WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
10,172 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

1761 Commits (d30e4ac74fbda54c77ecae678e9cd247a80762ce)

Author SHA1 Message Date
John Safranek 91d81ea691 Add some more debug logging for DTLS retransmission support. 2019-01-18 09:13:28 -08:00
toddouska d02f7a75b9
Merge pull request #2019 from dgarske/arduino 
Improvements to Arduino sketch
 2019-01-18 08:54:42 -08:00
toddouska 5d262e9123
Merge pull request #2027 from dgarske/fix_buildopts 
Fixes for various build options and warnings
 2019-01-16 10:32:19 -08:00
toddouska b683a5a6bb
Merge pull request #1945 from victork1996/bugfix/openssl-evp-bytes-to-key-compatibility 
Fixed OpenSSL compatibility issues in wolfSSL_EVP_BytesToKey
 2019-01-16 10:18:08 -08:00
David Garske 45cd80b4b7 Fix define check of `NO_CERT` to be `NO_CERTS`. 2019-01-11 21:10:07 -08:00
David Garske ebd68e6afd Fix to return the internal cipher suite name instead of NULL if `NO_ERROR_STRINGS` is defined. Fix for stray "if" in `wolfSSL_SESSION_CIPHER_get_name`. 2019-01-11 17:20:35 -08:00
toddouska 71bc571a8a
Merge pull request #2000 from kojo1/EVP_CipherInit 
EVP_CipherInit: allow NULL iv, key for openSSL compatibility
 2019-01-02 12:04:38 -08:00
David Garske 2351047409 Fixes for various scan-build reports. 2018-12-27 11:08:30 -08:00
Takashi Kojo f97696a546 AesSetKey_ to AesSetKey_ex 2018-12-26 13:52:41 +09:00
Takashi Kojo 0c828d14a0 Name conficted. filter out with NO_AES 2018-12-24 17:27:41 +09:00
Takashi Kojo ae09fbe8a2 EVP_CipherInit: allow NULL iv for openSSL compatibility 2018-12-24 12:00:21 +09:00
Jacob Barthelmeh d3274e28e8 fix for hash types with fips windows opensslextra build 2018-12-20 14:22:35 -07:00
Jacob Barthelmeh 5d2d370bd5 fix for scan-build warning 2018-12-20 11:40:20 -07:00
Jacob Barthelmeh 164a762088 fix afalg/cryptodev + opensslextra build 2018-12-20 10:52:17 -07:00
Jacob Barthelmeh fc926d3c61 fixes from infer testing 2018-12-19 11:56:29 -07:00
toddouska f1c62f191d
Merge pull request #1941 from ejohnstown/rekey 
Server Side Secure Renegotiation
 2018-12-18 15:38:16 -08:00
John Safranek dc82beea4e Mongoose Update 
1. Add a couple more OpenSSL compatibility layer functions to the the HAVE_WEBSERVER option.
 2018-12-10 11:28:32 -08:00
John Safranek bc4150af2c Mongoose Update 
1. HAVE_WEBSERVER option turns on a couple more functions that MG is
using for client side authentication.
2. If using webserver, those functions return and error.
 2018-12-10 11:28:32 -08:00
John Safranek ec76ab7e42 Server Side Renegotiation 
1. Add an extra guard check around a call to SendHelloRequest() in the case where server renegotiation is disabled.
2. Replaced an accidental deletion of an include of the misc.h header for no inline builds.
 2018-12-05 13:08:24 -08:00
John Safranek 0abf7c4997 Server Side Secure Renegotiation 
1. Add the server side renegotiation flag to the secure renegotiation option.
2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled.
3. Fix the server's reaction to the client sending the SCR extension.
 2018-12-05 13:08:24 -08:00
John Safranek 175c91ab4e Server Side Secure Renegotiation 
1. Fix an incorrect function entry log string.
2. Restart the server's accept state assuming the client hello was
received when the client initiates renegotiation.
 2018-12-05 13:08:24 -08:00
John Safranek d168d60ade Server Side Secure Renegotiation 
1. Add enables to the example server for turning on secure renegotiation.
2. Add encryption assists to the handhshake message handler functions.
3. Add a hello request message function. Includes handshake timing pre/postambles.
 2018-12-05 13:08:24 -08:00
toddouska 74eadf556e
Merge pull request #1946 from ejohnstown/dh-speedup 
DHE Speed Up
 2018-12-05 12:22:21 -08:00
Jacob Barthelmeh d90e66da80 remove restriction on max key size with wolfSSL_DH_generate_key 2018-12-04 16:20:31 -07:00
John Safranek ff1a1dc5d5 DHE Speed Up 
When loading DH domain parameters into a CTX, test the prime
immediately. When loading them into a session, test the prime right
before using it during the handshake. Sessions that get their prime from
their context do not need to test their prime. Added a function to
disable testing the prime in a session. The goal is to speed up testing
as every single test case loads DH parameters whether they are used or
not.
