Commit Graph

11142 Commits

Author SHA1 Message Date
JacobBarthelmeh e3fb746f1d Merge pull request #2503 from dgarske/openvpn
wolfSSL Compatibility support for OpenVPN
2019-11-13 11:04:08 -07:00
David Garske 546442c130 Fix for CAVP test issue trying to use AES_128_KEY_SIZE and AES_IV_SIZE. 2019-11-12 09:43:09 -08:00
Sean Parkinson 5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
David Garske d8e40dea3f Fixes from peer review:
* Reduced codesize when building with `OPENSSL_EXTRA_X509_SMALL`.
* Additional argument checks in `wolfSSL_ASN1_BIT_STRING_set_bit`, `wolfSSL_ASN1_STRING_to_UTF8`, `wolfSSL_RSA_meth_new`, `wolfSSL_RSA_meth_set`.
* Fix for compiler warnings in asn.c using strncmp to duplicate string. "specified bound depends on the length of the source argument"
2019-11-11 15:39:23 -08:00
John Safranek 682cf6deac wolfSSL ABI
Hide the RNG and ecc_key allocators from FIPS mode builds.
2019-11-11 15:16:39 -08:00
David Garske d17748b1ad Fix for EC_GROUP_order_bits and added unit test. 2019-11-11 14:58:23 -08:00
David Garske 2bae1d27a1 wolfSSL Compatibility support for OpenVPN
* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
2019-11-11 14:58:23 -08:00
John Safranek 5a21cec030 wolfSSL ABI
Add ABI tags to the functions wolfSSL_Cleanup() to match wolfSSL_Init(),
wolfSSL_X509_free to match wolfSSL_load_certificate_file() which
allocates memory.
2019-11-11 10:16:58 -08:00
Tesfa Mael 68e4014c3f memset DhKeys 2019-11-11 09:43:10 -08:00
toddouska 8246e02756 Merge pull request #2502 from cariepointer/gcm-tls10-fix
Return error with AES-GCM and negotiated versions < TLSv1.2
2019-11-08 15:06:54 -08:00
John Safranek c6fa49d4b4 wolfSSL ABI
Add the ABI tag to the prescribed list of functions in the header and source files.
2019-11-08 15:06:18 -08:00
toddouska 44552fe707 Merge pull request #2536 from dgarske/nxp_mmcau_align
Fix NXP MMCAU when data pointer is not aligned
2019-11-08 15:02:43 -08:00
toddouska 801ffd4712 Merge pull request #2571 from SparkiDev/asn1_cert_parse_fix
Ensure space for name string. Reset policy count.
2019-11-08 15:02:02 -08:00
Carie Pointer a2cdb87067 Add check for if length is <= 0 in wc_Arc4SetKey 2019-11-08 14:54:39 -07:00
Tesfa Mael 99ee4a407d Fix mem leak for valgrind 2019-11-08 12:09:46 -08:00
Carie Pointer 39eaaddeae Add tests for AEAD cipher suites with TLSv1.1 and TLSv1.0 2019-11-08 10:04:58 -08:00
JacobBarthelmeh e329431bc1 Merge pull request #2572 from kaleb-himes/GH2559
Address logical fallacies and syntax issues in example server, addres…
2019-11-08 10:18:12 -07:00
Carie Pointer 1d02943658 Sanity check in wc_scrypt for invalid params <= 0 2019-11-08 09:40:07 -07:00
John Safranek c69b6fb6d1 wolfSSL ABI
1. Add a blank #define WOLFSSL_ABI to tag functions as part of the ABI
to remind developers there are rules about those functions specifically.
2. Added allocators and deallocators for WC_RNG objects and ecc_key
objects so they don't have to be used on the stack.
3. Add tests for the new allocators.
2019-11-07 13:03:12 -08:00
kaleb-himes f0d3d5d71c 80-character per-line coding standard format fix 2019-11-07 13:33:38 -07:00
Kaleb Himes 95796c80b7 Add prototype for ebsnet_fseek
Customer confirmed prototype was not present in vfile.h, added prototype to wolfSSL header.
2019-11-07 13:31:02 -07:00
kaleb-himes 5ce88b5086 seperate sanity checks on size and rnd allocation 2019-11-07 13:12:17 -07:00
Jacob Barthelmeh fd3e4abb46 handle case to avoid memcpy when staticmemory IO pool gives same buffer 2019-11-07 11:36:20 -07:00
kaleb-himes ad192786b1 Remove double assignment to pt caught by scan-build test 2019-11-07 11:35:36 -07:00
kaleb-himes e24059691c Address logical fallacies and syntax issues in example server, addresses GH issue #2559 2019-11-07 10:30:12 -07:00
Sean Parkinson c06efb6c1f Ensure space for name string. Reset policy count.
