David Garske
04e2b6c62a
Merge pull request #4983 from douzzer/20220324-gcc-12-fixes
...
fixups for warnings from gcc-12
2022-03-24 19:16:27 -07:00
Sean Parkinson
7eb95674ee
Merge pull request #4966 from dgarske/kcapi
...
Fixes for KCAPI AES GCM and ECC
2022-03-25 10:18:16 +10:00
John Safranek
14522f25ff
Merge pull request #4904 from kaleb-himes/OE22_NS9210_FIX
...
Fix up random.h conflicts with cert 3389 releases and some NETOS issues
2022-03-24 16:07:23 -07:00
Sean Parkinson
feb58a8455
Merge pull request #4956 from julek-wolfssl/bind-9.18.0
...
bind 9.18.0 fixes
2022-03-25 08:27:34 +10:00
Daniel Pouzzner
12776b3772
fixups for warnings from gcc-12:
...
src/internal.c: use XMEMCMP(), not ==, to compare array elements (fixes conflict of 74408e3ee3 vs 617eda9d44 );
fix spelling of NAMEDGROUP_LEN (was NAMEDGREOUP_LEN);
src/ssl.c: in CheckcipherList() and wolfSSL_parse_cipher_list(), use XMEMCPY(), not XSTRNCPY(), to avoid (benign) -Wstringop-truncation;
scripts/sniffer-tls13-gen.sh: fix for shellcheck SC2242 (exit 1, not -1).
2022-03-24 16:33:36 -05:00
David Garske
b509e174bb
Whitespace fix.
2022-03-24 10:19:28 -07:00
Anthony Hu
ceae169a34
Merge pull request #4969 from dgarske/pk_pubkey
2022-03-24 12:40:03 -04:00
David Garske
624f1499f0
Merge pull request #4978 from julek-wolfssl/issue/4970
...
Prefer status_request_v2 over status_request when both are present
2022-03-24 08:30:12 -07:00
David Garske
5a0d794e88
Merge pull request #4980 from anhu/iv_docs
...
Correction about AES using IV in docs
2022-03-24 08:29:55 -07:00
Juliusz Sosinowicz
29c0c9bf48
Rebase fixes
2022-03-24 13:41:50 +01:00
Juliusz Sosinowicz
850b8c5c3b
OpenSSL compatible API
...
`WOLFSSL_ERROR_CODE_OPENSSL` breaks ABI compatiblity due to changing the expected return code. Let's only do this when building with the full compatibility layer.
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz
88d5059c36
Jenkins fixes
...
`WS_RETURN_CODE` was not functioning properly in master
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz
98bc8402db
Refactor memory BIO
...
- use the `WOLFSSL_BUF_MEM` struct to resize the internal memory buffer
- add a `WOLFSSL_BIO_RESIZE_THRESHOLD` define that will be used to determine how often to shrink the internal buffer. This should cut down on the number of free/malloc calls made significantly. This should help with our inefficient 1 byte reads in `loadX509orX509REQFromPemBio`.
- implement `wolfSSL_BUF_MEM_resize` which allows bi-directional buffer size manipulation
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz
ae9b01c5b8
bind 9.18.0 fixes
...
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
2022-03-24 12:16:59 +01:00
Anthony Hu
f71a85d5f9
Merge pull request #4979 from dgarske/sniffer_tidy
2022-03-23 15:13:20 -04:00
Anthony Hu
1bc71da1df
Correction about AES using IV in docs
2022-03-23 13:35:13 -04:00
David Garske
6e550c8d75
Fix for KCAPI ECC KeyGen. Disable ECC consistency checks with KCAPI. Allow public AddSignature (used to be public). Fix KCAPI ECC SharedSecret output size.
2022-03-23 09:37:50 -07:00
David Garske
8bafa7f601
Fix for KCAPI ECC sign (was not returning the signature, since ret always 0).
2022-03-23 09:37:50 -07:00
David Garske
c9e3094cb0
Fixes for KCAPI ECC verify. Cleanup of the pubkey_raw. Fix KCAPI AES possible used uninitialized.
2022-03-23 09:37:50 -07:00
David Garske
8d695f97c9
Fix for KCAPI KcapiEcc_LoadKey parameter to kcapi_kpp_keygen. Added option to release handle on load. Fixes for KCAPI sign output length. Added additional argument checking.
2022-03-23 09:37:50 -07:00
David Garske
318350f63b
Fix for ecc_check_privkey_gen with KCAPI. Fix KCAPI ECDSA to ensure we don't leak handle for multiple sign/verify calls.
2022-03-23 09:37:50 -07:00
David Garske
9f2dc408a0
Fixes for KCAPI AES GCM. Add guards for algorithm macros on KCAPI.
2022-03-23 09:37:50 -07:00
David Garske
1b0e5f4806
Allow disabling DRBG with KCAPI. Add KCAPI /dev/hwrng support.
