070029fd08
add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-27 14:49:47 -06:00
65cfef5337
fix for free with test case
2021-08-27 14:10:06 -06:00
83d39932bb
add test case for X509 EXTENSION set
2021-08-27 11:30:44 -06:00
8b79f77fb0
Merge pull request #4327 from JacobBarthelmeh/Compatibility-Layer-Part3
...
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-27 09:27:34 -07:00
21159659cf
add implementation of AUTHORITY_INFO_ACCESS_free
2021-08-26 14:48:12 -06:00
ef0fb6520d
Merge pull request #4283 from JacobBarthelmeh/Compatibility-Layer-Part2
...
couple more compatibility functions
2021-08-26 11:50:09 -07:00
b5d42eb773
Merge pull request #4318 from kojo1/i2d_RSA
...
arg type compatibility
2021-08-26 09:51:43 -06:00
77eff68b95
addressed review comment
2021-08-25 11:07:32 +09:00
3f2abef212
Merge pull request #4321 from haydenroche5/libimobiledevice
...
Make changes to support libimobiledevice.
2021-08-24 17:19:26 -07:00
3d8dc68266
free test case object
2021-08-24 10:59:38 -06:00
ff521a14e4
add test case and macro mapping
2021-08-24 10:59:38 -06:00
7ff1351971
Make changes to support libimobiledevice.
...
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
2021-08-24 08:52:43 -07:00
9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only
...
SP RSA verify only: fix to compile
2021-08-23 14:42:56 -07:00
da6e8d394f
shift instead of multiply and add comment
2021-08-23 13:24:27 -06:00
8808e6a3ac
implement set_tlsext_max_fragment_length
2021-08-23 09:08:14 +09:00
10c5e33027
arg type compatibility
2021-08-20 15:21:06 +09:00
dbb03cb5a3
SP RSA verify only: fix to compile
...
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
2021-08-20 13:16:58 +10:00
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template
...
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) ( #4276 )
...
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
2021-08-19 09:15:52 -07:00
d486b89c61
ASN1 Template: stricter and simpler DER/BER parsing/construction
...
Reduce debug output noise
2021-08-19 11:32:41 +10:00
9a1233c04d
Merge pull request #4312 from julek-wolfssl/DH_set_length
...
Implement `DH_set_length`.
2021-08-18 16:42:38 -07:00
eaded189ff
Merge pull request #4310 from haydenroche5/dsa_fips
...
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
2021-08-18 16:33:26 -07:00
8df65c3fa7
Merge pull request #4270 from dgarske/zd12586
...
Fixes for various PKCS7 and SRP build issues
2021-08-19 08:12:15 +10:00
c5f9e55567
Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.
2021-08-18 11:30:18 -07:00
6237a7a00d
Merge pull request #4305 from TakayukiMatsuo/i2t
...
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-18 10:37:08 -06:00
162f14aaf9
Implement `DH_set_length`.
2021-08-18 13:24:51 +02:00
d1e027b6fa
Fix for pedantic warning with pre-processor in macro.
2021-08-17 14:55:42 -07:00
89904ce82e
Fixes for building without AES CBC and support for PKCS7 without AES CBC.
2021-08-17 10:47:19 -07:00
a9b8b6d3de
Fix for PKCS7 heap hint in API unit test.
2021-08-17 10:46:53 -07:00
421be50cb8
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-17 10:52:20 +09:00
95ab6ce4b8
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
...
This test calls `wolfSSL_DSA_do_sign_ex` and `wolfSSL_DSA_do_verify_ex`, both
of which don't exist if `HAVE_FIPS` is defined.
2021-08-16 17:42:00 -07:00
d4391bd997
Parse distinguished names in `DoCertificateRequest`
...
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
2021-08-14 00:24:08 +02:00
647e007eea
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
2021-08-14 00:24:08 +02:00
b2380069f0
Merge pull request #4261 from dgarske/rsa_der_pub
2021-08-13 13:36:01 -07:00
ca06694bfb
Merge pull request #4282 from miyazakh/SSL_CIPHER_xx
...
