Commit Graph

1735 Commits

Author SHA1 Message Date
Sean Parkinson 36a9cd3010 Merge pull request #3911 from TakayukiMatsuo/tk11851
Fix SSL_read behaving differently from openSSL after bidirectional shutdown
2021-06-11 10:25:39 +10:00
David Garske 624e150c7b Merge pull request #3827 from SparkiDev/tls13_psk_hash
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
2021-06-10 06:59:40 -07:00
Sean Parkinson 3ecb8d5a3e Merge pull request #4062 from dgarske/dh_key
DH Key and Params Export cleanups and Apache httpd fixes
2021-06-10 20:54:32 +10:00
Sean Parkinson 7e0c372e4c TLS 1.3 PSK: use the hash algorithm to choose cipher suite
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH

Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
2021-06-10 09:55:27 +10:00
David Garske c6c7dfd5db Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
David Garske a6edff7bd5 Merge pull request #4017 from SparkiDev/not_ecc_pk_cb
ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
2021-06-09 12:38:37 -07:00
Sean Parkinson 9580574382 Merge pull request #3999 from dgarske/user_io
Fixes for building with `WOLFSSL_USER_IO`
2021-06-09 08:55:36 +10:00
Sean Parkinson 70d2c838bb Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-09 08:52:05 +10:00
David Garske 6db0b42c7f * Refactor of DH key and param exports code (moved into asn.c) enabled with WOLFSSL_DH_EXTRA.
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
2021-06-08 09:27:26 -07:00
TakayukiMatsuo 0186d19aba Fix some coding style issues. 2021-06-08 16:25:28 +09:00
Sean Parkinson 88322b82a5 Merge pull request #3871 from julek-wolfssl/openvpn-master
OpenVPN additions and fixes
2021-06-08 13:54:14 +10:00
Sean Parkinson 8ee1dda2f9 Merge pull request #4001 from dgarske/time_long
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
David Garske 3e307aa626 Merge pull request #4091 from JacobBarthelmeh/Testing
add strict check on signature length
2021-06-07 11:02:02 -07:00
Jacob Barthelmeh f97ca1c1ca adjust test case and add useful comments 2021-06-07 19:44:05 +07:00
Sean Parkinson 898b9d5e24 Merge pull request #4084 from dgarske/sp_math_keygen
Fix for building SP small math only (no DH) with key generation
2021-06-07 10:48:01 +10:00
Jacob Barthelmeh c245c4a812 add strict check on signature length 2021-06-05 03:09:33 +07:00
Chris Conlon 961773b384 Merge pull request #4079 from lealem47/PKCS12UnitTest
Pkcs12 unit test
2021-06-03 16:07:54 -06:00
David Garske 21060afb80 Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error. 2021-06-03 10:56:54 -07:00
Chris Conlon 6cfb982740 Merge pull request #3981 from miyazakh/qt_oslext_cnf
Added compatibility layer API
2021-06-01 15:25:37 -06:00
Lealem Amedie 72fc7e62b8 Fixed spacing 2021-06-01 14:47:51 -06:00
kaleb-himes 94831eadf1 Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag 2021-06-01 11:38:17 -06:00
Lealem Amedie 03a5395b53 Fixed casting issue 2021-06-01 09:46:30 -06:00
Lealem Amedie 2db233d10e Added wolfssl_PKCS12_verify_mac testing in test_wolfSSL_PKCS12() function in api.c 2021-05-28 16:33:46 -06:00
TakayukiMatsuo d1e3be1f43 Replace return code from literal to value 2021-05-27 06:20:34 +09:00
David Garske 41af3da0e3 Merge pull request #4057 from SparkiDev/no_tls12_pkcb
TLS: fix build with no TLSv12 but PK callbacks