2022-03-23 09:37:50 -07:00
David Garske
5fe6f1c875
For KCAPI do not force enable ECC curves, set K or seed callback, disable AES GCM tests with non standard IV.
2022-03-23 09:37:50 -07:00
David Garske
b04954dc98
Merge pull request #4977 from SparkiDev/ssl_move_x509_store
...
ssl.c: move out X509 store APIs to new file
2022-03-23 09:36:33 -07:00
David Garske
f129c32273
Fixes for whitespace, script bug and bit-field type.
2022-03-23 09:31:04 -07:00
Juliusz Sosinowicz
4412496adb
Prefer status_request_v2 over status_request when both are present
...
Reported in https://github.com/wolfSSL/wolfssl/issues/4970
2022-03-23 11:20:22 +01:00
Sean Parkinson
90f53aed34
ssl.c: move out X509 store APIs to new file
2022-03-23 13:59:54 +10:00
Daniel Pouzzner
d864fc9a3f
Merge pull request #4972 from julek-wolfssl/asn-time-tz-diff
...
`mktime` may return a negative due to timezones around the unix epoch
2022-03-22 14:03:59 -05:00
David Garske
cf0e4a0e3d
Merge pull request #4976 from anhu/kill_tabs
...
Get rid of tabs I added previously.
2022-03-22 11:35:00 -07:00
Anthony Hu
c41bef6486
Get rid of tabs I added previously.
2022-03-22 11:56:15 -04:00
David Garske
aa38d99538
Fix for TLS PK callback issue with Ed25519/Ed448 and public key not being set.
2022-03-22 08:33:54 -07:00
JacobBarthelmeh
c377a709e1
Merge pull request #4953 from cconlon/apiVersionDiff
...
More checks on OPENSSL_VERSION_NUMBER for API prototype differences
2022-03-21 16:59:06 -06:00
Anthony Hu
2babac6cb5
Merge pull request #4875 from dgarske/sniffer_async
2022-03-21 16:47:23 -04:00
David Garske
59665a44b5
Fixes for allowing server to have a public key set when using external key with PK callbacks.
2022-03-21 13:14:24 -07:00
David Garske
29c120356e
Sniffer asynchronous support.
...
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807 .
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
2022-03-21 12:05:08 -07:00
David Garske
c213c725d7
Merge pull request #4971 from SparkiDev/fp_div2_mod_ct_oob
...
TFM fp_div_2_ct: rework to avoid overflow
2022-03-21 09:11:41 -07:00
David Garske
8bf14ba1d3
Merge pull request #4957 from JacobBarthelmeh/Compatibility-Layer
...
alter return value and add error string
2022-03-21 09:10:04 -07:00
David Garske
08d6474878
Merge pull request #4954 from SparkiDev/rsa_fermat
...
RSA: check for small difference between p and q
2022-03-21 09:09:38 -07:00
David Garske
b90df0a6aa
Merge pull request #4951 from ejohnstown/wolfrand
...
wolfRand for AMD
2022-03-21 09:09:19 -07:00
Juliusz Sosinowicz
d7037da0b5
mktime may return a negative due to timezones around the unix epoch
2022-03-21 17:07:13 +01:00
Juliusz Sosinowicz
9763030675
Merge pull request #4845 from cconlon/pkcs7compat
2022-03-21 15:26:37 +01:00
Sean Parkinson
8dbd8b0ad6
RSA: check for small difference between p and q
2022-03-21 10:58:14 +10:00
Sean Parkinson
aa14607a6f
TFM fp_div_2_ct: rework to avoid overflow
...
Don't set the overflow word. Instead integrate the div by 2 into the
function so that the overflow word doesn't need to be stored.
2022-03-21 10:43:06 +10:00
Sean Parkinson
2f52d3cd20
Merge pull request #4965 from dgarske/aes_win_clang
...
Fixes for Windows AESNI with clang
2022-03-21 08:24:21 +10:00
Hayden Roche
dcaa218ed8
Merge pull request #4927 from cconlon/upRef
2022-03-18 18:10:36 -07:00
Hayden Roche
7ea6b73c7b
Merge pull request #4928 from cconlon/compatCleanups
2022-03-18 16:23:56 -07:00
Hayden Roche
2637e5e361
Merge pull request #4926 from cconlon/namePrintRFC5523
2022-03-18 15:53:07 -07:00
Chris Conlon
c491a6c829
EVP_PKEY_copy_parameters: correctly mark inner struct owned
2022-03-18 16:37:45 -06:00
David Garske
a79daa5ea8
Merge pull request #4959 from haydenroche5/asn1_time_diff_bug
...
Fix bug in wolfSSL_ASN1_TIME_diff.
2022-03-18 14:28:23 -07:00