WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
11,628 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

2101 Commits (b952f18eb414d632f157623333f4ba3e844523dd)

Author SHA1 Message Date
Juliusz Sosinowicz b736a65fa8 Fix redefinition issue 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 2218f7b95d Fix merge issues 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz d6686f1320 Remove usage of res in wolfSSL_BN_clear_bit 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 5c4d3df4f3 Fix broken Windows FIPS build 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz f55cfd7ba7 Fix missing wolfSSL_i2d_RSAPrivateKey references 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 3fcec191a4 Refactor wolfSSL_RSA_To_Der 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 5ed1c233b7 Sean comments 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz dac23dfe15 Add DSA and DH free to wolfSSL_EVP_PKEY_set1_EC_KEY 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 7aaa89aedc Cleanup bn_one in wolfSSL_Cleanup 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz eedbce7c0a Null-check keyFormat 
Zero all of WOLFSSL_DH struct
Fix macros for self-test
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 7ce7017521 Fix memory leaks when compiling with SMALL_STACK 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz f765b711bf More macro preproc stuff 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 48b39a34c7 Properly Init mp_int number 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz b592b241c7 Fix Segfault in wolfSSL_EC_KEY_dup 
Fix more header stuff
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz b58f26945d Different configuration fixes 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 50f8fb1475 Enable wc_RsaKeyToDer even when key generation is turned off 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz e6547c75cd Reimplement external data as it was before: a fixed size vector. This makes external data implementation easier as it doesn't require allocation or cleanup. Only zeroing the entire structure that it is in (which happens in all structures anyway) and then calling the appropriate getter and setter functions to manipulate external data. 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 9a0d3ba369 Check boundaries in B64 decode 
ERR_get_error will always return a positive error code
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz d6a160c637 Fix error codes for OpenSSL compatiblity 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 6e72a299d7 Don't undef HAVE_GETADDRINFO as it disables defines in projects using wolfSSL 
Change test_wolfssl_EVP_aes_gcm so that changing the tag will fail the authentication check
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz ab56d078a4 keygen-moduli passed 
Handle trailing newlines in wolfSSL_BN_hex2bn
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz ae948e2a07 Pass try-ciphers 
define EVP_CIPHER_CTX_set_iv as wolfSSL_EVP_CIPHER_CTX_set_iv
add wolfSSL_GetLoggingCb functionality when compiling without enable-debug
fix initialization vector handling of all cipher modes when using our EVP layer. The IV was incorrectly handled in initialization as well as not being updated after processing
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz fbedabe601 OpenSSH changes 
- increase FP_MAX_BITS for OpenSSH
- Add helpful loggin API (names are self-explanatory)
-- wolfSSL_GetLoggingCb
-- WOLFSSL_IS_DEBUG_ON
- Define WOLFSSL_EC_METHOD as an alias of WOLFSSL_EC_GROUP
- Add wolfSSL_EC_GROUP_method_of which really just returns the group itself
