wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 02:32:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,396 Commits 12 Branches 184 Tags
b14da2622eff167db49fc0772b6184446d1a01da
Commit Graph

1990 Commits

Author SHA1 Message Date
David Garske
b14da2622e Fix InitSuites to allow old TLS for DHE_RSA with AES 128/256 for SHA256. Reverted changes to test.conf and test-dtls.conf. 2017-04-07 10:20:18 -07:00
kaleb-himes
b827380baf Typo in cipher suite pre-processor macro 2017-04-07 10:19:24 -07:00
Jacob Barthelmeh
b49a2561bc build with session tickets and without client 2017-04-06 16:19:21 -06:00
JacobBarthelmeh
4eefa22629 Merge pull request #810 from toddouska/write-dup 
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurre…
 2017-04-05 10:06:20 -06:00
toddouska
cd358bd2ab protect against multiple write dups 2017-04-03 15:58:33 -07:00
toddouska
e168d4db09 Merge pull request #821 from SparkiDev/wpas_fips 
FIPS changes and fixups for wpa_supplicant
 2017-04-03 08:27:25 -07:00
David Garske
4e829bc0a5 Fix to assign default OID for TLS supported curves based on loaded extension order. 2017-03-30 13:54:24 -07:00
Sean Parkinson
c74c2ce00c FIPS changes and fixups 
Enable ex data explicitly.
Keep the peer cert for verification callback.
External session cache for hostapd.
Enable DES_ECB when not FIPS.
Don't send the peer cert if it is not received from peer.
Initialize the peer cert after free as will be freed on tear down of
SSL.
Allow a server to become a client.
 2017-03-30 11:53:35 +10:00
David Garske
75abeaecfc Updates for TKernel port (WOLFSSL_uTKERNEL2). Added support for InterNiche prconnect_pro using WOLFSSL_PRCONNECT_PRO. Cleanup the min/max functions. Add NO_STDIO_FGETS_REMAP to not include the fgets remap for WOLFSSL_uTKERNEL2. Fix TFM build warning. Added HAVE_POCO_LIB. Added wolfCrypt test temp cert path for WOLFSSL_uTKERNEL2 = /uda/. Added WOLFSSL_CURRTIME_REMAP for benchmark to allow different function name to be used for system which have a conflicting name. Add ability to use normal malloc/free with WOLFSSL_uTKERNEL2 using NO_TKERNEL_MEM_POOL. Added new XMALLOC_OVERRIDE to allow custom XMALLOC/XFREE/XREALLOC macros. Move CUSTOM_RAND_GENERATE up in RNG choices. Rename tls.c STK macros due to conflict. 2017-03-28 19:10:19 -07:00
toddouska
a7c131c0a1 fix vs warning 2017-03-24 11:19:01 -07:00
toddouska
86efbbbb1d simplify reset suites on cert/key changes to end of function 2017-03-24 10:40:42 -07:00
toddouska
4783fbfc4f better handling of TLS layer switching out CTX layer keys/certs 2017-03-24 10:19:01 -07:00
toddouska
15423428ed add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access 2017-03-20 15:08:34 -07:00
toddouska
3bb1723476 Merge pull request #768 from dgarske/crl_lookup 
Added support for inline CRL lookup when HAVE_CRL_IO is defined
 2017-03-17 12:18:45 -07:00
toddouska
ad57738cc6 Merge pull request #795 from JacobBarthelmeh/Testing 
bounds checking with adding string terminating character
 2017-03-17 12:07:55 -07:00
toddouska
36ecbfb1a8 fix NO_ASN_TIME build with --enable-wpas 2017-03-15 14:57:38 -07:00
Jacob Barthelmeh
0ef1b5d298 bounds checking with adding string terminating character 2017-03-15 13:40:41 -06:00
David Garske
4eb76e1d71 Fixes for building with IPV6. Added new WOLFSSL_IPV6 define to indicate IPV6 support. Fix to not include connect() and socket() calls unless HAVE_HTTP_CLIENT, HAVE_OCSP or HAVE_CRL_IO defined. Typo fixes. 2017-03-15 12:27:02 -07:00
David Garske
cf73a2244f Fix for stray brace in wolfIO_TcpConnect. Fix to typedef sockaddr_in6 only when TEST_IPV6 is defined. Moved XSOCKLENT into io.h. Added useful WOLFSSL_NO_SOCK, which can be used with WOLFSSL_USER_IO. 2017-03-15 12:26:40 -07:00
David Garske
d3a07858c0 Fixes based on peer review feedback. Fix to only include the non-blocking / select timeout functions when HAVE_IO_TIMEOUT is defined. Fix to only include TCP connect if HAVE_GETADDRINFO or HAVE_SOCKADDR defined. Cleanup of the “struct sockaddr*” to use typedef with HAVE_SOCKADDR. Moved helpful XINET_* and XHTONS/XNTOHS macros to io.h. 2017-03-15 12:26:18 -07:00
David Garske
628f740363 Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses. 2017-03-15 12:26:18 -07:00
Sean Parkinson
97b98c5c44 Changes from review 
Add a free handshake resources API.
Rename to wolfSSL_KeepHandshakeResources().
Add APIs to indicate the client's preference order is to be used when
matching cipher suites.
 2017-03-15 09:09:25 +10:00
Sean Parkinson
ac713e62c5 Code review fixes 
Put back check for server end when setting DH.
Add option to keep resources rather than free after handshake.
