wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-05 11:14:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,731 Commits 13 Branches 184 Tags
91cad98d67afd90b819859c64bb232dbeabcccbf
Commit Graph

3076 Commits

Author SHA1 Message Date
JacobBarthelmeh bb73c233fc Merge pull request #6973 from douzzer/20231115-misc-fixits 
20231115-misc-fixits
 2023-11-15 15:27:25 -07:00
Eric Blankenhorn 7bbeadcf97 Fix build errors with dtls1.3 and no tls1.2 2023-11-15 10:37:09 -06:00
JacobBarthelmeh 7daac20d24 Merge pull request #6952 from julek-wolfssl/dtls13-pqc-tests 
Add dtls 1.3 PQC suites tests
 2023-11-15 09:34:36 -07:00
Daniel Pouzzner 7569cfdff8 src/internal.c,src/wolfio.c: fallback to SHA256 when NO_SHA, in LoadCertByIssuer(), MicriumGenerateCookie(), uIPGenerateCookie(), and GNRC_GenerateCookie(); 
tests/api.c: when NO_SHA, omit test_wolfSSL_CertManagerCheckOCSPResponse() and test_wolfSSL_CheckOCSPResponse() (both use static artifacts with SHA1 name and key hashes).
 2023-11-15 00:09:22 -06:00
jordan be24d68e5d Add EXTENDED_KEY_USAGE_free to OpenSSL compat layer. 2023-11-08 15:26:24 -06:00
Stanislav Klima 76d89a0c15 unused variable 2023-11-08 11:09:05 +01:00
Stanislav Klima f518a8f7d5 new build flag WOLFSSL_ALLOW_ENCODING_CA_FALSE 2023-11-08 10:51:25 +01:00
Sean Parkinson 54f2d56300 ssl.c: Move out crypto compat APIs 
ssl_crypto.c contains OpenSSL compatibility APIS for:
 - MD4, MD5, SHA/SHA-1, SHA2, SHA3
 - HMAC, CMAC
 - DES, DES3, AES, RC4
API implementations reworked.
Tests added for coverage.
TODOs for future enhancements.
 2023-11-08 19:43:18 +10:00
Juliusz Sosinowicz 8bc79a0b43 Add dtls 1.3 PQC suites tests 2023-11-08 10:29:35 +01:00
Stanislav Klima 4bbb0e3876 drafted ca false 2023-11-08 10:23:46 +01:00
Daniel Pouzzner ca694938fd tests/api.c: update response vector in test_wolfSSL_CertManagerCheckOCSPResponse(), reflecting regenerated keys in certs/ocsp/. 2023-11-07 19:25:52 -06:00
JacobBarthelmeh c5e2f414ea Merge pull request #6929 from julek-wolfssl/dtls13-early-data-server-side 
dtls 1.3: allow to skip cookie exchange on resumption
 2023-11-06 13:30:21 -07:00
JacobBarthelmeh c92d25816a Merge pull request #6887 from julek-wolfssl/zd/16849 
Implement untrusted certs in wolfSSL_X509_STORE_CTX_init
 2023-11-06 10:13:43 -07:00
Juliusz Sosinowicz 8c87920903 Address code review 2023-11-03 11:02:41 +01:00
JacobBarthelmeh 96977d1480 Merge pull request #6900 from julek-wolfssl/zd/16868 
EVP_EncodeBlock should not append a newline
 2023-11-02 09:20:39 -06:00
JacobBarthelmeh 21f34ef028 Merge pull request #6905 from bandi13/moreCodeSonarFixes 
Don't nag about leaked resources
 2023-11-01 14:46:02 -06:00
JacobBarthelmeh c920337f2f Merge pull request #6891 from julek-wolfssl/zd/16849-i2d_x509 
Advance pointer in wolfSSL_i2d_X509
 2023-11-01 11:02:44 -06:00
JacobBarthelmeh 026c4bcbc7 Merge pull request #6902 from dgarske/various_20231020 
Fixes for PKCS w/out RSA and Cert/CSR signing with unknown OID
 2023-11-01 10:58:10 -06:00
JacobBarthelmeh 98843798c2 Merge pull request #6934 from SparkiDev/regression_fixes_8 
Regression test fixes
 2023-11-01 10:55:41 -06:00
Sean Parkinson 0eab70f806 Regression test fixes 
Fixes for different configurations and memory allocation failure
testing.
 2023-11-01 14:10:49 +10:00
Juliusz Sosinowicz aed715cb2c dtls 1.3: allow to skip cookie exchange on resumption 
tls 1.3: do cookie exchange when asked too even when found a matching cipher
 2023-10-31 14:29:04 +01:00
David Garske 0455224439 Fix build errors in API unit test without IO dependencies. 2023-10-30 17:04:36 -07:00
Andras Fekete 42c241dbbf Avoid use of uninitialized array 2023-10-27 15:38:46 -04:00
Juliusz Sosinowicz 8f60fb0053 Advance pointer in wolfSSL_i2d_X509 2023-10-24 10:25:06 +02:00
Daniel Pouzzner 501299bc31 fix null pointer derefs in examples/pem/pem.c:pemApp_ReadFile() and tests/api.c:LoadPKCS7SignedDataCerts() detected by clang-tidy. 2023-10-21 13:34:04 -05:00
David Garske 6887281361 Fix for ./configure --enable-pkcs7 --disable-rsa && make check. 2023-10-20 16:27:54 -07:00
Juliusz Sosinowicz 8cd6cd175d EVP_EncodeBlock should not append a newline 2023-10-20 13:20:11 +02:00
Juliusz Sosinowicz d13d446c2e Add missing guard 2023-10-19 20:05:59 +02:00
Juliusz Sosinowicz 1ae248018f Implement untrusted certs in wolfSSL_X509_STORE_CTX_init 2023-10-18 22:24:19 +02:00
Daniel Pouzzner 3e9f8bc649 tests/api.c: gate test_wc_AesEaxVectors(), test_wc_AesEaxEncryptAuth(), and test_wc_AesEaxDecryptAuth(), on !FIPS || FIPS>=5.3. 
wolfcrypt/src/eccsi.c: remove incorrect `(void)h` from eccsi_mulmod_base_add() in newly exposed WOLFSSL_SP_MATH code path.
 2023-10-16 13:30:16 -05:00
JacobBarthelmeh c23559a91c Merge pull request #6866 from bigbrett/aes-eax 
Add more extensive AES EAX tests to api.c
 2023-10-13 16:09:30 -06:00
Brett 87cffc8229 Added more extensive AES EAX tests to api.c 2023-10-13 11:38:16 -06:00
JacobBarthelmeh 79a6e1eb04 Merge pull request #6808 from SparkiDev/sp_sm2 
SP updates for SM2
 2023-10-13 10:17:17 -06:00
Sean Parkinson 0cc21a42f3 SP updates for SM2 
Allow wolfSSL to build with SP implementations of SM2.
Updates to SP implementation of other code.
 2023-10-13 08:14:15 +10:00
Juliusz Sosinowicz 8ac72750bc Fix linting issues 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz 948d7ae761 keyLog_callback: flush the descriptor to make sure it is written out 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz bec87e525f PQC TLS 1.3: test setting pqc with wolfSSL_CTX_set_groups 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz 2c6c52078a test_dtls13_frag_ch_pq: make sure kyber5 is used 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz 37c0d52fa8 Dump manual memio stream with WOLFSSL_DUMP_MEMIO_STREAM 2023-10-09 12:54:11 +02:00
Anthony Hu f640fdf91f Adding a post-quantum DTLS 1.3 test. 
This exercises the fragmenting of ClientHello via large post-quantum key share.

