Commit Graph

6780 Commits

Author SHA1 Message Date
David Garske a6c98a11d9 Merge pull request #5845 from anhu/re-sign
Don't regenerate in wolfSSL_PEM_write_bio_X509().
2022-12-06 06:35:13 -08:00
David Garske 9d9549fbd3 Merge pull request #5836 from anhu/kyber_cleanup
Remove kyber-90s and route all kyber through wolfcrypt.
2022-12-05 13:18:44 -08:00
Anthony Hu 57a5c9701d Missed a free of der 2022-12-02 17:23:47 -05:00
Anthony Hu f58f3bd986 Don't regenerate in test_wolfSSL_PEM_write_bio_X509(). We don't have the private key. 2022-12-02 16:41:24 -05:00
Daniel Pouzzner 3ea8dd2f67 src/dtls.c: add WOLFCRYPT_ONLY gating. 2022-12-02 15:13:31 -06:00
David Garske 8fb92a283a Merge pull request #5716 from rizlik/dtls_cookie_stateless
dtls: allow for stateless client hello parsing
2022-12-01 13:47:33 -08:00
David Garske d1e6ce064f Merge pull request #5832 from JacobBarthelmeh/fuzzing
free signer if malloc cases fail
2022-12-01 10:35:15 -08:00
Marco Oliverio fc4b008912 dtls: fix heap hint in XFREE 2022-12-01 16:47:37 +00:00
Marco Oliverio af00c89f18 dtls v1.2: stateless support WOLFSSL_DTLS_NO_HVR_ON_RESUME 2022-12-01 16:30:54 +00:00
Marco Oliverio cc7dad3ee6 dtls v1.2: support stateless client hello processing 2022-12-01 16:30:54 +00:00
Marco Oliverio 5bc86b8c2c fix: dtls: always use version DTLS 1.0 in HelloVerifyRequest
see rfc6347 section 4.2.1
2022-12-01 16:30:54 +00:00
Marco Oliverio 4fa1b9dd0a fix: AddRecordHeader: use correct minor when using DTLS 2022-12-01 16:30:54 +00:00
Marco Oliverio aff01121a2 fix: dtls v1.2: reset window when invoking DtlsResetState 2022-12-01 16:30:54 +00:00
Marco Oliverio 173208728a fix: tls13: hash using right version when downgrading 2022-12-01 16:30:54 +00:00
Marco Oliverio 2c35d7f9d2 fix: formatting and typos
dtls: fix debug message when downgrading

