Commit Graph

6017 Commits

Author SHA1 Message Date
Chris Conlon a7d5e6400d add support for PKCS7_TEXT flag to PKCS7_verify() 2022-03-15 10:21:22 -06:00
Daniel Pouzzner 4966eb7897 Merge pull request #4944 from douzzer/20220310-asn-template-EncodeExtensions-overrun
wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions() and leak in ParseCRL_Extensions()
2022-03-13 21:21:07 -05:00
Sean Parkinson cdb45b12c5 Merge pull request #4884 from haydenroche5/i2d_x509_name_fix
Improve wolfSSL_i2d_X509_name.
2022-03-14 11:57:07 +10:00
Daniel Pouzzner fb0c9b2a66 ssl.c: use InitHandshakeHashes(), not FreeHandshakeHashes(), to reset ssl->hsHashes. 2022-03-11 16:26:24 -06:00
Daniel Pouzzner 82ab7bf32c ssl.c: fix hash state memory leaks in wolfSSL_clear() and wolfSSL_TicketKeyCb(). 2022-03-11 13:40:01 -06:00
Daniel Pouzzner 7602eef98f src/ssl.c: use strlcpy(), not strncpy(), to make string_fortified happy (else "error: ‘__builtin_strncpy’ specified bound 46 equals destination size"). 2022-03-11 08:15:44 -06:00
Sean Parkinson c3eab0dcdd Fixes from sanitizer build
Fix OID index in SetNameRdnItems for multi attributes.
Stop warning about strncpy to small.
Fix casting in ASN1_SIMPLE to use consistent type.
2022-03-11 14:27:50 +10:00
David Garske 570daa6a7f Enable support for STM32U585 and PQ on M4 2022-03-10 14:19:01 -05:00
David Garske b30ada1608 Merge pull request #4940 from ejohnstown/wolfrand
Fix wolfRand Build
2022-03-09 15:42:19 -08:00
Sean Parkinson 47895fe78d Merge pull request #4942 from dgarske/sp_math_opensslextra
Fixes to support building opensslextra with SP math
2022-03-10 08:53:21 +10:00
David Garske 141cf822f2 Merge pull request #4941 from douzzer/20220309-script-cleanup
20220309 script cleanup
2022-03-09 13:30:50 -08:00
Chris Conlon bcfe8bf2e2 Merge pull request #4933 from haydenroche5/x509_set_ext_ext_key_usage 2022-03-09 13:22:49 -07:00
David Garske 3a62857dbd Fixes to support building opensslextra with SP math. Disables some of the compatibility layer BN and ECC point handling. 2022-03-09 11:53:56 -08:00
John Safranek d6fb454063 Fix wolfRand Build
1. Remove the v3 FIPS build from configure and automake. This was for
   the old FIPS Ready build, which is now fixed to the certificate 3389
   configuration.
2. Remove AES-GCM, PKCS12, and SHA-3 from wolfRand build. They were
   getting reenabled later in the configure.
2022-03-09 10:35:39 -08:00
Daniel Pouzzner abfc788389 script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace. 2022-03-09 12:28:22 -06:00
Chris Conlon 70857f7b3c Merge pull request #4923 from miyazakh/set_bio
Set bio read/write flag obviously
2022-03-08 13:08:33 -07:00
David Garske a4229c6cf8 Merge pull request #4932 from SparkiDev/tls_hmac_fix
TLS HMAC: fix number of blocks to not process
2022-03-08 10:06:11 -08:00
David Garske 9b808bde20 Fixes for building with HAVE_EX_DATA no compat layer. 2022-03-07 17:20:58 -06:00
Hayden Roche 39d975a3c3 Add extended key usage support to wolfSSL_X509_set_ext. 2022-03-07 15:20:01 -08:00
Sean Parkinson 0a91d42f2c TLS HMAC: fix number of blocks to not process
Change made to line for static analysis.
Change was made incorrectly due to bracketting.
This fixes it.
