wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 17:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,113 Commits 12 Branches 184 Tags
40dda7e80faa483f02ed30c9c976d2bf38728e2c
Commit Graph

17113 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jacob Barthelmeh
40dda7e80f fix XMALLOC in test and add filesystem macro guard 2022-06-21 17:24:14 -06:00
Jacob Barthelmeh
c59ec54713 initialize variable to fix warning 2022-06-10 06:22:54 -06:00
Jacob Barthelmeh
ba20f54b5b add UPN other name parsing and updating skip 2022-06-09 21:32:55 -06:00
JacobBarthelmeh
86023378f8 free decoded cert in test case and x509 2022-06-06 14:31:41 -07:00
JacobBarthelmeh
2cd9ca0c8f add support for asn template build 2022-06-06 09:42:03 -07:00
JacobBarthelmeh
36db5ef929 add test case for UUID and FASC-N 2022-05-23 09:17:42 -07:00
JacobBarthelmeh
cdfdefe9af improve checking on UUID getter function 2022-05-22 17:18:20 -07:00
JacobBarthelmeh
9e4de4bfc8 add FASC-N and UUID alt. name support 2022-05-22 17:18:20 -07:00
John Safranek
62cb2b4ca9 ASN.1 Additions for FPKI/CAC 
1. Add some OIDs used in the Federal PKI Policy Authority standard.
2. Added the SubjectDirectoryAttributes extension to certificate
   parsing. (limited to country of citizenship)
3. Rename constant label SUBJECT_INFO_ACCESS to SUBJ_INFO_ACC_OID
4. Added the SubjectInfoAccess extension to certificate parsing.
   (limited to one URL)
5. Add the SSH extended key usage flags.
6. Use some of the template changes on the new certificate items.
 2022-05-22 17:18:20 -07:00
David Garske
b5d65b9579 Merge pull request #5159 from kareem-wolfssl/fipsv3HmacMd5 
Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary.
 2022-05-20 18:40:29 -07:00
David Garske
9a74745246 Merge pull request #5163 from haydenroche5/evp_pkey_derive_guard 
Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive.
 2022-05-20 17:12:24 -07:00
Chris Conlon
ec39ee2cb6 Merge pull request #5070 from miyazakh/crypto_only_flwup 2022-05-20 17:08:29 -06:00
David Garske
d80b282fdd Merge pull request #5156 from anhu/HAVE_AES_GCM 
Rename HAVE_AES_GCM guard to HAVE_AESGCM in the tests.
 2022-05-20 15:03:57 -07:00
David Garske
04ddd0abe4 Merge pull request #5095 from haydenroche5/decoded_cert_crit_fields 
Make the critical extension flags in DecodedCert always available.
 2022-05-20 15:03:39 -07:00
David Garske
2fc129e236 Merge pull request #5162 from rliebscher/master 
Remove unused warning in ecc.c
 2022-05-20 11:42:39 -07:00
Hayden Roche
a6b948ae59 Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive. 2022-05-20 11:29:01 -07:00
René Liebscher
a8024a32c5 Remove unused warning in ecc.c 
When WOLFSSL_ECIES_OLD is defined you get an unused warning
in ecc.c / wc_ecc_encrypt_ex().
Just suppress it by "using" the parameter.
 2022-05-20 16:05:10 +02:00
David Garske
9427ebc5be Merge pull request #5160 from haydenroche5/tls_unique 
Provide access to "Finished" messages outside the compat layer.
 2022-05-19 21:30:30 -07:00
Sean Parkinson
b6290f1590 Merge pull request #5157 from douzzer/20220519-multi-test-fixes 
20220519-multi-test-fixes
 2022-05-20 13:47:09 +10:00
Hayden Roche
6d9fbf7ab3 Provide access to "Finished" messages outside the compat layer. 
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
 2022-05-19 16:34:13 -07:00
Daniel Pouzzner
efc8d36aa5 configure.ac: add whitespace separators to "((" groupings to mollify shellcheck SC1105 "Shells disambiguate (( differently or not at all. For subshell, add spaces around ( . For ((, fix parsing errors." 2022-05-19 18:19:11 -05:00
Daniel Pouzzner
6984cf83b2 scripts/ocsp-stapling.test: fix whitespace. 2022-05-19 16:45:50 -05:00
Kareem
832a7a40a6 Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary. 2022-05-19 12:06:20 -07:00
Daniel Pouzzner
5988f35593 src/wolfio.c: in EmbedReceiveFrom((), clear peer before recvfrom() to fix clang-analyzer-core.UndefinedBinaryOperatorResult; add DTLS_ prefix to macros SENDTO_FUNCTION and RECVFROM_FUNCTION, and gate their definitions on their being undefined to allow overrides. 2022-05-19 11:31:24 -05:00
Daniel Pouzzner
f2e9f5349f wolfcrypt/src/asn.c: refactor DecodeBasicOcspResponse() to keep DecodedCert off the stack in WOLFSSL_SMALL_STACK builds. 2022-05-19 11:28:34 -05:00
Daniel Pouzzner
368854b243 scripts/: refactor TLS version support tests to use -V, rather than -v (which makes frivolous connection attempts). 2022-05-19 11:18:34 -05:00
Anthony Hu
cf81ae79e4 HAVE_AESGCM 2022-05-19 11:30:58 -04:00
Anthony Hu
9c2903c176 Remove HAVE_AES_GCM guard as it is never defined. 2022-05-19 01:20:55 -04:00
David Garske
4a3ff40eb3 Merge pull request #5138 from haydenroche5/issuer_names 
Add ability to store issuer name components when parsing a certificate.
