Commit Graph

3231 Commits

Author SHA1 Message Date
Sean Parkinson 25aa0af260 ssl.c break out
Move the X509 API out of ssl.c into x509.c
2022-04-06 17:25:26 +10:00
David Garske e9a238ca86 Merge pull request #5021 from JacobBarthelmeh/certs
allow up to and including CTC_MAX_SKID_SIZE (32 byte hash)
2022-04-05 09:46:34 -07:00
Sean Parkinson 77485d987e Merge pull request #5010 from haydenroche5/asn1_time_diff_2038
Fix year 2038 problem in wolfSSL_ASN1_TIME_diff.
2022-04-05 07:58:36 +10:00
Jacob Barthelmeh 68ebb051e5 allow up to and including CTC_MAX_SKID_SIZE (32 byte hash) 2022-04-04 15:19:17 -06:00
David Garske 829a8a4039 Merge pull request #5009 from embhorn/zd13980
Fix build errors for NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
2022-04-04 12:43:49 -07:00
Hayden Roche 9c1e2a83d1 Fix year 2038 problem in wolfSSL_ASN1_TIME_diff.
Prior to this commit, this function used XMKTIME (mktime) to convert the
passed in WOLFSSL_ASN1_TIMEs to Unix timestamps. On platforms where time_t is
32 bits long, times after the year 2038 can't be represented with this type. To
fix this, we need to not use XMKTIME. With this commit, the static function
time2epoch is added to ssl.c, which uses the date time information to compute
seconds since the Unix epoch without the use of mktime. It returns the seconds
as a long long. This is sufficient to make the function work for years > 2038 on
the platform of the user who discovered this problem in the first place (Yocto
Linux on ARMv7).
2022-04-04 11:01:21 -07:00
Sean Parkinson 0fba16a394 Merge pull request #4998 from haydenroche5/get_conv_form
Add wolfSSL_EC_KEY_get_conv_form to compatibility layer.
2022-04-04 08:47:14 +10:00
Hayden Roche 880afe0d89 Add wolfSSL_EC_KEY_get_conv_form to compatibility layer. 2022-04-02 13:57:33 -07:00
Daniel Pouzzner ae3996fd0e fix codebase for -Wvla -Wdeclaration-after-statement; fix some whitespace. 2022-04-01 14:44:10 -05:00
Eric Blankenhorn ef16ce806c Fix build errors for NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT 2022-04-01 08:04:41 -05:00
Chris Conlon b45cd921b6 Merge pull request #5005 from dgarske/renesas_spell 2022-03-31 17:44:04 -06:00
Sean Parkinson 79444fdb56 Merge pull request #4997 from dgarske/qat_eckg
Support for Intel QuickAssist ECC KeyGen acceleration
2022-04-01 08:32:21 +10:00
Sean Parkinson 1add8703e2 Merge pull request #4996 from haydenroche5/bn_rand
Improve wolfSSL_BN_rand.
2022-04-01 08:12:22 +10:00
David Garske 1993851274 Renesas spelling, code formatting and whitespace fixes. 2022-03-31 08:02:00 -07:00
Hayden Roche 3f03f4e40a Handle case where bits is 0 properly. 2022-03-30 16:56:53 -07:00
David Garske c905c613e9 Support for Intel QuickAssist ECC KeyGen acceleration. 2022-03-30 13:07:47 -07:00
Eric Blankenhorn ea38e1aab5 Add wolfSSL_CTX_SetCertCbCtx to set user context for CB 2022-03-30 12:27:11 -05:00
Hayden Roche 2077690bf0 Improve wolfSSL_BN_rand.
- Previously, this function would round up the requested bits to the next
multiple of 8. With this commit, the function returns a number of exactly the
number of bits requested, which is the same behavior as OpenSSL. This problem
was discovered by a user using the compatibility layer with OpenSSH's ssh-keygen
utility.
- This function now respects the top and bottom parameters.
- Improved unit testing.
2022-03-29 18:08:21 -07:00
Kaleb Himes 1dc3808aae Merge pull request #4986 from cconlon/sslFipsReady
Fix FIPS defines in wolfSSL_RSA_sign_generic_padding() / RSA_verify_ex()
2022-03-29 16:02:17 -05:00
Chris Conlon 4ad2f68071 fix defines for FIPS around RSA-PSS in wolfSSL_RSA_sign_generic_padding() and wolfSSL_RSA_verify_ex() 2022-03-29 10:03:16 -06:00
JacobBarthelmeh 25d5a624d2 Merge pull request #4975 from cconlon/smallStack
smallstack cleanup for OpenSSL Compatibility Functions
2022-03-25 17:06:59 -06:00
David Garske 04e2b6c62a Merge pull request #4983 from douzzer/20220324-gcc-12-fixes
fixups for warnings from gcc-12
2022-03-24 19:16:27 -07:00
Sean Parkinson feb58a8455 Merge pull request #4956 from julek-wolfssl/bind-9.18.0
bind 9.18.0 fixes
2022-03-25 08:27:34 +10:00
Daniel Pouzzner 12776b3772 fixups for warnings from gcc-12:
src/internal.c: use XMEMCMP(), not ==, to compare array elements (fixes conflict of 74408e3ee3 vs 617eda9d44);

