John Safranek
b68b14b499
Merge pull request #4724 from embhorn/zd13462
...
Improve param checks of enc
2022-01-16 15:35:54 -08:00
Sean Parkinson
15f501358d
Merge pull request #4716 from julek-wolfssl/issue-4592
...
Verification: Domain check should only be performed on leaf certs
2022-01-17 08:40:14 +10:00
Juliusz Sosinowicz
31e84d82b8
Domain check should only be performed on leaf certs
...
- Refactor `*_set_verify` functions into common logic
- NULL protect `wolfSSL_X509_VERIFY_PARAM_set1_host` and add debug info
2022-01-14 18:16:42 +01:00
elms
336e595ebb
Remove some lingering oldname return values
2022-01-11 17:09:52 -08:00
elms
efe2cea8d1
TLS: Default secure renegotiation compatability
...
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746
From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.
With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
2022-01-11 15:56:35 -08:00
David Garske
5910ada93d
Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene
...
cppcheck sweep
2022-01-10 12:52:22 -08:00
David Garske
6ce248e2f9
Improve documentation for wolfSSL_get1_session. Add wolfSSL specific naming on the internal session functions to avoid possible user conflicts. ZD13363 and ZD13487.
2022-01-10 07:47:19 -08:00
Daniel Pouzzner
56c28ff307
src/ssl.c: in wolfSSL_SESSION_has_ticket(), add (void)sess if !defined(HAVE_SESSION_TICKET), to fix -Wunused-parameter.
2022-01-08 02:39:50 -06:00
Daniel Pouzzner
bb727d2ef2
src/ssl.c: fixes for cppcheck complaints: uselessAssignmentPtrArg autoVariables[not a defect; added suppression] invalidPrintfArgType_sint nullPointerRedundantCheck pointerSize
2022-01-08 00:28:09 -06:00
Eric Blankenhorn
f74831a7da
Improve param checks of enc
2022-01-06 09:12:18 -06:00
Daniel Pouzzner
54e9076c45
src/ssl.c: fix whitespace and heap reference in FreeSession() (re 569c066fab).
2021-12-24 01:16:32 -06:00
David Garske
02186dbd23
Fix for TLS v1.3 client session ticket resumption where the server opts to do a new handshake. Fix to make sure preMasterSz is valid.
2021-12-23 18:45:52 -08:00
Sean Parkinson
929174be6b
Merge pull request #4667 from dgarske/zd13363
...
Improve TLS client side session cache references
2021-12-24 11:23:06 +10:00
David Garske
569c066fab
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use wolfSSL_get1_sesson for reference logic, that requires calling wolfSSL_SESSION_free. To disable this feature use NO_SESSION_CACHE_REF.
2021-12-23 14:25:45 -08:00
Daniel Pouzzner
7b5b1f5a4d
src/ssl.c: refine integration of wolfCrypt_SetPrivateKeyReadEnable_fips(), started by 52754123d9: depend on fips 5.1+, and call as matched pair in wolfSSL_Init() and wolfSSL_Cleanup().
2021-12-23 16:05:25 -06:00
David Garske
a8605309c6
Merge pull request #4692 from haydenroche5/wolfssl_init_fipsv5
...
Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
2021-12-23 09:28:36 -08:00
Hayden Roche
52754123d9
Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
...
Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and
server), since they are now redundant.
2021-12-22 14:21:06 -08:00
Hayden Roche
646ceb259a
Fix usage of SSL_OP_NO_COMPRESSION that was breaking wolfEngine.
...
Replace instances of SSL_OP_NO_COMPRESSION with WOLFSSL_OP_NO_COMPRESSION in
ssl.c. Only define SSL_OP_NO_COMPRESSION when using the compatibility layer.
Before these changes, wolfEngine builds were failing due to
SSL_OP_NO_COMPRESSION being defined in both wolfSSL and OpenSSL headers.
2021-12-22 10:23:51 -08:00
David Garske
af0bcef0ef
Merge pull request #4648 from embhorn/zd13365
...
Fix - wolfSSL_init should cleanup on failure of a component
2021-12-21 17:17:16 -08:00
Sean Parkinson
bb306d14b7
Merge pull request #4643 from kareem-wolfssl/zd13328
...
Fix building with OPENSSL_EXTRA defined and NO_WOLFSSL_STUB not defined.
2021-12-21 08:02:17 +10:00
Anthony Hu
7d4c13b9a4
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC
...
AKA: The Great Rename of December 2021
2021-12-20 11:48:03 -05:00
David Garske
ab9eda636a
Merge pull request #4671 from lealem47/remove-n
...
