wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 18:12:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,436 Commits 12 Branches 184 Tags
acdfc514b392ec829d0683e1fb7cd18265a12114
Commit Graph

3868 Commits

Author SHA1 Message Date
Tesfa Mael
acdfc514b3 Use memset initialize 2019-11-27 11:09:57 -08:00
Tesfa Mael
2e487a2463 Init uninitialised values 2019-11-27 07:46:33 -08:00
toddouska
7cb5fe5e2a Merge pull request #2620 from tmael/ALPN_input 
Fix alpn buffer overrun
 2019-11-26 15:31:56 -08:00
toddouska
57df5c10c9 Merge pull request #2619 from dgarske/async_mem 
Fix for Intel QuickAssist asynchronous build
 2019-11-26 15:29:04 -08:00
toddouska
95c9dc9fe8 Merge pull request #2614 from ejohnstown/maintenance-OCSP 
Maintenance: OCSP
 2019-11-26 15:19:27 -08:00
toddouska
9b7cd6bdfd Merge pull request #2613 from tmael/evp_aes_gcm 
Set default IV length for EVP aes gcm
 2019-11-26 15:18:27 -08:00
toddouska
5d41ef171c Merge pull request #2610 from ejohnstown/maintenance-DTLS 
Maintenance: DTLS
 2019-11-26 15:17:22 -08:00
toddouska
9ecafa7afe Merge pull request #2557 from tmael/cert_store_ls_x509 
Retrieve a stack of X509 certs
 2019-11-26 15:16:09 -08:00
Tesfa Mael
8bc3b7df35 Free x509 2019-11-22 14:31:59 -08:00
Tesfa Mael
cf127ec05f Fix buffer overrun 2019-11-22 10:33:17 -08:00
David Garske
be88bce36d Fix for issues with wolfSSL_OBJ_nid2sn and wc_OBJ_sn2nid and logic finding max item when WOLFSSL_CUSTOM_CURVES and ECC_CACHE_CURVE are defined. Improvements to wolfSSL_EC_get_builtin_curves to avoid using "min" as variable name and eliminate using a local static. 2019-11-22 10:09:10 -08:00
John Safranek
71943844d6 Maintenance: OCSP 
1. Add a couple more bounds checks to wolfIO_HttpProcessResponseBuf().
 2019-11-21 14:51:35 -08:00
Tesfa Mael
428d51e664 IV is set in the evp ctx level 2019-11-21 09:58:03 -08:00
John Safranek
6720bc3890 Maintenance: OCSP 
1. Add some minimum bounds checking on the HTTP responses as some can
end up being too short.
 2019-11-20 17:25:03 -08:00
Tesfa Mael
f95d5eebff Add FreeX509() to clean up when sk stack is empty 2019-11-20 17:02:13 -08:00
toddouska
b33ce2207d Merge pull request #2608 from SparkiDev/use_heap 
When disabled memory, ensure all heap and types are used
 2019-11-20 16:18:07 -08:00
toddouska
a2d036dcba Merge pull request #2601 from SparkiDev/certs_exts_fix 
ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
 2019-11-20 16:17:28 -08:00
John Safranek
71690fc73a Maintenance: DTLS 
1. Updated the window scrolling. There was a couple off-by-one errors in
the DTLS window handling. They canceled each other out, but there was a
rare case where they would shift too much.
 2019-11-20 13:46:23 -08:00
John Safranek
188eb45433 Maintenance: DTLS 
Removed redundant sequence increment when sending the Server Hello message.
 2019-11-20 13:08:01 -08:00
John Safranek
19d8ef405c Maintenance: DTLS 
When encrypting with AES-GCM, AES-CCM, or PolyChacha, do not increment
the DTLS sequence number. The sequence number should only be incremented
in BuildMessage. This was done because the sequence number used to be
incremented after calculating the HMAC or after the encrypt for AEAD
ciphers. The HMAC has been separated from the sequence increment.
