Commit Graph

7824 Commits

Author SHA1 Message Date
JacobBarthelmeh b9e5c0252d remove extra asign and use ExpectIntEQ test directly 2024-06-10 16:19:27 -06:00
JacobBarthelmeh 3d33c78e9d use unsigned char instead of uint8_t 2024-06-06 16:30:40 -06:00
JacobBarthelmeh 119d2a5da1 do session conversion dance 2024-06-04 14:41:01 -06:00
JacobBarthelmeh 533aa48b14 adjust macro guards around get max fragment 2024-05-31 16:52:31 -06:00
JacobBarthelmeh 2445fe844a rework get max fragment length 2024-05-31 16:45:50 -06:00
JacobBarthelmeh 2caee1c7c5 add support for spaces around '=' with x509 name print 2024-05-31 15:04:01 -06:00
JacobBarthelmeh 01a1685159 updating socat support to version 1.8.0.0 2024-05-31 15:02:58 -06:00
JacobBarthelmeh 40562a0cb3 Merge pull request #7599 from dgarske/asn_checkcertsig
Expose `wc_CheckCertSigPubKey` with `WOLFSSL_SMALL_CERT_VERIFY`
2024-05-31 09:20:35 -06:00
David Garske 0789ecb808 Fix the CheckCertSignature API mess. 2024-05-31 06:58:35 -07:00
David Garske 7fadd4ed9f Merge pull request #7595 from JacobBarthelmeh/static
Pull in some staticmemory features
2024-05-30 16:31:54 -07:00
JacobBarthelmeh ebdc8b9a32 rename of macros, add descriptions, minor fixes 2024-05-30 14:48:52 -06:00
David Garske 107c10d795 Merge pull request #7596 from JacobBarthelmeh/decl
make function signature match declaration
2024-05-30 10:59:04 -07:00
JacobBarthelmeh cf61df129c fix typo with NO_CERTS macro 2024-05-29 17:08:01 -06:00
JacobBarthelmeh 9673b3f218 make function signature match declaration 2024-05-29 17:00:22 -06:00
JacobBarthelmeh 288fe430f5 tying in lean staticmemory build with --enable-staticmemory=small 2024-05-29 15:50:11 -06:00
Anthony Hu 021b573027 Merge pull request #7581 from dgarske/embos_emnet
Fixes for Segger emNet to handle non-blocking want read/want write
2024-05-24 17:31:16 -04:00
gasbytes 063e48014a fix tabs and spaces 2024-05-24 17:52:54 +02:00
David Garske 9b058ec3a2 Fixes for EMNET with non-blocking to handle want read/want write. ZD 18012 2024-05-24 07:42:18 -07:00
gasbytes 3f96d14b32 80 characters limit fix 2024-05-24 00:12:38 +02:00
gasbytes 12a5cb45fb separating two x509_store xmalloc checks 2024-05-23 23:04:00 +02:00
Tobias Frauenschläger d28dd602e5 Various fixes for dual algorithm certificates (#7577)
This commit adds varios fixes for the implementation of hybrid
certificates with two algorithms:
* Support for Certificate Signing Requests (both creating hybrid ones
  and also verifying ones)
* Fix for SAN fields in the DecodedCert and PreTBS generation
* Fix related to WOLFSSL_SMALL_STACK

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-05-23 15:03:55 -04:00
Tobias Frauenschläger 9a58301ab1 Fix PQC and hybrid certificate regressions
Due to recent changes in the logic to decode private keys and to parse
the TLS1.3 CertificateVerify message, some regressions regarding PQC
private keys and hybrid certificates have been introduced:
* Decoding PQC private keys fails as the PKCS8 header of a decoded DER
  file is now already removed before parsing the key.
* The key size wasn't properly stored in the context for PQC keys after
  decoding a certificate (always the maximum size)
* The two 16-bit size values in case of a hybrid signature in the
  CertificateVerify message have been incorrectly decoded as 32-bit
  values instead of 16-bit values. This resulted in wrong values,
  leading to segmentation faults.

