WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
14,742 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

1547 Commits (dc7ae37f7a39cde7b38467148ce5a3788adc2e11)

Author SHA1 Message Date
Juliusz Sosinowicz 1b6b16c2c3 HaProxy 2.4-dev18 support 
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
    - `STACK_TYPE_X509_OBJ`
    - `OCSP_id_cmp`
    - `X509_STORE_get0_objects`
    - `X509V3_EXT_nconf_nid`
    - `X509V3_EXT_nconf`
    - `X509_chain_up_ref`
    - `X509_NAME_hash`
    - `sk_X509_NAME_new_null`
    - `X509_OBJECT_get0_X509`
    - `X509_OBJECT_get0_X509_CRL`
    - `ASN1_OCTET_STRING_free`
    - `X509_LOOKUP_TYPE`
    - `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
    - WOLFSSL_CTX
        - Enable all compiled in protocols
        - Allow anonymous ciphers
        - Set message grouping
        - Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
    - Return first that occured
    - Set correct value on date error
    - Set revoked error on OCSP or CRL error
    - Save value in session and restore on resumption
    - Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
 2021-07-06 15:39:23 +02:00
Jacob Barthelmeh ae00b5acd0 some minor changes for unintialized and null infer reports 2021-07-06 14:13:45 +07:00
TakayukiMatsuo 5df0f7820a Add wolfSSL_CTX_set_keylog_callback 2021-07-03 14:51:23 +09:00
TakayukiMatsuo 567d8ed704 Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition. 2021-07-02 10:50:00 +09:00
TakayukiMatsuo aef9e560b1 Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint. 2021-07-02 09:15:01 +09:00
David Garske 43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7 
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
 2021-07-01 17:03:56 -07:00
Chris Conlon 9179071af5
Merge pull request #4153 from JacobBarthelmeh/Testing 
fix for keyid with ktri cms
 2021-06-29 11:40:00 -06:00
David Garske 74b9b5a8cd
Merge pull request #4156 from SparkiDev/regression_fixes_1 
Regression test fixes
 2021-06-25 07:48:02 -07:00
Jacob Barthelmeh 5038a27cda add test cases and set content oid with decode encrypted data 2021-06-25 21:16:01 +07:00
Sean Parkinson dab6724059 Regression fixes: more configurations 
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
&& make
./configure --disable-aescbc --disable-chacha --disable-poly1305
--disable-coding && make
 2021-06-25 15:23:51 +10:00
Sean Parkinson 1994811d24
Merge pull request #4144 from haydenroche5/pkcs8 
Make a bunch of PKCS#8 improvements.
 2021-06-25 12:22:11 +10:00
Sean Parkinson 8592053856 Regression test fixes 
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
 2021-06-25 09:18:06 +10:00
Juliusz Sosinowicz 656e49cc3b Expand SHA-3 support 
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
 2021-06-24 19:31:43 +02:00
Hayden Roche b3401bd102 Make a bunch of PKCS#8 improvements. 
- Add doxygen documentation for wc_GetPkcs8TraditionalOffset, wc_CreatePKCS8Key,
wc_EncryptPKCS8Key, and wc_DecryptPKCS8Key.
- Add a new API function, wc_CreateEncryptedPKCS8Key, which handles both
creation of an unencrypted PKCS#8 key and the subsequent encrypting of said key.
This is a wrapper around TraditionalEnc, which does the same thing. This may
become a first-class function at some point (i.e. not a wrapper). TraditionalEnc
is left as is since it is used in the wild.
- Added a unit test which exercises wc_CreateEncryptedPKCS8Key and
wc_DecryptPKCS8Key. Testing wc_CreateEncryptedPKCS8Key inherently also tests
TraditionalEnc, wc_CreatePKCS8Key, and wc_EncryptPKCS8Key.
- Modified wc_EncryptPKCS8Key to be able to return the required output buffer
size via LENGTH_ONLY_E idiom.
- Added parameter checking to wc_EncryptPKCS8Key and wc_DecryptPKCS8Key.
