wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 21:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,463 Commits 12 Branches 184 Tags
4b648e7e08d912b54fb4e01177137c79bdf7d7cb
Commit Graph

6704 Commits

Author SHA1 Message Date
Sean Parkinson
b1e37377a1 TLS performance fix: ForceZero minimization 
Don't ForceZero the output buffer before free.
ForceZero it when encryption fails.

ShrinkInputBuffer needs to zeroize input buffer even if not currently
encrypting as it may be using the buffer on wolfSSL object reuse.

Fix SP to zeroize the whole buffer.

Fix DH to check cBuf when WOLFSSL_CHECK_MEM_ZERO defined.
 2022-10-27 17:00:42 +10:00
Hayden Roche
294a26ba0c Merge pull request #5708 from JacobBarthelmeh/OCSP 2022-10-26 15:43:15 -07:00
JacobBarthelmeh
8f2d35bb84 Merge pull request #5741 from douzzer/20221026-fixes-QUIC-and-ALPN 
20221026-fixes-QUIC-and-ALPN
 2022-10-26 15:03:28 -06:00
JacobBarthelmeh
d08c204466 remove extra memset 2022-10-26 12:54:17 -07:00
Jacob Barthelmeh
8d6ee0b26a minor warning fixes 2022-10-26 10:48:51 -06:00
Daniel Pouzzner
dfa603e502 fixes for warnings and defects around QUIC and ALPN -- fixes for clang-diagnostic-gnu-zero-variadic-macro-arguments, clang-analyzer-deadcode.DeadStores, clang-analyzer-core.UndefinedBinaryOperatorResult, clang-analyzer-security.insecureAPI.strcpy, and an overrun prevention assert in wolfSSL_ALPN_GetPeerProtocol(). 2022-10-26 11:32:06 -05:00
JacobBarthelmeh
a26b89f66b fix leak with multiple entries 2022-10-26 09:29:06 -07:00
Sean Parkinson
8d8371ac5a Merge pull request #5717 from icing/sni-alpn-order 
Changing ALPN selection to a deterministic point in the handshake.
 2022-10-26 09:47:23 +10:00
JacobBarthelmeh
0f9279ce52 Merge pull request #5684 from SparkiDev/ssl_sess_version_check 
SSL session retrieval: check protocol version
 2022-10-25 17:29:54 -06:00
JacobBarthelmeh
7381846edb fix case of copying over status to existing struct 2022-10-25 15:33:17 -07:00
Hayden Roche
2b72a50688 Merge pull request #5662 from Uriah-wolfSSL/haproxy-update-2.6.0 2022-10-25 07:47:54 -07:00
Uriah Pollock
19e30b081f Resolved sanitizer issue. 2022-10-24 16:27:18 -05:00
Stefan Eissing
879f788bb9 Setting ssl->alpn_peer_requested_length to 0 when freeing ssl->alpn_peer_requested. 2022-10-24 10:27:16 +02:00
Stefan Eissing
a1203917c5 Update after review by haydenroche5. 2022-10-24 10:17:29 +02:00
Hayden Roche
4859a00c2a Merge pull request #5698 from SparkiDev/aes_arm32_no_hw 2022-10-21 12:34:22 -07:00
Hayden Roche
a60a15d544 Merge pull request #5721 from philljj/zd15011 2022-10-21 12:32:03 -07:00
Uriah Pollock
6aff27c5c8 Resolved valgrind issue. Updated ASN1_TIME usage per feedback. 
Refactored wolfSSL_d2i_OCSP_CERTID per feedback.
 2022-10-21 13:16:32 -05:00
jordan
e409acc0f7 cite RFC 5280 in DIST_POINT_NAME comment 2022-10-21 12:38:04 -05:00
Hayden Roche
fdffdd241f Merge pull request #5711 from philljj/add_SSL_set1_host 2022-10-20 15:02:24 -07:00
jordan
bfe8b9b76c correct DIST_POINT_NAME type value 2022-10-20 15:10:36 -05:00
Stefan Eissing
02d37f08fc Do not direclty return but goto exit label for cleanup of allocated resources in case ALPN selection or SNI callback fails. 2022-10-20 12:33:08 +02:00
Stefan Eissing
f1cf96846a Changing ALPN selection to a deterministic point in the handshake. 2022-10-19 15:25:52 +02:00
Daniel Pouzzner
