wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 12:29:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,857 Commits 12 Branches 184 Tags
010c8db54eb206ba1c309a51bb4a3f632ef9591b
Commit Graph

4651 Commits

Author SHA1 Message Date
toddouska
f31b41fcca Merge pull request #3495 from haydenroche5/httpd 
Add OpenSSL compatibility functions for latest version of Apache httpd
 2020-12-09 09:55:13 -08:00
toddouska
367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
toddouska
7834dee991 Merge pull request #3503 from SparkiDev/dtls_mtu_write 
DTLS MTU: check MTU on write
 2020-12-09 09:42:44 -08:00
Hayden Roche
03c7e52f5f Add OpenSSL compatibility functions for Apache httpd's OCSP module. 2020-12-03 11:22:43 -06:00
Hayden Roche
bca43654df Make changes to OCSP ASN code. 
- Use OcspEntry in OcspResponse instead of CertStatus. OcspEntry is more
  analogous to an OCSP SingleResponse, which contains issuer name and key
  hashes. Correspondingly, remove these hashes from OcspResponse, since they'll
  now be stored per SingleResponse in an OcspEntry.
- Add a hashAlgoOID to OcspEntry (corresponds to hashAlgorithm in CertId in RFC
  6960). This makes OcspEntry more closely resemble an OCSP SingleResponse.
- Change WOLFSSL_OCSP_CERTID to map to OcspEntry. OcspEntry contains all the
  information that an OCSP CertID contains, and is a better fit than
  OcspRequest.
- Add a pointer to the raw CertId in an OCSP SingleResponse to OcspEntry, along
  with a size field to indicate how many bytes the CertId occupies. This will
  be used in an OpenSSL compatibility function, i2d_OCSP_CERTID, which yields
  the raw bytes of the CertId.
 2020-12-03 11:22:43 -06:00
toddouska
b4c7b5e6ce Merge pull request #3525 from SparkiDev/tls13_session 
TLS 1.3: always add session when sending finished message
 2020-12-02 13:47:38 -08:00
John Safranek
6fc64263f2 Merge pull request #3519 from julek-wolfssl/scr-timeout 
Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage
 2020-11-30 11:40:35 -08:00
Sean Parkinson
22a8be412b TLS 1.3: always add session when sending finished message 2020-11-27 09:46:02 +10:00
John Safranek
4baf923218 Verify Callback Fix 
1. Removed a flag set that would force all certificates in a chain
   to be verified. There was a compile time option to make that happen
   already.
2. Replace some options for some test failure test cases that were added
   and immediately removed.
(ZD 11292)
 2020-11-24 11:46:10 -08:00
Juliusz Sosinowicz
95132b1c55 Make renegotiation information available outside of OPENSSL_EXTRA 2020-11-24 17:03:40 +01:00
Juliusz Sosinowicz
41d58465c0 Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage 
Reset DTLS stored messages on a FreeHandshakeResources call even if secure renegotiation is enabled. Without this, in a server initiated rehandshake, the server would keep old messages (ChangeCipherSpec and Finished) even when it sent a HelloRequest message.
 2020-11-24 16:06:35 +01:00
John Safranek
f5c2bef78f Merge pull request #3492 from julek-wolfssl/dtls-scr-optimizations 
Save the HelloRequest message just like other handshake mesasges
 2020-11-20 11:50:51 -08:00
Juliusz Sosinowicz
69bea008dd Save the HelloRequest message just like other handshake mesasges 
Implement a timeout mechanism for non-blocking sockets
 2020-11-20 11:41:19 +01:00
John Safranek
2d79e38436 Merge pull request #3485 from julek-wolfssl/dtls-scr-seq-correct-num 
Fix overlapping sequence number error.
 2020-11-19 14:19:13 -08:00
David Garske
d4c59e369e Merge pull request #3335 from julek-wolfssl/RSA-PSS-padding-in-EVP_Digest-API 
Enable RSA-PSS padding in EVP_Digest* API
 2020-11-19 09:31:12 -08:00
Sean Parkinson
91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska
aa9ed17afa Merge pull request #3512 from dgarske/openssl_pem 
Fix for missing `wolfSSL_PEM_write_bio_PrivateKey` with WebRTC
 2020-11-18 16:17:46 -08:00
toddouska
ca281f976e Merge pull request #3493 from dgarske/zd11245 
Sniffer fixes for handling TCP `out-of-range sequence number`
 2020-11-18 16:14:09 -08:00
toddouska
a280df1892 Merge pull request #3488 from kabuobeid/x509_objtxt_lname 
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
 2020-11-18 16:10:46 -08:00
toddouska
b0979f4225 Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska
3adeff672b Merge pull request #3472 from SparkiDev/pickhashsigalgo_rework 
TLS PickHashSigAlgo: rework
 2020-11-18 15:58:59 -08:00
toddouska
dedde4c058 Merge pull request #3456 from JacobBarthelmeh/Certs 
strict certificate version allowed from client
 2020-11-18 15:55:50 -08:00
toddouska
9bde34ef5b Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00
Sean Parkinson
d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
David Garske
4cfe5a1bc1 Fix for missing wolfSSL_PEM_write_bio_PrivateKey with WebRTC. If keygen or certgen is not specified this was incorrectly being excluded with opensslextra or opensslall. 2020-11-18 11:30:53 -08:00
Juliusz Sosinowicz
a0a3a2b74c Review changes 2020-11-17 19:15:12 +01:00
Juliusz Sosinowicz
b4754d5706 CAVP, Windows, and FIPS tests 2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
d18e2d7386 Refactoring and use salt length discover if available 2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
248dd12993 Enable RSA-PSS padding in EVP_Digest* API 2020-11-17 15:04:57 +01:00
David Garske
4a790cd024 Fixes for building with --disable-ecc and --disable-dh. 2020-11-16 12:17:27 -08:00
Sean Parkinson
a00c75c51b DTLS MTU: check MTU on write 2020-11-16 09:30:04 +10:00
Kareem Abuobeid
da06ef8c3f Return long names instead of short names in wolfSSL_OBJ_obj2txt(). 2020-11-13 12:03:26 -07:00
David Garske
f02cc650a2 Fixes for handling TCP out-of-range sequence number. 2020-11-12 16:09:09 -08:00
David Garske
c7053e9a36 Fix scenario where FreeHandshakeResources is called and server hello is recevied and WOLFSSL arrays is NULL. 2020-11-12 16:09:00 -08:00
David Garske
b931b1bd4d Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning. 2020-11-12 12:51:41 -08:00
David Garske
cdf44f6ff6 Pass static ephemeral keys for TLS v1.2 as well. 2020-11-12 09:18:24 -08:00
John Safranek
e996a7d15b Scan-Build Fixes 
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.