Add SSL_CIPHER_get_xxx_nid support
2021-08-13 13:48:31 -06:00
5235b7d1e6
Merge pull request #4291 from miyazakh/PARAM_set1_ip
...
Add X509_VERIFY_PARAM_set1_ip support
2021-08-13 13:45:33 -06:00
ec4e336866
Merge pull request #4299 from haydenroche5/evp_pkey_dec_enc_improvements
...
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
2021-08-13 08:10:20 -07:00
3be13f7358
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
...
- Handle case where output buffer is NULL. In this case, passed in output buffer
length pointer should be given the maximum output buffer size needed.
- Add better debug messages.
2021-08-12 18:46:15 -07:00
7dea1dcd39
OpenResty 1.13.6.2 and 1.19.3.1 support
...
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list
# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
cccb8f940a
Merge pull request #4209 from julek-wolfssl/net-snmp
...
Add support for net-snmp
2021-08-12 13:06:21 -07:00
93a1fe4580
Merge pull request #4205 from julek-wolfssl/wpas-include-extra-stuff
...
Include stuff needed for EAP in hostap
2021-08-12 11:17:23 -07:00
d4b0ec0705
Merge pull request #4290 from TakayukiMatsuo/general
...
Add wolfSSL_GENERAL_NAME_print
2021-08-12 09:51:28 -06:00
517309724a
Add wolfSSL_GENERAL_NAME_print
2021-08-12 14:17:41 +09:00
fc4e4eacba
Merge pull request #4292 from kojo1/evp
...
EVP_CIPHER_CTX_set_iv_length
2021-08-11 16:13:26 -06:00
fdb6c8141e
Merge pull request #4274 from haydenroche5/pyopenssl
...
Add support for pyOpenSSL.
2021-08-10 11:49:07 -07:00
c0b085dd4a
EVP_CIPHER_CTX_set_iv_length
2021-08-08 14:49:28 +09:00
a066c48f55
fix jenkins failure
2021-08-07 11:13:41 +09:00
a851e13f1d
implemented X509_VERIFY_PARAM_set1_ip
2021-08-07 10:50:57 +09:00
1b2d57123f
tests/api.c: add missing (void) arg lists.
2021-08-05 15:30:33 -05:00
fab227411f
Free ECC cache per thread when used
2021-08-05 15:34:47 +02:00
1e491993ca
add a2i_IPADDRESS
2021-08-05 16:53:36 +07:00
67e773db91
implement SSL_CIPHER_xxxx
2021-08-05 09:42:55 +09:00
5465d40ee3
Attempt to move asn.c RSA API defs into asn_public.h, since ASN is not in FIPS boundary.
2021-08-04 17:42:46 -07:00
35a33b2f00
Add support for pyOpenSSL.
...
pyOpenSSL needs the OpenSSL function X509_EXTENSION_dup, so this commit adds
that to the compatibility layer. It also needs to be able to access the DER
encoding of the subject alt names in a cert, so that's added as well.
2021-08-04 14:08:43 -07:00
fdbe3f0ff1
Merge pull request #4258 from miyazakh/evp_md_do_all
...
add EVP_MD_do_all and OBJ_NAME_do_all support
2021-08-04 12:17:27 -06:00
d39893baa0
add ctx set msg callback
2021-08-04 16:49:01 +07:00
d64768abff
Merge pull request #4265 from miyazakh/ecc_pubkey
...
update der size in actual length
2021-08-03 16:41:36 -06:00
c7a6b17922
Need to free ecc cache
2021-08-03 19:29:08 +02:00
2bbd04f10f
Implement BIO_new_accept and BIO_do_accept
2021-08-03 19:29:08 +02:00
46b061c7bc
Include stuff needed for EAP in hostap
...
Patch that includes the API needed for EAP in hostapd and wpa_supplicant
2021-08-03 17:52:50 +02:00
dc7ae37f7a
Make changes to support port of NTP from OpenSSL to wolfSSL.