 2018-11-29 17:04:04 -08:00
Victor Kolesnikov a8e21d1c09 Changed tabs to spaces to be consistent with the project's convention 2018-11-29 23:29:18 +02:00
Victor Kolesnikov 938e9ad7be Fixed some OpenSSL compatibility issues in wolfSSL_EVP_BytesToKey 
Fixed wrong error checks, changed return value to the size of the derived key, added support for the case where data == NULL and removed the assignment of constant value to info->ivSz (the correct value is assigned to it inside 'wc_EncryptedInfoGet')
 2018-11-29 23:19:23 +02:00
toddouska 8c0a55d43b
Merge pull request #1939 from cconlon/selftestfix 
exclude wolfSSL_EC_POINT_point2hex() in CAVP selftest build
 2018-11-28 13:13:25 -08:00
Sean Parkinson 918c769284 Return ToTraditional API to original signature 2018-11-28 12:27:57 +10:00
Chris Conlon a5e3b18252 exclude wolfSSL_EC_POINT_point2hex() in CAVP selftest build 2018-11-27 09:12:55 -08:00
toddouska 55bbffe3c6
Merge pull request #1932 from dgarske/maxfrag_reconf 
Post-handshake max fragment size adjustment
 2018-11-26 13:27:26 -08:00
David Garske 7a24d4e46f Adds new `WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST` macro around non-standard feature. This allows for adjustment of the maximum fragment size post handshake. 2018-11-21 10:30:24 -08:00
Sean Parkinson 95bd340de5 Add support for more OpenSSL APIs 
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
 2018-11-20 07:54:24 +10:00
David Garske e81436ffe9 Add support for altering the max-fragment size post-handshake using existing API `wolfSSL_UseMaxFragment`. 2018-11-19 13:26:48 -08:00
Jacob Barthelmeh c307fd7af4 additional macro guards for disabling aescbc with opensslextra 2018-11-15 13:40:04 -07:00
David Garske fcb40570e2 Fixes for warnings with possible use of uninitialized variable in async with DES3 and AES. 2018-11-08 15:39:52 -08:00
David Garske 6e4ab91ccf
Merge pull request #1915 from JacobBarthelmeh/Testing 
fix side init for set connect/accept functions
 2018-11-07 09:24:44 -08:00
toddouska 24e2a2b228
Merge pull request #1912 from dgarske/fix_BN_bn2hex 
Fixes for compatibility function `BN_bn2hex`
 2018-11-07 08:35:15 -08:00
toddouska 5d8f4351ff
Merge pull request #1903 from dgarske/dhkeycheck 
Speed improvements for DH public key prime checking
 2018-11-06 16:35:27 -08:00
Jacob Barthelmeh 7a2a66743b fix side init for set connect/accept functions 2018-11-06 16:48:06 -07:00
toddouska 2c7ff56a3e
Merge pull request #1907 from JacobBarthelmeh/Testing 
infer and g++ build fixes
 2018-11-06 08:48:28 -08:00
David Garske efb1efcc0d Fixes and additional tests for compatibility function `BN_bn2hex`. In the DEBUG_WOLFSSL case it was returning a `(char*)""`, which was trying to be free'd. We cannot return `const char*` here, since its assumed to be an allocated pointer. Fix the dynamic type for XMALLOC/XFREE to match, since `OPENSSL_free` is used to free returned value. Fix to add room for null term. Added missing API unit test for `BN_print_fp`. Exposed these functions for `OPENSSL_EXTRA`. 2018-11-06 05:55:25 -08:00
Eric Blankenhorn d61ae3a02a Handle incomplete shutdown 2018-11-05 10:30:48 -06:00
John Safranek c1ca1f1b78 Remove DH prime check on selftest/fips builds. 2018-11-02 12:55:07 -07:00
John Safranek cfafbd9659 Added the prime check to the functions wolfSSL_SetTmpDh() and wolfSSL_CTX_SetTmpDh(). 2018-11-02 11:01:39 -07:00
Jacob Barthelmeh a953a3141e infer and g++ build fixes 2018-11-01 09:59:35 -06:00
Chris Conlon def7a91e70 fix CAVP selftest build errors 2018-10-30 16:35:45 -06:00
David Garske 86758f9640 Fixes for key size detection when using PK callbacks (HSM) and no private key has been loaded (affects `HAVE_PK_CALLBACKS` on server side only when no dummy private key is loaded). Fix for possible leak during ECC min key size failure with small stack. Added new API `wc_RsaPublicKeyDecode_ex` for parsing an RSA public key for the modulus and exponent. Changed `wolfSSL_CTX_SetTmpEC_DHE_Sz` to support a `size == 0` for using the long-term private key's size. Changed `ECDHE_SIZE` so it can be overridden and build-time. Added tests for `wolfSSL_CTX_SetTmpEC_DHE_Sz` and `wolfSSL_SetTmpEC_DHE_Sz`. 2018-10-25 09:15:23 -07:00
David Garske 095337b1cf
Merge pull request #1878 from kaleb-himes/TEST_COVERAGE_3 
Test coverage 3
 2018-10-17 13:47:10 -07:00
kaleb-himes 5ca822b1e9 Peer review changes requested 2018-10-17 10:46:45 -06:00
toddouska 0b78b75530
Merge pull request #1860 from dgarske/tls_either_side 
Methods cleanup and new DTLS "either" side methods
 2018-10-12 07:35:17 -07:00
David Garske 1fd791da21 Fix to check response code on `InitSSL_Side` calls. 2018-10-11 15:50:22 -07:00
kaleb-himes 23797ab4cb wolfSSL_AES_cbc_encrypt unit tests, TODO: Decrypt 2018-10-10 15:59:10 -04:00
David Garske 0293686990 Added example client/server support for loading certificate and private key into WOLFSSL object using `-H loadSSL`. Added `load_ssl_buffer` function to load buffers into WOLFSSL objects. Changed `wolfSSL_get_SSL_CTX` API to always be exposed. Added `TEST_LOAD_BUFFER` build option to use the `load_buffer` and `load_ssl_buffer` calls for example client/server. 2018-10-09 12:54:41 -07:00
David Garske 1ed50a40e7 Fix for `wolfSSL_i2d_RSAPublicKey` leak. 2018-10-05 14:09:12 -07:00
David Garske cec61ac3c9 Fix for leak in `wolfSSL_X509_print`, where the RsaKey is not free'd. Cleanup of formatting. 2018-10-04 16:51:51 -07:00
David Garske bbdb17975c Adds build option `WOLFSSL_EITHER_SIDE` for deferring the "side" of the TLS session until first connect or accept. Added the DTLS generic v1.0 and v1.2 methods for "either" side. Added "either" methods unit tests. Added "either" -v e support to example client/server. Fix to expose `wolfSSL_use_certificate_file` and `wolfSSL_use_PrivateKey_file` without `OPENSSL_EXTRA`. Cleanup of the methods for (void)heap and log messages. Spelling fixes. 2018-10-04 15:47:50 -07:00
David Garske f19f803098 Fix for possible leak with openssl comatibility API `wolfSSL_d2i_ECDSA_SIG` when fast math is disabled. 2018-09-27 11:39:30 -07:00
Chris Conlon 8ccd715f31
Merge branch 'master' into openssl_compat201805 2018-09-26 11:06:26 -06:00
John Safranek 18a27cfe75 Changed the DecodedCert's der pointer to be a pointer to const. The 
DecodedCert doesn't own the der value, so it should be const. Had to
make many other changes downstream of this.
