David Garske
356889a528
Add --disable-tls option that can be used with --enable-all to disable TLS features and set NO_TLS. Useful for allowing certificate manager and crypto compatibility API's only.
2024-12-17 13:40:03 -08:00
David Garske
6151160e58
Further fixes with NO_TLS to support use with compatibility layer.
2024-12-17 09:24:38 -08:00
David Garske
a2b5da8651
Fix nested NO_TLS.
2024-12-17 08:33:33 -08:00
David Garske
14e3372826
Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check
2024-12-17 08:33:32 -08:00
Daniel Pouzzner
22e95081cd
Merge pull request #8181 from gojimmypi/dev-compiler-message
...
Initialize vars & change types to appease Windows/VS
2024-12-16 23:19:05 -06:00
Sean Parkinson
e3876fcab7
Merge pull request #8287 from JacobBarthelmeh/sigfault
...
fix for sig fault harden build
2024-12-16 09:04:29 +10:00
JacobBarthelmeh
d7e40e7413
Merge pull request #8264 from dgarske/various_20241206
...
Various cleanups and fixes
2024-12-13 13:48:10 -07:00
JacobBarthelmeh
68e85ef33a
Merge pull request #8252 from anhu/use_srtp_retcode
...
wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 up…
2024-12-13 13:35:49 -07:00
JacobBarthelmeh
a22176af40
fix for sig fault harden build
2024-12-13 10:34:23 -07:00
Kareem
d4af181593
Add support for the RFC822 Mailbox attribute.
2024-12-12 12:37:32 -07:00
Daniel Pouzzner
88241f1a2c
Merge pull request #8267 from ColtonWilley/pkcs11_cert_support
...
PKCS11 cert support
2024-12-11 16:04:58 -06:00
Colton Willey
2039d6371f
Remove redundant NULL check
2024-12-11 12:25:35 -08:00
Daniel Pouzzner
2ea2e6bf59
Merge pull request #8233 from ColtonWilley/x509_store_add_cert_ref_count
...
Use proper ref count handling when adding to x509 store
2024-12-11 11:54:29 -06:00
Colton Willey
0c20a20acc
Use char instead of sword8, sanity length check on CKA_VALUE
2024-12-09 16:09:04 -08:00
Colton Willey
0cda59e00e
Add support for cert format in get cert crypto callback
2024-12-09 14:32:02 -08:00
Colton Willey
c83c9e68c9
Updates per review comments
2024-12-09 13:10:32 -08:00
Daniel Pouzzner
e248d8499a
move !defined(EXTERNAL_OPTS_OPENVPN) assert from src/internal.c to wolfssl/wolfcrypt/types.h with refinements; refine logic+message of assert in wolfssl/wolfcrypt/settings.h re "wolfssl/options.h included in compiled wolfssl library object..".
2024-12-09 15:02:41 -06:00
Colton Willey
324b87614e
Initial implementation for using PKCS11 to retrieve certificate for SSL CTX
2024-12-09 12:15:41 -08:00
David Garske
314f7575fa
Fixes for macro names.
2024-12-09 08:30:47 -08:00
Daniel Pouzzner
0ad072a34b
src/internal.c: in HashSkeData(), remove unneeded logically faulty nullness check around XFREE(ssl->buffers.digest.buffer, ...).
2024-12-06 13:01:40 -06:00
Daniel Pouzzner
27e0df040f
src/ssl_crypto.c: revert FIPS gate threshold in wolfSSL_AES_decrypt() changed in d85c108952 -- original value was correct, misdiagnosed by faulty test.
2024-12-06 13:01:40 -06:00
David Garske
56ed6762d8
Expose compatibility get_verify functions with openssl_extra.
2024-12-05 12:10:51 -08:00
Anthony Hu
ab384ee945
wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 upon success.
...
Same with wolfSSL_set_tlsext_use_srtp().
See https://docs.openssl.org/1.1.1/man3/SSL_CTX_set_tlsext_use_srtp/
2024-12-05 10:40:40 -05:00
Colton Willey
c192cbabe8
Free x509 on fail to push
2024-12-04 10:33:58 -08:00
Juliusz Sosinowicz
8ff79dc26e
Add size checks to sessionID
2024-12-04 11:56:16 +01:00
Colton Willey
c5acceca5d
Dont use specific free function
2024-12-03 09:55:43 -08:00
Daniel Pouzzner
547cdeac11
src/ssl_sess.c: in wolfSSL_CTX_flush_sessions(), add missing check of s->sessionIDSz, similar to the fix to TlsSessionCacheGetAndLock() in #8182 ( ef67b1c06a). also, add missing macro to .wolfssl_known_macro_extras.
2024-12-03 11:38:58 -06:00
Colton Willey
5684e56e0e
Always keep original x509 pointer with proper refcounts even for self signed trusted CA
2024-12-02 12:15:33 -08:00
Colton Willey
c5df3cb6b6
Use proper ref count handling when adding to x509 store
2024-11-27 10:38:32 -08:00
Colton Willey
5460ba815b
Fix wolfSSL_X509_STORE_get0_objects to handle case where no CA has been loaded
2024-11-25 14:51:29 -08:00
Daniel Pouzzner
bfeb0ad48e
expand opensslcoexist to all low level crypto APIs.
2024-11-22 19:27:56 -06:00
JacobBarthelmeh
6dd00abb74
Merge pull request #7771 from aidangarske/InitSuites_Orderadj
...
