wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 12:49:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,754 Commits 12 Branches 184 Tags
7e79e3a6bf0d4d3545ed2ac71d0374a8ed341e83
Commit Graph

3582 Commits

Author SHA1 Message Date
JacobBarthelmeh
8bf8fcca60 Merge pull request #2352 from dgarske/async_v4.1 
Fixes for Asynchronous support in v4.1
 2019-07-16 17:32:18 -06:00
JacobBarthelmeh
cb2ed60305 Merge pull request #2351 from ejohnstown/watch-chain-deux 
Sniffer Watch Cert Chain Part 2
 2019-07-16 15:04:32 -06:00
David Garske
7b021d68c3 Fixes for asynchronous support in v4.1: 
* Fixes PK callback null dereference.
* Fixes `DoCertificateVerify` verify handling.
* Fixes build issue with API tests.
 2019-07-16 11:56:02 -07:00
David Garske
5067d1fc10 Merge pull request #2328 from kaleb-himes/ZD-5373-TIRTOS 
Updating for TI hardware offload with latest version of wolfSSL
 2019-07-16 11:43:56 -07:00
toddouska
8b8ff2ac34 Merge pull request #2336 from kaleb-himes/ZD-5388-OCSP-STATUS-UNHONORED 
Honor the status from peer and do not do internal OCSP lookup regardless
 2019-07-16 11:32:34 -07:00
toddouska
99d3ea9e56 Merge pull request #2350 from SparkiDev/rsa_pss_fix 
Don't pick RSA PSS if not compiled in
 2019-07-16 11:28:50 -07:00
John Safranek
4b0bb75909 Sniffer Watch Cert Chain Part 2 
1. Check the sizes picked up out of the message against the expected
size of the record when looking at the certificate messages.
2. Renamed the cert and certSz in the watch callback with it being a
certChain.
 2019-07-16 09:54:45 -07:00
Sean Parkinson
8112c1236d Don't pick RSA PSS if not compiled in 2019-07-16 14:59:01 +10:00
Sean Parkinson
9af9941b90 Fixes for TLS 1.3 and OCSP Stapling 
Create the OCSP Response for Stapling and TLS 1.3 when parsing.
When parsing OCSP stapling extension with TLS 1.3, use a new extension
object if it was created.
Set the extension size to 0 before writing extensions when sending a TLS
1.3 Certificate message.
 2019-07-16 13:52:36 +10:00
John Safranek
3cdb4f8bf0 Sniffer Watch Cert Chain 
Modifed the sniffer watch callback so it provides a SHA-256 hash of the
peer certificate, as before, and the entire certificate chain sent by
the server in the Certificate handshake message. The chain is taken
directly from the message payload, unprocessed. It'll be a list of pairs
of 24-bit certificate length and a DER encoded certificate, all in
network byte order.
 2019-07-15 14:07:22 -07:00
Chris Conlon
5743a1c80f Merge pull request #2341 from miyazakh/fix_ricoh_buildfailure 
fix build failure when enabling MYSQL_COMPATIBLE
 2019-07-15 10:10:34 -06:00
toddouska
b4765a5c9e Merge pull request #2340 from JacobBarthelmeh/Testing 
fsanitize report fixes
 2019-07-11 11:18:09 -07:00
toddouska
88f923a2a1 Merge pull request #2338 from ejohnstown/md5-null-suite 
RSA-NULL-MD5 cipher suite
 2019-07-11 11:15:48 -07:00
Hideki Miyazaki
3756a2c8c7 fix build failure when enabling MYSQL_COMPATIBLE 2019-07-11 09:00:03 +09:00
Jacob Barthelmeh
a6cc9af1fc free old peer RSA key in secure renegotiation when getting new one 2019-07-10 17:07:16 -06:00
Jacob Barthelmeh
6c9fac2a71 add wolfSSL_RAND_Cleanup to match wolfSSL_RAND_seed call on init 2019-07-10 16:43:44 -06:00
Jacob Barthelmeh
85ce959031 free peer cert overwritten by secure renegotiation 2019-07-10 16:04:42 -06:00
John Safranek
45b280a53e RSA Null MD5 cipher suite 
1. Add the cipher suite TLS_RSA_WITH_NULL_MD5 for use with the sniffer.
2. Added TLS_RSA_WITH_NULL_MD5 to the suite test.
 2019-07-10 14:32:14 -05:00
toddouska
92bd585f25 Merge pull request #2329 from JacobBarthelmeh/SanityChecks 
scan-build fixes
 2019-07-10 10:23:39 -07:00
toddouska
9daccb3300 Merge pull request #2320 from SparkiDev/tls_alerts 
Send more alerts as per TLS specification
 2019-07-09 08:02:32 -07:00
kaleb-himes
3e6246af59 Honor the status from peer and do not do internal OCSP lookup regardless 
Item 2) Suggestion from Sean implemented: "Limit the message types"