 2018-09-25 12:55:52 -07:00
Go Hosohara ff5506faf2 define wolfSSL_OPENSSL_add_all_alogrithms_noconf alias for wolfSSL_OpenSSL_add_all_algorithms_noconf and some fixes 2018-09-25 15:39:56 +09:00
Takashi Kojo 71863c462e (void) for unused in NO_RSA case 2018-09-25 15:39:56 +09:00
Go Hosohara cfa99c567b merge PR #1820 Porting aid 2018-09-25 15:39:56 +09:00
Go Hosohara c7cfa74577 Fix some flaws caused by rebase 2018-09-25 15:39:55 +09:00
Takashi Kojo 3c93d4e638 KEEP_STORE_CERTS release elimination, limited to FreeX509 in X509_STORE_CTX 2018-09-25 15:39:55 +09:00
Takashi Kojo 226bc54b57 ctx->ourCert keeps duplicated x509 2018-09-25 15:39:55 +09:00
Takashi Kojo 8a046b0bac WOLFSSL_KEEP_STORE_CERTS for wolfSSL_X509_free 2018-09-25 15:39:55 +09:00
Takashi Kojo 59beba6338 WOLFSSL_CIPHER_INTERNALNAME option 2018-09-25 15:39:55 +09:00
Takashi Kojo 93e1221894 WOLFSSL_KEEP_STORE_CERTS for X509_STOREmake 2018-09-25 15:39:55 +09:00
Takashi Kojo 89dcbd6693 set dynamic flag when wolfSSL_ASN1_OBJECT_new() 2018-09-25 15:39:55 +09:00
Takashi Kojo 511b59cf73 set dynamic flag in ASN1_OBJECT_new 2018-09-25 15:39:55 +09:00
Takashi Kojo 9ae3ccb3ba OBJ_sn2nid with OPENSSL_EXTRA_X509_SMALL 2018-09-25 15:39:55 +09:00
Takashi Kojo 7d2a03f8c9 OBJ_obj2nid memory leak 2018-09-25 15:39:55 +09:00
Go Hosohara 2669b80943 Fix crashed issue if you call X509_free() after X509_STOER_CTX_free() 2018-09-25 15:39:55 +09:00
Go Hosohara 1c627430c7 increase wolfcrypt test program memory size along to WOLFSSL structure modificaiton. 
rebase with master branch
 2018-09-25 15:39:55 +09:00
Takashi Kojo 7767d802b7 arg_obj check has done before 2018-09-25 15:39:55 +09:00
Go Hosohara fd634141bd wolfSSL_get_rbio,wolfSSL_get_wbio. 
fix to check XBADFILE in wolfSSL_BIO_write_file.
 2018-09-25 15:39:55 +09:00
Go Hosohara fd01659baa Obj_obj2nid 2018-09-25 15:39:55 +09:00
Go Hosohara 19c1a3a3f9 Fix i2d_RSAPublicKey() memory leak issue. 2018-09-25 15:39:55 +09:00
Go Hosohara 3f82fb62a0 SSL_get_peer_cert_chain() count value check in api.c 2018-09-25 15:39:54 +09:00
Takashi Kojo 1e87eae3b7 i2d_RSAPublicKey(rsa, NULL) 2018-09-25 15:39:54 +09:00
Takashi Kojo 52cee17668 use XSEEK_END 2018-09-25 15:39:54 +09:00
Takashi Kojo e6612b34f7 use XFILE, BADFILE, XFxxxx 2018-09-25 15:39:54 +09:00
Takashi Kojo 787fa5d49a get name in X509_NAME_get_entry 2018-09-25 15:39:54 +09:00
Go Hosohara 3bf776baf4 wolfSSL_ASN1_TIME_get_data() changed 2018-09-25 15:39:54 +09:00
Go Hosohara 29d3303995 Add tests for d2i_PKCS12_fp,i2d_RSAPublicKey,RSA_verify and X509_print 2018-09-25 15:39:54 +09:00
Go Hosohara b588e6ab29 ERR_peek_last_error() and SSL_get_SSL_CTX reference error on opensslextra. 
Implemented wolfSSL_X509_get_version().
 2018-09-25 15:39:54 +09:00
Go Hosohara e79cdefcde X509_NAME_ENTRY_get_object 2018-09-25 15:39:54 +09:00
Go Hosohara 2922a93bf7 PEM_read_X509_CRL 2018-09-25 15:39:54 +09:00
Go Hosohara 050fa2f8f8 wolfSSL_X509_CA_num() 2018-09-25 15:39:54 +09:00
Go Hosohara aaa26f3f41 wolfSSL_ASN1_TIME_get_data() 2018-09-25 15:39:54 +09:00
Go Hosohara a002a6715f wolfSSL_ASN1_TIME_get_length() 2018-09-25 15:39:54 +09:00
kaleb-himes 29d60ec7e9 Changed to MAX over LONG based on peer review 2018-09-21 17:09:37 -06:00
kaleb-himes fc77590c4e Address a potential out of bounds write 2018-09-21 17:02:56 -06:00
Chris Conlon 085daa78cd
Merge pull request #1833 from dgarske/norng_fixes 
Fixes for building without RNG enabled
 2018-09-18 14:52:21 -06:00
David Garske 32d3cb6cfb Fixes for case with Intel rand source and no DRBG (`./configure --enable-intelasm --enable-intelrand --disable-hashdrbg`). Fixes to `wolfSSL_RAND_egd` to better handle no DRBG case. 2018-09-14 09:48:57 -07:00
toddouska e071f1ca7e
Merge pull request #1825 from SparkiDev/compat_apis_1 
Add more compatability APIs.
