mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13,030 Commits 5 Branches 162 Tags
Commit Graph

13030 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juliusz Sosinowicz
383df620bf Add CSR test with Extension Request attribute 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
24b89928dc Code review names changes and refactoring 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
3231cfe9e0 Refactor extension stack generation 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
8b9f8029a8 Sanity check protocol version. 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
22ae66dfe1 wolfSSL_BIO_do_connect should look for a socket bio in the chain 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
2dd28ec5b3 Check if downgrading is allowed in SetSSL_CTX 
Pkcs7 cert limit based on build
 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
77c730361e Jenkins fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
25f5427bdd Rebase and test fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
b528a1a344 Plug memory leaks 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
7df8f2e2bb Internal unit tests 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
f5c463148f check null 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
031ce68546 Differentiate between server and client sessions 
This is important is the client and server share memory space. If a server and client both save the same session in SessionCache it may cause inconsistencies. The hash of the sessionID will be the same causing one of the sides to overwrite the other. A possible problem is that the peer certificate will be incorrect for one of the sides.
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
8edeaae3e2 Add DSA support to x509 certs 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
031ca80fe7 Fix max SSL version handling for client 
Enable CRL when adding one to store
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2197748a51 Implement wolfSSL_X509_check_private_key 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
cb84213ffd Support more extensions 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
cd20512b90 wolfSSL_X509_REQ_add1_attr_by_txt for libest 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
911d5968b4 Store more certs in PKCS7 struct 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
acf3156fac Dynamically allocate memory in wolfSSL_i2d_PKCS7_bio 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
c405c3477f Protect against invalid write in RsaPad_PSS 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2a9bb906a9 Implement wolfSSL_BIO_*_connect and wolfSSL_BIO_set_conn_port 
Forgot to commit csr.dsa.pem for api.c
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
78a20ec3ae Extension manipulation 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
65c6a71bde Init wolfSSL_X509_REQ_add_extensions 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
6a635b339c Fixes 
- Fix challengePw copy in ReqCertFromX509
- Proper header length in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio
- Special case for extended key usage in wolfSSL_OBJ_cmp
- Numerical input in wolfSSL_OBJ_txt2obj can just be encoded with EncodePolicyOID. Searching for the sum can return wrong values since they are not unique.
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b808124a47 Add DSA support to ConfirmSignature and add DSAwithSHA256 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2a20896e44 Add CRL loading to wolfSSL_PEM_X509_INFO_read_bio 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
86d2177876 wolfSSL_X509_resign_cert updates x509 der buffer as well 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
932ef25e79 Set default digest NID 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff7b8d3715 Don't attempt TLS 1.3 if server options disable it 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2e2beb279d WIP 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
8e62bf2588 Pass libest estclient_simple example 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
aaba7ed286 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_X509V3_EXT_add_nconf
- wolfSSL_EVP_PKEY_copy_parameters
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff2574b3cb OpenSSL Compat layer 
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
753a3babc8 OpenSSL Compat layer 
Implement/stub:
- wolfSSL_NCONF_get_number
- wolfSSL_EVP_PKEY_CTX_ctrl_str
- wolfSSL_PKCS12_verify_mac
- wc_PKCS12_verify_ex
- wolfSSL_BIO_new_fd
- wolfSSL_X509_sign_ctx
- wolfSSL_ASN1_STRING_cmp
- wolfSSL_ASN1_TIME_set_string
- X509V3_EXT_add_nconf
- X509V3_set_nconf
Implement TXT_DB functionality:
- wolfSSL_TXT_DB_read
- wolfSSL_TXT_DB_free
- wolfSSL_TXT_DB_create_index
- wolfSSL_TXT_DB_get_by_index
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
e7f1d39456 OpenSSL Compat layer 
Implement WOLFSSL_CONF_VALUE:
- wolfSSL_CONF_VALUE_new
- wolfSSL_CONF_VALUE_new_values
- wolfSSL_CONF_add_string
- wolfSSL_X509V3_conf_free
- wolfSSL_sk_CONF_VALUE_push
- wolfSSL_NCONF_load
- wolfSSL_NCONF_free
- wolfSSL_CONF_new_section
- wolfSSL_CONF_get_section
Implment some buffer functions
- wolfSSL_strlcat
- wolfSSL_strlcpy
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
42d4f35a98 Implement OpenSSL Compat API: 
- Implement lhash as a stack with hash members
- wolfSSL_lh_retrieve
- wolfSSL_LH_strhash
- IMPLEMENT_LHASH_COMP_FN
- IMPLEMENT_LHASH_HASH_FN
- wolfSSL_sk_CONF_VALUE_new
- wolfSSL_sk_CONF_VALUE_free
- wolfSSL_sk_CONF_VALUE_num
- wolfSSL_sk_CONF_VALUE_value
- wolfSSL_NCONF_new
- wolfSSL_NCONF_get_string
- wolfSSL_NCONF_get_section
- wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve
- wolfSSL_CONF_modules_load
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
be98404b3b Implement wolfSSL_X509_REQ_verify 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
4aa30d0bde Add CSR parsing capabilities to ParseCertRelative and wc_GetPubX509 
- wolfSSL_BIO_get_mem_data now returns the last memory BIO in the chain
- Change wolfSSL_BIO_pending calls to wolfSSL_BIO_get_len calls to get accurate length depending on BIO
- Refactor X509 and X509_REQ functions to reuse similar code
- X509 and X509_REQ i2d functions now generate their DER outputs instead of returning the input DER
- Signature generated by wolfSSL_X509_resign_cert is now saved in the x509->sig buffer and added when calling *i2d
- Add test_wolfSSL_d2i_X509_REQ
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
a7ec58003e PKCS7 changes 
- Allow PKCS7_EncodeSigned to be called with a zero content length
- wc_HashUpdate now doesn't error out on zero length data
- First cert in wolfSSL_PKCS7_encode_certs is treated as main cert and the PKCS7 struct is initialized with it
- wolfSSL_BIO_get_mem_data returns the buffer from the last bio in chain
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
728f4ce892 Implement/stub: 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b52e11d3d4 Implement/stub the following: 
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT 
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
1e26238f49 Implement/stub the following functions: 
- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs

Add cms.h file to avoid including the OpenSSL version.
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
777bdb28bc Implement/stub the following: 
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
7bd0b2eb44 Implement ASN1_get_object 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
a9d502ef85 Add --enable-libest option to configure.ac 
Refactoring and adding defines for functions
 2020-12-17 14:26:30 +01:00
toddouska
b4fddf3f24
Merge pull request #3572 from dgarske/zd11381 
Fix for `wc_SetAltNamesBuffer`
 2020-12-16 15:33:12 -08:00