22b2ae7358
Release Fixes
...
1. Fix for the enable-afalg option from Jacob Barthelmeh.
2. Client fix for enable-sp+enable-sp-math option from David Garske.
3. Added a couple of typecasts to some mallocs.
4. Modified the option guard for the mask member of Options for the webserver build.
5. Added some more padding to the opaque structures used for SHA_CTX and AES_KEY.
6. Added WOLFSSL_API to the stack logging functions.
2019-03-19 13:55:17 -07:00
fed2bc5f72
Remove NULL check before pub and priv have a chance to be set
2019-03-18 13:18:04 -06:00
eebf07b67c
Release Fixes
...
1. Fix two potentially unitialized variables, discovered on a VS build.
2019-03-18 10:14:16 -07:00
6a3eccd344
add BN_init, working with tfm, only.
2019-03-17 13:28:04 +09:00
246c444b93
Updates for v4.0.0
...
Update the copyright dates on all the source files to the current year.
2019-03-15 10:37:36 -07:00
27ea9d9bce
Configure Fixes
...
1. The combination enable-all and disable-rsa breaks some of the
testing. Added the NO_RSA guards as appropriate.
2. Disabled the OCSP stapling and CRL tests when RSA is disabled as they
use test certificates with RSA keys.
2019-03-13 17:54:33 -07:00
0d48a4a1a7
Merge pull request #2133 from dgarske/fixes_16bit
...
Fixes for data types, cast warnings and shift operations when using 16-bit platform
2019-03-12 16:53:27 -07:00
b4ba3d7ca6
Merge pull request #2136 from dgarske/asncapathlen
...
Fixes issue with CA path length for self signed root CA's
2019-03-12 14:11:15 -07:00
70490a4db6
Merge pull request #1855 from ejohnstown/trust-ca
...
Trusted CA Key Indication Extension
2019-03-12 13:52:27 -07:00
554af3dcfa
Merge pull request #2151 from JacobBarthelmeh/Testing
...
path include adjustment, rename internal OBJ function, and client pri…
2019-03-11 16:48:19 -07:00
9bd40353c2
1. Rename the parameters cert and certSz on the function
...
wolfSSL_UseTrustedCA() to certId and certIdSz.
2. Add better parameter checking to wolfSSL_UseTrustedCA() based on the
ID type.
2019-03-11 12:42:13 -07:00
2342ea15eb
Remove the CTX versions of the UseTrustedCA functions. A session needs
...
to be able to set a flag in the extension and that isn't allowed in the
CTX extensions.
2019-03-11 12:36:58 -07:00
b7663a940e
Trusted CA Key Indication Extension
...
Added an API for enabling the Trusted CA Key Indication extension from
RFC6066 section 6. If the server doesn't have a match for the client,
the client will abandon the session.
2019-03-11 12:35:12 -07:00
6e1b05316d
Merge pull request #2104 from ejohnstown/renegotiation-testing
...
Secure Renegotiation
2019-03-11 12:10:48 -07:00
9c9279817b
path include adjustment, rename internal OBJ function, and client print outs added
2019-03-11 09:57:04 -06:00
980970da86
Fixes issue with CA path length basic constraint checking for self signed root CA's. ZD 4863
2019-03-04 11:27:51 -08:00
621e1656b4
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`.
...
Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-01 15:54:08 -08:00
020b27bab2
wolfSSL_SecureResume() should be client only. Return an error if called
...
form the server.
2019-03-01 11:00:26 -08:00
b528997d30
Merge pull request #2103 from SparkiDev/pkcs11_hmac
...
PKCS #11 support for HMAC with MD5, SHA, SHA-2
2019-02-28 09:50:59 -08:00
a382a979cc
Merge pull request #2098 from kaleb-himes/ZD4793
...
Fix for single threaded case with double free on suites
2019-02-28 08:56:57 +10:00
e2e3b835d6
Merge pull request #2100 from SparkiDev/tls13_vers
...
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support.
2019-02-27 14:55:29 -08:00
4226fb66f9
Merge pull request #2117 from SparkiDev/pkcs11_id_fix_2
...