- Add wolfSSL_EC_METHOD_get_field_type which gets the curve type of the WOLFSSL_EC_GROUP(remember that WOLFSSL_EC_METHOD is an alias of WOLFSSL_EC_GROUP for now)
- Modify Base64_Decode so that it accepts arbitrary PEM line length
- Modify PemToDer so that it accepts private keys with a custom -----BEGIN * PRIVATE KEY----- header
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 84a2ca7a4e Map the Jacobian point back to affine space in wolfSSL_EC_POINT_get_affine_coordinates_GFp 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz aea95232d1 WIP 
Add EC_POINT conversion to BIGNUM (EC_POINT_point2bn)
Add setting affine coordinates for EC_POINT (EC_POINT_set_affine_coordinates_GFp)
Add bit clearing for BIGNUM (BN_clear_bit)
Add supporting unit tests in api.c
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 89e35e2547 openssh 8.1 compiles 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz b5c52d7c70 openssh WIP and some light refactoring 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 41de1bb156 WIP 2020-02-18 21:36:26 +01:00
Juliusz Sosinowicz b05cfaa601 Add aes-gcm to wolfSSL_EVP_get_cipherbyname and wolfSSL_EVP_get_cipherbynid 2020-02-18 21:34:23 +01:00
Eric Blankenhorn 59fb81c950 Add fix 2020-02-17 16:47:47 -06:00
toddouska f2e1266f2d
Merge pull request #2791 from dgarske/async_fixes 
Fixes for asynchronous crypto issues
 2020-02-17 11:43:13 -08:00
toddouska fda322829f
Merge pull request #2796 from JacobBarthelmeh/Compatibility-Layer 
free existing cert store when setting a new one
 2020-02-17 11:37:56 -08:00
JacobBarthelmeh 30936e7ad4
Merge pull request #2793 from kaleb-himes/ZD9865 
Fix issue in wolfSSL_EVP_PKEY_assign_RSA when RSA key not zeroized
 2020-02-14 16:40:52 -07:00
David Garske 8f6a614d17
Merge pull request #2797 from kaleb-himes/JENKINS_STUFF 
--disable-supportedcurves --enable-opensslextra - NIGHTLY DISABLE OPT…
 2020-02-14 09:01:03 -08:00
toddouska b038e2e8f0
Merge pull request #2771 from JacobBarthelmeh/Windows 
change public Timeval to WOLFSSL_TIMEVAL
 2020-02-13 09:38:42 -08:00
kaleb-himes bb7508f570 --disable-supportedcurves --enable-opensslextra - NIGHTLY DISABLE OPTIONS TEST 2020-02-12 15:57:00 -07:00
Jacob Barthelmeh 8e1adb125c free existing cert store when setting a new one 2020-02-12 15:45:44 -07:00
Stanislav Klima 109173d756 Fix two resource leaks. 2020-02-12 12:57:40 +01:00
kaleb-himes 5b7fc7b133 Address failure when blinding disabled and key not initialized to zero 2020-02-11 14:39:30 -07:00
David Garske f322b71526 wolfCrypt fixes for asynchronous (--enable-asynccrypt): 
* Fix for ECC and using NULL curve->order (wasn't loaded).
* Fix for typo on heap.
* Fix for QT case where GetInt failure retry did not "init" the mp_int.
 2020-02-07 13:34:43 -08:00
John Safranek 7648997e37
ABI Additions 
Added the functions wolfSSL_GetRNG(), wolfSSL_CTX_GetDevId(),
      wc_ecc_import_x963(), and wc_RNG_GenerateBlock() to the ABI
      testing.
 2020-02-06 13:33:38 -08:00
Stanislav Klima da3df4f9c6 Changing logic to remove dead code section. 2020-02-05 19:36:37 +01:00
Stanislav Klima 0964272dc6 Resource leak fix. 2020-02-05 18:28:50 +01:00
Tesfa Mael b67fd249e2 Fix for cppcheck 2020-02-04 08:55:37 -08:00
Chris Conlon b29fe41a35
Merge pull request #2738 from SparkiDev/cppcheck_fixes_3 
Changes to clear issues raised by cppcheck
 2020-02-03 17:02:40 -07:00
toddouska 63a73be3f0
Merge pull request #2777 from dgarske/constchar 
Fixes for char strings not marked as const.
 2020-02-03 11:12:55 -08:00
Juliusz Sosinowicz 420e597c16 Move functions to ssl.c 2020-02-01 10:06:53 +01:00
Juliusz Sosinowicz e13d9f7f1b Add SSL_CTX_set1_groups_list and SSL_set1_groups_list APIs 2020-01-31 06:38:38 +01:00