To recreate:
    $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
    $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
 2020-11-12 09:06:59 -08:00
David Garske
a53b734c83 Fix for client_hello keyshare with multiple entries. Fix for change_cipher_spec after finished. 2020-11-12 08:59:11 -08:00
David Garske
ea21ddf540 Fix to only free existing key in SetStaticEphemeralKey if the incoming algorithm type has been specified. 2020-11-12 08:59:11 -08:00
David Garske
5cda549d00 Allow passing multiple keys (comma separated) with the sniffer test tool. This allows setting both DH and ECC static ephemeral keys. Do not fail on resume not found. 2020-11-12 08:59:11 -08:00
David Garske
720919198f Fix for Scan-buld and when building without ECC or DH. 2020-11-12 08:59:11 -08:00
David Garske
71d9f1e9bd Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral. 2020-11-12 08:59:11 -08:00
David Garske
1c87f3bdc1 Improve sniffer resume logic. 2020-11-12 08:59:10 -08:00
David Garske
b74f0fb6b8 Fixes for sniffer with hello_retry_request. Fix for TLS v1.3 certificate processing. 2020-11-12 08:59:10 -08:00
David Garske
c7bb602a30 Merge pull request #3482 from douzzer/scan-build-fixes-20201110 
scan-build fixes -- 1 null deref, 34 unused results
 2020-11-12 07:45:45 -08:00
Daniel Pouzzner
7850d71ccb add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases. 2020-11-11 22:47:47 -06:00
toddouska
d3e3b21c83 Merge pull request #3393 from dgarske/zd11104 
Fix for TLS ECDH (static DH) with non-standard curves
 2020-11-11 14:22:37 -08:00
Daniel Pouzzner
5fe1586688 fix 34 deadcode.DeadStores detected by llvm11 scan-build. 2020-11-11 13:04:14 -06:00
Juliusz Sosinowicz
d49038ae24 Fix overlapping sequence number error. 
wolfSSL wants to use the same sequence number for the ServerHello as the ClientHello. This is an issue when this sequence number is already taken.
 2020-11-11 15:35:05 +01:00
Jacob Barthelmeh
979216d595 add test case for rejecting version 2 x509 2020-11-11 18:57:09 +07:00