Commit Graph

7487 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 3edfcfe162 Jenkins fixes 2023-11-29 23:17:10 +01:00
Juliusz Sosinowicz 9337cfbb16 Add wolfSSL_get_sigalg_info 2023-11-29 23:04:19 +01:00
Juliusz Sosinowicz 7c2344c389 Add API to get information about ciphersuites 2023-11-29 23:04:19 +01:00
Juliusz Sosinowicz fbd8996949 Add API to choose dynamic certs based on client ciphers/sigalgs 2023-11-29 23:04:19 +01:00
JacobBarthelmeh 373fc537f1 Merge pull request #7003 from SparkiDev/ssl_make_x25519_key_temp
SSL: make temp X25519/X448 key failure
2023-11-28 10:46:51 -07:00
Sean Parkinson 09d2ba8bc8 Memory usage fixes: nonce type and TLSX extension free
Nonce ciphers other than AES. Free uses DYNAMIC_TYPE_CIPHER.
AES allocation must use DYNAMIC_TYPE_CIPHER too.

If not all TLSX extensions can be freed, then free the ones that can.
Update TLSX_free() to have a message for each case.
2023-11-28 12:56:06 +10:00
JacobBarthelmeh 36015e9131 Merge pull request #6998 from SparkiDev/tls_pad_no_hash_raw_fix
TLS_hmac: when no raw hash, make sure maxSz is not neg
2023-11-27 09:37:57 -07:00
Sean Parkinson f65f8be176 SSL: make temp X25519/X448 key failure
On failure to make the temporary X25519/X448 key, free it as the type is
stored in eccTempKeyPresent which also indicates a valid key is present.
Otherwise on SSL free, it will default to freeing the key with ECC APIs.
2023-11-27 08:50:22 +10:00
JacobBarthelmeh 008d4958bf Merge pull request #7001 from dgarske/testnb
Fix for TLS v1.3 in non-blocking loosing return code from `SendBuffered`
2023-11-24 12:34:57 -07:00
David Garske 09b6974ae9 Fix for TLS v1.3 in non-blocking loosing return code from SendBuffered. Example: SendBuffered returns WANT_WRITE (-327) and sets ssl->error, then below it was doing ssl->error = ret where ret = 0. 2023-11-24 09:30:09 -08:00
Sean Parkinson bc36202087 TLS_hmac: when no raw hash, make sure maxSz is not neg
When padding byte is invalid, the maxSz can be negative.
Make maxSz 0 in this case so that blocks doesn't get very large and
cause delays.
2023-11-23 09:51:44 +10:00
JacobBarthelmeh 5b3f5496f8 Merge pull request #6430 from kareem-wolfssl/memcached
Add memcached support.
2023-11-22 16:20:28 -07:00
gojimmypi 6c41a6a374 Initialize variables to appease Espressif compiler 2023-11-22 13:02:51 -08:00
JacobBarthelmeh 0306d07c47 Merge pull request #6994 from embhorn/gh6988
Fix spelling warnings
2023-11-22 13:29:51 -07:00
Kareem e175410b00 memcached: Revert wolfSSL_in_connect_init changes 2023-11-22 11:55:16 -07:00
Eric Blankenhorn 7223b5a708 Fix spelling warnings 2023-11-22 12:34:56 -06:00
JacobBarthelmeh 2f920b5cc4 Merge pull request #6892 from embhorn/gh6890
Add error reporting to loadX509orX509REQFromBuffer
2023-11-22 11:18:45 -07:00
Kareem 72cbd9a44e memcached: Code review feedback 2023-11-21 17:59:55 -07:00
JacobBarthelmeh ebbeb6c69e Merge pull request #6984 from res0nance/pqc-crash-fix
tls: return immediately if kyber_id2type() fails
2023-11-21 09:35:22 -07:00
Kareem ca61034d22 Add memcached support.
memcached support: add required functions/defines.

Fix running unit test when defining DEBUG_WOLFSSL_VERBOSE without OPENSSL_EXTRA.

Break out session_id_context APIs into separate option WOLFSSL_SESSION_ID_CTX, so they can be used without OPENSSL_EXTRA.

Make wolfSSL_ERR_get_error and wolfSSL_CTX_set_mode available for memcached.

Add --enable-memcached.

Include required defines for memcached.

Revert unit test fix, no longer needed.

Add Github actions test for memcached.  Stop defining DEBUG_WOLFSSL_VERBOSE for memcached.

Add auto retry to writes.

Memcached CI: correct libevent package name.

Memcached CI: Add pkgconfig path for Github CI wolfSSL prefix.

memcached: Fix WOLFSSL_OP_NO_RENEGOTIATION going outside of int bounds, add LD_LIBRARY_PATH for memcached CI test.

