Juliusz Sosinowicz
3edfcfe162
Jenkins fixes
2023-11-29 23:17:10 +01:00
Juliusz Sosinowicz
9337cfbb16
Add wolfSSL_get_sigalg_info
2023-11-29 23:04:19 +01:00
Juliusz Sosinowicz
7c2344c389
Add API to get information about ciphersuites
2023-11-29 23:04:19 +01:00
Juliusz Sosinowicz
fbd8996949
Add API to choose dynamic certs based on client ciphers/sigalgs
2023-11-29 23:04:19 +01:00
JacobBarthelmeh
373fc537f1
Merge pull request #7003 from SparkiDev/ssl_make_x25519_key_temp
...
SSL: make temp X25519/X448 key failure
2023-11-28 10:46:51 -07:00
Sean Parkinson
09d2ba8bc8
Memory usage fixes: nonce type and TLSX extension free
...
Nonce ciphers other than AES. Free uses DYNAMIC_TYPE_CIPHER.
AES allocation must use DYNAMIC_TYPE_CIPHER too.
If not all TLSX extensions can be freed, then free the ones that can.
Update TLSX_free() to have a message for each case.
2023-11-28 12:56:06 +10:00
JacobBarthelmeh
36015e9131
Merge pull request #6998 from SparkiDev/tls_pad_no_hash_raw_fix
...
TLS_hmac: when no raw hash, make sure maxSz is not neg
2023-11-27 09:37:57 -07:00
Sean Parkinson
f65f8be176
SSL: make temp X25519/X448 key failure
...
On failure to make the temporary X25519/X448 key, free it as the type is
stored in eccTempKeyPresent which also indicates a valid key is present.
Otherwise on SSL free, it will default to freeing the key with ECC APIs.
2023-11-27 08:50:22 +10:00
JacobBarthelmeh
008d4958bf
Merge pull request #7001 from dgarske/testnb
...
Fix for TLS v1.3 in non-blocking loosing return code from `SendBuffered`
2023-11-24 12:34:57 -07:00
David Garske
09b6974ae9
Fix for TLS v1.3 in non-blocking loosing return code from SendBuffered. Example: SendBuffered returns WANT_WRITE (-327) and sets ssl->error, then below it was doing ssl->error = ret where ret = 0.
2023-11-24 09:30:09 -08:00
Sean Parkinson
bc36202087
TLS_hmac: when no raw hash, make sure maxSz is not neg
...
When padding byte is invalid, the maxSz can be negative.
Make maxSz 0 in this case so that blocks doesn't get very large and
cause delays.
2023-11-23 09:51:44 +10:00
JacobBarthelmeh
5b3f5496f8
Merge pull request #6430 from kareem-wolfssl/memcached
...
Add memcached support.
2023-11-22 16:20:28 -07:00
gojimmypi
6c41a6a374
Initialize variables to appease Espressif compiler
2023-11-22 13:02:51 -08:00
JacobBarthelmeh
0306d07c47
Merge pull request #6994 from embhorn/gh6988
...
Fix spelling warnings
2023-11-22 13:29:51 -07:00
Kareem
e175410b00
memcached: Revert wolfSSL_in_connect_init changes
2023-11-22 11:55:16 -07:00
Eric Blankenhorn
7223b5a708
Fix spelling warnings
2023-11-22 12:34:56 -06:00
JacobBarthelmeh
2f920b5cc4
Merge pull request #6892 from embhorn/gh6890
...
Add error reporting to loadX509orX509REQFromBuffer
2023-11-22 11:18:45 -07:00
Kareem
72cbd9a44e
memcached: Code review feedback
2023-11-21 17:59:55 -07:00
JacobBarthelmeh
ebbeb6c69e
Merge pull request #6984 from res0nance/pqc-crash-fix
...
tls: return immediately if kyber_id2type() fails
2023-11-21 09:35:22 -07:00
Kareem
ca61034d22
Add memcached support.