PKCS #11 use private key id double free issue fixed
2019-02-27 14:19:43 -08:00
6ce28d74ff
rename function wolfSSL_sk_ASN1_OBJCET_pop
2019-02-26 16:55:03 -07:00
57d8e070f9
1. Remove the clearing of the sessionID from Rehandshake.
...
2. Put SecureResume in terms of a regular resume, using Get/SetSession
and then calling Rehandshake.
3. Add the startScr after checking secure_renegotiation enabled during a
resume.
2019-02-26 14:10:44 -08:00
a3af2fc960
Fix for single threaded case with double free on suites.
2019-02-26 11:03:02 -08:00
a2f8747652
Fix DecodePrivateKey to return NOT_COMPILED_IN with PKCS#11
2019-02-26 09:22:03 +10:00
a44751cd39
PKCS #11 use private key id double free issue fixed
2019-02-26 08:27:59 +10:00
0360b38de4
Merge pull request #2116 from SparkiDev/pkcs11_id_fix_1
...
Fixes for PKCS #11 private key id and ECC
2019-02-25 13:09:15 -08:00
603a9b2e59
Merge pull request #2110 from dgarske/spelling
...
Fixes for various spelling errors
2019-02-25 13:04:12 -08:00
0e914d81dc
Fixes for PKCS #11 private key id and ECC
2019-02-25 11:17:56 +10:00
289f51a77d
Fixes for various spelling errors.
2019-02-21 13:29:44 -08:00
5932cdab15
cast on strlen return value
2019-02-21 13:04:38 -07:00
18d3e04dbf
remove null terminators on substrings
2019-02-20 16:39:18 -07:00
a376e17aee
Switch the bound for the XMEMSET of the sessionID when starting a
...
renegotiation to use sizeof the sessionID rather than the constat used
to set the size of the array.
2019-02-20 11:26:33 -08:00
1f6314746c
Secure Renegotiation
...
1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake()
which performs a full handshake on secure renegotiation and
wolfSSL_SecureResume() which performs a session resumption on a
secure renegotiation.
2. Add option to example client to perform a secure resumption instead
of a full secure handshake.
2019-02-19 15:50:55 -08:00
7aa5cd6f10
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support.
...
Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS
1.3 already. On by default - no checking of prime required.
Add option to require client to see FFDHE parameters from server as per
'may' requirements in RFC 7919.
Change TLS 1.3 ClientHello and ServerHello parsing to find the
SupportedVersions extension first and process it. Then it can handle
other extensions knowing which protocol we are using.
2019-02-18 14:51:59 +10:00
95db819d45
Fixes for warnings when building with `--enable-pkcs11`.
2019-02-12 16:05:48 -08:00
838652c03b
Added flags build option to hashing algorithms. This allows indicator to determine if hash will be "copied" as done during a TLS handshake.
2019-02-12 16:03:10 -08:00
f824c8c769
Merge pull request #2077 from ejohnstown/ocsp-ecdsa
...
OCSP and ECDSA Signers
2019-02-12 09:50:37 -07:00
e86aae00ed
Change to allow setting of devId for private key
2019-02-11 12:37:44 +10:00
47922a4d87
Support in SSL for setting a private key id
...
Works with PKCS #11 to use key on device.
2019-02-11 10:38:38 +10:00
6298074f93
OCSP and ECDSA Signers
...
OCSP uses an identified hash of the issuer's public key to identify the
certificate's signer. (Typically this is SHA-1, but can be any SHA
hash.) The AKID/SKID for the certificates usually are the SHA-1 hash of
the public key, but may be anything. We cannot depend on the AKID for
OCSP purposes. For OCSP lookups, wolfSSL calculates the hash of the
public key based on the copy saved for use with the handshake signing.
For RSA, that was fine. For ECDSA, we use the whole public key including
the curve ID, but for OCSP the curve ID isn't hashed. Stored the hash of
the public key at the point where we are looking at the key when reading
in the certificate, and saving the hash in the signer record.
2019-02-07 17:34:25 -08:00
be4d6bc204
fix typo with getting cipher suite
2019-02-04 10:53:59 -07:00
0b2bbc33bd
Merge pull request #2059 from miyazakh/openssl_bksize_digest
...
