wolfssl

Author	SHA1	Message	Date
kaleb-himes	7cccaa98b7	The minimal changes needed to add KCAPI support with fips-ready	2021-12-10 14:44:20 -07:00
David Garske	b4c6140b64	Merge pull request #4442 from julek-wolfssl/kerberos Add Kerberos 5 support	2021-12-02 09:07:34 -08:00
David Garske	5c172ca955	Merge pull request #4622 from douzzer/fix-wolfsentry-build wolfsentry fixes re HAVE_EX_DATA and wolfsentry_sockaddr	2021-12-01 08:16:07 -08:00
Sean Parkinson	d06ada2ccc	Merge pull request #4610 from julek-wolfssl/nginx-1.21.4 Add support for Nginx 1.21.4	2021-12-01 22:27:12 +10:00
Juliusz Sosinowicz	aac1b406df	Add support for Nginx 1.21.4 - Add KEYGEN to Nginx config - Check for name length in `wolfSSL_X509_get_subject_name` - Refactor `wolfSSL_CONF_cmd` - Implement `wolfSSL_CONF_cmd_value_type` - Don't forecfully overwrite side - `issuerName` should be `NULL` since the name is empty	2021-12-01 09:49:52 +01:00
Daniel Pouzzner	3f65916f3a	HAVE_EX_DATA: fix wolfssl/ssl.h and tests/api.c to build -DHAVE_EX_DATA but -UOPENSSL_EXTRA.	2021-11-30 23:39:16 -06:00
JacobBarthelmeh	b69a1c860c	Merge pull request #3996 from cconlon/pkcs7_detachedhash adjust PKCS7_VerifySignedData to correctly verify precomputed content hash with detached signature	2021-11-30 12:46:46 -08:00
Juliusz Sosinowicz	1d7b2de074	Code review changes	2021-11-22 11:48:31 +01:00
Juliusz Sosinowicz	3da810cb1b	Implement OpenSSL API's - `OBJ_DUP` - `i2d_PKCS7` - `BN_rshift1 - `BN_rshift` testing - Add `--enable-krb`	2021-11-22 11:47:58 +01:00
Juliusz Sosinowicz	e7c5f137be	Implement `BN_rand_range`	2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz	ccbe184434	Implement CTS Ciphertext stealing on top of CBC is implemented with `wolfSSL_CRYPTO_cts128_encrypt` and `wolfSSL_CRYPTO_cts128_decrypt` APIs	2021-11-22 11:45:27 +01:00
Juliusz Sosinowicz	fa662c2ab1	`AES_cbc_encrypt` `enc` parameter flipped. 1 = encrypt 0 = decrypt This change makes the `enc` parameter of `AES_cbc_encrypt` consistent with OpenSSL. This commit flips the meaning of this parameter now.	2021-11-22 11:45:27 +01:00
Chris Conlon	c3500fa24e	Merge pull request #4581 from miyazakh/max_earlydata add get_max_eraly_data	2021-11-19 09:42:01 -07:00
David Garske	2841b5c93b	Merge pull request #3010 from kaleb-himes/ZD10203 Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA	2021-11-18 14:47:25 -08:00
Hideki Miyazaki	7da0d524ff	add get_max_eraly_data support set/get_max_eraly_data compatibility layer	2021-11-18 09:07:32 +09:00
Masashi Honma	4800db1f9d	Enable max/min int test even when non 64bit platform Signed-off-by: Masashi Honma <masashi.honma@gmail.com>	2021-11-18 06:58:21 +09:00
Juliusz Sosinowicz	361975abbc	Refactor sk_*_free functions Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.	2021-11-12 13:55:37 +01:00
kaleb-himes	6547bcb44c	Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA	2021-11-11 17:47:17 -07:00
David Garske	bd0f6736c5	Merge pull request #4513 from masap/wpa_sup_dpp Fix X509_PUBKEY_set() to show correct algorithm and parameters	2021-11-09 10:26:59 -08:00
Daniel Pouzzner	0b4f34d62a	typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C.	2021-11-08 17:35:05 -06:00
