wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 07:19:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,611 Commits 12 Branches 184 Tags
b87fca669db168d90ba688f8d2e3bba7c216bf5a
Commit Graph

4887 Commits

Author SHA1 Message Date
John Safranek
7134608d9f Merge branch 'master' into fipsv3 
# Conflicts:
#	wolfssl/wolfcrypt/hash.h
 2021-03-05 07:59:04 -08:00
toddouska
b8235649ea Merge pull request #3812 from haydenroche5/get-certs-refactor 
Improve wolfSSL_CertManagerGetCerts.
 2021-03-04 11:14:05 -08:00
toddouska
12d5c6d416 Merge pull request #3783 from haydenroche5/socat 
Add support for OpenSSL compatibility function SSL_CTX_get_min_proto_…
 2021-03-04 11:10:17 -08:00
toddouska
90d45028cc Merge pull request #3781 from fabiankeil/NO_WOLFSSL_STUB-build-fix 
Fix build with  NO_WOLFSSL_STUB
 2021-03-04 11:07:26 -08:00
Hayden Roche
265b456cac Improve wolfSSL_CertManagerGetCerts. 
- Use wolfSSL_d2i_X509. wolfSSL_CertManagerGetCerts duplicated a lot of work
that wolfSSL_d2i_X509 can do for us.
- This function gets the caLock from the CertManager and then calls ParseCert.
Ultimately, ParseCert calls GetCA, which attempts to acquire the same caLock.
Deadlock ensues. The solution is to get the caLock, make a copy of all the
certs, and release the lock. Then, we use the copy of the certs to build up
the stack of X509 objects. What happens if one of the certs is removed from
the CertManager between our copying and calling wolfSSL_d2i_X509? Nothing of
consequence for this use case. ParseCertRelative won't set the DecodedCert's ca
field, but we don't need that to be set here.
 2021-02-26 10:45:27 -06:00
toddouska
2d13a43e71 Merge pull request #3819 from elms/fix/nightly_g++ 
ssl: fix g++ compile warning with explicit cast
 2021-02-25 16:04:05 -08:00
Hayden Roche
10181b7bbf Add support for OpenSSL compatibility function SSL_CTX_get_min_proto_version. 
This is needed by socat-1.7.4.1.
 2021-02-25 17:04:41 -06:00
Elms
afbe3607d7 ssl: fix g++ compile warning with explicit cast 
cast OpenSSL callback to `void*` for storage as context to be used by
static callback
 2021-02-25 11:01:16 -08:00
John Safranek
3da0713ecd Use the new APIs for HKDF extract with label. 2021-02-24 18:23:37 -08:00
John Safranek
8ab396cb45 Move the TLSv1.3 KDF into wolfCrypt with the other KDFs. 2021-02-24 18:23:37 -08:00
John Safranek
2672856042 FIPS KDF Update 
1. Copied the TLSv1.2 PRF into hmac.c since it uses it and the TLSv1.3
   HKDF is in there as well.
2. Added guard around the old TLS PRF so that it switches in correctly
   for older FIPS builds only.
 2021-02-24 18:23:36 -08:00
John Safranek
d5f6ef9f3b FIPS 140-3 
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
   testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
   EccMakeKey().
 2021-02-24 18:21:02 -08:00
John Safranek
2b6dc31145 FIPS 140-3 
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
 2021-02-24 18:00:44 -08:00
Sean Parkinson
d271092aef ASN: move wolfSSL_i2d_X509_NAME to ssl.c 
Move WOLFSSL_X509_NAME APIs out of asn.[ch].
