Commit Graph

340 Commits

Author SHA1 Message Date
Sean Parkinson 1b5d0c75b8 wolfSSL_EVP_get_cipherbyname: case compare
Accept any case alternatives to name or alias.
Remove case only different aliases.
Tidy up formatting in function.
2022-01-17 09:39:16 +10:00
Daniel Pouzzner d4aa6bd1fc wolfcrypt/src/evp.c: fixes for cppcheck complaints: bufferAccessOutOfBounds nullPointerRedundantCheck 2022-01-08 00:29:47 -06:00
Daniel Pouzzner aa05eb2879 wolfcrypt/src/evp.c: fix wolfSSL_EVP_CIPHER_CTX_ctrl() null pointer passed to XMEMCPY(), found by sanitizers under gcc-11.2.1. 2021-12-27 17:59:28 -06:00
David Garske dec78169bf Merge pull request #4658 from julek-wolfssl/apache-2.4.51
Add Apache 2.4.51 support
2021-12-16 08:52:10 -08:00
Juliusz Sosinowicz e78f7f734e Add Apache 2.4.51 support
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
2021-12-16 12:39:38 +01:00
Daniel Pouzzner 355b779a3e feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c. 2021-12-11 14:08:04 -06:00
Juliusz Sosinowicz 223f25149b Return early on failed key init 2021-12-07 18:11:19 +01:00
Juliusz Sosinowicz 96b8b11fba a and key were not being freed => leak in PrintPubKeyEC 2021-12-06 12:03:02 +01:00
Juliusz Sosinowicz 82a9f74476 Compat updates
- implement `wolfSSL_PEM_X509_INFO_read`
- `wolfSSL_EVP_CipherUpdate` no-ops on `NULL` input
- add md4 support to `wolfSSL_EVP_MD_block_size` and `wolfSSL_EVP_MD_size`
2021-11-22 11:45:27 +01:00
David Garske 5182e2a8c8 Merge pull request #4580 from kareem-wolfssl/minor_fixes
Check ssl->arrays in SendClientHello to avoid null dereference.  Allow building with fallthrough defined.
2021-11-19 16:55:01 -08:00
Kareem 72d4dcce0f Fix updated FALL_THROUGH macro. Fix a couple of case statements and remove a trailing whitespace. 2021-11-19 14:13:02 -07:00
kaleb-himes 4324cf8f0a Correct cast from uint to uchar 2021-11-18 10:18:25 -07:00
kaleb-himes 6bb86cf4da OE30 and OE31 changes external to FIPS module for NetBSD builds 2021-11-10 15:16:21 -07:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
John Safranek 75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner 8c3cbf84f9 add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256. 2021-10-26 20:24:27 -05:00
Sean Parkinson 817cd2f2a6 Merge pull request #4487 from haydenroche5/openssh
Make several changes to support OpenSSH 8.5p1.
2021-10-21 08:59:38 +10:00
Hayden Roche 864f913454 Make several changes to support OpenSSH 8.5p1.
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
2021-10-20 11:00:42 -07:00
David Garske a03ed32380 Support for Android KeyStore compatibility API's:
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
2021-10-19 17:04:18 -07:00
Sean Parkinson f04380d624 Merge pull request #4475 from douzzer/fix-scan-build-UnreachableCode
scan-build LLVM-13 fixes and expanded coverage
2021-10-20 08:30:46 +10:00
Daniel Pouzzner 62822be6ce scan-build LLVM-13 fixes and expanded coverage: add WC_UNUSED and PRAGMA_CLANG_DIAG_{PUSH,POP} macros; deploy "#ifndef __clang_analyzer__" as needed; fix violations and suppress false positives of -Wunreachable-code-break, -Wunreachable-code-return, and -enable-checker alpha.deadcode.UnreachableCode; expand scan-build clean build scope to --enable-all --enable-sp-math-all. 2021-10-18 21:46:09 -05:00
Eric Blankenhorn 1396c46281 Fix build errors with NO_BIO config 2021-10-14 09:06:54 -05:00
Chris Conlon 9e4ab9b638 Add BIO_up_ref(), PEM_read_DHparam(), EVP_MD_nid() (#4348)
* add BIO_up_ref

* add PEM_read_DHparams()

* add EVP_MD_nid()

