Commit Graph

3031 Commits

Author SHA1 Message Date
Sean Parkinson d5c27fca7d Merge pull request #4626 from JacobBarthelmeh/certs
add human readable string of IP
2021-12-07 08:23:31 +10:00
Chris Conlon e45c33a771 Merge pull request #4624 from miyazakh/jenkins_qt_failure 2021-12-06 09:53:34 -07:00
Jacob Barthelmeh 1ec86ee4cc add human readable string of IP 2021-12-02 16:04:58 -07:00
David Garske b4c6140b64 Merge pull request #4442 from julek-wolfssl/kerberos
Add Kerberos 5 support
2021-12-02 09:07:34 -08:00
Hideki Miyazaki a5bd6cde8d fix nigtly jenkins Qt Job failure 2021-12-02 16:37:48 +09:00
Sean Parkinson d06ada2ccc Merge pull request #4610 from julek-wolfssl/nginx-1.21.4
Add support for Nginx 1.21.4
2021-12-01 22:27:12 +10:00
Juliusz Sosinowicz aac1b406df Add support for Nginx 1.21.4
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
2021-12-01 09:49:52 +01:00
David Garske a0300f7ab0 Fixes for ECDSA_Size. If group is unknown set to -1, otherwise defaults to first ECC index. Fix the signature size calculation to use our existing enum and calculation logic. ZD13303 2021-11-30 12:33:49 -08:00
David Garske 29517fd617 Merge pull request #4609 from danielinux/tls13_hkdf_callback
TLS 1.3: Add HKDF extract callback
2021-11-30 10:59:44 -08:00
Daniele Lacamera c3b1d9f9e7 Cosmetic and prototypes changes after reviewer's comments 2021-11-30 10:06:54 +01:00
Daniel Pouzzner a33ae21801 whitespace cleanups and portability/pedantic fixes 2021-11-29 23:58:39 -06:00
Chris Conlon 7221e06ff7 Merge pull request #4588 from miyazakh/sce_protect_mode_e2studio 2021-11-29 15:32:48 -07:00
Daniele Lacamera 57fb5453cb Support for HKDF Extract callback 2021-11-29 14:51:13 +01:00
Hideki Miyazaki fb4e39f00a addressed review comments prt1 2021-11-26 16:03:42 +09:00
David Garske dcc2a2852c Merge pull request #4590 from JacobBarthelmeh/fuzzing
sanity check on pem size
2021-11-22 16:09:13 -08:00
Juliusz Sosinowicz 0de4136ad6 Rebase fixes 2021-11-22 13:10:55 +01:00
Juliusz Sosinowicz 5fc2dadde1 Fix issue in wolfSSL_BN_rand_range causing random errors 2021-11-22 11:48:31 +01:00
Juliusz Sosinowicz 1d7b2de074 Code review changes 2021-11-22 11:48:31 +01:00
Juliusz Sosinowicz 3da810cb1b Implement OpenSSL API's
- `OBJ_DUP`
- `i2d_PKCS7`
- `BN_rshift1
- `BN_rshift` testing
- Add `--enable-krb`
2021-11-22 11:47:58 +01:00
Juliusz Sosinowicz e7c5f137be Implement BN_rand_range 2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz 82a9f74476 Compat updates
- implement `wolfSSL_PEM_X509_INFO_read`
- `wolfSSL_EVP_CipherUpdate` no-ops on `NULL` input
- add md4 support to `wolfSSL_EVP_MD_block_size` and `wolfSSL_EVP_MD_size`
2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz ccbe184434 Implement CTS
Ciphertext stealing on top of CBC is implemented with `wolfSSL_CRYPTO_cts128_encrypt` and `wolfSSL_CRYPTO_cts128_decrypt` APIs
2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz fa662c2ab1 AES_cbc_encrypt enc parameter flipped. 1 = encrypt 0 = decrypt
This change makes the `enc` parameter of `AES_cbc_encrypt` consistent with OpenSSL. This commit flips the meaning of this parameter now.
2021-11-22 11:45:27 +01:00
Jacob Barthelmeh 5d49847147 sanity check on pem size 2021-11-19 13:55:03 -07:00
Hideki Miyazaki f50fcd918e support Renesas RA SCE protect mode on RA6M4 evaluation board 2021-11-19 14:22:16 +09:00
David Garske 2841b5c93b Merge pull request #3010 from kaleb-himes/ZD10203
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
2021-11-18 14:47:25 -08:00
David Garske e33156d0dc Merge pull request #4578 from kaleb-himes/OE33_NON_FIPS_CHANGES
OE33: Fix issues found by XCODE and add user_settings.h
2021-11-18 06:59:43 -08:00
Masashi Honma cb3fc0c7ce Fix invalid return value of ASN1_INTEGER_get()
When DIGIT_BIT is less than SIZEOF_LONG * CHAR_BIT, ASN1_INTEGER_get() can
return invalid value. For example, with trailing program, ASN1_INTEGER_get()
unexpectedly returns -268435449 (0xf0000007) on i386.