David Garske 928f641064 Fixes for char strings not marked as const. The `const` is an optimization to allow use from flash, which saves RAM space on embedded devices. 2020-01-30 13:53:06 -08:00
Sean Parkinson 55ea2facdd Changes to clear issues raised by cppcheck 2020-01-30 14:24:32 +10:00
Stanislav Klima c938cb35ca Logically dead code. 2020-01-29 17:35:15 +01:00
Stanislav Klima ed88e8d1c5 Logically dead code. 2020-01-29 17:34:58 +01:00
Stanislav Klima 2db62f744a Logically dead code. 2020-01-29 17:34:40 +01:00
Stanislav Klima 670ba75ea4 Missing varargs cleanup. 2020-01-29 17:33:59 +01:00
Stanislav Klima 2d36624d84 NULL dereference. 2020-01-29 17:33:38 +01:00
Stanislav Klima df0b0a6e91 NULL dereference. 2020-01-29 17:31:14 +01:00
Stanislav Klima 70cb97c116 NULL dereference. 2020-01-29 17:30:57 +01:00
Stanislav Klima 972790fb86 Resource leak. 2020-01-29 17:30:35 +01:00
Stanislav Klima 451d0a470a Resource leak. 2020-01-29 17:30:14 +01:00
Stanislav Klima 96d1593735 Possible use after free. 2020-01-29 17:29:52 +01:00
Jacob Barthelmeh a9e9120fa0 change public Timeval to WOLFSSL_TIMEVAL 2020-01-28 17:11:46 -07:00
JacobBarthelmeh 695b126a1c
Merge pull request #2739 from dgarske/pkcs8_ed25519 
Added PKCS8 support for ED25519
 2020-01-24 10:56:40 -08:00
Chris Conlon d1e39668aa
Merge pull request #2740 from aaronjense/compatibility-fixes 
Compatibility Layer Fixes
 2020-01-23 08:25:40 -08:00
David Garske 2cd3474e9d Improve "keyFormat" to always set based on "algId" and let the later key parsing code produce failure. 2020-01-20 20:49:55 -08:00
David Garske 0489cc97a8 Fix for `ProcessBuffer` with PEM private keys, where `PemToDer` call was only setting `eccKey`. Cleanup to use "keyFormat" OID sum. 2020-01-20 20:49:55 -08:00
David Garske 40c8562dc2 Added PKCS8 support for ED25519. 2020-01-20 20:47:47 -08:00
David Garske 7707234901
Merge pull request #2743 from JacobBarthelmeh/Compatibility-Layer 
adjust set1 curves list function for TLS extension sent
 2020-01-20 16:19:55 -08:00
Jacob Barthelmeh 356636e88d fix typo 2020-01-17 15:13:52 -07:00
Jacob Barthelmeh c5932a9874 account for leantls and selftest builds 2020-01-17 13:32:59 -07:00
Jacob Barthelmeh bd4a9c69dd convert name to oidsum to curve type for setting supported curves 2020-01-17 11:56:46 -07:00
Jacob Barthelmeh d8c5353466 adjust set1 curves list function for TLS extension sent 2020-01-16 13:21:14 -07:00
Aaron Jense 3db7b44be4 Compatibility Layer Fixes 2020-01-15 13:49:47 -07:00
John Safranek c69bd5169f
Switch strncpy to memcpy in the altname store function. 2020-01-10 20:34:14 -08:00
John Safranek 8d1b20706c
Maintenance: X509 
1. Add a test for the new alt name handling.
2. Added an API to set altnames in a WOLFSSL_X509 struct. Just adds
DNS_entries.
3. Removed the "static" from a bunch of constant byte arrays used inside
some of the ASN.1 code.
 2020-01-10 20:26:35 -08:00
John Safranek 5dcffa6b40
Maintenance: X509 
1. Fix for issue #2724. When making a certificate out of an X.509
structure, the subject alt names weren't getting correctly copied.
2. Added a function to flatten the DNS_entries into a sequence of
GeneralNames.
3. Put the proper certificate extension wrapping around the flattened
general names.
 2020-01-10 20:26:35 -08:00
John Safranek 7571fbdbfb
Maintenance: X509 
1. Fix for issue #2718. Added a flag to the X509 structure when someone
sets the issuer name.
2. When making a certificate out of the X509, if the issuer name is set
clear the self-signed flag in the cert.
3. Propigate the flat X509_NAMEs to the string the cert building code
uses.