2021-05-25 15:26:40 -07:00
Hideki Miyazaki af67965f65 addressed jenkins failures part1 2021-05-26 06:07:48 +09:00
Hideki Miyazaki 33e91c577f added unit test cases for cmdline 2021-05-26 06:07:47 +09:00
Hideki Miyazaki 394c0b5cdc implemented CONF_cmd 2021-05-26 06:07:47 +09:00
Sean Parkinson e1bc0c4447 EVP AES-GCM Streaming: must free Aes
AES streaming implementation allocates data in Aes objects, when small
stack, that needs to be freed.
Fix memory leaks in streaming test case too.
2021-05-25 15:57:09 +10:00
Sean Parkinson 6747055d46 TLS: fix build with no TLSv12 but PK callbacks
./configure '--disable-tlsv12' '-enable-pkcallbacks'
Disable non-TLS13 cipher suite test as well.
2021-05-21 10:59:23 +10:00
Sean Parkinson 2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
TakayukiMatsuo 8c71fb4113 Add test cases for wc_ShaxxxUpdate funcs 2021-05-14 09:46:21 +09:00
Juliusz Sosinowicz 5865dc08dd Code review changes 2021-05-13 15:21:33 +02:00
Chris Conlon c75830e2e8 Merge pull request #4011 from miyazakh/set_verify_depth2
fix out of bound access when peer's chain is greater than verifyDepth + 1
2021-05-11 15:38:39 -06:00
David Garske fce9870a64 Merge pull request #4020 from ejohnstown/options-export
New Option Export/Import
2021-05-11 09:10:17 -07:00
John Safranek d74b74d156 Also adjust for v3 of export, and update the API test case. 2021-05-10 18:06:31 -07:00
David Garske db7888ceaa Fix for the unmodified check for AesCbc test. 2021-05-10 10:04:50 -07:00
Sean Parkinson 8779c3a884 ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
Fix ed25519 certificates.
Tidy up testsuite.c
2021-05-10 10:32:55 +10:00
David Garske c88afdef87 Fixes for building with WOLFSSL_USER_IO (with no built-in socket support). Related to issue #3998. 2021-05-06 11:07:05 -07:00
Hideki Miyazaki 2a39f1dc5c fixed memory leak 2021-05-06 16:55:51 +09:00
Hideki Miyazaki 93f04543b0 fixed unit test intermittent failure 2021-05-06 15:40:24 +09:00
Hideki Miyazaki 0539b99c86 fix boundary access when peer's chain is less than verifyDepth + 1 2021-05-06 14:54:16 +09:00
toddouska 014bd21df0 Merge pull request #3983 from tmael/tls_down
TLS minimum downgrade option
2021-05-05 15:38:45 -07:00
Hayden Roche 822aa92fcc Fix test_wolfSSL_CertManagerCheckOCSPResponse.
This test broke once we went past the nextUpdate time in the static, raw OCSP
response being used. This change makes it so that response is valid until 2048.
2021-05-03 15:26:39 -07:00
David Garske 6e0197e171 Merge pull request #4002 from kabuobeid/smime_fixes
S/MIME: Canonicalize multi-part messages before hashing.  Improve error checking in wc_MIME_parse_headers.
2021-05-03 09:24:43 -07:00
Kareem Abuobeid effcecf40d S/MIME: Add non-canonicalized test case 2021-04-30 15:07:37 -07:00
David Garske f8ecd4b441 Fixes for building with NO_ASN_TIME. If used with TLS user must supply LowResTimer and TimeNowInMilliseconds. 2021-04-30 15:04:31 -07:00
Chris Conlon 57e03d7e2f Merge pull request #3961 from miyazakh/qt_oslext_pskss_cb
added psk session callback compatibility layer API
2021-04-30 14:26:44 -06:00
TakayukiMatsuo c4782a7a1c Fix macro guard for wolfSSL_CRYPTO_get_ex_new_index and get_ex_new_index. 2021-04-28 10:41:49 +09:00
TakayukiMatsuo 9c0ff73370 Add wolfSSL_CRYPTO_get_ex_new_index 2021-04-28 10:38:53 +09:00