2021-08-02 13:33:18 -07:00
a5b55344b1
Merge pull request #2760 from kojo1/EVP-test
...
additional test on EVP_CipherUpdate/Final
2021-08-02 09:23:00 -07:00
0dc98b8299
Add support for EVP_shake128/256
2021-08-02 13:00:31 +09:00
bad9a973b4
remove hard tabs and other minor fixes
2021-07-30 07:07:40 +09:00
297ae23521
additional test on EVP_CipherUpdate/Final
2021-07-30 06:50:01 +09:00
c69d6d2491
Added public API `wc_RsaKeyToPublicDer_ex` to allow getting RSA public key without ASN.1 header (can return only seq + n + e). Related to PR #4068 . Cleanup documentation for RSA and wolfIO. Consolidate duplicate code in `wc_RsaPublicKeyDerSize`.
2021-07-29 09:27:50 -07:00
6f2853ef28
Merge pull request #4251 from dgarske/openssl_all
...
Fixes for edge case builds with openssl all
2021-07-29 08:58:22 -07:00
2b43052f36
update pkey sz in actual length
2021-07-29 23:28:10 +09:00
e333632ad0
add obj_name_do_all
2021-07-29 14:37:10 +09:00
2abf23cbc9
fix jenkins failure
2021-07-29 09:03:38 +09:00
b2b5d4e603
add evp_md_do_all
2021-07-29 08:59:26 +09:00
2c1fed8262
Fixes for edge case builds with openssl all. Improvements to the `test_wolfSSL_PKCS8_d2i`. Allow forceful disable of OCSP with `./configure --enable-opensslall --disable-ocsp`.
2021-07-28 12:32:08 -07:00
4da7fbb654
tests: use different IPv4 address in + add IPv6 SAN to generated cert
2021-07-28 09:36:21 +02:00
0d0dfc3f5e
Merge pull request #4238 from dgarske/xc32
...
Fixes for building with Microchip XC32 and ATECC
2021-07-28 09:33:01 +10:00
2dac9a2a81
Merge pull request #4228 from miyazakh/EVP_blake2xx
...
add EVP_blake2 compatibility layer API
2021-07-27 11:45:37 -06:00
d49d8a9286
Merge pull request #4204 from SparkiDev/ecies_sec1
...
ECIES: SEC.1 and ISO 18033 support
2021-07-27 09:43:53 -07:00
a92f03a11e
Fixes for building with Microchip XC32 and ATECC.
2021-07-27 08:20:20 -07:00
8c63701577
Merge pull request #4247 from SparkiDev/dhp_to_der_fix
...
OpenSSL API: DH params to der
2021-07-26 17:00:34 -07:00
31dde4706e
ECIES: Support SEC 1 and ISO 18033
...
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
2021-07-27 09:30:53 +10:00
028c056c55
Merge pull request #4213 from lealem47/leakFixes
...
Addressing possible leaks in ssl.c and api.c
2021-07-26 23:32:19 +07:00
ce7e1ef94a
Merge pull request #4230 from douzzer/configure-max-bits-and-ex-data
...
configure options for max rsa/ecc bits and ex_data
2021-07-26 09:27:20 -06:00
7d5271ed71
OpenSSL API: DH params to der
...
Fix calculation of length of encoding in ssl.c.
Fix encoding to check proper length in asn.c.
Fix tests to check for correct value (api.c).
2021-07-26 22:47:46 +10:00
27c49b1673
Merge pull request #4075 from julek-wolfssl/bind-dns
...
Bind 9.17.9 and 9.11.22 Support
2021-07-26 11:24:57 +07:00
494e285cf1
configure.ac: add --with-max-rsa-bits, --with-max-ecc-bits, and --enable-context-extra-user-data[=#]; untabify and otherwise clean up whitespace; tweak api.c, ecc.h, rsa.h, and settings.h, for compatibility with new options.
2021-07-23 22:02:58 -05:00
e8d636771f
Merge pull request #4231 from haydenroche5/des3-iv-fips
...
Use correct DES IV size when using FIPS v2.
2021-07-23 09:38:56 -07:00
10168e093a
Rebase fixes
2021-07-23 18:14:54 +02:00
142ff6d885
Bind 9.11.22
2021-07-23 18:14:18 +02:00
06ebcca913
Code review and mp_int memory leak fixes
2021-07-23 18:14:18 +02:00
b4fd737fb1
Bind 9.17.9 Support
...