Item 3) Removed a hard tab
 2019-07-09 07:09:09 -06:00
kaleb-himes
b8c6bc0d7f Changes following peer review, add defines to disable for any HW port 2019-07-08 16:28:35 -06:00
Chris Conlon
0bb6b388c0 Merge pull request #2312 from kojo1/RAND_bytes_2 
RAND_bytes
 2019-07-08 15:30:06 -06:00
toddouska
97a6dc9e7e Merge pull request #2316 from SparkiDev/tls13_ext_fixes 
TLS 1.3 extension fixes
 2019-07-08 14:13:55 -07:00
toddouska
1bcec1b9ab Merge pull request #2319 from SparkiDev/tls13_alerts 
Improve alert sending in TLS 1.3 code from fuzz testing
 2019-07-08 14:11:35 -07:00
Jacob Barthelmeh
efe276414b set internal x509 elements to NULL after free 2019-07-08 15:11:03 -06:00
toddouska
79165ce8cb Merge pull request #2315 from SparkiDev/tlsx_ext_debug 
Print out extension data being parsed when WOLFSSL_DEBUG_TLS defined.
 2019-07-08 13:59:11 -07:00
toddouska
36920b1469 Merge pull request #2314 from SparkiDev/tls13_fixes 
TLS 1.3 ClientHello rework and other fixes
 2019-07-08 13:14:37 -07:00
toddouska
d824b78af0 Merge pull request #2323 from dgarske/various_fixes 
Various fixes, improvements to build options for reduced code size and static benchmarks
 2019-07-08 13:02:22 -07:00
toddouska
baf65f4f43 Merge pull request #2327 from JacobBarthelmeh/Compatibility-Layer 
add wolfSSL_PEM_write_DHparams implementation
 2019-07-08 12:58:10 -07:00
toddouska
e6ab7d165c Merge pull request #2325 from JacobBarthelmeh/Testing 
remove HAVE_CRL macro guard from X509 PEM write function
 2019-07-08 12:57:15 -07:00
toddouska
66db74d827 Merge pull request #2313 from SparkiDev/tls13_reneg 
Fix for TLS 1.3 and secure renegotiation
 2019-07-08 12:56:02 -07:00
toddouska
406ff31fc8 Merge pull request #2311 from SparkiDev/tls12_ffdhe_fix 
Better support for TLS 1.2 and FFDHE
 2019-07-08 12:55:03 -07:00
toddouska
1070aba5e2 Merge pull request #2308 from SparkiDev/resumption_fix 
Don't resume if stored session's ciphersuite isn't in client list
 2019-07-08 12:52:59 -07:00
toddouska
2610d9ce94 Merge pull request #2307 from SparkiDev/pick_hash_sig 
Improve hash and signature algorithm selection
 2019-07-08 12:51:36 -07:00
toddouska
74324bb1b5 Merge pull request #2305 from SparkiDev/doalert_fix 
Better handling of alerts
 2019-07-08 12:50:26 -07:00
toddouska
60d6d71636 Merge pull request #2304 from SparkiDev/tls_sha224 
Support to TLS for RSA SHA-224 signatures
 2019-07-08 12:47:56 -07:00
toddouska
2a4b935e07 Merge pull request #2299 from JacobBarthelmeh/DTLS-MultiCore 
DTLS export/import state only
 2019-07-08 12:47:13 -07:00
Jacob Barthelmeh
b5a5100068 move location of X509 free 2019-07-05 14:33:35 -06:00
Jacob Barthelmeh
4cf8923838 make wc_DhParamsToDer a static function to avoid DhKey redefenition 2019-07-05 11:58:40 -06:00
Takashi Kojo
9b654d25d1 wolfSSL_RAND_seed(NULL, 0); 2019-07-04 18:31:57 +09:00
Jacob Barthelmeh
5dcd421580 scan-build fixes 2019-07-03 17:08:02 -06:00
Jacob Barthelmeh
ab9d89cb31 cast on return and move location of function declaration 2019-07-03 15:20:08 -06:00
Jacob Barthelmeh
f2bb5e8944 implementation of wolfSSL_PEM_write_DHparams 2019-07-02 17:42:33 -06:00
Jacob Barthelmeh
a7acacff41 remove HAVE_CRL macro guard from X509 PEM write function 2019-07-02 14:37:33 -06:00
Sean Parkinson
0e33e2d9ee Check PickHashSigAlgo return when doing CerticateRequest 
Only check picking the hash and signature algorithm functions return
when a certificate is available to send to peer.
Include the ECC signature and hash algorithms in available list even
when using ECDSA certificates signed with RSA.
List is of capabilities not what is in certificate.
Certificate request sent to peer doesn't have to be an ECDSA certificate
signed with RSA.
Same treatment for RSA.
 2019-07-02 11:53:04 +10:00
Sean Parkinson
28aa99c3e3 Always have support for SHA-224 signatures when SHA-224 built-in 2019-07-02 08:27:04 +10:00
John Safranek
21afcf17a8 Sniffer Watch Mode 
1. Split the function ssl_SetWatchKey() into ssl_SetWatchKey_file()
which loads the key from a named file and ssl_SetWatchKey_buffer()
which loads the key from a provided buffer. file() uses buffer().
 2019-07-01 13:50:28 -07:00
John Safranek
b02e1e8d59 Sniffer Watch Mode 
Added some statistics tracking to the watch mode.
 2019-07-01 13:50:28 -07:00
John Safranek
b61803f165 Sniffer Watch Mode 
Added the build option for the Watch mode for the sniffer. Instead of
setting a set of IP addresses and keys, you set a callback function.
When any TLS connection is started, the hook is called and a hash of the
peer certificate is given to the callback function. It has a chance to
load a private key into the sniffer session. Enable this option with the
build flag "WOLFSSL_SNIFFER_WATCH".
 2019-07-01 13:50:28 -07:00