fab2e99bff
Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
...
At the start of this function, it attempts to find an ALPN extension in the
ssl object's extensions with `TLSX_Find`. If an ALPN select callback has been
set (i.e. via `wolfSSL_CTX_set_alpn_select_cb`), that gets called next. If that
callback finds a match, it removes all existing ALPN extensions found in the
ssl object. It then uses the new protocol name like this:
```
if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap)
== WOLFSSL_SUCCESS) {
if (extension == NULL) {
extension = TLSX_Find(ssl->extensions,
TLSX_APPLICATION_LAYER_PROTOCOL);
}
}
```
The bug is exposed if `extension` is not NULL, i.e. it was found on that initial
`TLSX_Find` call. `extension` is not NULL but it now points to garbage because
all the old ALPN extensions were just removed. It won't have it's value assigned
to the new extension that just got pushed via `TLSX_UseALPN` because of this
NULL check. This results in a segfault later in the function.
The solution is to remove the NULL check and always update `extension` after the
`TLSX_UseALPN` call.
This bug was discovered by a customer when using nginx + wolfSSL. I was able to
reproduce locally with curl acting as the client
2022-02-03 09:36:18 -08:00
f0b953ce0c
Fix warnings in VS
2022-02-03 07:19:43 -06:00
fab8eca2fd
cmake: Check for valid voerride values
...
Also remove trailing whitespace
2022-02-02 16:32:00 -08:00
9b4289c751
cmake: Add KEYGEN option. Cleanup help messages.
...
Add `WOLFSSL_KEYGEN` option and override enable when `WOLFTPM` is
enabled
Also major reduction of variables for help messages. Override only
updates `VALUE`
2022-02-02 16:15:47 -08:00
d3e3f57b77
Merge pull request #4818 from julek-wolfssl/guido-13454
...
`object` and `value` need to be `free`'ed
2022-02-02 16:04:39 -08:00
17eee2ba0c
Merge pull request #4817 from julek-wolfssl/ZD13495
...
ZD13495
2022-02-02 15:54:08 -08:00
97dd974a94
object and value need to be free'ed
2022-02-02 23:13:59 +01:00
e13861bcde
Fix for mutual authentication to prevent mismatch of certificate and sig algo. Work from Sean P. ZD 13571
2022-02-02 12:20:02 -08:00
28d3292a16
Merge pull request #4811 from haydenroche5/dh_get_2048_256
...
Add DH_get_2048_256 to compatibility layer.
2022-02-02 12:12:34 -08:00
0618b69b6d
Merge pull request #4816 from julek-wolfssl/ok-error
...
For `0` OpenSSL prints "ok"
2022-02-02 12:10:35 -08:00
9efb791abc
Merge pull request #4814 from SparkiDev/bio_dump_iter
...
wolfSSL_BIO_dump: fix output format and make iterative
2022-02-02 12:02:07 -08:00
d5b294edc4
ZD13495
...
- `wolfSSLeay_version` now returns the version of wolfSSL
- `wolfssl/openssl/crypto.h` was not enveloped in a `extern "C"` wrapper
2022-02-02 17:38:36 +01:00
c629c3fcaa
Add DH_get_2048_256 to compatibility layer.
2022-02-02 07:59:17 -08:00
1552e89810
For 0 OpenSSL prints "ok"
2022-02-02 15:54:21 +01:00
cebb127ac3
test: don't free AesXts struct in-between tests that reuse the key
2022-02-02 10:46:40 +01:00
641576390d
wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
...
wolfSSL_BIO_dump(): fix output format and make iterative
wolfSSL_OBJ_obj2txt(): make iterative, test and rework.
2022-02-02 12:43:06 +10:00
59ea65bad3
Merge pull request #4809 from haydenroche5/asn1_int
2022-02-01 13:44:32 -07:00
99799a3e3e
Merge pull request #4806 from anhu/kill_idea
...
Purge IDEA cipher
2022-02-01 12:27:55 -08:00
24a2ed7e9e
Merge pull request #4780 from dgarske/ipsec_racoon
2022-01-31 15:10:58 -08:00
df85ea7e87
Merge pull request #4800 from SparkiDev/sp_c_smul
...
SP C: multiplication of two signed types with overflow is undefined in C
2022-01-31 14:29:18 -08:00
13c759cc10
Merge pull request #4812 from douzzer/20220131-camellia-clang-tidy
...
wolfcrypt/src/camellia.c: clang-tidy fixes (bugprone-macro-parentheses).
2022-01-31 14:13:23 -08:00
a742c33c0c
Mention IDEA removal in README.md.
2022-01-31 16:18:39 -05:00
9ea40f3a9c
Purge IDEA cipher
2022-01-31 15:29:25 -05:00
a7de880745
wolfcrypt/src/camellia.c: clang-tidy fixes (bugprone-macro-parentheses).
