wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 18:42:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
14,574 Commits 12 Branches 184 Tags
3bebcaaf540eae9cc9463e91df715939750e8ae0
Commit Graph

5290 Commits

Author SHA1 Message Date
John Safranek
52b8c7b1fa Merge pull request #4192 from haydenroche5/ocsp_http_header 
Improve wolfIO_HttpProcessResponse HTTP header checking logic.
 2021-07-12 14:13:07 -07:00
John Safranek
b9dac74086 Merge pull request #4193 from JacobBarthelmeh/StaticAnalysisTests 
Static analysis tests
 2021-07-07 14:23:58 -07:00
JacobBarthelmeh
86e5287a14 Merge pull request #4032 from TakayukiMatsuo/tk11968 
Make wolfSSL_CTX_set_timeout reflect to Session-ticket-lifetime-hint
 2021-07-07 22:26:06 +07:00
JacobBarthelmeh
7b9d6a3f5e Merge pull request #3792 from TakayukiMatsuo/os_keylog 
Add wolfSSL_CTX_set_keylog_callback
 2021-07-07 15:34:33 +07:00
Hayden Roche
7422f07fb5 Improve wolfIO_HttpProcessResponse HTTP header checking logic. 
Modify this function to just ensure that the response header starts with "HTTP
1.x 200" (where x is 0, 1, etc.).
 2021-07-06 15:18:26 -07:00
Jacob Barthelmeh
ae00b5acd0 some minor changes for unintialized and null infer reports 2021-07-06 14:13:45 +07:00
TakayukiMatsuo
5df0f7820a Add wolfSSL_CTX_set_keylog_callback 2021-07-03 14:51:23 +09:00
TakayukiMatsuo
567d8ed704 Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition. 2021-07-02 10:50:00 +09:00
TakayukiMatsuo
aef9e560b1 Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint. 2021-07-02 09:15:01 +09:00
Daniel Pouzzner
e9e41d3344 Merge pull request #4070 from elms/fsanitize/undefined_fixes 
address errors with `-fsanitize=undefined`
 2021-07-01 13:00:06 -05:00
JacobBarthelmeh
45486ac904 Merge pull request #4166 from miyazakh/supportedversion_ex_mindowngrade 
not include smaller versions than minimum downgrade
 2021-07-01 21:00:20 +07:00
Elms
75e807abc6 Fixes for gcc-10 and -fsanitize=undefined for rabbit.c 
* One introduced in #4156
* One from previous commit in this PR
 2021-06-30 22:20:17 -07:00
Sean Parkinson
6694775d4b Changes to compile without XTREAM_ALIGN 
Use macro to load 32 bits from input parameters key in hc128.c and input
in rabbit.c
Also fix warning about string copy.
 2021-06-30 21:58:30 -07:00
Elms
56d879f422 address scan-build issues for clang 6 and 10 2021-06-30 21:58:30 -07:00
Elms
dc7beab784 address errors with -fsanitize=undefined 
- fix null dereferences or undefined `memcpy` calls
 - fix alignment in `myCryptoDevCb`
 - fix default dtls context assignment
 - add align configure option to force data alignment

