
wolfSSL_X509_REQ_add1_attr_by_NID: clean up push call for analyzers
2024-07-29 18:18:07 +02:00
31380aca13
fixup! ocsp: don't free ocsp request if saved in ssl->ctx->certOcspRequest
2024-07-29 15:00:41 +00:00
caab2c2dca
SSL loading of keys/certs: testing and fixes
...
Added tests to cover ssl_load.c functions.
Fixes from testing.
pk.c: renamed wolfssl_dh_load_key to wolfssl_dh_load_params as it
doesn't handle keys - just parameters.
2024-07-26 11:43:10 +10:00
181c408d17
Allow kyber to be built with FIPS
2024-07-24 20:36:51 -04:00
a34ea32f52
Merge pull request #7730 from anhu/unknownExtCallbackEx
...
Extend the unknown extension callback.
2024-07-24 08:37:44 +10:00
bb60c58800
ocsp: don't free ocsp request if saved in ssl->ctx->certOcspRequest
2024-07-23 16:02:07 +00:00
7c6eb7c4a1
Merge pull request #7751 from SparkiDev/ecc_koblitz_ssl
...
ECC key load: fixes
2024-07-22 16:40:59 -07:00
575df43889
Merge pull request #7768 from JacobBarthelmeh/copyright
...
update copyright to 2024
2024-07-19 14:27:39 -07:00
787397b28e
src/bio.c and related:
...
* refactor WOLFSSL_BIO.num and WOLFSSL_BIO.ptr as unions, for clarity and bug resistance (no functional changes).
* in wolfSSL_BIO_free(), add WOLFSSL_BIO_DGRAM to the test for closing bio->num.fd, fixing a descriptor leak.
* use SOCKET_INVALID consistently as the invalid value for WOLFSSL_BIO.num.fd, and use SOCKET_T consistently as the internal type for file descriptors.
* move the definitions for SOCKET_T and SOCKET_INVALID from wolfio.h to the filesystem section of wc_port.h, and allow override definitions of SOCKET_T.
detected and tested with wolfssl-multi-test.sh ... pq-hybrid-all-rpk-valgrind-unittest. also tested with wolfssl-multi-test.sh ... super-quick-check.
2024-07-19 14:50:26 -05:00
31a6a2bf59
update copyright to 2024
2024-07-19 13:15:05 -06:00
0eeae4da8c
Merge pull request #6460 from embhorn/mosquitto_osp
...
Add support for Mosquitto OSP
2024-07-19 07:49:32 -07:00
bd5586623a
Merge pull request #7703 from SparkiDev/def_ticket_cbc_hmac
...
Default session ticket enc/dec: allow AES-CBC with HMAC
2024-07-19 07:41:27 -07:00
08b211c3bb
Merge pull request #7761 from kareem-wolfssl/zd18300
...
Fix not calling the signing callback when using PK callbacks + TLS 1.3.
2024-07-19 07:37:37 -07:00
b5e188830d
Merge pull request #7755 from philljj/misc_cleanup
...
Misc cleanup: FreeX509 null pointer checks, and spelling cleanup.
2024-07-19 07:37:24 -07:00
4bc04673d1
suppress 4 uninitvar warnings, all associated with passing partially written arrays (true but benign positives). newly detected by cppcheck 2.14.2.
2024-07-18 17:22:17 -05:00
3492caba51
Fix not calling the signing callback when using PK callbacks + TLS 1.3.
2024-07-18 10:33:19 -07:00
c36ab59f24
fixes for defects identified by nightly testing:
...
* ecc.c: in wc_ecc_free(), fix gating around handling for key->sign_k to resolve memory leak, and in wc_ecc_gen_deterministic_k(), fix -Wconversion.
* test.c: add missing mp_free()s to ecdsa_test_deterministic_k_rs() and ecc521_test_deterministic_k().
* wc_HashType: change several occurrences of int to enum wc_HashType, including ecc_key.hashType and API wc_ecc_set_deterministic_ex(), to resolve C++ warnings.
* fixes for various C++ warnings/errors in crypto and TLS layers and test and benchmark code -- implicit casts, negative initializers for unsigned type, jumped initializers, and missing enums in switch()es.
2024-07-17 18:07:08 -05:00
6a745518bc
Misc cleanup: FreeX509 null pointer checks, and spelling cleanup.
2024-07-17 10:04:52 -05:00
ee7748f2e3
PR7648 20240418-exosip-apis peer review:
...