All three regressions are fixed with the changes in this commit.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-05-23 16:01:28 +02:00
David Garske 425dd1986b Merge pull request #7568 from lealem47/fips_pkcallback
Fix building FIPS v5 with PK callbacks
2024-05-22 08:45:58 -07:00
Lealem Amedie ba5cc9bdaf Fix building FIPS v5 with PK callbacks 2024-05-21 15:07:32 -06:00
Daniel Pouzzner c5ce984966 wolfcrypt/src/wc_xmss_impl.c:wc_xmssmt_sign_next_idx(): use (XmssIdx)1, not (word32)1, for a shift-by-height operand;
src/ssl.c:set_curves_list(): don't attempt to enable curves that are out-of-range for word32 disabled.
2024-05-21 13:57:40 -05:00
gojimmypi 84032fa24c Correct error message file name in ssl_load.c 2024-05-20 17:20:39 -07:00
Daniel Pouzzner 5c6218696b wolfcrypt/src/misc.c: fix -Wconversions in CopyString();
src/ssl.c: fix missing semicolon in wolfSSL_CTX_check_private_key().
2024-05-18 02:31:58 -05:00
David Garske 219a338107 Merge pull request #7547 from philljj/spelling_cleanup
Used codespell and fixed some obvious typos.
2024-05-16 14:10:19 -07:00
David Garske a8dd736b1e Merge pull request #7158 from JacobBarthelmeh/psk
warning fix for small PSK build
2024-05-16 12:57:08 -07:00
jordan 040e0c956a Used codespell and fixed obvious typos. 2024-05-16 13:53:26 -05:00
Juliusz Sosinowicz 76aba42bfa Fix api signature 2024-05-16 18:20:53 +02:00
Juliusz Sosinowicz c07f73b1c7 Fix typo 2024-05-16 18:20:53 +02:00
Juliusz Sosinowicz d9a236ba1e SSL_get_error does not return x509 errors 2024-05-16 18:20:53 +02:00
Juliusz Sosinowicz d9f7629296 Add grpc support
- Fix BIO_BIO type
  - Set retry flags correctly
- Add CRL callback
- Copy the alt names instead of trying to share a pointer
- Allow calling wolfSSL_get_servername on client side (to get the requested name)
- Return the chain in wolfSSL_X509_STORE_CTX_get_chain in the correct order
  - Peer first, top CA last
- Fix leak in RebuildFullName
- Add CopyString helper function
- Implement
  - X509_CRL_dup
  - ASN1_UTCTIME_set
  - X509_STORE_CTX_get0_param
  - X509_STORE_get0_param
  - X509_STORE_set_verify_cb
  - X509_STORE_set_get_crl
  - X509_set1_notAfter
  - X509_set1_notBefore
2024-05-16 18:20:53 +02:00
Sean Parkinson ca47d492d4 Merge pull request #7218 from anhu/gcmccm
Fixup places where it should be CCM instead of GCM.
2024-05-16 09:24:43 +10:00
Sean Parkinson abd1e367a5 Merge pull request #7420 from anhu/cmp_name_case
When comparing subject names, do not worry about case.
2024-05-16 09:10:56 +10:00
Anthony Hu 1e2fb8f244 Fixup places where it should be CCM instead of GCM.
Fixes https://github.com/wolfSSL/wolfssl/issues/7216
2024-05-15 17:32:09 -04:00
David Garske 287323ab4c Merge pull request #6933 from kareem-wolfssl/zd16927
Add stub for wolfSSL_set_ecdh_auto.
2024-05-15 13:04:06 -07:00
David Garske 8ba96e6881 Merge pull request #7534 from ColtonWilley/deny_null_term_altnames
Do not match altnames with NULL terminators in the middle
2024-05-15 12:41:37 -07:00
Kareem 4481f9b626 Add stub for wolfSSL_set_ecdh_auto. 2024-05-15 10:19:47 -07:00
gasbytes 2f24b35ab1 added check that checks if the SEQ's length is > than the buff's length 2024-05-15 18:20:33 +02:00
Colton Willey 676dfb7edb Do not allow NULL terminators in the middle of alt name for pattern matching. ZD 17987 2024-05-14 16:59:28 -07:00
Andras Fekete a59a3d109f Explicit cast 2024-05-14 11:03:20 -04:00
Andras Fekete 12768cdf57 Fix conversion tls13.c 2024-05-14 11:02:28 -04:00
Andras Fekete 692a7d55ff Fix conversion error in wolfio.c 2024-05-14 11:02:28 -04:00
Andras Fekete affd0a318e Fix sign conversion errors 2024-05-14 11:02:28 -04:00
Sean Parkinson b7eca574bb SSL/TLS: blind private key DER
When WOLFSSL_BLIND_PRIVATE_KEY is defined, blind the private key DER
encoding so that stored private key data is always changing.
2024-05-14 09:47:51 +10:00
Daniel Pouzzner 009ea6640b Merge pull request #7493 from SparkiDev/sm3_benchmark_fix
Benchmark, SM3: fix full hash testing
2024-05-13 19:22:22 -04:00
David Garske 6b79e5380d Merge pull request #7525 from bandi13/fixCDTDisableOptionsTest
Unused variable error
2024-05-13 13:13:06 -07:00
David Garske 29f7578a61 Merge pull request #7446 from julek-wolfssl/hostap
hostap update
2024-05-13 10:35:01 -07:00