wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 22:39:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,246 Commits 12 Branches 184 Tags
ae3d8d37793e9b377131a6988fa342c19fd959fa
Commit Graph

1452 Commits

Author SHA1 Message Date
David Garske
ae3d8d3779 * Fixed wolfSSL_CTX_load_verify_locations to continue loading if there is an error (ZD 4265). 
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
 2018-09-06 12:51:22 -07:00
Sean Parkinson
551201c00c GCC 8 new warnings in -Wall fix 2018-08-27 12:51:01 +10:00
David Garske
1005ca0703 Merge pull request #1786 from kaleb-himes/USER-HEAP-WITH-CM 
Unloading from CM, and using custom heap, ensure XFREE has acces…
 2018-08-24 11:56:48 -07:00
toddouska
7f324d2c3b Merge pull request #1781 from JacobBarthelmeh/Compatibility-Layer 
fix for IV of DES_ncbc function
 2018-08-24 10:16:21 -07:00
kaleb-himes
b7b99a2e92 Unloading from CM, and using custom heap, ensure XFREE has access to custom heap 2018-08-24 10:07:10 -06:00
Jacob Barthelmeh
f23eb37ade fix for IV of DES_ncbc function 2018-08-23 09:03:09 -06:00
Sean Parkinson
31bd844d6f Fix for clang builds with configs not using inline funcs 2018-08-22 11:16:57 +10:00
toddouska
776fd51720 Merge pull request #1768 from SparkiDev/tls13_final 
Use final TLS 1.3 version value by default.
 2018-08-21 12:29:51 -07:00
Sean Parkinson
1ab17ac827 More changes to minimize dynamic memory usage. 
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
 2018-08-21 14:41:01 +10:00
Sean Parkinson
506c858ed6 Add memory usage tracking and logging 
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
 2018-08-21 08:54:57 +10:00
Sean Parkinson
20950ffde8 Remove TODOs around TLS 1.3 draft version. 2018-08-21 08:41:50 +10:00
Sean Parkinson
3cdeccc36e Use final TLS 1.3 version value by default. 2018-08-20 14:17:38 +10:00
Sean Parkinson
f487b0d96a Config option to disable AES-CBC 
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
 2018-08-16 08:25:13 +10:00
David Garske
7b83db0f65 Fix for PemToDer which was not properly handling extra new lines at end of file. 2018-08-14 12:22:18 -06:00
David Garske
17e102d914 Fixes for asio build options (so includes OPENSSL_EXTRA). Fix for bad named variable shutdown. Fix for the side size in Options struct to support WOLFSSL_SIDE_NEITHER (3). Fix to set the side on wolfSS_connect() or wolfSS_accept(). 2018-08-14 12:22:18 -06:00
Eric Blankenhorn
bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734) 
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
 2018-08-12 12:53:29 -07:00
David Garske
c4ea50b956 Fix for issue with using CopyDecodedToX509 again for existing X509 and freeing the altNames in original. Fix was to use the ssl->peerCert directly for the index 0 cert. Improvement to make sure ex_data is always populated. Added NULL arg check on wolfSSL_get_peer_certificate. 2018-08-06 11:40:35 -07:00
toddouska
b88d60ecbb Merge pull request #1665 from ejohnstown/mr 
Prime Number Testing
 2018-08-03 12:50:27 -07:00
David Garske
a43d4d16ba Merge pull request #1719 from MJSPollard/OpenSSLAllFix 
Added boost define and openssl bug fix with WOLFSSL_KEY_GEN
 2018-08-02 15:20:27 -07:00
JacobBarthelmeh
782ea74fbf Merge pull request #1732 from kojo1/Ticket-4169-2 
Ticket 4169: eliminate ssl->CBIORecv/Send overwritten in SSL_set_bio
 2018-08-02 14:58:25 -06:00
Eric Blankenhorn
b248af6f84 Update from review 2018-08-02 10:59:07 -05:00
Takashi Kojo
fd75f35801 fix cbioFlag check 2018-08-02 10:18:09 +09:00
John Safranek
7647d52d77 Prime Number Testing 
1. Remove a copy-paste error when clearing up the RNG used to test a prime.
2. Tag a some const test values as static in the wolfCrypt test.
 2018-08-01 14:49:06 -07:00
Eric Blankenhorn
ba2f0fd8fc Fix for zd4179, 4181, 4182 2018-08-01 15:56:15 -05:00
Takashi Kojo
98f6ae16ca copy cbioFlag from ctx to ssl 2018-08-02 04:48:39 +09:00
Takashi Kojo
96c1a567f0 #4169: CBIO set flag to escape from overwritten in SSL_set_bio 2018-08-01 19:16:42 +09:00
John Safranek
af89458af0 GCC-8 string fixes 
1. strncpy needs to include the source string's NULL.
