wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 04:22:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,646 Commits 12 Branches 184 Tags
88d5059c366b6dcaaa0eea7345b4e7a09882e01f
Commit Graph

6056 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
88d5059c36 Jenkins fixes 
`WS_RETURN_CODE` was not functioning properly in master
 2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz
98bc8402db Refactor memory BIO 
- use the `WOLFSSL_BUF_MEM` struct to resize the internal memory buffer
- add a `WOLFSSL_BIO_RESIZE_THRESHOLD` define that will be used to determine how often to shrink the internal buffer. This should cut down on the number of free/malloc calls made significantly. This should help with our inefficient 1 byte reads in `loadX509orX509REQFromPemBio`.
- implement `wolfSSL_BUF_MEM_resize` which allows bi-directional buffer size manipulation
 2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz
ae9b01c5b8 bind 9.18.0 fixes 
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
 2022-03-24 12:16:59 +01:00
Anthony Hu
f71a85d5f9 Merge pull request #4979 from dgarske/sniffer_tidy 2022-03-23 15:13:20 -04:00
David Garske
f129c32273 Fixes for whitespace, script bug and bit-field type. 2022-03-23 09:31:04 -07:00
Sean Parkinson
90f53aed34 ssl.c: move out X509 store APIs to new file 2022-03-23 13:59:54 +10:00
Daniel Pouzzner
d864fc9a3f Merge pull request #4972 from julek-wolfssl/asn-time-tz-diff 
`mktime` may return a negative due to timezones around the unix epoch
 2022-03-22 14:03:59 -05:00
Anthony Hu
c41bef6486 Get rid of tabs I added previously. 2022-03-22 11:56:15 -04:00
JacobBarthelmeh
c377a709e1 Merge pull request #4953 from cconlon/apiVersionDiff 
More checks on OPENSSL_VERSION_NUMBER for API prototype differences
 2022-03-21 16:59:06 -06:00
David Garske
29c120356e Sniffer asynchronous support. 
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807.
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
 2022-03-21 12:05:08 -07:00
David Garske
8bf14ba1d3 Merge pull request #4957 from JacobBarthelmeh/Compatibility-Layer 
alter return value and add error string
 2022-03-21 09:10:04 -07:00
Juliusz Sosinowicz
d7037da0b5 mktime may return a negative due to timezones around the unix epoch 2022-03-21 17:07:13 +01:00
Juliusz Sosinowicz
9763030675 Merge pull request #4845 from cconlon/pkcs7compat 2022-03-21 15:26:37 +01:00
Hayden Roche
dcaa218ed8 Merge pull request #4927 from cconlon/upRef 2022-03-18 18:10:36 -07:00
Hayden Roche
7ea6b73c7b Merge pull request #4928 from cconlon/compatCleanups 2022-03-18 16:23:56 -07:00
Hayden Roche
2637e5e361 Merge pull request #4926 from cconlon/namePrintRFC5523 2022-03-18 15:53:07 -07:00
David Garske
a79daa5ea8 Merge pull request #4959 from haydenroche5/asn1_time_diff_bug 
Fix bug in wolfSSL_ASN1_TIME_diff.
 2022-03-18 14:28:23 -07:00
Chris Conlon
582f0d82e4 address review feedback for PKCS7 compat additions 2022-03-18 12:07:44 -06:00
Sean Parkinson
ef66a12a24 Merge pull request #4961 from dgarske/cust_fixups 
Various portability improvements (Time, DTLS epoch size, IV alloc)
 2022-03-18 11:38:57 +10:00
David Garske
b546b2a5ec Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID. 2022-03-17 14:48:30 -07:00
David Garske
ae25a48509 Improve the build message to not always allocate the IV (16 byte) (use fixed buffer if <= 16 bytes). 2022-03-17 14:01:57 -07:00
David Garske
3fba5d17c3 Various portability improvements: 
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
 2022-03-17 14:00:55 -07:00
David Garske
aa8e5a29d4 Merge pull request #4947 from cconlon/compatSmallStack 
Stack/smallstack cleanup for OpenSSL compatibility functions
 2022-03-15 16:47:23 -07:00
Hayden Roche
6e6aa5b0c1 Fix bug in wolfSSL_ASN1_TIME_diff. 
This function should not error out if one of the passed in times is the Unix
epoch. This amounts to erroring out when the XMKTIME returns < 0, rather than
<= 0.
