Commit Graph

5428 Commits

Author SHA1 Message Date
John Safranek e7ef48d2b7 Merge pull request #3869 from SparkiDev/asn1_template
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
Sean Parkinson d486b89c61 ASN1 Template: stricter and simpler DER/BER parsing/construction
Reduce debug output noise
2021-08-19 11:32:41 +10:00
John Safranek 63fde01e32 Merge pull request #4311 from haydenroche5/rsyslog
Make improvements for rsyslog port.
2021-08-18 16:55:32 -07:00
John Safranek 9a1233c04d Merge pull request #4312 from julek-wolfssl/DH_set_length
Implement `DH_set_length`.
2021-08-18 16:42:38 -07:00
John Safranek 18314e5a4f Merge pull request #4309 from dgarske/sniff_cleanups
Improved sniffer statistics and documentation
2021-08-18 16:03:38 -07:00
John Safranek c2b88a1fca Merge pull request #4306 from dgarske/pk_tls13
Fixes for PK callbacks with TLS v1.3
2021-08-18 15:42:19 -07:00
Sean Parkinson 8df65c3fa7 Merge pull request #4270 from dgarske/zd12586
Fixes for various PKCS7 and SRP build issues
2021-08-19 08:12:15 +10:00
John Safranek ef77cd05d4 Merge pull request #4302 from haydenroche5/libssh2
Add missing ECDSA_SIG getter/settter for libssh2.
2021-08-18 15:08:06 -07:00
David Garske c5f9e55567 Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled. 2021-08-18 11:30:18 -07:00
Chris Conlon 6237a7a00d Merge pull request #4305 from TakayukiMatsuo/i2t
Add support for wolfSSL_i2t_ASN1_OBJECT
2021-08-18 10:37:08 -06:00
Juliusz Sosinowicz 162f14aaf9 Implement DH_set_length. 2021-08-18 13:24:51 +02:00
Sean Parkinson 8f7e09d9b5 Merge pull request #4294 from dgarske/tls13_earlydata
Fix early data max size handling in TLS v1.3
2021-08-18 08:48:42 +10:00
David Garske 89904ce82e Fixes for building without AES CBC and support for PKCS7 without AES CBC. 2021-08-17 10:47:19 -07:00
David Garske 69d01afd3a Merge pull request #4250 from danielinux/iotsafe
IoT-Safe with TLS demo
2021-08-17 08:26:19 -07:00
Hayden Roche c16127d9ab Make improvements for rsyslog port.
- Remove FP_MAX_BITS and RSA_MAX_BITS definitions from rsyslog config. A user
configuring wolfSSL for rsyslog support should set them as they see fit (i.e.
based on the key sizes they need to support).
- After testing with wolfSSL FIPS, I discovered that some functions were missing
from the compatibility layer that rsyslog needs. Notably wolfSSL_DH_generate_key
and wolfSSL_DH_set0_pqg. These were gated out of compilation based on HAVE_FIPS.
However, they only need to be compiled out if WOLFSSL_DH_EXTRA is defined. This
is because these functions call SetDhInternal, which calls wc_DhImportKeyPair
if WOLFSSL_DH_EXTRA is defined. wc_DhImportKeyPair isn't available in the FIPS
module's dh.c. So, these functions can exist in the FIPS build provided
WOLFSSL_DH_EXTRA isn't defined. This commit accounts for this scenario.
2021-08-17 08:19:43 -07:00
TakayukiMatsuo 421be50cb8 Add support for wolfSSL_i2t_ASN1_OBJECT 2021-08-17 10:52:20 +09:00
David Garske 5c00951f09 Do not add DH padding on failure. 2021-08-16 16:31:18 -07:00
David Garske 9898b5d82b Various spelling fixes. 2021-08-16 16:31:18 -07:00
David Garske 0ea5046b39 Improved documentation for sniffer statistics (ZD 12731). 2021-08-16 16:31:18 -07:00
David Garske 6ac03d41ef Merge pull request #4203 from SparkiDev/tls13_peek_fix_off
TLS 1.3: ability to turn peek change off
2021-08-16 15:25:58 -07:00
Hayden Roche 63d1bd13d4 Add missing ECDSA_SIG getter/settter for libssh2. 2021-08-16 14:43:13 -07:00
Daniele Lacamera 490eeb4003 Support for IoT-Safe with TLS demo 2021-08-16 13:13:30 -07:00
David Garske 70535f51d5 Fixes for PK callbacks with TLS v1.3. Tested with ./configure --enable-pkcallbacks CFLAGS="-DTEST_PK_PRIVKEY -DDEBUG_PK_CB". 2021-08-16 13:09:17 -07:00
Hayden Roche c6f0fb11d0 Merge pull request #4253 from julek-wolfssl/lighttpd-1.4.55
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
2021-08-16 15:05:51 -05:00
Hayden Roche bbb514fa6d Add support for rsyslog.
- Add an --enable-rsyslog option to configure.ac.
- Add a few missing `WOLFSSL_ERROR` calls that were expected by rsyslog unit
  tests.
- Add better documentation around `WOLFSSL_SHUTDOWN_NOT_DONE` and define it to
  be 0 (rather than 2) when `WOLFSSL_ERROR_CODE_OPENSSL` is defined. This is in
  accordance with OpenSSL documentation. Without this change, rsyslog was
  failing to do the bidirectional shutdown properly because it was checking the
  shutdown return value against 0. I'm keeping the old value when
  `WOLFSSL_ERROR_CODE_OPENSSL` isn't defined because it's part of the public
  wolfssl interface (it's in ssl.h).
2021-08-13 23:24:28 -07:00
Juliusz Sosinowicz 0f6e564093 Rebase fixes 2021-08-14 00:35:55 +02:00
Juliusz Sosinowicz 6a5f40d698 Code review fixes. 2021-08-14 00:25:00 +02:00
Juliusz Sosinowicz 72f1d0adac Refactor client_CA API to use wolfSSL_sk_X509_NAME_* API 2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz 62cab15c64 Reorganize wolfSSL_sk_X509_NAME_*
Make the `wolfSSL_sk_X509_NAME_*` API's available in OPENSSL_EXTRA for use with `client_CA_list` API's.
2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz d4391bd997 Parse distinguished names in DoCertificateRequest
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
2021-08-14 00:24:08 +02:00
Juliusz Sosinowicz 647e007eea Implement wolfSSL_set_client_CA_list and add 'HIGH' cipher suite 2021-08-14 00:24:08 +02:00
Chris Conlon ca06694bfb Merge pull request #4282 from miyazakh/SSL_CIPHER_xx
Add SSL_CIPHER_get_xxx_nid support
2021-08-13 13:48:31 -06:00
Chris Conlon 5235b7d1e6 Merge pull request #4291 from miyazakh/PARAM_set1_ip
Add X509_VERIFY_PARAM_set1_ip support
2021-08-13 13:45:33 -06:00
Juliusz Sosinowicz 7dea1dcd39 OpenResty 1.13.6.2 and 1.19.3.1 support
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list

# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
David Garske cccb8f940a Merge pull request #4209 from julek-wolfssl/net-snmp
Add support for net-snmp
2021-08-12 13:06:21 -07:00
David Garske 93a1fe4580 Merge pull request #4205 from julek-wolfssl/wpas-include-extra-stuff
Include stuff needed for EAP in hostap
2021-08-12 11:17:23 -07:00
Chris Conlon d4b0ec0705 Merge pull request #4290 from TakayukiMatsuo/general
Add wolfSSL_GENERAL_NAME_print
2021-08-12 09:51:28 -06:00
Juliusz Sosinowicz e583d0ab76 SslSessionCacheOn -> SslSessionCacheOff 2021-08-12 13:52:25 +02:00
TakayukiMatsuo 517309724a Add wolfSSL_GENERAL_NAME_print 2021-08-12 14:17:41 +09:00
Hideki Miyazaki 0b070166cb addressed review comments 2021-08-12 10:44:07 +09:00
Hideki Miyazaki 4fa69c0a3a addressed review comments 2021-08-12 07:41:24 +09:00
David Garske 9c3502bea9 Merge pull request #4285 from haydenroche5/alerts
During the handshake, make sure alerts are getting read on the client side in the event of an error.
2021-08-11 15:22:05 -07:00
elms d39b91de27 Merge pull request #4266 from dgarske/hexchar 2021-08-11 10:56:53 -07:00
Juliusz Sosinowicz dd4adacee8 Code review changes 2021-08-11 17:58:46 +02:00
elms d487916557 Merge pull request #4279 from haydenroche5/pkcs12
Cleanups for PKCS8 and PKCS12 macros (always support parsing PKCS8 header)
2021-08-10 18:37:33 -07:00
David Garske 0c74e18eaf Fix early data max size handling. Fixes issue with size checking around wolfSSL_CTX_set_max_early_data and wolfSSL_set_max_early_data, which was checking against the padded size. Also was adding to the earlyDataSz and checking against it with un-padded data size. ZD 12632. 2021-08-10 16:32:41 -07:00
David Garske df10152b54 Refactor hex char to byte conversions. 2021-08-10 12:07:41 -07:00
David Garske fdb6c8141e Merge pull request #4274 from haydenroche5/pyopenssl
Add support for pyOpenSSL.
2021-08-10 11:49:07 -07:00
Hayden Roche fdc350fb52 Add a macro guard WOLFSSL_CHECK_ALERT_ON_ERR that has the client check for
alerts in the event of an error during the handshake.
2021-08-10 09:43:12 -07:00
Hayden Roche ef5510cbcc During the handshake, make sure alerts are getting read on the client side in
the event of an error.
2021-08-09 14:26:53 -07:00