 2022-05-18 16:56:55 -07:00
Sean Parkinson
cd41c8beaf Merge pull request #5147 from rizlik/do_alert_reset 
internal.c:reset input/processReply state if exiting after DoAlert()
 2022-05-19 09:36:44 +10:00
Daniel Pouzzner
b53484be10 Merge pull request #5155 from cconlon/configFix 
Fix --enable-openssh FIPS detection syntax in configure.ac
 2022-05-18 17:34:43 -05:00
Chris Conlon
628a34a43d fix --enable-openssh FIPS detection syntax in configure.ac 2022-05-18 12:52:07 -06:00
Chris Conlon
1026c7141e Merge pull request #5148 from JacobBarthelmeh/PKCS7 2022-05-18 11:44:20 -06:00
Marco Oliverio
be172af3cd internal.c: check that we have data before processing messages 
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
 2022-05-18 18:49:33 +02:00
Marco Oliverio
6940a5eaae internal.c:reset input/processReply state if exiting after DoAlert() 2022-05-18 18:35:29 +02:00
John Safranek
40063f7487 Merge pull request #5109 from rizlik/dtls_peer_matching_fix 
wolfio: dtls: fix incorrect peer matching check
 2022-05-18 09:12:26 -07:00
Hideki Miyazaki
5de9c45161 resolve merge and conflict 2022-05-18 11:37:22 +09:00
David Garske
ac3fc89df9 Merge pull request #5151 from SparkiDev/tls13_premaster 
TLS 1.3:  pre-master secret zeroizing
 2022-05-17 19:18:43 -07:00
Hideki Miyazaki
54a96cef06 add test case 2022-05-18 11:16:10 +09:00
Hideki Miyazaki
88abc9f3c1 addressed review comments 
add to call wc_ecc_rs_to_sig and wc_ecc_verify_has
 2022-05-18 11:16:07 +09:00
Hideki Miyazaki
c1f117413f get crypto only compiled with openssl extra 2022-05-18 11:16:03 +09:00
Sean Parkinson
1765e2c482 Merge pull request #5150 from haydenroche5/benchmark_main_void 
Fix main signature in benchmark.c.
 2022-05-18 10:10:07 +10:00
Hayden Roche
04ff6afbad Add ability to store issuer name components when parsing a certificate. 
This is turned on when `WOLFSSL_HAVE_ISSUER_NAMES` is defined. This allows the
user to inspect various issuer name components (e.g. locality, organization,
etc.) by using these new fields in a `DecodedCert`.
 2022-05-17 16:29:52 -07:00
Sean Parkinson
2f91028f2d TLS 1.3: pre-master secret zeroizing 2022-05-18 08:52:38 +10:00
Hayden Roche
fd535242a0 Fix main signature in benchmark.c. 
If `NO_CRYPT_BENCHMARK` is defined, the main function is `int main()`, but it
should be `int main(void)`.
 2022-05-17 14:28:43 -07:00
Jacob Barthelmeh
8b46c95f06 macro guard for build with disable ecc 2022-05-17 11:36:09 -06:00
David Garske
c9ae021427 Merge pull request #5143 from julek-wolfssl/x509-ret-empty-name 
Return subject and issuer X509_NAME obj even when not set
 2022-05-17 09:16:54 -07:00
David Garske
50cc6d0422 Merge pull request #5139 from cconlon/opensshfips 
Modify --enable-openssh to not enable non-FIPS algos for FIPS builds
 2022-05-17 09:16:21 -07:00
Marco Oliverio
6df65c0162 wolfio: dtls: fix incorrect peer matching check 
Ignore packet if coming from a peer of a different size *or* from a different
peer. Avoid whole memcmp of sockaddr_in[6] struct because is not portable (there
are optional fields in struct sockaddr_in).
 2022-05-17 11:01:55 +02:00
Sean Parkinson
fc12c68601 Merge pull request #5146 from dgarske/kcapi_keywrap 
Fix to allow enabling AES key wrap (direct) with KCAPI
 2022-05-17 08:16:00 +10:00