wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 16:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,948 Commits 12 Branches 184 Tags
6dc06993bf369292cec76cf65605dab3b2d19a62
Commit Graph

4671 Commits

Author SHA1 Message Date
toddouska
3f6a444bef Merge pull request #3564 from SparkiDev/tls13_add_sess 
TLS 1.3: Don't add a session without a ticket
 2020-12-14 16:09:52 -08:00
toddouska
43182b9389 Merge pull request #3548 from gstrauss/HAVE_SNI 
put all SNI code behind simpler preprocessor directive HAVE_SNI
 2020-12-14 16:08:53 -08:00
toddouska
56e2c0e268 Merge pull request #3534 from douzzer/linuxkm-cryptonly 
--enable-linuxkm --enable-cryptonly
 2020-12-14 15:14:54 -08:00
David Garske
428c6b4301 Merge pull request #3523 from SparkiDev/pkcs11_fixes_2 
Pkcs11 fixes 2
 2020-12-14 14:09:26 -08:00
Sean Parkinson
fb5b415e83 TLS 1.3: Don't add a session without a ticket 
TLS 1.3 doesn't support resumption with PSK (session ticket or with the
PSK callback).
 2020-12-14 14:03:31 +10:00
John Safranek
0e9926bd83 Merge pull request #3553 from haydenroche5/cert_status_fix 
Fix OCSP cert status check in internal.c
 2020-12-11 13:27:29 -08:00
Daniel Pouzzner
ec96e5ad74 wolfSSL_BN_is_odd(): fix function signature to match header (unsigned long reverted to WOLFSSL_BN_ULONG). 2020-12-11 14:16:44 -06:00
Glenn Strauss
9d095066eb wrap SNI-related code with HAVE_SNI 
perhaps some of this code should additionally be wrapped in
-  #ifndef NO_WOLFSSL_SERVER