 2019-11-20 10:56:56 -08:00
toddouska
88fb7efb8c Merge pull request #2602 from SparkiDev/certs_exts_free 
ProcessPeerCerts jump to error handling instead of returning
 2019-11-20 09:25:48 -08:00
toddouska
2a7fb69523 Merge pull request #2604 from SparkiDev/disabled_curve_fix 
TLS supported curve extension - validate support fix
 2019-11-20 09:17:50 -08:00
Tesfa Mael
f1fbabbb60 Use default 96-bits IV length when unset 2019-11-20 09:09:12 -08:00
Sean Parkinson
d441cee6fb When disabled memory, ensure all heap and types are used 2019-11-20 17:06:42 +10:00
Sean Parkinson
917e5b0405 TLS 1.3 client detects non-TLS 1.3 cipher suite in ServerHello 2019-11-20 12:22:00 +10:00
Sean Parkinson
c7f7d1b193 TLS supported curve extension - validate support fix 
Check curve name is in range before checking for disabled
 2019-11-20 09:38:06 +10:00
Tesfa Mael
62eaa27b41 Review comment, avoid double-free 2019-11-19 15:29:48 -08:00
toddouska
5c4da3e6fa Merge pull request #2598 from dgarske/max_file_sz 
Improvements to file size checks
 2019-11-19 11:59:21 -08:00
toddouska
5de27443d0 Merge pull request #2596 from dgarske/mqx_fio_cleanup 
Support for MQX 5.0 and cleanup of the MQX includes
 2019-11-19 11:49:03 -08:00
David Garske
9a4614f6e1 Fix for possible uninitialized memSz in bio.c 2019-11-19 05:35:22 -08:00
Sean Parkinson
1b8f136d29 ProcessPeerCerts jump to error handling instead of returning 2019-11-19 13:17:29 +10:00
Sean Parkinson
f08dfb4afc ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly 2019-11-19 13:03:20 +10:00
toddouska
e6292eca9c Merge pull request #2597 from ejohnstown/octeon-global 
Sync OCTEON Sniffer
 2019-11-18 17:06:30 -08:00
toddouska
c6dac64438 Merge pull request #2594 from ejohnstown/maintenance-BLAKE2 
Maintenance BLAKE2
 2019-11-18 17:05:01 -08:00
toddouska
b646b7258b Merge pull request #2585 from dgarske/webrtc_m79 
Support for Google WebRTC (ref m79)
 2019-11-18 15:33:49 -08:00
toddouska
90f7a96721 Merge pull request #2593 from ejohnstown/maintenance-DH 
Maintenance: DH
 2019-11-18 15:18:16 -08:00
Tesfa Mael
74dd142a51 Review comment 2019-11-18 15:13:59 -08:00
toddouska
6ffd931db1 Merge pull request #2564 from SparkiDev/tlsext_list_fix 
Modify linked list traversal - fix for compiler bug
 2019-11-18 15:04:26 -08:00
John Safranek
a1e33e7ec9 Maintenance: OCSP 
1. Check array index bounds before using them in arrays.
2. When processing an HTTP buffer, check that the new buffer size is
valid before allocating a new one.
 2019-11-18 14:15:55 -08:00
David Garske
48d0b53074 Fix for wolfSSL_cmp_peer_cert_to_file compiler warning with size_t vs long. 2019-11-18 14:01:16 -08:00
David Garske
ca5549ae91 Improvements for XFTELL return code and MAX_WOLFSSL_FILE_SIZE checking. 
Fixes #2527
 2019-11-18 13:49:06 -08:00
John Safranek
8347d00bf2 Maintenance BLAKE2 
1. Remove the BLAKE2 HMAC from wolfSSL and its testing.
 2019-11-18 13:31:15 -08:00
David Garske
1542482cd5 Cleanup of the MQX file headers for STDIO. Cleanup of fio.h and nio.h includes to use wc_port.h. ZD 9453. 2019-11-18 12:14:34 -08:00
David Garske
95b83272dd Implementation for SSL_CTX_add1_chain_cert. 2019-11-18 10:19:48 -08:00
Tesfa Mael
520a032b71 Add show x509 test 2019-11-15 13:23:08 -08:00
Tesfa Mael
6ca12787ae retrieve a stack of X509 certs in a cert manager and a store ctx 2019-11-15 13:23:08 -08:00
John Safranek
3cd5a97473 Maintenance 
1. When getting the DH public key, initialize the P, G, and Pub pointers
to NULL, then set that we own the DH parameters flag. This allows
FreeSSL to correctly clean up the DH key.
 2019-11-14 14:42:58 -08:00
John Safranek
2ace532e45 Sync OCTEON fix 
1. The sniffer's global device ID wasn't tagged as global.
2. Make sure the sniffer's global device ID is used.
 2019-11-14 14:21:44 -08:00
David Garske
af142b307b Support for WebRTC (ref m79): 
* Fixed `set1_curves_list` API's to use `const char*` for names.
* Fixed `ossl_typ.h` to include `ssl.h` compatibility.
* Added `SSL_CTX_up_ref`.
* Added `wolfSSL_set1_curves_list`
* Added `TLS_method` and `DTLS_method`
* Added `SSL_CIPHER_standard_name`.
* Added `X509_STORE_CTX_get0_cert`
* Added `SSL_CTX_set_cert_verify_callback`.
* Enabled "either" side support when `--enable-opensslall` is used.
* Changed `SSL_CIPHER_get_rfc_name` to use `wolfSSL_CIPHER_get_name` instead of stub.
 2019-11-13 12:34:33 -08:00
toddouska
99292158e4 Merge pull request #2573 from JacobBarthelmeh/staticmemory 
handle case to avoid memcpy when staticmemory IO pool gives same buffer
 2019-11-13 11:29:13 -08:00