wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 10:39:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,671 Commits 12 Branches 184 Tags
b13848e56884937416acbcd7d32eb8bf8a9f9e91
Commit Graph

4593 Commits

Author SHA1 Message Date
David Garske
6bd98afdd0 Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined. 2020-11-10 09:47:37 -08:00
David Garske
c697520826 Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits. 2020-11-10 09:47:36 -08:00
David Garske
62dca90e74 Fix for server-side reporting of curve in wolfSSL_get_curve_name if client_hello includes ffdhe, but ECC curve is used. 2020-11-10 09:47:36 -08:00
David Garske
d7dee5d9e6 Fix for ECC minimum key size, which is 112 bits. 2020-11-10 09:47:36 -08:00
David Garske
fb9ed686cb Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available). 2020-11-10 09:47:36 -08:00
David Garske
bfb6138fc5 Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow 
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
 2020-11-10 09:37:36 -08:00
Daniel Pouzzner
bd38124814 ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount. 2020-11-09 21:24:34 -06:00
toddouska
3050f28890 Merge pull request #3467 from cconlon/rc2vs 
rc2.c to Visual Studio projects, fix warnings
 2020-11-09 13:52:03 -08:00
David Garske
f02c3aab2e Merge pull request #3475 from ejohnstown/nsup 
Hush Unused Param Warning
 2020-11-09 11:04:05 -08:00
David Garske
7e3efa3792 Merge pull request #3474 from douzzer/lighttpd-update-1.4.56 
lighttpd support update for v1.4.56
 2020-11-09 09:24:58 -08:00
Daniel Pouzzner
22bcceb2d3 src/sniffer.c: guard against null arguments to TraceSetNamedServer(), to eliminate -Werror=format-overflow= warnings from gcc. 2020-11-06 17:40:12 -06:00
John Safranek
884a9b59ab Merge pull request #3461 from dgarske/fips_ready_wopensslextra 
Fix for FIPS ready with openssl compat
 2020-11-06 13:14:06 -08:00
toddouska
b4e7f196df Merge pull request #3470 from SparkiDev/config_fix_3 
TLS configurations fixes
 2020-11-06 10:35:51 -08:00
John Safranek
abd6f6ce18 Hush Unused Param Warning 
Removed a guard check for NO_WOLFSSL_STUB from wolfSSL_X509_print_ex().
To recreate:

    $ ./configure --enable-opensslextra CPPFLAGS="-DNO_WOLFSSL_STUB"
    $ make
 2020-11-06 10:30:47 -08:00
toddouska
f3d961b1b1 Merge pull request #3453 from dgarske/ZD11159 
Fix for possible memory leak when overriding error for verify callback
 2020-11-06 10:18:52 -08:00
Hayden Roche
2cad844d29 Merge pull request #3421 from dgarske/apache_httpd 
Apache httpd w/TLS 1.3 support
 2020-11-06 12:14:58 -06:00
David Garske
0d2e28ce80 Fix for error: unused function 'MonthStr' 2020-11-06 10:11:48 -08:00
Daniel Pouzzner
4030523eb5 ssl.c: remove duplicate definition of wolfSSL_CTX_check_private_key(). 2020-11-05 21:57:33 -06:00
Glenn Strauss
92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Glenn Strauss
daca327ba3 expose (get|set)_(app|ex)_data with HAVE_EX_DATA 
when OPENSSL_EXTRA_X509_SMALL is set
 2020-11-05 20:40:43 -06:00
Glenn Strauss
d01616a357 unhide some non-fs funcs hidden by NO_FILESYSTEM 2020-11-05 20:40:43 -06:00
Glenn Strauss
f4e2db831e enable SNI_Callback for lighttpd 2020-11-05 20:40:43 -06:00
Glenn Strauss
be7592fb43 implement wolfSSL_dup_CA_list() 
wolfSSL_dup_CA_list() duplicates a WOLF_STACK_OF(WOLFSSL_X509_NAME)

(replaces stub function)
 2020-11-05 20:40:43 -06:00
Glenn Strauss
503de43cbd build updates for lighttpd 
Update configure.ac and various #ifdefs to enable WolfSSL to
build features for use by lighttpd.

