wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 16:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,703 Commits 12 Branches 184 Tags
5cda549d00544a4bbedb85e8dfb46017e99f4f07
Commit Graph

12703 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
5cda549d00 Allow passing multiple keys (comma separated) with the sniffer test tool. This allows setting both DH and ECC static ephemeral keys. Do not fail on resume not found. 2020-11-12 08:59:11 -08:00
David Garske
720919198f Fix for Scan-buld and when building without ECC or DH. 2020-11-12 08:59:11 -08:00
David Garske
71d9f1e9bd Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral. 2020-11-12 08:59:11 -08:00
David Garske
1c87f3bdc1 Improve sniffer resume logic. 2020-11-12 08:59:10 -08:00
David Garske
d208779974 Added test case for TLS v1.3 with HRR (hello_retry_request) 2020-11-12 08:59:10 -08:00
David Garske
b74f0fb6b8 Fixes for sniffer with hello_retry_request. Fix for TLS v1.3 certificate processing. 2020-11-12 08:59:10 -08:00
David Garske
c7bb602a30 Merge pull request #3482 from douzzer/scan-build-fixes-20201110 
scan-build fixes -- 1 null deref, 34 unused results
 2020-11-12 07:45:45 -08:00
toddouska
d3e3b21c83 Merge pull request #3393 from dgarske/zd11104 
Fix for TLS ECDH (static DH) with non-standard curves
 2020-11-11 14:22:37 -08:00
toddouska
197c85289b Merge pull request #3468 from SparkiDev/sp_c_mul_d 
SP C32/64 mul_d: large div needs mul_d to propagate carry
 2020-11-11 14:06:25 -08:00
Daniel Pouzzner
5fe1586688 fix 34 deadcode.DeadStores detected by llvm11 scan-build. 2020-11-11 13:04:14 -06:00
JacobBarthelmeh
fe2dcf76fe Merge pull request #3413 from cconlon/zd11011 
PKCS#7: check PKCS7 SignedData private key is valid before using it
 2020-11-11 22:55:03 +07:00
David Garske
68209f91fb Merge pull request #3465 from kaleb-himes/DOX_UPDATE_wc_RsaPublicEncrypt 
Address report on issue #3161
 2020-11-10 14:52:20 -08:00
David Garske
fcd73135f5 Merge pull request #3479 from tmael/ocsp_NULL 
Check <hash> input parameter in GetCA
 2020-11-10 14:46:05 -08:00
Daniel Pouzzner
958fec3b45 internal.c:ProcessPeerCerts(): fix a core.NullDereference detected by llvm9 and llvm11 scan-builds. 2020-11-10 16:40:28 -06:00
Chris Conlon
7b50cddf8c Merge pull request #3387 from ethanlooney/27th_branch 
Added unit test for evp.c
 2020-11-10 13:27:33 -07:00
David Garske
8645e9754e Only set ssl->ecdhCurveOID if not already populated. 2020-11-10 09:47:38 -08:00
David Garske
1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske
fa1af37470 Fix for FIPS ready CAVP tests. For now it requires ECC 192-bit. 2020-11-10 09:47:37 -08:00
David Garske
5de80d8e41 Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske
b13848e568 Fix tests to handle ECC < 224 not enabled. 2020-11-10 09:47:37 -08:00
David Garske
6bd98afdd0 Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined. 2020-11-10 09:47:37 -08:00
David Garske
c697520826 Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits. 2020-11-10 09:47:36 -08:00
David Garske
62dca90e74 Fix for server-side reporting of curve in wolfSSL_get_curve_name if client_hello includes ffdhe, but ECC curve is used. 2020-11-10 09:47:36 -08:00
David Garske
d7dee5d9e6 Fix for ECC minimum key size, which is 112 bits. 2020-11-10 09:47:36 -08:00
David Garske
6ac1fc5cff Fix include.am typo. 2020-11-10 09:47:36 -08:00
