wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 21:02:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,017 Commits 12 Branches 184 Tags
031ca80fe74cdac9f087ffd095718c13857ec808
Commit Graph

4713 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
031ca80fe7 Fix max SSL version handling for client 
Enable CRL when adding one to store
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2197748a51 Implement wolfSSL_X509_check_private_key 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
cb84213ffd Support more extensions 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
cd20512b90 wolfSSL_X509_REQ_add1_attr_by_txt for libest 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
911d5968b4 Store more certs in PKCS7 struct 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
acf3156fac Dynamically allocate memory in wolfSSL_i2d_PKCS7_bio 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2a9bb906a9 Implement wolfSSL_BIO_*_connect and wolfSSL_BIO_set_conn_port 
Forgot to commit csr.dsa.pem for api.c
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
78a20ec3ae Extension manipulation 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
65c6a71bde Init wolfSSL_X509_REQ_add_extensions 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
6a635b339c Fixes 
- Fix challengePw copy in ReqCertFromX509
- Proper header length in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio
- Special case for extended key usage in wolfSSL_OBJ_cmp
- Numerical input in wolfSSL_OBJ_txt2obj can just be encoded with EncodePolicyOID. Searching for the sum can return wrong values since they are not unique.
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b808124a47 Add DSA support to ConfirmSignature and add DSAwithSHA256 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2a20896e44 Add CRL loading to wolfSSL_PEM_X509_INFO_read_bio 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
86d2177876 wolfSSL_X509_resign_cert updates x509 der buffer as well 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff7b8d3715 Don't attempt TLS 1.3 if server options disable it 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2e2beb279d WIP 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
8e62bf2588 Pass libest estclient_simple example 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
aaba7ed286 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_X509V3_EXT_add_nconf
- wolfSSL_EVP_PKEY_copy_parameters
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff2574b3cb OpenSSL Compat layer 
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
753a3babc8 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_NCONF_get_number
- wolfSSL_EVP_PKEY_CTX_ctrl_str
- wolfSSL_PKCS12_verify_mac
- wc_PKCS12_verify_ex
- wolfSSL_BIO_new_fd
- wolfSSL_X509_sign_ctx
- wolfSSL_ASN1_STRING_cmp
- wolfSSL_ASN1_TIME_set_string
- X509V3_EXT_add_nconf
- X509V3_set_nconf
Implement TXT_DB functionality:
- wolfSSL_TXT_DB_read
- wolfSSL_TXT_DB_free
- wolfSSL_TXT_DB_create_index
- wolfSSL_TXT_DB_get_by_index
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
e7f1d39456 OpenSSL Compat layer 
Implement WOLFSSL_CONF_VALUE:
- wolfSSL_CONF_VALUE_new
- wolfSSL_CONF_VALUE_new_values
- wolfSSL_CONF_add_string
- wolfSSL_X509V3_conf_free
- wolfSSL_sk_CONF_VALUE_push
- wolfSSL_NCONF_load
- wolfSSL_NCONF_free
- wolfSSL_CONF_new_section
- wolfSSL_CONF_get_section
Implment some buffer functions
- wolfSSL_strlcat
- wolfSSL_strlcpy
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
42d4f35a98 Implement OpenSSL Compat API: 
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
be98404b3b Implement wolfSSL_X509_REQ_verify 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
4aa30d0bde Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509 
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
a7ec58003e PKCS7 changes 
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
728f4ce892 Implement/stub: 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b52e11d3d4 Implement/stub the following: 
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT 
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
1e26238f49 Implement/stub the following functions: 
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs

Add cms.h file to avoid including the OpenSSL version.
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
777bdb28bc Implement/stub the following: 
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
7bd0b2eb44 Implement ASN1_get_object 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
a9d502ef85 Add --enable-libest option to configure.ac 
Refactoring and adding defines for functions
 2020-12-17 14:26:30 +01:00
toddouska
7f20b97927 Merge pull request #3569 from SparkiDev/cppcheck_fixes_5 
cppcheck: fixes
 2020-12-16 09:04:59 -08:00
toddouska
cee91c91f5 Merge pull request #3532 from julek-wolfssl/nginx-1.7.7 
Changes for Nginx 1.7.7
 2020-12-16 09:01:27 -08:00
Sean Parkinson
75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
Sean Parkinson
922ca916a9 Merge pull request #3554 from ejohnstown/psk-fix 
PSK Alert
 2020-12-16 09:40:04 +10:00
Juliusz Sosinowicz
575f4ba140 Nginx 1.7.7 changes 
- Push error when decryption fails
- If wolfSSL_CTX_use_certificate keeps passed in cert then it should either copy it or increase its reference counter
- Make wolfSSL_PEM_read_bio_DHparams available with FIPS
 2020-12-15 19:32:55 +01:00
Sean Parkinson
52f63ca44b SESSION mutex: copying a session overwrote mutex 
New session creation function, NewSession, that doesn't initialize
mutex.
Calling functions, wolfSSL_SESSION_new() and wolfSSL_SESSION_copy(),
initialize the mutex.
 2020-12-15 17:20:40 +10:00
John Safranek
123c713658 Key Change 
Move the setting of the key in the handshake from right before
sending the finished message to between building change cipher spec
and sending it. This way there won't be any opportunity to send a
message after the change cipher spec that won't be encrypted.
 2020-12-14 18:13:26 -08:00
John Safranek
f8e674e45d PSK Alert 
When the server cannot match the client's identity, the server sends a unknown_psk_identity alert to the client.
 2020-12-14 17:56:19 -08:00
toddouska
3f6a444bef Merge pull request #3564 from SparkiDev/tls13_add_sess 
TLS 1.3: Don't add a session without a ticket
 2020-12-14 16:09:52 -08:00
toddouska
43182b9389 Merge pull request #3548 from gstrauss/HAVE_SNI 
put all SNI code behind simpler preprocessor directive HAVE_SNI
 2020-12-14 16:08:53 -08:00
toddouska
56e2c0e268 Merge pull request #3534 from douzzer/linuxkm-cryptonly 
--enable-linuxkm --enable-cryptonly
 2020-12-14 15:14:54 -08:00
David Garske
428c6b4301 Merge pull request #3523 from SparkiDev/pkcs11_fixes_2 
Pkcs11 fixes 2
 2020-12-14 14:09:26 -08:00
Sean Parkinson
fb5b415e83 TLS 1.3: Don't add a session without a ticket 
TLS 1.3 doesn't support resumption with PSK (session ticket or with the
PSK callback).
 2020-12-14 14:03:31 +10:00
John Safranek
0e9926bd83 Merge pull request #3553 from haydenroche5/cert_status_fix 
Fix OCSP cert status check in internal.c
 2020-12-11 13:27:29 -08:00
Daniel Pouzzner
ec96e5ad74 wolfSSL_BN_is_odd(): fix function signature to match header (unsigned long reverted to WOLFSSL_BN_ULONG). 2020-12-11 14:16:44 -06:00
Glenn Strauss
9d095066eb wrap SNI-related code with HAVE_SNI 
perhaps some of this code should additionally be wrapped in
-  #ifndef NO_WOLFSSL_SERVER

It is fragile and ugly to litter the code with the likes of
-  #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
-                               defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
-                               defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
while it is much clearer and much more maintainable to wrap SNI-related
code with an SNI-specific feature-define HAVE_SNI (and possibly further
restrict with feature-define #ifndef NO_WOLFSSL_SERVER).
 2020-12-10 15:46:20 -05:00