WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
13,758 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

1332 Commits (e074513d38d6aa6ac6a711798f6b53d523d16530)

Author SHA1 Message Date
toddouska 90d45028cc
Merge pull request #3781 from fabiankeil/NO_WOLFSSL_STUB-build-fix 
Fix build with  NO_WOLFSSL_STUB
 2021-03-04 11:07:26 -08:00
Jacob Barthelmeh 69a0b643be removing some magic numbers 2021-03-03 18:45:40 +07:00
TakayukiMatsuo bbf1284112 Replace immediate value "0" with WOLFSSL_FAILURE and add comment to the RETURN_CODE macro 2021-03-03 11:23:11 +09:00
Elms 4ff886dbda test: fix compile with session-ticket without AES-GCM 
EVP compat layer doesn't support poly chacha so test shouldn't be
included to try and test it.
 2021-03-02 08:40:19 -08:00
Juliusz Sosinowicz 39a28eeec2 Add RSA_NO_PADDING to wolfSSL_RSA_private_encrypt 2021-03-01 13:21:26 +01:00
TakayukiMatsuo a54e3aadea Fix for PR tests 2021-02-26 12:42:42 +09:00
TakayukiMatsuo ec471af9c5 Add following stub funcs: 
- wolfSSL_THREADID_current
- wolfSSL_THREADID_hash
- wolfSSL_CTX_set_ecdh_auto
 2021-02-26 11:26:10 +09:00
Hayden Roche 10181b7bbf Add support for OpenSSL compatibility function SSL_CTX_get_min_proto_version. 
This is needed by socat-1.7.4.1.
 2021-02-25 17:04:41 -06:00
Juliusz Sosinowicz 2eb253330f Implement `AES_wrap_key` and `AES_unwrap_key` 
Add `wc_AesKeyWrap_ex` and `wc_AesKeyUnWrap_ex` API to accept an `Aes` object to use for the AES operations
 2021-02-25 20:01:51 +01:00
toddouska 94a23c1d48
Merge pull request #3646 from julek-wolfssl/nginx-1.19.6 
Add support for Nginx 1.19.6
 2021-02-24 12:21:51 -08:00
toddouska 5eba89c3ca
Merge pull request #3742 from julek-wolfssl/error-queue-per-thread 
Add --enable-error-queue-per-thread
 2021-02-23 12:02:16 -08:00
Juliusz Sosinowicz d074e7443f Remove default ticket cb as this will be added in another PR 2021-02-23 10:06:11 +01:00
TakayukiMatsuo 9e4dcfb66c Add wolfSSL_BIO_tell 2021-02-23 11:12:12 +09:00
TakayukiMatsuo 4264a49246 Causes SSL_CTX_load_verify_locations and X509_LOOKUP_load_file to return zero on failure if WOLFSSL_ERR_CODE_OPENSSL is defined 2021-02-22 08:05:11 +09:00
Fabian Keil 2002ae9dca tests/api.c: Fix build with NO_WOLFSSL_STUB defined 2021-02-19 05:45:19 +01:00
Sean Parkinson fa7b5f55ee TLS 1.3: add API to tell if a KeyUpdate response is required 2021-02-19 10:21:08 +10:00
Eric Blankenhorn d31f184c49 Adding tests 2021-02-17 13:34:38 -06:00
Juliusz Sosinowicz b8f841599c Add --enable-error-queue-per-thread 2021-02-16 16:08:13 +01:00
Juliusz Sosinowicz 0ae1a8b8c5 Jenkins fixes 
- Change pushCAx509Chain to an iterative implementation
- Fix variable names shadowing global names
 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz 26df833074 Compat layer session tickets 
- OpenSSL uses an internal mechanism by default for session tickets. This is now implemented for OPENSSL_EXTRA in wolfSSL.
- Add testing of wolfSSL_CTX_set_tlsext_ticket_key_cb
 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz 9a1e54cfd5 Nginx 1.19.6 Fixes 2021-02-16 14:25:45 +01:00
Sean Parkinson ba1c67843a
Merge pull request #3752 from JacobBarthelmeh/Jenkins 
changes from nightly Jenkins test review
 2021-02-15 16:32:40 +10:00
toddouska fc005f941c
Merge pull request #3750 from embhorn/buffer_conflict 
Fix use of 'buffer' in test
 2021-02-12 13:59:18 -08:00
Jacob Barthelmeh 1c852f60ab fix for g++ build 2021-02-12 23:26:54 +07:00
Jacob Barthelmeh a49c867b38 increase test buffer size for updated pkcs7 bundle 2021-02-12 23:16:04 +07:00
Eric Blankenhorn 2ac826c37e Fix use of 'buffer' in test 2021-02-11 15:58:26 -06:00
toddouska 81dcf0d28b
Merge pull request #3640 from tmael/evp_rsa2 
Remove EVP_PKEY_RSA2
 2021-02-11 13:51:46 -08:00
toddouska 39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
toddouska 032cc1645c
Merge pull request #3713 from SparkiDev/tls_def_sess_ticket_cb 
TLS Session Ticket: default encryption callback
 2021-02-10 16:13:33 -08:00
toddouska 67b1280bbf
Merge pull request #3545 from kabuobeid/smime 
Added support for reading S/MIME messages via SMIME_read_PKCS7.
 2021-02-10 15:59:32 -08:00
Sean Parkinson 0403f5f18d
Merge pull request #3744 from JacobBarthelmeh/Certs 
run renewcerts.sh script
 2021-02-11 09:43:49 +10:00
Jacob Barthelmeh 41e5e547c4 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
Jacob Barthelmeh 3c0563908f openssl x509 small with req cert gen 
add test for build case with x509small and add back in function