...
memcached support: add required functions/defines.
Fix running unit test when defining DEBUG_WOLFSSL_VERBOSE without OPENSSL_EXTRA.
Break out session_id_context APIs into separate option WOLFSSL_SESSION_ID_CTX, so they can be used without OPENSSL_EXTRA.
Make wolfSSL_ERR_get_error and wolfSSL_CTX_set_mode available for memcached.
Add --enable-memcached.
Include required defines for memcached.
Revert unit test fix, no longer needed.
Add Github actions test for memcached. Stop defining DEBUG_WOLFSSL_VERBOSE for memcached.
Add auto retry to writes.
Memcached CI: correct libevent package name.
Memcached CI: Add pkgconfig path for Github CI wolfSSL prefix.
memcached: Fix WOLFSSL_OP_NO_RENEGOTIATION going outside of int bounds, add LD_LIBRARY_PATH for memcached CI test.
memcached CI: Use correct path for wolfSSL
memcached: Add required perl dependency for SSL tests
memcached: Update to 1.6.22
memcached: actually test tls
memcached: Update wolfSSL_SSL_in_before to be side agnostic.
2023-11-20 10:10:34 -07:00
Daniel Pouzzner
7dedfe08ef
cryptonly and linuxkm fixes: fix --enable-all[-crypto] with --enable-opensslextra and --enable-cryptonly (build failures detected by multi-test linuxkm-all-asm-cryptonly-opensslextra-pie after merge of 54f2d56300 and e2bbacd548).
2023-11-19 17:22:46 -06:00
Sean Parkinson
9ed0018954
Merge pull request #6980 from gojimmypi/SM-cipher-type-PR
...
Fix evp SM cipherType check
2023-11-20 07:22:54 +10:00
res0nance
98789dc000
tls: return immediately if kyber_id2type() fails
...
This prevents a crash as ecc_key is not initialized but the
free function is still called.
2023-11-18 15:44:03 +08:00
gojimmypi
16dba37ae6
fix wolfSSL_EVP_CIPHER_CTX_ctrl() SM GCM/CCM type
2023-11-17 07:56:56 -08:00
JacobBarthelmeh
957a0ce300
Merge pull request #6964 from lealem47/zd16470
...
Parse explicit parameters in StoreEccKey()
2023-11-16 15:59:21 -07:00
JacobBarthelmeh
6945093221
Merge pull request #6935 from SparkiDev/ssl_crypto_extract
...
ssl.c: Move out crypto compat APIs
2023-11-16 11:58:14 -07:00
Daniel Pouzzner
263973bde9
src/wolfio.c: fix stack allocations for cookie digests on NO_SHA builds;
...
configure.ac: fix dependencies for enable_dsa vs enable_sha in enable-all, enable-all-crypto, and ENABLED_DSA setup.
2023-11-15 14:43:23 -06:00
Daniel Pouzzner
7569cfdff8
src/internal.c,src/wolfio.c: fallback to SHA256 when NO_SHA, in LoadCertByIssuer(), MicriumGenerateCookie(), uIPGenerateCookie(), and GNRC_GenerateCookie();
...
tests/api.c: when NO_SHA, omit test_wolfSSL_CertManagerCheckOCSPResponse() and test_wolfSSL_CheckOCSPResponse() (both use static artifacts with SHA1 name and key hashes).
2023-11-15 00:09:22 -06:00
David Garske
12878fccae
Merge pull request #6957 from lealem47/expandDistro
...
Add --enable-quic to --enable-all
2023-11-10 15:32:05 -08:00
Lealem Amedie
04ea4da6fd
Parse explicit parameters in StoreEccKey()
2023-11-10 15:11:08 -07:00
Juliusz Sosinowicz
b8d5ac83eb
Add info on how to use WOLFSSL_DTLS13_NO_HRR_ON_RESUME
2023-11-10 10:43:26 +01:00
Lealem Amedie
e2bbacd548
Add QUIC to --enable-all
2023-11-09 14:44:02 -07:00
JacobBarthelmeh
2b1c61a013
Merge pull request #6949 from bigbrett/zd16925
...
fix WOLFSSL_CALLBACK memory error
2023-11-08 23:35:32 -07:00
jordan
be24d68e5d
Add EXTENDED_KEY_USAGE_free to OpenSSL compat layer.
