Commit Graph

8287 Commits

Author SHA1 Message Date
David Garske 356889a528 Add --disable-tls option that can be used with --enable-all to disable TLS features and set NO_TLS. Useful for allowing certificate manager and crypto compatibility API's only. 2024-12-17 13:40:03 -08:00
David Garske 6151160e58 Further fixes with NO_TLS to support use with compatibility layer. 2024-12-17 09:24:38 -08:00
David Garske a2b5da8651 Fix nested NO_TLS. 2024-12-17 08:33:33 -08:00
David Garske 14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
Daniel Pouzzner 22e95081cd Merge pull request #8181 from gojimmypi/dev-compiler-message
Initialize vars & change types to appease Windows/VS
2024-12-16 23:19:05 -06:00
Sean Parkinson e3876fcab7 Merge pull request #8287 from JacobBarthelmeh/sigfault
fix for sig fault harden build
2024-12-16 09:04:29 +10:00
JacobBarthelmeh d7e40e7413 Merge pull request #8264 from dgarske/various_20241206
Various cleanups and fixes
2024-12-13 13:48:10 -07:00
JacobBarthelmeh 68e85ef33a Merge pull request #8252 from anhu/use_srtp_retcode
wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 up…
2024-12-13 13:35:49 -07:00
JacobBarthelmeh a22176af40 fix for sig fault harden build 2024-12-13 10:34:23 -07:00
Kareem d4af181593 Add support for the RFC822 Mailbox attribute. 2024-12-12 12:37:32 -07:00
Daniel Pouzzner 88241f1a2c Merge pull request #8267 from ColtonWilley/pkcs11_cert_support
PKCS11 cert support
2024-12-11 16:04:58 -06:00
Colton Willey 2039d6371f Remove redundant NULL check 2024-12-11 12:25:35 -08:00
Daniel Pouzzner 2ea2e6bf59 Merge pull request #8233 from ColtonWilley/x509_store_add_cert_ref_count
Use proper ref count handling when adding to x509 store
2024-12-11 11:54:29 -06:00
Colton Willey 0c20a20acc Use char instead of sword8, sanity length check on CKA_VALUE 2024-12-09 16:09:04 -08:00
Colton Willey 0cda59e00e Add support for cert format in get cert crypto callback 2024-12-09 14:32:02 -08:00
Colton Willey c83c9e68c9 Updates per review comments 2024-12-09 13:10:32 -08:00
Daniel Pouzzner e248d8499a move !defined(EXTERNAL_OPTS_OPENVPN) assert from src/internal.c to wolfssl/wolfcrypt/types.h with refinements; refine logic+message of assert in wolfssl/wolfcrypt/settings.h re "wolfssl/options.h included in compiled wolfssl library object..". 2024-12-09 15:02:41 -06:00
Colton Willey 324b87614e Initial implementation for using PKCS11 to retrieve certificate for SSL CTX 2024-12-09 12:15:41 -08:00
David Garske 314f7575fa Fixes for macro names. 2024-12-09 08:30:47 -08:00
Daniel Pouzzner 0ad072a34b src/internal.c: in HashSkeData(), remove unneeded logically faulty nullness check around XFREE(ssl->buffers.digest.buffer, ...). 2024-12-06 13:01:40 -06:00
Daniel Pouzzner 27e0df040f src/ssl_crypto.c: revert FIPS gate threshold in wolfSSL_AES_decrypt() changed in d85c108952 -- original value was correct, misdiagnosed by faulty test. 2024-12-06 13:01:40 -06:00
David Garske 56ed6762d8 Expose compatibility get_verify functions with openssl_extra. 2024-12-05 12:10:51 -08:00
Anthony Hu ab384ee945 wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 upon success.
Same with wolfSSL_set_tlsext_use_srtp().

See https://docs.openssl.org/1.1.1/man3/SSL_CTX_set_tlsext_use_srtp/
2024-12-05 10:40:40 -05:00
Colton Willey c192cbabe8 Free x509 on fail to push 2024-12-04 10:33:58 -08:00
Juliusz Sosinowicz 8ff79dc26e Add size checks to sessionID 2024-12-04 11:56:16 +01:00
Colton Willey c5acceca5d Dont use specific free function 2024-12-03 09:55:43 -08:00
Daniel Pouzzner 547cdeac11 src/ssl_sess.c: in wolfSSL_CTX_flush_sessions(), add missing check of s->sessionIDSz, similar to the fix to TlsSessionCacheGetAndLock() in #8182 (ef67b1c06a). also, add missing macro to .wolfssl_known_macro_extras. 2024-12-03 11:38:58 -06:00
Colton Willey 5684e56e0e Always keep original x509 pointer with proper refcounts even for self signed trusted CA 2024-12-02 12:15:33 -08:00
Colton Willey c5df3cb6b6 Use proper ref count handling when adding to x509 store 2024-11-27 10:38:32 -08:00
Colton Willey 5460ba815b Fix wolfSSL_X509_STORE_get0_objects to handle case where no CA has been loaded 2024-11-25 14:51:29 -08:00
Daniel Pouzzner bfeb0ad48e expand opensslcoexist to all low level crypto APIs. 2024-11-22 19:27:56 -06:00
JacobBarthelmeh 6dd00abb74 Merge pull request #7771 from aidangarske/InitSuites_Orderadj
`InitSuites` changes to order making `BUILD_TLS_AES_256_GCM_SHA384` be prioritized over `BUILD_TLS_AES_128_GCM_SHA256`
2024-11-22 10:15:32 -07:00
Daniel Pouzzner d85c108952 wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: add WC_FAILURE ("wolfCrypt generic failure") with value -1, for traceable error return of -1 in wolfCrypt.
configure.ac: add OPENSSL_EXTRA to --enable-wolfsentry.

