wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 00:42:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,007 Commits 12 Branches 184 Tags
5b39976cc0541965526c018dfd96ddfd76989bda
Commit Graph

4414 Commits

Author SHA1 Message Date
John Safranek
5b39976cc0 Sniffer without OldTls 
1. Put a guard around the call to DeriveKeys() when building with
  --enable-sniffer --disable-oldtls. Disabling OldTls removes the
  DeriveKeys() function. Similar logic used in internal.c.
 2020-08-26 16:47:44 -07:00
David Garske
51c2960407 Added function comment for wolfSSL_i2a_ASN1_OBJECT. Added heap context for wolfSSL_CertManagerCheckOCSP 2020-08-21 15:47:02 -07:00
David Garske
5f059306fd Fix for case with ssl->error not being set. 2020-08-21 15:47:02 -07:00
David Garske
1d55b2f526 Fixes for several memory leaks related to HAVE_WOLF_BIGINT. 2020-08-20 14:25:06 -07:00
John Safranek
55632a0567 Two more out of order DTLS message fixes. 2020-08-18 17:54:25 -07:00
John Safranek
113753370d Long Test Fixes 
1. Sniffer was trying to log a NULL pointer as a string. Logged a string instead.
2. Few misc fixes in ECC.
 2020-08-18 17:54:25 -07:00
toddouska
028bddd7ab Merge pull request #3215 from ejohnstown/release-4.5.0 
Release Update
 2020-08-17 13:51:23 -07:00
John Safranek
3be7f3ea3a Reject DTLS application data messages in epoch 0 as out of order. 2020-08-14 17:21:39 -07:00
John Safranek
3f6861ee82 FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
John Safranek
64084bcba2 Add a void to the empty parameter list for the function wolfSSL_SESSION_new(). 2020-08-13 13:18:29 -07:00
Sean Parkinson
bc74bfebdd Fixes from C++ and address access checking 
Fix access of table for cache resistance.
Don't name variable public or private.
Cast from void*
 2020-08-13 15:19:49 +10:00
toddouska
21ed05b85e Merge pull request #3214 from dgarske/snifferFreeFix 
Fix for SSL sniffer free to properly cleanup globals
 2020-08-11 20:27:09 -07:00
toddouska
fa146870bd Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked 
Additional OpenSSL compat stuff for OpenSSH
 2020-08-11 16:32:31 -07:00
toddouska
532c2f50e8 Merge pull request #3083 from julek-wolfssl/openssl-compat-X509V3_EXT_i2d 
Implement more OpenSSL compatibility functions
 2020-08-11 15:01:41 -07:00
David Garske
65bcc03885 Fix for SSL sniffer free to properly cleanup globals (resolves issue with then calling ssl_InitSniffer -> ssl_FreeSniffer then ssl_InitSniffer again). ZD 10757. 2020-08-11 14:07:32 -07:00
Jacob Barthelmeh
5cede22d1e wait to set size till after sanity check 2020-08-11 12:59:01 -06:00
toddouska
87a00df2ea Merge pull request #3118 from julek-wolfssl/aead-only-fix 
Check for WOLFSSL_AEAD_ONLY in wolfSSL_dtls_import_internal
 2020-08-11 09:33:47 -07:00
toddouska
4e6bc02257 Merge pull request #2982 from SparkiDev/ecc_sc 
ECC now calls mp_submod_ct and mp_addmod_ct
 2020-08-11 09:26:56 -07:00
JacobBarthelmeh
8b7f588aaf Merge pull request #3108 from SparkiDev/openssl_interop 
Update OpenSSL interopability testing
 2020-08-11 09:42:43 -06:00
Juliusz Sosinowicz
6e14b224da Add NULL check in wolfSSL_EC_POINT_invert 2020-08-11 10:11:48 +02:00
Sean Parkinson
93cdfd7132 Update OpenSSL interopability testing 
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
 2020-08-11 16:44:45 +10:00
Sean Parkinson
6467de5a88 Randomize z ordinates in scalar mult when timing resistant 
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
 2020-08-11 16:12:47 +10:00
toddouska
4f30e37094 Merge pull request #3074 from julek-wolfssl/dtls-multiple-app-records 
