Commit Graph

3351 Commits

Author SHA1 Message Date
David Garske 64376d4d9e Merge pull request #5555 from julek-wolfssl/dtls-fragment-buckets
Don't over-allocate memory for DTLS fragments
2022-09-08 07:46:04 -07:00
Juliusz Sosinowicz 28af88788a Set correct types in wolfSSL_sk_*_new functions
- Use WOLF_SK_COMPARE_CB() to generate the correct types instead of using void* for the callback parameters.
- Remove WOLFSSL_STACK.comp entirely since it is not used anywhere. Ignore input parameters that used to set this member.
2022-09-08 11:55:32 +02:00
JacobBarthelmeh 9d6e157fc5 add asn template version 2022-09-07 16:15:19 -07:00
Hayden Roche 18450eb94b Fix HMAC compat layer function for SHA-1.
This function would only accept the string "SHA" for SHA-1-based HMAC, but it
should also accept "SHA1." This is similar to how wolfSSL_EVP_get_digestbyname
allows both "SHA" and "SHA1." We didn't have a test for this in api.c. I added
one, and it failed before my fix here.
2022-09-07 15:25:31 -07:00
JacobBarthelmeh 28a82237d9 RSA-PSS signed OCSP responses 2022-09-07 13:12:43 -07:00
Juliusz Sosinowicz 28895ed0cd Use a union and struct for padding in DtlsFragBucket
Zero length arrays are not allowed so `byte padding[0]` is not a valid member. Changed to use a union and struct instead.
2022-09-07 13:04:26 +02:00
Juliusz Sosinowicz 8bf3e0829e Don't over-allocate memory for DTLS fragments
Don't reserve the full message length of memory. Instead we only allocate memory for the fragments that we have already received. We also dynamically combine memory fragments when we receive overlap.
2022-09-07 13:04:06 +02:00
Stefan Eissing 9b319b3782 Remove dependency on POLY1305 on testing CHACHA20 only. 2022-09-06 10:06:02 +02:00
Stefan Eissing 9f47999002 Add ChaCha20 as available cipher in the EVP API.
- wire the wc_ChaCha_* implementation into the EVP API
  as `wolfSSL_EVP_chacha20`
- follow IV conversions of OpenSSL
- add test case
- have QUIC support use this for header protection when
  CHACHA20_POLY1305 has been negotiated in the handshake.
2022-09-06 10:06:02 +02:00
Stanislav Klima 38781bd7cf added testing for wolfSSL_set_cipher_list_bytes() 2022-09-05 16:57:07 +02:00
Sean Parkinson f807c70637 Ed make public key wasn't checking whether private key set
Ed25519 and Ed448 make public key APIs now check whether the private key
was set.
The private key and public key flags setting and clearing also updated.
Testing of unset private key and calling make public key added for
Ed25519 and Ed448.
2022-09-05 12:21:51 +10:00
Satoshi Yamaguchi 69ed2b56d4 Replace a variable of AES-128 key size to the constant AES_128_KEY_SIZE 2022-09-04 13:31:24 +09:00
David Garske 11bb8b3dc4 Merge pull request #5543 from SparkiDev/rsa_max_size_fix
RSA max key size checks
2022-09-02 09:26:19 -07:00
Sean Parkinson 3bf6baf596 RSA max key size checks
Detect when certificate's RSA public key size is too big and fail on
loading of certificate.
Fix unit test to only attempt to use 3072 bit RSA-PSS keys when
RSA_MAX_SIZE supports it.
2022-09-02 10:37:12 +10:00
Stefan Eissing 65ca72c5a2 Improve EVP support for CHACHA20_POLY1305 (#5527)
* Add test case for OpenSSLs capability to init a evp context partially in several calls.
* EVP handling of CHACHA20_POLY1305 improvment
- save key at ctx for Init()s without IV
- reuse stored key for Init()s with new IV, reusing ctx
- free and zero key on ctx clenaup
* Adding type cast to XMALLOC to force compiler compatibility.
* EVP: using same DYNAMIC_TYPE in alloc and free of chacha20_poly1305 key.
Co-authored-by: Stefan Eissing <stefan.eissing@greenbytes.de>
2022-09-01 13:23:42 -07:00
Satoshi Yamaguchi 85776f0069 Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API 2022-09-01 18:00:43 +09:00
Daniel Pouzzner ea3959f2f6 analyzer coddling:
in api.c test_wolfSSL_dtls12_fragments_spammer(), inhibit clang-analyzer-deadcode.DeadStores;

in asn.c ParseCRL_Extensions() old (!WOLFSSL_ASN_TEMPLATE) version, fix bounds check to prevent overshift;