 2021-02-25 11:45:12 +10:00
toddouska
94a23c1d48 Merge pull request #3646 from julek-wolfssl/nginx-1.19.6 
Add support for Nginx 1.19.6
 2021-02-24 12:21:51 -08:00
Eric Blankenhorn
1d16af4f32 Warnings and error fixes 2021-02-24 09:08:15 -06:00
toddouska
e471cba8df Merge pull request #3780 from SparkiDev/tls13_key_up_resp 
TLS 1.3: add API to tell if a KeyUpdate response is required
 2021-02-23 11:57:10 -08:00
Juliusz Sosinowicz
d074e7443f Remove default ticket cb as this will be added in another PR 2021-02-23 10:06:11 +01:00
David Garske
b5239f97c4 Fixes for warnings in Windows. Fix for failing wc_BufferKeyEncrypt with PBKDF disabled. ZD 11759. 2021-02-22 16:51:17 -08:00
Sean Parkinson
41c4a25b25 Merge pull request #3785 from embhorn/zd11752 
Fix ret val for wolfSSL_BIO_set_ssl
 2021-02-22 08:34:47 +10:00
Eric Blankenhorn
ebb2c7ae71 Fix ret val for wolfSSL_BIO_set_ssl 2021-02-19 16:35:01 -06:00
JacobBarthelmeh
8d7c61cf10 prep for Async release 2021-02-19 11:51:23 -07:00
Fabian Keil
400a1d6927 Compile wolfSSL_ASN1_TIME_set_string() independently of NO_WOLFSSL_STUB 2021-02-19 05:45:09 +01:00
Sean Parkinson
fa7b5f55ee TLS 1.3: add API to tell if a KeyUpdate response is required 2021-02-19 10:21:08 +10:00
Sean Parkinson
ad58478d29 Merge pull request #3765 from embhorn/zd11703 
Validate name size
 2021-02-18 08:42:26 +10:00
Sean Parkinson
276e090a1f Merge pull request #3763 from embhorn/zd11726 
Adding wolfSSL_CTX_get_TicketEncCtx
 2021-02-18 08:35:03 +10:00
Eric Blankenhorn
caa39f78ae Fix from review and leak in wolfSSL_X509_get_serialNumber 2021-02-17 13:53:30 -06:00
Eric Blankenhorn
608083f559 Add more checks for name->sz 2021-02-17 12:19:42 -06:00
Jacob Barthelmeh
4def38dd7e fix build for apache without tls 1.3 2021-02-17 18:23:03 +07:00
Eric Blankenhorn
806b5d7d23 Validate name size 2021-02-16 14:58:58 -06:00
Juliusz Sosinowicz
89fd0b375b Correctly read anon cipher run-time options 2021-02-16 14:27:19 +01:00
Juliusz Sosinowicz
9265c3f71f Use native API for ticket callback 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
0ae1a8b8c5 Jenkins fixes 
- Change pushCAx509Chain to an iterative implementation
- Fix variable names shadowing global names
 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
e80158a96e Set full chain with known CA's in wolfSSL_set_peer_cert_chain 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
b90862fa3f Free OcspEntry.status only when the struct owns the pointer 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
26df833074 Compat layer session tickets 
- OpenSSL uses an internal mechanism by default for session tickets. This is now implemented for OPENSSL_EXTRA in wolfSSL.
- Add testing of wolfSSL_CTX_set_tlsext_ticket_key_cb
 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
9a1e54cfd5 Nginx 1.19.6 Fixes 2021-02-16 14:25:45 +01:00
Juliusz Sosinowicz
b63f43a2af Nginx 1.19.6 
- Implement X509_pubkey_digest
- Initialize entire WOLFSSL_X509_NAME struct to zero
- Set raw and rawLen when copying WOLFSSL_X509_NAME
 2021-02-16 14:25:45 +01:00
Eric Blankenhorn
b7b07e1945 Adding wolfSSL_CTX_get_TicketEncCtx 2021-02-15 11:28:46 -06:00
Jacob Barthelmeh
0b0f370384 fix for haproxy and nginx build 2021-02-15 22:09:44 +07:00
Sean Parkinson
ba1c67843a Merge pull request #3752 from JacobBarthelmeh/Jenkins 
changes from nightly Jenkins test review
 2021-02-15 16:32:40 +10:00
Sean Parkinson
505514415d Merge pull request #3748 from JacobBarthelmeh/Testing 
always check index into certs
 2021-02-15 08:20:28 +10:00
Jacob Barthelmeh
1c852f60ab fix for g++ build 2021-02-12 23:26:54 +07:00
Jacob Barthelmeh
0938a0055d always use MAX_CHAIN_DEPTH for args->certs buffer 2021-02-12 15:18:14 +07:00
toddouska
f0ce6ada0f Merge pull request #3702 from guidovranken/zd11603 
Prevent dangling pointer in TLSX_Cookie_Use
 2021-02-11 12:31:02 -08:00
toddouska
80b9949052 Merge pull request #3739 from kaleb-himes/FusionRTOS-Porting-R3 
Fusion RTOS porting round 3
 2021-02-11 12:25:55 -08:00
toddouska
39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
Jacob Barthelmeh
90140fc5a4 always check index into certs 2021-02-11 21:50:51 +07:00
toddouska
032cc1645c Merge pull request #3713 from SparkiDev/tls_def_sess_ticket_cb 
TLS Session Ticket: default encryption callback
 2021-02-10 16:13:33 -08:00
toddouska
67b1280bbf Merge pull request #3545 from kabuobeid/smime 
Added support for reading S/MIME messages via SMIME_read_PKCS7.
 2021-02-10 15:59:32 -08:00