Change signature of wolfSSL_GetVersion() to take const arg.
Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with
SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *)
 2020-11-05 20:40:43 -06:00
David Garske
1dc7293b19 Fix the return code. openssl uses void on these, but let's go ahead and do a return code. 2020-11-05 09:31:12 -08:00
Daniel Pouzzner
5751319e00 fix various possibly spurious scan-build null deref reports. 2020-11-04 23:11:42 -06:00
Sean Parkinson
8a42ee7ffd TLS configurations fixes 
--enable-leanpsk --disable-tls13:
    ensure WriteSEQ is defined when !WOLFSSL_NO_TLS12 (tls.c)

CFLAGS=-DWOLFSSL_NO_CLIENT_AUTH -disable-tls13"
TLS server was expecting certificate from peer when verifyPeer is
set. Fix with checks for !WOLFSSL_NO_CLIENT_AUTH.
 2020-11-05 12:21:19 +10:00
David Garske
3b4ec74174 Fixes for openssl compatibility. Added SSL_CTX_set_post_handshake_auth and SSL_set_post_handshake_auth API's for enabling or disabling post handshake authentication for TLS v1.3. 2020-11-04 15:05:50 -08:00
David Garske
eb19306f16 Merge pull request #3459 from haydenroche5/sniffer_fixes 
Fix a couple of issues related to the sniffer.
 2020-11-04 14:09:43 -08:00
Chris Conlon
6953049305 fix Visual Studio type conversion warnings 2020-11-04 11:11:40 -07:00
Hayden Roche
3b1c536418 Fix a couple of issues related to the sniffer. 
- Fix an issue in sniffer.c where some pointer math was giving a warning.
- Fix an issue in snifftest.c where a local variable was never read.
- Ignore non-TCP/IP packets in snifftest.c. Fixes some tests with pcaps with
  other types of packets.
 2020-11-04 10:46:11 -06:00
toddouska
9f9901e10e Merge pull request #3417 from douzzer/fix-ipv6-ocsp-tests 
Fix ipv6 ocsp tests
 2020-11-03 14:38:32 -08:00
David Garske
d6b219bd38 Fix for ./configure --enable-fips=ready --enable-opensslextra. 2020-11-03 14:23:08 -08:00
David Garske
89c39dcfe5 Fix for possible memory leak when overriding error for verify callback on cert 0 (peer) if OPENSSL_EXTRA or OPENSSL_EXTRA_X509_SMALL and KEEP_PEER_CERT is not defined. 2020-11-02 12:04:56 -08:00
Chris Conlon
54fe98716d Merge pull request #3415 from kojo1/config-options 
Config options
 2020-10-30 11:55:11 -06:00
Daniel Pouzzner
a5d96721ac wolfcrypt/src: remove wc_debug.c and move its contents to logging.c. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
1ba0883f4c introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
8be2d7690a add API functions libwolfssl_configure_args() and libwolfssl_global_cflags() to retrieve build parameters at runtime. 2020-10-28 17:28:01 -05:00
toddouska
931eea30f5 Merge pull request #3397 from cconlon/rc2 
RC2 ECB/CBC and PKCS#12 Integration
 2020-10-28 15:06:47 -07:00
toddouska
3a9758f257 Merge pull request #3433 from dgarske/sniffer_sni 
Fix for Sniffer with SSLv3 where SNI is not supported
 2020-10-28 12:06:37 -07:00
David Garske
a15769b12e Merge pull request #3435 from ejohnstown/ntf2 
Nightly Test Fix 2
 2020-10-28 06:39:15 -07:00
David Garske
4277ec62f9 Merge pull request #3431 from kaleb-himes/NO_FILESYSTEM_FIX 
Remove file system constraint on wolfSSL_CTX_check_private_key()
 2020-10-27 15:25:59 -07:00
John Safranek
6a77a8d8d6 Compatibility Layer 
When making a AUTHORITY KEY object, if the ASN1 OBJECT fails, the key object is leaked.
 2020-10-27 14:51:35 -07:00
David Garske
a43d239271 Fix for Sniffer with SSLv3 where SNI is not supported. ZD 11169. 2020-10-27 11:26:02 -07:00
kaleb-himes
f934fb03bd Remove file system constraint on wolfSSL_CTX_check_private_key() 2020-10-27 08:57:46 -06:00
John Safranek
7dbd6102d2 Compatibility Layer 
When wolfSSL_X509_NAME_ENTRY_create_by_txt() needs to make a new ASN.1 object ID, actually store it in the name entry.
 2020-10-26 16:10:44 -07:00
John Safranek
9c1049f112 Compatibility Layer 
1. Changed the ASN1_OBJECT member of the X509_NAME_ENTRY to be a pointer
   rather than an object. It could lead to a double free on the name
   entry.
2. The ASN1_OBJECT allocator should set the dynamic flag, as the
   deallocator is the one that uses it.
3. General changes to treat the member as a pointer rather than a
   member.
4. In the api test, we were iterating over the name members in the name
   checking the NIDs. After the loop we freed the name member object.
   This led to a double free error.
 2020-10-25 14:38:07 -07:00
Takashi Kojo
277edbb514 fix for --disable-tls13 --enable-sniffer 2020-10-24 07:14:43 +09:00
Takashi Kojo
02536461e6 fix for --enable-opensslall --disable-sha224 2020-10-24 07:06:24 +09:00
David Garske
a50e88430f Add OPENSSL_init_crypto and OPENSSL_init_ssl API's. 2020-10-23 12:13:08 -07:00