in misc.c ctMaskCopy(), use `*(x + i)`, not x[i], to tiptoe around cppcheck-2.9 objectIndex bug.
2022-08-31 22:56:08 -05:00
David Garske 8722a46d52 Merge pull request #5503 from julek-wolfssl/dtls-fragments
DTLS limit fragments
2022-08-31 09:53:09 -07:00
Juliusz Sosinowicz 54bd786707 DTLS limit fragments
- Limit the amount of fragments we store per a DTLS connection
- Error out when we reach the DTLS fragment connection limit
2022-08-31 14:24:20 +02:00
JacobBarthelmeh 29f2dee991 handeling DER to internal of an OCSP response with no optional certificates 2022-08-29 15:25:50 -07:00
JacobBarthelmeh ac3cdb42b7 free structure in test case and return 0 from ocsp renew script 2022-08-29 15:25:50 -07:00
JacobBarthelmeh 5b5f673c51 add simple ocsp response der verify test case 2022-08-29 15:25:50 -07:00
David Garske a7f86f9473 Merge pull request #5517 from JacobBarthelmeh/Testing
misc. testing items from static analysis tools
2022-08-29 08:48:51 -07:00
Juliusz Sosinowicz 88deaf9b5c SNI can appear in ServerHello for TLS 1.2
Co-authored-by: Eric Blankenhorn <eric@wolfssl.com>
2022-08-29 14:22:10 +02:00
JacobBarthelmeh ad0fd15a0d static analysis fix from infer 2022-08-26 14:55:42 -07:00
Juliusz Sosinowicz 2fb3f58c03 Cleanup output object in wolfSSL_EVP_MD_CTX_copy_ex before copy 2022-08-26 13:07:45 +02:00
David Garske 1976601811 Merge pull request #5505 from julek-wolfssl/dtls-plaintext
Ignore plaintext on established connections
2022-08-25 07:25:03 -07:00
Hayden Roche 9f39ffdba7 Fix wolfSSL_GENERAL_NAMES_free memory leak.
This function was just freeing the stack object itself of GENERAL_NAMES with
wolfSSL_sk_free, but this doesn't free the data in the items of the stack. The
fix is to replace wolfSSL_sk_free with wolfSSL_sk_GENERAL_NAME_free.
2022-08-24 18:42:30 -07:00
Juliusz Sosinowicz 159a3c8b03 Ignore plaintext on established connections 2022-08-24 21:40:19 +02:00
Stanislav Klima c4a61af311 drafted test case 2022-08-24 20:45:54 +02:00
John Safranek 9b65f5819c API Test Fixes for GCC/PowerPC Warnings
1. In api.c, change the name of the devId global to testDevId.
2. In api.c, for the SNI test, some of the pointers were multiply
   typecast eventually to `void **`. An older compiler didn't like
   that. Just use void pointer.
2022-08-24 11:30:56 -07:00
David Garske 48463f6d54 Merge pull request #5388 from lealem47/crlPrint
Adding X509_CRL_print() function
2022-08-22 17:16:19 -07:00
David Garske 1e5de8255e Merge pull request #5472 from satoshiyamaguchi/trial3
Add/Extend PEM_read compatibility API's
2022-08-22 09:24:39 -07:00
Lealem Amedie 8f4b467f47 Fixing line lengths and SMALL_STACK code path 2022-08-22 09:17:23 -07:00
Lealem Amedie 2a65220527 Adding X509_CRL_print() function 2022-08-19 12:21:35 -07:00
David Garske 1d0e83bd1a Merge pull request #5474 from julek-wolfssl/zd14644-2
Match OpenSSL self signed error return.
2022-08-19 06:46:26 -07:00
Satoshi Yamaguchi 61c7003520 Fix whitespace 2022-08-19 12:38:07 +09:00
Chris Conlon e830a0f613 Merge pull request #5434 from satoshiyamaguchi/trial4 2022-08-17 17:04:36 -06:00
Juliusz Sosinowicz 008e947fec Match OpenSSL self signed error return.
OpenSSL compat expects ASN_SELF_SIGNED_E when a self signed cert can't be verified. This is useful when translating the error with GetX509Error into a X509_V_ERR_* error.
2022-08-17 12:40:16 +02:00
Satoshi Yamaguchi 091fc71c74 Fix EVP_PKEY not freed and FILE pointer not closed 2022-08-17 01:03:09 +09:00
Satoshi Yamaguchi e1b3f14d35 Fix FILE pointer not closed in tests/api.c 2022-08-17 00:11:29 +09:00
Satoshi Yamaguchi fba534dce0 Add wolfSSL_PEM_read_RSA_PUBKEY to OpenSSL compatible API 2022-08-14 16:08:22 +09:00
Daniel Pouzzner e382905311 CMakeLists.txt: synchronize CMAKE_C_FLAGS with diagnostic flags set in autotools-generated Makefile (-Wall -Wextra -Wno-unused -Werror), and fix WOLFSSL_RSA_PSS to add -DWOLFSSL_PSS_LONG_SALT as needed by changes to test_wolfSSL_CertRsaPss() in fb531dacc2 (gating of those changes is also added in this commit). 2022-08-12 15:18:41 -05:00
David Garske 499b9c4f35 Merge pull request #5456 from SparkiDev/ssl_set1_curve_fix
wolfSSL_CTX_set1_curves_list: X25519 and X448 defines
2022-08-11 09:19:25 -07:00
Sean Parkinson 4d8a713783 wolfSSL_CTX_set1_curves_list: X25519 and X448 defines
Support wolfSSL_CTX_set1_curves_list being available when X25519 and/or
X448 only defined.
Don't recognize X25519 or X448 if corresponding define is not set.
Enable test in api.c.
2022-08-11 14:13:04 +10:00
Sean Parkinson fb531dacc2 Certs with RSA-PSS sig
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
2022-08-11 09:43:01 +10:00
David Garske 7004157869 Merge pull request #5387 from TakayukiMatsuo/tk14445
Suppress build errors when defining some disable macros
2022-08-07 20:09:41 -07:00
TakayukiMatsuo 79fb1783c4 Suppress build errors when defining some disable macros 2022-08-07 17:11:22 +09:00
David Garske 96fcc129ec Merge pull request #5213 from JacobBarthelmeh/req
expand functions included in opensslextra and add REQ print out
2022-08-05 13:20:21 -07:00
David Garske 2c2a7750a4 Merge pull request #5414 from darktohka/feature/chacha20-poly1305-evp
Integrate chacha20-poly1305 into the EVP interface
2022-08-03 18:21:17 -07:00