- Add `--enable-bind` configuration option
- New compatibility API:
- `RSA_get0_crt_params`
- `RSA_set0_crt_params`
- `RSA_get0_factors`
- `RSA_set0_factors`
- `RSA_test_flags`
- `HMAC_CTX_get_md`
- `EVP_MD_block_size`
- `EC_KEY_check_key`
- `o2i_ECPublicKey`
- `DH_get0_key`
- `DH_set0_key`
- Calling `EVP_MD_CTX_cleanup` on an uninitialized `EVP_MD_CTX` structure is no longer an error
- `DH_generate_parameters` and `DH_generate_parameters_ex` has been implemented
2021-07-23 18:14:12 +02:00
94373781b2
C++ fix: cast from void* to X509_OBJECT*
2021-07-23 14:56:38 +10:00
ec180f3901
Use correct DES IV size when using FIPS v2.
2021-07-22 18:17:41 -07:00
6a3ff81f2d
use EVP_get_digestbyname
2021-07-22 08:17:55 +09:00
b4c61b4df9
add EVP_blake2xyyy
2021-07-22 08:17:54 +09:00
c544c19013
Merge pull request #4227 from miyazakh/ERR_lib_error_string
...
add ERR_lib_error_string compatibility layer API
2021-07-21 11:19:29 -06:00
83c6688bee
Merge pull request #4135 from dgarske/evp_set1_eckey
...
Fixes for handling PKCS8 ECC key with EVP PKEY
2021-07-22 00:17:11 +07:00
b76d44dad9
add ERR_lib_error_string
2021-07-21 10:31:00 +09:00
2014d39254
fixes for valgrind-detected leaks and undefined data accesses: wolfSSL_{SHA*,MD5}_Final (OpenSSL compat wrappers): call wc_*Free() on sha state that otherwise leaks when _SMALL_STACK_CACHE; test_wc_curve25519_shared_secret_ex(): properly initialize public_key.
2021-07-20 18:26:05 -05:00
762b384be2
Fixes for `-pedantic` errors.
2021-07-20 10:02:16 -07:00
fd52424dd5
Improvements to PKCS8 handling.
...
* Fixes for handling PKCS8 in keys with EVP PKEY. Resolves QT test issues. Replacement to PR #3925 .
* Improved code handling for PKCS 8 headers. Change PemToDer to not strip the PKCS8 header.
* Add support in the ECC/RSA/DH key import code to support detection / handling of the PKCS8 header.
* Fix for `wc_RsaKeyToDer` to be exposed with `OPENSSL_EXTRA`.
* Adds EVP PKCS8 test case for RSA and ECC.
* Refactor `test_wolfSSL_OPENSSL_hexstr2buf` to resolve g++ compiler warning.
* Added new `WOLFSSL_TRAP_MALLOC_SZ` build option to trap mallocs that are over a specified size.
2021-07-20 10:02:16 -07:00
77c9b36b5a
Merge pull request #4181 from dgarske/sniffer_keycb
...
Sniffer fixes and new sniffer key callback support
2021-07-19 13:26:17 -07:00
186ff2b365
make -DNO_ED25519_KEY_{IMPORT,EXPORT} buildable, and fix api.c and suites.c so that -DNO_ED*_KEY_{IMPORT,EXPORT} pass make check.
2021-07-16 23:07:28 -05:00
ac92204c15
make -DNO_ED448_KEY_{IMPORT,EXPORT} buildable
2021-07-16 18:21:30 -05:00
c97eff6e61
evp.c: add missing checks and logic in wolfSSL_EVP_CIPHER_CTX_ctrl(), and fix api.c:test_IncCtr() to exercise wolfSSL_EVP_CIPHER_CTX_ctrl() with EVP_CTRL_GCM_IV_GEN using an AES cipher, with thanks to Juliusz.
2021-07-16 15:30:23 -05:00
9b43e57ccf
ED: add streaming API to the ED verify routines: wc_ed*_verify_msg_init(), wc_ed*_verify_msg_update(), wc_ed*_verify_msg_final();
...