 2020-01-10 20:25:43 -08:00
JacobBarthelmeh 6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513 
Add Qt 5.12 and 5.13 support
 2020-01-10 17:34:23 -07:00
David Garske 1f104e52a3
Merge pull request #2715 from ejohnstown/maint-dtls 
Maintentance: DTLS
 2020-01-10 14:43:15 -08:00
Carie Pointer 544ff3f9ac Fix length in wolfSSL_sk_CIPHER_description 2020-01-10 11:26:57 -07:00
Carie Pointer ef99086aee Fix valgrind errors 2020-01-10 10:08:39 -07:00
Carie Pointer de3536a067 More fixes from review 2020-01-09 17:28:20 -07:00
cariepointer a9cf16cc2b
Merge branch 'master' into apache-fixes 2020-01-09 16:33:35 -07:00
toddouska f3b2815e1f
Merge pull request #2708 from julek-wolfssl/nginx-fix 
Nginx fix
 2020-01-09 15:00:59 -08:00
Carie Pointer 0938cdde52 Remove dup->dynamicName = 1 call 2020-01-09 14:09:38 -08:00
Carie Pointer 47040f1dae EC_KEY_dup fixes 2020-01-09 14:35:57 -07:00
Carie Pointer b9c99709f7 Fixes from review 2020-01-08 12:48:01 -07:00
Carie Pointer f13cee2689 Add comments above functions 2020-01-07 17:30:25 -07:00
Carie Pointer 28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
toddouska d257003341
Merge pull request #2711 from cconlon/copyright2020 
update copyright to 2020
 2020-01-07 08:40:15 -08:00
Carie Pointer 9e4836a863 Fix for jenkins test failure 2020-01-07 08:11:05 -08:00
Carie Pointer 681ecf0e58 Fixes for wolfSSL_CTX_load_verify_locations_ex 2020-01-06 14:32:32 -08:00
JacobBarthelmeh ce0475a8e0
Merge pull request #2689 from tmael/pkey_freeMutex 
Free EVP ctx pkey
 2020-01-06 23:15:00 +07:00
Carie Pointer 26eea36d7f Fix X509_NAME issues for Apache 2020-01-03 15:40:52 -08:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Juliusz Sosinowicz 443b7ed0c4 Accept newline and null teminator at end of X509 certificate 2020-01-02 10:52:02 +01:00
toddouska 4f71bcfa7c
Merge pull request #2704 from ejohnstown/renegotiation 
Maintenance: Renegotiation
 2019-12-30 16:45:31 -08:00
toddouska abc96f20fb
Merge pull request #2696 from embhorn/cert_vfy_CB 
CertManager verify callback
 2019-12-30 11:57:44 -08:00
toddouska 78fa84be00
Merge pull request #2649 from SparkiDev/rsa_pubonly 
Fix RSA public key only builds
 2019-12-27 12:55:34 -08:00
toddouska dd28f26c44
Merge pull request #2699 from JacobBarthelmeh/Testing 
big endian changes
 2019-12-27 12:52:30 -08:00
John Safranek add7cdd4e2
Maintenance: Renegotiation 
1. Found a corner case where secure renegotiation would fail trying to
inappropriately use a session ticket.
2. Explicitly split renegotiation into Rehandshake and SecureResume.
 2019-12-26 16:39:44 -08:00
Eric Blankenhorn 8580bd9937 CertManager verify callback 
Execute verify callback from wolfSSL_CertManagerLoadCA
 2019-12-26 09:29:03 -06:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
JacobBarthelmeh ca59bc2d16 big endian changes 2019-12-23 12:33:59 -07:00
Tesfa Mael 99a7aff31e Increment pkey references count 2019-12-20 22:38:54 -08:00
Tesfa Mael 48e59eaeb1 Free EVP ctx pkey 2019-12-20 22:38:54 -08:00
John Safranek 6c7e86f366
Maintentance: DTLS 
1. Client wasn't skipping a handshake state when the server sends a
hello without a hello verify. It ended up resetting the handshake hash
and resending Hello with its next messages.
 2019-12-19 11:48:05 -08:00
David Garske 2aa8fa2de6
Merge pull request #2688 from kaleb-himes/GH2552 
use const to declare array rather than variable sz - VS doesn't like …
 2019-12-19 08:52:30 -08:00
kaleb-himes 95c0c1f2a5 use const to declare array rather than variable sz - VS doesn't like this 2019-12-18 16:08:26 -08:00
David Garske c054293926
Merge pull request #2684 from JacobBarthelmeh/build-tests 
fix for g++ build warning
 2019-12-18 12:09:29 -08:00
toddouska 5a04ee0d8b
Merge pull request #2640 from dgarske/alt_chain 
Fixes for Alternate chain processing
 2019-12-18 09:38:45 -08:00
Jacob Barthelmeh b5f645ea00 fix for g++ build warning 2019-12-18 10:01:52 -07:00
toddouska f81ce71c25
Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer 
add --disable-errorqueue option
 2019-12-17 16:37:02 -08:00
Eric Blankenhorn 51d5abd63f Clarify wolfSSL_shutdown error on subsequent calls 2019-12-12 13:16:52 -06:00
Jacob Barthelmeh 2e5258fe15 add --disable-errorqueue option 2019-12-11 11:19:58 -07:00
Carie Pointer c66ca1b774 Remove unused dNSName malloc from wolfSSL_X509_get_ext_d2i 2019-12-10 17:00:16 -07:00
Carie Pointer 4511557f01 More jenkins test fixes 2019-12-09 15:57:53 -07:00
Carie Pointer 9ad970d8a4 Fixes for jenkins test failures 2019-12-09 14:04:52 -07:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support 
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
 2019-12-06 14:27:01 -07:00