 2018-09-13 13:13:12 -07:00
Chris Conlon 8a6a9e7620
Merge pull request #1820 from kojo1/portingAid 
Porting aid
 2018-09-13 11:06:55 -06:00
Sean Parkinson 0275366fb6 Fixes from code review 
Document how length of ECDSA signature calculated.
Check parameter not NULL before use.
Formatting fix.
Also, disable RSA test of EVP_DigestSign/Verify* when HAVE_USER_RSA.
 2018-09-13 08:47:09 +10:00
Sean Parkinson df20daa1ae Support RSA and ECC in wolfSSL_DigestSign/Verify* 2018-09-12 16:31:39 +10:00
Takashi Kojo 7ddc756d15 eliminate double semi-colon 2018-09-12 10:13:30 +09:00
Sean Parkinson 330a7048c7 Add more compatability APIs. 
d2i_ECDSA_SIG, i2d_ECDSA_SIG, EVP_DigestVerifyInit,
EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_PKEY_id,
PEM_read_bio_PUBKEY
 2018-09-11 09:28:03 +10:00
David Garske f48e2067ae Added new API `wolfSSL_CTX_load_verify_chain_buffer_format` for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID. 2018-09-10 08:15:17 -07:00
David Garske 7d1ab5e9d2
Merge pull request #1817 from danielinux/fix-old-style-definitions 
Remove old-style function definitions
 2018-09-07 15:52:45 -07:00
David Garske c98f8842a3
Merge pull request #1816 from ejohnstown/ocsp-no-server 
OCSP Stapling/No Server Build
 2018-09-07 11:48:13 -07:00
Daniele Lacamera 27555d6eb7 Fix old-style function definitions 2018-09-07 09:13:20 +02:00
John Safranek 15be0aceed OCSP Stapling/No Server Build 
In the case of OCSP Stapling being enabled and NO_WOLFSSL_SERVER being
set, there was a spot where the ocsp_stapling list was still being
touched even though it is left out of the build. Just needed to add the
right #ifdefs.
 2018-09-06 16:56:09 -07:00
David Garske d9a6484b75 Fix to improve return code logic in `wolfSSL_CTX_load_verify_locations_ex`. 2018-09-06 13:01:44 -07:00
David Garske ae3d8d3779 * Fixed `wolfSSL_CTX_load_verify_locations` to continue loading if there is an error (ZD 4265). 
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
 2018-09-06 12:51:22 -07:00
Sean Parkinson 551201c00c GCC 8 new warnings in -Wall fix 2018-08-27 12:51:01 +10:00
David Garske 1005ca0703
Merge pull request #1786 from kaleb-himes/USER-HEAP-WITH-CM 
Unloading from CM, and using custom heap, ensure XFREE has acces…
 2018-08-24 11:56:48 -07:00
toddouska 7f324d2c3b
Merge pull request #1781 from JacobBarthelmeh/Compatibility-Layer 
fix for IV of DES_ncbc function
 2018-08-24 10:16:21 -07:00
kaleb-himes b7b99a2e92 Unloading from CM, and using custom heap, ensure XFREE has access to custom heap 2018-08-24 10:07:10 -06:00
Jacob Barthelmeh f23eb37ade fix for IV of DES_ncbc function 2018-08-23 09:03:09 -06:00
Takashi Kojo 08c2d94011 return value check of XFSEEK 2018-08-22 10:46:46 +09:00
Sean Parkinson 31bd844d6f Fix for clang builds with configs not using inline funcs 2018-08-22 11:16:57 +10:00
toddouska 776fd51720
Merge pull request #1768 from SparkiDev/tls13_final 
Use final TLS 1.3 version value by default.
 2018-08-21 12:29:51 -07:00
Sean Parkinson 1ab17ac827 More changes to minimize dynamic memory usage. 
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
 2018-08-21 14:41:01 +10:00
Sean Parkinson 506c858ed6 Add memory usage tracking and logging 
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
 2018-08-21 08:54:57 +10:00
Sean Parkinson 20950ffde8 Remove TODOs around TLS 1.3 draft version. 2018-08-21 08:41:50 +10:00
Sean Parkinson 3cdeccc36e Use final TLS 1.3 version value by default. 2018-08-20 14:17:38 +10:00
Sean Parkinson f487b0d96a Config option to disable AES-CBC 
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
 2018-08-16 08:25:13 +10:00
David Garske 7b83db0f65 Fix for PemToDer which was not properly handling extra new lines at end of file. 2018-08-14 12:22:18 -06:00
David Garske 17e102d914 Fixes for asio build options (so includes OPENSSL_EXTRA). Fix for bad named variable `shutdown`. Fix for the side size in Options struct to support `WOLFSSL_SIDE_NEITHER` (3). Fix to set the side on wolfSS_connect() or wolfSS_accept(). 2018-08-14 12:22:18 -06:00
Eric Blankenhorn bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734) 
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
 2018-08-12 12:53:29 -07:00
David Garske c4ea50b956 Fix for issue with using `CopyDecodedToX509` again for existing X509 and freeing the altNames in original. Fix was to use the `ssl->peerCert` directly for the index 0 cert. Improvement to make sure ex_data is always populated. Added NULL arg check on `wolfSSL_get_peer_certificate`. 2018-08-06 11:40:35 -07:00