 2021-06-23 08:39:20 -07:00
Sean Parkinson 2923d812bd
Merge pull request #4058 from miyazakh/qt_oslext_cs 
TLS: extend set_cipher_list() compatibility layer API
 2021-06-23 10:12:11 +10:00
Chris Conlon 4b3bd3e384
Merge pull request #4049 from miyazakh/set_verifyDepth_3 
Set verify depth limit
 2021-06-22 10:23:43 -06:00
Chris Conlon 446393bcab
Merge pull request #3793 from TakayukiMatsuo/os_base64 
Add wolfSSL_EVP_Encode/Decode APIs
 2021-06-22 10:19:30 -06:00
Chris Conlon b050463dce
Merge pull request #4059 from miyazakh/qt_unit_test 
fix qt unit test
 2021-06-22 10:12:48 -06:00
Jacob Barthelmeh 647bde671c macro guard on test case 2021-06-22 22:56:35 +07:00
Jacob Barthelmeh 3cd43cf692 fix for keyid with ktri cms 2021-06-22 21:33:12 +07:00
David Garske c4ea64b7fc
Merge pull request #4140 from SparkiDev/set_sig_algs 2021-06-21 19:18:10 -07:00
Sean Parkinson 7224fcd9bc TLS: add support for user setting signature algorithms 2021-06-18 16:19:01 +10:00
Hideki Miyazaki 1ebb4a47f6
addressed jenkins failure 2021-06-18 11:22:20 +09:00
Hideki Miyazaki 4feedb72cc
simulate set_ciphersuites comp. API 2021-06-18 11:22:19 +09:00
Hideki Miyazaki ddf2a0227f
additional fix for set verify depth to be compliant with openssl limit 2021-06-18 11:00:51 +09:00
Hideki Miyazaki 951de64e2c
set PSK at the beginning 2021-06-18 07:59:35 +09:00
Eric Blankenhorn 1307972344 Update use of joi cert and add to renew script. 2021-06-16 13:55:36 -05:00
TakayukiMatsuo 9e02655ac4 Merge remote-tracking branch 'upstream/master' into os_base64 2021-06-16 23:19:52 +09:00
Sean Parkinson b73673a218
Merge pull request #3794 from TakayukiMatsuo/os_keyprint 
Add wolfSSL_EVP_PKEY_print_public
 2021-06-16 08:43:41 +10:00
TakayukiMatsuo c6680d08ba Fix coding issues 2021-06-15 11:16:38 +09:00
David Garske 77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup 
Fixes for some `-pedantic` errors
 2021-06-14 13:46:39 -07:00
David Garske fd6b30ef32
Merge pull request #4111 from elms/silabs/fix_ecc_shared_secret_outlen 
silabs: fix `wc_ecc_shared_secret` to only return x coordinate
 2021-06-14 13:44:00 -07:00
Chris Conlon a8d185cb9e
Merge pull request #4117 from TakayukiMatsuo/tk12403 
Add null-parameters-test cases for SHA(), SHA224(), MD5() and MD5_xxx().
 2021-06-14 13:52:01 -06:00
Elms ed4cf6e91c silabs: fix `wc_ecc_shared_secret` to only return x coordinate 
secure element computes and returns the full coordinate. The wolfSSL
API should only return the x component.
 2021-06-13 21:46:23 -07:00
TakayukiMatsuo ebec2fbd25 Fixed uninitialized parameter for Base16_Encode 2021-06-14 13:45:12 +09:00
Hideki Miyazaki 6d3b9aec80
fix api compile failure 2021-06-12 09:24:11 +09:00
TakayukiMatsuo ed5cb0a1bd Modified along the revire comments 2021-06-11 21:08:27 +09:00
TakayukiMatsuo 779e3701e6 Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint 2021-06-11 13:56:52 +09:00
Sean Parkinson 36a9cd3010
Merge pull request #3911 from TakayukiMatsuo/tk11851 
Fix SSL_read behaving differently from openSSL after bidirectional shutdown
 2021-06-11 10:25:39 +10:00
Sean Parkinson 3ecb8d5a3e
Merge pull request #4062 from dgarske/dh_key 
DH Key and Params Export cleanups and Apache httpd fixes
 2021-06-10 20:54:32 +10:00
TakayukiMatsuo 4d3f2f92fd Add test cases for SHA(), SHA224(), MD5() and MD5_xxx() to test with null parameters. 2021-06-10 16:40:51 +09:00
David Garske c6c7dfd5db
Merge pull request #4053 from SparkiDev/cppcheck_fixes_6 
cppcheck: fixes from reviewing report
 2021-06-09 12:51:30 -07:00
Sean Parkinson 9580574382
Merge pull request #3999 from dgarske/user_io 
Fixes for building with `WOLFSSL_USER_IO`
 2021-06-09 08:55:36 +10:00
Sean Parkinson 70d2c838bb
Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX 
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
 2021-06-09 08:52:05 +10:00
David Garske 6db0b42c7f * Refactor of DH key and param exports code (moved into asn.c) enabled with `WOLFSSL_DH_EXTRA`. 
