Commit Graph

14975 Commits

Author SHA1 Message Date
elms 98f286d8cb Consistent return value from SSL_CTX_load_verify_locations{,_ex} (#4341)
On any failure, return `WOLFSSL_FAILURE`

If there was a failure and a successful processing of certs from the
same directory, the return value depended on the last cert processed
which not guarenteed to be the same order. If the last cert load
failed, it would return the specific wolfSSL error code. If it
succeeded, then WOLFSSL_FAILURE would be returned as a generic failure
due to a previous cert error.
2021-09-10 08:45:13 +10:00
Eric Blankenhorn 649aa9c95f Add error handling to wolfSSL_BIO_get_len (#4385) 2021-09-10 08:15:30 +10:00
JacobBarthelmeh 934b0ab572 free structure on error case (#4383) 2021-09-09 08:07:22 +10:00
David Garske b6665df6a8 Fixes for sniffer handling of TCP spurious retransmission (#4372)
* Fix for sniffer to better handle spurious retransmission edge case. ZD 12852

* Fix for sniffer to not send alerts during application data processing.

* Fix for missing semi-colon on XFREE.

* Fix for `bench_stats_print` with stack variable name used in `bench_ecc`. Improve benchmark thread cleanup, CPU count calcuation and stat blocking logic.
2021-09-08 09:40:58 +10:00
JacobBarthelmeh 078e0a7379 add unlock of mutex in fail cases (#4378) 2021-09-08 08:51:34 +10:00
Hideki Miyazaki a118de1043 copy sessionCtxSz (#4375) 2021-09-08 08:03:35 +10:00
David Garske 3ca1900528 Merge pull request #4379 from haydenroche5/cmake
Fix issue with CMake build where CMAKE_C_FLAGS is empty.
2021-09-07 14:15:18 -07:00
Hayden Roche 93d3739ae7 Fix issue with CMake build where CMAKE_C_FLAGS is empty. 2021-09-07 12:11:43 -07:00
Hideki Miyazaki 51a2f9de17 return value convention on compatibility layer (#4373)
* return value convention

* addressed review comments

* addressed review comment part2

* fix jenkins failures
2021-09-07 08:15:08 +10:00
Hideki Miyazaki d4387493fb keep CRLInfo at own cert memory (#4374) 2021-09-07 08:11:29 +10:00
TakayukiMatsuo 90116a2873 Add support for wolfSSL_EVP_PBE_scrypt (#4345) 2021-09-03 15:49:02 +10:00
David Garske 35cef831bf Fix for missing heap hint with RSA PSS and WOLFSSL_PSS_LONG_SALT (#4363)
* Fix for missing heap hint with RSA PSS and `WOLFSSL_PSS_LONG_SALT`. This fix will only allocate buffer if it exceeds the local buffer. Added `wc_RsaPSS_CheckPadding_ex2` to support heap hint if required. Fixed asn.c build issue with `NO_CERTS`. Fixed several spelling errors in asn.c. ZD12855.

* Improve the dynamic memory NULL checking in `wc_RsaPSS_CheckPadding_ex2` with `WOLFSSL_PSS_LONG_SALT` defined.
2021-09-03 15:42:31 +10:00
David Garske a3ee84bf6d Merge pull request #4355 from anhu/check_support_of_group
BUGFIX: Its possible to send a supported group that is not supported.
2021-09-02 20:03:32 -07:00
David Garske 43cb7d5ada Merge pull request #4368 from haydenroche5/cmake
Make sure CMAKE_C_FLAGS gets parsed for defines to add to options.h.
2021-09-02 20:01:08 -07:00
elms fd77cb8918 fix wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex bound checks (#4369)
RFC3394 in must be at least 2 64-bit blocks and output is one block longer.
On Unwrapping the input must then be a minimum of 3 64-bit blocks
2021-09-03 12:48:01 +10:00
John Safranek 1662b01157 Merge pull request #4367 from julek-wolfssl/zd12834
Changes for ED25519 and `HAVE_SECRET_CALLBACK`
2021-09-02 15:46:44 -07:00
Kaleb Himes a9a1158f46 Remove test cases not supported by ARM64_ASM in FIPS mode - OE25 (#4342) 2021-09-03 08:37:34 +10:00
Anthony Hu 26c7592d4b leantls only supports secp256r1. 2021-09-02 17:38:04 -04:00
Hayden Roche 12d7487774 Make sure CMAKE_C_FLAGS gets parsed for defines to add to options.h.
For example, if a user does

```
cmake -DCMAKE_C_FLAGS="-DWOLFSSL_AESGCM_STREAM -DFP_MAX_BITS=16384" ..
```