* tweak typography;
* move wolfSSL_i2d_X509_PUBKEY() from ssl.c to x509.c;
* in asn.h, add !NO_ASN_OLD_TYPE_NAMES macros to remap old names (ISSUER, SUBJECT, BEFORE, AFTER) by default unless the macros are already defined.
2024-07-16 19:12:19 -05:00
9023aeef75
BIO/wolfio: refactor TranslateReturnCode(), wolfSSL_LastError(), and TranslateIoError() into complete+consistent wolfSSL_LastError() and TranslateIoReturnCode(), handling all special cases correctly, and correctly returning WOLFSSL_CBIO_ERR_WANT_WRITE and WOLFSSL_CBIO_ERR_TIMEOUT. use TranslateIoReturnCode() directly in wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), wolfIO_SendTo(), and remove now-superfluous TranslateIoError() calls from EmbedReceive(), EmbedSend(), EmbedReceiveFrom(), EmbedSendTo(), EmbedReceiveFromMcast().
2024-07-16 19:12:19 -05:00
5298039d09
fixes from peer review: move OS-specific code from wolfSSL_BIO_read() and wolfSSL_BIO_write() to wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), and wolfIO_SendTo(); add SOCKET_ETIMEDOUT definitions to wolfio.h; misc cleanups.
2024-07-16 19:12:19 -05:00
0c1163f01f
src/bio.c: restore inadvertently removed update of bio->connected in wolfSSL_BIO_ctrl() case BIO_CTRL_DGRAM_SET_CONNECTED.
2024-07-16 19:12:18 -05:00
1159fc333f
src/bio.c: in wolfSSL_BIO_ADDR_size(), add missing gate on HAVE_SYS_UN_H for AF_UNIX.
2024-07-16 19:12:18 -05:00
51c49b678e
src/bio.c: fix gating for WOLFSSL_BIO_DGRAM handling.
2024-07-16 19:12:18 -05:00
0a928ead3f
address peer review around WOLFSSL_HAVE_BIO_ADDR:
...
refactor housekeeping for bio->bytes_read and bio->bytes_write, and add WOLFSSL_BIO_HAVE_FLOW_STATS gate;
add WOLFSSL_BIO_FLAG_RETRY housekeeping for WOLFSSL_BIO_SOCKET and WOLFSSL_BIO_DGRAM;
refactor WOLFSSL_BIO.peer_addr to be inline rather than a pointer;
add wolfSSL_set_mtu_compat() and wolfSSL_CTX_load_verify_locations_compat() implementations;
enable WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_DTLS_MTU when OPENSSL_ALL.
2024-07-16 19:12:18 -05:00
61eb6987d0
src/ssl.c: remove old version of wolfSSL_set_bio().
2024-07-16 19:12:18 -05:00
62db3533ae
wolfSSL_CTX_load_verify_locations(): set up with OpenSSL-compatible behavior (WOLFSSL_LOAD_FLAG_IGNORE_ERR).
2024-07-16 19:12:18 -05:00
2d370f3e4e
wolfSSL_BIO_read(): return MEMORY_E if wolfSSL_BIO_ADDR_new() fails.
2024-07-16 19:12:18 -05:00
7216a543dd
checkpoint: complete test_wolfSSL_BIO_datagram(); fix some WOLFSSL_HAVE_BIO_ADDR gates to also gate on WOLFSSL_DTLS and OPENSSL_EXTRA; use DTLS_RECVFROM_FUNCTION, DTLS_SENDTO_FUNCTION, SOCKET_T, SOCKADDR, SOCKADDR_IN, and SOCKADDR_IN6 macros and types, and add SOCKADDR_UN type.
2024-07-16 19:12:18 -05:00
bd7f7c8bdf
checkpoint: add wolfSSL_BIO_ADDR_free to wolfSSL_BIO_free(); tweak EXPECT_SUCCESS() to tolerate TEST_SKIPPED; add WIP test_wolfSSL_BIO_datagram.
2024-07-16 19:12:18 -05:00
29ec038aa6
checkpoint: add WOLFSSL_BIO_ADDR, wolfSSL_BIO_ADDR_new(), wolfSSL_BIO_ADDR_free(), wolfSSL_BIO_ADDR_clear(), wolfIO_SendTo(), wolfIO_RecvFrom(); fix name of wolfSSL_BIO_s_datagram().