 2017-03-15 09:09:25 +10:00
Sean Parkinson
122f648fd8 Only support client preference order as default for WPAS. 2017-03-15 09:09:02 +10:00
Sean Parkinson
fd3093f937 Protect code with #ifdefs 2017-03-15 09:09:02 +10:00
Sean Parkinson
e2930b0a43 Changes for WPA Supplicant 2017-03-15 09:09:02 +10:00
toddouska
4210ce0f67 Merge pull request #789 from SparkiDev/jenkins 
Fixes for extended configuration testing
 2017-03-14 10:00:39 -07:00
David Garske
e98a0465ae tenAsys INtime RTOS port. Porting complete for mutex semaphores, threading, file, socket and RNG. Added projects for libwolfssl and wolfExamples. The wolfExamples project includes examples for wolfCrypt Test/Benchmark and wolfSSL TLS client/server. Provided reference user_settings.h with comments and enable/disable gates. Added README.md with overview and instructions. Fixed issue building master with NO_WOLFSSL_DIR defined. Added check if old TLS is enabled that SHA and MD5 are enabled. Cleanup of the wolfCrypt test use of USE_CERT_BUFFERS with file system enabled. 2017-03-13 09:48:55 -07:00
Sean Parkinson
614231f71c Fixes for extended configuration testing 2017-03-13 11:33:39 +10:00
Sean Parkinson
80fe2a3524 Fix elliptic curve selection. 
Preference by:
1. the default for the curve strength (eccTempKeySz),
2. a curve at the curve strength (eccTempKeySz),
3. the default for next higher curve strength,
4. the first curve (client order) with the next highest curve strength
 2017-03-11 10:17:15 +10:00
toddouska
2bb14903f9 Merge pull request #698 from SparkiDev/nginx 
Get Nginx working with wolfSSL
 2017-03-09 10:23:20 -08:00
David Garske
a55ebb4c18 Fixes for building CRL with Windows. Refactor load_verify_buffer and LoadCRL to use new wc_ReadDir* functions. Added new directory/file API's: wc_ReadDirFirst(), wc_ReadDirNext(), wc_ReadDirClose(). Moved MAX_PATH and MAX_FILENAME_SZ to wc_port.h. Moved BAD_PATH_ERROR into error-crypt.h. The wc_ReadDir is only supported when NO_WOLFSSL_DIR and NO_FILESYSTEM are not defined. Add map to __FUNCTION__ macro in Windows with debug enabled (to resolve build error with VS and __func__ missing). Fix cast warning on response from EncodeOcspRequestExtensions. Fix for cast to call to BuildCertificateStatus. 2017-03-08 11:21:11 -08:00
Sean Parkinson
ae6fbb220f Pass the context to statusCb (needed in Nginx 1.10.3) 2017-03-06 10:58:25 +10:00
toddouska
ba1a8d7681 Merge pull request #765 from dgarske/scanbuild_fixes 
Fixes for scan-build warnings
 2017-03-03 15:58:10 -08:00
toddouska
0d3ef0b399 Merge pull request #776 from dgarske/fix_iis_signature_algorithms 
Fix issue with IIS servers and NO_OLD_TLS
 2017-03-03 12:51:22 -08:00
JacobBarthelmeh
6800ffe8fa Merge pull request #772 from toddouska/sr3-fix 
fix signer memory takeover on malformed data
 2017-03-03 10:21:01 -07:00
toddouska
eef3ec4a87 Merge pull request #763 from NickolasLapp/master 
Changes to bring wolfssl up to date with stunnel 5.40
 2017-03-03 09:00:11 -08:00
Sean Parkinson
0182d99efb Updates for nginx 1.10.3 
Don't return global error when: SOCKET_PEER_CLOSED_E or SOCKET_ERROR_E
Increase max ex_data items to 5
 2017-03-03 16:38:29 +10:00
David Garske
b5fe3ddbfa Fix to allow connection to IIS server which requires SHA1 hash algo to be present in signature_algos extension. Issue only exists when NO_OLD_TLS is defined. To enable SHA1 with TLS 1.2 define "WOLFSSL_ALLOW_TLS_SHA1”. 2017-03-02 18:18:05 -08:00
John Safranek
ec1d8c7090 Fixed where the client was using NULL instead of ssl->heap when allocating memory during SendClientKeyExchange(). Failing on an embedded static build. 2017-03-02 10:05:24 -08:00
David Garske
d903059e05 Fixes to allow signature_algorithms extension to send SHA1 (if enabled) and NO_OLD_TLS is defined. This resolves an issue connected to ISS servers. 2017-03-01 19:07:13 -08:00
toddouska
2d612da9f4 fix signer memory takeover on malformed data 2017-03-01 10:25:54 -08:00
Sean Parkinson
13e6217fd5 Changes from code review 2017-03-01 08:38:54 +10:00
Sean Parkinson
d4abeb56db Fixes required after logging changes to master. 2017-03-01 08:38:54 +10:00
Sean Parkinson
e6434f380b Get Nginx working with wolfSSL 2017-03-01 08:38:54 +10:00
Jacob Barthelmeh
26bd19bbd8 debug message fix 2017-02-23 17:15:44 -07:00
David Garske
9db6a27921 Fixes for scan-build warnings. Fix possible memory leak in wolfSSL_DH_new on failure. Add null checks in integer.c for destination to make sure “dp” grows when NULL (even though never happens in real-use). Added suppression of wc_port.c warning “Value stored to 'ret' is never read”. 2017-02-23 14:47:36 -08:00
toddouska
bdbb98ed20 Merge pull request #735 from dgarske/norm_math_speedup 
Normal math speed-up to not allocate on mp_int and defer until mp_grow
 2017-02-22 14:29:51 -08:00
John Safranek
d52f44108c Merge pull request #762 from moisesguimaraes/fix-ocsp-request 
Adds missing free(request) in CheckOcspRequest()
 2017-02-22 14:19:51 -08:00
Moisés Guimarães
8bbcdf977d adds missing free(request) in CheckOcspRequest() 2017-02-22 10:43:07 -08:00