Commit Graph

4187 Commits

Author SHA1 Message Date
Sean Parkinson 0295b5ae3b If encryption setup, TLS 1.3 alerts encrypted 2020-05-13 16:14:47 +10:00
toddouska 6c9a0e440e Merge pull request #2959 from dgarske/wpas_tiny
Added wpa_supplicant support with reduced code size option
2020-05-11 08:55:22 -07:00
David Garske 10aa8a4ffc Added support --enable-wpas=small for reduced code size when building against the WPA supplicant with EAP-TLS. This does not use OPENSSL_EXTRA, which helps reduce code size. 2020-05-08 13:38:26 -07:00
toddouska 6b930d996c Merge pull request #2958 from julek-wolfssl/ASN_IP_TYPE-without-openssl
Support IP alternative subject name without OpenSSL
2020-05-08 13:27:27 -07:00
toddouska 3ef7e588d2 Merge pull request #2932 from kaleb-himes/ZD10223
Fix building with one-side only tls13/dtls
2020-05-07 08:43:36 -07:00
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
kaleb-himes 62d67c3da1 Don't need if not using TLS 1.2 2020-05-04 12:54:36 -06:00
toddouska d848495a66 Merge pull request #2937 from dgarske/wolfio_tcpcon_fd
Fix issue with failed TCP connect using invalid socket file descriptor
2020-05-04 11:22:54 -07:00
David Garske 31502ec3f9 Fix issue with failed TCP connect using invalid socket file descriptor on close. Fixes #2936 2020-05-01 07:32:00 -07:00
Sean Parkinson 7879d3762a TLS13: Prepend the SupportedVersions extension to list
Must have SupportedVersions at start of list for Cookie to be
constructed correctly.
Application can set the key share extension before handshake and
SupportedVersions will be added after. Extensions written in order of
adding to list.
Prepend SupportedVersions so that it will always appear in the correct
place so when reconstructing HelloRetryRequest, the extensions will
always be in the same order.
2020-04-30 08:46:23 +10:00
kaleb-himes 951cb4aaf4 Fix building with one-side only tls13/dtls 2020-04-28 14:33:00 -06:00
toddouska f770d28ff0 Merge pull request #2916 from dgarske/testfixes
Improvements to ECC key decode and tests
2020-04-28 09:57:44 -07:00
toddouska a585e4115e Merge pull request #2927 from SparkiDev/tls13_ccs
In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row
2020-04-28 09:52:46 -07:00
toddouska cb6fc56f3b Merge pull request #2921 from dgarske/fixes_g++
Fixes for G++ and enable-all
2020-04-28 09:51:34 -07:00
David Garske 6185e0f477 Remove execute bit on files. 2020-04-27 11:16:02 -07:00
Sean Parkinson df1b7f34f1 In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row 2020-04-27 15:27:02 +10:00
David Garske 6d025f8c0f Refactor of the EVP macType to use enum wc_HashType to resolve issues with invalid casting. 2020-04-24 07:43:44 -07:00
David Garske b07dfa425d Fixes for ./configure CC="g++" --enable-all && make. Resolves issues with implicit casts and use of reserved template keyword. 2020-04-23 15:26:04 -07:00
toddouska 7318121d3a Merge pull request #2915 from dgarske/async_v4.4.0
Fixes for async release v4.4.0
2020-04-23 09:26:08 -07:00
David Garske 4592e0ec95 Fix for use of incorrect devId for wolfSSL_SHA3_256_Init. 2020-04-22 10:16:20 -07:00
John Safranek ccd096e1bb Memory Leak Fix
1. In `wolfSSL_d2i_DHparams()`, when setting the internal key on a
   WOLFSSL_KEY, set the flag inSet.
2. Not a leak, but in `wolfSSL_EVP_PKEY_set1_DH()`, only allocate one
   buffer to store the flat key. Saves an alloc, memcpy, and free.
2020-04-21 10:21:59 -07:00
JacobBarthelmeh 0cfde0794b Merge pull request #2848 from julek-wolfssl/wpa-supplicant-openssl-compat
Added partial support for wpa_supplicant, hostapd, and cjose:
2020-04-20 12:17:55 -06:00
Juliusz Sosinowicz dd68074104 Fix merge issues 2020-04-16 10:09:15 +02:00
John Safranek 40ea386509 Revert "DTLS Fix"
This reverts commit 04dcb8f774.
