wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 02:42:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,137 Commits 12 Branches 184 Tags
0f539616bebbbfb0b94e1c11c28fbf1e2ca3ca3b
Commit Graph

3029 Commits

Author SHA1 Message Date
toddouska
555714afa3 Merge pull request #1764 from SparkiDev/tls13_psk_cb 
Separate PSK callback for TLS 1.3
 2018-08-20 09:17:01 -07:00
toddouska
c8814a7ee1 Merge pull request #1769 from SparkiDev/tls13_dh 
TLS 1.3: Always left-pad DH secret to length of prime
 2018-08-20 09:13:50 -07:00
Sean Parkinson
d104ae39e3 TLS 1.3: Always left-pad DH secret to length of prime 2018-08-20 14:20:50 +10:00
Sean Parkinson
f1222c3f9f Separate PSK callback for TLS 1.3 
It is highly recommended that the PSK be different for each protocol.
Example callback already returns a different key for TLS 1.3.
New callback includes the ciphersuite, as a string, to use with the key.
 2018-08-17 10:18:28 +10:00
Sean Parkinson
f487b0d96a Config option to disable AES-CBC 
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
 2018-08-16 08:25:13 +10:00
toddouska
9ad059542a Merge pull request #1745 from dgarske/ecc_export_hex 
Added new ECC export API's to support export as hex string
 2018-08-14 14:19:23 -07:00
David Garske
f23915baa1 Fix for BIO ssl case, which is not supported (for the Boost.Asio project this isn't required either). 2018-08-14 12:44:31 -06:00
David Garske
ff7d2fefdc Fix for DH max size calc not including DH_Pub. 2018-08-14 12:22:18 -06:00
David Garske
7b83db0f65 Fix for PemToDer which was not properly handling extra new lines at end of file. 2018-08-14 12:22:18 -06:00
David Garske
eca64717be Fix for BIO_wpending to work correctly. 2018-08-14 12:22:18 -06:00
David Garske
17e102d914 Fixes for asio build options (so includes OPENSSL_EXTRA). Fix for bad named variable shutdown. Fix for the side size in Options struct to support WOLFSSL_SIDE_NEITHER (3). Fix to set the side on wolfSS_connect() or wolfSS_accept(). 2018-08-14 12:22:18 -06:00
David Garske
c073aee87c Added new ECC export API's to support export as hex string. New API's are wc_ecc_export_ex and wc_ecc_export_int. For hex string use ECC_TYPE_HEX_STR as encType arg. Refactor to reduce duplicate code. Build fixes for NO_ECC_KEY_EXPORT. 2018-08-14 12:05:22 -06:00
toddouska
d4f908c372 Merge pull request #1728 from JacobBarthelmeh/HardwareAcc 
Add build for AF_ALG
 2018-08-13 16:27:51 -07:00
Eric Blankenhorn
bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734) 
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
 2018-08-12 12:53:29 -07:00
David Garske
56974c099e Improved the logic for WOLFSSL_ALWAYS_VERIFY_CB to be more explicit and updated comments. 2018-08-06 11:40:35 -07:00
David Garske
c4ea50b956 Fix for issue with using CopyDecodedToX509 again for existing X509 and freeing the altNames in original. Fix was to use the ssl->peerCert directly for the index 0 cert. Improvement to make sure ex_data is always populated. Added NULL arg check on wolfSSL_get_peer_certificate. 2018-08-06 11:40:35 -07:00
David Garske
7d39a897dc Refactor of the verify callback to eliminate duplicate code and provide consistency with various build options. Documented build options and added code comments in new DoVerifyCallback function. Added documentation in test.h myVerify function for arguments and return code. Fix from commit da1ac36 which added current_cert to WOLFSSL_X509_STORE_CTX, but is only required for ASIO compatibility and is not used. 2018-08-06 11:40:35 -07:00
David Garske
30d6c0c1fc Merge pull request #1737 from ejohnstown/ocsp-free 
OCSP Free
 2018-08-06 09:08:01 -07:00
David Garske
738a121d61 Merge pull request #1740 from ejohnstown/null-check 
NULL Check
 2018-08-03 13:53:53 -07:00
toddouska
b88d60ecbb Merge pull request #1665 from ejohnstown/mr 
Prime Number Testing
 2018-08-03 12:50:27 -07:00
John Safranek
f6a8a2f5bd NULL Check 
When using the async option, the RSA key is checked on the first call to
DoTls13CertificateVerify() when the async state machine is set up. On
the subsequent call, the pointer to the key isn't checked again. Added a
check. (This was from a static analysis report.)
 2018-08-03 11:09:43 -07:00
David Garske
a43d4d16ba Merge pull request #1719 from MJSPollard/OpenSSLAllFix 
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
 2018-08-02 15:20:27 -07:00
JacobBarthelmeh
782ea74fbf Merge pull request #1732 from kojo1/Ticket-4169-2 
Ticket 4169: eliminate ssl->CBIORecv/Send overwritten in SSL_set_bio
 2018-08-02 14:58:25 -06:00
Eric Blankenhorn
b248af6f84 Update from review 2018-08-02 10:59:07 -05:00
Takashi Kojo
fd75f35801 fix cbioFlag check 2018-08-02 10:18:09 +09:00
John Safranek
c87d6b27e2 OCSP Free 
Free the OCSP request when creating the response only if there is an error making the request.
 2018-08-01 15:34:43 -07:00
John Safranek
7647d52d77 Prime Number Testing 
1. Remove a copy-paste error when clearing up the RNG used to test a prime.
2. Tag a some const test values as static in the wolfCrypt test.
 2018-08-01 14:49:06 -07:00
Eric Blankenhorn
ba2f0fd8fc Fix for zd4179, 4181, 4182 2018-08-01 15:56:15 -05:00
Takashi Kojo
98f6ae16ca copy cbioFlag from ctx to ssl 2018-08-02 04:48:39 +09:00
JacobBarthelmeh
cb756397b3 inital AES-CBC with af_alg 
progress on AES-GCM with AF_ALG and add SHA256