Masashi Honma	ee39fd079f	Fix X509_PUBKEY_set() to show correct algorithm and parameters When build with OpenSSL, trailing program outputs these messages. algorithm: id-ecPublicKey parameters: prime256v1 But with wolfSSL, X509_PUBKEY_get0_param() fails. This patch fixes wolfSSL to display the same values as OpenSSL. This program was extracted from wpa_supplicant in order to reproduce the issue. ---------------- int main(void) { EVP_PKEY pkey; X509_PUBKEY pub = NULL; ASN1_OBJECT ppkalg, poid; const ASN1_OBJECT pa_oid; const uint8_t pk; int ppklen, ptype; X509_ALGOR pa; void pval; char buf[100]; const uint8_t data[] = { 0x30, 0x39, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, 0x03, 0x33, 0x6d, 0xb4, 0xe9, 0xab, 0xf1, 0x1c, 0x96, 0x87, 0x5e, 0x02, 0xcc, 0x92, 0xaf, 0xf6, 0xe1, 0xed, 0x2b, 0xb2, 0xb7, 0xcc, 0x3f, 0xd2, 0xb5, 0x4e, 0x6f, 0x20, 0xc7, 0xea, 0x2f, 0x3f, 0x42 }; size_t data_len = sizeof(data); const uint8_t p; int res; p = data; pkey = d2i_PUBKEY(NULL, &p, data_len); if (!pkey) { fprintf(stderr, "d2i_PUBKEY() failed\n"); return -1; } if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) { fprintf(stderr, "invalid type\n"); EVP_PKEY_free(pkey); return -1; } res = X509_PUBKEY_set(&pub, pkey); if (res != 1) { fprintf(stderr, "X509_PUBKEY_set() failed\n"); return -1; } res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub); if (res != 1) { fprintf(stderr, "X509_PUBKEY_get0_param() failed\n"); return -1; } res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0); if (res < 0 \|\| (size_t) res >= sizeof(buf)) { fprintf(stderr, "OBJ_obj2txt() failed\n"); return -1; } fprintf(stdout, "algorithm: %s\n", buf); X509_ALGOR_get0(&pa_oid, &ptype, (void ) &pval, pa); if (ptype != V_ASN1_OBJECT) { fprintf(stderr, "X509_ALGOR_get0() failed\n"); return -1; } poid = pval; res = OBJ_obj2txt(buf, sizeof(buf), poid, 0); if (res < 0 \|\| (size_t) res >= sizeof(buf)) { fprintf(stderr, "OBJ_obj2txt() failed\n"); return -1; } fprintf(stdout, "parameters: %s\n", buf); X509_PUBKEY_free(pub); EVP_PKEY_free(pkey); return 0; } Signed-off-by: Masashi Honma <masashi.honma@gmail.com>	2021-11-09 07:30:58 +09:00
David Garske	478f57b347	Merge pull request #4535 from kareem-wolfssl/zd13165 Fix building with NO_ECC_KEY_EXPORT.	2021-11-08 11:11:53 -08:00
David Garske	4fe17cc143	Merge pull request #4527 from julek-wolfssl/zd13097 Fix a heap buffer overflow with mismatched PEM structure ZD13097	2021-11-05 08:50:28 -07:00
Chris Conlon	ae84a2a326	Merge pull request #4293 from TakayukiMatsuo/set_min_proto Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version	2021-11-04 14:59:34 -06:00
Juliusz Sosinowicz	1faa9e66b6	Check `wolfSSL_BIO_read` return	2021-11-04 15:34:33 +01:00
Kareem	60a86157c7	Fix building with NO_ECC_KEY_EXPORT.	2021-11-03 16:03:26 -07:00
Juliusz Sosinowicz	23487a4532	Fix a heap buffer overflow with mismatched PEM structure ZD13097	2021-11-02 11:31:22 +01:00
Daniel Pouzzner	6ba55edd50	fix async warnings	2021-10-29 14:37:39 -06:00
David Garske	6b3ff9bae2	Merge pull request #4459 from julek-wolfssl/missing-ext Add x509 name attributes and extensions to DER parsing and generation	2021-10-28 14:30:37 -07:00
David Garske	0a26335243	Merge pull request #4446 from ejohnstown/dtls-sizing DTLS Sizing	2021-10-28 14:15:36 -07:00
