wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 12:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,539 Commits 12 Branches 184 Tags
8ab396cb45fc598aaa3623dcd9e7568df7d5e29f
Commit Graph

1554 Commits

Author SHA1 Message Date
John Safranek
344950a36d FIPS CAST Update 
1. In the unit test, when checking the build options, also check for
   FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
   getting called, so the FIPS flags didn't get checked. (It was using
   wc_InitSha_ex() which bypasses the FIPS checks.)
 2021-02-24 18:23:36 -08:00
toddouska
94a23c1d48 Merge pull request #3646 from julek-wolfssl/nginx-1.19.6 
Add support for Nginx 1.19.6
 2021-02-24 12:21:51 -08:00
toddouska
5eba89c3ca Merge pull request #3742 from julek-wolfssl/error-queue-per-thread 
Add --enable-error-queue-per-thread
 2021-02-23 12:02:16 -08:00
Juliusz Sosinowicz
d074e7443f Remove default ticket cb as this will be added in another PR 2021-02-23 10:06:11 +01:00
Sean Parkinson
fa7b5f55ee TLS 1.3: add API to tell if a KeyUpdate response is required 2021-02-19 10:21:08 +10:00
Eric Blankenhorn
d31f184c49 Adding tests 2021-02-17 13:34:38 -06:00
Juliusz Sosinowicz
b8f841599c Add --enable-error-queue-per-thread 2021-02-16 16:08:13 +01:00
Juliusz Sosinowicz
0ae1a8b8c5 Jenkins fixes 
- Change pushCAx509Chain to an iterative implementation
- Fix variable names shadowing global names
 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
26df833074 Compat layer session tickets 
- OpenSSL uses an internal mechanism by default for session tickets. This is now implemented for OPENSSL_EXTRA in wolfSSL.
- Add testing of wolfSSL_CTX_set_tlsext_ticket_key_cb
 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
9a1e54cfd5 Nginx 1.19.6 Fixes 2021-02-16 14:25:45 +01:00
Sean Parkinson
ba1c67843a Merge pull request #3752 from JacobBarthelmeh/Jenkins 
changes from nightly Jenkins test review
 2021-02-15 16:32:40 +10:00
toddouska
fc005f941c Merge pull request #3750 from embhorn/buffer_conflict 
Fix use of 'buffer' in test
 2021-02-12 13:59:18 -08:00
Jacob Barthelmeh
1c852f60ab fix for g++ build 2021-02-12 23:26:54 +07:00
Jacob Barthelmeh
a49c867b38 increase test buffer size for updated pkcs7 bundle 2021-02-12 23:16:04 +07:00
Eric Blankenhorn
2ac826c37e Fix use of 'buffer' in test 2021-02-11 15:58:26 -06:00
toddouska
81dcf0d28b Merge pull request #3640 from tmael/evp_rsa2 
Remove EVP_PKEY_RSA2
 2021-02-11 13:51:46 -08:00
toddouska
39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
toddouska
032cc1645c Merge pull request #3713 from SparkiDev/tls_def_sess_ticket_cb 
TLS Session Ticket: default encryption callback
 2021-02-10 16:13:33 -08:00
toddouska
67b1280bbf Merge pull request #3545 from kabuobeid/smime 
Added support for reading S/MIME messages via SMIME_read_PKCS7.
 2021-02-10 15:59:32 -08:00
Sean Parkinson
0403f5f18d Merge pull request #3744 from JacobBarthelmeh/Certs 
run renewcerts.sh script
 2021-02-11 09:43:49 +10:00
Jacob Barthelmeh
41e5e547c4 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
Jacob Barthelmeh
3c0563908f openssl x509 small with req cert gen 
add test for build case with x509small and add back in function