2020-04-15 21:33:33 -07:00
John Safranek 78a9185d0b Revert "DTLS Fuzz Fix"
This reverts commit 70d03f3ba0.
2020-04-15 21:33:27 -07:00
Juliusz Sosinowicz 36403c1dad Merge remote-tracking branch 'wolfSSL/master' into wpa-supplicant-openssl-compat 2020-04-15 16:55:03 +02:00
Juliusz Sosinowicz 1d3fd5cd07 Code review
- make `wc_ecc_export_point_der_compressed` a local function
- use `int` for `shortKeySize` in `wc_ecc_import_point_der_ex`
- check for null return value from `wolfSSL_OBJ_nid2obj` and `wolfSSL_d2i_PUBKEY`
- add comments to `ssl.c`
- check `lnlen` in `wolfSSL_OBJ_ln2nid`
2020-04-15 12:53:38 +02:00
toddouska ebb490204a Merge pull request #2898 from embhorn/zd9856
Fix EVP API to return NID types / SHA3 for RSA sign
2020-04-14 16:09:00 -07:00
toddouska f97a56b9ce Merge pull request #2905 from ejohnstown/dtls-fuzz
DTLS Fuzz Fix
2020-04-14 14:19:09 -07:00
Eric Blankenhorn 19ca00bcd4 Adding support for SHA3 in wolfSSL_RSA_sign_ex 2020-04-14 14:31:00 -05:00
Eric Blankenhorn 1487917214 Fix EVP_MD_CTX_type to return NID 2020-04-14 14:27:21 -05:00
John Safranek 70d03f3ba0 DTLS Fuzz Fix
Only save a next epoch message if it is in the next epoch, not any future epoch.
2020-04-14 10:13:37 -07:00
toddouska 06c6e583c8 Merge pull request #2891 from julek-wolfssl/refactor-evp-functions
Move EVP functions to evp.c
2020-04-14 09:22:51 -07:00
toddouska a2892f66c0 Merge pull request #2889 from JacobBarthelmeh/SanityChecks
sanity check on input length before secure renegotiation compare
2020-04-14 09:21:29 -07:00
Juliusz Sosinowicz dad0bc0159 Keep compatibility with old OPENSSL_EXTRA_X509_SMALL functions 2020-04-14 12:52:23 +02:00
Juliusz Sosinowicz 0ded4d4ccb wolfSSL_RSA_*_PKCS1_PSS rewrite 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 20e669a65a New API
Add `wc_ecc_import_point_der_ex` for correct importing DER ECC point and keep `wc_ecc_import_point_der` old functionality
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz dbe4e778d3 Test fixes
- Add `parameter` to `WOLFSSL_X509_ALGOR`
- Implement `wolfSSL_ASN1_TYPE_new`, `wolfSSL_ASN1_TYPE_free`, and `wolfSSL_ASN1_TYPE_set`
- Fix leak where `pval` in `wolfSSL_X509_ALGOR_set0` was lost if `aobj` was provided
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 18093a6b0b Code review changes
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 9722082372 Fix nid2* and *2nid functions 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz eb549f7095 Test fixes 2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz ef5eefac91 Test fixes 2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz b4d9007a48 Test fixes
Config fixes
Fix windows FIPS
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz 680a481e61 Test fixes
Remove redundant macros
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz 9ced70edc1 Test fixes
Free `x509->key.pkey` in `FreeX509
Fix type conversions
Fix memory leaks and use of uninitialized memory
2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz 73b4d78d5b Added partial support for wpa_supplicant, hostapd, and cjose:
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
2020-04-14 11:45:32 +02:00
toddouska ee0289bea6 Merge pull request #2825 from julek-wolfssl/self-include-options
OpenVPN changes
2020-04-13 13:11:18 -07:00
toddouska aadec345ab Merge pull request #2871 from vaintroub/master
Fix clang warnings (issue #2870)
2020-04-13 09:02:51 -07:00
toddouska cf8459e518 Merge pull request #2892 from SparkiDev/cppcheck_fixes_4
Fixes from cppcheck
2020-04-09 16:01:11 -07:00
Juliusz Sosinowicz f6b9b2e0eb Remove redundant guards 2020-04-09 18:26:23 +02:00