fix spelling of NAMEDGROUP_LEN (was NAMEDGREOUP_LEN);

src/ssl.c: in CheckcipherList() and wolfSSL_parse_cipher_list(), use XMEMCPY(), not XSTRNCPY(), to avoid (benign) -Wstringop-truncation;

scripts/sniffer-tls13-gen.sh: fix for shellcheck SC2242 (exit 1, not -1).
2022-03-24 16:33:36 -05:00
Anthony Hu ceae169a34 Merge pull request #4969 from dgarske/pk_pubkey 2022-03-24 12:40:03 -04:00
Juliusz Sosinowicz 29c0c9bf48 Rebase fixes 2022-03-24 13:41:50 +01:00
Juliusz Sosinowicz 88d5059c36 Jenkins fixes
`WS_RETURN_CODE` was not functioning properly in master
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz 98bc8402db Refactor memory BIO
- use the `WOLFSSL_BUF_MEM` struct to resize the internal memory buffer
- add a `WOLFSSL_BIO_RESIZE_THRESHOLD` define that will be used to determine how often to shrink the internal buffer. This should cut down on the number of free/malloc calls made significantly. This should help with our inefficient 1 byte reads in `loadX509orX509REQFromPemBio`.
- implement `wolfSSL_BUF_MEM_resize` which allows bi-directional buffer size manipulation
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz ae9b01c5b8 bind 9.18.0 fixes
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
2022-03-24 12:16:59 +01:00
Sean Parkinson 90f53aed34 ssl.c: move out X509 store APIs to new file 2022-03-23 13:59:54 +10:00
Daniel Pouzzner d864fc9a3f Merge pull request #4972 from julek-wolfssl/asn-time-tz-diff
`mktime` may return a negative due to timezones around the unix epoch
2022-03-22 14:03:59 -05:00
Chris Conlon 906ea4ad03 smallstack reduction for wolfSSL_EC_POINT_invert 2022-03-22 10:00:17 -06:00
Chris Conlon 64a309e245 smallstack reduction for wolfSSL_ASN1_INTEGER_to_BN 2022-03-22 10:00:17 -06:00
Chris Conlon ddc1899d48 smallstack reduction for wolfSSL_EC_POINT_get_affine_coordinates_GFp 2022-03-22 10:00:17 -06:00
Chris Conlon 94e1b87ae0 smallstack reduction for wolfSSL_X509_set_ext, wolfSSL_EC_POINT_mul, wolfSSL_ECDSA_do_sign, wolfSSL_i2d_X509_NAME, wolfSSL_X509_REQ_sign 2022-03-22 10:00:13 -06:00
David Garske aa38d99538 Fix for TLS PK callback issue with Ed25519/Ed448 and public key not being set. 2022-03-22 08:33:54 -07:00
JacobBarthelmeh c377a709e1 Merge pull request #4953 from cconlon/apiVersionDiff
More checks on OPENSSL_VERSION_NUMBER for API prototype differences
2022-03-21 16:59:06 -06:00
David Garske 59665a44b5 Fixes for allowing server to have a public key set when using external key with PK callbacks. 2022-03-21 13:14:24 -07:00
David Garske 8bf14ba1d3 Merge pull request #4957 from JacobBarthelmeh/Compatibility-Layer
alter return value and add error string
2022-03-21 09:10:04 -07:00
Juliusz Sosinowicz d7037da0b5 mktime may return a negative due to timezones around the unix epoch 2022-03-21 17:07:13 +01:00
Juliusz Sosinowicz 9763030675 Merge pull request #4845 from cconlon/pkcs7compat 2022-03-21 15:26:37 +01:00
Hayden Roche dcaa218ed8 Merge pull request #4927 from cconlon/upRef 2022-03-18 18:10:36 -07:00
Hayden Roche 7ea6b73c7b Merge pull request #4928 from cconlon/compatCleanups 2022-03-18 16:23:56 -07:00
Hayden Roche 2637e5e361 Merge pull request #4926 from cconlon/namePrintRFC5523 2022-03-18 15:53:07 -07:00
David Garske a79daa5ea8 Merge pull request #4959 from haydenroche5/asn1_time_diff_bug
Fix bug in wolfSSL_ASN1_TIME_diff.
2022-03-18 14:28:23 -07:00
Chris Conlon 582f0d82e4 address review feedback for PKCS7 compat additions 2022-03-18 12:07:44 -06:00
Sean Parkinson ef66a12a24 Merge pull request #4961 from dgarske/cust_fixups
Various portability improvements (Time, DTLS epoch size, IV alloc)
2022-03-18 11:38:57 +10:00
David Garske b546b2a5ec Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID. 2022-03-17 14:48:30 -07:00
David Garske 3fba5d17c3 Various portability improvements:
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
2022-03-17 14:00:55 -07:00
David Garske aa8e5a29d4 Merge pull request #4947 from cconlon/compatSmallStack
Stack/smallstack cleanup for OpenSSL compatibility functions
2022-03-15 16:47:23 -07:00