David Garske	6bb7e3900e	Merge pull request #4511 from JacobBarthelmeh/Testing build fixes and PKCS7 BER encoding fix	2021-10-28 10:52:58 -07:00
Juliusz Sosinowicz	8cba5dda17	Need to free x509 in tests	2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz	a738c16b2f	Can't have macros within macros	2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz	7d6f8ea255	Update wrong email in gen script	2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz	a6be157628	Gate new AKID functionality on `WOLFSSL_AKID_NAME`	2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz	d9af698aa4	Implement raw AKID with WOLFSSL_ASN_TEMPLATE	2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz	c162196b27	Add x509 name attributes and extensions to DER parsing and generation - Postal Code - Street Address - External Key Usage - Netscape Certificate Type - CRL Distribution Points - Storing full Authority Key Identifier information - Add new certificates to `certs/test` for testing - Update WOLFSSL_ASN_TEMPLATE to match new features	2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz	894303be59	Make the `wolfSSL_GetMaxFragSize` parameter meaning consistent - Add testing for sending as much app data as possible in a single DTLS record	2021-10-28 14:46:15 +02:00
David Garske	c16f0db1b5	Fixes for handling `WC_PENDING_E` async responses in API unit test and examples. Resolves all issues with `--enable-all --enable-asynccrypt --with-intelqa=`.	2021-10-27 15:08:39 -07:00
Jacob Barthelmeh	00249b70ae	fix for build with WOLFSSL_SGX	2021-10-27 13:22:45 -06:00
John Safranek	75df6508e6	Add a read enable for private keys when in FIPS mode.	2021-10-26 20:24:29 -05:00
Daniel Pouzzner	c2c2e5b4f5	tests/api.c: post_auth_version_cb(): add missing gating on !NO_ERROR_QUEUE for wolfSSL_ERR_get_error() test.	2021-10-26 20:24:28 -05:00
Daniel Pouzzner	a5c03f65e3	tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys.	2021-10-26 20:24:28 -05:00
Daniel Pouzzner	aa6ca43e91	api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key).	2021-10-26 20:24:27 -05:00
Daniel Pouzzner	f1c1f76851	ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg.	2021-10-26 20:24:27 -05:00
John Safranek	9bf36f329a	Add sign/verify PCT to RSA key gen.	2021-10-26 20:24:25 -05:00
John Safranek	f49a09749e	When building for FIPS, the unit test will run all the CASTs up front.	2021-10-26 20:24:25 -05:00
John Safranek	976402e04b	RNG Update 1. When the seed callback is enabled, allow wc_GenerateSeed() to be used as a default callback. 2. Modify all the tests and examples to use the default seed callback if the seed callback is enabled.	2021-10-26 20:24:25 -05:00
John Safranek	a935f2f86d	FIPS CAST Update 1. In the unit test, when checking the build options, also check for FIPSv4 to make sure 2048-bit RSA is used. 2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't getting called, so the FIPS flags didn't get checked. (It was using wc_InitSha_ex() which bypasses the FIPS checks.)	2021-10-26 20:24:24 -05:00
JacobBarthelmeh	4825534062	Merge pull request #4500 from cconlon/errorQueueFix fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE	2021-10-27 05:56:32 +07:00

1 2 3 4 5 ...

2069 Commits