wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 23:39:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,923 Commits 12 Branches 184 Tags
b632c8dcc1367b80cc8d17d3311dee664a3acf0f
Commit Graph

3279 Commits

Author SHA1 Message Date
toddouska
b632c8dcc1 Merge pull request #2043 from SparkiDev/tls13_psk_down 
Fix PSK support when no PSK extension
 2019-01-18 09:00:56 -08:00
toddouska
33f876bb20 Merge pull request #2029 from SparkiDev/sni_tls13 
Fix SNI on client when downgrading from TLS 1.3
 2019-01-18 08:59:47 -08:00
toddouska
fe97264ff9 Merge pull request #2028 from dgarske/spcortex 
Added Cortex-M support for Single Precision (SP) math
 2019-01-18 08:59:10 -08:00
toddouska
d02f7a75b9 Merge pull request #2019 from dgarske/arduino 
Improvements to Arduino sketch
 2019-01-18 08:54:42 -08:00
toddouska
aba726fcd3 Merge pull request #2004 from embhorn/prf_move 
Moving PRF to wolfcrypt
 2019-01-18 08:53:13 -08:00
Sean Parkinson
e18891aed8 Fix PSK support when no PSK extension 2019-01-18 16:13:07 +10:00
David Garske
8fb7892013 Merge pull request #2040 from ejohnstown/fix-checks 
Fix Checks
 2019-01-17 12:54:25 -08:00
John Safranek
f6240e5558 Fix Checks 
1. In the client, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue #2037.)
2. In HashOutput(), check that the hsHashes exists for the session before hashing. (Resolves issue #2038.)
 2019-01-17 09:52:00 -08:00
David Garske
91573735b1 Merge pull request #2036 from ejohnstown/fragsz 
TLS Record Fragment Size Check Change
 2019-01-17 08:56:45 -08:00
John Safranek
5e03ac13f6 TLS Record Fragment Size Check Change 
Fixed a potential bug with respect to processing fragmented handshake
messages. If a handshake message is fragmented across multiple TLS
records and the last fragment's record has the next handshake message in
it, we would throw a buffer error instead of processing the next
message. Changed this so it will finish the handshake message and return
out to process the next message. Also changed the handling of the
handshake message to follow the calling pattern.
 2019-01-16 15:53:57 -08:00
Eric Blankenhorn
02ff19a6c4 Moving PRF to wolfcrypt 2019-01-16 17:23:49 -06:00
John Safranek
d5b06f93fd Merge pull request #2031 from SparkiDev/sec_reneg_chrome 
Changes to secure renegotiation for TLS 1.3 and Chrome
 2019-01-16 12:00:08 -08:00
toddouska
5d262e9123 Merge pull request #2027 from dgarske/fix_buildopts 
Fixes for various build options and warnings
 2019-01-16 10:32:19 -08:00
toddouska
b683a5a6bb Merge pull request #1945 from victork1996/bugfix/openssl-evp-bytes-to-key-compatibility 
Fixed OpenSSL compatibility issues in wolfSSL_EVP_BytesToKey
 2019-01-16 10:18:08 -08:00
toddouska
b37c94a15c Merge pull request #2022 from JacobBarthelmeh/OCSP 
memory management with OCSP requests
 2019-01-16 08:52:50 -08:00
Sean Parkinson
b2e4c86028 Changes to secure renegotiation for TLS 1.3 and Chrome 2019-01-15 09:47:23 -08:00
Sean Parkinson
53ad7728bf Fix SNI on client when downgrading from TLS 1.3 2019-01-14 15:09:52 -08:00
Jacob Barthelmeh
6ac384793f memory management with OCSP requests 2019-01-14 09:49:50 -07:00
David Garske
cfc66dab47 Fix compiler complaints when using Curve25519. 2019-01-11 21:16:13 -08:00
David Garske
45cd80b4b7 Fix define check of NO_CERT to be NO_CERTS. 2019-01-11 21:10:07 -08:00
David Garske
406d2ceb6b Merge pull request #2023 from miyazakh/fix_no_hash_raw 
fix no_hash_raw for esp32 hw acceleration
 2019-01-11 21:04:04 -08:00
David Garske
ebd68e6afd Fix to return the internal cipher suite name instead of NULL if NO_ERROR_STRINGS is defined. Fix for stray "if" in wolfSSL_SESSION_CIPHER_get_name. 2019-01-11 17:20:35 -08:00
David Garske
f67b8fa6a3 Experimental SP Cortex M support for Single Precision math. 2019-01-11 14:38:34 -08:00
Hideki Miyazaki
bdc5dd41d1 fix no_hash_raw for esp32 hw acceleration 2019-01-09 16:56:47 +09:00
Jacob Barthelmeh
26ae39a217 check if secure renegotiation struct available 2019-01-04 13:22:34 -07:00