Sean Parkinson 2528121925 Fix RSA public key only builds 
Client side only and no client auth
 2019-12-06 20:42:27 +10:00
toddouska 7ec448ac0c
Merge pull request #2617 from embhorn/zd9553 
Fix for vasprintf with AIX
 2019-12-05 16:15:24 -08:00
toddouska 312d5c98b3
Merge pull request #2535 from julek-wolfssl/nginx-1.15 
Nginx 1.15.0 & 1.16.1
 2019-12-05 14:40:45 -08:00
toddouska a13ebf5258
Merge pull request #2543 from embhorn/zd5706 
Update DoVerifyCallback to check verify param hostName and ipasc
 2019-12-05 14:38:47 -08:00
David Garske 9b437384de Allow `AddCA` for root CA's over the wire that do not have the extended key usage cert_sign set. 2019-12-04 14:14:37 -08:00
Eric Blankenhorn 1026c4359d Cast XMALLOC 2019-11-27 14:47:48 -06:00
Eric Blankenhorn 806db8096c Replace use of vasprintf 2019-11-27 11:00:28 -06:00
Juliusz Sosinowicz b06cee333c Add error on EOF 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 0f4a002f4f Formatting 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 9be1b4cfd8 Remove tabs 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 944d5e1045 Don't count null char in better way 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 7c1a1dfd1f Variable declaration at start of scope 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 308c5f3370 Fix implicit cast 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 5f39e12b21 Fix leak in SSL_CTX_set0_chain 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 8dde06bbca Fix compile errors 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz dd07344499 SSL_SESSION_dup 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 3c9d191a5b Don't propogate ASN_NO_PEM_HEADER from wolfSSL_load_client_CA_file 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 1962159d89 more NGINX defines 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz b71758895e Add support for SSL_CTX_set0_chain 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz 9fbc167d0c Declare at start of scope 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz d9ab0c4bcb Check bounds 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz f0abd4ea82 WIP 2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz 9064de1e75 Set proper WOLFSSL_ASN1_TIME in thisupd and nextupd in wolfSSL_OCSP_resp_find_status 2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz 31c0abd610 wolfSSL_X509_NAME_print_ex should not put the null terminator in the BIO 2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz a892f2a95a Changes for nginx 1.15 
- ssl.c: add to check to overwrite existing session ID if found
- evp.c: wolfSSL_EVP_DecryptFinal* was checking for wrong value
 2019-11-27 17:45:49 +01:00
toddouska 7cb5fe5e2a
Merge pull request #2620 from tmael/ALPN_input 
Fix alpn buffer overrun
 2019-11-26 15:31:56 -08:00
toddouska 57df5c10c9
Merge pull request #2619 from dgarske/async_mem 
Fix for Intel QuickAssist asynchronous build
 2019-11-26 15:29:04 -08:00
toddouska 9b7cd6bdfd
Merge pull request #2613 from tmael/evp_aes_gcm 
Set default IV length for EVP aes gcm
 2019-11-26 15:18:27 -08:00
toddouska 9ecafa7afe
Merge pull request #2557 from tmael/cert_store_ls_x509 
Retrieve a stack of X509 certs
 2019-11-26 15:16:09 -08:00
Tesfa Mael 8bc3b7df35 Free x509 2019-11-22 14:31:59 -08:00
Tesfa Mael cf127ec05f Fix buffer overrun 2019-11-22 10:33:17 -08:00
David Garske be88bce36d Fix for issues with `wolfSSL_OBJ_nid2sn` and `wc_OBJ_sn2nid` and logic finding max item when `WOLFSSL_CUSTOM_CURVES` and `ECC_CACHE_CURVE` are defined. Improvements to `wolfSSL_EC_get_builtin_curves` to avoid using "min" as variable name and eliminate using a local static. 2019-11-22 10:09:10 -08:00
Eric Blankenhorn b57294eff7 Fix for vasprintf with AIX 2019-11-21 12:23:15 -06:00
Tesfa Mael 428d51e664 IV is set in the evp ctx level 2019-11-21 09:58:03 -08:00
Tesfa Mael f95d5eebff Add FreeX509() to clean up when sk stack is empty 2019-11-20 17:02:13 -08:00
Tesfa Mael f1fbabbb60 Use default 96-bits IV length when unset 2019-11-20 09:09:12 -08:00
Tesfa Mael 62eaa27b41 Review comment, avoid double-free 2019-11-19 15:29:48 -08:00
toddouska 5c4da3e6fa
Merge pull request #2598 from dgarske/max_file_sz 
Improvements to file size checks
 2019-11-19 11:59:21 -08:00
toddouska c6dac64438
Merge pull request #2594 from ejohnstown/maintenance-BLAKE2 
Maintenance BLAKE2
 2019-11-18 17:05:01 -08:00
Tesfa Mael 74dd142a51 Review comment 2019-11-18 15:13:59 -08:00
David Garske 48d0b53074 Fix for `wolfSSL_cmp_peer_cert_to_file` compiler warning with `size_t` vs `long`. 2019-11-18 14:01:16 -08:00
David Garske ca5549ae91 Improvements for `XFTELL` return code and `MAX_WOLFSSL_FILE_SIZE` checking. 