2. Deleted a few redundant string modifications.
 2018-07-31 14:02:44 -07:00
John Safranek
ed208efc4d GCC-8 string fixes 
1. Modify wolfSSL_get_ciphers() to limit the XSTRNCPY based on the dst buf length, not the src string.
 2018-07-31 14:02:44 -07:00
David Garske
2b3f94944d Merge pull request #1723 from kaleb-himes/overhead-avoidance 
avoid overhead call to alloc and free when sigSz invalid
 2018-07-31 08:14:49 -07:00
David Garske
4eff7b641b First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL. 2018-07-30 13:53:54 -07:00
Chris Conlon
1079b0e3b3 Merge pull request #1716 from cariepointer/osp/haproxy 
Define functions required by HAProxy and enable SSLV3 dependency
 2018-07-30 13:26:38 -06:00
Kaleb Himes
d19b78d81a Fix typo in comment 2018-07-30 12:17:55 -06:00
kaleb-himes
0ee4b88e74 avoid overhead call to alloc and free when sigSz invalid 2018-07-27 16:25:10 -06:00
MJSPollard
543cac65d8 Added boost define and openssl bug fix with WOLFSSL_KEY_GEN 2018-07-27 12:42:09 -06:00
Jacob Barthelmeh
74c4d31c07 sanity check on pkcs8 variable 2018-07-27 11:16:41 -06:00
Carie Pointer
a1f69f0d64 Define functions required by HAProxy and enable SSLV3 dependency 2018-07-26 12:53:21 -07:00
toddouska
90367df13c Merge pull request #1710 from SparkiDev/ed25519_only 
Changes to build with X25519 and Ed25519 only
 2018-07-25 14:24:03 -07:00
Jacob Barthelmeh
f69c6e382c check if internal of WOLFSSL_RSA struct is already set 2018-07-23 17:17:27 -06:00
toddouska
ab3ffaa26a Merge pull request #1706 from SparkiDev/sha384_not_sha512 
Allow SHA384 to be compiled in without SHA512
 2018-07-23 09:47:49 -07:00
Sean Parkinson
6d3e145571 Changes to build with X25519 and Ed25519 only 
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
 2018-07-23 10:20:18 +10:00
Sean Parkinson
9433fcb820 Allow SHA384 to be compiled in without SHA512 2018-07-20 09:42:01 +10:00
MJSPollard
19dd08e191 requested style changes 2018-07-19 11:05:56 -06:00
MJSPollard
db8939c578 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into wolfASIO 2018-07-18 11:10:35 -06:00
toddouska
436e774729 Merge pull request #1685 from SparkiDev/dh_max 
Add support for maximum DH key size
 2018-07-18 09:33:43 -07:00
toddouska
1840ae7013 Merge pull request #1693 from SparkiDev/stack_rsa 
Small stack fixes and ignore RSA fields in RSA_LOW_MEM
 2018-07-17 12:24:00 -07:00
Sean Parkinson
c01c79349e Small stack fixes and ignore RSA fields in RSA_LOW_MEM 
Fix asn.c and rsa.c small stack to not have large stack variables.
In RSA code don't load or store dP, dQ or u when using RSA_LOW_MEM as
they are not used.
Fix SP to recognize RSA_LOW_MEM means to use d, private exponent.
Fix wc_CheckRsaKey to work with SP.
Fix sp_int to support mp_set_int for wc_CheckRsaKey().
 2018-07-17 11:05:38 +10:00
Sean Parkinson
514a949557 Small stack fixes 
Changes to DH and SSL/TLS code to dynamically allocate large stack
variables when compiled with WOLFSSL_SMALL_STACK.
 2018-07-17 09:04:00 +10:00
toddouska
f0422bec41 Merge pull request #1681 from dgarske/pk_keygen 
Added ECC and Curve25519 Key Generation PK callback support
 2018-07-13 14:03:13 -07:00
toddouska
1337f7ddec Merge pull request #1674 from dgarske/derchainsz 
Fix for max cert chain size calculation
 2018-07-13 13:53:35 -07:00
Eric Blankenhorn
9bc0e0c4fc Static analysis fixes (#1658) 
* Static analysis fixes
* Fixes for zd4071, zd4074, zd4093-zd4094, zd4096, zd4097-zd4104.
* Add test cases.
 2018-07-13 09:02:09 -07:00