Added EVP_MD_CTX_block_size and exposed EVP_Digest()
2019-01-28 15:17:26 -07:00
1288036dbe
Merge pull request #2047 from kojo1/freeCRL
...
wolfSSL_CertManagerFreeCRL: exposing FreeCRL
2019-01-25 16:08:31 -08:00
53adb93ae4
Added EVP_MD_CTX_block_size and publicized EVP_Digest()
2019-01-25 09:05:36 +09:00
52e8e77390
Merge pull request #2046 from cconlon/addalert
...
add alert number and string for "unknown_ca" (48)
2019-01-21 15:39:47 -08:00
5539b0eb38
wolfSSL_CertManagerFreeCRL: exporsing FreeCRL
2019-01-20 10:11:19 +09:00
8ecee6a7e9
add unknown_ca alert number (48) and string
2019-01-18 15:36:33 -08:00
63f6c1d280
DTLS Nonblocking Updates
...
1. Add error code for trying to retransmit a flight when transmitting
the flight hasn't finished.
2. Add function to retransmit the stored flight without updating the
timeout count.
2019-01-18 09:15:11 -08:00
91d81ea691
Add some more debug logging for DTLS retransmission support.
2019-01-18 09:13:28 -08:00
d02f7a75b9
Merge pull request #2019 from dgarske/arduino
...
Improvements to Arduino sketch
2019-01-18 08:54:42 -08:00
5d262e9123
Merge pull request #2027 from dgarske/fix_buildopts
...
Fixes for various build options and warnings
2019-01-16 10:32:19 -08:00
b683a5a6bb
Merge pull request #1945 from victork1996/bugfix/openssl-evp-bytes-to-key-compatibility
...
Fixed OpenSSL compatibility issues in wolfSSL_EVP_BytesToKey
2019-01-16 10:18:08 -08:00
45cd80b4b7
Fix define check of `NO_CERT` to be `NO_CERTS`.
2019-01-11 21:10:07 -08:00
ebd68e6afd
Fix to return the internal cipher suite name instead of NULL if `NO_ERROR_STRINGS` is defined. Fix for stray "if" in `wolfSSL_SESSION_CIPHER_get_name`.
2019-01-11 17:20:35 -08:00
71bc571a8a
Merge pull request #2000 from kojo1/EVP_CipherInit
...
EVP_CipherInit: allow NULL iv, key for openSSL compatibility
2019-01-02 12:04:38 -08:00
2351047409
Fixes for various scan-build reports.
2018-12-27 11:08:30 -08:00
f97696a546
AesSetKey_ to AesSetKey_ex
2018-12-26 13:52:41 +09:00
0c828d14a0
Name conficted. filter out with NO_AES
2018-12-24 17:27:41 +09:00
ae09fbe8a2
EVP_CipherInit: allow NULL iv for openSSL compatibility
2018-12-24 12:00:21 +09:00
d3274e28e8
fix for hash types with fips windows opensslextra build
2018-12-20 14:22:35 -07:00
5d2d370bd5
fix for scan-build warning
2018-12-20 11:40:20 -07:00
164a762088
fix afalg/cryptodev + opensslextra build
2018-12-20 10:52:17 -07:00
fc926d3c61
fixes from infer testing
2018-12-19 11:56:29 -07:00
f1c62f191d
Merge pull request #1941 from ejohnstown/rekey
...
Server Side Secure Renegotiation
2018-12-18 15:38:16 -08:00
dc82beea4e
Mongoose Update
...
1. Add a couple more OpenSSL compatibility layer functions to the the HAVE_WEBSERVER option.
2018-12-10 11:28:32 -08:00
bc4150af2c
Mongoose Update
...
1. HAVE_WEBSERVER option turns on a couple more functions that MG is
using for client side authentication.
2. If using webserver, those functions return and error.
2018-12-10 11:28:32 -08:00
ec76ab7e42
Server Side Renegotiation
...
1. Add an extra guard check around a call to SendHelloRequest() in the case where server renegotiation is disabled.
2. Replaced an accidental deletion of an include of the misc.h header for no inline builds.
2018-12-05 13:08:24 -08:00
0abf7c4997
Server Side Secure Renegotiation
...
1. Add the server side renegotiation flag to the secure renegotiation option.
2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled.