`InitSuites` changes to order making `BUILD_TLS_AES_256_GCM_SHA384` be prioritized over `BUILD_TLS_AES_128_GCM_SHA256`
2024-11-22 10:15:32 -07:00
Daniel Pouzzner
d85c108952
wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: add WC_FAILURE ("wolfCrypt generic failure") with value -1, for traceable error return of -1 in wolfCrypt.
...
configure.ac: add OPENSSL_EXTRA to --enable-wolfsentry.
linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, wolfssl/ssl.h: accommodate backward dependencies for wolfSSL_X509_NAME_add_entry_by_NID, wolfSSL_X509_NAME_free, and wolfSSL_X509_NAME_new_ex.
linuxkm/lkcapi_glue.c: if CONFIG_CRYPTO_MANAGER, assert match of CONFIG_CRYPTO_FIPS and HAVE_FIPS.
src/ssl_crypto.c, wolfcrypt/src/wc_lms.c, wolfcrypt/src/wc_lms_impl.c, wolfcrypt/src/wc_xmss.c, wolfcrypt/test/test.c: add missing casts for XMALLOC()s.
src/ssl_crypto.c: in wolfSSL_AES_decrypt(), fix gate for wc_AesDecryptDirect() return type.
wolfcrypt/test/test.c: smallstack refactor in test_dilithium_decode_level().
tests/api.c: fix uninited vars and "embedding a directive within macro arguments is not portable" in test_wc_dilithium_der().
2024-11-21 21:59:26 -06:00
David Garske
3444d5c526
Fixes from compatibility header decoupling PR #8182 . Fixes issue with wolfEngine and wolfProvider. Change behavior for openssl compatibility headers to be installed unless --enable-opensslextra=noinstall is used. Removed dependency on X509 small with SESSION_CERTS, KEEP_PEER_CERTS and KEEP_OUR_CERT.
2024-11-21 12:09:57 -08:00
David Garske
6be70f9230
Fix for size increase on X509 small. Fix for CRL test with NO_RSA.
2024-11-20 15:54:02 -08:00
David Garske
7bf0533c48
Fix for building with HAVE_SECRET_CALLBACK only.
2024-11-20 13:33:10 -08:00
David Garske
ef67b1c06a
Support for building without wolfssl/openssl header files. ZD 18465
...
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
2024-11-20 12:32:32 -08:00
David Garske
261ddc13ad
Merge pull request #8006 from ColtonWilley/crl_update_cb
...
CRL improvements and update callback
2024-11-18 20:11:37 -08:00
Colton Willey
d65c17b7ad
Update variable name from new to avoid g++ name clash
2024-11-18 11:16:39 -08:00
aidan garske
b79423fae9
Merge remote-tracking branch 'origin/master' into InitSuites_Orderadj
2024-11-18 10:07:10 -08:00
Colton Willey
55be5035a0
Merge branch 'master' of github.com:ColtonWilley/wolfssl into crl_update_cb
2024-11-18 09:52:51 -08:00
gojimmypi
5d86031f57
Initialize vars & change types to appease Windows/VS
2024-11-17 17:50:17 -08:00
Daniel Pouzzner
18cc3e0c92
add .wolfssl_known_macro_extras;
...
src/wolfio.c: #include <errno.h> if necessary;
wolfcrypt/src/asn.c: gate WOLFSSL_MSG_EX() uses on defined(DEBUG_WOLFSSL), for pedantic C89 compatibility (no variadic macros);
wolfssl/wolfcrypt/wc_port.h: refine setup for XFENCE().
2024-11-16 18:23:11 -06:00
Daniel Pouzzner
ff680994ba
Merge pull request #8146 from julek-wolfssl/dtls13-ooo-app-data
...
DTLS 1.3: Don't error out on app data before finishing handshake
2024-11-16 14:56:21 -06:00
Daniel Pouzzner
49393eca3c
Merge pull request #8060 from miyazakh/qt_jenkins_failure
...
Not add a cert to CA cache if it doesn't set "CA:TRUE" as basic constraints
2024-11-16 13:38:41 -06:00
Daniel Pouzzner
18a72fb38c
Merge pull request #7896 from kareem-wolfssl/wolfIoLogging
...
Log error code in TranslateIoReturnCode.
2024-11-16 11:12:02 -06:00
David Garske
649b78f460
Merge pull request #8193 from douzzer/20241115-macro-fixes
...
20241115-macro-fixes
2024-11-15 15:58:57 -08:00
David Garske
ada922be00
Merge pull request #8166 from philljj/fix_holder_entityname
...
acert: fix holder entityName parsing.
2024-11-15 14:49:00 -08:00
Daniel Pouzzner
ebfde75d91
fixes for misspelled/malformed macro names, and add missing BUILD_AESCCM setup in wolfssl/internal.h
2024-11-15 15:33:51 -06:00
Daniel Pouzzner
a95b759ffa
peer review for #8187 and unrelated bug fixes:
...
return error code from wolfSSL_RefWithMutexUnlock() to expose result to caller;
fix endianness bug in src/x509.c:wolfSSL_X509_add_ext() (fixes failing test_wolfSSL_X509_add_ext on BE targets);
fix possible file handle leak in tests/api.c:test_wolfSSL_d2i_X509_REQ() (reported by clang-tidy);
in wolfssl/ssl.h, define CONST_NUM_ERR_WOLFSSL_SUCCESS, so that WOLFSSL_SUCCESS can be benignly miswrapped in WC_NO_ERR_TRACE().
2024-11-15 12:52:50 -06:00