Commit Graph

1254 Commits

Author SHA1 Message Date
toddouska 39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
OpenVPN master additions
2021-02-11 08:56:45 -08:00
toddouska 032cc1645c Merge pull request #3713 from SparkiDev/tls_def_sess_ticket_cb
TLS Session Ticket: default encryption callback
2021-02-10 16:13:33 -08:00
toddouska 67b1280bbf Merge pull request #3545 from kabuobeid/smime
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
Sean Parkinson 0403f5f18d Merge pull request #3744 from JacobBarthelmeh/Certs
run renewcerts.sh script
2021-02-11 09:43:49 +10:00
Jacob Barthelmeh 41e5e547c4 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
Jacob Barthelmeh 3c0563908f openssl x509 small with req cert gen
add test for build case with x509small and add back in function

adjust macro guard for i2d_X509_NAME implementation

add macro guard on test case
2021-02-10 21:48:29 +07:00
Sean Parkinson 794cb5c7a9 TLS Session Ticket: default encryption callback
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
2021-02-10 14:31:54 +10:00
Chris Conlon 012841bba3 Merge pull request #3738 from embhorn/cmp_layer_high
Compatibility layer API
2021-02-09 08:33:41 -07:00
Chris Conlon 71b495c422 Merge pull request #3712 from miyazakh/RND_bytes
handle size greater than RNG_MAX_BLOCK_LEN
2021-02-09 08:26:30 -07:00
Kareem Abuobeid a4e819c60a Added support for reading S/MIME messages via SMIME_read_PKCS7. 2021-02-08 17:14:37 -07:00
toddouska f14f1f37d2 Merge pull request #3673 from elms/ssl_api/get_verify_mode
SSL: add support for `SSL_get_verify_mode`
2021-02-08 15:40:19 -08:00
Eric Blankenhorn de47b9d88a Adding X509_VERIFY_PARAM API 2021-02-08 08:25:14 -06:00
Hideki Miyazaki 431e1c8ffe handle size greater than RNG_MAX_BLOCK_LEN 2021-02-03 12:23:36 +09:00
Juliusz Sosinowicz 542e0d79ec Jenkins Fixes
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz 69dca4fd08 Rebase fixes
- wolfSSL_CTX_set1_groups_list and wolfSSL_set1_groups_list should use wolfSSL_CTX_set1_groups and wolfSSL_set1_groups respectively because it converts to correct groups representation
- Change to using "SHA1" as main name for SHA1
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz c18701ebe7 Implement RFC 5705: Keying Material Exporters for TLS 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz 3494218d98 Implement missing functionality for OpenVPN 2.5 2021-02-02 12:06:11 +01:00
toddouska 6e0e507dad Merge pull request #3660 from dgarske/sess_ticket_aes_gcm
Added support for AES GCM session ticket encryption
2021-01-25 15:00:03 -08:00
toddouska f91dcb950c Merge pull request #3670 from dgarske/keil
Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`.
2021-01-25 14:57:05 -08:00
toddouska cf9e4f0caf Merge pull request #3518 from julek-wolfssl/openssh-fixes-v2
Fixes for openssh
2021-01-25 14:45:56 -08:00
David Garske 05e1ee1694 Cleanup to use fixed sizes from defines for DECLARE_VAR. Resolves issue with Visual Studio and using a variable (even const) to declare an array size. 2021-01-25 09:14:12 -08:00
Elms 21ac86adb3 SSL: refactor SSL verify mode to be more compatible
This follows the bit flag pattern closer. Still doesn't support
`SSL_VERIFY_CLIENT_ONCE` and maybe other flags.
2021-01-22 12:17:07 -08:00
David Garske 13468d34e3 Apply same VS fixes to api.c as well. 2021-01-22 10:50:18 -08:00
David Garske 9012317f5b Fix copy/paste typo. 2021-01-21 17:41:11 -08:00
David Garske 1ee40ad7bd Fix to always init the variable (not just when from heap). Cleanup of the DECLARE_ uses to make sure all allocations succeeded. 2021-01-21 17:12:29 -08:00
David Garske 830b3cb676 Merge pull request #3653 from kojo1/fopen_binMode
binary mode, fopen
2021-01-21 16:20:07 -08:00
Elms 95d83c9856 SSL: refactor to allow session override or mode 2021-01-21 16:03:02 -08:00
Elms 7112a6dd78 SSL: add test and fix SSL_get_verify_mode 2021-01-21 14:20:27 -08:00
David Garske 17f101ef13 Fix for ARM Keil MDK compiler issue with DECLARE_VAR_INIT. 2021-01-20 16:57:30 -08:00
David Garske 219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
toddouska 279c3f4c1b Merge pull request #3614 from SparkiDev/aes_test_fix
AES test: Remove unneeded loop
2021-01-18 15:22:06 -08:00
toddouska 1e9394d5a8 Merge pull request #3627 from elms/EVP/ofb_rc4_size
EVP: return proper cipher type and block size
2021-01-18 15:13:55 -08:00
Takashi Kojo d72f0a50f4 binary mode fopen to avoid auto expand to CR/LF on Widonws 2021-01-15 06:05:55 +09:00
Elms 8fec1de07c EVP: address CTR block size 2021-01-11 12:03:01 -08:00
Elms 3b07f5d8e3 EVP: expand tests for EVP_CIPHER_block_size 2021-01-11 12:03:01 -08:00
Elms a6535528f3 EVP: add tests for openssl block size (including RC4) 2021-01-11 12:03:01 -08:00
Juliusz Sosinowicz a745947498 Code review changes 2021-01-08 15:27:30 +01:00
Sean Parkinson fa86c1aa91 Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.

Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
Sean Parkinson 68c2e36ad5 AES test: Remove unneeded loop 2021-01-04 12:43:34 +10:00
toddouska 7e5f838f48 Merge pull request #3577 from dgarske/releasefixes_async
Release fixes for asynchronous crypto
2020-12-18 14:10:01 -08:00
toddouska cdc0753bfb Merge pull request #3571 from JacobBarthelmeh/Testing
Some initial testing and clean up
2020-12-18 14:05:26 -08:00
David Garske e49409b13a Fix api.c tests using "free()" instead of "XFREE" causing issues with custom allocators. 2020-12-17 16:08:46 -08:00
Chris Conlon 420a040774 fix WOLFSSL_ASYNC_CRYPT usage in test.c, test_wolfSSL_OBJ_ln() in api.c 2020-12-17 11:08:36 -07:00
Juliusz Sosinowicz c03744db61 Refactor wc_CheckPrivateKey
- Change wc_CheckPrivateKey to wc_CheckPrivateKeyCert and wc_CheckPrivateKey
- wolfSSL_X509_check_private_key no longer needs to decode cert to check key
- Fix scope in api.c
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz dc266bc524 Call X509_REQ_get_extensions and X509_get_ext_by_NID on a CSR object 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz 383df620bf Add CSR test with Extension Request attribute 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz 77c730361e Jenkins fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz 25f5427bdd Rebase and test fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz b528a1a344 Plug memory leaks 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 7df8f2e2bb Internal unit tests 2020-12-17 14:26:49 +01:00