memcached CI: Use correct path for wolfSSL

memcached: Add required perl dependency for SSL tests

memcached: Update to 1.6.22

memcached: actually test tls

memcached: Update wolfSSL_SSL_in_before to be side agnostic.
2023-11-20 10:10:34 -07:00
Daniel Pouzzner 7dedfe08ef cryptonly and linuxkm fixes: fix --enable-all[-crypto] with --enable-opensslextra and --enable-cryptonly (build failures detected by multi-test linuxkm-all-asm-cryptonly-opensslextra-pie after merge of 54f2d56300 and e2bbacd548). 2023-11-19 17:22:46 -06:00
Sean Parkinson 9ed0018954 Merge pull request #6980 from gojimmypi/SM-cipher-type-PR
Fix evp SM cipherType check
2023-11-20 07:22:54 +10:00
res0nance 98789dc000 tls: return immediately if kyber_id2type() fails
This prevents a crash as ecc_key is not initialized but the
free function is still called.
2023-11-18 15:44:03 +08:00
gojimmypi 16dba37ae6 fix wolfSSL_EVP_CIPHER_CTX_ctrl() SM GCM/CCM type 2023-11-17 07:56:56 -08:00
JacobBarthelmeh 957a0ce300 Merge pull request #6964 from lealem47/zd16470
Parse explicit parameters in StoreEccKey()
2023-11-16 15:59:21 -07:00
JacobBarthelmeh 6945093221 Merge pull request #6935 from SparkiDev/ssl_crypto_extract
ssl.c: Move out crypto compat APIs
2023-11-16 11:58:14 -07:00
Daniel Pouzzner 263973bde9 src/wolfio.c: fix stack allocations for cookie digests on NO_SHA builds;
configure.ac: fix dependencies for enable_dsa vs enable_sha in enable-all, enable-all-crypto, and ENABLED_DSA setup.
2023-11-15 14:43:23 -06:00
Daniel Pouzzner 7569cfdff8 src/internal.c,src/wolfio.c: fallback to SHA256 when NO_SHA, in LoadCertByIssuer(), MicriumGenerateCookie(), uIPGenerateCookie(), and GNRC_GenerateCookie();
tests/api.c: when NO_SHA, omit test_wolfSSL_CertManagerCheckOCSPResponse() and test_wolfSSL_CheckOCSPResponse() (both use static artifacts with SHA1 name and key hashes).
2023-11-15 00:09:22 -06:00
David Garske 12878fccae Merge pull request #6957 from lealem47/expandDistro
Add --enable-quic to --enable-all
2023-11-10 15:32:05 -08:00
Lealem Amedie 04ea4da6fd Parse explicit parameters in StoreEccKey() 2023-11-10 15:11:08 -07:00
Juliusz Sosinowicz b8d5ac83eb Add info on how to use WOLFSSL_DTLS13_NO_HRR_ON_RESUME 2023-11-10 10:43:26 +01:00
Lealem Amedie e2bbacd548 Add QUIC to --enable-all 2023-11-09 14:44:02 -07:00
JacobBarthelmeh 2b1c61a013 Merge pull request #6949 from bigbrett/zd16925
fix WOLFSSL_CALLBACK memory error
2023-11-08 23:35:32 -07:00
jordan be24d68e5d Add EXTENDED_KEY_USAGE_free to OpenSSL compat layer. 2023-11-08 15:26:24 -06:00
Sean Parkinson 54f2d56300 ssl.c: Move out crypto compat APIs
ssl_crypto.c contains OpenSSL compatibility APIS for:
 - MD4, MD5, SHA/SHA-1, SHA2, SHA3
 - HMAC, CMAC
 - DES, DES3, AES, RC4
API implementations reworked.
Tests added for coverage.
TODOs for future enhancements.
2023-11-08 19:43:18 +10:00
JacobBarthelmeh c5e2f414ea Merge pull request #6929 from julek-wolfssl/dtls13-early-data-server-side
dtls 1.3: allow to skip cookie exchange on resumption
2023-11-06 13:30:21 -07:00
JacobBarthelmeh 8ac291bbe1 Merge pull request #6944 from miyazakh/fix_qt_jenkins_failure
skip DATE check if flags is set when calling AddTrustedPeer
2023-11-06 11:35:22 -07:00
JacobBarthelmeh c92d25816a Merge pull request #6887 from julek-wolfssl/zd/16849
Implement untrusted certs in wolfSSL_X509_STORE_CTX_init
2023-11-06 10:13:43 -07:00
JacobBarthelmeh 190b51ae6f Merge pull request #6810 from bandi13/codeSonar_fixes
Fix 'negative character value'
2023-11-03 13:52:06 -06:00
Juliusz Sosinowicz 8c87920903 Address code review 2023-11-03 11:02:41 +01:00
Hideki Miyazaki 49121b5c47 move declaration to the top of func 2023-11-03 11:45:33 +09:00
Hideki Miyazaki 8d9dc3d79f skip DATE if flags is set when calling AddTrustedPeer 2023-11-03 09:38:23 +09:00
David Garske 8fc754515a Merge pull request #6938 from SparkiDev/rsa_pss_salt_len_openssl_compat_fix
RSA PSS OpenSSL compatibility verification: support AUTO
2023-11-02 09:07:40 -07:00
Sean Parkinson 4870435604 RSA PSS OpenSSL compatibility verification: support AUTO
When wolfSSL_RSA_verify_PKCS1_PSS() called with RSA_PSS_SALTLEN_AUTO
(RSA_PSS_SALTLEN_MAX_SIGN) it wasn't using RSA_PSS_SALT_LEN_DISCOVER
when available.
2023-11-02 11:24:18 +10:00
JacobBarthelmeh 21f34ef028 Merge pull request #6905 from bandi13/moreCodeSonarFixes
Don't nag about leaked resources
2023-11-01 14:46:02 -06:00
Brett Nicholas 9d632ccaa6 apply lateRL offset to memcpy dest, not src 2023-11-01 14:32:11 -06:00
JacobBarthelmeh 15fdf6eccc Merge pull request #6910 from bigbrett/ios-ca-api
exercise --sys-ca-certs optionin external.test
2023-11-01 14:09:24 -06:00
JacobBarthelmeh c920337f2f Merge pull request #6891 from julek-wolfssl/zd/16849-i2d_x509
Advance pointer in wolfSSL_i2d_X509
2023-11-01 11:02:44 -06:00
JacobBarthelmeh 98843798c2 Merge pull request #6934 from SparkiDev/regression_fixes_8
Regression test fixes
2023-11-01 10:55:41 -06:00
Sean Parkinson 0eab70f806 Regression test fixes
Fixes for different configurations and memory allocation failure
testing.
2023-11-01 14:10:49 +10:00