David Garske
10f459f891 Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256. 2020-11-10 09:47:36 -08:00
David Garske
fb9ed686cb Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available). 2020-11-10 09:47:36 -08:00
David Garske
045fc4d686 Fixes to support overriding minimum key sizes for examples. 2020-11-10 09:47:36 -08:00
David Garske
bfb6138fc5 Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow 
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
 2020-11-10 09:37:36 -08:00
Daniel Pouzzner
5625929c83 scripts/external.test: skip test when -UHAVE_ECC. 2020-11-10 01:27:45 -06:00
Daniel Pouzzner
196ae63eb2 scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible). 2020-11-10 00:03:02 -06:00
Daniel Pouzzner
bd38124814 ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount. 2020-11-09 21:24:34 -06:00
toddouska
3050f28890 Merge pull request #3467 from cconlon/rc2vs 
rc2.c to Visual Studio projects, fix warnings
 2020-11-09 13:52:03 -08:00
David Garske
f02c3aab2e Merge pull request #3475 from ejohnstown/nsup 
Hush Unused Param Warning
 2020-11-09 11:04:05 -08:00
Daniel Pouzzner
4b1a779fcc tests: fix for fips-test -Wunused-variable on "rng" 2020-11-09 11:54:49 -06:00
David Garske
7e3efa3792 Merge pull request #3474 from douzzer/lighttpd-update-1.4.56 
lighttpd support update for v1.4.56
 2020-11-09 09:24:58 -08:00
Tesfa Mael
a5caf1be01 Check for NULL 2020-11-09 08:45:48 -08:00
Daniel Pouzzner
22bcceb2d3 src/sniffer.c: guard against null arguments to TraceSetNamedServer(), to eliminate -Werror=format-overflow= warnings from gcc. 2020-11-06 17:40:12 -06:00
Kaleb Himes
937a7ce8ce Merge pull request #3448 from dgarske/crypto_cb 
Improve the crypto callback for ASN
 2020-11-06 15:26:11 -07:00
John Safranek
884a9b59ab Merge pull request #3461 from dgarske/fips_ready_wopensslextra 
Fix for FIPS ready with openssl compat
 2020-11-06 13:14:06 -08:00
Ethan Looney
a6e0d3eb29 Changed hardcoded values to variables, changed where some variables were defined, etc 2020-11-06 14:04:27 -07:00
Chris Conlon
ac4c8a0112 Merge pull request #3419 from ethanlooney/29th_branch 
Added case for Logging.c unit test
 2020-11-06 13:10:24 -07:00
toddouska
4110297b62 Merge pull request #3473 from embhorn/zd11198 
wc_SetIssuerRaw should copy raw subject to issuer
 2020-11-06 10:48:37 -08:00
toddouska
b4e7f196df Merge pull request #3470 from SparkiDev/config_fix_3 
TLS configurations fixes
 2020-11-06 10:35:51 -08:00
toddouska
3f25cda354 Merge pull request #3469 from SparkiDev/cpuid_sp_asm 
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
 2020-11-06 10:34:40 -08:00
John Safranek
abd6f6ce18 Hush Unused Param Warning 
Removed a guard check for NO_WOLFSSL_STUB from wolfSSL_X509_print_ex().
To recreate:

    $ ./configure --enable-opensslextra CPPFLAGS="-DNO_WOLFSSL_STUB"
    $ make
 2020-11-06 10:30:47 -08:00
toddouska
f3d961b1b1 Merge pull request #3453 from dgarske/ZD11159 
Fix for possible memory leak when overriding error for verify callback
 2020-11-06 10:18:52 -08:00
toddouska
f9ec7c472a Merge pull request #3440 from ejohnstown/ntf3 
Nightly Test Fix
 2020-11-06 10:15:23 -08:00
Hayden Roche
2cad844d29 Merge pull request #3421 from dgarske/apache_httpd 
Apache httpd w/TLS 1.3 support
 2020-11-06 12:14:58 -06:00
David Garske
0d2e28ce80 Fix for error: unused function 'MonthStr' 2020-11-06 10:11:48 -08:00