David Garske
dec78169bf
Merge pull request #4658 from julek-wolfssl/apache-2.4.51
...
Add Apache 2.4.51 support
2021-12-16 08:52:10 -08:00
Juliusz Sosinowicz
afa6237f56
Add WOLFSSL_FORCE_AUTO_RETRY option: force retrying of network reads
2021-12-16 15:33:30 +01:00
Juliusz Sosinowicz
017d6cf464
Simplify error queue macros
2021-12-16 12:39:58 +01:00
Juliusz Sosinowicz
e78f7f734e
Add Apache 2.4.51 support
...
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
2021-12-16 12:39:38 +01:00
David Garske
caf9024984
Merge pull request #4652 from douzzer/no-rsa-no-dh-no-dsa
...
WOLFSSL_ECC_NO_SMALL_STACK etc
2021-12-13 10:12:14 -08:00
Daniel Pouzzner
355b779a3e
feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c.
2021-12-11 14:08:04 -06:00
Anthony Hu
4c12f0be95
Only one call to wc_falcon_init() and comment on 300.
2021-12-10 16:40:41 -05:00
Anthony Hu
1d8ff70900
In d2iGenericKey(), if a falcon key is encountered, make a dummy pkey.
...
This allows apache-httpd to work without PQ-specific patch along with a previous
pull request.
2021-12-10 14:18:42 -05:00
Sean Parkinson
d5c27fca7d
Merge pull request #4626 from JacobBarthelmeh/certs
...
add human readable string of IP
2021-12-07 08:23:31 +10:00
Chris Conlon
e45c33a771
Merge pull request #4624 from miyazakh/jenkins_qt_failure
2021-12-06 09:53:34 -07:00
Jacob Barthelmeh
1ec86ee4cc
add human readable string of IP
2021-12-02 16:04:58 -07:00
David Garske
b4c6140b64
Merge pull request #4442 from julek-wolfssl/kerberos
...
Add Kerberos 5 support
2021-12-02 09:07:34 -08:00
Hideki Miyazaki
a5bd6cde8d
fix nigtly jenkins Qt Job failure
2021-12-02 16:37:48 +09:00
Sean Parkinson
d06ada2ccc
Merge pull request #4610 from julek-wolfssl/nginx-1.21.4
...
Add support for Nginx 1.21.4
2021-12-01 22:27:12 +10:00
Juliusz Sosinowicz
aac1b406df
Add support for Nginx 1.21.4
...
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
2021-12-01 09:49:52 +01:00
David Garske
a0300f7ab0
Fixes for ECDSA_Size. If group is unknown set to -1, otherwise defaults to first ECC index. Fix the signature size calculation to use our existing enum and calculation logic. ZD13303
2021-11-30 12:33:49 -08:00
David Garske
29517fd617
Merge pull request #4609 from danielinux/tls13_hkdf_callback
...
TLS 1.3: Add HKDF extract callback
2021-11-30 10:59:44 -08:00
Daniele Lacamera
c3b1d9f9e7
Cosmetic and prototypes changes after reviewer's comments
2021-11-30 10:06:54 +01:00
Daniel Pouzzner
a33ae21801
whitespace cleanups and portability/pedantic fixes
2021-11-29 23:58:39 -06:00
Chris Conlon
7221e06ff7
Merge pull request #4588 from miyazakh/sce_protect_mode_e2studio
2021-11-29 15:32:48 -07:00
Daniele Lacamera
57fb5453cb
Support for HKDF Extract callback
2021-11-29 14:51:13 +01:00
Hideki Miyazaki
fb4e39f00a
addressed review comments prt1
2021-11-26 16:03:42 +09:00
David Garske
dcc2a2852c
Merge pull request #4590 from JacobBarthelmeh/fuzzing
...
sanity check on pem size
2021-11-22 16:09:13 -08:00
Juliusz Sosinowicz
0de4136ad6
Rebase fixes
2021-11-22 13:10:55 +01:00
Juliusz Sosinowicz
5fc2dadde1
Fix issue in wolfSSL_BN_rand_range causing random errors
2021-11-22 11:48:31 +01:00
Juliusz Sosinowicz
1d7b2de074
Code review changes
2021-11-22 11:48:31 +01:00
Juliusz Sosinowicz
3da810cb1b
Implement OpenSSL API's
...
- `OBJ_DUP`
- `i2d_PKCS7`
- `BN_rshift1
- `BN_rshift` testing
- Add `--enable-krb`
2021-11-22 11:47:58 +01:00
Juliusz Sosinowicz
e7c5f137be
Implement BN_rand_range
2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz
82a9f74476
Compat updates
...