2022-03-08 08:10:52 +10:00
Hideki Miyazaki a572c19268 set bio flag obviously
fix nightly Qt test
2022-03-06 07:41:36 +09:00
David Garske 3839b0e675 Fixes for building wolfSSL along side openssl. 2022-03-04 12:06:24 -08:00
David Garske 3a5f78b55a Merge pull request #4919 from julek-wolfssl/ZD13737
Reported in ZD13737
2022-03-03 08:22:11 -08:00
Sean Parkinson 63e4ba5854 Merge pull request #4906 from julek-wolfssl/ZD13606-master
Fix issues reported in ZD13606
2022-03-03 21:27:22 +10:00
Juliusz Sosinowicz bdb7399398 Reported in ZD13737
Implement `wolfSSL_BIO_eof` support for most available BIO's
2022-03-03 10:25:09 +01:00
Juliusz Sosinowicz c7c3ee00bb Address code review
- Use functions instead of accessing `BIO` members
- Add `wolfSSL_BIO_method_type`
2022-03-03 10:09:41 +01:00
Sean Parkinson 59970d94f5 Merge pull request #4908 from dgarske/tick_pad
Fix for padding in session tickets
2022-03-03 08:20:35 +10:00
David Garske d86122a5e7 Merge pull request #4909 from JacobBarthelmeh/PKCS12
refactor PKCS12 parse key creation
2022-03-02 12:37:06 -08:00
Jacob Barthelmeh aa18209c99 free buffer since pkey struct makes its own copy 2022-03-02 09:59:21 -07:00
David Garske 119f2d2651 Fix for padding in session tickets. Adds padding based on WOLFSSL_GENERAL_ALIGNMENT. Increases enc_len to 32-bit. Related to PR #4887 2022-03-01 15:40:57 -08:00
Sean Parkinson d1ba82d5e5 Merge pull request #4903 from julek-wolfssl/psk-resuming-certs
OpenSSL considers PSK resuming
2022-03-02 08:57:40 +10:00
Jacob Barthelmeh b03233a35e handle free'ing up items in fail case 2022-03-01 15:24:53 -07:00
Jacob Barthelmeh 45ff8af026 refactor PKCS12 parse key creation 2022-03-01 14:49:59 -07:00
David Garske 71056f6591 Merge pull request #4902 from SparkiDev/tlsx_usc_leak
TLSX: supported groups in temporary not always freed
2022-03-01 12:04:35 -08:00
Juliusz Sosinowicz a104cf887e Ticket failure should result in a regular handshake 2022-03-01 10:34:43 +01:00
Juliusz Sosinowicz 645f385031 Fix BioReceive for closed connection
The pending check was forcing a `WOLFSSL_CBIO_ERR_WANT_WRITE` return even though the underlying socket was closed and `WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY` was not set. The `wolfSSL_BIO_ctrl_pending(ssl->biord) == 0` is old and I can't find a reason to keep checking it. I left it just in the case where there is output data pending.
2022-03-01 10:34:20 +01:00
Juliusz Sosinowicz 5aef687414 OpenSSL considers PSK resuming
- `SSL_VERIFY_FAIL_IF_NO_PEER_CERT` check passes on a TLS 1.3 PSK connection that isn't a ticket
2022-03-01 10:09:24 +01:00
Juliusz Sosinowicz 92bd5a4076 Merge pull request #4891 from dgarske/multi_test 2022-02-28 15:28:39 +01:00
Sean Parkinson 350881b1bb TLSX: supported groups in temporary not always freed
Fix handling of errors so that temporary is always freed.
2022-02-28 11:40:58 +10:00
Sean Parkinson f3df4400d5 Merge pull request #4886 from dgarske/zd13745
Adds CSR userId support in subject name
2022-02-28 10:15:41 +10:00
Chris Conlon 870ff5b352 Merge pull request #4890 from miyazakh/objinfo
fix to use EXT_KEY_USAGE_OID in object_info
2022-02-25 16:02:48 -07:00
David Garske a2381ba954 Adds CSR userId support in subject name. Minor build fixes for ASN template. 2022-02-25 14:22:59 -08:00
David Garske 821fd3c898 Peer review fixes. Check idSz and add comment about session variable use. 2022-02-25 11:38:05 -08:00
David Garske a39a1c1d87 More fixups from cppcheck and clang-tidy. 2022-02-25 10:03:17 -08:00
Hayden Roche c33ae4c245 Improve wolfSSL_i2d_X509_NAME and wolfSSL_i2d_X509_NAME_canon.
Like other i2d functions, these functions should be able to take a NULL output
parameter and return the necessary output buffer size. This commit adds this
ability. This commit also removes some redundant code in wolfSSL_i2d_X509_NAME.
2022-02-24 14:48:52 -08:00
David Garske 269ab86002 Fixes for DoClientTicket changes. 2022-02-24 14:28:50 -08:00
David Garske c2987a9ef9 Fix for IPv6 sockaddr_len set but not read. 2022-02-24 14:09:08 -08:00
David Garske 6e24e21d5a Fix for heap pointer in wolfSSL_DupSession. 2022-02-24 12:56:39 -08:00
David Garske 2b794f03c1 Fixes for multi-test pass. Breaks from PR #4807. 2022-02-24 11:48:40 -08:00
Hideki Miyazaki de81447b2d fix to use EXT_KEY_USAGE_OID in object_info 2022-02-24 15:18:32 +09:00