adjust macro guard for i2d_X509_NAME implementation

add macro guard on test case
 2021-02-10 21:48:29 +07:00
Sean Parkinson 794cb5c7a9 TLS Session Ticket: default encryption callback 
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
 2021-02-10 14:31:54 +10:00
Chris Conlon 012841bba3
Merge pull request #3738 from embhorn/cmp_layer_high 
Compatibility layer API
 2021-02-09 08:33:41 -07:00
Chris Conlon 71b495c422
Merge pull request #3712 from miyazakh/RND_bytes 
handle size greater than RNG_MAX_BLOCK_LEN
 2021-02-09 08:26:30 -07:00
Kareem Abuobeid a4e819c60a Added support for reading S/MIME messages via SMIME_read_PKCS7. 2021-02-08 17:14:37 -07:00
toddouska f14f1f37d2
Merge pull request #3673 from elms/ssl_api/get_verify_mode 
SSL: add support for `SSL_get_verify_mode`
 2021-02-08 15:40:19 -08:00
Eric Blankenhorn de47b9d88a Adding X509_VERIFY_PARAM API 2021-02-08 08:25:14 -06:00
Hideki Miyazaki 431e1c8ffe
handle size greater than RNG_MAX_BLOCK_LEN 2021-02-03 12:23:36 +09:00
Juliusz Sosinowicz 542e0d79ec Jenkins Fixes 
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz 69dca4fd08 Rebase fixes 
- wolfSSL_CTX_set1_groups_list and wolfSSL_set1_groups_list should use wolfSSL_CTX_set1_groups and wolfSSL_set1_groups respectively because it converts to correct groups representation
- Change to using "SHA1" as main name for SHA1
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz c18701ebe7 Implement RFC 5705: Keying Material Exporters for TLS 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz 3494218d98 Implement missing functionality for OpenVPN 2.5 2021-02-02 12:06:11 +01:00
toddouska 6e0e507dad
Merge pull request #3660 from dgarske/sess_ticket_aes_gcm 
Added support for AES GCM session ticket encryption
 2021-01-25 15:00:03 -08:00
toddouska f91dcb950c
Merge pull request #3670 from dgarske/keil 
Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`.
 2021-01-25 14:57:05 -08:00
toddouska cf9e4f0caf
Merge pull request #3518 from julek-wolfssl/openssh-fixes-v2 
Fixes for openssh
 2021-01-25 14:45:56 -08:00
David Garske 05e1ee1694 Cleanup to use fixed sizes from defines for `DECLARE_VAR`. Resolves issue with Visual Studio and using a variable (even const) to declare an array size. 2021-01-25 09:14:12 -08:00
Tesfa Mael d29518ecac Remove duplicate macro 2021-01-22 13:02:30 -08:00
Elms 21ac86adb3 SSL: refactor SSL verify mode to be more compatible 
This follows the bit flag pattern closer. Still doesn't support
`SSL_VERIFY_CLIENT_ONCE` and maybe other flags.
 2021-01-22 12:17:07 -08:00
David Garske 13468d34e3 Apply same VS fixes to api.c as well. 2021-01-22 10:50:18 -08:00
David Garske 9012317f5b Fix copy/paste typo. 2021-01-21 17:41:11 -08:00
David Garske 1ee40ad7bd Fix to always init the variable (not just when from heap). Cleanup of the `DECLARE_` uses to make sure all allocations succeeded. 2021-01-21 17:12:29 -08:00
David Garske 830b3cb676
Merge pull request #3653 from kojo1/fopen_binMode 
binary mode, fopen
 2021-01-21 16:20:07 -08:00
Elms 95d83c9856 SSL: refactor to allow session override or mode 2021-01-21 16:03:02 -08:00
Elms 7112a6dd78 SSL: add test and fix `SSL_get_verify_mode` 2021-01-21 14:20:27 -08:00
David Garske 17f101ef13 Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`. 2021-01-20 16:57:30 -08:00
David Garske 219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
toddouska 279c3f4c1b
Merge pull request #3614 from SparkiDev/aes_test_fix 
AES test: Remove unneeded loop
 2021-01-18 15:22:06 -08:00
toddouska 1e9394d5a8
Merge pull request #3627 from elms/EVP/ofb_rc4_size 
EVP: return proper cipher type and block size
 2021-01-18 15:13:55 -08:00
Takashi Kojo d72f0a50f4 binary mode fopen to avoid auto expand to CR/LF on Widonws 2021-01-15 06:05:55 +09:00
Elms 8fec1de07c EVP: address CTR block size 2021-01-11 12:03:01 -08:00
Elms 3b07f5d8e3 EVP: expand tests for `EVP_CIPHER_block_size` 2021-01-11 12:03:01 -08:00
Elms a6535528f3 EVP: add tests for openssl block size (including RC4) 2021-01-11 12:03:01 -08:00
Juliusz Sosinowicz a745947498 Code review changes 2021-01-08 15:27:30 +01:00
Sean Parkinson fa86c1aa91 Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options 
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.