./configure --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtls \
            --enable-dtls13 --with-liboqs
 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz 85a596e54a DTLS 1.3: allow fragmenting the second ClientHello message 
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
 2023-10-09 12:54:11 +02:00
JacobBarthelmeh 5cb80ea898 Merge pull request #6847 from embhorn/zd16767 
Fix wolfSSL_set_verify_result to use correct value
 2023-10-06 16:52:32 -06:00
Eric Blankenhorn b329c0d5f4 Fix wolfSSL_set_verify_result to use correct value 2023-10-06 16:34:31 -05:00
Juliusz Sosinowicz 7baf151c37 CRL verify the entire chain including loaded CA's 
- Regen CRL's as most of them are expired
- certs/crl/extra-crls/ca-int-cert-revoked.pem: CRL that revokes certs/intermediate/ca-int-cert.pem signed by certs/ca-cert.pem
- Add CheckCertCRL_ex API to not depend on DecodedCert
- CheckCertCRLList: accept raw serial or hashed version to work with Signers
- Add XELEM_CNT to simplify pre-proc element counting
 2023-10-03 11:45:43 +02:00
Andras Fekete 47f0d5a5d0 Fix issue created by 62c14e4d5b 2023-10-02 12:34:33 -04:00
David Garske b72d02dd88 Merge pull request #6742 from embhorn/zd16187_2 
Fixes for NO_FILESYSTEM and NO_BIO config
 2023-09-19 11:19:07 -07:00
Anthony Hu 6bf716bd26 Merge pull request #6743 from JacobBarthelmeh/unit_tests 
add test case for ignoring cert path error
 2023-09-14 11:04:35 -04:00
JacobBarthelmeh 61f48eb5a1 Merge pull request #6763 from DimitriPapadopoulos/codespell 
Fix residual typos found by codespell
 2023-09-11 15:55:34 -06:00
JacobBarthelmeh 63477bcfdb Merge pull request #6733 from gojimmypi/windows-gettime_secs 
implement gettime_secs for Windows (_MSC_VER) in tests/api.c
 2023-09-11 09:31:30 -06:00
Dimitri Papadopoulos d532833af9 Fix residual typos found by codespell 2023-09-11 11:34:28 +02:00