add aes-gcm test cases and finish logic of aes-gcm with AF_ALG

formating of tabs and white space

add files to dist

adding ecb and ctr mode with af_alg

make length of buffers for ctr be AES_BLOCK_SIZE

formating and add support for sha256 copy/gethash

sanity checks on arguments

cast return values and valgrind tests

make it easier to use sha256 with af_alg

remove hard tabs

add endif for after rebase
 2018-08-01 08:54:20 -06:00
Takashi Kojo
96c1a567f0 #4169: CBIO set flag to escape from overwritten in SSL_set_bio 2018-08-01 19:16:42 +09:00
John Safranek
af89458af0 GCC-8 string fixes 
1. strncpy needs to include the source string's NULL.
2. Deleted a few redundant string modifications.
 2018-07-31 14:02:44 -07:00
John Safranek
ed208efc4d GCC-8 string fixes 
1. Modify wolfSSL_get_ciphers() to limit the XSTRNCPY based on the dst buf length, not the src string.
 2018-07-31 14:02:44 -07:00
David Garske
2b3f94944d Merge pull request #1723 from kaleb-himes/overhead-avoidance 
avoid overhead call to alloc and free when sigSz invalid
 2018-07-31 08:14:49 -07:00
David Garske
4eff7b641b First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL. 2018-07-30 13:53:54 -07:00
toddouska
335f467b8c Merge pull request #1714 from dgarske/pic32hashleak 
Fixes for PIC32MZ hash memory leak
 2018-07-30 13:48:59 -07:00
Chris Conlon
c71d8eb6ba Merge pull request #1653 from Naruto/feature/mynewt 
port apache mynewt
 2018-07-30 13:33:25 -06:00
Chris Conlon
1079b0e3b3 Merge pull request #1716 from cariepointer/osp/haproxy 
Define functions required by HAProxy and enable SSLV3 dependency
 2018-07-30 13:26:38 -06:00
Kaleb Himes
d19b78d81a Fix typo in comment 2018-07-30 12:17:55 -06:00
Naruto TAKAHASHI
861fec1dc6 porting mynewt 2018-07-28 18:03:20 +09:00
kaleb-himes
0ee4b88e74 avoid overhead call to alloc and free when sigSz invalid 2018-07-27 16:25:10 -06:00
John Safranek
4b8507813e Prime Number Testing 
1. Also disable the new prime test from TLS while using SELFTEST.
 2018-07-27 13:34:38 -07:00
MJSPollard
543cac65d8 Added boost define and openssl bug fix with WOLFSSL_KEY_GEN 2018-07-27 12:42:09 -06:00
Jacob Barthelmeh
74c4d31c07 sanity check on pkcs8 variable 2018-07-27 11:16:41 -06:00
John Safranek
31f1692cbf Prime Number Testing 
1. Disable the new prime test from TLS while using FIPS or setting the flag WOLFSSL_OLD_PRIME_CHECK.
 2018-07-26 16:01:08 -07:00
John Safranek
4b2a591a93 Prime Number Testing 
1. Added calls to wc_DhSetCheckKey() on the client side of TLS.
2. Added an API test to the wolfCrypt test.
3. Fixed a bug in the prime test found with the API test. Misuse of tertiary operator.
 2018-07-26 14:43:04 -07:00
David Garske
efbabbfb29 Further improvements to hashing code to make sure wc_*Free is always called including wc_HashFree. Added new defines to disable PIC32MZ hardware features using NO_PIC32MZ_HASH, NO_PIC32MZ_RNG and NO_PIC32MZ_CRYPT. 2018-07-26 14:41:30 -07:00
Carie Pointer
a1f69f0d64 Define functions required by HAProxy and enable SSLV3 dependency 2018-07-26 12:53:21 -07:00
toddouska
90367df13c Merge pull request #1710 from SparkiDev/ed25519_only 
Changes to build with X25519 and Ed25519 only
 2018-07-25 14:24:03 -07:00
David Garske
92cb8f06ea Fixes to make sure hash free is always called (resolves memory leaks with PIC32MZ hashing hardware). Only print Alloc/Free messages with track memory when WOLFSSL_DEBUG_MEMORY_PRINT is defined. Added test for ForceZero with 0 length. 2018-07-25 11:22:03 -07:00