toddouska b88d60ecbb
Merge pull request #1665 from ejohnstown/mr 
Prime Number Testing
 2018-08-03 12:50:27 -07:00
David Garske a43d4d16ba
Merge pull request #1719 from MJSPollard/OpenSSLAllFix 
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
 2018-08-02 15:20:27 -07:00
JacobBarthelmeh 782ea74fbf
Merge pull request #1732 from kojo1/Ticket-4169-2 
Ticket 4169: eliminate ssl->CBIORecv/Send overwritten in SSL_set_bio
 2018-08-02 14:58:25 -06:00
Eric Blankenhorn b248af6f84 Update from review 2018-08-02 10:59:07 -05:00
Takashi Kojo fd75f35801 fix cbioFlag check 2018-08-02 10:18:09 +09:00
John Safranek 7647d52d77 Prime Number Testing 
1. Remove a copy-paste error when clearing up the RNG used to test a prime.
2. Tag a some const test values as static in the wolfCrypt test.
 2018-08-01 14:49:06 -07:00
Eric Blankenhorn ba2f0fd8fc Fix for zd4179, 4181, 4182 2018-08-01 15:56:15 -05:00
Takashi Kojo 98f6ae16ca copy cbioFlag from ctx to ssl 2018-08-02 04:48:39 +09:00
Takashi Kojo 96c1a567f0 #4169: CBIO set flag to escape from overwritten in SSL_set_bio 2018-08-01 19:16:42 +09:00
John Safranek af89458af0 GCC-8 string fixes 
1. strncpy needs to include the source string's NULL.
2. Deleted a few redundant string modifications.
 2018-07-31 14:02:44 -07:00
John Safranek ed208efc4d GCC-8 string fixes 
1. Modify wolfSSL_get_ciphers() to limit the XSTRNCPY based on the dst buf length, not the src string.
 2018-07-31 14:02:44 -07:00
David Garske 2b3f94944d
Merge pull request #1723 from kaleb-himes/overhead-avoidance 
avoid overhead call to alloc and free when sigSz invalid
 2018-07-31 08:14:49 -07:00
David Garske 4eff7b641b First pass at bugs found with `./scripts/memtest.sh`. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in `wolfSSL_PEM_read_X509_CRL`. 2018-07-30 13:53:54 -07:00
Chris Conlon 1079b0e3b3
Merge pull request #1716 from cariepointer/osp/haproxy 
Define functions required by HAProxy and enable SSLV3 dependency
 2018-07-30 13:26:38 -06:00
Kaleb Himes d19b78d81a
Fix typo in comment 2018-07-30 12:17:55 -06:00
kaleb-himes 0ee4b88e74 avoid overhead call to alloc and free when sigSz invalid 2018-07-27 16:25:10 -06:00
MJSPollard 543cac65d8 Added boost define and openssl bug fix with WOLFSSL_KEY_GEN 2018-07-27 12:42:09 -06:00
Jacob Barthelmeh 74c4d31c07 sanity check on pkcs8 variable 2018-07-27 11:16:41 -06:00
Carie Pointer a1f69f0d64 Define functions required by HAProxy and enable SSLV3 dependency 2018-07-26 12:53:21 -07:00
toddouska 90367df13c
Merge pull request #1710 from SparkiDev/ed25519_only 
Changes to build with X25519 and Ed25519 only
 2018-07-25 14:24:03 -07:00
Jacob Barthelmeh f69c6e382c check if internal of WOLFSSL_RSA struct is already set 2018-07-23 17:17:27 -06:00
toddouska ab3ffaa26a
Merge pull request #1706 from SparkiDev/sha384_not_sha512 
Allow SHA384 to be compiled in without SHA512
 2018-07-23 09:47:49 -07:00
Sean Parkinson 6d3e145571 Changes to build with X25519 and Ed25519 only 
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
 2018-07-23 10:20:18 +10:00
Sean Parkinson 9433fcb820 Allow SHA384 to be compiled in without SHA512 2018-07-20 09:42:01 +10:00
MJSPollard 19dd08e191 requested style changes 2018-07-19 11:05:56 -06:00
MJSPollard db8939c578 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into wolfASIO 2018-07-18 11:10:35 -06:00
toddouska 436e774729
Merge pull request #1685 from SparkiDev/dh_max 
Add support for maximum DH key size
 2018-07-18 09:33:43 -07:00
toddouska 1840ae7013
Merge pull request #1693 from SparkiDev/stack_rsa 
Small stack fixes and ignore RSA fields in RSA_LOW_MEM
 2018-07-17 12:24:00 -07:00
Sean Parkinson c01c79349e Small stack fixes and ignore RSA fields in RSA_LOW_MEM 
Fix asn.c and rsa.c small stack to not have large stack variables.
In RSA code don't load or store dP, dQ or u when using RSA_LOW_MEM as
they are not used.
Fix SP to recognize RSA_LOW_MEM means to use d, private exponent.
Fix wc_CheckRsaKey to work with SP.
Fix sp_int to support mp_set_int for wc_CheckRsaKey().
 2018-07-17 11:05:38 +10:00
Sean Parkinson 514a949557 Small stack fixes 
Changes to DH and SSL/TLS code to dynamically allocate large stack
variables when compiled with WOLFSSL_SMALL_STACK.
 2018-07-17 09:04:00 +10:00
toddouska f0422bec41
Merge pull request #1681 from dgarske/pk_keygen 
Added ECC and Curve25519 Key Generation PK callback support
 2018-07-13 14:03:13 -07:00
toddouska 1337f7ddec
Merge pull request #1674 from dgarske/derchainsz 
Fix for max cert chain size calculation
 2018-07-13 13:53:35 -07:00
Eric Blankenhorn 9bc0e0c4fc Static analysis fixes (#1658) 
* Static analysis fixes
* Fixes for zd4071, zd4074, zd4093-zd4094, zd4096, zd4097-zd4104.
* Add test cases.