2024-07-16 19:12:18 -05:00
08940866c3
checkpoint progress: add macro definitions for BIO_CTRL_DGRAM_SET_CONNECTED, BIO_CTRL_DGRAM_SET_PEER, WOLFSSL_MULTI_LABEL_WILDCARDS, WOLFSSL_MULTI_LABEL_WILDCARDS, NID_id_GostR3410_2001, NID_id_GostR3410_2012_256, NID_id_GostR3410_2012_512; fix flag arithmetic in wolfSSL_X509_check_host(); add compat macros for i2d_X509_PUBKEY, BIO_new_dgram.
2024-07-16 19:12:18 -05:00
3f921e0a32
checkpoint progress: add wolfSSL_BIO_s_dgram, wolfSSL_BIO_new_dgram, WOLFSSL_BIO_DGRAM, and remove now-duplicate prototype and definition of wolfSSL_X509_STORE_get0_param.
2024-07-16 19:12:18 -05:00
8468a70b72
add wolfSSL_i2d_X509_PUBKEY, wolfSSL_X509_VERIFY_PARAM_lookup, and wolfSSL_X509_STORE_get0_param, and make wolfSSL_X509_VERIFY_PARAM_inherit a public API; add macros to openssl compat layer: DTLS_client_method, DTLS_server_method, X509_VERIFY_PARAM_lookup, X509_VERIFY_PARAM_inherit, X509_STORE_get0_param; add "const char *name" slot to struct WOLFSSL_X509_VERIFY_PARAM to support wolfSSL_X509_VERIFY_PARAM_lookup.
2024-07-16 19:12:18 -05:00
1e7810153f
add wolfSSL_set_rbio, wolfSSL_set_wbio, wolfSSL_BIO_number_read, wolfSSL_BIO_number_written, and compat layer shim macros SSL_set0_rbio, SSL_set0_wbio, BIO_number_read, BIO_number_written, BIO_reset.
2024-07-16 19:12:18 -05:00
41efa0492c
add ASN_ prefixes to ISSUER, SUBJECT, BEFORE, and AFTER enum constants defined in wolfssl/wolfcrypt/asn.h.
2024-07-16 19:12:18 -05:00
198f4030e8
add stub implementations of wolfSSL_COMP_get_name(), wolfSSL_get_current_compression(), and wolfSSL_get_current_expansion(), and add compat layer shim macros for them.
2024-07-16 19:12:18 -05:00
685bfd1f9d
add wolfSSL_get0_peername() and SSL_set_mtu().
2024-07-16 19:12:18 -05:00
7aad09fc87
Rebase for mosquitto
2024-07-16 07:37:33 -05:00
f2f3a8273d
Merge pull request #7732 from kaleb-himes/NUCLEUS-FIPS-SRTP-KDF
...
Check-in Nucleus Plus 2.3 port work
2024-07-16 09:37:15 +10:00
dc86dad26b
ECC key load: fixes
...
asn.c:
Return the curve OID sum with alg_id for ECC keys.
ssl_load.c:
Don't permanently strip the PKCS#8 information as it contains the
curve OID.
2024-07-15 15:46:05 +10:00
baec0ced59
Merge pull request #7731 from ColtonWilley/zephyr_tls_support
...
Changes needed for default TLS support in zephyr kernel
2024-07-11 16:46:43 -06:00
978456e39d
Remove get cipher bytes from header
2024-07-11 14:51:38 -07:00
7b089f548e
Remove get cipher list bytes
2024-07-11 14:39:44 -07:00
3cc7bbea67
Merge pull request #7737 from JacobBarthelmeh/staticmemory-singlethreaded
...
fix for staticmemory and singlethreaded build
2024-07-11 09:57:08 +10:00
e581930cb7
Extend the unknown extension callback.
...
This will allow the user to pass in a context pointer. Allows them to avoid
global variables.
We also add unknown extensions callback when processing a CA in cert manager
as CA certs can have unknown extensions as well.
Fixes ZD 18252
2024-07-10 13:22:19 -04:00
6703a58c51
fix for staticmemory and singlethreaded build
2024-07-10 09:44:10 -06:00
fea7a89b86
Coverity fixes
...
pk.c:
EncryptDerKey - setting wrong ret value on allocation failure.
wolfssl_rsa_generate_key_native - now checks e is a valid long
before passing in.
Fix formatting.
ssl_load.c:
ProcessBufferPrivPkcs8Dec - now checking password is not NULL
before zeroizing. Allocation may fail and ForceZero doesn't check for
NULL.
