Commit Graph

33 Commits

Author SHA1 Message Date
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
JacobBarthelmeh c9bcbd8c52 fix for dead code warning CID444417 2024-12-30 16:14:28 -07:00
David Garske 14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
David Garske ef67b1c06a Support for building without wolfssl/openssl header files. ZD 18465
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
2024-11-20 12:32:32 -08:00
Colton Willey 55be5035a0 Merge branch 'master' of github.com:ColtonWilley/wolfssl into crl_update_cb 2024-11-18 09:52:51 -08:00
Colton Willey 6f0bcac737 Address review comments, rename WOLFSSL_INTER_CA, use up_ref for get issuer 2024-10-23 16:55:34 -05:00
Colton Willey 87ce96527a Changes for various failing build configs 2024-10-23 16:55:34 -05:00
Colton Willey f0fae6506f Fix windows warnings 2024-10-23 16:55:34 -05:00
Colton Willey 17c9e92b7f Initial rewrite of X509 STORE to replicate openssl behavior 2024-10-23 16:55:34 -05:00
Colton Willey 183aef241c CRL improvements, add parsing for CRL number, do not allow CRL duplicates, add callback for when CRL entry is updated. 2024-09-23 11:52:39 -07:00
Juliusz Sosinowicz ae6c872797 Add crl error override callback 2024-09-18 11:58:53 +02:00
Juliusz Sosinowicz a6a40de249 init sssd support
- Refactor OCSP to separate IO callback
- wolfSSL_BIO_reset: fix return
- CheckCertCRL_ex: return CRL_CERT_DATE_ERR instead of ASN_AFTER_DATE_E
- CheckCertCRL_ex: return most relevant error code
- i2d/d2i APIs: correct parameters handling and return codes
- Custom ASN1 structures: major refactor to make it much more versatile
- Use WOLFSSL_ASSERT_SIZEOF_GE where applicable
- wolfSSL_EVP_SignFinal: implement ecc
- wolfSSL_EVP_VerifyFinal: implement ecc
- OBJ_NAME_do_all: bring closer to OpenSSL functionality
- Correct return of *_push api
- Implement:
  - OCSP_REQ_CTX API
  - d2i_ECPKParameters
  - wolfSSL_sk_insert
  - OCSP_parse_url
  - X509_STORE_set1_param
  - X509_get0_subject_key_id
  - X509_OBJECT_retrieve_by_subject
  - OCSP_sendreq_nbio
2024-08-16 17:22:41 +02:00
Andras Fekete d350ba6c41 remove NULL test with XFREE arguments with dereference 2024-08-06 10:44:59 -04:00
David Garske 548a2c6d8e Fixed issues building with nocrypt. Improved logic on ASN_BER_TO_DER. Improved logic on unknown extension callback (new WC_ASN_UNKNOWN_EXT_CB gate). 2024-07-31 09:42:46 -07:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Marco Oliverio fe932b893c fixup! csrv2multi: pending ca list 2024-07-04 10:21:20 +02:00
Sean Parkinson 3e3a00dafd Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87
Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard.
Implementation include making a key, signing and verification.
Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.
2024-06-19 21:27:01 +10:00
Juliusz Sosinowicz 4caef93346 Implement transient certs
Add wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to store.
2024-02-20 14:33:36 +01:00
gojimmypi bf29066d70 Add wolfSSL debug messages 2024-02-08 17:22:36 -08:00
Anthony Hu dfc10741a5 Adding unknown extension callback to CertManager 2024-01-31 16:27:07 -05:00
John Bland 66f04958e3 use wolfSSL_CTX_new_ex for heap hint support 2024-01-19 11:20:50 -05:00
John Bland d1a3646d5c add heap hint support for a few of the x509 functions 2024-01-17 11:26:52 -05:00
Sean Parkinson 54f2d56300 ssl.c: Move out crypto compat APIs
ssl_crypto.c contains OpenSSL compatibility APIS for:
 - MD4, MD5, SHA/SHA-1, SHA2, SHA3
 - HMAC, CMAC
 - DES, DES3, AES, RC4
API implementations reworked.
Tests added for coverage.
TODOs for future enhancements.
2023-11-08 19:43:18 +10:00
Juliusz Sosinowicz 1ae248018f Implement untrusted certs in wolfSSL_X509_STORE_CTX_init 2023-10-18 22:24:19 +02:00
JacobBarthelmeh ae3fdbec47 add free in error case CID 327286 2023-10-16 13:59:05 -06:00
kaleb-himes e51399ca0f Do the success checkout out front 2023-10-05 17:05:36 -06:00
kaleb-himes 4bb6c51d2d Fix -4 return code when expected BAD_FUNC_ARG(-173) 2023-10-05 14:20:37 -06:00
jordan d4ba2e50d4 Used codespell and fixed obvious typos. 2023-08-17 15:20:10 -05:00
Dimitri Papadopoulos 6d9c85a762 Fix typos found by codespell 2023-07-27 23:38:44 +02:00
John Bland a9c9662124 fix bad & statement that was setting ocspSendNonce
to 1 when WOLFSSL_OCSP_NO_NONCE was selected
related to but doesn't solve zd 16377
2023-07-24 16:51:10 -04:00
Sean Parkinson 2c9609039d Type conversion fixes: make explicit
Changed to types and casting so that there are no implcit conversion
warnings (gcc -Wconversion) in these files.
2023-07-13 08:36:02 +10:00
David Garske 770590a3be Rebase fix to add back set_verify call in CertManagerLoadCA. Fix API tests for bad date check. Various spelling fixes. 2023-07-07 15:08:08 -07:00
Sean Parkinson 3af87f6f93 Moved CertManager APIs into own file
Split out certificate manager APIs into ssl_certman.c.
ssl.c includes ssl_certman.c
Better test coverage.
Minor fixes.
wolfSSL_X509_chain_up_ref calls XFREE with name->heap but name may be
NULL. Check for NULL first.
2023-07-07 15:08:08 -07:00