wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 05:52:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,691 Commits 12 Branches 184 Tags
836be9d8fcaeeb5e5565682e2be0fe0e26933caf
Commit Graph

5726 Commits

Author SHA1 Message Date
Daniel Pouzzner
c80e63a822 Merge pull request #4566 from ejohnstown/fips-check 
fips-check script update
 2021-11-15 13:23:54 -06:00
Sean Parkinson
d6219567c1 Merge pull request #4565 from dgarske/spelling 
Fixes for spelling errors
 2021-11-15 08:20:41 +10:00
John Safranek
3384159cb9 Add WCv5.0-RC10 to fips-check script. Remove some new whitespace from sniffer. 2021-11-12 14:10:58 -08:00
David Garske
a626a4fb02 Fixes for spelling errors. 2021-11-12 10:27:49 -08:00
Juliusz Sosinowicz
4112cd4b99 Make stack type an enum 2021-11-12 14:48:17 +01:00
Juliusz Sosinowicz
361975abbc Refactor sk_*_free functions 
Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.
 2021-11-12 13:55:37 +01:00
John Safranek
2501aef34e Merge pull request #4562 from SparkiDev/cert_suite_check 2021-11-11 15:36:12 -08:00
John Safranek
af67692e4a Merge pull request #4559 from dgarske/sniffer_ht 2021-11-11 14:44:01 -08:00
Sean Parkinson
b5fd899113 TLS 1.2: check signature algo in ServerKeyExchange 2021-11-11 18:54:30 +10:00
David Garske
1cadf88f26 Fixes for sniffer and handling of out-of-order situations that can occur with a saturated link. 2021-11-10 13:37:21 -08:00
Daniel Pouzzner
6d55f8e42a ssl.c: fixes for C++ pointer type hygiene. 2021-11-09 22:41:06 -06:00
Daniel Pouzzner
ed0418c2a8 fix whitespace. 2021-11-09 22:17:38 -06:00
Sean Parkinson
8e0fdc64be Merge pull request #4522 from dgarske/static_eph 
Fixes and refactor for static ephemeral key support
 2021-11-10 08:22:51 +10:00
David Garske
bd0f6736c5 Merge pull request #4513 from masap/wpa_sup_dpp 
Fix X509_PUBKEY_set() to show correct algorithm and parameters
 2021-11-09 10:26:59 -08:00
David Garske
fe172ed9c1 Fix for generation of ephemeral key if static ephemeral is not set. 2021-11-09 10:14:23 -08:00
David Garske
eebed0cc1c Fix for possible ret may be used uninitialized. 2021-11-09 08:27:44 -08:00
David Garske
df82b01e68 Added x448 static ephemeral support. 2021-11-09 08:27:42 -08:00
David Garske
e91439f2eb Fixes for static ephemeral key support with threading and possible use after free. 2021-11-09 08:25:47 -08:00
David Garske
4a04e56ac8 Fix to allow calls to get TLS session random even if wolfSSL_KeepArrays has not been called. 2021-11-09 08:23:19 -08:00
Daniel Pouzzner
18e487069b src/internal.c: fix typo introduced in earlier "typographic cleanup". 2021-11-08 18:24:08 -06:00
Daniel Pouzzner
25f74d4967 ssl.c: wolfSSL_UseALPN(): allocate char **token (2kB) on the heap, not the stack. 2021-11-08 17:35:10 -06:00
Daniel Pouzzner
0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Masashi Honma
ee39fd079f Fix X509_PUBKEY_set() to show correct algorithm and parameters 
When build with OpenSSL, trailing program outputs these messages.

algorithm: id-ecPublicKey
parameters: prime256v1

But with wolfSSL, X509_PUBKEY_get0_param() fails.
This patch fixes wolfSSL to display the same values as OpenSSL.

This program was extracted from wpa_supplicant in order to reproduce the
issue.

----------------
int main(void)
{
    EVP_PKEY *pkey;
    X509_PUBKEY *pub = NULL;
    ASN1_OBJECT *ppkalg, *poid;
    const ASN1_OBJECT *pa_oid;
    const uint8_t *pk;
    int ppklen, ptype;
    X509_ALGOR *pa;
    void *pval;
    char buf[100];
    const uint8_t data[] = {
        0x30, 0x39, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
        0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, 0x03, 0x33, 0x6d, 0xb4, 0xe9, 0xab,
        0xf1, 0x1c, 0x96, 0x87, 0x5e, 0x02, 0xcc, 0x92, 0xaf, 0xf6, 0xe1, 0xed, 0x2b, 0xb2, 0xb7, 0xcc,
        0x3f, 0xd2, 0xb5, 0x4e, 0x6f, 0x20, 0xc7, 0xea, 0x2f, 0x3f, 0x42
    };
    size_t data_len = sizeof(data);
    const uint8_t *p;
    int res;

    p = data;
    pkey = d2i_PUBKEY(NULL, &p, data_len);
    if (!pkey) {
        fprintf(stderr, "d2i_PUBKEY() failed\n");
        return -1;
    }

    if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) {
        fprintf(stderr, "invalid type\n");
        EVP_PKEY_free(pkey);
        return -1;
    }

    res = X509_PUBKEY_set(&pub, pkey);
    if (res != 1) {
        fprintf(stderr, "X509_PUBKEY_set() failed\n");
        return -1;
    }

    res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub);
    if (res != 1) {
        fprintf(stderr, "X509_PUBKEY_get0_param() failed\n");
        return -1;
    }
    res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0);
    if (res < 0 || (size_t) res >= sizeof(buf)) {
        fprintf(stderr, "OBJ_obj2txt() failed\n");
        return -1;
    }
    fprintf(stdout, "algorithm: %s\n", buf);