- implement `wolfSSL_PEM_X509_INFO_read`
- `wolfSSL_EVP_CipherUpdate` no-ops on `NULL` input
- add md4 support to `wolfSSL_EVP_MD_block_size` and `wolfSSL_EVP_MD_size`
2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz
ccbe184434
Implement CTS
...
Ciphertext stealing on top of CBC is implemented with `wolfSSL_CRYPTO_cts128_encrypt` and `wolfSSL_CRYPTO_cts128_decrypt` APIs
2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz
fa662c2ab1
AES_cbc_encrypt enc parameter flipped. 1 = encrypt 0 = decrypt
...
This change makes the `enc` parameter of `AES_cbc_encrypt` consistent with OpenSSL. This commit flips the meaning of this parameter now.
2021-11-22 11:45:27 +01:00
Jacob Barthelmeh
5d49847147
sanity check on pem size
2021-11-19 13:55:03 -07:00
Hideki Miyazaki
f50fcd918e
support Renesas RA SCE protect mode on RA6M4 evaluation board
2021-11-19 14:22:16 +09:00
David Garske
2841b5c93b
Merge pull request #3010 from kaleb-himes/ZD10203
...
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
2021-11-18 14:47:25 -08:00
David Garske
e33156d0dc
Merge pull request #4578 from kaleb-himes/OE33_NON_FIPS_CHANGES
...
OE33: Fix issues found by XCODE and add user_settings.h
2021-11-18 06:59:43 -08:00
Masashi Honma
cb3fc0c7ce
Fix invalid return value of ASN1_INTEGER_get()
...
When DIGIT_BIT is less than SIZEOF_LONG * CHAR_BIT, ASN1_INTEGER_get() can
return invalid value. For example, with trailing program, ASN1_INTEGER_get()
unexpectedly returns -268435449 (0xf0000007) on i386.
On the i386 platform (DIGIT_BIT=28), the input value 0x7fffffff is separated
into 0xfffffff and 0x7 and stored in the dp array of mp_int. Previously,
wolfSSL_BN_get_word_1() returned 0xfffffff shifted by 28 bits plus 0x7, so this
patch fixed it to return 0xfffffff plus 0x7 shifted by 28 bits.
int main(void)
{
ASN1_INTEGER *a;
long val;
int ret;
a = ASN1_INTEGER_new();
val = 0x7fffffff;
ret = ASN1_INTEGER_set(a, val);
if (ret != 1) {
printf("ret=%d\n", ret);
}
if (ASN1_INTEGER_get(a) != val) {
printf("ASN1_INTEGER_get=%ld\n", ASN1_INTEGER_get(a));
}
ASN1_INTEGER_free(a);
return 0;
}
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-18 06:58:21 +09:00
kaleb-himes
f638df3575
Fix issues found by XCODE and add user_settings.h
...
Disable internal test settings by default
2021-11-17 11:00:56 -07:00
Sean Parkinson
d6219567c1
Merge pull request #4565 from dgarske/spelling
...
Fixes for spelling errors
2021-11-15 08:20:41 +10:00
David Garske
a626a4fb02
Fixes for spelling errors.
2021-11-12 10:27:49 -08:00
Juliusz Sosinowicz
4112cd4b99
Make stack type an enum
2021-11-12 14:48:17 +01:00
Juliusz Sosinowicz
361975abbc
Refactor sk_*_free functions
...
Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.
2021-11-12 13:55:37 +01:00
kaleb-himes
6547bcb44c
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
2021-11-11 17:47:17 -07:00
Daniel Pouzzner
6d55f8e42a
ssl.c: fixes for C++ pointer type hygiene.
2021-11-09 22:41:06 -06:00
Daniel Pouzzner
ed0418c2a8
fix whitespace.
2021-11-09 22:17:38 -06:00
Sean Parkinson
8e0fdc64be
Merge pull request #4522 from dgarske/static_eph
...
Fixes and refactor for static ephemeral key support
2021-11-10 08:22:51 +10:00
David Garske
bd0f6736c5
Merge pull request #4513 from masap/wpa_sup_dpp
...
Fix X509_PUBKEY_set() to show correct algorithm and parameters
2021-11-09 10:26:59 -08:00
David Garske
fe172ed9c1
Fix for generation of ephemeral key if static ephemeral is not set.
2021-11-09 10:14:23 -08:00
David Garske
df82b01e68
Added x448 static ephemeral support.
2021-11-09 08:27:42 -08:00
David Garske
e91439f2eb
Fixes for static ephemeral key support with threading and possible use after free.
2021-11-09 08:25:47 -08:00
David Garske
4a04e56ac8
Fix to allow calls to get TLS session random even if wolfSSL_KeepArrays has not been called.
2021-11-09 08:23:19 -08:00