wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 01:42:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,445 Commits 12 Branches 184 Tags
1962159d8955bb7f554d61399beded205e168e4d
Commit Graph

10445 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juliusz Sosinowicz
1962159d89 more NGINX defines 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
b71758895e Add support for SSL_CTX_set0_chain 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
b7913116c0 Remove redeclaration 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
9fbc167d0c Declare at start of scope 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
d9ab0c4bcb Check bounds 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
ea5ac675ed WIP 2019-11-27 17:46:15 +01:00
Juliusz Sosinowicz
f0abd4ea82 WIP 2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz
9064de1e75 Set proper WOLFSSL_ASN1_TIME in thisupd and nextupd in wolfSSL_OCSP_resp_find_status 2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz
31c0abd610 wolfSSL_X509_NAME_print_ex should not put the null terminator in the BIO 2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz
de3c11d55c opensslall required 2019-11-27 17:45:49 +01:00
Juliusz Sosinowicz
a892f2a95a Changes for nginx 1.15 
- ssl.c: add to check to overwrite existing session ID if found
- evp.c: wolfSSL_EVP_DecryptFinal* was checking for wrong value
 2019-11-27 17:45:49 +01:00
toddouska
1b63ab0e73 Merge pull request #2623 from SparkiDev/set_ser_rand 
Generating serial number - clear top bit
 2019-11-26 16:14:54 -08:00
toddouska
7cb5fe5e2a Merge pull request #2620 from tmael/ALPN_input 
Fix alpn buffer overrun
 2019-11-26 15:31:56 -08:00
toddouska
57df5c10c9 Merge pull request #2619 from dgarske/async_mem 
Fix for Intel QuickAssist asynchronous build
 2019-11-26 15:29:04 -08:00
toddouska
0d69950d07 Merge pull request #2615 from SparkiDev/mp_exptmod_neg_p 
Handle negative modulus with negative exponent in exptmod
 2019-11-26 15:20:54 -08:00
toddouska
95c9dc9fe8 Merge pull request #2614 from ejohnstown/maintenance-OCSP 
Maintenance: OCSP
 2019-11-26 15:19:27 -08:00
toddouska
9b7cd6bdfd Merge pull request #2613 from tmael/evp_aes_gcm 
Set default IV length for EVP aes gcm
 2019-11-26 15:18:27 -08:00
toddouska
5d41ef171c Merge pull request #2610 from ejohnstown/maintenance-DTLS 
Maintenance: DTLS
 2019-11-26 15:17:22 -08:00
toddouska
9ecafa7afe Merge pull request #2557 from tmael/cert_store_ls_x509 
Retrieve a stack of X509 certs
 2019-11-26 15:16:09 -08:00
Sean Parkinson
6325269236 Generating serial number - clear top bit 
If the top bit is set then the encoding routine will drop a byte of the
serial number.
Better to ensure number is positive, top bit clear, and use as much of
the serial number data as possible.
 2019-11-25 15:36:11 +10:00
Tesfa Mael
8bc3b7df35 Free x509 2019-11-22 14:31:59 -08:00
Tesfa Mael
cf127ec05f Fix buffer overrun 2019-11-22 10:33:17 -08:00
David Garske
be88bce36d Fix for issues with wolfSSL_OBJ_nid2sn and wc_OBJ_sn2nid and logic finding max item when WOLFSSL_CUSTOM_CURVES and ECC_CACHE_CURVE are defined. Improvements to wolfSSL_EC_get_builtin_curves to avoid using "min" as variable name and eliminate using a local static. 2019-11-22 10:09:10 -08:00
David Garske
ffb3dfd6ec Fixes for minor test.c build configuration issues. 2019-11-22 07:01:10 -08:00
David Garske
cdc50d7753 Revert header change in #2504 for asynchronous crypto quickassist_mem.h. 2019-11-22 05:59:57 -08:00
Sean Parkinson
50c4347748 More corner cases in tfm 
Handle zero base in fp_exptmod better().
Handle negatives in fp_gcd().
Return FP_OKAY when writing out 0 with mp_toradix().
