wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 12:49:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,337 Commits 12 Branches 184 Tags
9792e062c380954bbc0db275b3dc15bedc9b28bc
Commit Graph

4811 Commits

Author SHA1 Message Date
toddouska
250b59f8fd Merge pull request #3688 from julek-wolfssl/correct-cert-free 
Use wolfSSL_X509_free to free ourCert
 2021-02-09 12:41:12 -08:00
Chris Conlon
012841bba3 Merge pull request #3738 from embhorn/cmp_layer_high 
Compatibility layer API
 2021-02-09 08:33:41 -07:00
Chris Conlon
71b495c422 Merge pull request #3712 from miyazakh/RND_bytes 
handle size greater than RNG_MAX_BLOCK_LEN
 2021-02-09 08:26:30 -07:00
Sean Parkinson
3217c7afae Merge pull request #3732 from miyazakh/setverifydepth 
issue callback when exceeding depth limit rather than error out
 2021-02-09 09:51:45 +10:00
toddouska
f14f1f37d2 Merge pull request #3673 from elms/ssl_api/get_verify_mode 
SSL: add support for `SSL_get_verify_mode`
 2021-02-08 15:40:19 -08:00
toddouska
58f9b6ec01 Merge pull request #3676 from SparkiDev/tls13_blank_cert 
TLS 1.3: ensure key for signature in CertificateVerify
 2021-02-08 15:27:05 -08:00
Eric Blankenhorn
6cff3f8488 Adding X509_LOOKUP_ctrl 2021-02-08 12:17:14 -06:00
Eric Blankenhorn
47b9c5b054 Adding X509_STORE_CTX API 2021-02-08 08:25:14 -06:00
Eric Blankenhorn
de47b9d88a Adding X509_VERIFY_PARAM API 2021-02-08 08:25:14 -06:00
Hideki Miyazaki
f13186827a issue callback when exceeding depth limit rather than error out 2021-02-08 11:01:45 +09:00
Hideki Miyazaki
431e1c8ffe handle size greater than RNG_MAX_BLOCK_LEN 2021-02-03 12:23:36 +09:00
Hayden Roche
fc845da9f0 Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption is on (e.g. 
during renegotiation).