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
2021-07-16 13:49:47 -05:00
73323e694f
Addressing possible leaks in ssl.c and api.c
2021-07-16 09:48:06 -06:00
f82fd01283
Merge pull request #4202 from JacobBarthelmeh/BuildOptions
...
fix for build with wpas and disable tls13
2021-07-14 09:07:08 -07:00
18399091ce
Merge pull request #4012 from julek-wolfssl/haproxy
...
HaProxy 2.4-dev18 support
2021-07-14 15:46:04 +07:00
2592a04d8a
fix for build with wpas and disable tls13
2021-07-13 15:49:40 +07:00
c01a63508a
account for testing on big endian system
2021-07-09 08:18:39 -06:00
e1b487ab9f
Fix for `wc_export_int` with `WC_TYPE_HEX_STR`, which was not returning the correct length.
2021-07-08 14:36:36 -07:00
b9dac74086
Merge pull request #4193 from JacobBarthelmeh/StaticAnalysisTests
...
Static analysis tests
2021-07-07 14:23:58 -07:00
86e5287a14
Merge pull request #4032 from TakayukiMatsuo/tk11968
...
Make wolfSSL_CTX_set_timeout reflect to Session-ticket-lifetime-hint
2021-07-07 22:26:06 +07:00
b7bd3766c7
Fix pedantic errors about macros in macros
2021-07-07 10:54:34 +02:00
7b9d6a3f5e
Merge pull request #3792 from TakayukiMatsuo/os_keylog
...
Add wolfSSL_CTX_set_keylog_callback
2021-07-07 15:34:33 +07:00
1acf906612
Code review changes
2021-07-06 15:39:23 +02:00
1b6b16c2c3
HaProxy 2.4-dev18 support
...
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
- `STACK_TYPE_X509_OBJ`
- `OCSP_id_cmp`
- `X509_STORE_get0_objects`
- `X509V3_EXT_nconf_nid`
- `X509V3_EXT_nconf`
- `X509_chain_up_ref`
- `X509_NAME_hash`
- `sk_X509_NAME_new_null`
- `X509_OBJECT_get0_X509`
- `X509_OBJECT_get0_X509_CRL`
- `ASN1_OCTET_STRING_free`
- `X509_LOOKUP_TYPE`
- `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
- WOLFSSL_CTX
- Enable all compiled in protocols
- Allow anonymous ciphers
- Set message grouping
- Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
- Return first that occured
- Set correct value on date error
- Set revoked error on OCSP or CRL error
- Save value in session and restore on resumption
- Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-07-06 15:39:23 +02:00
ae00b5acd0
some minor changes for unintialized and null infer reports
2021-07-06 14:13:45 +07:00
5df0f7820a
Add wolfSSL_CTX_set_keylog_callback
2021-07-03 14:51:23 +09:00
567d8ed704
Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition.
2021-07-02 10:50:00 +09:00
aef9e560b1
Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint.
2021-07-02 09:15:01 +09:00
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7
...
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
2021-07-01 17:03:56 -07:00
9179071af5
Merge pull request #4153 from JacobBarthelmeh/Testing
...
fix for keyid with ktri cms
2021-06-29 11:40:00 -06:00
74b9b5a8cd
Merge pull request #4156 from SparkiDev/regression_fixes_1
...
Regression test fixes
2021-06-25 07:48:02 -07:00
5038a27cda
add test cases and set content oid with decode encrypted data
2021-06-25 21:16:01 +07:00
dab6724059
Regression fixes: more configurations
...
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
&& make
./configure --disable-aescbc --disable-chacha --disable-poly1305
--disable-coding && make
2021-06-25 15:23:51 +10:00
1994811d24
Merge pull request #4144 from haydenroche5/pkcs8
...
Make a bunch of PKCS#8 improvements.
2021-06-25 12:22:11 +10:00
8592053856
Regression test fixes
...
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
2021-06-25 09:18:06 +10:00
656e49cc3b
Expand SHA-3 support
...
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
2021-06-24 19:31:43 +02:00
b3401bd102
Make a bunch of PKCS#8 improvements.
...
- Add doxygen documentation for wc_GetPkcs8TraditionalOffset, wc_CreatePKCS8Key,
wc_EncryptPKCS8Key, and wc_DecryptPKCS8Key.
