feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
17,412 Commits 28 Branches 172 Tags
b87b255d5280604f93bacb2d6170bb7c30169af3
Commit Graph

1965 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
21a5a571e8 Fix test_wolfSSL_BIO_should_retry test 
When `OPENSSL_COMPATIBLE_DEFAULTS` is defined then `SSL_MODE_AUTO_RETRY` is set on context creation. For this test we need to clear this mode so that the `WOLFSSL_CBIO_ERR_WANT_READ` can propagate up to the user.
 2021-12-17 12:32:25 +01:00
David Garske
dec78169bf Merge pull request #4658 from julek-wolfssl/apache-2.4.51 
Add Apache 2.4.51 support
 2021-12-16 08:52:10 -08:00
Juliusz Sosinowicz
e78f7f734e Add Apache 2.4.51 support 
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
 2021-12-16 12:39:38 +01:00
Chris Conlon
5172130287 add wc_GetPubKeyDerFromCert(), get pub key DER from DecodedCert 2021-12-15 11:04:52 -07:00
Hayden Roche
92d207a1cd Add wc_d2i_PKCS12_fp to parse a PKCS #12 file directly in wolfCrypt. 2021-12-13 15:28:34 -08:00
Daniel Pouzzner
355b779a3e feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c. 2021-12-11 14:08:04 -06:00
Hayden Roche
6764e7c15f Make wolfCrypt ASN cert parsing functionality public. 
Currently, the `ParseCert` function is only available if `WOLFSSL_ASN_API` is
defined to `WOLFSSL_API`. The only way to achieve this without enabling the
compatibility layer is to define `WOLFSSL_TEST_CERT`. There are users defining
this so that they can parse certs with wolfCrypt, even though this doesn't seem
to be the original intent of the define. This commit adds the function
`wc_ParseCert` to the public wolfCrypt API. It's simply a wrapper around
`ParseCert`. Similarly, this commit adds `wc_InitDecodedCert` and
`wc_FreeDecodedCert` to the public API, which are wrappers around
`InitDecodedCert` and `FreeDecodedCert`, respectively.
 2021-12-10 10:43:28 -08:00
Sean Parkinson
6da0cc1ced Merge pull request #4600 from dgarske/cust_oid 
Support for Custom OID in subject and CSR request extension
 2021-12-09 11:24:30 +10:00
David Garske
b4c6140b64 Merge pull request #4442 from julek-wolfssl/kerberos 
Add Kerberos 5 support
 2021-12-02 09:07:34 -08:00
David Garske
5c172ca955 Merge pull request #4622 from douzzer/fix-wolfsentry-build 
wolfsentry fixes re HAVE_EX_DATA and wolfsentry_sockaddr
 2021-12-01 08:16:07 -08:00
Sean Parkinson
d06ada2ccc Merge pull request #4610 from julek-wolfssl/nginx-1.21.4 
Add support for Nginx 1.21.4
 2021-12-01 22:27:12 +10:00
Juliusz Sosinowicz
aac1b406df Add support for Nginx 1.21.4 
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
 2021-12-01 09:49:52 +01:00
Daniel Pouzzner
3f65916f3a HAVE_EX_DATA: fix wolfssl/ssl.h and tests/api.c to build -DHAVE_EX_DATA but -UOPENSSL_EXTRA. 2021-11-30 23:39:16 -06:00
JacobBarthelmeh
b69a1c860c Merge pull request #3996 from cconlon/pkcs7_detachedhash 
adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature
 2021-11-30 12:46:46 -08:00
David Garske
7524ededd3 Support for Custom OID in subject and CSR request extension: 
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
 2021-11-23 09:51:13 -08:00
Juliusz Sosinowicz
1d7b2de074 Code review changes 2021-11-22 11:48:31 +01:00
Juliusz Sosinowicz
3da810cb1b Implement OpenSSL API's 
- `OBJ_DUP`
- `i2d_PKCS7`
- `BN_rshift1
- `BN_rshift` testing
- Add `--enable-krb`
 2021-11-22 11:47:58 +01:00
Juliusz Sosinowicz
e7c5f137be Implement BN_rand_range 2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz
ccbe184434 Implement CTS 
Ciphertext stealing on top of CBC is implemented with `wolfSSL_CRYPTO_cts128_encrypt` and `wolfSSL_CRYPTO_cts128_decrypt` APIs
 2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz
fa662c2ab1 AES_cbc_encrypt enc parameter flipped. 1 = encrypt 0 = decrypt 
This change makes the `enc` parameter of `AES_cbc_encrypt` consistent with OpenSSL. This commit flips the meaning of this parameter now.
 2021-11-22 11:45:27 +01:00
Chris Conlon
c3500fa24e Merge pull request #4581 from miyazakh/max_earlydata 
add get_max_eraly_data
 2021-11-19 09:42:01 -07:00
Sean Parkinson
5a72fee3df Disable algorithms: fixes 
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
 - mp_cond_copy not available unless ECC compiled in
 - wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
 2021-11-19 16:56:33 +10:00
David Garske
2841b5c93b Merge pull request #3010 from kaleb-himes/ZD10203 
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
 2021-11-18 14:47:25 -08:00
Hideki Miyazaki
7da0d524ff add get_max_eraly_data 
support set/get_max_eraly_data compatibility layer
 2021-11-18 09:07:32 +09:00
Masashi Honma
4800db1f9d Enable max/min int test even when non 64bit platform 
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-18 06:58:21 +09:00
Juliusz Sosinowicz
361975abbc Refactor sk_*_free functions 
Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.
 2021-11-12 13:55:37 +01:00
kaleb-himes
6547bcb44c Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA 2021-11-11 17:47:17 -07:00
David Garske
bd0f6736c5 Merge pull request #4513 from masap/wpa_sup_dpp 
Fix X509_PUBKEY_set() to show correct algorithm and parameters
 2021-11-09 10:26:59 -08:00
Daniel Pouzzner
0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Masashi Honma
ee39fd079f Fix X509_PUBKEY_set() to show correct algorithm and parameters 
When build with OpenSSL, trailing program outputs these messages.