2022-01-31 14:21:54 -06:00
ecb3f215b5
Merge pull request #4808 from lealem47/certreq
...
Fix for certreq and certgen options with openssl compatability
2022-01-31 10:16:22 -08:00
5bdaf44354
Merge pull request #4774 from anhu/kill_rabbit
...
Purge Rabbit cipher
2022-01-31 09:17:23 -08:00
6b71289ae1
Add new ASN1_INTEGER compatibility functions.
...
This commit adds:
- wolfSSL_i2d_ASN1_INTEGER
- wolfSSL_d2i_ASN1_INTEGER
- wolfSSL_ASN1_INTEGER_cmp
2022-01-29 17:01:16 -08:00
e58ff9e765
Merge pull request #4795 from wolfSSL/cmake/wolftpm
...
cmake: Add options to support wolfTPM
2022-01-28 14:52:53 -08:00
f509dafd6c
README.md addition
2022-01-28 17:20:25 -05:00
f608b1a731
macro logic fix
2022-01-28 13:54:13 -08:00
e135ea7338
Fix for certreq and certgen options with openssl compatability
2022-01-28 12:39:00 -08:00
40fff86807
Merge pull request #4801 from tmael/cert_rr
...
cert subset improvements
2022-01-28 11:00:55 -08:00
b957a6e872
Purge Rabbit cipher
2022-01-28 13:13:53 -05:00
6e76f21f9e
cmake: Add options to support wolfTPM
...
* certgen
* certgencache
* certreq
* certext
* cryptocb
* pkcs7
* X9.63 KDF
* AES-CFB
2022-01-28 09:44:09 -08:00
c69010adef
Peer review feedback.
2022-01-28 09:21:03 -08:00
6615f019f5
Improved HMAC_Init error logging and code comment for FIPS failure on wc_HmacSetKey call.
2022-01-28 09:21:03 -08:00
80ae237852
Fixes for building with ipsec-tools/racoon and openvpn:
...
* Fix for `EVP_CIPHER_CTX_flags`, which mapped to a missing function (broke openvpn)
* Added stack of name entries for ipsec/racoon support.
* Added `X509_STORE_CTX_set_flags` stub.
* Added PKCS7 NID types.
* Improved FIPS "SHA" logic in `test_wolfSSL_SHA`
* Added some uncommon NID type definitions.
* Expose the DH `DH_set_length` and `DH_set0_pqg` with OPENSSL_ALL
2022-01-28 09:21:03 -08:00
46f25ea3e0
Merge pull request #4804 from douzzer/20220127-clang-tidy-fips_test_h
...
clang-tidy hygiene for fips_test.h
2022-01-28 09:00:03 -08:00
cd72b4652b
Merge pull request #4798 from lealem47/cmake
2022-01-28 08:42:29 -08:00
30b2073228
test.c: fix gating on wc_ecc_encrypt_ex() for FIPS <5.3 --enable-all.
2022-01-27 19:54:07 -06:00
19042023f4
MD5 vs. FIPS 140-3: fix gating so that unit.test succeeds when --enable-fips=v5 --enable-md5 (HMAC-MD5 is non-FIPS in 140-3, but even in a FIPS 140-3 build, the non-FIPS API can be accessed directly by #undef'ing wc_Hmac*()).
2022-01-27 18:37:29 -06:00
d9073f39e1
fips_test.h: add arg names to prototypes, and delete obsolete+unused DoIntegrityTest() prototype.
2022-01-27 18:37:29 -06:00
1465f99b12
Merge pull request #4734 from haydenroche5/fips_v5_des3
...
Allow DES3 with FIPS v5-dev.
2022-01-27 15:07:22 -08:00
667009007b
Merge pull request #4799 from SparkiDev/file_gen_fixes
...
Generated files: fixes
2022-01-27 14:21:34 -08:00
77a64d0087
Merge pull request #4802 from SparkiDev/ecies_compressed
...
ECIES: allow compressed public keys
2022-01-27 14:21:12 -08:00
1c12490c98
Adding some CMake options
2022-01-27 11:52:37 -08:00
b890a2f15d
ECIES: allow compressed public keys
...
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
2022-01-27 12:10:59 +10:00
a37e17084d
Use mp_iszero
2022-01-26 17:33:42 -08:00
1c1bd413e0
cert subset SHA2-256, ecc-256, cert gen, cryptocb
2022-01-26 17:11:00 -08:00
91b1e541c5
SP C: multiplication of two signed types with overflow is undefined in C
...
Montgomery Reduction: cast variables to be unsigned where signed
multiplication with overflow is performed.
2022-01-27 10:25:02 +10:00
Hayden Roche
Eric Blankenhorn
Elms
David Garske
Juliusz Sosinowicz
Marco Oliverio
Sean Parkinson
Chris Conlon
Anthony Hu
Daniel Pouzzner
Lealem Amedie
John Safranek
Tesfa Mael