 2022-03-15 10:52:05 -07:00
JacobBarthelmeh
d0e83be596 alter return value and add error string 2022-03-15 10:26:59 -07:00
Daniel Pouzzner
d531e21f34 Merge pull request #4946 from dgarske/async_earlydata 
Fixes for TLS v1.3 early data with async
 2022-03-15 12:12:09 -05:00
David Garske
9c29102c43 Merge pull request #4948 from SparkiDev/tls12_pa_failsafe 
TLS: add peer authentication failsafe for TLS 1.2 and below
 2022-03-15 09:42:56 -07:00
Chris Conlon
ce514e6fc5 add PKCS7_sign, PKCS7_final, SMIME_write_PKCS7. add signer cert verify support to PKCS7_verify, support for PKCS7_TEXT, PKCS7_DETACHED, PKCS7_STREAM 2022-03-15 10:21:22 -06:00
Chris Conlon
a7d5e6400d add support for PKCS7_TEXT flag to PKCS7_verify() 2022-03-15 10:21:22 -06:00
Chris Conlon
f7c5c9f713 extra checks for OPENSSL_VERSION_NUMBER for API prototype differences 2022-03-15 09:41:51 -06:00
Chris Conlon
7c63dd6245 smallstack reduction for wolfSSL_set_accept_state() 2022-03-15 09:40:51 -06:00
Chris Conlon
062003916c stack/smallstack reduction for wolfssl_x509_make_der(), d2iGenericKey(), PrintPubKeyEC(), wolfSSL_EC_POINT_add() 2022-03-15 09:40:48 -06:00
Sean Parkinson
343e8bccdd ssl.c: move TXT and CONF APIs out into conf.c 2022-03-15 12:09:24 +10:00
Sean Parkinson
9ed061cc96 TLS: add peer authentication failsafe for TLS 1.2 and below 
Tightened the TLS 1.3 failsafe checks too.
 2022-03-15 08:51:44 +10:00
Daniel Pouzzner
4966eb7897 Merge pull request #4944 from douzzer/20220310-asn-template-EncodeExtensions-overrun 
wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions() and leak in ParseCRL_Extensions()
 2022-03-13 21:21:07 -05:00
Sean Parkinson
cdb45b12c5 Merge pull request #4884 from haydenroche5/i2d_x509_name_fix 
Improve wolfSSL_i2d_X509_name.
 2022-03-14 11:57:07 +10:00
Daniel Pouzzner
fb0c9b2a66 ssl.c: use InitHandshakeHashes(), not FreeHandshakeHashes(), to reset ssl->hsHashes. 2022-03-11 16:26:24 -06:00
David Garske
dd8fb41f66 Fixes for TLS v1.3 early data with async. 2022-03-11 14:03:46 -08:00
Daniel Pouzzner
82ab7bf32c ssl.c: fix hash state memory leaks in wolfSSL_clear() and wolfSSL_TicketKeyCb(). 2022-03-11 13:40:01 -06:00
Chris Conlon
2639c5e268 X509V3_set_ctx arg check fix, debug log cleanup 2022-03-11 09:53:51 -07:00
Daniel Pouzzner
7602eef98f src/ssl.c: use strlcpy(), not strncpy(), to make string_fortified happy (else "error: ‘__builtin_strncpy’ specified bound 46 equals destination size"). 2022-03-11 08:15:44 -06:00
Sean Parkinson
c3eab0dcdd Fixes from sanitizer build 
Fix OID index in SetNameRdnItems for multi attributes.
Stop warning about strncpy to small.
Fix casting in ASN1_SIMPLE to use consistent type.
 2022-03-11 14:27:50 +10:00
David Garske
570daa6a7f Enable support for STM32U585 and PQ on M4 2022-03-10 14:19:01 -05:00
David Garske
b30ada1608 Merge pull request #4940 from ejohnstown/wolfrand 
Fix wolfRand Build
 2022-03-09 15:42:19 -08:00
Sean Parkinson
47895fe78d Merge pull request #4942 from dgarske/sp_math_opensslextra 
Fixes to support building opensslextra with SP math
 2022-03-10 08:53:21 +10:00
David Garske
141cf822f2 Merge pull request #4941 from douzzer/20220309-script-cleanup 
20220309 script cleanup
 2022-03-09 13:30:50 -08:00
Chris Conlon
bcfe8bf2e2 Merge pull request #4933 from haydenroche5/x509_set_ext_ext_key_usage 2022-03-09 13:22:49 -07:00
David Garske
3a62857dbd Fixes to support building opensslextra with SP math. Disables some of the compatibility layer BN and ECC point handling. 2022-03-09 11:53:56 -08:00
John Safranek
d6fb454063 Fix wolfRand Build 
1. Remove the v3 FIPS build from configure and automake. This was for
   the old FIPS Ready build, which is now fixed to the certificate 3389
   configuration.
2. Remove AES-GCM, PKCS12, and SHA-3 from wolfRand build. They were
   getting reenabled later in the configure.
 2022-03-09 10:35:39 -08:00
Daniel Pouzzner
abfc788389 script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace. 2022-03-09 12:28:22 -06:00