This issue was brought to light by ZD 10911. When encryption is on (indicated
by the return value of IsEncryptionOn), DoHandShakeMsgType will finish up by
incrementing the input buffer index past the padding and MAC (if encrypt-then-
mac is enabled). In ProcessReply, if there are more messages to be read, the
index is decremented back before the padding and MAC. The issue arises when
ShrinkInputBuffer is called in between and copies data from the dynamic input
buffer to the static one. That function will get called with the index post-
increment, and thus the padding and MAC won't get copied into the static buffer,
which isn't what we want, since ProcessReply is going to decrement the index
since it thinks the padding and MAC are still there. This commit makes it so
the padding and MAC get included in the call to ShrinkInputBuffer when
encryption is on.
 2021-01-28 15:37:00 -06:00
Jacob Barthelmeh
bbcb98a8f7 fix for tested x509 small build 2021-01-27 23:00:24 +07:00
John Safranek
d0e2566ad8 Merge pull request #3679 from julek-wolfssl/dtls-window 
Correct old DTLS msg rcv update
 2021-01-26 12:20:59 -08:00
Juliusz Sosinowicz
3d4f836c00 Correctly insert out of order msgs to queue 2021-01-26 15:12:08 +01:00
Juliusz Sosinowicz
4da9ade290 Use wolfSSL_X509_free to free ourCert 2021-01-26 11:32:05 +01:00
toddouska
27ef5b9a3d Merge pull request #3675 from SparkiDev/tls_no_ticket 
TLS Session Ticket: Option to disable for TLS 1.2 and below
 2021-01-25 14:54:10 -08:00
toddouska
cf9e4f0caf Merge pull request #3518 from julek-wolfssl/openssh-fixes-v2 
Fixes for openssh
 2021-01-25 14:45:56 -08:00
Elms
234bf0c209 SSL: add const for *get_verify_mode to match openSSL 2021-01-25 10:37:50 -08:00
Elms
a2917ae29c SSL: cleanup verify_mode coding style 2021-01-25 10:29:36 -08:00
Elms
21ac86adb3 SSL: refactor SSL verify mode to be more compatible 
This follows the bit flag pattern closer. Still doesn't support
`SSL_VERIFY_CLIENT_ONCE` and maybe other flags.
 2021-01-22 12:17:07 -08:00
David Garske
cd4dae8f09 Merge pull request #3674 from ejohnstown/alerts 
Alerts
 2021-01-22 09:16:56 -08:00
Juliusz Sosinowicz
b918fb9efe Correct old DTLS msg rcv update 2021-01-22 14:33:33 +01:00
Sean Parkinson
a84f1c813a TLS Session Ticket: Option to disable for TLS 1.2 and below 
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
 2021-01-22 13:19:29 +10:00
Sean Parkinson
fad1e67677 TLS 1.3: ensure key for signature in CertificateVerify 2021-01-22 11:54:53 +10:00
John Safranek
6f21995ec5 Alerts 
Expand the guard around sending the PSK identity alert with a more limited option than enabling it with all the other alerts.
 2021-01-21 16:42:54 -08:00
David Garske
830b3cb676 Merge pull request #3653 from kojo1/fopen_binMode 
binary mode, fopen
 2021-01-21 16:20:07 -08:00
David Garske
aa64a8e835 Merge pull request #3672 from embhorn/zd11547 
Fix FIPS compile errors
 2021-01-21 16:08:53 -08:00
Elms
95d83c9856 SSL: refactor to allow session override or mode 2021-01-21 16:03:02 -08:00
toddouska
1acd6dfab2 Merge pull request #3635 from SparkiDev/hmac_openssl_fix 
HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0
 2021-01-21 15:57:30 -08:00
toddouska
85f08466f9 Merge pull request #3655 from SparkiDev/ext_cache_sess 
SESSION: internal cache sessions can't be freed same as external
 2021-01-21 15:54:16 -08:00
toddouska
7b12dddf75 Merge pull request #3666 from SparkiDev/tls13_tick_before_group 
TLS 1.3: don't group and wait on send session ticket
 2021-01-21 15:49:52 -08:00
John Safranek
fe7be3e15f Alerts 
Alerts the server sends between receiving the client's CCS message and before it sends its own CCS message should not be encrypted.
 2021-01-21 14:48:10 -08:00
David Garske
fbe5fe1945 Merge pull request #3669 from embhorn/gh3657 
Protect use of globalRNG
 2021-01-21 14:09:59 -08:00
Elms
af3d842663 SSL: add support for SSL_get_verify_mode 2021-01-21 13:45:20 -08:00
Eric Blankenhorn
fd8527c15e Fix FIPS compile errors 2021-01-21 15:27:42 -06:00
Juliusz Sosinowicz
d8a01c6f8b DTLS: client re-send on duplicate HelloRequest as well 2021-01-21 12:45:16 +01:00
Juliusz Sosinowicz
969de38764 Reset dtls_start_timeout on a timeout 2021-01-21 12:45:16 +01:00
Juliusz Sosinowicz
774fdc9fd6 Free HS data on rehandshake 
When we call _Rehandshake before we receive application data and the receive application data during the renegotiation process then it is possible for the send queue to be preemptively deleted
 2021-01-21 12:45:16 +01:00
Eric Blankenhorn
02114e7739 Protect use of globalRNG 2021-01-20 16:30:18 -06:00
David Garske
57b06f700d Merge pull request #3656 from haydenroche5/windows_rsa_public_decrypt 
Allow wolfSSL_RSA_public_decrypt on Windows.
 2021-01-20 09:09:49 -08:00
Hayden Roche
12abb5191d Allow wolfSSL_RSA_public_decrypt on Windows. 2021-01-20 06:57:59 -06:00
Sean Parkinson
7ec8d70eee TLS 1.3: don't group and wait on send session ticket 
The state machine goes on and frees the handshake resources which frees
the digest for the client Finished message.
 2021-01-20 10:57:37 +10:00
John Safranek
eaa1bc1ace Merge pull request #3595 from julek-wolfssl/dtls-only-resend-on-timeout 
Only resend previous flight on a timeout from the network layer
 2021-01-19 10:43:13 -08:00
toddouska
a13e9bde29 Merge pull request #3599 from julek-wolfssl/nginx-mem-leak 
Fix memory leaks
 2021-01-18 15:31:50 -08:00
toddouska
4b5d7d0595 Merge pull request #3624 from SparkiDev/tls13_set_groups 
TLS 1.3 key share: add a key share from supported list
 2021-01-18 15:18:14 -08:00
toddouska
8ae609d078 Merge pull request #3626 from SparkiDev/tls13_middlebox_fix 
TLS send change cipher: Don't set keys when negotiating TLS 1.3
 2021-01-18 15:14:58 -08:00
toddouska
cd78a5dfb2 Merge pull request #3630 from SparkiDev/no_fs_all 
X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp
 2021-01-18 13:39:21 -08:00
toddouska
fff3c77568 Merge pull request #3644 from dgarske/zd11476 
Fix for sniffer with TLS v1.2 static ECDH ciphers
 2021-01-18 13:32:57 -08:00
toddouska
b1c8825e74 Merge pull request #3647 from dgarske/zd11424 
Fix for TLS v1.3 early data mac digest
 2021-01-18 13:31:44 -08:00