wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-04-29 11:53:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,661 Commits 13 Branches 184 Tags
fceba6eb6fa315aef1e7890fcace6dbe3ea28522
Commit Graph

4923 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 25f5427bdd Rebase and test fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz b528a1a344 Plug memory leaks 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 7df8f2e2bb Internal unit tests 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz f5c463148f check null 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 031ce68546 Differentiate between server and client sessions 
This is important is the client and server share memory space. If a server and client both save the same session in SessionCache it may cause inconsistencies. The hash of the sessionID will be the same causing one of the sides to overwrite the other. A possible problem is that the peer certificate will be incorrect for one of the sides.
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 8edeaae3e2 Add DSA support to x509 certs 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 031ca80fe7 Fix max SSL version handling for client 
Enable CRL when adding one to store
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2197748a51 Implement wolfSSL_X509_check_private_key 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz cb84213ffd Support more extensions 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz cd20512b90 wolfSSL_X509_REQ_add1_attr_by_txt for libest 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 911d5968b4 Store more certs in PKCS7 struct 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz acf3156fac Dynamically allocate memory in wolfSSL_i2d_PKCS7_bio 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2a9bb906a9 Implement wolfSSL_BIO_*_connect and wolfSSL_BIO_set_conn_port 
Forgot to commit csr.dsa.pem for api.c
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 78a20ec3ae Extension manipulation 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 65c6a71bde Init wolfSSL_X509_REQ_add_extensions 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 6a635b339c Fixes 
- Fix challengePw copy in ReqCertFromX509
- Proper header length in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio
- Special case for extended key usage in wolfSSL_OBJ_cmp
- Numerical input in wolfSSL_OBJ_txt2obj can just be encoded with EncodePolicyOID. Searching for the sum can return wrong values since they are not unique.
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz b808124a47 Add DSA support to ConfirmSignature and add DSAwithSHA256 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2a20896e44 Add CRL loading to wolfSSL_PEM_X509_INFO_read_bio 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 86d2177876 wolfSSL_X509_resign_cert updates x509 der buffer as well 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz ff7b8d3715 Don't attempt TLS 1.3 if server options disable it 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2e2beb279d WIP 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 8e62bf2588 Pass libest estclient_simple example 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz aaba7ed286 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_X509V3_EXT_add_nconf
- wolfSSL_EVP_PKEY_copy_parameters
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz ff2574b3cb OpenSSL Compat layer 
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 753a3babc8 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_NCONF_get_number
- wolfSSL_EVP_PKEY_CTX_ctrl_str
- wolfSSL_PKCS12_verify_mac
- wc_PKCS12_verify_ex
- wolfSSL_BIO_new_fd
- wolfSSL_X509_sign_ctx
- wolfSSL_ASN1_STRING_cmp
- wolfSSL_ASN1_TIME_set_string
- X509V3_EXT_add_nconf
- X509V3_set_nconf
Implement TXT_DB functionality:
- wolfSSL_TXT_DB_read
- wolfSSL_TXT_DB_free
- wolfSSL_TXT_DB_create_index
- wolfSSL_TXT_DB_get_by_index
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz e7f1d39456 OpenSSL Compat layer 
Implement WOLFSSL_CONF_VALUE:
- wolfSSL_CONF_VALUE_new
- wolfSSL_CONF_VALUE_new_values
- wolfSSL_CONF_add_string
- wolfSSL_X509V3_conf_free
- wolfSSL_sk_CONF_VALUE_push
- wolfSSL_NCONF_load
- wolfSSL_NCONF_free
- wolfSSL_CONF_new_section
- wolfSSL_CONF_get_section
Implment some buffer functions
- wolfSSL_strlcat
- wolfSSL_strlcpy
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 42d4f35a98 Implement OpenSSL Compat API: 
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz be98404b3b Implement wolfSSL_X509_REQ_verify 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 4aa30d0bde Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509 
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz a7ec58003e PKCS7 changes 
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 728f4ce892 Implement/stub: 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz b52e11d3d4 Implement/stub the following: 
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT 
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 1e26238f49 Implement/stub the following functions: 
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs

Add cms.h file to avoid including the OpenSSL version.
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 777bdb28bc Implement/stub the following: 
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 7bd0b2eb44 Implement ASN1_get_object 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz a9d502ef85 Add --enable-libest option to configure.ac 
Refactoring and adding defines for functions
 2020-12-17 14:26:30 +01:00
Jacob Barthelmeh a948066f86 some infer fixes 2020-12-17 01:49:48 +07:00
JacobBarthelmeh f6c3eae1de g++ build fix 2020-12-16 15:05:33 -05:00
toddouska 7f20b97927 Merge pull request #3569 from SparkiDev/cppcheck_fixes_5 
cppcheck: fixes
 2020-12-16 09:04:59 -08:00
toddouska cee91c91f5 Merge pull request #3532 from julek-wolfssl/nginx-1.7.7 
Changes for Nginx 1.7.7
 2020-12-16 09:01:27 -08:00
Sean Parkinson 75c062a298 cppcheck: fixes 2020-12-16 17:28:20 +10:00
Sean Parkinson 922ca916a9 Merge pull request #3554 from ejohnstown/psk-fix 
PSK Alert
 2020-12-16 09:40:04 +10:00
Hayden Roche eb6473b00f Fix bugs that made it so client side wasn't verifying certificate status. 2020-12-15 16:56:21 -06:00
Hayden Roche 801aa18b9e Fix bug where OCSP stapling wasn't happening even when requested by client. 
The OCSP request that we created didn't have a URL for the OCSP responder, so
the server couldn't reach out to the responder for its cert status.
 2020-12-15 16:56:21 -06:00
Juliusz Sosinowicz 575f4ba140 Nginx 1.7.7 changes 
- Push error when decryption fails
- If wolfSSL_CTX_use_certificate keeps passed in cert then it should either copy it or increase its reference counter
- Make wolfSSL_PEM_read_bio_DHparams available with FIPS
 2020-12-15 19:32:55 +01:00
Sean Parkinson 52f63ca44b SESSION mutex: copying a session overwrote mutex 
New session creation function, NewSession, that doesn't initialize
mutex.
Calling functions, wolfSSL_SESSION_new() and wolfSSL_SESSION_copy(),
initialize the mutex.
 2020-12-15 17:20:40 +10:00