Removing extra \n from WOLFSSL_LEAVE and WOLFSSL_ENTER
2021-12-17 14:04:42 -08:00
David Garske
97830b81d6
Merge pull request #4674 from anhu/uninitialized
...
Fix unitialized usage
2021-12-17 10:51:43 -08:00
Anthony Hu
9cc1624023
Fix unitialized usage
2021-12-17 11:55:08 -05:00
Lealem Amedie
a79440b95a
Removing extra \n from WOLFSSL_LEAVE and WOLFSSL_ENTER
2021-12-16 13:30:43 -07:00
Daniel Pouzzner
f889916fae
ssl.c: fix C++ invalid conversion in wolfSSL_sk_X509_INFO_value().
2021-12-16 13:29:17 -06:00
David Garske
dec78169bf
Merge pull request #4658 from julek-wolfssl/apache-2.4.51
...
Add Apache 2.4.51 support
2021-12-16 08:52:10 -08:00
Eric Blankenhorn
44cc9e4824
Fix - wolfSSL_init should cleanup on failure of a component
2021-12-16 09:50:50 -06:00
Juliusz Sosinowicz
afa6237f56
Add WOLFSSL_FORCE_AUTO_RETRY option: force retrying of network reads
2021-12-16 15:33:30 +01:00
Juliusz Sosinowicz
017d6cf464
Simplify error queue macros
2021-12-16 12:39:58 +01:00
Juliusz Sosinowicz
e78f7f734e
Add Apache 2.4.51 support
...
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
2021-12-16 12:39:38 +01:00
David Garske
caf9024984
Merge pull request #4652 from douzzer/no-rsa-no-dh-no-dsa
...
WOLFSSL_ECC_NO_SMALL_STACK etc
2021-12-13 10:12:14 -08:00
Daniel Pouzzner
355b779a3e
feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c.
2021-12-11 14:08:04 -06:00
Anthony Hu
4c12f0be95
Only one call to wc_falcon_init() and comment on 300.
2021-12-10 16:40:41 -05:00
Anthony Hu
1d8ff70900
In d2iGenericKey(), if a falcon key is encountered, make a dummy pkey.
...
This allows apache-httpd to work without PQ-specific patch along with a previous
pull request.
2021-12-10 14:18:42 -05:00
Kareem
376be0f66a
Fix building with OPENSSL_EXTRA defined and NO_WOLFSSL_STUB not defined.
2021-12-08 16:51:51 -07:00
Sean Parkinson
d5c27fca7d
Merge pull request #4626 from JacobBarthelmeh/certs
...
add human readable string of IP
2021-12-07 08:23:31 +10:00
Chris Conlon
e45c33a771
Merge pull request #4624 from miyazakh/jenkins_qt_failure
2021-12-06 09:53:34 -07:00
Jacob Barthelmeh
1ec86ee4cc
add human readable string of IP
2021-12-02 16:04:58 -07:00
David Garske
b4c6140b64
Merge pull request #4442 from julek-wolfssl/kerberos
...
Add Kerberos 5 support
2021-12-02 09:07:34 -08:00
Hideki Miyazaki
a5bd6cde8d
fix nigtly jenkins Qt Job failure
2021-12-02 16:37:48 +09:00
Sean Parkinson
d06ada2ccc
Merge pull request #4610 from julek-wolfssl/nginx-1.21.4
...
Add support for Nginx 1.21.4
2021-12-01 22:27:12 +10:00
Juliusz Sosinowicz
aac1b406df
Add support for Nginx 1.21.4
...
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
2021-12-01 09:49:52 +01:00
David Garske
a0300f7ab0
Fixes for ECDSA_Size. If group is unknown set to -1, otherwise defaults to first ECC index. Fix the signature size calculation to use our existing enum and calculation logic. ZD13303
2021-11-30 12:33:49 -08:00
David Garske
29517fd617
Merge pull request #4609 from danielinux/tls13_hkdf_callback
...
TLS 1.3: Add HKDF extract callback
2021-11-30 10:59:44 -08:00
Daniele Lacamera
c3b1d9f9e7
Cosmetic and prototypes changes after reviewer's comments
2021-11-30 10:06:54 +01:00
Daniel Pouzzner
a33ae21801
whitespace cleanups and portability/pedantic fixes
2021-11-29 23:58:39 -06:00
Chris Conlon
7221e06ff7
Merge pull request #4588 from miyazakh/sce_protect_mode_e2studio
2021-11-29 15:32:48 -07:00
Daniele Lacamera
57fb5453cb
Support for HKDF Extract callback
2021-11-29 14:51:13 +01:00
Hideki Miyazaki
fb4e39f00a
addressed review comments prt1
2021-11-26 16:03:42 +09:00