3. Fix the server's reaction to the client sending the SCR extension.
2018-12-05 13:08:24 -08:00
175c91ab4e
Server Side Secure Renegotiation
...
1. Fix an incorrect function entry log string.
2. Restart the server's accept state assuming the client hello was
received when the client initiates renegotiation.
2018-12-05 13:08:24 -08:00
d168d60ade
Server Side Secure Renegotiation
...
1. Add enables to the example server for turning on secure renegotiation.
2. Add encryption assists to the handhshake message handler functions.
3. Add a hello request message function. Includes handshake timing pre/postambles.
2018-12-05 13:08:24 -08:00
74eadf556e
Merge pull request #1946 from ejohnstown/dh-speedup
...
DHE Speed Up
2018-12-05 12:22:21 -08:00
d90e66da80
remove restriction on max key size with wolfSSL_DH_generate_key
2018-12-04 16:20:31 -07:00
ff1a1dc5d5
DHE Speed Up
...
When loading DH domain parameters into a CTX, test the prime
immediately. When loading them into a session, test the prime right
before using it during the handshake. Sessions that get their prime from
their context do not need to test their prime. Added a function to
disable testing the prime in a session. The goal is to speed up testing
as every single test case loads DH parameters whether they are used or
not.
2018-11-29 17:04:04 -08:00
a8e21d1c09
Changed tabs to spaces to be consistent with the project's convention
2018-11-29 23:29:18 +02:00
938e9ad7be
Fixed some OpenSSL compatibility issues in wolfSSL_EVP_BytesToKey
...
Fixed wrong error checks, changed return value to the size of the derived key, added support for the case where data == NULL and removed the assignment of constant value to info->ivSz (the correct value is assigned to it inside 'wc_EncryptedInfoGet')
2018-11-29 23:19:23 +02:00
8c0a55d43b
Merge pull request #1939 from cconlon/selftestfix
...
exclude wolfSSL_EC_POINT_point2hex() in CAVP selftest build
2018-11-28 13:13:25 -08:00
918c769284
Return ToTraditional API to original signature
2018-11-28 12:27:57 +10:00
a5e3b18252
exclude wolfSSL_EC_POINT_point2hex() in CAVP selftest build
2018-11-27 09:12:55 -08:00
55bbffe3c6
Merge pull request #1932 from dgarske/maxfrag_reconf
...
Post-handshake max fragment size adjustment
2018-11-26 13:27:26 -08:00
7a24d4e46f
Adds new `WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST` macro around non-standard feature. This allows for adjustment of the maximum fragment size post handshake.
2018-11-21 10:30:24 -08:00
95bd340de5
Add support for more OpenSSL APIs
...
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
2018-11-20 07:54:24 +10:00
e81436ffe9
Add support for altering the max-fragment size post-handshake using existing API `wolfSSL_UseMaxFragment`.
2018-11-19 13:26:48 -08:00
c307fd7af4
additional macro guards for disabling aescbc with opensslextra
2018-11-15 13:40:04 -07:00
fcb40570e2
Fixes for warnings with possible use of uninitialized variable in async with DES3 and AES.
2018-11-08 15:39:52 -08:00
6e4ab91ccf
Merge pull request #1915 from JacobBarthelmeh/Testing
...
fix side init for set connect/accept functions
2018-11-07 09:24:44 -08:00
24e2a2b228
Merge pull request #1912 from dgarske/fix_BN_bn2hex
...
Fixes for compatibility function `BN_bn2hex`
2018-11-07 08:35:15 -08:00
5d8f4351ff
Merge pull request #1903 from dgarske/dhkeycheck
...
Speed improvements for DH public key prime checking
2018-11-06 16:35:27 -08:00
7a2a66743b
fix side init for set connect/accept functions
2018-11-06 16:48:06 -07:00
2c7ff56a3e
Merge pull request #1907 from JacobBarthelmeh/Testing
...
infer and g++ build fixes
2018-11-06 08:48:28 -08:00
efb1efcc0d
Fixes and additional tests for compatibility function `BN_bn2hex`. In the DEBUG_WOLFSSL case it was returning a `(char*)""`, which was trying to be free'd. We cannot return `const char*` here, since its assumed to be an allocated pointer. Fix the dynamic type for XMALLOC/XFREE to match, since `OPENSSL_free` is used to free returned value. Fix to add room for null term. Added missing API unit test for `BN_print_fp`. Exposed these functions for `OPENSSL_EXTRA`.