 2018-07-13 09:02:09 -07:00
Sean Parkinson ffc6cf4eb8 Add support for maximum DH key size 2018-07-13 17:36:42 +10:00
David Garske 81d13e15d5 Added ECC and Curve25519 Key generation callback support for `HAVE_PK_CALLBACKS`. The TLS server side ECDHE could not correctly handle PK callback based shared secret calculation using a hardware based generated key. Refactor internal functions to use the callback ctx getter API. 2018-07-12 11:52:54 -07:00
John Safranek 5908230d20 Prime Number Testing 
1. Fixed variable name typo in DH for the FFDHE 8192-bit q value.
2. Updated some error strings in wolfSSL_BN_is_prime_ex().
3. Changed the calls to mp_prime_is_prime_ex() in fp_randprime() and
mp_randprime() so they go back to the 8 rounds of MR, which is more than
adequate in this situation.
 2018-07-11 16:24:41 -07:00
David Garske 05cfeae3ce Fix for handling max cert chain size. It was not accounting for the 3 byte header in max size calculation. 2018-07-11 12:32:49 -07:00
John Safranek 0e06f6413d Prime Number Testing 
1. Update the function wolfSSL_BN_is_prime_ex to use mp_prime_is_prime_ex.
2. Modified fast and normal mp_prime_is_prime_ex() to use random numbers
that are in the range 2 < a < n-2.
 2018-07-10 14:30:53 -07:00
MJSPollard 4cbae0bca3 changes to make jenkins tests work 2018-07-10 13:34:16 -06:00
MJSPollard 3fc7424e03 implemented requested changes 2018-07-10 11:52:41 -06:00
MJSPollard d361a1aebd Merge branch 'master' of https://github.com/wolfSSL/wolfssl into wolfASIO 2018-07-10 11:04:53 -06:00
David Garske 9c2a5d2906 Further simplification of the PK verify wrapping to avoid malloc/free. Thanks Todd! 2018-07-06 16:21:43 -07:00
David Garske 595beb3fec Fixup for the removal of `const`. 2018-07-06 09:35:00 -07:00
David Garske 3cbcc872c1 Improved PK callback support for ConfirmSignature so certificate verification uses the callbacks. Retained wolfSSL/wolfCrypt isolation (I.E. no wolfSSL references from wolfCrypt). 2018-07-05 14:04:06 -07:00
toddouska ae54bae2fa
Merge pull request #1654 from SparkiDev/tls13_stapling 
TLS 1.3 OCSP Stapling
 2018-07-03 12:56:28 -07:00
MJSPollard ac0b31dee8 refactored and added defines for wolfSSL/Asio Compat 2018-07-03 11:07:15 -06:00
toddouska 77f11a6be9
Merge pull request #1649 from embhorn/zd4043 
Fix for memory leak in wolfSSL_BN_hex2bn
 2018-07-02 16:22:57 -07:00
toddouska 9f35d211e0
Merge pull request #1644 from JacobBarthelmeh/Compatibility-Layer 
add ca when getting chain from x509 store
 2018-07-02 16:22:11 -07:00
toddouska e17a16a45a
Merge pull request #1600 from dgarske/lighttpd 
Changes to support Lighttpd 1.4.49
 2018-07-02 16:18:41 -07:00
MJSPollard e319987579 Added wolfSSl compatability for Asio C++ library 2018-07-02 10:48:02 -06:00
Jacob Barthelmeh a9ff79e321 check return value 2018-07-02 10:10:30 -06:00
Sean Parkinson 0bf3a89992 TLS 1.3 OCSP Stapling 
Introduce support for OCSP stapling in TLS 1.3.
Note: OCSP Stapling v2 is not used in TLS 1.3.
Added tests.
Allow extensions to be sent with first certificate.
Fix writing out of certificate chains in TLS 1.3.
Tidy up the OCSP stapling code to remove duplication as much as
possible.
 2018-07-02 16:59:23 +10:00
Eric Blankenhorn ebb3eb87d1 Update from review 2018-06-29 11:02:10 -05:00
Eric Blankenhorn c6890d518e Fix resource leak in wolfSSL_BN_hex2bn 2018-06-29 09:44:01 -05:00
David Garske cd2971fb93 Abstracted code for setting options mask to improve `wolfSSL_CTX_set_options`, so it doesn't require allocating a WOLFSSL object. 2018-06-27 21:30:25 -07:00
David Garske 6dbca2b718 Fix to resolve the increased stack by allocating the temp `ssl` from the heap. 2018-06-27 19:44:34 -07:00
David Garske 66c2c65444 Changes to support Lighttpd 1.4.49: 
* Fix for `wolfSSL_CTX_set_options` to work correctly when no certificate has been set for WOLFSSL_CTX, otherwise this operation fails with `Server missing certificate`.
* Fix for bad argument name `time`.
* Fix for `warning: type of bit-field`: Allowed types for bit-fields are int and unsigned int only.
* Exposed `ERR_remove_thread_state` and `SSL_CTX_set_tmp_ecdh` for lighttpd
* Renamed `WOLFSSL_ERR_remove_thread_state` to `wolfSSL_ERR_remove_thread_state` and setup old name macro.
* Add missing newline on asn1.h.
* Whitespace cleanup in ssl.c.
 2018-06-27 19:44:34 -07:00
Sean Parkinson 7fbe1d3049 Fix support for OCSP and Nginx 
Store DER copy of CA certificate with signer when
WOLFSSL_SIGNER_DER_CERT is defined.
Keep the bad issuer error for later when compiling for OpenSSL
compatability.
Authority Info string needs to be passed back with a nul terminator.