Only set the name string in one place, keeping a length of the name type
to copy. Also only move cert data index once.
Reset certificate extension policy number/count in case of malicious
cert with multiple policy extensions.
2019-11-07 13:51:50 +10:00
David Garske 0fe5d40507 Merge pull request #2568 from aaronjense/iar-build-fix
Fix changed sign warning for IAR build
2019-11-06 15:47:15 -08:00
Eric Blankenhorn caaab11f60 Update from review 2019-11-06 15:58:50 -06:00
toddouska b2270a068f Merge pull request #2566 from SparkiDev/malloc_unused_fix
Fix unused parameter when XMALLOC doesn't use params
2019-11-06 13:08:48 -08:00
toddouska c137c5a3e0 Merge pull request #2565 from SparkiDev/rsa_kg_sp_math
SP Math and RSA Key Gen working again
2019-11-06 13:08:19 -08:00
toddouska 1becdb9f3b Merge pull request #2563 from SparkiDev/x509_dname_index
Check domain name location index hasn't exceed maximum before setting
2019-11-06 13:07:42 -08:00
toddouska c995417d54 Merge pull request #2554 from SparkiDev/sp_misrac
MISRA-C changes to SP plus cppcheck fixes
2019-11-06 13:06:28 -08:00
toddouska 15d4da1e14 Merge pull request #2562 from JacobBarthelmeh/staticmemory
fix for memory management on edge case with staticmemory
2019-11-06 13:04:33 -08:00
toddouska ba34b0d09f Merge pull request #2547 from SparkiDev/rsa_pss_salt_len
Compile options for larger salt lengths in RSA-PSS
2019-11-06 13:03:15 -08:00
tmael 969488434a Merge pull request #2544 from JacobBarthelmeh/SanityChecks
add null checks (QSH and CRYPTOCELL)
2019-11-06 12:18:00 -08:00
Aaron Jense ea77cd743e Fix changed sign warning for IAR build 2019-11-06 09:59:31 -08:00
JacobBarthelmeh cd7001904a Merge pull request #2561 from ejohnstown/x509-loss
X.509 and Secure Renegotiation
2019-11-06 10:53:18 -07:00
Sean Parkinson d4ca48a513 Fix unused parameter when XMALLOC doesn't use params 2019-11-06 15:46:19 +10:00
Sean Parkinson 65cd8a930e SP Math and RSA Key Gen working again 2019-11-06 15:24:12 +10:00
Tesfa Mael a6e4926d2f Init variables 2019-11-05 15:14:47 -08:00
Sean Parkinson d2c4798459 Modify linked list traversal - fix for compiler bug
KeyShare and PreSharedKey traverse linked list using a handle.
Customer reported their compiler couldn't handle the assignment, so,
using a temporary.
2019-11-06 08:57:33 +10:00
Chris Conlon 77c36b5ea9 Merge pull request #2542 from kojo1/BasicConst
x.509 basic constratint
2019-11-05 15:38:07 -07:00
Sean Parkinson 52f28bd514 Check domain name location index hasn't exceed maximum before setting 2019-11-06 08:31:04 +10:00
Jacob Barthelmeh 890eb415b1 fix for memory management on edge case with staticmemory 2019-11-05 15:13:26 -07:00
David Garske 165105af95 Merge pull request #2558 from danielinux/pwbased-no-asn
Allow pwdbased module to compile without ASN
2019-11-05 13:26:45 -08:00
David Garske e48cf88a70 Merge pull request #2556 from embhorn/arm-test-fix
Fix for ARM platforms
2019-11-05 12:25:56 -08:00
David Garske c337ce2703 Merge pull request #2560 from cconlon/cavppss
use wc_RsaPSS_CheckPadding() for selftest build instead of extended
2019-11-05 12:09:25 -08:00
John Safranek 72e1afbe99 X.509 and Secure Renegotiation
1. When retaining the handshake resources for a session using resumption, do not delete the peer's certificate. If keeping peer certificates is enabled, the certificate needs to exist so it may be examined.
2. Free the saved peer certificate when receiving a peer certificate during a renegotiation.
2019-11-05 11:03:34 -08:00
Chris Conlon e429558166 use wc_RsaPSS_CheckPadding() for selftest build instead of extended 2019-11-05 10:48:36 -07:00
Daniele Lacamera 51ea806d8b Allow pwdbased module to compile without ASN 2019-11-05 10:16:46 +01:00