2018-11-06 05:55:25 -08:00
d61ae3a02a
Handle incomplete shutdown
2018-11-05 10:30:48 -06:00
c1ca1f1b78
Remove DH prime check on selftest/fips builds.
2018-11-02 12:55:07 -07:00
cfafbd9659
Added the prime check to the functions wolfSSL_SetTmpDh() and wolfSSL_CTX_SetTmpDh().
2018-11-02 11:01:39 -07:00
a953a3141e
infer and g++ build fixes
2018-11-01 09:59:35 -06:00
def7a91e70
fix CAVP selftest build errors
2018-10-30 16:35:45 -06:00
86758f9640
Fixes for key size detection when using PK callbacks (HSM) and no private key has been loaded (affects `HAVE_PK_CALLBACKS` on server side only when no dummy private key is loaded). Fix for possible leak during ECC min key size failure with small stack. Added new API `wc_RsaPublicKeyDecode_ex` for parsing an RSA public key for the modulus and exponent. Changed `wolfSSL_CTX_SetTmpEC_DHE_Sz` to support a `size == 0` for using the long-term private key's size. Changed `ECDHE_SIZE` so it can be overridden and build-time. Added tests for `wolfSSL_CTX_SetTmpEC_DHE_Sz` and `wolfSSL_SetTmpEC_DHE_Sz`.
2018-10-25 09:15:23 -07:00
095337b1cf
Merge pull request #1878 from kaleb-himes/TEST_COVERAGE_3
...
Test coverage 3
2018-10-17 13:47:10 -07:00
5ca822b1e9
Peer review changes requested
2018-10-17 10:46:45 -06:00
0b78b75530
Merge pull request #1860 from dgarske/tls_either_side
...
Methods cleanup and new DTLS "either" side methods
2018-10-12 07:35:17 -07:00
1fd791da21
Fix to check response code on `InitSSL_Side` calls.
2018-10-11 15:50:22 -07:00
23797ab4cb
wolfSSL_AES_cbc_encrypt unit tests, TODO: Decrypt
2018-10-10 15:59:10 -04:00
0293686990
Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server.
2018-10-09 12:54:41 -07:00
1ed50a40e7
Fix for `wolfSSL_i2d_RSAPublicKey` leak.
2018-10-05 14:09:12 -07:00
cec61ac3c9
Fix for leak in `wolfSSL_X509_print`, where the RsaKey is not free'd. Cleanup of formatting.
2018-10-04 16:51:51 -07:00
bbdb17975c
Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes.
2018-10-04 15:47:50 -07:00
f19f803098
Fix for possible leak with openssl comatibility API `wolfSSL_d2i_ECDSA_SIG` when fast math is disabled.
2018-09-27 11:39:30 -07:00
8ccd715f31
Merge branch 'master' into openssl_compat201805
2018-09-26 11:06:26 -06:00
18a27cfe75
Changed the DecodedCert's der pointer to be a pointer to const. The
...
DecodedCert doesn't own the der value, so it should be const. Had to
make many other changes downstream of this.