definitions for `WOLFSSL_AESGCM_STREAM` and `FP_MAX_BITS 16384` should wind up
in options.h (same as the autotools build).
2021-09-02 13:00:24 -07:00
Anthony Hu 428fe29537 Remove authentication related logic from TLSX_ValidateSupportedCurves() 2021-09-02 14:07:06 -04:00
David Garske 03fba72027 Merge pull request #4361 from julek-wolfssl/GetASNHeader-return
Missing `GetASNHeader` return handling
2021-09-02 09:18:06 -07:00
David Garske 587389d137 Merge pull request #4366 from douzzer/cpp-anon-inline-unions
C++ HAVE_ANONYMOUS_INLINE_AGGREGATES sensing
2021-09-02 09:14:31 -07:00
Juliusz Sosinowicz 4a26b53dfc Changes for ED25519 and HAVE_SECRET_CALLBACK
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
2021-09-02 15:58:30 +02:00
Juliusz Sosinowicz abc046b5b7 Missing GetASNHeader return handling 2021-09-02 14:56:58 +02:00
TakayukiMatsuo 56843fbefd Add support for EVP_sha512_224/256 (#4257) 2021-09-02 14:05:07 +10:00
David Garske 504e27dfa7 Merge pull request #4357 from gojimmypi/patch-1
Espressif README Syntax / keyword highlighting / clarifications
2021-09-01 18:35:32 -07:00
gojimmypi e079b357df copy missing Espressif/ESP-IDF files from wolfssl/wolfcrypt/benchmark (#4273)
* copy missing files from wolfssl/wolfcrypt/benchmark

* instead of GitHub copy, update setup to perform the copy of ESP-IDF benchmark files; add --verbose option

* update setup to perform the copy of ESP-IDF benchmark files; add --verbose option

* copy benchmark.c / benchmark.h at setup time
2021-09-01 18:34:46 -07:00
JacobBarthelmeh bac0497c35 PKCS7 fix for double free on error case and sanity check on set serial number (#4356)
* check for error value on set serial number

* set pointer in fail case
2021-09-02 09:13:35 +10:00
Daniel Pouzzner c8f65ec404 wolfcrypt/types.h: fix HAVE_ANONYMOUS_INLINE_AGGREGATES sensing to correctly accommodate C++ builds. 2021-09-01 17:01:55 -05:00
Anthony Hu 5e12fa3eb7 Some small bugfixes uncovered by the unit tests. 2021-09-01 16:25:04 -04:00
Anthony Hu 096db7577f Make jenkins happy. \n\nI feel like I should put the guard around the whole function but then other things break. 2021-09-01 10:54:52 -04:00
Anthony Hu 0d6d171fa4 BUGFIX; Its possible to sending a supported group that is not supported.
This change fixes that.
2021-09-01 10:54:52 -04:00
David Garske d23b0784b3 Fix for building session tickets without TLS v1.3. Broken in PR #4275. (#4360) 2021-09-01 10:06:31 +10:00
David Garske 9b6cf56a6e Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335)
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.

* Fix for sniffer with TLS v1.3 session tickets.

* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).

* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.

* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.

* Fix for static ephemeral loading of file buffer.

* Added sniffer Curve25519 support and test case.

* Fix for sniffer to not use ECC for X25519 if both are set.

* Fix Curve448 public export when only private is set.

* Fix for `dh_generate_test` for small stack size.

* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.

* Fix invalid comment.
2021-09-01 09:28:24 +10:00
gojimmypi e25b17b108 Syntax / keyword highlighting / clarifications
See https://github.com/espressif/esp-wolfssl/issues/11
2021-08-30 17:35:17 -07:00
John Safranek 0f0ba46ac5 Merge pull request #4352 from haydenroche5/dsa_fips
Allow OpenSSL DSA sign/verify functions with FIPS.
2021-08-30 15:47:38 -07:00
John Safranek 35a917e527 Merge pull request #4337 from miyazakh/py_get_ca_certs
fix python ut, get_ca_certs
2021-08-30 14:02:05 -07:00
David Garske 4645a6917c Merge pull request #4168 from JacobBarthelmeh/wolfCLU
function additions and fixes for expansion of wolfCLU
2021-08-30 13:42:50 -07:00
John Safranek 078d49ea6f Merge pull request #4333 from dgarske/evp_devid
EVP key support for heap hint and crypto callbacks
2021-08-30 11:59:27 -07:00
John Safranek ee07bd3fa9 Merge pull request #4331 from SparkiDev/jenkins_fixes_4
Jenkins nighlty fixes
2021-08-30 10:29:00 -07:00
John Safranek 85df95e10d Merge pull request #4324 from miyazakh/maxfragment
add set_tlsext_max_fragment_length support
2021-08-30 10:21:59 -07:00
David Garske 2a6b8f4912 Merge pull request #4275 from JacobBarthelmeh/Compatibility-Layer
add set num tickets compat function
2021-08-30 09:26:49 -07:00
Hayden Roche 3ca77bb09b Allow OpenSSL DSA sign/verify functions with FIPS. 2021-08-29 18:22:30 -07:00
Sean Parkinson 0488caed4c Merge pull request #4346 from cconlon/verifyPostHandshake
TLS 1.3: add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-30 09:47:23 +10:00
David Garske c7645a42a7 Merge pull request #4320 from anhu/liboqs_keyshare_updated
WolfSSL support for OQS's implementation of NIST Round 3 KEMs as TLS 1.3 groups
2021-08-27 17:42:25 -07:00
Chris Conlon 070029fd08 add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode 2021-08-27 14:49:47 -06:00
JacobBarthelmeh 65cfef5337 fix for free with test case 2021-08-27 14:10:06 -06:00
Kareem 9a438ce289 liboqs integration using keyshare/supported_groups extensions in TLS 1.3 2021-08-27 13:56:53 -04:00
Jacob Barthelmeh 83d39932bb add test case for X509 EXTENSION set 2021-08-27 11:30:44 -06:00
John Safranek 412528e18b Merge pull request #4336 from elms/sp_out_of_range
sp_math: error on multiplier larger than curve order
2021-08-27 10:15:42 -07:00