Handle 2+ dtls APP data records in one udp packet
 2020-08-10 14:52:04 -07:00
toddouska
98b4272e5b Merge pull request #3202 from ejohnstown/abi-server 
ABI Update for Server
 2020-08-10 14:25:05 -07:00
Juliusz Sosinowicz
a50affb408 Malloc enough space 2020-08-10 16:08:46 +02:00
Juliusz Sosinowicz
ef4b29ebc7 Jenkins fixes 2020-08-10 12:49:18 +02:00
Juliusz Sosinowicz
da190b8177 Don't map back to affine in wc_ecc_mulmod. It is done in ecc_map later. 2020-08-10 12:33:18 +02:00
David Garske
c0a664a8e5 Merge pull request #3200 from douzzer/20200805 
Add an error-checking wc_curve25519_make_pub() routine to the API for use by Wireguard
 2020-08-07 16:32:52 -07:00
toddouska
1724347f7a Merge pull request #3091 from julek-wolfssl/sess-serialization 
Expose session serialization outside of `OPENSSL_EXTRA`
 2020-08-07 15:41:27 -07:00
Juliusz Sosinowicz
cbd9b3717f Map points to Montgomery form for arithmetic. 2020-08-07 18:18:30 +02:00
Juliusz Sosinowicz
ea6edb6913 Fix memory leak 2020-08-07 17:39:48 +02:00
Eric Blankenhorn
064bfa583d Fix CheckAltNames to handle IP type 2020-08-07 10:12:56 -05:00
toddouska
82d927d40f Merge pull request #3199 from dgarske/openssl_sha 
Fix for building openssl compat without SHA-1
 2020-08-06 15:59:26 -07:00
Daniel Pouzzner
758665e347 Fix for TLS anonymous cipher and PKCS11 cast warnings. (author=dgarske) 2020-08-06 17:49:55 -05:00
Sean Parkinson
132adeac14 Merge pull request #3188 from julek-wolfssl/missing-cipherExtraData 
Move `cipherExtraData` so that it is available when HAVE_SESSION_TICKET
 2020-08-07 08:18:57 +10:00
John Safranek
14ff41a88c ABI Update for Server 
Added WOLFSSL_ABI tags to the functions wolfTLSv1_2_server(),
wolfTLSv1_3_server(), and wolfSSL_accept().
 2020-08-06 11:17:25 -07:00
toddouska
e121139178 Merge pull request #3179 from ejohnstown/suitesz 
Suite Size Check
 2020-08-06 11:05:10 -07:00
toddouska
4e9d49556e Merge pull request #3194 from SparkiDev/unit_fix_1 
Fix unit.test to not fail randomly
 2020-08-06 10:51:12 -07:00
David Garske
435eabfb4b Fix build error with unused variables. Added compat function for X509_add_ext. 2020-08-06 07:51:04 -07:00
Juliusz Sosinowicz
25619119b4 Change implicit conversions to explicit conversions 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
f1e2a3c8b9 Code review changes 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
139a192185 Implement wolfSSL_d2i_X509_NAME 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
ca3a608408 Implement functions 
- `wolfSSL_d2i_ECPrivateKey`
- `wolfSSL_EC_POINT_add`
- `wolfSSL_EC_POINT_invert`
 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
2529ce21b0 Implement wolfSSL_EC_GROUP_dup 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
ea8dd31de0 Implement wolfSSL_i2d_PUBKEY and refactor wolfSSL_i2d_PrivateKey 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
1f0d6d5f31 New functions implemented 
- `EC_POINT_is_on_curve`
- `i2d_EC_PUBKEY`
- `i2d_ECPrivateKey`
- `wc_ecc_point_is_on_curve`
 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
88b9bf3fba Fix memory leak with EncryptDerKey 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
e131d6be5b group->curve_nid is now set to the real NID of the curve 2020-08-06 15:52:11 +02:00
Juliusz Sosinowicz
471a9bd9fd Handle 2+ dtls APP data records in one udp packet 
Just return one message at a time if processing application data
 2020-08-06 14:03:38 +02:00
Juliusz Sosinowicz
c28b7b59c3 Fix jenkins leaks 2020-08-06 13:47:26 +02:00