Commit Graph

79 Commits

Author SHA1 Message Date
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
JacobBarthelmeh 4ad1b52108 Merge pull request #3824 from julek-wolfssl/ssl-bio-use-chain
WOLFSSL_BIO_SSL BIO should use remaining chain for IO
2021-03-10 18:21:09 +07:00
Juliusz Sosinowicz d7838155e5 WOLFSSL_BIO_SSL BIO should use remaining chain for IO
This is accomplished by passing the next BIO in the chain in to the `wolfSSL_set_bio` API.
2021-03-10 10:13:42 +01:00
TakayukiMatsuo 871933e3e8 Add s comment to wolfSSL_BIO_tell 2021-03-04 15:41:03 +09:00
TakayukiMatsuo 362d2a2d68 Moved int pos declaration at the top the func 2021-02-24 01:07:45 +09:00
TakayukiMatsuo 9e4dcfb66c Add wolfSSL_BIO_tell 2021-02-23 11:12:12 +09:00
Juliusz Sosinowicz 77c730361e Jenkins fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz 7df8f2e2bb Internal unit tests 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 753a3babc8 OpenSSL Compat layer
Implement/stub:
- wolfSSL_NCONF_get_number
- wolfSSL_EVP_PKEY_CTX_ctrl_str
- wolfSSL_PKCS12_verify_mac
- wc_PKCS12_verify_ex
- wolfSSL_BIO_new_fd
- wolfSSL_X509_sign_ctx
- wolfSSL_ASN1_STRING_cmp
- wolfSSL_ASN1_TIME_set_string
- X509V3_EXT_add_nconf
- X509V3_set_nconf
Implement TXT_DB functionality:
- wolfSSL_TXT_DB_read
- wolfSSL_TXT_DB_free
- wolfSSL_TXT_DB_create_index
- wolfSSL_TXT_DB_get_by_index
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 4aa30d0bde Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 1a50d8e028 WIP
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz a7ec58003e PKCS7 changes
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
2020-12-17 14:26:49 +01:00
Elms 86b2118550 Address some cppcheck issues 2020-10-19 11:47:53 -07:00
David Garske 6d5731b8e9 Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with WOLFSSL_SMALL_STACK_CACHE. Added return code checking and cleanup for openssl_test. 2020-08-26 09:45:26 -07:00
Tesfa Mael 890500c1b1 Fix Coverity 2020-07-08 08:20:43 -07:00
Eric Blankenhorn 1487917214 Fix EVP_MD_CTX_type to return NID 2020-04-14 14:27:21 -05:00
Jacob Barthelmeh 51d55ed1c8 account for different peer certificate in test case, g++ build fix, static memory size increase 2020-02-20 17:28:33 -06:00
Eric Blankenhorn 258382048d Fix test failures 2020-02-20 17:28:33 -06:00
Jacob Barthelmeh 65732c2269 add bio retry and set close tests 2020-02-20 17:28:32 -06:00
Jacob Barthelmeh 3137312911 update to implementation of BIO_MD type 2020-02-20 17:28:32 -06:00
Sean Parkinson 55ea2facdd Changes to clear issues raised by cppcheck 2020-01-30 14:24:32 +10:00
JacobBarthelmeh 6b4551c012 Merge pull request #2654 from cariepointer/qt-512-513
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
David Garske 9a4614f6e1 Fix for possible uninitialized memSz in bio.c 2019-11-19 05:35:22 -08:00
David Garske ca5549ae91 Improvements for XFTELL return code and MAX_WOLFSSL_FILE_SIZE checking.
Fixes #2527
2019-11-18 13:49:06 -08:00
David Garske 2bae1d27a1 wolfSSL Compatibility support for OpenVPN
* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
2019-11-11 14:58:23 -08:00
JacobBarthelmeh c3e99e1394 Merge pull request #2510 from tmael/bio_base64
Fix a return value from wolfSSL_BIO_BASE64_write()
2019-10-14 15:44:14 -06:00
Jacob Barthelmeh f2a3da94b6 refactor some openssl extra functions for cryptonly use 2019-10-11 16:40:08 -06:00
Tesfa Mael ccc500e13f Correct return value from wolfSSL_BIO_BASE64_write() 2019-10-11 14:52:53 -07:00
Tesfa Mael a84fbeae6b Fix for a memory BIO and handle BIO chains 2019-10-08 12:26:54 -07:00
David Garske 4c89a21d12 Updates from peer review. Refactor to combine some BIO elements into ptr. Revert change to BIO_set_fd. 2019-09-27 11:19:42 -07:00
David Garske 606b76d06e Fix for WPAS certificate size difference. Fix so BIO_METHOD is compatible. Moved BIO stuff into bio.h. 2019-09-26 08:42:35 -07:00
David Garske a5f9d38c0d Remove the BIO method custom... its not compat. Fix bio->ptr to be void*. 2019-09-26 08:42:35 -07:00
David Garske 872d222b59 * Adds the following openssl compatibility API's:
- SSL_CIPHER_get_id
  - SSL_CIPHER_get_rfc_name
  - SSL_get_cipher_by_value
  - X509_print_ex
  - X509_NAME_add_entry_by_NID
  - X509_time_adj
  - X509_time_adj_ex
  - DTLSv1_get_timeout
  - DTLSv1_handle_timeout
  - DTLSv1_set_initial_timeout_duration
  - SSL_CTX_set_current_time_cb
  - PEM_write_bio_RSA_PUBKEY
  - PEM_read_bio_RSA_PUBKEY
  - PEM_write_bio_PUBKEY
  - EVP_PKEY_missing_parameters
  - EVP_PKEY_cmp
  - BN_is_negative
  - BIO_set_retry_write
* Improvements to the notBefore and notAfter date handling.
* Improvements to BIO and BIO_METHOD
  - Moved structure to public area to allow for dereferencing
  - Renamed members to provide compatibility.
  - Added support for custom BIO methods for read/write.
* Added advanced openssl compatibility test cases for key and certificate generation.
* Fix for `ASN1_STRING_set` to allow NULL data.
* Fix to populate public key information on `EVP_PKEY_assign_RSA` and `EVP_PKEY_assign_EC_KEY`.
* Fix naming for `X509_get_notBefore` and `X509_get_notAfter` functions.
* Added `wc_EccPublicKeyDerSize`.
* Improvements to `wc_RsaPublicKeyDerSize`, so dummy memory doesn't have to be allocated.
* Made the `wc_*PublicKeyDerSize` functions public.
* Eliminate use of snprintf for UTC to generalized time conversion in `wolfSSL_ASN1_TIME_to_generalizedtime`.
2019-09-26 08:42:35 -07:00
cariepointer 2dafd2102c Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.

* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.

* Fix to expose `ASN1_UTCTIME_print` stub.

* Pulled in `wolfSSL_X509_get_ext_count` from QT.

* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.

* Added `wolfSSL_ERR_print_errors`.

* Added `BIO_set_nbio` template.

* Fixes for building with Apache httpd.

* Added DH prime functions required for Apache httpd.

* Fix and move the BN DH prime macros.

* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.

* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.

* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.

* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.

* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.

* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg

* add BIO_set_nbio, ERR_print_errors and tests

* add X509 INFO stack push function

* Add ASN1_UTCTIME_print and unit test

* Add X509_get_ext_count unit test

* initial commit of wolfSSL_PEM_X509_INFO_read_bio

* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.

* Cleanup sk X509 NAME/INFO pop free template.

* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.

* Added `TLS_client_method` support.

* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.

* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.

* add test cases for PEM_X509_INFO_read_bio

* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.

* Apache httpd compatibility functions. BIO setter/getters.

* implement ASN1_TIME_check and add test case

* add SSL_get_client_CA_list

* add initial implementation of wolfSSL_DH_set0_pqg

* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create

* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup

* Add sk_SSL_COMP_num and SSL_COMP struct

* implement and test of SSL_SESSION_print

* add SSL_CTX_set_client_cert_cb

* expand BIO_printf and add test case

* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.

* add implementation for wolfSSL_get_server_tmp_key

* add wolfSSL_BIO_puts and test case

* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data

* add helper for bio flag set and null x509 stack

* add test adn implementation for wolfSSL_i2d_PrivateKey

* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.

