wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-04 03:25:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,267 Commits 12 Branches 184 Tags
9bcbd645d6cee10234a9cddf36ed10784d1c8bfe
Commit Graph

1945 Commits

Author SHA1 Message Date
Lealem Amedie
9bcbd645d6 Fix build failure caused by missing NO_AES macro guard 2022-06-15 13:30:56 -07:00
David Garske
0b78961111 Merge pull request #5186 from SparkiDev/pk_c_rework_1 
pk.c: rework
 2022-06-13 08:35:09 -07:00
David Garske
d600a4b887 Spelling and Whitespace cleanups. Fix issue with trying to build pk.c directly and always getting warn even with WOLFSSL_IGNORE_FILE_WARN. 2022-06-10 09:06:55 -07:00
David Garske
49008b169c Merge pull request #5087 from haydenroche5/x509_print 
Add support for more extensions to wolfSSL_X509_print_ex.
 2022-06-10 08:19:23 -07:00
Sean Parkinson
890abfbefc pk.c: rework 
Re-order RSA functions.
Add comments to RSA functions.
Rework RSA function implementations.
 2022-06-10 09:54:32 +10:00
Hayden Roche
f479600066 Add support for more extensions to wolfSSL_X509_print_ex. 
- Key usage
- Extended key usage
- Subject alt name