 2018-06-28 08:48:06 +10:00
Jacob Barthelmeh af75145602 adjust macro guards 2018-06-27 16:13:46 -06:00
Jacob Barthelmeh c2c209fb89 add ca when getting chain from x509 store 2018-06-27 14:09:32 -06:00
connerwolfssl 13b7dad0fa documentation clean up, added check for asn generalized time 2018-06-27 10:22:47 -07:00
John Safranek 586874b997 Rename INLINE 
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
 2018-06-26 15:17:46 -07:00
John Safranek e6c7952f50 Merge master into fipsv2. Resolved a conflict in api.c. 2018-06-22 09:52:26 -07:00
Jacob Barthelmeh c98aca32c4 static analysis report fixes 2018-06-15 17:00:45 -06:00
Jacob Barthelmeh a1295b3148 memory management with test cases 2018-06-15 15:43:42 -06:00
toddouska 0d0aa74444
Merge pull request #1623 from dgarske/fix_atecc508a 
Fixes for build with `WOLFSSL_ATECC508A` defined
 2018-06-15 11:06:33 -07:00
Jacob Barthelmeh c03c10e1d4 move location of wolfSSL_d2i_RSA_PublicKey to fix x509 small build 2018-06-14 14:38:15 -06:00
David Garske 5b2bb44bc8 Fixes for build with `WOLFSSL_ATECC508A` defined. 2018-06-13 20:10:01 -07:00
John Safranek 5e516cc2e0 Merge branch 'master' into fipsv2 2018-06-12 10:10:50 -07:00
David Garske 292e9535ae Fix for `wolfSSL_ERR_clear_error` to call `wc_ClearErrorNodes` when its available (mismatched macros), which was incorrectly causing `test_wolfSSL_ERR_put_error` to fail. Added `test_wolfSSL_PEM_PrivateKey` test for ECC based key. Refactored the RNG test to only run the reseed test if `TEST_RESEED_INTERVAL` is defined. This is the test that was causing the tests/api.c to take so long to complete. Will add this macro to the enable options test. 2018-06-12 09:38:18 -07:00
David Garske e1890a4b0e Added some bad argument checks on compatibility functions `BIO_new_mem_buf` and `PEM_read_bio_PrivateKey`. 2018-06-12 09:38:18 -07:00
David Garske ad0a10441d Fixes for building with openssl compatibility enabled and no TLS client/server. 
Resolves issues building with:
`./configure --enable-opensslextra --disable-rsa --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`
`./configure --enable-opensslextra --disable-ecc --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`

Ticket 3872
 2018-06-12 09:38:18 -07:00
Chris Conlon a472325f89 return WOLFSSL_FAILURE on error from EVP_DigestUpdate() and EVP_DigestFinal() 2018-06-11 14:27:08 -06:00
John Safranek 7e9a32fffd FIPS Revalidation 
Merge branch 'master' into fipsv2. Using a merge instead of a rebase to retain commit IDs and tags.
 2018-06-06 12:43:15 -07:00
Takashi Kojo 3ff8c45aa8 FILE to XFILE 2018-06-01 09:30:20 +09:00
Go Hosohara b84f111d51 rebase with master branch and fix some code. 2018-05-30 17:15:07 +09:00
Go Hosohara 8cd357aa3a d2i_PKCS12_fp 2018-05-30 12:10:41 +09:00
Go Hosohara c715bb5ade X509_check_ca 2018-05-30 12:08:27 +09:00
Go Hosohara 3f6b7c8833 Merge with openSSL-Compat-CRL-STORE on kojo1/wolfssl 2018-05-30 12:08:27 +09:00
Go Hosohara 0fb446ad36 i2c_ASN1_INTEGER 2018-05-30 12:03:58 +09:00
Go Hosohara d7e4bbf1cf ASN1_STRING_print_ex 2018-05-30 11:56:43 +09:00
Go Hosohara 5c11e1440f ASN1_TIME_to_generalizedtime 2018-05-30 11:56:43 +09:00
Go Hosohara b1ef0c808e Add all stubs. 2018-05-30 11:56:42 +09:00
Go Hosohara 5ff460bb7f OPENSSL_add_all_algorightms_noconf 2018-05-30 11:53:18 +09:00
Go Hosohara 005284a127 ASN1_GENERALIZEDTIME_free 2018-05-30 11:53:17 +09:00
Go Hosohara 24ff55b085 RAND_poll 2018-05-30 11:53:17 +09:00
toddouska 2cf853d1f1
Merge pull request #1582 from SparkiDev/tls13_only 
Allow TLS 1.2 to be compiled out.
 2018-05-29 13:26:54 -07:00
Chris Conlon 16738f1449
Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE 
openSSL compatibility APIs: X509_CRL, STORE
 2018-05-29 09:47:22 -06:00
Takashi Kojo c60b60c50c #if condition to refer wc_PKCS12_new, wc_d2i_PKCS12 2018-05-26 16:02:51 +09:00
Takashi Kojo ba03f6e08b wolfSSL_d2i_PKCS12_fp 2018-05-26 13:04:06 +09:00
Takashi Kojo 3939eadf9c get derLen by RsaPublicKeyDerSize 2018-05-26 10:55:17 +09:00
Sean Parkinson ba8e441e53 Allow TLS 1.2 to be compiled out. 2018-05-25 11:00:00 +10:00
toddouska 453daee965
Merge pull request #1523 from SparkiDev/ed25519_key 
Allow Ed25519 private-only keys to work in TLS
 2018-05-24 09:56:17 -07:00
toddouska 87f9d0f141
Merge pull request #1566 from ejohnstown/tcp-timeout 
Fix TCP with Timeout
 2018-05-24 09:07:50 -07:00
Sean Parkinson 58f523beba Allow Ed25519 private-only keys to work in TLS 
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
 2018-05-24 08:43:28 +10:00
John Safranek b1ed852f36 Fix TCP with Timeout 
wolfSSL remains agnostic to network socket behavior be it blocking or non-blocking. The non-blocking flag was meant for the default EmbedRecvFrom() callback for use with UDP to assist the timing of the handshake.

1. Deprecate wolfSSL_set_using_nonblock() and wolfSSL_get_using_nonblock() for use with TLS sockets. They become don't-cares when used with TLS sessions.