2018-09-25 12:55:52 -07:00
ff5506faf2
define wolfSSL_OPENSSL_add_all_alogrithms_noconf alias for wolfSSL_OpenSSL_add_all_algorithms_noconf and some fixes
2018-09-25 15:39:56 +09:00
71863c462e
(void) for unused in NO_RSA case
2018-09-25 15:39:56 +09:00
cfa99c567b
merge PR #1820 Porting aid
2018-09-25 15:39:56 +09:00
c7cfa74577
Fix some flaws caused by rebase
2018-09-25 15:39:55 +09:00
3c93d4e638
KEEP_STORE_CERTS release elimination, limited to FreeX509 in X509_STORE_CTX
2018-09-25 15:39:55 +09:00
226bc54b57
ctx->ourCert keeps duplicated x509
2018-09-25 15:39:55 +09:00
8a046b0bac
WOLFSSL_KEEP_STORE_CERTS for wolfSSL_X509_free
2018-09-25 15:39:55 +09:00
59beba6338
WOLFSSL_CIPHER_INTERNALNAME option
2018-09-25 15:39:55 +09:00
93e1221894
WOLFSSL_KEEP_STORE_CERTS for X509_STOREmake
2018-09-25 15:39:55 +09:00
89dcbd6693
set dynamic flag when wolfSSL_ASN1_OBJECT_new()
2018-09-25 15:39:55 +09:00
511b59cf73
set dynamic flag in ASN1_OBJECT_new
2018-09-25 15:39:55 +09:00
9ae3ccb3ba
OBJ_sn2nid with OPENSSL_EXTRA_X509_SMALL
2018-09-25 15:39:55 +09:00
7d2a03f8c9
OBJ_obj2nid memory leak
2018-09-25 15:39:55 +09:00
2669b80943
Fix crashed issue if you call X509_free() after X509_STOER_CTX_free()
2018-09-25 15:39:55 +09:00
1c627430c7
increase wolfcrypt test program memory size along to WOLFSSL structure modificaiton.
...
rebase with master branch
2018-09-25 15:39:55 +09:00
7767d802b7
arg_obj check has done before
2018-09-25 15:39:55 +09:00
fd634141bd
wolfSSL_get_rbio,wolfSSL_get_wbio.
...
fix to check XBADFILE in wolfSSL_BIO_write_file.
2018-09-25 15:39:55 +09:00
fd01659baa
Obj_obj2nid
2018-09-25 15:39:55 +09:00
19c1a3a3f9
Fix i2d_RSAPublicKey() memory leak issue.
2018-09-25 15:39:55 +09:00
3f82fb62a0
SSL_get_peer_cert_chain() count value check in api.c
2018-09-25 15:39:54 +09:00
1e87eae3b7
i2d_RSAPublicKey(rsa, NULL)
2018-09-25 15:39:54 +09:00
52cee17668
use XSEEK_END
2018-09-25 15:39:54 +09:00
e6612b34f7
use XFILE, BADFILE, XFxxxx
2018-09-25 15:39:54 +09:00
787fa5d49a
get name in X509_NAME_get_entry
2018-09-25 15:39:54 +09:00
3bf776baf4
wolfSSL_ASN1_TIME_get_data() changed
2018-09-25 15:39:54 +09:00
29d3303995
Add tests for d2i_PKCS12_fp,i2d_RSAPublicKey,RSA_verify and X509_print
2018-09-25 15:39:54 +09:00
b588e6ab29
ERR_peek_last_error() and SSL_get_SSL_CTX reference error on opensslextra.
...
Implemented wolfSSL_X509_get_version().
2018-09-25 15:39:54 +09:00
e79cdefcde
X509_NAME_ENTRY_get_object
2018-09-25 15:39:54 +09:00
2922a93bf7
PEM_read_X509_CRL
2018-09-25 15:39:54 +09:00
050fa2f8f8
wolfSSL_X509_CA_num()
2018-09-25 15:39:54 +09:00
aaa26f3f41
wolfSSL_ASN1_TIME_get_data()
2018-09-25 15:39:54 +09:00
a002a6715f
wolfSSL_ASN1_TIME_get_length()
2018-09-25 15:39:54 +09:00
29d60ec7e9
Changed to MAX over LONG based on peer review
2018-09-21 17:09:37 -06:00
fc77590c4e
Address a potential out of bounds write
2018-09-21 17:02:56 -06:00
085daa78cd
Merge pull request #1833 from dgarske/norng_fixes
...
Fixes for building without RNG enabled
2018-09-18 14:52:21 -06:00
32d3cb6cfb
Fixes for case with Intel rand source and no DRBG (`./configure --enable-intelasm --enable-intelrand --disable-hashdrbg`). Fixes to `wolfSSL_RAND_egd` to better handle no DRBG case.
2018-09-14 09:48:57 -07:00
e071f1ca7e
Merge pull request #1825 from SparkiDev/compat_apis_1
...
Add more compatability APIs.
2018-09-13 13:13:12 -07:00
8a6a9e7620
Merge pull request #1820 from kojo1/portingAid
...