On the i386 platform (DIGIT_BIT=28), the input value 0x7fffffff is separated
into 0xfffffff and 0x7 and stored in the dp array of mp_int. Previously,
wolfSSL_BN_get_word_1() returned 0xfffffff shifted by 28 bits plus 0x7, so this
patch fixed it to return 0xfffffff plus 0x7 shifted by 28 bits.

int main(void)
{
    ASN1_INTEGER *a;
    long val;
    int ret;

    a = ASN1_INTEGER_new();
    val = 0x7fffffff;
    ret = ASN1_INTEGER_set(a, val);
    if (ret != 1) {
        printf("ret=%d\n", ret);
    }

    if (ASN1_INTEGER_get(a) != val) {
        printf("ASN1_INTEGER_get=%ld\n", ASN1_INTEGER_get(a));
    }

    ASN1_INTEGER_free(a);

    return 0;
}

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-18 06:58:21 +09:00
kaleb-himes f638df3575 Fix issues found by XCODE and add user_settings.h
Disable internal test settings by default
2021-11-17 11:00:56 -07:00
Sean Parkinson d6219567c1 Merge pull request #4565 from dgarske/spelling
Fixes for spelling errors
2021-11-15 08:20:41 +10:00
David Garske a626a4fb02 Fixes for spelling errors. 2021-11-12 10:27:49 -08:00
Juliusz Sosinowicz 4112cd4b99 Make stack type an enum 2021-11-12 14:48:17 +01:00
Juliusz Sosinowicz 361975abbc Refactor sk_*_free functions
Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.
2021-11-12 13:55:37 +01:00
kaleb-himes 6547bcb44c Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA 2021-11-11 17:47:17 -07:00
Daniel Pouzzner 6d55f8e42a ssl.c: fixes for C++ pointer type hygiene. 2021-11-09 22:41:06 -06:00
Daniel Pouzzner ed0418c2a8 fix whitespace. 2021-11-09 22:17:38 -06:00
Sean Parkinson 8e0fdc64be Merge pull request #4522 from dgarske/static_eph
Fixes and refactor for static ephemeral key support
2021-11-10 08:22:51 +10:00
David Garske bd0f6736c5 Merge pull request #4513 from masap/wpa_sup_dpp
Fix X509_PUBKEY_set() to show correct algorithm and parameters
2021-11-09 10:26:59 -08:00
David Garske fe172ed9c1 Fix for generation of ephemeral key if static ephemeral is not set. 2021-11-09 10:14:23 -08:00
David Garske df82b01e68 Added x448 static ephemeral support. 2021-11-09 08:27:42 -08:00
David Garske e91439f2eb Fixes for static ephemeral key support with threading and possible use after free. 2021-11-09 08:25:47 -08:00
David Garske 4a04e56ac8 Fix to allow calls to get TLS session random even if wolfSSL_KeepArrays has not been called. 2021-11-09 08:23:19 -08:00
Daniel Pouzzner 25f74d4967 ssl.c: wolfSSL_UseALPN(): allocate char **token (2kB) on the heap, not the stack. 2021-11-08 17:35:10 -06:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Masashi Honma ee39fd079f Fix X509_PUBKEY_set() to show correct algorithm and parameters
When build with OpenSSL, trailing program outputs these messages.

algorithm: id-ecPublicKey
parameters: prime256v1

But with wolfSSL, X509_PUBKEY_get0_param() fails.
This patch fixes wolfSSL to display the same values as OpenSSL.