2. Added functions wolfSSL_dtls_set_using_nonblock() and wolfSSL_dtls_get_using_nonblock().
3. Removed a test case from EmbedReceive() that only applied to UDP.
4. Removed the checks for non-blocking sockets from EmbedReceive().
5. Socket timeouts only apply to DTLS sessions.
 2018-05-23 11:29:16 -07:00
toddouska 2021bcb188
Merge pull request #1560 from dgarske/ciphernamecleanup 
Refactor of the cipher suite names to use single array
 2018-05-21 14:24:53 -06:00
toddouska e7de654b61
Merge pull request #1558 from dgarske/fsanitize 
Fixes for fsanitize reports
 2018-05-21 14:18:07 -06:00
Takashi Kojo 22078d6811 wc_Sha512 type 2018-05-20 15:50:16 +09:00
Takashi Kojo 874022d938 fix #if conditions and others 2018-05-20 13:55:47 +09:00
Takashi Kojo 153bcb5297 d2i_X509_fp 2018-05-20 13:55:47 +09:00
Takashi Kojo 460becf739 SHA256, SHA384, SHA512 2018-05-20 13:55:47 +09:00
Takashi Kojo c275dfc5ab X509_STORE_add_crl 2018-05-20 13:55:46 +09:00
Takashi Kojo 98ef7f43e1 use wolfSSL_X509_CRL_free instead of XFREE 2018-05-20 13:55:46 +09:00
Takashi Kojo c26bcdd199 Enable RSA_LoadDer with HAVE_FAST_RSA 2018-05-20 13:55:45 +09:00
Takashi Kojo ad71f44f3c suppress i2d_RSAPublicKey with HAVE_FAST_RSA 2018-05-20 13:55:45 +09:00
Takashi Kojo 6cef2e5d31 memory leak in d2i_X509_CRL 2018-05-20 13:55:45 +09:00
Takashi Kojo 76686c9e20 fix error return, i2d_RSAPublicKey 2018-05-20 13:55:44 +09:00
Takashi Kojo 2e4884b6f9 PEM_read_X509_CRL only with HAVE_CRL 2018-05-20 13:55:44 +09:00
Takashi Kojo 138f9f8f66 add wc_RsaKeyToPublicDer in asn.c when OPENSSL_EXTRA, fix wolfSSL_i2d_RSAPublicKey 2018-05-20 13:55:43 +09:00
Takashi Kojo 03846b2d2d d2i_RSAPublicKey, d2i_X509_CRL, d2i_X509_CRL_fp, X509_CRL_free, PEM_read_X509_CRL 2018-05-20 13:55:43 +09:00
David Garske 096456f466
Merge pull request #1565 from embhorn/zd3883 
wolfSSL_HMAC_Final parameter len should be optional
 2018-05-17 13:19:19 -07:00
Eric Blankenhorn 5cbb9e8341 wolfSSL_HMAC_Final parameter len should be optional 2018-05-17 08:53:21 -05:00
David Garske 8163225180 Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. 2018-05-16 15:29:27 -07:00
David Garske 52b66edf72 Fixes for a few more fsanitize issues. Added alignment for ForceZero. Added word32 aligned acceleration for ForceZeero. Added 'NO_ALIGNED_FORCEZERO' define to allow disabling aligned ForceZero acceleration. We cast the 24 left-shifts to word32 because compiler assumes signed int type, and a runtime value with MSB set results into runtime fsanitize error. 2018-05-16 13:27:13 -07:00
John Safranek 3be824ad68 Test Fixes 
1. Changed the _InitHmac() function in ssl.c to have a different name.
2. Added switch in ssl.c to use _InitHmac or _HMAC_Init depending on FIPS option.
 2018-05-16 15:47:13 -04:00
John Safranek 4f1dd3b9a7 Test Fixes 
1. Update gitignore with some more VS outputs.
2. Update the Windows IDE user settings with FIPSv2 settings.
3. Remove redundant _InitHmac() function from ssl.c.
4. In wc_DhGenerateParams(), initialize the groupSz and bufSz to 0.
5. In wc_DhExportParamsRaw(), initialize pLen, qLen, and gLen to 0.
6. In wc_MakeRsaKey(), initialize isPrime to 0.
7. In ecc_test_make_pub(), initialize exportBuf and tmp to NULL and initialize the ECC key before any chance of trying to free it.
8. In fips_test.h header, update types.h include to use the wolfCrypt types rather than ctaocrypt types.
9. In fips_test.h header, change the visibility tags on all the function prototypes to use the WOLFSSL tags rather than CYASSL.
10. Change the wolfCrypt visibility tags to use CyaSSL's tags for old FIPS and the regular tags for new FIPS and non-FIPS builds.
 2018-05-16 15:47:13 -04:00
toddouska b5e0499022
Merge pull request #1550 from dgarske/rsaverify 
Check returned size matches signature size for RSA verify in openssl compatibility
 2018-05-16 08:00:31 -07:00
toddouska bbc178a704
Merge pull request #1548 from JacobBarthelmeh/Testing 
fix ecc public key print with X509 print function
 2018-05-16 07:59:19 -07:00
David Garske f021375c4b Fixes for fsanitize reports. 2018-05-15 17:23:35 -07:00
David Garske 83257d662a Also check returned size matches for RSA verfiy in openssl compatability layer. 2018-05-11 17:09:07 +02:00
David Garske af9507391a Fixes and improvements for FreeRTOS AWS. Fixes for building openssl compatibility with FreeRTOS. Fixes for TLS 1.3 possibly uninitialized vars. 2018-05-11 16:40:32 +02:00
Jacob Barthelmeh 110c41613f cast on return of malloc 2018-05-09 14:50:26 -06:00
Jacob Barthelmeh 4f0893bda5 fix ecc public key print with X509 print function 2018-05-07 14:16:27 -06:00