Also fix up tests that don't work without TLS 1.3 enabled.
 2021-01-06 14:19:57 +10:00
Sean Parkinson 68c2e36ad5 AES test: Remove unneeded loop 2021-01-04 12:43:34 +10:00
toddouska 7e5f838f48
Merge pull request #3577 from dgarske/releasefixes_async 
Release fixes for asynchronous crypto
 2020-12-18 14:10:01 -08:00
toddouska cdc0753bfb
Merge pull request #3571 from JacobBarthelmeh/Testing 
Some initial testing and clean up
 2020-12-18 14:05:26 -08:00
David Garske e49409b13a Fix api.c tests using "free()" instead of "XFREE" causing issues with custom allocators. 2020-12-17 16:08:46 -08:00
Chris Conlon 420a040774 fix WOLFSSL_ASYNC_CRYPT usage in test.c, test_wolfSSL_OBJ_ln() in api.c 2020-12-17 11:08:36 -07:00
Juliusz Sosinowicz c03744db61 Refactor wc_CheckPrivateKey 
- Change wc_CheckPrivateKey to wc_CheckPrivateKeyCert and wc_CheckPrivateKey
- wolfSSL_X509_check_private_key no longer needs to decode cert to check key
- Fix scope in api.c
 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz dc266bc524 Call X509_REQ_get_extensions and X509_get_ext_by_NID on a CSR object 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz 383df620bf Add CSR test with Extension Request attribute 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz 77c730361e Jenkins fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz 25f5427bdd Rebase and test fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz b528a1a344 Plug memory leaks 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 7df8f2e2bb Internal unit tests 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2197748a51 Implement wolfSSL_X509_check_private_key 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 6a635b339c Fixes 
- Fix challengePw copy in ReqCertFromX509
- Proper header length in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio
- Special case for extended key usage in wolfSSL_OBJ_cmp
- Numerical input in wolfSSL_OBJ_txt2obj can just be encoded with EncodePolicyOID. Searching for the sum can return wrong values since they are not unique.
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 86d2177876 wolfSSL_X509_resign_cert updates x509 der buffer as well 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 42d4f35a98 Implement OpenSSL Compat API: 
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz be98404b3b Implement wolfSSL_X509_REQ_verify 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 4aa30d0bde Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509 
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 1e26238f49 Implement/stub the following functions: 
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs

Add cms.h file to avoid including the OpenSSL version.
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 7bd0b2eb44 Implement ASN1_get_object 2020-12-17 14:26:30 +01:00
Jacob Barthelmeh a948066f86 some infer fixes 2020-12-17 01:49:48 +07:00
Sean Parkinson 75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
JacobBarthelmeh e0b0c329b3 build fix for --enable-afalg 2020-12-15 10:50:57 -07:00
toddouska 38a11368e0
Merge pull request #3557 from JacobBarthelmeh/Cert-Report2 
Strict alt names check with DIR name constraint
 2020-12-15 08:51:55 -08:00
Sean Parkinson 8b2bd1277a
Merge pull request #3551 from douzzer/fix-unit-test-EVP-arc4-32-bit 
32 bit targets vs test_wolfSSL_EVP_X_STATE_LEN()
 2020-12-11 16:46:10 +10:00
Jacob Barthelmeh 04e22b0747 add restriction to excluded DIR name constraint 2020-12-11 10:00:11 +07:00
Jacob Barthelmeh f00263889b add test case 2020-12-11 08:20:48 +07:00
Chris Conlon 21625ab0c2
Merge pull request #3533 from JacobBarthelmeh/PKCS7 
fix for PKCS7 decompress
 2020-12-09 14:00:42 -07:00
Daniel Pouzzner 181f439028 api.c: in test_wolfSSL_EVP_X_STATE_LEN(), fix assert on size of EVP state to work on 32 bit targets. 2020-12-09 14:04:16 -06:00
toddouska f31b41fcca
Merge pull request #3495 from haydenroche5/httpd 
Add OpenSSL compatibility functions for latest version of Apache httpd
 2020-12-09 09:55:13 -08:00
toddouska 367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Jacob Barthelmeh 081cea7405 set optional limit on max decompression buffer size 2020-12-08 20:16:27 +07:00
Hayden Roche 03c7e52f5f Add OpenSSL compatibility functions for Apache httpd's OCSP module. 2020-12-03 11:22:43 -06:00