 2019-11-22 09:56:02 +10:00
John Safranek
71943844d6 Maintenance: OCSP 
1. Add a couple more bounds checks to wolfIO_HttpProcessResponseBuf().
 2019-11-21 14:51:35 -08:00
John Safranek
edb07cf68e Merge pull request #2587 from guidovranken/ocsp-resp-decoder-bounds-fix 
Properly limit array access in OCSP response decoder
 2019-11-21 10:13:49 -08:00
Tesfa Mael
428d51e664 IV is set in the evp ctx level 2019-11-21 09:58:03 -08:00
toddouska
e883a2f696 Merge pull request #2611 from SparkiDev/sp_int_add_fix 
Fix sp_add to handle carries properly
 2019-11-21 08:59:09 -08:00
Sean Parkinson
f56a74b6b7 Handle negative modulus with negative exponent in exptmod 2019-11-21 14:55:13 +10:00
John Safranek
6720bc3890 Maintenance: OCSP 
1. Add some minimum bounds checking on the HTTP responses as some can
end up being too short.
 2019-11-20 17:25:03 -08:00
Tesfa Mael
f95d5eebff Add FreeX509() to clean up when sk stack is empty 2019-11-20 17:02:13 -08:00
Tesfa Mael
6c732725b0 Test evp aes gcm with default IV length 2019-11-20 16:37:15 -08:00
toddouska
b33ce2207d Merge pull request #2608 from SparkiDev/use_heap 
When disabled memory, ensure all heap and types are used
 2019-11-20 16:18:07 -08:00
toddouska
a2d036dcba Merge pull request #2601 from SparkiDev/certs_exts_fix 
ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
 2019-11-20 16:17:28 -08:00
Sean Parkinson
a20db0b8ad Fix sp_add to handle carries properly 2019-11-21 09:47:17 +10:00
John Safranek
ce0136e968 Maintenance: Integers 
In TFM and Integer, rshb() shouldn't try to shift a value that is 0.
This leads to using a negative offset to a pointer, but isn't used.
 2019-11-20 13:55:57 -08:00
John Safranek
71690fc73a Maintenance: DTLS 
1. Updated the window scrolling. There was a couple off-by-one errors in
the DTLS window handling. They canceled each other out, but there was a
rare case where they would shift too much.
 2019-11-20 13:46:23 -08:00
John Safranek
188eb45433 Maintenance: DTLS 
Removed redundant sequence increment when sending the Server Hello message.
 2019-11-20 13:08:01 -08:00
John Safranek
19d8ef405c Maintenance: DTLS 
When encrypting with AES-GCM, AES-CCM, or PolyChacha, do not increment
the DTLS sequence number. The sequence number should only be incremented
in BuildMessage. This was done because the sequence number used to be
incremented after calculating the HMAC or after the encrypt for AEAD
ciphers. The HMAC has been separated from the sequence increment.
 2019-11-20 10:56:56 -08:00
toddouska
88fb7efb8c Merge pull request #2602 from SparkiDev/certs_exts_free 
ProcessPeerCerts jump to error handling instead of returning
 2019-11-20 09:25:48 -08:00
toddouska
2a7fb69523 Merge pull request #2604 from SparkiDev/disabled_curve_fix 
TLS supported curve extension - validate support fix
 2019-11-20 09:17:50 -08:00
toddouska
ccc8a49fcb Merge pull request #2607 from SparkiDev/tls13_serverhello_cs 
TLS 1.3 client detects non-TLS 1.3 cipher suite in ServerHello
 2019-11-20 09:16:16 -08:00
toddouska
d5a1adab5d Merge pull request #2605 from SparkiDev/set_ser_num 
Added output size to SetSerialNumber
 2019-11-20 09:15:36 -08:00
toddouska
1ba366920c Merge pull request #2581 from SparkiDev/ecc_fixes_add 
Add deterministic ECDSA sig gen. Fix corner cases for add point.
 2019-11-20 09:12:28 -08:00
Tesfa Mael
f1fbabbb60 Use default 96-bits IV length when unset 2019-11-20 09:09:12 -08:00
Sean Parkinson
d441cee6fb When disabled memory, ensure all heap and types are used 2019-11-20 17:06:42 +10:00
Sean Parkinson
917e5b0405 TLS 1.3 client detects non-TLS 1.3 cipher suite in ServerHello 2019-11-20 12:22:00 +10:00
Sean Parkinson
13c6346158 Check error returns from mp calls 2019-11-20 11:09:50 +10:00