* exclude PEM_read_DHparams when NO_FILESYSTEM defined

* review feedback: single threaded, indents, EVP_MD_nid
2021-09-27 08:20:37 +10:00
TakayukiMatsuo 90116a2873 Add support for wolfSSL_EVP_PBE_scrypt (#4345) 2021-09-03 15:49:02 +10:00
TakayukiMatsuo 56843fbefd Add support for EVP_sha512_224/256 (#4257) 2021-09-02 14:05:07 +10:00
John Safranek 078d49ea6f Merge pull request #4333 from dgarske/evp_devid
EVP key support for heap hint and crypto callbacks
2021-08-30 11:59:27 -07:00
John Safranek 3f2abef212 Merge pull request #4321 from haydenroche5/libimobiledevice
Make changes to support libimobiledevice.
2021-08-24 17:19:26 -07:00
David Garske b8263f44f7 Added new EVP API for creating a private key for use with crypto callbacks. Improvements to heap hint and devId with EVP layer. 2021-08-24 12:14:44 -07:00
Hayden Roche 7ff1351971 Make changes to support libimobiledevice.
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
2021-08-24 08:52:43 -07:00
Sean Parkinson 4bfd0443a7 OpenSSL Extra builds: fixes from nightly builds failing
Prototype is required when internal.h is not included and GetCA is not
defined.

wolfSSL_EVP_CIPHER_CTX_set_iv_length() is called with CBC cipher in
api.c. Function is not specificly for GCM, though not strictly needed
for CBC.
2021-08-23 12:55:27 +10:00
David Garske c5f9e55567 Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled. 2021-08-18 11:30:18 -07:00
David Garske ec4e336866 Merge pull request #4299 from haydenroche5/evp_pkey_dec_enc_improvements
Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
2021-08-13 08:10:20 -07:00
Hayden Roche 3be13f7358 Make improvements to wolfSSL_EVP_PKEY_encrypt and wolfSSL_EVP_PKEY_decrypt.
- Handle case where output buffer is NULL. In this case, passed in output buffer
  length pointer should be given the maximum output buffer size needed.
- Add better debug messages.
2021-08-12 18:46:15 -07:00
Juliusz Sosinowicz 7dea1dcd39 OpenResty 1.13.6.2 and 1.19.3.1 support
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list

# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
Chris Conlon fdbe3f0ff1 Merge pull request #4258 from miyazakh/evp_md_do_all
add EVP_MD_do_all and OBJ_NAME_do_all support
2021-08-04 12:17:27 -06:00
Chris Conlon d64768abff Merge pull request #4265 from miyazakh/ecc_pubkey
update der size in actual length
2021-08-03 16:41:36 -06:00
Hayden Roche dc7ae37f7a Make changes to support port of NTP from OpenSSL to wolfSSL. 2021-08-02 13:33:18 -07:00
TakayukiMatsuo 0dc98b8299 Add support for EVP_shake128/256 2021-08-02 13:00:31 +09:00
Hideki Miyazaki b27b4768ae fix jenkins failure 2021-07-31 18:26:07 +09:00
Hideki Miyazaki 447705a2cb fix jenkins failure 2021-07-30 10:21:16 +09:00
Hideki Miyazaki 2b43052f36 update pkey sz in actual length 2021-07-29 23:28:10 +09:00
Hideki Miyazaki e333632ad0 add obj_name_do_all 2021-07-29 14:37:10 +09:00
Hideki Miyazaki b2b5d4e603 add evp_md_do_all 2021-07-29 08:59:26 +09:00
Chris Conlon 2dac9a2a81 Merge pull request #4228 from miyazakh/EVP_blake2xx
add EVP_blake2 compatibility layer API
2021-07-27 11:45:37 -06:00
Juliusz Sosinowicz 9f7aa32662 Fix merge conflict resolution in ECC_populate_EVP_PKEY 2021-07-23 18:14:54 +02:00
Juliusz Sosinowicz 10168e093a Rebase fixes 2021-07-23 18:14:54 +02:00
Juliusz Sosinowicz c7d6e26437 Fix DSA signature length
The length of the DSA signature is 40 bytes for N=160 but 64 bytes for N=256. New enum values are added for better clarity.
2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz 142ff6d885 Bind 9.11.22 2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz 553c930ecb dot system test passed 2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz 69948b3648 WIP 2021-07-23 18:14:18 +02:00