Fix formatting.
tests/api.c:
test_RsaSigFailure_cm - Check cert_sz is greater than zero
before use.
send_new_session_ticket - assert that building the message
doesn't return error or 0.
test_ticket_nonce_malloc - fix setting of medium and big to use
preprocessor. Fix big to be medium + 20.
asn.c:
GetLength_ex - Fix type of bytes so that it can go negative.
sp_int.h:
sp_clamp - add one to ii while it is a signed.
Fix formatting.
2024-07-10 11:40:48 +10:00
c333fdf545
Check-in Nucleus Plus 2.3 port work
2024-07-09 15:53:00 -06:00
4ec07bb5a8
Changes needed for default TLS support in zephyr kernel
2024-07-09 12:00:34 -07:00
780fd98f40
src/internal.c: in ProcessPeerCerts(), smallstack refactor of a span gated on HAVE_CERTIFICATE_STATUS_REQUEST_V2, to get DecodedCert off the stack.
2024-07-06 10:04:06 -05:00
88af1a2932
fixes for Coverity #394680 , #394682 , #394693 , #394712 .
2024-07-05 20:42:32 -05:00
b948f6797c
account for negative return value, fixes coverity issue 394678
2024-07-05 15:34:28 -06:00
f8eb0c3776
fix for coverity issue 394676 possible null dereference
2024-07-05 14:06:19 -06:00
25d52dde3f
fix coverity issue 367842 possible null dereference
2024-07-05 11:56:45 -06:00
50a7243486
fix for coverity issue 394670 possible overflow
2024-07-05 11:53:19 -06:00
8946e3fb4b
Merge pull request #7702 from rizlik/ocspv2
...
ocsp stapling improvements
2024-07-05 10:29:25 -06:00
053170613a
fixup! csrv2multi: pending ca list
2024-07-05 15:26:41 +00:00
3e58cfd864
fixup! ocsp: improvements
2024-07-04 10:21:20 +02:00
fe932b893c
fixup! csrv2multi: pending ca list
2024-07-04 10:21:20 +02:00
1c23d2222c
Merge pull request #7693 from philljj/zd18204
...
Fixes ZD 18204: check hashsigalgo matches ssl suites.
2024-07-03 17:12:43 -06:00
f7f3ba9c76
check hashsigalgo matches ssl suites on client side.
2024-07-03 11:59:18 -05:00
6409b68b21
Merge pull request #7698 from dgarske/asan_compat_list
...
Fix ASAN warning with compatibility layer cipher list parsing
2024-07-02 17:12:38 -06:00
a490d4fdf7
Merge pull request #7628 from SparkiDev/alert_after_ch
...
TLS: wrong TLS version in alert after ClientHello
2024-07-02 17:10:24 -06:00
9222cb1304
ocsp: improvements
2024-07-02 09:51:34 +02:00
b5206e8504
csrv2multi: pending ca list
2024-07-02 09:51:34 +02:00
c82081591a
Default session ticket enc/dec: allow AES-CBC with HMAC
...
Add option to use AES-CBC with HMAC for default session ticket enc/dec.
Defaults to AES-128-CBC with HMAC-SHA256.
Options include:
WOLFSSL_TICKET_ENC_HMAC_SHA512 for HMAC-SHA512
WOLFSSL_TICKET_ENC_HMAC_SHA384 for HMAC-SHA384
WOLFSSL_TICKET_ENC_AES256_CBC for AES-256-CBC
2024-07-02 11:34:03 +10:00
7814e4c264
DoCertificateStatus: Clean up logic in WOLFSSL_CSR2_OCSP_MULTI
2024-07-02 01:29:44 +02:00
1e3f623ff3
Regression testing: fix compilation for unusual configs
...
Disable ECC but have OPENSSL_EXTRA and curve25519 - fix #ifdef
protection in ssl.c.
tests/api.c:
SSL_SESSION_get_max_fragment_length is not available when no session
cache.
ASN1 APIs using generalized time disabled when NO_ASN_TIME defined so
disable tests.
2024-07-01 21:52:56 +10:00
7dfef18cf4
Refactor unneeded PickHashSigAlgo_ex function.
2024-06-28 18:32:13 -05:00
98a5a4c201
Merge pull request #7660 from julek-wolfssl/zd/18188
...
wolfSSL_get_SSL_CTX: Make parameter const
2024-06-28 16:40:06 -06:00
7faf0dccc7
Fix for ASAN warning with compatibility layer lists in `ParseCipherList` and `CheckcipherList` (ZD 18175). Add test case for ASAN to trigger NULL + 1 warning. Cleanup messy `WOLFSSL_TIRTOS` in api.c.