- Add a new API function, wc_CreateEncryptedPKCS8Key, which handles both
creation of an unencrypted PKCS#8 key and the subsequent encrypting of said key.
This is a wrapper around TraditionalEnc, which does the same thing. This may
become a first-class function at some point (i.e. not a wrapper). TraditionalEnc
is left as is since it is used in the wild.
- Added a unit test which exercises wc_CreateEncryptedPKCS8Key and
wc_DecryptPKCS8Key. Testing wc_CreateEncryptedPKCS8Key inherently also tests
TraditionalEnc, wc_CreatePKCS8Key, and wc_EncryptPKCS8Key.
- Modified wc_EncryptPKCS8Key to be able to return the required output buffer
size via LENGTH_ONLY_E idiom.
- Added parameter checking to wc_EncryptPKCS8Key and wc_DecryptPKCS8Key.
2021-06-23 08:39:20 -07:00
2923d812bd
Merge pull request #4058 from miyazakh/qt_oslext_cs
...
TLS: extend set_cipher_list() compatibility layer API
2021-06-23 10:12:11 +10:00
4b3bd3e384
Merge pull request #4049 from miyazakh/set_verifyDepth_3
...
Set verify depth limit
2021-06-22 10:23:43 -06:00
446393bcab
Merge pull request #3793 from TakayukiMatsuo/os_base64
...
Add wolfSSL_EVP_Encode/Decode APIs
2021-06-22 10:19:30 -06:00
b050463dce
Merge pull request #4059 from miyazakh/qt_unit_test
...
fix qt unit test
2021-06-22 10:12:48 -06:00
647bde671c
macro guard on test case
2021-06-22 22:56:35 +07:00
3cd43cf692
fix for keyid with ktri cms
2021-06-22 21:33:12 +07:00
c4ea64b7fc
Merge pull request #4140 from SparkiDev/set_sig_algs
2021-06-21 19:18:10 -07:00
7224fcd9bc
TLS: add support for user setting signature algorithms
2021-06-18 16:19:01 +10:00
1ebb4a47f6
addressed jenkins failure
2021-06-18 11:22:20 +09:00
4feedb72cc
simulate set_ciphersuites comp. API
2021-06-18 11:22:19 +09:00
ddf2a0227f
additional fix for set verify depth to be compliant with openssl limit
2021-06-18 11:00:51 +09:00
951de64e2c
set PSK at the beginning
2021-06-18 07:59:35 +09:00
1307972344
Update use of joi cert and add to renew script.
2021-06-16 13:55:36 -05:00
9e02655ac4
Merge remote-tracking branch 'upstream/master' into os_base64
2021-06-16 23:19:52 +09:00
b73673a218
Merge pull request #3794 from TakayukiMatsuo/os_keyprint
...
Add wolfSSL_EVP_PKEY_print_public
2021-06-16 08:43:41 +10:00
c6680d08ba
Fix coding issues
2021-06-15 11:16:38 +09:00
77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup
...
Fixes for some `-pedantic` errors
2021-06-14 13:46:39 -07:00
fd6b30ef32
Merge pull request #4111 from elms/silabs/fix_ecc_shared_secret_outlen
...
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
2021-06-14 13:44:00 -07:00
a8d185cb9e
Merge pull request #4117 from TakayukiMatsuo/tk12403
...
Add null-parameters-test cases for SHA(), SHA224(), MD5() and MD5_xxx().
2021-06-14 13:52:01 -06:00
ed4cf6e91c
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
...
secure element computes and returns the full coordinate. The wolfSSL
API should only return the x component.
2021-06-13 21:46:23 -07:00
ebec2fbd25
Fixed uninitialized parameter for Base16_Encode
2021-06-14 13:45:12 +09:00
Chris Conlon
JacobBarthelmeh
John Safranek
David Garske
Hideki Miyazaki
Hayden Roche
Takashi Kojo
Sean Parkinson
Daniel Pouzzner
Juliusz Sosinowicz
TakayukiMatsuo
elms
Takashi Kojo
Per Allansson
Lealem Amedie
Eric Blankenhorn