wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 16:32:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,002 Commits 12 Branches 184 Tags
2689d499b95b427dba6bf8bb5ce9fbe99ff753cb
Commit Graph

2321 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2e2beb279d WIP 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
8e62bf2588 Pass libest estclient_simple example 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
aaba7ed286 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_X509V3_EXT_add_nconf
- wolfSSL_EVP_PKEY_copy_parameters
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff2574b3cb OpenSSL Compat layer 
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
753a3babc8 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_NCONF_get_number
- wolfSSL_EVP_PKEY_CTX_ctrl_str
- wolfSSL_PKCS12_verify_mac
- wc_PKCS12_verify_ex
- wolfSSL_BIO_new_fd
- wolfSSL_X509_sign_ctx
- wolfSSL_ASN1_STRING_cmp
- wolfSSL_ASN1_TIME_set_string
- X509V3_EXT_add_nconf
- X509V3_set_nconf
Implement TXT_DB functionality:
- wolfSSL_TXT_DB_read
- wolfSSL_TXT_DB_free
- wolfSSL_TXT_DB_create_index
- wolfSSL_TXT_DB_get_by_index
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
e7f1d39456 OpenSSL Compat layer 
Implement WOLFSSL_CONF_VALUE:
- wolfSSL_CONF_VALUE_new
- wolfSSL_CONF_VALUE_new_values
- wolfSSL_CONF_add_string
- wolfSSL_X509V3_conf_free
- wolfSSL_sk_CONF_VALUE_push
- wolfSSL_NCONF_load
- wolfSSL_NCONF_free
- wolfSSL_CONF_new_section
- wolfSSL_CONF_get_section
Implment some buffer functions
- wolfSSL_strlcat
- wolfSSL_strlcpy
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
42d4f35a98 Implement OpenSSL Compat API: 
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
be98404b3b Implement wolfSSL_X509_REQ_verify 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
4aa30d0bde Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509 
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
a7ec58003e PKCS7 changes 
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
728f4ce892 Implement/stub: 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b52e11d3d4 Implement/stub the following: 
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT 
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
1e26238f49 Implement/stub the following functions: 
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs

Add cms.h file to avoid including the OpenSSL version.
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
777bdb28bc Implement/stub the following: 
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
7bd0b2eb44 Implement ASN1_get_object 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
a9d502ef85 Add --enable-libest option to configure.ac 
Refactoring and adding defines for functions
 2020-12-17 14:26:30 +01:00
toddouska
7f20b97927 Merge pull request #3569 from SparkiDev/cppcheck_fixes_5 
cppcheck: fixes
 2020-12-16 09:04:59 -08:00
toddouska
cee91c91f5 Merge pull request #3532 from julek-wolfssl/nginx-1.7.7 
Changes for Nginx 1.7.7
 2020-12-16 09:01:27 -08:00
Sean Parkinson
75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
Juliusz Sosinowicz
575f4ba140 Nginx 1.7.7 changes 
- Push error when decryption fails
- If wolfSSL_CTX_use_certificate keeps passed in cert then it should either copy it or increase its reference counter
- Make wolfSSL_PEM_read_bio_DHparams available with FIPS
 2020-12-15 19:32:55 +01:00
Sean Parkinson
52f63ca44b SESSION mutex: copying a session overwrote mutex 
New session creation function, NewSession, that doesn't initialize
mutex.
Calling functions, wolfSSL_SESSION_new() and wolfSSL_SESSION_copy(),
initialize the mutex.
 2020-12-15 17:20:40 +10:00
toddouska
43182b9389 Merge pull request #3548 from gstrauss/HAVE_SNI 
put all SNI code behind simpler preprocessor directive HAVE_SNI
 2020-12-14 16:08:53 -08:00
toddouska
56e2c0e268 Merge pull request #3534 from douzzer/linuxkm-cryptonly 
--enable-linuxkm --enable-cryptonly
 2020-12-14 15:14:54 -08:00
David Garske
428c6b4301 Merge pull request #3523 from SparkiDev/pkcs11_fixes_2 
Pkcs11 fixes 2
 2020-12-14 14:09:26 -08:00
Daniel Pouzzner
ec96e5ad74 wolfSSL_BN_is_odd(): fix function signature to match header (unsigned long reverted to WOLFSSL_BN_ULONG). 2020-12-11 14:16:44 -06:00
Glenn Strauss
9d095066eb wrap SNI-related code with HAVE_SNI 
perhaps some of this code should additionally be wrapped in
-  #ifndef NO_WOLFSSL_SERVER