2023-11-08 15:26:24 -06:00
Sean Parkinson
54f2d56300
ssl.c: Move out crypto compat APIs
...
ssl_crypto.c contains OpenSSL compatibility APIS for:
- MD4, MD5, SHA/SHA-1, SHA2, SHA3
- HMAC, CMAC
- DES, DES3, AES, RC4
API implementations reworked.
Tests added for coverage.
TODOs for future enhancements.
2023-11-08 19:43:18 +10:00
JacobBarthelmeh
c5e2f414ea
Merge pull request #6929 from julek-wolfssl/dtls13-early-data-server-side
...
dtls 1.3: allow to skip cookie exchange on resumption
2023-11-06 13:30:21 -07:00
JacobBarthelmeh
8ac291bbe1
Merge pull request #6944 from miyazakh/fix_qt_jenkins_failure
...
skip DATE check if flags is set when calling AddTrustedPeer
2023-11-06 11:35:22 -07:00
JacobBarthelmeh
c92d25816a
Merge pull request #6887 from julek-wolfssl/zd/16849
...
Implement untrusted certs in wolfSSL_X509_STORE_CTX_init
2023-11-06 10:13:43 -07:00
JacobBarthelmeh
190b51ae6f
Merge pull request #6810 from bandi13/codeSonar_fixes
...
Fix 'negative character value'
2023-11-03 13:52:06 -06:00
Juliusz Sosinowicz
8c87920903
Address code review
2023-11-03 11:02:41 +01:00
Hideki Miyazaki
49121b5c47
move declaration to the top of func
2023-11-03 11:45:33 +09:00
Hideki Miyazaki
8d9dc3d79f
skip DATE if flags is set when calling AddTrustedPeer
2023-11-03 09:38:23 +09:00
David Garske
8fc754515a
Merge pull request #6938 from SparkiDev/rsa_pss_salt_len_openssl_compat_fix
...
RSA PSS OpenSSL compatibility verification: support AUTO
2023-11-02 09:07:40 -07:00
Sean Parkinson
4870435604
RSA PSS OpenSSL compatibility verification: support AUTO
...
When wolfSSL_RSA_verify_PKCS1_PSS() called with RSA_PSS_SALTLEN_AUTO
(RSA_PSS_SALTLEN_MAX_SIGN) it wasn't using RSA_PSS_SALT_LEN_DISCOVER
when available.
2023-11-02 11:24:18 +10:00
JacobBarthelmeh
21f34ef028
Merge pull request #6905 from bandi13/moreCodeSonarFixes
...
Don't nag about leaked resources
2023-11-01 14:46:02 -06:00
Brett Nicholas
9d632ccaa6
apply lateRL offset to memcpy dest, not src
2023-11-01 14:32:11 -06:00
JacobBarthelmeh
15fdf6eccc
Merge pull request #6910 from bigbrett/ios-ca-api
...
exercise --sys-ca-certs optionin external.test
2023-11-01 14:09:24 -06:00
JacobBarthelmeh
c920337f2f
Merge pull request #6891 from julek-wolfssl/zd/16849-i2d_x509
...
Advance pointer in wolfSSL_i2d_X509
2023-11-01 11:02:44 -06:00
JacobBarthelmeh
98843798c2
Merge pull request #6934 from SparkiDev/regression_fixes_8
...
Regression test fixes
2023-11-01 10:55:41 -06:00
Sean Parkinson
0eab70f806
Regression test fixes
...
Fixes for different configurations and memory allocation failure
testing.
2023-11-01 14:10:49 +10:00