    X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa);
    if (ptype != V_ASN1_OBJECT) {
        fprintf(stderr, "X509_ALGOR_get0() failed\n");
        return -1;
    }
    poid = pval;
    res = OBJ_obj2txt(buf, sizeof(buf), poid, 0);
    if (res < 0 || (size_t) res >= sizeof(buf)) {
        fprintf(stderr, "OBJ_obj2txt() failed\n");
        return -1;
    }
    fprintf(stdout, "parameters: %s\n", buf);

    X509_PUBKEY_free(pub);
    EVP_PKEY_free(pkey);
    return 0;
}

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2021-11-09 07:30:58 +09:00
David Garske
478f57b347 Merge pull request #4535 from kareem-wolfssl/zd13165 
Fix building with NO_ECC_KEY_EXPORT.
 2021-11-08 11:11:53 -08:00
David Garske
3a9be7373f Merge pull request #4532 from embhorn/zd13139 
Fix mem leak in HandleTlsResumption
 2021-11-08 08:39:45 -08:00
Eric Blankenhorn
d6264059ac Fix mem leak in HandleTlsResumption 2021-11-05 11:40:40 -05:00
David Garske
4fe17cc143 Merge pull request #4527 from julek-wolfssl/zd13097 
Fix a heap buffer overflow with mismatched PEM structure ZD13097
 2021-11-05 08:50:28 -07:00
Chris Conlon
ae84a2a326 Merge pull request #4293 from TakayukiMatsuo/set_min_proto 
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
 2021-11-04 14:59:34 -06:00
Juliusz Sosinowicz
1faa9e66b6 Check wolfSSL_BIO_read return 2021-11-04 15:34:33 +01:00
Kareem
60a86157c7 Fix building with NO_ECC_KEY_EXPORT. 2021-11-03 16:03:26 -07:00
David Garske
d24bfb6bf7 Merge pull request #4530 from anhu/falcon-pqsig 
The NIST round 3 Falcon Signature Scheme integration.
 2021-11-03 09:35:01 -07:00
Anthony Hu
81def76b18 The NIST round 3 Falcon Signature Scheme integration. 2021-11-02 11:12:10 -04:00
Anthony Hu
e1cc1e831e Fix for being able to build with LIBOQS but without DH 
The following configuration yielded a compile error:
./configure --with-liboqs --disable-dh

This fixes bug reported on ZD13028.
 2021-11-02 10:16:38 -04:00
Juliusz Sosinowicz
23487a4532 Fix a heap buffer overflow with mismatched PEM structure ZD13097 2021-11-02 11:31:22 +01:00
Sean Parkinson
2745f394e5 Merge pull request #4525 from cconlon/sslopno 
TLS 1.3: check SSL_OP_NO_TLSv1_2 in TLS 1.3 clients
 2021-11-02 09:40:59 +10:00
Jacob Barthelmeh
03bc45c5b1 check if private key exists before using with private key check function 2021-10-29 10:51:24 -06:00
Chris Conlon
afad1374a3 check SSL_OP_NO_TLSv1_2 in TLS 1.3 enabled client 2021-10-28 16:30:02 -06:00
David Garske
6b3ff9bae2 Merge pull request #4459 from julek-wolfssl/missing-ext 
Add x509 name attributes and extensions to DER parsing and generation
 2021-10-28 14:30:37 -07:00
David Garske
0a26335243 Merge pull request #4446 from ejohnstown/dtls-sizing 
DTLS Sizing
 2021-10-28 14:15:36 -07:00
David Garske
6bb7e3900e Merge pull request #4511 from JacobBarthelmeh/Testing 
build fixes and PKCS7 BER encoding fix
 2021-10-28 10:52:58 -07:00
Juliusz Sosinowicz
8cba5dda17 Need to free x509 in tests 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
a6be157628 Gate new AKID functionality on WOLFSSL_AKID_NAME 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
d9af698aa4 Implement raw AKID with WOLFSSL_ASN_TEMPLATE 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
c162196b27 Add x509 name attributes and extensions to DER parsing and generation 
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
894303be59 Make the wolfSSL_GetMaxFragSize parameter meaning consistent 
- Add testing for sending as much app data as possible in a single DTLS record
 2021-10-28 14:46:15 +02:00
John Safranek
7cbfb27fa0 When adding cipherExtraData(), also account for TLSv1.3. 2021-10-27 15:12:31 -07:00
John Safranek
9f3f9c53fd Remove debugging printfs. Added some guards around DTLS and AEAD only things. 2021-10-27 15:12:31 -07:00
Juliusz Sosinowicz
be3b6b47ef DTLS MTU fixes 2021-10-27 15:12:31 -07:00
John Safranek
77ebd11781 Updating based on MTU. Debugging prints. 2021-10-27 15:12:31 -07:00
John Safranek
be2e7e25ac Change the calculation for the extra data size in a DTLS message when checking to see if it'll fit in an MTU. (ZD12983) 2021-10-27 15:12:31 -07:00