wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 23:12:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,908 Commits 12 Branches 184 Tags
49fefe176ef9f00c8e744aa6026cc6cc2dfcf709
Commit Graph

2946 Commits

Author SHA1 Message Date
John Safranek
49fefe176e DTLS and Atomic Encrypt Callback 
When using the encrypt callback, the DTLS sequence number isn't incremented. Moved the increment to later in the BuildMessage() function.
 2018-07-16 13:33:03 -07:00
toddouska
f0422bec41 Merge pull request #1681 from dgarske/pk_keygen 
Added ECC and Curve25519 Key Generation PK callback support
 2018-07-13 14:03:13 -07:00
toddouska
1337f7ddec Merge pull request #1674 from dgarske/derchainsz 
Fix for max cert chain size calculation
 2018-07-13 13:53:35 -07:00
toddouska
6c1778d373 Merge pull request #1669 from cconlon/mqxfixes 
fixes for MQX classic 4.0 with IAR-EWARM
 2018-07-13 11:59:28 -07:00
Eric Blankenhorn
9bc0e0c4fc Static analysis fixes (#1658) 
* Static analysis fixes
* Fixes for zd4071, zd4074, zd4093-zd4094, zd4096, zd4097-zd4104.
* Add test cases.
 2018-07-13 09:02:09 -07:00
John Safranek
f7c5b27bfc Merge pull request #1675 from toddouska/zero-error 
make SOCKET_PEER_CLOSED_E consistent between read and 2 write cases
 2018-07-12 12:53:48 -07:00
Chris Conlon
cadd556b3a cast result of bitwise not back to original type to prevent compiler warnings 2018-07-12 13:46:55 -06:00
David Garske
81d13e15d5 Added ECC and Curve25519 Key generation callback support for HAVE_PK_CALLBACKS. The TLS server side ECDHE could not correctly handle PK callback based shared secret calculation using a hardware based generated key. Refactor internal functions to use the callback ctx getter API. 2018-07-12 11:52:54 -07:00
toddouska
23687f44bc Merge pull request #1643 from ejohnstown/altnames 
Subject Alt Name Matching
 2018-07-11 13:20:58 -07:00
Todd Ouska
d639939a07 make SOCKET_PEER_CLOSED_E consistent between read and 2 write cases 2018-07-11 13:00:29 -07:00
David Garske
05cfeae3ce Fix for handling max cert chain size. It was not accounting for the 3 byte header in max size calculation. 2018-07-11 12:32:49 -07:00
Chris Conlon
0f2b5ca181 fixes for MQX classic 4.0 with IAR-EWARM 2018-07-11 10:54:24 -06:00
toddouska
376a4d3ca8 Merge pull request #1666 from dgarske/fix_always_verify 
Fix for building with `WOLFSSL_ALWAYS_VERIFY_CB`
 2018-07-09 11:13:28 -07:00
David Garske
9c2a5d2906 Further simplification of the PK verify wrapping to avoid malloc/free. Thanks Todd! 2018-07-06 16:21:43 -07:00
David Garske
85d58cbf8c Fix for building with WOLFSSL_ALWAYS_VERIFY_CB. 2018-07-06 15:31:52 -07:00
David Garske
595beb3fec Fixup for the removal of const. 2018-07-06 09:35:00 -07:00
David Garske
32f1b0a9c2 Added separate context for each SignatureCtx verify callback. Added missing ssl info to callback context. 2018-07-06 09:28:46 -07:00
David Garske
3cbcc872c1 Improved PK callback support for ConfirmSignature so certificate verification uses the callbacks. Retained wolfSSL/wolfCrypt isolation (I.E. no wolfSSL references from wolfCrypt). 2018-07-05 14:04:06 -07:00
toddouska
ae54bae2fa Merge pull request #1654 from SparkiDev/tls13_stapling 
TLS 1.3 OCSP Stapling
 2018-07-03 12:56:28 -07:00
toddouska
77f11a6be9 Merge pull request #1649 from embhorn/zd4043 
Fix for memory leak in wolfSSL_BN_hex2bn
 2018-07-02 16:22:57 -07:00
toddouska
9f35d211e0 Merge pull request #1644 from JacobBarthelmeh/Compatibility-Layer 
add ca when getting chain from x509 store
 2018-07-02 16:22:11 -07:00
toddouska
e17a16a45a Merge pull request #1600 from dgarske/lighttpd 
Changes to support Lighttpd 1.4.49
 2018-07-02 16:18:41 -07:00
John Safranek
adb3cc5a5a Subject Alt Name Matching 
1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.

Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
 2018-07-02 13:39:11 -07:00
Jacob Barthelmeh
201217bd97 casts for tls 1.3 windows warnings 2018-07-02 13:55:38 -06:00
Jacob Barthelmeh
a9ff79e321 check return value 2018-07-02 10:10:30 -06:00
Sean Parkinson
0bf3a89992 TLS 1.3 OCSP Stapling 
Introduce support for OCSP stapling in TLS 1.3.
Note: OCSP Stapling v2 is not used in TLS 1.3.
Added tests.
Allow extensions to be sent with first certificate.
Fix writing out of certificate chains in TLS 1.3.
Tidy up the OCSP stapling code to remove duplication as much as
possible.
 2018-07-02 16:59:23 +10:00
Eric Blankenhorn
ebb3eb87d1 Update from review 2018-06-29 11:02:10 -05:00
Eric Blankenhorn
c6890d518e Fix resource leak in wolfSSL_BN_hex2bn 2018-06-29 09:44:01 -05:00
toddouska
b4da4340a1 Merge pull request #1640 from SparkiDev/tls13_nb 
Fix non-blocking and buffered I/O
 2018-06-28 15:32:42 -07:00
David Garske
cd2971fb93 Abstracted code for setting options mask to improve wolfSSL_CTX_set_options, so it doesn't require allocating a WOLFSSL object. 2018-06-27 21:30:25 -07:00
David Garske
6dbca2b718 Fix to resolve the increased stack by allocating the temp ssl from the heap. 2018-06-27 19:44:34 -07:00
David Garske
66c2c65444 Changes to support Lighttpd 1.4.49: 
* Fix for `wolfSSL_CTX_set_options` to work correctly when no certificate has been set for WOLFSSL_CTX, otherwise this operation fails with `Server missing certificate`.
* Fix for bad argument name `time`.
* Fix for `warning: type of bit-field`: Allowed types for bit-fields are int and unsigned int only.
* Exposed `ERR_remove_thread_state` and `SSL_CTX_set_tmp_ecdh` for lighttpd
* Renamed `WOLFSSL_ERR_remove_thread_state` to `wolfSSL_ERR_remove_thread_state` and setup old name macro.
* Add missing newline on asn1.h.
* Whitespace cleanup in ssl.c.
 2018-06-27 19:44:34 -07:00
Sean Parkinson
abaa5daf43 Fix non-blocking and buffered I/O 
Fix states in TLS 1.3 connect and accept to be monotonically increasing
by 1.
Always have a new state after a buffer is constructed to be sent.
Add non-blocking support into TLS benchmark and support TLS 1.3.
 2018-06-28 08:49:32 +10:00
Sean Parkinson
7fbe1d3049 Fix support for OCSP and Nginx 
Store DER copy of CA certificate with signer when
WOLFSSL_SIGNER_DER_CERT is defined.
Keep the bad issuer error for later when compiling for OpenSSL
compatability.
Authority Info string needs to be passed back with a nul terminator.
 2018-06-28 08:48:06 +10:00
Jacob Barthelmeh
af75145602 adjust macro guards 2018-06-27 16:13:46 -06:00
Jacob Barthelmeh
c2c209fb89 add ca when getting chain from x509 store 2018-06-27 14:09:32 -06:00
connerwolfssl
13b7dad0fa documentation clean up, added check for asn generalized time 2018-06-27 10:22:47 -07:00
toddouska
5d767aa004 Merge pull request #1641 from ejohnstown/rename-inline 
Rename INLINE
 2018-06-27 09:34:41 -07:00
toddouska
1b2876679b Merge pull request #1631 from ejohnstown/wolfio-select 
wolfIO Select Update
 2018-06-26 19:27:20 -07:00
John Safranek
586874b997 Rename INLINE 
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
 2018-06-26 15:17:46 -07:00
toddouska
d9b5948947 Merge pull request #1605 from dgarske/asyncfsanitize 
Fixes for async to resolve runtime fsanitize issues
 2018-06-26 14:27:07 -07:00
John Safranek
9d7bcf8ec7 wolfIO Select Update 
1. In wolfIO_Select(), separate out the fd lists into separate read and write lists.
2. Check the read and write fds lists to see if the connect() succeeded or failed.
3. Windows doesn't use the nfds parameter to Select. Initialize it to zero and reset it to the right value when building for not-Windows.
4. Remove the warning disable for Windows.

GCC 8.1 checks that "restrict" pointer parameters don't point to the same thing and will error if they do.
 2018-06-22 10:49:57 -07:00
John Safranek
e6c7952f50 Merge master into fipsv2. Resolved a conflict in api.c. 2018-06-22 09:52:26 -07:00
David Garske
1cb5bbf8ea Fixes for some async issues. Fixes an async issue with BuildMessage. Fixes for PKCS7 tests to not use async since it is not supported. 2018-06-22 09:30:25 -07:00
David Garske
623f1b58ac Fix for min IV size check. Cleanup of the max IV to use new enum MAX_IV_SZ. 2018-06-22 09:30:25 -07:00
David Garske
64ba151c35 Experimental fixes for async to resolve runtime fsanitize issues with invalid memory access due to attempting realloc on non NUMA type. Tested with ./configure --with-intelqa=../QAT1.6 --enable-asynccrypt CC="clang -fsanitize=address" --enable-debug --disable-shared --enable-trackmemory CFLAGS="-DWOLFSSL_DEBUG_MEMORY -DWOLFSSL_DEBUG_MEMORY_PRINT" && make and sudo ./tests/unit.test. 2018-06-22 09:30:25 -07:00
toddouska
9d86d323ef Merge pull request #1628 from JacobBarthelmeh/Fuzzer 
sanity check on hashing size
 2018-06-20 17:46:38 -07:00
Jacob Barthelmeh
bf63003237 sanity check before reading word16 from buffer 2018-06-20 16:48:40 -06:00
Jacob Barthelmeh
2f43d5eece update size to be used with fuzzing 2018-06-20 15:29:05 -06:00
Jacob Barthelmeh
61655ef56d comment on sz value and sanity check before fuzzing 2018-06-20 09:21:56 -06:00