* add wolfSSL_PEM_read_bio_ECPKParameters

* add BIO_vfree

* add X509_up_ref

* add X509_STORE_CTX_set_ex_data

* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string

* add wolfSSL_EVP_PKEY_ref_up function

* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs

* add X509_set_issuer_name

* add wolfSSL_sk_SSL_CIPHER_* functions and tests

* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION

* fix casting to avoid clang warning

* adjust test_wolfSSL_X509_STORE_CTX test case

* Added `OpenSSL_version`

* renegotiate functions and additional stack functions

* add aditional stub functions

* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.

* add ocsp stub functions

* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.

* x509 extension stack additions

* Fixed template for `OCSP_id_get0_info`.

* add X509 stub functions

* add X509_STORE_CTX_get0_store() and unit test

* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.

* x509v3 stubs and req add extensions

* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions

* wolfSSL_set_alpn_protos implementation

* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for  `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.

* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.

* add X509_STORE_CTX_get0_current_issuer and unit test

* add OBJ_cmp and unit test

* add RSA_get0_key and unit test

* add OCSP_check_nonce

* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.

* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.

* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests

* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h

* inital implementation of wolfSSL_X509_sign

* add debugging messages and set data for BIO's

* Add i2d_OCSP_REQUEST_bio.

* implementation of some WOLFSSL_BIO_METHOD custom functions

* fix for ASN time structure and remove log node

* initial eNULL support and sanity checks

* fixes after rebasing code

* adjust test cases and ASN1_TIME print

* Various fixes for memory leaks

* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function

* Add initial X509_STORE_load_locations stub for Apache

* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions

* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates

* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation

* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation

* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param

* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0

* Add OBJ_nid2ln implementation

* Fix compile errors in tests/api.c for some build options

* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile

* Add X509_STORE_load_locations unit test and minor error handling fixes

* Add unit test for X509_sign

* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages

* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg

* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param

* Stack fixes after rebase

* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak

* Move enc-then-mac enable option in configure.ac for apache httpd compatibility

* Simplify wolfSSL_SSL_in_connect_init logic

* Remove unneeded wolfSSL_CertManagerLoadCRL_ex

* Fixes for jenkins test failures

* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 17:11:10 -07:00
David Garske 074e770c98 * Fix to ensure user_settings.h can be included for bio.c and evp.c when IDE or compiler tries to build it directly. Allows for wildcard .c include along with WOLFSSL_IGNORE_FILE_WARN.
* Fix for building SP cortex M without RSA.
* Fix for type-cast warning with STSAFE-A100.
* Improved the RNG seed test to prevent type-case warning.
2019-06-04 15:57:31 -07:00
John Safranek 246c444b93 Updates for v4.0.0
Update the copyright dates on all the source files to the current year.
2019-03-15 10:37:36 -07:00
David Garske 38303cf27b More spelling fixes. 2019-02-26 10:47:42 -08:00
Takashi Kojo 4d03b55fef XBADFILE in bio.c 2018-09-25 15:39:55 +09:00
Go Hosohara fd634141bd wolfSSL_get_rbio,wolfSSL_get_wbio.
fix to check XBADFILE in wolfSSL_BIO_write_file.
2018-09-25 15:39:55 +09:00
Takashi Kojo e6612b34f7 use XFILE, BADFILE, XFxxxx 2018-09-25 15:39:54 +09:00
David Garske f23915baa1 Fix for BIO ssl case, which is not supported (for the Boost.Asio project this isn't required either). 2018-08-14 12:44:31 -06:00
David Garske ff7d2fefdc Fix for DH max size calc not including DH_Pub. 2018-08-14 12:22:18 -06:00
David Garske eca64717be Fix for BIO_wpending to work correctly. 2018-08-14 12:22:18 -06:00
Eric Blankenhorn 6a6f5d01b4 Fix for zd4060 2018-07-17 14:20:14 -05:00
Eric Blankenhorn 9bc0e0c4fc Static analysis fixes (#1658)
* Static analysis fixes
* Fixes for zd4071, zd4074, zd4093-zd4094, zd4096, zd4097-zd4104.
* Add test cases.
2018-07-13 09:02:09 -07:00
Eric Blankenhorn 36b9b0b558 Updates from code review 2018-04-06 17:29:27 -05:00
Eric Blankenhorn 86767e727c Fixes for CID 185033 185028 185142 185064 185068 185079 185147 2018-04-06 13:15:16 -05:00