Porting aid
2018-09-13 11:06:55 -06:00
0275366fb6
Fixes from code review
...
Document how length of ECDSA signature calculated.
Check parameter not NULL before use.
Formatting fix.
Also, disable RSA test of EVP_DigestSign/Verify* when HAVE_USER_RSA.
2018-09-13 08:47:09 +10:00
df20daa1ae
Support RSA and ECC in wolfSSL_DigestSign/Verify*
2018-09-12 16:31:39 +10:00
7ddc756d15
eliminate double semi-colon
2018-09-12 10:13:30 +09:00
330a7048c7
Add more compatability APIs.
...
d2i_ECDSA_SIG, i2d_ECDSA_SIG, EVP_DigestVerifyInit,
EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_PKEY_id,
PEM_read_bio_PUBKEY
2018-09-11 09:28:03 +10:00
f48e2067ae
Added new API `wolfSSL_CTX_load_verify_chain_buffer_format` for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID.
2018-09-10 08:15:17 -07:00
7d1ab5e9d2
Merge pull request #1817 from danielinux/fix-old-style-definitions
...
Remove old-style function definitions
2018-09-07 15:52:45 -07:00
c98f8842a3
Merge pull request #1816 from ejohnstown/ocsp-no-server
...
OCSP Stapling/No Server Build
2018-09-07 11:48:13 -07:00
27555d6eb7
Fix old-style function definitions
2018-09-07 09:13:20 +02:00
15be0aceed
OCSP Stapling/No Server Build
...
In the case of OCSP Stapling being enabled and NO_WOLFSSL_SERVER being
set, there was a spot where the ocsp_stapling list was still being
touched even though it is left out of the build. Just needed to add the
right #ifdefs.
2018-09-06 16:56:09 -07:00
d9a6484b75
Fix to improve return code logic in `wolfSSL_CTX_load_verify_locations_ex`.
2018-09-06 13:01:44 -07:00
ae3d8d3779
* Fixed `wolfSSL_CTX_load_verify_locations` to continue loading if there is an error (ZD 4265).
...
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
2018-09-06 12:51:22 -07:00
551201c00c
GCC 8 new warnings in -Wall fix
2018-08-27 12:51:01 +10:00
1005ca0703
Merge pull request #1786 from kaleb-himes/USER-HEAP-WITH-CM
...
Unloading from CM, and using custom heap, ensure XFREE has acces…
2018-08-24 11:56:48 -07:00
7f324d2c3b
Merge pull request #1781 from JacobBarthelmeh/Compatibility-Layer
...
fix for IV of DES_ncbc function
2018-08-24 10:16:21 -07:00
b7b99a2e92
Unloading from CM, and using custom heap, ensure XFREE has access to custom heap
2018-08-24 10:07:10 -06:00
f23eb37ade
fix for IV of DES_ncbc function
2018-08-23 09:03:09 -06:00
08c2d94011
return value check of XFSEEK
2018-08-22 10:46:46 +09:00
31bd844d6f
Fix for clang builds with configs not using inline funcs
2018-08-22 11:16:57 +10:00
776fd51720
Merge pull request #1768 from SparkiDev/tls13_final
...
Use final TLS 1.3 version value by default.
2018-08-21 12:29:51 -07:00
1ab17ac827
More changes to minimize dynamic memory usage.
...
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
506c858ed6
Add memory usage tracking and logging
...
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
2018-08-21 08:54:57 +10:00
20950ffde8
Remove TODOs around TLS 1.3 draft version.
2018-08-21 08:41:50 +10:00
3cdeccc36e
Use final TLS 1.3 version value by default.
2018-08-20 14:17:38 +10:00
f487b0d96a
Config option to disable AES-CBC
...
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
7b83db0f65
Fix for PemToDer which was not properly handling extra new lines at end of file.
2018-08-14 12:22:18 -06:00
17e102d914
Fixes for asio build options (so includes OPENSSL_EXTRA). Fix for bad named variable `shutdown`. Fix for the side size in Options struct to support `WOLFSSL_SIDE_NEITHER` (3). Fix to set the side on wolfSS_connect() or wolfSS_accept().