This program was extracted from wpa_supplicant in order to reproduce the
issue.

----------------
int main(void)
{
    EVP_PKEY *pkey;
    X509_PUBKEY *pub = NULL;
    ASN1_OBJECT *ppkalg, *poid;
    const ASN1_OBJECT *pa_oid;
    const uint8_t *pk;
    int ppklen, ptype;
    X509_ALGOR *pa;
    void *pval;
    char buf[100];
    const uint8_t data[] = {
        0x30, 0x39, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
        0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, 0x03, 0x33, 0x6d, 0xb4, 0xe9, 0xab,
        0xf1, 0x1c, 0x96, 0x87, 0x5e, 0x02, 0xcc, 0x92, 0xaf, 0xf6, 0xe1, 0xed, 0x2b, 0xb2, 0xb7, 0xcc,
        0x3f, 0xd2, 0xb5, 0x4e, 0x6f, 0x20, 0xc7, 0xea, 0x2f, 0x3f, 0x42
    };
    size_t data_len = sizeof(data);
    const uint8_t *p;
    int res;

    p = data;
    pkey = d2i_PUBKEY(NULL, &p, data_len);
    if (!pkey) {
        fprintf(stderr, "d2i_PUBKEY() failed\n");
        return -1;
    }

    if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) {
        fprintf(stderr, "invalid type\n");
        EVP_PKEY_free(pkey);
        return -1;
    }

    res = X509_PUBKEY_set(&pub, pkey);
    if (res != 1) {
        fprintf(stderr, "X509_PUBKEY_set() failed\n");
        return -1;
    }

    res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub);
    if (res != 1) {
        fprintf(stderr, "X509_PUBKEY_get0_param() failed\n");
        return -1;
    }
    res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0);
    if (res < 0 || (size_t) res >= sizeof(buf)) {
        fprintf(stderr, "OBJ_obj2txt() failed\n");
        return -1;
    }
    fprintf(stdout, "algorithm: %s\n", buf);

    X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa);
    if (ptype != V_ASN1_OBJECT) {
        fprintf(stderr, "X509_ALGOR_get0() failed\n");
        return -1;
    }
    poid = pval;
    res = OBJ_obj2txt(buf, sizeof(buf), poid, 0);
    if (res < 0 || (size_t) res >= sizeof(buf)) {
        fprintf(stderr, "OBJ_obj2txt() failed\n");
        return -1;
    }
    fprintf(stdout, "parameters: %s\n", buf);

    X509_PUBKEY_free(pub);
    EVP_PKEY_free(pkey);
    return 0;
}

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-09 07:30:58 +09:00
David Garske 4fe17cc143 Merge pull request #4527 from julek-wolfssl/zd13097
Fix a heap buffer overflow with mismatched PEM structure ZD13097
2021-11-05 08:50:28 -07:00
Chris Conlon ae84a2a326 Merge pull request #4293 from TakayukiMatsuo/set_min_proto
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
2021-11-04 14:59:34 -06:00
Juliusz Sosinowicz 1faa9e66b6 Check wolfSSL_BIO_read return 2021-11-04 15:34:33 +01:00
Anthony Hu 81def76b18 The NIST round 3 Falcon Signature Scheme integration. 2021-11-02 11:12:10 -04:00
Juliusz Sosinowicz 23487a4532 Fix a heap buffer overflow with mismatched PEM structure ZD13097 2021-11-02 11:31:22 +01:00