TESTED:
 `./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
 2021-06-30 21:58:30 -07:00
Sean Parkinson
f56bf3d8ee TLS: Get DH anon working TLS 1.2 and below 
Send the server DH parameters in ServerKeyExchange.
./configure '--enable-anon' '--disable-rsa' '--enable-oldtls'
 2021-06-29 10:29:39 +10:00
David Garske
63ad5d58a2 Merge pull request #4162 from ejohnstown/abi-update 
ABI Update
 2021-06-25 08:36:07 -07:00
John Safranek
5437883da7 Merge pull request #4164 from dgarske/async_frag 
Fix for async with fragmented packets
 2021-06-25 08:33:50 -07:00
David Garske
74b9b5a8cd Merge pull request #4156 from SparkiDev/regression_fixes_1 
Regression test fixes
 2021-06-25 07:48:02 -07:00
Hideki Miyazaki
d576e3ef96 not send smaller versions than minimum downgradable version as supportedversion ext 2021-06-25 14:51:34 +09:00
Sean Parkinson
dab6724059 Regression fixes: more configurations 
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
&& make
./configure --disable-aescbc --disable-chacha --disable-poly1305
--disable-coding && make
 2021-06-25 15:23:51 +10:00
Sean Parkinson
8592053856 Regression test fixes 
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
 2021-06-25 09:18:06 +10:00
David Garske
45ef68d5c7 Fix for async with fragmented packets where inline crypto could be overwritten on reprocessing fragment. FIxes unit tests with --enable-all --enable-asynccrypt. Minor cleanup for line length and free verify RSA buffer sooner. 
Reproducible with:

```
./examples/server/server -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -2
./examples/client/client -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 -2
```
 2021-06-24 16:03:12 -07:00
John Safranek
66c29ef1ca ABI Update 
Add wolfSSL_CTX_set_verify to the ABI list.
 2021-06-24 14:08:28 -07:00
Juliusz Sosinowicz
656e49cc3b Expand SHA-3 support 
Add more support in the EVP layer as well as add signing support. The SHA-3 OID's were also added for DER algorithm identifier encoding.
 2021-06-24 19:31:43 +02:00
David Garske
c59d1f2e8d Merge pull request #4155 from SparkiDev/ssl_reorg_3 
Reorg of ssl.c: standard C wrappers, EX_DATA, BUF_MEM, TXT_DB
 2021-06-24 09:53:53 -07:00
David Garske
97ab1bb013 Merge pull request #4154 from SparkiDev/hmac_update_ct 
TLS hmac: handle truncated mac in Hmac_UpdateFinal_CT()
 2021-06-24 09:28:22 -07:00
John Safranek
ae2f2b246e Merge pull request #4148 from BrianAker/master 
Fix for make distcheck, maintainer-clean, to allow distribution builds.
 2021-06-23 10:33:06 -07:00
Juliusz Sosinowicz
4eff3ff3dd Add a reason text for APP_DATA_READY 2021-06-23 13:43:56 +02:00
Sean Parkinson
945acb4c2f Reorg of ssl.c: standard C wrappers, EX_DATA, BUF_MEM, TXT_DB 2021-06-23 11:28:38 +10:00
Sean Parkinson
2923d812bd Merge pull request #4058 from miyazakh/qt_oslext_cs 
TLS: extend set_cipher_list() compatibility layer API
 2021-06-23 10:12:11 +10:00
Sean Parkinson
5cf7e17820 TLS hmac: handle truncated mac in Hmac_UpdateFinal_CT() 2021-06-23 09:54:41 +10:00
John Safranek
a5852fe440 Merge pull request #4119 from julek-wolfssl/dtls-seq-num-refactor 
Refactor `dtls_expected_peer_handshake_number` handling
 2021-06-22 16:29:45 -07:00
Sean Parkinson
eccfb4f632 Merge pull request #4125 from dgarske/sniffer_etsi 
TLS: Fixes for sniffer and static ephemeral keys
 2021-06-23 09:17:13 +10:00
Chris Conlon
4b3bd3e384 Merge pull request #4049 from miyazakh/set_verifyDepth_3 
Set verify depth limit
 2021-06-22 10:23:43 -06:00
Chris Conlon
b70e028200 Merge pull request #4087 from miyazakh/get_ciphers_compat 
higher priority of cipher suite is on top of stack
 2021-06-22 10:22:43 -06:00
Chris Conlon
b050463dce Merge pull request #4059 from miyazakh/qt_unit_test 
fix qt unit test
 2021-06-22 10:12:48 -06:00
David Garske
67b87a8883 Merge pull request #4127 from douzzer/wolfsentry-client 
outbound connection filtering and wolfSentry integration
 2021-06-22 07:27:18 -07:00
David Garske
c4ea64b7fc Merge pull request #4140 from SparkiDev/set_sig_algs 2021-06-21 19:18:10 -07:00
Brian Aker
2d497d1cf5 Fix for make distcheck, maintainer-clean, to allow distribution builds. 
This the second pass at this after seeing how fips is added to tree in later phases.
This allow autoreconf to be directly called which allows the Makefile to rebuild when seeing that changes have been ( having an autogen.sh is older convention which left to history in the way autotools are invoked )
This fixes "make distcheck" and "make maintainer-clean" which are required by most distributions packaging systems.

The files previously touched by autogen.sh are now properly placed into autoconf.
The include files files are generated by configure. ( There is a note placed in configure.ac as to why and reference to the automake documention for this ). Append to file was done on purpose, touch cannot be in configure safetly. Normally autoheader would be used for this but since the include files are created out of tree, care has to be taken to not overwrite those file.
For the source files, they were moved into the coresponding automake file. It is safe to use touch in automake. Since files can optionally copied from elsewhere, they have to be listed in BUILT_SOURCES. They are written srcdir in order to allow make to do VPATH builds ( which is configure by make distcheck ).
To show fips files are preserved without having the actual fips files, a C style comment can be echoed into the files.
There are a few current, but outstanding issues.
1) config.h needs to be fixed configure.ac to use autoheader in order to allow configure to know to rebuilt depencies on its changes. ( Out of scope for this patch. )
2) verion.h checked into the tree and it is a built file. A make maintainer-clean followed by "git status --ignored" will confirm this. ( Out of scope for this patch )
3) autogen.sh has not been updated to reflect fixes. I believe that for this patch, it should be left alone and checked for regression in Jenkins by itself.
4) There is an out of date .spec file for building RPM which should be updated now that distcheck is working.
5) maintainer-clean should have rule added to remove build-aux testdriver.

This has been tested on current Ubuntu testing, OSX, Fedora 34, and Debian 10.

Additionaly "make distcheck" should be added to regression testing, along with "make maintainer-check".

Other improvement possibilities:
A possible future improvement is to let autoconf handle build with optional out of dist files.
Modify fips configure.ac check to allow for an injection of comments into blank fips files in order to prove distribution of fips/non-fips builds.
Update git rules to use 'make maintainer-clean', 'autoreconf -if', 'make distcheck'.
 2021-06-19 20:16:14 -07:00
David Garske
5a685ca37e Merge pull request #4139 from SparkiDev/etm_check_pad 
TLS EtM: check all padding bytes are the same value
 2021-06-18 08:14:46 -07:00
Sean Parkinson
7224fcd9bc TLS: add support for user setting signature algorithms 2021-06-18 16:19:01 +10:00
Hideki Miyazaki
fbb7a40295 simplified string parse 2021-06-18 11:55:09 +09:00
Hideki Miyazaki
b52ff200de addressed code review part2 2021-06-18 11:22:23 +09:00
Hideki Miyazaki
368dd7b501 address review comments part1 2021-06-18 11:22:22 +09:00
Hideki Miyazaki
23a3c7f5f5 fixed no-termination 2021-06-18 11:22:21 +09:00
Hideki Miyazaki
1ebb4a47f6 addressed jenkins failure 2021-06-18 11:22:20 +09:00
Hideki Miyazaki
a4ff5de369 always tls13 suites in the front position 2021-06-18 11:22:20 +09:00
Hideki Miyazaki
4feedb72cc simulate set_ciphersuites comp. API 2021-06-18 11:22:19 +09:00
Hideki Miyazaki
23fc810b3c added more context 2021-06-18 11:10:13 +09:00