Fixes #2527
 2019-11-18 13:49:06 -08:00
John Safranek 8347d00bf2
Maintenance BLAKE2 
1. Remove the BLAKE2 HMAC from wolfSSL and its testing.
 2019-11-18 13:31:15 -08:00
David Garske 95b83272dd Implementation for `SSL_CTX_add1_chain_cert`. 2019-11-18 10:19:48 -08:00
Tesfa Mael 520a032b71 Add show x509 test 2019-11-15 13:23:08 -08:00
Tesfa Mael 6ca12787ae retrieve a stack of X509 certs in a cert manager and a store ctx 2019-11-15 13:23:08 -08:00
David Garske af142b307b Support for WebRTC (ref m79): 
* Fixed `set1_curves_list` API's to use `const char*` for names.
* Fixed `ossl_typ.h` to include `ssl.h` compatibility.
* Added `SSL_CTX_up_ref`.
* Added `wolfSSL_set1_curves_list`
* Added `TLS_method` and `DTLS_method`
* Added `SSL_CIPHER_standard_name`.
* Added `X509_STORE_CTX_get0_cert`
* Added `SSL_CTX_set_cert_verify_callback`.
* Enabled "either" side support when `--enable-opensslall` is used.
* Changed `SSL_CIPHER_get_rfc_name` to use `wolfSSL_CIPHER_get_name` instead of stub.
 2019-11-13 12:34:33 -08:00
toddouska 46bc8e092a
Merge pull request #2582 from ejohnstown/abi-current 
ABI
 2019-11-13 11:24:45 -08:00
David Garske d8e40dea3f Fixes from peer review: 
* Reduced codesize when building with `OPENSSL_EXTRA_X509_SMALL`.
* Additional argument checks in `wolfSSL_ASN1_BIT_STRING_set_bit`, `wolfSSL_ASN1_STRING_to_UTF8`, `wolfSSL_RSA_meth_new`, `wolfSSL_RSA_meth_set`.
* Fix for compiler warnings in asn.c using strncmp to duplicate string. "specified bound depends on the length of the source argument"
 2019-11-11 15:39:23 -08:00
David Garske d17748b1ad Fix for `EC_GROUP_order_bits` and added unit test. 2019-11-11 14:58:23 -08:00
David Garske 2bae1d27a1 wolfSSL Compatibility support for OpenVPN 
* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
 2019-11-11 14:58:23 -08:00
John Safranek 5a21cec030
wolfSSL ABI 
Add ABI tags to the functions wolfSSL_Cleanup() to match wolfSSL_Init(),
wolfSSL_X509_free to match wolfSSL_load_certificate_file() which
allocates memory.
 2019-11-11 10:16:58 -08:00
John Safranek c6fa49d4b4
wolfSSL ABI 
Add the ABI tag to the prescribed list of functions in the header and source files.