algorithm: id-ecPublicKey
parameters: prime256v1

But with wolfSSL, X509_PUBKEY_get0_param() fails.
This patch fixes wolfSSL to display the same values as OpenSSL.

This program was extracted from wpa_supplicant in order to reproduce the
issue.

----------------
int main(void)
{
    EVP_PKEY *pkey;
    X509_PUBKEY *pub = NULL;
    ASN1_OBJECT *ppkalg, *poid;
    const ASN1_OBJECT *pa_oid;
    const uint8_t *pk;
    int ppklen, ptype;
    X509_ALGOR *pa;
    void *pval;
    char buf[100];
    const uint8_t data[] = {
        0x30, 0x39, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
        0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, 0x03, 0x33, 0x6d, 0xb4, 0xe9, 0xab,
        0xf1, 0x1c, 0x96, 0x87, 0x5e, 0x02, 0xcc, 0x92, 0xaf, 0xf6, 0xe1, 0xed, 0x2b, 0xb2, 0xb7, 0xcc,
        0x3f, 0xd2, 0xb5, 0x4e, 0x6f, 0x20, 0xc7, 0xea, 0x2f, 0x3f, 0x42
    };
    size_t data_len = sizeof(data);
    const uint8_t *p;
    int res;

    p = data;
    pkey = d2i_PUBKEY(NULL, &p, data_len);
    if (!pkey) {
        fprintf(stderr, "d2i_PUBKEY() failed\n");
        return -1;
    }

    if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) {
        fprintf(stderr, "invalid type\n");
        EVP_PKEY_free(pkey);
        return -1;
    }

    res = X509_PUBKEY_set(&pub, pkey);
    if (res != 1) {
        fprintf(stderr, "X509_PUBKEY_set() failed\n");
        return -1;
    }

    res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub);
    if (res != 1) {
        fprintf(stderr, "X509_PUBKEY_get0_param() failed\n");
        return -1;
    }
    res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0);
    if (res < 0 || (size_t) res >= sizeof(buf)) {
        fprintf(stderr, "OBJ_obj2txt() failed\n");
        return -1;
    }
    fprintf(stdout, "algorithm: %s\n", buf);