Additionally, print out the criticality of the extensions.
 2022-06-09 16:50:10 +02:00
Takashi Kojo
7bfe6aa127 Extend HEAP_HINT to all InitRsaKey in api.c 2022-06-05 09:12:49 +09:00
Takashi Kojo
1b9f922ec3 wc_MakeRsKey with static mem pool 2022-06-05 09:04:42 +09:00
Hayden Roche
fb3c611275 Fix another AES-GCM EVP control command issue. 
With PR 5170, I added logic that requires a EVP_CTRL_GCM_SET_IV_FIXED command be
issued before a EVP_CTRL_GCM_IV_GEN command. This matches OpenSSL's behavior.
However, OpenSSL also clears the flag enabling EVP_CTRL_GCM_IV_GEN after
EVP_CTRL_GCM_SET_IV_FIXED if EVP_CipherInit is called with a NULL key.
Otherwise, the flag retains its value. We didn't mirror this logic, and that
caused problems in OpenSSH unit testing. This commit aligns our logic with
OpenSSL's and adds a regression test to test_evp_cipher_aes_gcm for this case.
 2022-06-02 12:32:59 -07:00
Sean Parkinson
fb9f90b98b Merge pull request #5200 from dgarske/qat_fsanitize 
Fixes for buffers when testing with Intel QAT hardware
 2022-06-02 08:35:24 +10:00
David Garske
5672e2a885 Fixes for buffers when testing with Intel QAT hardware and fsanitize=address: 
* PKCS7 should use allocated buffer for RSA.
* PKCS7 small stack typo for `keyAlgArray` size in `wc_PKCS7_AddRecipient_KTRI`.
* Fix for use of `free`, which should be `XFREE` in api.c.
* Cleanup old RSA benchmarking MDK5/WINCE code no longer needed with `WC_DECLARE_ARRAY_DYNAMIC_DEC` and `WC_DECLARE_ARRAY_DYNAMIC_EXE`.
 2022-06-01 12:07:57 -07:00
Daniel Pouzzner
b212853bce evp.c: in EvpCipherAesGCM(), make sure ctx->gcmAuthIn is non-null before clearing it; fix whitespace. 2022-06-01 10:29:40 -05:00
Sean Parkinson
81cd1e652e Merge pull request #5170 from haydenroche5/evp_cipher_aes_gcm 
Fix EVP_CTRL_GCM_IV_GEN with AES-GCM.
 2022-06-01 08:20:33 +10:00
Chris Conlon
0554b02215 Merge pull request #5177 from JacobBarthelmeh/PKCS7 2022-05-31 09:46:14 -06:00
David Garske
fa80aa6505 Merge pull request #5132 from JacobBarthelmeh/req 
Add support for additional CSR attributes
 2022-05-25 13:35:46 -07:00
Hayden Roche
3cf636163b Fix EVP_CTRL_GCM_IV_GEN with AES-GCM. 
Discovered the AES-GCM flow using this command didn't work in our OpenSSH port.
This commit makes the behavior match OpenSSL and adds testing using known
OpenSSL-generated test vectors to prevent regressions. This was one of those
problems where two ends of a connection would work fine if they were both using
wolfSSL but not if one was using OpenSSL (i.e. OpenSSH interop with AES-GCM
was broken).
 2022-05-25 07:00:15 -07:00
JacobBarthelmeh
a1fb385450 free recipent list in error cases 2022-05-24 15:12:39 -07:00
David Garske
74cbd08ff5 Merge pull request #5164 from cconlon/x509date 
Remove WOLFSSL_ALT_NAMES restriction on notBefore/notAfter use in Cert struct
 2022-05-24 12:41:00 -07:00
Chris Conlon
6a26dab73a X.509 cert validity for CertFromX509() and EncodeCert() shouldn't be protected by WOLFSSL_ALT_NAMES 2022-05-24 10:28:46 -06:00
David Garske
b5d65b9579 Merge pull request #5159 from kareem-wolfssl/fipsv3HmacMd5 
Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary.
 2022-05-20 18:40:29 -07:00
David Garske
9a74745246 Merge pull request #5163 from haydenroche5/evp_pkey_derive_guard 
Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive.
 2022-05-20 17:12:24 -07:00
David Garske
d80b282fdd Merge pull request #5156 from anhu/HAVE_AES_GCM 
Rename HAVE_AES_GCM guard to HAVE_AESGCM in the tests.
 2022-05-20 15:03:57 -07:00
Hayden Roche
a6b948ae59 Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive. 2022-05-20 11:29:01 -07:00
Hayden Roche
6d9fbf7ab3 Provide access to "Finished" messages outside the compat layer. 
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
 2022-05-19 16:34:13 -07:00
Kareem
832a7a40a6 Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary. 2022-05-19 12:06:20 -07:00
Anthony Hu
cf81ae79e4 HAVE_AESGCM 2022-05-19 11:30:58 -04:00
Anthony Hu
9c2903c176 Remove HAVE_AES_GCM guard as it is never defined. 2022-05-19 01:20:55 -04:00
John Safranek
40063f7487 Merge pull request #5109 from rizlik/dtls_peer_matching_fix 
wolfio: dtls: fix incorrect peer matching check
 2022-05-18 09:12:26 -07:00
David Garske
c9ae021427 Merge pull request #5143 from julek-wolfssl/x509-ret-empty-name 
Return subject and issuer X509_NAME obj even when not set
 2022-05-17 09:16:54 -07:00
David Garske
ec619e3f35 Merge pull request #5107 from julek-wolfssl/wpas-ex-data-leak 
Call ctx->rem_sess_cb when a session is about to be invalid
 2022-05-16 13:27:08 -07:00
Juliusz Sosinowicz
7f8f0dcffe Refactor cache ex_data update/retrieve into one function 
- Add explicit pointer cast
 2022-05-16 13:01:05 +02:00
Juliusz Sosinowicz
d996086a6d Return subject and issuer X509_NAME obj even when not set 
This allows the user to set the attributes of the subject and issuer name by calling X509_REQ_get_subject_name and adding attributes to it.
 2022-05-16 12:49:34 +02:00
JacobBarthelmeh
fb9b96d498 fix for index increment and change test case expected return values 2022-05-13 14:07:29 -07:00
David Garske
1a57e3065a Small cleanups. Missing (void), spelling and formatting. Also fixes for variations of 25519/448 build. 2022-05-13 09:24:59 -07:00
Marco Oliverio
27e73818c5 tests: run test_wolfSSL_dtls_export() over UDP instead of TCP 2022-05-11 12:20:15 +02:00
Marco Oliverio
692a01238e tests: support udp in test_server_nofail() 2022-05-11 12:19:09 +02:00
Juliusz Sosinowicz
b6b007de3c Call ctx->rem_sess_cb when a session is about to be invalid 
Allow the user to register a session remove callback with wolfSSL_CTX_sess_set_remove_cb() that will be called when the session is about to be free'd or evicted from cache.
 2022-05-06 16:34:28 +02:00
David Garske
48cb185ce9 Merge pull request #5096 from JacobBarthelmeh/Testing 
- static analysis test fixes
 2022-05-02 10:05:08 -07:00
JacobBarthelmeh
14ff3d1f0f fix for macro guard with test case building with trusted peer certs 2022-04-29 14:46:35 -07:00
Jacob Barthelmeh
9d7a02b28e remove uint from test case and put variable declaration at top of scope 2022-04-29 10:40:44 -06:00
Sean Parkinson
ef4d484f85 Move delaration to before code statements. 2022-04-29 08:13:20 +10:00
David Garske
1d64c735ce Merge pull request #5086 from elms/cmake/ocsp_crl 
cmake: Add CRL, OCSP, and OCSP stapling options
 2022-04-27 09:31:51 -07:00
Sean Parkinson
ac48438bd0 Can't declare variables in for statements 2022-04-27 11:10:53 +10:00
elms
ec38048711 cmake: Add CRL, OCSP, and OCSP stapling options 2022-04-26 16:23:46 -07:00
Chris Conlon
a6d019ecf9 Merge pull request #5073 from JacobBarthelmeh/PKCS7 2022-04-26 14:41:13 -06:00
David Garske
cbc27f7de4 Merge pull request #5085 from douzzer/20220426-multi-test 
20220426 multi-test fixups
 2022-04-26 11:15:59 -07:00
John Safranek
7436a41bc7 Merge pull request #5046 from SparkiDev/cppcheck_fixes_8 
cppcheck: fixes
 2022-04-26 10:37:42 -07:00
Daniel Pouzzner
2c5db7b64c fix whitespace. 2022-04-26 09:57:25 -05:00
Sean Parkinson
8737d46bb1 Merge pull request #5018 from haydenroche5/libspdm 
Make changes to compatibility layer to support libspdm.
 2022-04-26 09:55:22 +10:00
Sean Parkinson
d362b6dd08 Merge pull request #5033 from haydenroche5/ec_key_print_fp 
Add wolfSSL_EC_KEY_print_fp to compat layer.
 2022-04-26 09:51:37 +10:00