2018-08-14 12:22:18 -06:00
bb574d28b2
Support for more cert subject OIDs and raw subject access ( #1734 )
...
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
c4ea50b956
Fix for issue with using `CopyDecodedToX509` again for existing X509 and freeing the altNames in original. Fix was to use the `ssl->peerCert` directly for the index 0 cert. Improvement to make sure ex_data is always populated. Added NULL arg check on `wolfSSL_get_peer_certificate`.
2018-08-06 11:40:35 -07:00
b88d60ecbb
Merge pull request #1665 from ejohnstown/mr
...
Prime Number Testing
2018-08-03 12:50:27 -07:00
a43d4d16ba
Merge pull request #1719 from MJSPollard/OpenSSLAllFix
...
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
2018-08-02 15:20:27 -07:00
782ea74fbf
Merge pull request #1732 from kojo1/Ticket-4169-2
...
Ticket 4169: eliminate ssl->CBIORecv/Send overwritten in SSL_set_bio
2018-08-02 14:58:25 -06:00
b248af6f84
Update from review
2018-08-02 10:59:07 -05:00
fd75f35801
fix cbioFlag check
2018-08-02 10:18:09 +09:00
7647d52d77
Prime Number Testing
...
1. Remove a copy-paste error when clearing up the RNG used to test a prime.
2. Tag a some const test values as static in the wolfCrypt test.
2018-08-01 14:49:06 -07:00
ba2f0fd8fc
Fix for zd4179, 4181, 4182
2018-08-01 15:56:15 -05:00
98f6ae16ca
copy cbioFlag from ctx to ssl
2018-08-02 04:48:39 +09:00
96c1a567f0
#4169 : CBIO set flag to escape from overwritten in SSL_set_bio
2018-08-01 19:16:42 +09:00
af89458af0
GCC-8 string fixes
...
1. strncpy needs to include the source string's NULL.
2. Deleted a few redundant string modifications.
2018-07-31 14:02:44 -07:00
ed208efc4d
GCC-8 string fixes
...
1. Modify wolfSSL_get_ciphers() to limit the XSTRNCPY based on the dst buf length, not the src string.
2018-07-31 14:02:44 -07:00
2b3f94944d
Merge pull request #1723 from kaleb-himes/overhead-avoidance
...
avoid overhead call to alloc and free when sigSz invalid
2018-07-31 08:14:49 -07:00
4eff7b641b
First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`.
2018-07-30 13:53:54 -07:00
1079b0e3b3
Merge pull request #1716 from cariepointer/osp/haproxy
...
Define functions required by HAProxy and enable SSLV3 dependency
2018-07-30 13:26:38 -06:00
d19b78d81a
Fix typo in comment
2018-07-30 12:17:55 -06:00
0ee4b88e74
avoid overhead call to alloc and free when sigSz invalid
2018-07-27 16:25:10 -06:00
543cac65d8
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
2018-07-27 12:42:09 -06:00
74c4d31c07
sanity check on pkcs8 variable
2018-07-27 11:16:41 -06:00
a1f69f0d64
Define functions required by HAProxy and enable SSLV3 dependency
2018-07-26 12:53:21 -07:00
90367df13c
Merge pull request #1710 from SparkiDev/ed25519_only
...
Changes to build with X25519 and Ed25519 only
2018-07-25 14:24:03 -07:00
f69c6e382c
check if internal of WOLFSSL_RSA struct is already set
2018-07-23 17:17:27 -06:00
ab3ffaa26a
Merge pull request #1706 from SparkiDev/sha384_not_sha512
...
Allow SHA384 to be compiled in without SHA512
2018-07-23 09:47:49 -07:00
6d3e145571
Changes to build with X25519 and Ed25519 only
...
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
9433fcb820
Allow SHA384 to be compiled in without SHA512
2018-07-20 09:42:01 +10:00
John Safranek
Aaron Jense
Takashi Kojo
toddouska
Jacob Barthelmeh
David Garske
Sean Parkinson
Kaleb Himes
Chris Conlon
Hideki Miyazaki
Victor Kolesnikov
Eric Blankenhorn
Go Hosohara
Daniele Lacamera
MJSPollard
Carie Pointer