2024-06-28 15:26:40 -07:00
80d4f71eb9
Merge pull request #7683 from SparkiDev/def_ticket_cb_inlen
...
SSL default ticket encryption callback: check in len on decrypt
2024-06-28 16:04:58 -06:00
864a9d0598
Dilithium: fixes
...
TLS uses DER API now and needs to be protected with the right #ifdefs.
Do the right check of size in wc_Dilithium_PrivateKeyDecode().
Don't require public key when doing private DER.
2024-06-28 10:55:16 +10:00
107cc82a06
Fixes ZD 18204: check hashsigalgo matches ssl suites.
2024-06-27 10:45:02 -05:00
c047e55b92
Merge pull request #7687 from douzzer/20240626-EvictSessionFromCache-ticketNonce-data-leak
...
20240626-EvictSessionFromCache-ticketNonce-data-leak
2024-06-27 09:41:42 -06:00
f66e5a52bd
wolfSSL_get_SSL_CTX: Make parameter const
2024-06-27 15:48:46 +02:00
4d56cc1790
Regression testing: memory allocation failure
...
Fixes from memory allocation failure testing.
Also:
fix asn.c to have ifdef protection around code compiled in with dual
algorithm certificates.
fix test_tls13_rpk_handshake() to support no TLS 1.2 or no TLS 1.3.
fix wc_xmss_sigsleft() to initialize the index to avoid compilation
error.
2024-06-27 17:17:53 +10:00
4d43dbf83b
src/ssl_sess.c: in EvictSessionFromCache(), free session->ticketNonce.data if it was dynamically allocated. fixes memory leak via wolfSSL_Cleanup().
2024-06-26 14:15:42 -05:00
3d7583e743
Merge pull request #7684 from kojo1/pk-fix
...
Fix in pk.c
2024-06-26 11:33:38 +09:00
72b6074b93
Fixes in pk.c
2024-06-26 08:47:41 +09:00
6d0dc7f2e7
SSL default ticket encryption callback: check in len on decrypt
...
Make sure that the length of the data to decrypt is correct for the
default ticket encryption implementation.
2024-06-26 08:21:17 +10:00
38335f4947
Merge pull request #7678 from bandi13/fixReturnType
...
ret will be set to 1 (WOLFSSL_SUCCESS), the rest checks for 'ret == 0'
2024-06-25 10:53:03 -06:00
773451a5dc
ret will be set to 1 (WOLFSSL_SUCCESS), the rest checks for 'ret == 0'
...
Need to use another type of return code
2024-06-24 12:11:57 -04:00
7cd610bc45
Fixes for WolfSSL ML-DSA implementation
...
* Update OIDs etc. to match OQS ML-DSA values (old ones were Dilithium
Round 3 values)
* Make sure private key files/buffers containing both the private and
the public key are parsed correctly
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
2024-06-24 15:00:44 +02:00
2312cb4563
Merge pull request #7667 from SparkiDev/sha3_thumb2_arm32_asm
...
SHA-3 Thumb2, ARM32 ASM: Add assembly implemention
2024-06-23 20:16:32 -07:00
7405ea8162
Merge pull request #7671 from miyazakh/dtls_ocsp
...
Fix ocsp response message build for DTLS
2024-06-21 14:43:29 -06:00
610af43d03
XCODE support for v5.2.3 of the FIPS module
2024-06-21 10:36:57 -06:00
8734f1251d
SHA-3 Thumb2, ARM32 ASM: Add assembly implemention
...
Add SHA-3 assembly implementation for Thumb2 and ARM32.
2024-06-21 14:38:51 +10:00
30eb558d58
fix ocsp response when using DTLS
2024-06-21 09:57:59 +09:00
63f666a599
Merge pull request #7659 from embhorn/zd18179
...
Fixes in ASN1 and X509
2024-06-20 13:10:40 -06:00
d545253df7
Merge pull request #7594 from JacobBarthelmeh/socat
...
Updating socat version support
2024-06-20 09:17:41 -07:00
David Garske
András Fekete
Tobias Frauenschläger
Sean Parkinson
Juliusz Sosinowicz
Marco Oliverio
Anthony Hu
Daniel Pouzzner
JacobBarthelmeh
Kareem
jordan
Eric Blankenhorn
Colton Willey
kaleb-himes
Takashi Kojo
Andras Fekete
Hideki Miyazaki