It is fragile and ugly to litter the code with the likes of
-  #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
-                               defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
-                               defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
while it is much clearer and much more maintainable to wrap SNI-related
code with an SNI-specific feature-define HAVE_SNI (and possibly further
restrict with feature-define #ifndef NO_WOLFSSL_SERVER).
 2020-12-10 15:46:20 -05:00
Daniel Pouzzner
f277339528 add explicit casts to XMALLOC()s, even for (void *), to avoid warnings in C++ and MSVC/MSVS builds, and to avoid false positives on simple text searches. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
b723c7ddbe bn.h and ssl.c: define WOLFSSL_BN_ULONG to be target-native unsigned long, revert *_word() bn.h API functions to use WOLFSSL_BN_ULONG, and change wolfSSL_BN_get_word() to return WOLFSSL_BN_ULONG rather than unsigned long, for consistency. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
78b2b3ca3b ssl.c:wolfSSL_BN_get_word_1(): remove dead logic inadvertently retained. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
e6b587772f fix pointer type clash in wolfSSL_BN_mod_word(); restore accidentally removed WOLFSSL_KEY_GEN gate in dsa_test(). 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
53cfa55941 src/ssl.c and wolfssl/openssl/bn.h: refactor _word mp routines to consistently accept/return target-native unsigned long type, for compatibility with sp-math-all. needed because WOLFSSL_BN_ULONG can, surprisingly, be only 16 bits, when sp-math-all in a 32 bit build. 2020-12-10 14:16:20 -06:00
Hayden Roche
a6378de4f0 Fix OCSP cert status check in internal.c 
I missed one line in internal.c when I recently modified the OCSP ASN code.
 2020-12-10 10:32:30 -06:00
toddouska
f31b41fcca Merge pull request #3495 from haydenroche5/httpd 
Add OpenSSL compatibility functions for latest version of Apache httpd
 2020-12-09 09:55:13 -08:00
toddouska
367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
toddouska
7834dee991 Merge pull request #3503 from SparkiDev/dtls_mtu_write 
DTLS MTU: check MTU on write
 2020-12-09 09:42:44 -08:00
Sean Parkinson
9b894048fd PKCS #11: only open/close session when performing op, use C_Sign for RSA 
Was opening and closing sessions when operations not compiled in were
being attempted (e.g. hashing during certificate signing).
C_Sign can be used with X509 RSA (raw) as it does the same operations as
C_Decrypt. Use the function matching hig level operation where
supported.
Make debugging functions take a CK_ULONG rather than an int - to avoid
casting.
 2020-12-07 10:15:43 +10:00
Glenn Strauss
034248b964 add more missing HAVE_LIGHTY 2020-12-05 15:52:17 -05:00
Hayden Roche
03c7e52f5f Add OpenSSL compatibility functions for Apache httpd's OCSP module. 2020-12-03 11:22:43 -06:00
Hayden Roche
bca43654df Make changes to OCSP ASN code. 
- Use OcspEntry in OcspResponse instead of CertStatus. OcspEntry is more
  analogous to an OCSP SingleResponse, which contains issuer name and key
  hashes. Correspondingly, remove these hashes from OcspResponse, since they'll
  now be stored per SingleResponse in an OcspEntry.
- Add a hashAlgoOID to OcspEntry (corresponds to hashAlgorithm in CertId in RFC
  6960). This makes OcspEntry more closely resemble an OCSP SingleResponse.
- Change WOLFSSL_OCSP_CERTID to map to OcspEntry. OcspEntry contains all the
  information that an OCSP CertID contains, and is a better fit than
  OcspRequest.
- Add a pointer to the raw CertId in an OCSP SingleResponse to OcspEntry, along
  with a size field to indicate how many bytes the CertId occupies. This will
  be used in an OpenSSL compatibility function, i2d_OCSP_CERTID, which yields
  the raw bytes of the CertId.
 2020-12-03 11:22:43 -06:00
toddouska
b4c7b5e6ce Merge pull request #3525 from SparkiDev/tls13_session 
TLS 1.3: always add session when sending finished message
 2020-12-02 13:47:38 -08:00
John Safranek
6fc64263f2 Merge pull request #3519 from julek-wolfssl/scr-timeout 
Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage
 2020-11-30 11:40:35 -08:00
Sean Parkinson
22a8be412b TLS 1.3: always add session when sending finished message 2020-11-27 09:46:02 +10:00
Sean Parkinson
38740a1caa Fix dynamic type name 2020-11-27 08:37:16 +10:00
Sean Parkinson
5ca8e8f87c PKCS#11: Label fixes and add support for checking private key 
Check private key matches the public key passed in.
Need to use a new API to pass in the token to use to perform PKCS #11
operations with.
 2020-11-27 08:37:16 +10:00
Sean Parkinson
43aeac4cf4 PKCS #11 SSL: detect key size when certificate set 2020-11-27 08:31:45 +10:00
Sean Parkinson
19f10cd382 PKCS #11: implement identifying keys by label 2020-11-27 08:31:45 +10:00
John Safranek
4baf923218 Verify Callback Fix 
1. Removed a flag set that would force all certificates in a chain
   to be verified. There was a compile time option to make that happen
   already.
2. Replace some options for some test failure test cases that were added
   and immediately removed.
(ZD 11292)
 2020-11-24 11:46:10 -08:00
Juliusz Sosinowicz
95132b1c55 Make renegotiation information available outside of OPENSSL_EXTRA 2020-11-24 17:03:40 +01:00
Juliusz Sosinowicz
41d58465c0 Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage 
Reset DTLS stored messages on a FreeHandshakeResources call even if secure renegotiation is enabled. Without this, in a server initiated rehandshake, the server would keep old messages (ChangeCipherSpec and Finished) even when it sent a HelloRequest message.
 2020-11-24 16:06:35 +01:00
John Safranek
f5c2bef78f Merge pull request #3492 from julek-wolfssl/dtls-scr-optimizations 
Save the HelloRequest message just like other handshake mesasges
 2020-11-20 11:50:51 -08:00
Juliusz Sosinowicz
69bea008dd Save the HelloRequest message just like other handshake mesasges 
Implement a timeout mechanism for non-blocking sockets
 2020-11-20 11:41:19 +01:00
John Safranek
2d79e38436 Merge pull request #3485 from julek-wolfssl/dtls-scr-seq-correct-num 
Fix overlapping sequence number error.
 2020-11-19 14:19:13 -08:00
David Garske
d4c59e369e Merge pull request #3335 from julek-wolfssl/RSA-PSS-padding-in-EVP_Digest-API 
Enable RSA-PSS padding in EVP_Digest* API
 2020-11-19 09:31:12 -08:00
Sean Parkinson
91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska
aa9ed17afa Merge pull request #3512 from dgarske/openssl_pem 
Fix for missing `wolfSSL_PEM_write_bio_PrivateKey` with WebRTC
 2020-11-18 16:17:46 -08:00
toddouska
ca281f976e Merge pull request #3493 from dgarske/zd11245 
Sniffer fixes for handling TCP `out-of-range sequence number`
 2020-11-18 16:14:09 -08:00
toddouska
a280df1892 Merge pull request #3488 from kabuobeid/x509_objtxt_lname 
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
 2020-11-18 16:10:46 -08:00
toddouska
b0979f4225 Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska
3adeff672b Merge pull request #3472 from SparkiDev/pickhashsigalgo_rework 
TLS PickHashSigAlgo: rework
 2020-11-18 15:58:59 -08:00
toddouska
dedde4c058 Merge pull request #3456 from JacobBarthelmeh/Certs 
strict certificate version allowed from client
 2020-11-18 15:55:50 -08:00
toddouska
9bde34ef5b Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00
Sean Parkinson
d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
David Garske
4cfe5a1bc1 Fix for missing wolfSSL_PEM_write_bio_PrivateKey with WebRTC. If keygen or certgen is not specified this was incorrectly being excluded with opensslextra or opensslall. 2020-11-18 11:30:53 -08:00
Juliusz Sosinowicz
a0a3a2b74c Review changes 2020-11-17 19:15:12 +01:00
Juliusz Sosinowicz
b4754d5706 CAVP, Windows, and FIPS tests 2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
d18e2d7386 Refactoring and use salt length discover if available 2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
248dd12993 Enable RSA-PSS padding in EVP_Digest* API 2020-11-17 15:04:57 +01:00
David Garske
4a790cd024 Fixes for building with --disable-ecc and --disable-dh. 2020-11-16 12:17:27 -08:00