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
 2021-06-08 09:27:26 -07:00
TakayukiMatsuo 0186d19aba Fix some coding style issues. 2021-06-08 16:25:28 +09:00
Sean Parkinson 88322b82a5
Merge pull request #3871 from julek-wolfssl/openvpn-master 
OpenVPN additions and fixes
 2021-06-08 13:54:14 +10:00
Sean Parkinson 8ee1dda2f9
Merge pull request #4001 from dgarske/time_long 
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
 2021-06-08 11:17:55 +10:00
Elms 5c01613acb Add GCC extension to bypass select `-pedantic` warnings 
Add wrapper macro for `__extension__` to suppress pedantic warnings
 2021-06-07 15:38:15 -07:00
David Garske 3e307aa626
Merge pull request #4091 from JacobBarthelmeh/Testing 
add strict check on signature length
 2021-06-07 11:02:02 -07:00
Jacob Barthelmeh f97ca1c1ca adjust test case and add useful comments 2021-06-07 19:44:05 +07:00
Sean Parkinson 898b9d5e24
Merge pull request #4084 from dgarske/sp_math_keygen 
Fix for building SP small math only (no DH) with key generation
 2021-06-07 10:48:01 +10:00
Jacob Barthelmeh c245c4a812 add strict check on signature length 2021-06-05 03:09:33 +07:00
Chris Conlon 961773b384
Merge pull request #4079 from lealem47/PKCS12UnitTest 
Pkcs12 unit test
 2021-06-03 16:07:54 -06:00
David Garske 21060afb80 Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error. 2021-06-03 10:56:54 -07:00
TakayukiMatsuo 195ca2b3f0 Add corner test cases for EVP_EncodeFinal and EVP_DecodeFinal 2021-06-03 20:02:48 +09:00
Chris Conlon 6cfb982740
Merge pull request #3981 from miyazakh/qt_oslext_cnf 
Added compatibility layer API
 2021-06-01 15:25:37 -06:00
Lealem Amedie 72fc7e62b8 Fixed spacing 2021-06-01 14:47:51 -06:00
kaleb-himes 94831eadf1 Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag 2021-06-01 11:38:17 -06:00
Lealem Amedie 03a5395b53 Fixed casting issue 2021-06-01 09:46:30 -06:00
Lealem Amedie 2db233d10e Added wolfssl_PKCS12_verify_mac testing in test_wolfSSL_PKCS12() function in api.c 2021-05-28 16:33:46 -06:00
Elms 7a98c517e4 Fixes for some `-pedantic` errors 
Some of the API with callbacks may not be compatible with pedantic
 2021-05-27 14:46:45 -07:00
TakayukiMatsuo d1e3be1f43 Replace return code from literal to value 2021-05-27 06:20:34 +09:00
David Garske 41af3da0e3
Merge pull request #4057 from SparkiDev/no_tls12_pkcb 
TLS: fix build with no TLSv12 but PK callbacks
 2021-05-25 15:26:40 -07:00
Hideki Miyazaki af67965f65
addressed jenkins failures part1 2021-05-26 06:07:48 +09:00
Hideki Miyazaki 33e91c577f
added unit test cases for cmdline 2021-05-26 06:07:47 +09:00
Hideki Miyazaki 394c0b5cdc
implemented CONF_cmd 2021-05-26 06:07:47 +09:00
Sean Parkinson e1bc0c4447 EVP AES-GCM Streaming: must free Aes 
AES streaming implementation allocates data in Aes objects, when small
stack, that needs to be freed.
Fix memory leaks in streaming test case too.
 2021-05-25 15:57:09 +10:00
Sean Parkinson 6747055d46 TLS: fix build with no TLSv12 but PK callbacks 
./configure '--disable-tlsv12' '-enable-pkcallbacks'
Disable non-TLS13 cipher suite test as well.