 2019-11-08 15:06:18 -08:00
Jacob Barthelmeh 890eb415b1 fix for memory management on edge case with staticmemory 2019-11-05 15:13:26 -07:00
David Garske e48cf88a70
Merge pull request #2556 from embhorn/arm-test-fix 
Fix for ARM platforms
 2019-11-05 12:25:56 -08:00
toddouska e2b7bee9c8
Merge pull request #2533 from cariepointer/apache_bio_want_read 
Apache: Return WANT_READ in wolfSSLReceive if BIO retry and read flags are set
 2019-11-04 16:52:28 -08:00
Eric Blankenhorn 16899b55b2 Fix for ARM platforms 2019-11-04 11:54:36 -06:00
Eric Blankenhorn 54f023ac2c Clarify ipasc parameter usage 2019-11-01 10:33:49 -05:00
toddouska 9e852b3867
Merge pull request #2539 from dgarske/mutex_ref 
Fixes for cases where mutex was not being free'd
 2019-10-31 13:10:04 -07:00
toddouska 626e0efd99
Merge pull request #2530 from SparkiDev/pkcs11_tls_client 
Use the public key type as private key type with PKCS #11
 2019-10-31 13:06:32 -07:00
toddouska fca0705a0b
Merge pull request #2526 from aaronjense/libwebsockets-build-fix 
libwebsockets build fixes
 2019-10-31 13:05:46 -07:00
Eric Blankenhorn 58d800fbb7 Adding support for IP address verification 2019-10-31 09:15:22 -05:00
David Garske 760a90ef5d Fixes for cases where mutex is not being free'd. 2019-10-30 10:11:06 -07:00
Carie Pointer e8db4cc2a0 Apache: Return WANT_READ in wolfSSLReceive if BIO retry and read flags are set 2019-10-28 15:08:00 -07:00
Sean Parkinson 8ce3b3a5e6 Use the public key type as private key type with PKCS #11 2019-10-22 10:34:44 +10:00
Aaron Jense eaa8f2a957 libwebsockets build fixes 
1. Add --enable-libwebsockets option
2. Add OPENSSL_NO_EC (used in libwebsockets)
3. Add SSL_MODE_RELEASE_BUFFERS and debug message for when wolfSSL_CTX_set_mode doesn't recognize a mode.
 2019-10-21 12:03:18 -06:00
Jacob Barthelmeh ea45da5fa8 change add_all_* to be evp table init and fix valgrind report 2019-10-20 01:13:43 -06:00
David Garske 0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing 
Initial pass on test cycle
 2019-10-17 16:02:17 -07:00
David Garske fb8d2d4b2f Fix to restore notBefore/notAfter functions that were removed in PR #2462. These are not openssl compatibility functions, but are used by JSSE. 2019-10-17 13:02:00 -07:00
Jacob Barthelmeh b7d4c9f839 fix build with no server and enable all 2019-10-16 14:19:50 -06:00
David Garske 5c07391f1b Various fixes for asynchronous mode: 
* Fix for AES CBC issue with IV (QAT only).
* Fix for test cases with QAT.
* Remove poorly placed debug for AES CFB.
 2019-10-15 11:18:55 -07:00
Jacob Barthelmeh 95c036a08a static analysis tests for memory management 2019-10-14 17:17:46 -06:00
toddouska d30e4ac74f
Merge pull request #2499 from ejohnstown/sniffer-features 
Sniffer Features
 2019-10-14 15:35:55 -07:00
toddouska df77088d5c
Merge pull request #2461 from kaleb-himes/ZD_5541_PathLenConstraint 
addressing non RFC compliance in handling of pathLen constraint
 2019-10-14 09:41:09 -07:00
Jacob Barthelmeh f2a3da94b6 refactor some openssl extra functions for cryptonly use 2019-10-11 16:40:08 -06:00
kaleb-himes 9c5fd165d0 addressing non RFC compliance in handling of pathLen constraint 2019-10-10 16:45:29 -06:00
Carie Pointer 1d7f0de5b5 Fixes from review, adds some error checking, and adds const variables 2019-10-10 09:13:35 -07:00
Carie Pointer 4fa2b71848 Minor changes requested from review 2019-10-09 15:38:26 -07:00
Carie Pointer d137cab427 Update in XSTRCAT call 2019-10-09 13:12:34 -07:00
Carie Pointer 2312d0e125 Dynamically allocate buffer in wolfSSL_X509V3_EXT_print 2019-10-09 12:54:23 -07:00
Carie Pointer d89f9ddc42 Update X509V3_EXT_print for different extension types 2019-10-09 11:10:27 -07:00
Carie Pointer 136bc45857 Update wolfSSL_X509_NAME_print_ex for printing X509_NAME in reverse order 2019-10-07 11:36:00 -07:00