It is fragile and ugly to litter the code with the likes of
-  #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
-                               defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
-                               defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
while it is much clearer and much more maintainable to wrap SNI-related
code with an SNI-specific feature-define HAVE_SNI (and possibly further
restrict with feature-define #ifndef NO_WOLFSSL_SERVER).
 2020-12-10 15:46:20 -05:00
Daniel Pouzzner
f277339528 add explicit casts to XMALLOC()s, even for (void *), to avoid warnings in C++ and MSVC/MSVS builds, and to avoid false positives on simple text searches. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
b723c7ddbe bn.h and ssl.c: define WOLFSSL_BN_ULONG to be target-native unsigned long, revert *_word() bn.h API functions to use WOLFSSL_BN_ULONG, and change wolfSSL_BN_get_word() to return WOLFSSL_BN_ULONG rather than unsigned long, for consistency. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
78b2b3ca3b ssl.c:wolfSSL_BN_get_word_1(): remove dead logic inadvertently retained. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
e6b587772f fix pointer type clash in wolfSSL_BN_mod_word(); restore accidentally removed WOLFSSL_KEY_GEN gate in dsa_test(). 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
53cfa55941 src/ssl.c and wolfssl/openssl/bn.h: refactor _word mp routines to consistently accept/return target-native unsigned long type, for compatibility with sp-math-all. needed because WOLFSSL_BN_ULONG can, surprisingly, be only 16 bits, when sp-math-all in a 32 bit build. 2020-12-10 14:16:20 -06:00
toddouska
367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Sean Parkinson
9b894048fd PKCS #11: only open/close session when performing op, use C_Sign for RSA 
Was opening and closing sessions when operations not compiled in were
being attempted (e.g. hashing during certificate signing).
C_Sign can be used with X509 RSA (raw) as it does the same operations as
C_Decrypt. Use the function matching hig level operation where
supported.
Make debugging functions take a CK_ULONG rather than an int - to avoid
casting.
 2020-12-07 10:15:43 +10:00
Sean Parkinson
38740a1caa Fix dynamic type name 2020-11-27 08:37:16 +10:00
Sean Parkinson
5ca8e8f87c PKCS#11: Label fixes and add support for checking private key 
Check private key matches the public key passed in.
Need to use a new API to pass in the token to use to perform PKCS #11
operations with.
 2020-11-27 08:37:16 +10:00
Sean Parkinson
43aeac4cf4 PKCS #11 SSL: detect key size when certificate set 2020-11-27 08:31:45 +10:00
Sean Parkinson
19f10cd382 PKCS #11: implement identifying keys by label 2020-11-27 08:31:45 +10:00
Juliusz Sosinowicz
95132b1c55 Make renegotiation information available outside of OPENSSL_EXTRA 2020-11-24 17:03:40 +01:00
Juliusz Sosinowicz
41d58465c0 Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage 
Reset DTLS stored messages on a FreeHandshakeResources call even if secure renegotiation is enabled. Without this, in a server initiated rehandshake, the server would keep old messages (ChangeCipherSpec and Finished) even when it sent a HelloRequest message.
 2020-11-24 16:06:35 +01:00
David Garske
d4c59e369e Merge pull request #3335 from julek-wolfssl/RSA-PSS-padding-in-EVP_Digest-API 
Enable RSA-PSS padding in EVP_Digest* API
 2020-11-19 09:31:12 -08:00
Sean Parkinson
91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska
aa9ed17afa Merge pull request #3512 from dgarske/openssl_pem 
Fix for missing `wolfSSL_PEM_write_bio_PrivateKey` with WebRTC
 2020-11-18 16:17:46 -08:00
toddouska
a280df1892 Merge pull request #3488 from kabuobeid/x509_objtxt_lname 
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
 2020-11-18 16:10:46 -08:00
toddouska
b0979f4225 Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska
dedde4c058 Merge pull request #3456 from JacobBarthelmeh/Certs 
strict certificate version allowed from client
 2020-11-18 15:55:50 -08:00
toddouska
9bde34ef5b Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00