    X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa);
    if (ptype != V_ASN1_OBJECT) {
        fprintf(stderr, "X509_ALGOR_get0() failed\n");
        return -1;
    }
    poid = pval;
    res = OBJ_obj2txt(buf, sizeof(buf), poid, 0);
    if (res < 0 || (size_t) res >= sizeof(buf)) {
        fprintf(stderr, "OBJ_obj2txt() failed\n");
        return -1;
    }
    fprintf(stdout, "parameters: %s\n", buf);

    X509_PUBKEY_free(pub);
    EVP_PKEY_free(pkey);
    return 0;
}

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-09 07:30:58 +09:00
David Garske
478f57b347 Merge pull request #4535 from kareem-wolfssl/zd13165 
Fix building with NO_ECC_KEY_EXPORT.
 2021-11-08 11:11:53 -08:00
David Garske
4fe17cc143 Merge pull request #4527 from julek-wolfssl/zd13097 
Fix a heap buffer overflow with mismatched PEM structure ZD13097
 2021-11-05 08:50:28 -07:00
Chris Conlon
ae84a2a326 Merge pull request #4293 from TakayukiMatsuo/set_min_proto 
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
 2021-11-04 14:59:34 -06:00
Juliusz Sosinowicz
1faa9e66b6 Check wolfSSL_BIO_read return 2021-11-04 15:34:33 +01:00
Kareem
60a86157c7 Fix building with NO_ECC_KEY_EXPORT. 2021-11-03 16:03:26 -07:00
Juliusz Sosinowicz
23487a4532 Fix a heap buffer overflow with mismatched PEM structure ZD13097 2021-11-02 11:31:22 +01:00
Daniel Pouzzner
6ba55edd50 fix async warnings 2021-10-29 14:37:39 -06:00
David Garske
6b3ff9bae2 Merge pull request #4459 from julek-wolfssl/missing-ext 
Add x509 name attributes and extensions to DER parsing and generation
 2021-10-28 14:30:37 -07:00
David Garske
6bb7e3900e Merge pull request #4511 from JacobBarthelmeh/Testing 
build fixes and PKCS7 BER encoding fix
 2021-10-28 10:52:58 -07:00
Juliusz Sosinowicz
8cba5dda17 Need to free x509 in tests 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
a738c16b2f Can't have macros within macros 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
7d6f8ea255 Update wrong email in gen script 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
a6be157628 Gate new AKID functionality on WOLFSSL_AKID_NAME 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
d9af698aa4 Implement raw AKID with WOLFSSL_ASN_TEMPLATE 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
c162196b27 Add x509 name attributes and extensions to DER parsing and generation 
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
 2021-10-28 14:50:53 +02:00
David Garske
c16f0db1b5 Fixes for handling WC_PENDING_E async responses in API unit test and examples. Resolves all issues with --enable-all --enable-asynccrypt --with-intelqa=. 2021-10-27 15:08:39 -07:00
Jacob Barthelmeh
00249b70ae fix for build with WOLFSSL_SGX 2021-10-27 13:22:45 -06:00
John Safranek
75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
c2c2e5b4f5 tests/api.c: post_auth_version_cb(): add missing gating on !NO_ERROR_QUEUE for wolfSSL_ERR_get_error() test. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
a5c03f65e3 tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys. 2021-10-26 20:24:28 -05:00