Jacob Barthelmeh
a00eaeb877 add ocsp stapling test and initialize values 2019-01-04 13:16:47 -07:00
toddouska
ed80cf4f4d Merge pull request #2009 from JacobBarthelmeh/Testing 
fix for some warnings and edge case build
 2019-01-02 12:38:51 -08:00
toddouska
71bc571a8a Merge pull request #2000 from kojo1/EVP_CipherInit 
EVP_CipherInit: allow NULL iv, key for openSSL compatibility
 2019-01-02 12:04:38 -08:00
Jacob Barthelmeh
a1459f6fec fix build when QSH is enabled and TLS 1.3 is enabled 2018-12-28 17:16:34 -07:00
David Garske
2351047409 Fixes for various scan-build reports. 2018-12-27 11:08:30 -08:00
David Garske
1eccaae25f Fix for DTLS async shrinking input buffer too soon and causing -308 (INCOMPLETE_DATA). 2018-12-27 11:07:32 -08:00
toddouska
697c99a9ec Merge pull request #1934 from dgarske/fix_alt_chain 
Fixes and cleanups for processing peer certificates
 2018-12-26 15:09:42 -08:00
Takashi Kojo
f97696a546 AesSetKey_ to AesSetKey_ex 2018-12-26 13:52:41 +09:00
Takashi Kojo
0c828d14a0 Name conficted. filter out with NO_AES 2018-12-24 17:27:41 +09:00
Takashi Kojo
ae09fbe8a2 EVP_CipherInit: allow NULL iv for openSSL compatibility 2018-12-24 12:00:21 +09:00
Jacob Barthelmeh
6191cb1927 free internal OCSP buffers 2018-12-21 12:30:49 -07:00
David Garske
9733076fe0 Fixes and cleanups for processing peer certificates: 
* Fix with `WOLFSSL_ALT_CERT_CHAINS` to resolve issue with using a trusted intermediate to validate a partial chain. With the alt cert chain enabled a CA may fail with only `ASN_NO_SIGNER_E` and the connection is allowed if the peer's certificate validates to a trusted CA. Eliminates overly complex 1 deep error alternate chain detection logic. Resolves ZD 4525.
* Refactor and cleanup of ProcessPeerPerts to combine duplicate code and improve code commenting.
* Fix for CA path len check in `ParseCertRelative` to always check for self-signed case (was previously only in NO_SKID case).
* Improvement to include self-signed flag in the DecodedCert struct.
 2018-12-21 08:20:04 -08:00
David Garske
3e31115654 Merge pull request #1993 from JacobBarthelmeh/Testing 
Release Testing
 2018-12-20 16:19:17 -08:00
Jacob Barthelmeh
d3274e28e8 fix for hash types with fips windows opensslextra build 2018-12-20 14:22:35 -07:00
Jacob Barthelmeh
5d2d370bd5 fix for scan-build warning 2018-12-20 11:40:20 -07:00
Jacob Barthelmeh
164a762088 fix afalg/cryptodev + opensslextra build 2018-12-20 10:52:17 -07:00
Sean Parkinson
eba11e097a Fix HelloRetryRequest to be sent immediately and not grouped 2018-12-20 16:41:38 +10:00
Jacob Barthelmeh
fc926d3c61 fixes from infer testing 2018-12-19 11:56:29 -07:00
toddouska
4068975190 Merge pull request #1983 from dgarske/x509small_verifycb 
Include current cert as X509 in verify callback for small build
 2018-12-18 15:40:00 -08:00
toddouska
0a6732ee67 Merge pull request #1979 from SparkiDev/tls_sh_tlsx_parse 
Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type
 2018-12-18 15:39:12 -08:00
toddouska
4a170c0399 Merge pull request #1971 from SparkiDev/tls13_old_hello 
Don't expect old ClientHello when version is TLS 1.3
 2018-12-18 15:38:44 -08:00
toddouska
f1c62f191d Merge pull request #1941 from ejohnstown/rekey 
Server Side Secure Renegotiation
 2018-12-18 15:38:16 -08:00
David Garske
443dbf251b Fix to supply the X509 current_cert in the verify callback with OPENSSL_EXTRA_X509_SMALL defined or ./configure --enable-opensslextra=x509small. 2018-12-17 13:02:14 -08:00
Sean Parkinson
c628562ee7 Fix the Old ClientHello detection with TLS 1.3 with new state 
Put the clientState into CLIENT_HELLO_RETRY (new state) when waiting for
second ClientHello.
Chrome sends change_cipher_spec message, for reasons of compatability,
which meets the requirements of the Old ClientHello detection when state
of client is NULL.
 2018-12-13 17:06:00 +10:00
Sean Parkinson
f90e5601ad Fix TLS 1.2 and below ServerHello TLSX_Parse to pass in message type 2018-12-13 16:12:53 +10:00