895a2e1ac5 WOLFSSL_CALLBACKS codepaths: fixes for bugprone-unused-return-value, bugprone-macro-parentheses, readability-named-parameter, and clang-analyzer-deadcode.DeadStores 2022-10-18 13:34:42 -05:00
JacobBarthelmeh
af518f8c86 adjust saving new OCSP cert 2022-10-18 08:33:13 -07:00
Hayden Roche
b7c4ddba72 Merge pull request #5663 from lealem47/scan_build 2022-10-18 08:10:33 -07:00
Stefan Eissing
9726d1f6eb Allowing use of SSL/CTX_set_max_early_data() for client side. 
- updating english doc and test cases
 2022-10-18 10:40:18 +02:00
Sean Parkinson
591101fd8b AES for ARM32 without using crypto hardware instructions 
AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-CCM
Fix ldrd and strd to use even first first register and have
second register be next after first.
 2022-10-18 08:31:53 +10:00
Lealem Amedie
327b66d3ed Miscellaneous fixes from scan-build and KDF refactor & small build fixes 2022-10-17 14:34:08 -07:00
jordan
7e35919cc0 Add SSL_set1_host 2022-10-17 16:23:38 -05:00
Uriah Pollock
f48b736ec3 Changed some WOLFSSL_ASN1_TIME handling and other fixes. 2022-10-14 17:09:35 -05:00
David Garske
2c503a5b34 Merge pull request #5682 from JacobBarthelmeh/Testing 
additional sanity checks on debug callback
 2022-10-14 09:25:14 -07:00
Marco Oliverio
2fa2f8e88d fix: wrong size using DTLSv1.3 in RestartHandshakeHashWithCookie 
HRR_MAX_HS_HEADER_SZ does not consider DTLS handshake extra fields.
 2022-10-13 17:42:58 +02:00
Hayden Roche
4fa0deadda Merge pull request #5696 from ejohnstown/wc_only 2022-10-12 17:11:06 -07:00
John Safranek
b838d65a72 wincrypt.h requires windows.h, which isn't included in internal.h when WOLFCRYPT_ONLY set 2022-10-12 15:33:23 -07:00
Uriah Pollock
dc8997d4b6 Added more APIs for HaProxy integration. 2022-10-12 15:45:09 -05:00
Uriah Pollock
3c7f01d853 Added WOLFSSL_ASN1_TIME to CRL 2022-10-12 15:10:29 -05:00
Uriah Pollock
0f0496ae8f Added WOLFSSL_ASN1_TIME to CRL 2022-10-12 14:30:26 -05:00
Uriah Pollock
5cbb099dc9 Updated per PR comments. 2022-10-12 14:06:57 -05:00
Uriah Pollock
9117f8b51b Added more APIs for HaProxy integration. 2022-10-12 14:06:57 -05:00
Uriah Pollock
b798c5f3a0 Added wolfSSL_X509_REVOKED_get_revocationDate() 2022-10-12 14:06:56 -05:00
jordan
06511a0f2e tiny fix for broken lowresource build option 2022-10-11 17:54:42 -05:00
JacobBarthelmeh
927f4c445d additional sanity checks on debug callback 2022-10-11 13:14:59 -07:00
David Garske
3b33c962c4 Merge pull request #5660 from haydenroche5/load_system_root_certs 
Add support for wolfSSL_CTX_load_system_CA_certs on Windows and Mac.
 2022-10-11 08:38:57 -07:00
Hayden Roche
5f0d85adb5 Merge pull request #5666 from per-allansson/windows-wolfio-connect-timeout-bug 2022-10-11 07:42:46 -07:00
Sean Parkinson
43809b5f97 SSL session retrieval: check protocol version 
When looking up the session by ID on the server, check that the protocol
version of the SSL and session match on TLS 1.3 or not.
TLS 1.3 sessions don't work with TLS 1.2 handshakes and vice-versa.
 2022-10-11 11:07:05 +10:00
Juliusz Sosinowicz
b1f97c6bc0 Merge pull request #5652 from rizlik/send_alert_on_version_mismatch 2022-10-10 11:16:11 +02:00
Hayden Roche
12bfa24ecc Merge pull request #5559 from tmael/crl_bs_p 2022-10-09 09:45:49 -07:00
Hayden Roche
47ccd924c2 Merge pull request #5657 from julek-wolfssl/dtls-1.2-stateless 2022-10-09 09:31:07 -07:00
Hayden Roche
98ac4a6f9c Add ability to toggle system CA certs support. 2022-10-07 12:34:00 -07:00
Tesfa Mael
5704c83f78 Unused param 2022-10-07 12:24:52 -07:00