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, wolfssl/ssl.h: accommodate backward dependencies for wolfSSL_X509_NAME_add_entry_by_NID, wolfSSL_X509_NAME_free, and wolfSSL_X509_NAME_new_ex.

linuxkm/lkcapi_glue.c: if CONFIG_CRYPTO_MANAGER, assert match of CONFIG_CRYPTO_FIPS and HAVE_FIPS.

src/ssl_crypto.c, wolfcrypt/src/wc_lms.c, wolfcrypt/src/wc_lms_impl.c, wolfcrypt/src/wc_xmss.c, wolfcrypt/test/test.c: add missing casts for XMALLOC()s.

src/ssl_crypto.c: in wolfSSL_AES_decrypt(), fix gate for wc_AesDecryptDirect() return type.

wolfcrypt/test/test.c: smallstack refactor in test_dilithium_decode_level().

tests/api.c: fix uninited vars and "embedding a directive within macro arguments is not portable" in test_wc_dilithium_der().
2024-11-21 21:59:26 -06:00
David Garske 3444d5c526 Fixes from compatibility header decoupling PR #8182. Fixes issue with wolfEngine and wolfProvider. Change behavior for openssl compatibility headers to be installed unless --enable-opensslextra=noinstall is used. Removed dependency on X509 small with SESSION_CERTS, KEEP_PEER_CERTS and KEEP_OUR_CERT. 2024-11-21 12:09:57 -08:00
David Garske 6be70f9230 Fix for size increase on X509 small. Fix for CRL test with NO_RSA. 2024-11-20 15:54:02 -08:00
David Garske 7bf0533c48 Fix for building with HAVE_SECRET_CALLBACK only. 2024-11-20 13:33:10 -08:00
David Garske ef67b1c06a Support for building without wolfssl/openssl header files. ZD 18465
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
2024-11-20 12:32:32 -08:00
David Garske 261ddc13ad Merge pull request #8006 from ColtonWilley/crl_update_cb
CRL improvements and update callback
2024-11-18 20:11:37 -08:00
Colton Willey d65c17b7ad Update variable name from new to avoid g++ name clash 2024-11-18 11:16:39 -08:00
aidan garske b79423fae9 Merge remote-tracking branch 'origin/master' into InitSuites_Orderadj 2024-11-18 10:07:10 -08:00
Colton Willey 55be5035a0 Merge branch 'master' of github.com:ColtonWilley/wolfssl into crl_update_cb 2024-11-18 09:52:51 -08:00
gojimmypi 5d86031f57 Initialize vars & change types to appease Windows/VS 2024-11-17 17:50:17 -08:00
Daniel Pouzzner 18cc3e0c92 add .wolfssl_known_macro_extras;
src/wolfio.c: #include <errno.h> if necessary;

wolfcrypt/src/asn.c: gate WOLFSSL_MSG_EX() uses on defined(DEBUG_WOLFSSL), for pedantic C89 compatibility (no variadic macros);

wolfssl/wolfcrypt/wc_port.h: refine setup for XFENCE().
2024-11-16 18:23:11 -06:00
Daniel Pouzzner ff680994ba Merge pull request #8146 from julek-wolfssl/dtls13-ooo-app-data
DTLS 1.3: Don't error out on app data before finishing handshake
2024-11-16 14:56:21 -06:00
Daniel Pouzzner 49393eca3c Merge pull request #8060 from miyazakh/qt_jenkins_failure
Not add a cert to CA cache if it doesn't set "CA:TRUE" as basic constraints
2024-11-16 13:38:41 -06:00
Daniel Pouzzner 18a72fb38c Merge pull request #7896 from kareem-wolfssl/wolfIoLogging
Log error code in TranslateIoReturnCode.
2024-11-16 11:12:02 -06:00
David Garske 649b78f460 Merge pull request #8193 from douzzer/20241115-macro-fixes
20241115-macro-fixes
2024-11-15 15:58:57 -08:00
David Garske ada922be00 Merge pull request #8166 from philljj/fix_holder_entityname
acert: fix holder entityName parsing.
2024-11-15 14:49:00 -08:00
Daniel Pouzzner ebfde75d91 fixes for misspelled/malformed macro names, and add missing BUILD_AESCCM setup in wolfssl/internal.h 2024-11-15 15:33:51 -06:00
Daniel Pouzzner a95b759ffa peer review for #8187 and unrelated bug fixes:
return error code from wolfSSL_RefWithMutexUnlock() to expose result to caller;

fix endianness bug in src/x509.c:wolfSSL_X509_add_ext() (fixes failing test_wolfSSL_X509_add_ext on BE targets);

fix possible file handle leak in tests/api.c:test_wolfSSL_d2i_X509_REQ() (reported by clang-tidy);

in wolfssl/ssl.h, define CONST_NUM_ERR_WOLFSSL_SUCCESS, so that WOLFSSL_SUCCESS can be benignly miswrapped in WC_NO_ERR_TRACE().
2024-11-15 12:52:50 -06:00