 2021-05-21 10:59:23 +10:00
Sean Parkinson 2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
TakayukiMatsuo 8c71fb4113 Add test cases for wc_ShaxxxUpdate funcs 2021-05-14 09:46:21 +09:00
Juliusz Sosinowicz 5865dc08dd Code review changes 2021-05-13 15:21:33 +02:00
Chris Conlon c75830e2e8
Merge pull request #4011 from miyazakh/set_verify_depth2 
fix out of bound access when peer's chain is greater than verifyDepth + 1
 2021-05-11 15:38:39 -06:00
David Garske fce9870a64
Merge pull request #4020 from ejohnstown/options-export 
New Option Export/Import
 2021-05-11 09:10:17 -07:00
John Safranek d74b74d156
Also adjust for v3 of export, and update the API test case. 2021-05-10 18:06:31 -07:00
David Garske db7888ceaa Fix for the unmodified check for AesCbc test. 2021-05-10 10:04:50 -07:00
David Garske c88afdef87 Fixes for building with `WOLFSSL_USER_IO` (with no built-in socket support). Related to issue #3998. 2021-05-06 11:07:05 -07:00
Hideki Miyazaki 2a39f1dc5c
fixed memory leak 2021-05-06 16:55:51 +09:00
Hideki Miyazaki 93f04543b0
fixed unit test intermittent failure 2021-05-06 15:40:24 +09:00
Hideki Miyazaki 0539b99c86
fix boundary access when peer's chain is less than verifyDepth + 1 2021-05-06 14:54:16 +09:00
Hayden Roche 822aa92fcc Fix test_wolfSSL_CertManagerCheckOCSPResponse. 
This test broke once we went past the nextUpdate time in the static, raw OCSP
response being used. This change makes it so that response is valid until 2048.
 2021-05-03 15:26:39 -07:00
David Garske 6e0197e171
Merge pull request #4002 from kabuobeid/smime_fixes 
S/MIME: Canonicalize multi-part messages before hashing.  Improve error checking in wc_MIME_parse_headers.
 2021-05-03 09:24:43 -07:00
Kareem Abuobeid effcecf40d S/MIME: Add non-canonicalized test case 2021-04-30 15:07:37 -07:00
David Garske f8ecd4b441 Fixes for building with `NO_ASN_TIME`. If used with TLS user must supply `LowResTimer` and `TimeNowInMilliseconds`. 2021-04-30 15:04:31 -07:00
Chris Conlon 57e03d7e2f
Merge pull request #3961 from miyazakh/qt_oslext_pskss_cb 
added psk session callback compatibility layer API
 2021-04-30 14:26:44 -06:00
TakayukiMatsuo c4782a7a1c Fix macro guard for wolfSSL_CRYPTO_get_ex_new_index and get_ex_new_index. 2021-04-28 10:41:49 +09:00
TakayukiMatsuo 9c0ff73370 Add wolfSSL_CRYPTO_get_ex_new_index 2021-04-28 10:38:53 +09:00
Hideki Miyazaki 0e40293798
added psk session callback 2021-04-28 10:08:21 +09:00
David Garske 385e0bedaa
Merge pull request #3990 from haydenroche5/ocsp_bug 
Fix CompareOcspReqResp.
 2021-04-27 17:07:58 -07:00
Chris Conlon edb0beb9b6
Merge pull request #3969 from TakayukiMatsuo/koyo 
Add wolfSSL_DH_get0_pqg
 2021-04-27 17:52:17 -06:00
Chris Conlon 6fad8c4a57
Merge pull request #3975 from TakayukiMatsuo/resumable 
Add implementation for wolfSSL_SESSION_is_resumable.
 2021-04-27 16:45:34 -06:00
Hayden Roche 73076940af Fix CompareOcspReqResp. 
There was a bug in this function that could cause a match to be reported even
when the OCSP request and response in fact had a mismatch.
 2021-04-27 13:54:43 -07:00
Hideki Miyazaki 6d381a6c7f
do nothing when version is zero 2021-04-27 21:13:19 +09:00
Hideki Miyazaki 3b070e1bd0
add MIN/MAX_PROTO into CTX_ctrl 
add unit test for min/max proto of CTX ctrl
 2021-04-27 21:13:17 +09:00
toddouska 91e90f7a98
Merge pull request #3604 from haydenroche5/stunnel 
Make changes to get latest verison of stunnel (5.57) working with wolfSSL.
 2021-04-23 15:41:22 -07:00
toddouska c3fefc6e27
Merge pull request #3889 from douzzer/network-introspection 
--enable-wolfsentry
 2021-04-23 15:38:01 -07:00
TakayukiMatsuo 2b6f623777 Add implementation for wolfSSL_SESSION_is_resumable. 2021-04-23 11:12:20 +09:00
TakayukiMatsuo c442841e4a Fix some along review. 2021-04-23 10:53:22 +09:00
TakayukiMatsuo d22ed7443b Fix unit test. 2021-04-23 09:47:24 +09:00
TakayukiMatsuo 568c09bcde Add guard to the unit test 2021-04-23 09:47:24 +09:00