internal.c: fix typo
2022-12-01 16:30:53 +00:00
Stefan Eissing e5cfd96609 QUIC API support in OpenSSL compat layer, as needed by HAProxy integration.
- adding patch for HAProxy, see dod/QUIC.md, based on current master.
      For documentaton purposes, since HAProxy does not accept PRs. To be
      removed once forwarded to the project.
2022-12-01 10:12:35 +01:00
Anthony Hu a2fb4c0788 Remove kyber-90s and route all kyber through wolfcrypt. 2022-11-30 17:17:28 -05:00
JacobBarthelmeh 01833a369e free signer if malloc cases fail 2022-11-30 10:02:33 -08:00
Anthony Hu 7c576de914 Fixes from testing 2022-11-25 16:00:09 -05:00
Anthony Hu 0bfa5c9836 Purge NTRU and SABER. Not going to be standardized. 2022-11-25 14:54:08 -05:00
Anthony Hu 5e191b7218 Remove some unnecessary guarding. Preventing build on STM32. 2022-11-24 11:49:12 -05:00
Sean Parkinson cf8ea5c606 Merge pull request #5812 from ejohnstown/crl-ocsp
OCSP/CRL
2022-11-24 12:42:17 +10:00
John Safranek 88f3570fe4 OCSP/CRL
Added comments for the usage of OCSP_WANT_READ used with the CRL I/O
callback.
2022-11-23 16:35:10 -08:00
David Garske 0a38553909 Merge pull request #5798 from JacobBarthelmeh/python
account for 'pulled' error nodes
2022-11-23 14:57:03 -08:00
John Safranek 909fd726cd OCSP/CRL
Fixing issue #3070. When the OCSP responder returns an unknown exception,
continue through to checking the CRL. Before, it was setting the flag
to check CRL, then clearing it because of the exception.
2022-11-23 10:50:12 -08:00
Anthony Hu f3546b50fd Conform to pre-existing pattern. 2022-11-23 17:58:12 +00:00
Anthony Hu 6190666108 Support for Analog Devices MAXQ1080 and MAXQ1065 2022-11-23 11:57:31 -05:00
Sean Parkinson 54466b670a Merge pull request #5810 from Uriah-wolfSSL/haproxy-integration
Added required config option and return value for HaProxy
2022-11-23 10:01:17 +10:00
Jacob Barthelmeh b6ae17804a update comments and check error case 2022-11-22 11:22:38 -07:00
Uriah Pollock d373c0856a Added required config option and return value for HaProxy 2022-11-22 10:42:05 -06:00
Juliusz Sosinowicz 50f19ec225 Merge pull request #5806 from embhorn/zd15177
Fix X509_get1_ocsp to set num of elements in stack
2022-11-22 12:00:08 +01:00
Sean Parkinson 55718d214c Merge pull request #5801 from philljj/zd15172
Fix leak in wolfSSL_X509_NAME_ENTRY_get_object.
2022-11-22 15:11:18 +10:00
Eric Blankenhorn dee73887b8 Fix X509_get1_ocsp to set num of elements in stack 2022-11-21 08:25:46 -06:00
Daniel Pouzzner 6f98a5b271 src/internal.c: in VerifyServerSuite(), narrow condition and fix return value in error check added in 647ce794dd. 2022-11-18 22:21:08 -06:00
jordan 153ab82ad8 Fix leak in wolfSSL_X509_NAME_ENTRY_get_object. 2022-11-18 11:23:15 -06:00
JacobBarthelmeh 143dac64a3 account for 'pulled' error nodes 2022-11-17 14:51:37 -08:00
David Garske bd7b442df3 Merge pull request #5796 from tmael/mem_err
Propagate malloc returning NULL up the call stack
2022-11-16 12:45:42 -08:00
Tesfa Mael 2a2cf5671e Move error check in CompareSuites 2022-11-16 09:29:24 -08:00
Tesfa Mael 647ce794dd unmask malloc returning NULL 2022-11-16 09:25:25 -08:00
jordan 17105606b1 Cleanup format and typos, and use WOLFSSL_FILETYPE. 2022-11-15 11:45:11 -06:00
jordan 81ed2a60b4 Support ASN1/DER CRLs in LoadCertByIssuer.
This fixes hash based dir lookup of ASN1/DER CRLs in OpenSSL
compatible API. The function wolfSSL_X509_load_crl_file is
called with entry->dir_type, rather than hardcoded filetype.

A new test crl was added, and existing crl 0fdb2da4.r0 was
reorganized to a new dir.

Also, completes the stub wolfSSL_X509_LOOKUP_add_dir. A new
test function test_X509_LOOKUP_add_dir was added to tests/api.c
2022-11-11 15:13:00 -06:00
David Garske f4621a6807 Merge pull request #5786 from philljj/zd15125
Fix incorrect self signed error return.
2022-11-10 14:13:38 -08:00
jordan 5ad6ff23d5 Use local int lastErr instead of args->lastErr. 2022-11-10 13:46:51 -06:00
David Garske 3b23a49a5f Merge pull request #5761 from tim-weller-wolfssl/zd15084-x509-crl-fail
Link newly created x509 store's certificate manager to self by default
2022-11-10 06:10:18 -08:00
David Garske c573ba9864 Merge pull request #5758 from per-allansson/dtls13-fips
Allow DTLS 1.3 to compile when FIPS is enabled
2022-11-09 18:18:06 -08:00
Sean Parkinson 5d2124e70d Merge pull request #5787 from dgarske/fixes_minor
Fix for `test_wolfSSL_sk_CIPHER_description` incorrectly failing
2022-11-10 09:22:08 +10:00
tim-weller-wolfssl 3bc3ec25b8 Add link of newly created x509 store's certificate manager to self by default 2022-11-09 17:17:30 -06:00
David Garske 57ae840f39 Fix for test_wolfSSL_sk_CIPHER_description incorrectly failing with TLS v1.3 NULL cipher. 2022-11-09 12:05:16 -08:00
jordan 961c696436 Fix incorrect self signed error return.
ASN_SELF_SIGNED_E was being overwritten with ASN_NO_SIGNER_E when
compiled with certreq and certgen.
2022-11-09 10:27:31 -06:00
David Garske eac3b4e189 Merge pull request #5752 from julek-wolfssl/alt-name-str-type
Set alt name type to V_ASN1_IA5STRING
2022-11-08 15:42:39 -08:00