adjust macro guard for i2d_X509_NAME implementation

add macro guard on test case
 2021-02-10 21:48:29 +07:00
Sean Parkinson
794cb5c7a9 TLS Session Ticket: default encryption callback 
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
 2021-02-10 14:31:54 +10:00
Chris Conlon
012841bba3 Merge pull request #3738 from embhorn/cmp_layer_high 
Compatibility layer API
 2021-02-09 08:33:41 -07:00
Chris Conlon
71b495c422 Merge pull request #3712 from miyazakh/RND_bytes 
handle size greater than RNG_MAX_BLOCK_LEN
 2021-02-09 08:26:30 -07:00
Kareem Abuobeid
a4e819c60a Added support for reading S/MIME messages via SMIME_read_PKCS7. 2021-02-08 17:14:37 -07:00
toddouska
f14f1f37d2 Merge pull request #3673 from elms/ssl_api/get_verify_mode 
SSL: add support for `SSL_get_verify_mode`
 2021-02-08 15:40:19 -08:00
Eric Blankenhorn
de47b9d88a Adding X509_VERIFY_PARAM API 2021-02-08 08:25:14 -06:00
Hideki Miyazaki
431e1c8ffe handle size greater than RNG_MAX_BLOCK_LEN 2021-02-03 12:23:36 +09:00
Juliusz Sosinowicz
542e0d79ec Jenkins Fixes 
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
69dca4fd08 Rebase fixes 
- wolfSSL_CTX_set1_groups_list and wolfSSL_set1_groups_list should use wolfSSL_CTX_set1_groups and wolfSSL_set1_groups respectively because it converts to correct groups representation
- Change to using "SHA1" as main name for SHA1
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
c18701ebe7 Implement RFC 5705: Keying Material Exporters for TLS 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
3494218d98 Implement missing functionality for OpenVPN 2.5 2021-02-02 12:06:11 +01:00
toddouska
6e0e507dad Merge pull request #3660 from dgarske/sess_ticket_aes_gcm 
Added support for AES GCM session ticket encryption
 2021-01-25 15:00:03 -08:00
toddouska
f91dcb950c Merge pull request #3670 from dgarske/keil 
Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`.
 2021-01-25 14:57:05 -08:00
toddouska
27ef5b9a3d Merge pull request #3675 from SparkiDev/tls_no_ticket 
TLS Session Ticket: Option to disable for TLS 1.2 and below
 2021-01-25 14:54:10 -08:00
toddouska
cf9e4f0caf Merge pull request #3518 from julek-wolfssl/openssh-fixes-v2 
Fixes for openssh
 2021-01-25 14:45:56 -08:00
David Garske
05e1ee1694 Cleanup to use fixed sizes from defines for DECLARE_VAR. Resolves issue with Visual Studio and using a variable (even const) to declare an array size. 2021-01-25 09:14:12 -08:00
Tesfa Mael
d29518ecac Remove duplicate macro 2021-01-22 13:02:30 -08:00
Elms
21ac86adb3 SSL: refactor SSL verify mode to be more compatible 
This follows the bit flag pattern closer. Still doesn't support
`SSL_VERIFY_CLIENT_ONCE` and maybe other flags.
 2021-01-22 12:17:07 -08:00
David Garske
13468d34e3 Apply same VS fixes to api.c as well. 2021-01-22 10:50:18 -08:00
Sean Parkinson
a84f1c813a TLS Session Ticket: Option to disable for TLS 1.2 and below 
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
 2021-01-22 13:19:29 +10:00
David Garske
9012317f5b Fix copy/paste typo. 2021-01-21 17:41:11 -08:00
David Garske
1ee40ad7bd Fix to always init the variable (not just when from heap). Cleanup of the DECLARE_ uses to make sure all allocations succeeded. 2021-01-21 17:12:29 -08:00
David Garske
830b3cb676 Merge pull request #3653 from kojo1/fopen_binMode 
binary mode, fopen
 2021-01-21 16:20:07 -08:00
Elms
95d83c9856 SSL: refactor to allow session override or mode 2021-01-21 16:03:02 -08:00
Elms
7112a6dd78 SSL: add test and fix SSL_get_verify_mode 2021-01-21 14:20:27 -08:00
David Garske
17f101ef13 Fix for ARM Keil MDK compiler issue with DECLARE_VAR_INIT. 2021-01-20 16:57:30 -08:00
David Garske
219cbd47eb Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511. 2021-01-19 07:53:36 -08:00
toddouska
279c3f4c1b Merge pull request #3614 from SparkiDev/aes_test_fix 
AES test: Remove unneeded loop
 2021-01-18 15:22:06 -08:00