153b9abc31
Old Compiler Warning Cleanup (GCC 4.0.2)
...
ssl.c: Fix a couple of checks on hashType enum that were using a `< 0`
for the lower bound on an unsigned.
2022-01-14 16:32:18 -08:00
021f9171c5
Fix building ASIO with Old TLS disabled.
2022-01-14 15:00:02 -07:00
eade8ecdf1
DTLS SRTP improvements. Added support for client to send list of profiles. Added support for more SRTP profiles.
2022-01-14 13:43:29 -08:00
1ed152daeb
Fix building with OPENSSL_EXTRA and NO_BIO defined.
2022-01-14 11:19:01 -07:00
31e84d82b8
Domain check should only be performed on leaf certs
...
- Refactor `*_set_verify` functions into common logic
- NULL protect `wolfSSL_X509_VERIFY_PARAM_set1_host` and add debug info
2022-01-14 18:16:42 +01:00
6ccbd8776f
DTLS SRTP (RFC5764) support (adds --enable-srtp). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-14 07:35:45 -08:00
a33d901409
update ESP-IDF port to fix failure
2022-01-14 15:35:28 +09:00
f81e15f342
Merge pull request #4750 from SparkiDev/etm-disable
...
TLS EncryptThenMac; fix when extension response sent
2022-01-13 13:33:57 -08:00
8d7059497e
Merge pull request #4742 from elms/fix/secure_renegotiate_compat
...
TLS: Default secure renegotiation compatibility
2022-01-13 10:23:27 -08:00
1a4bc322f7
Fix buffer overflow in PKCS7_VerifySignedData
...
wc_PKCS7_AddDataToStream() was called the first time prior to BERtoDER
conversion, subsequent times afterwards which meant the stream idx
pointer was incorrect. This patch restarts the stream after conversion.
Fixes ZD13476
2022-01-13 14:49:31 +00:00
92d01611ff
Fix buffer overflow in GetOID
...
When converting BER to DER we switched the pointer for pkiMsg to the DER
but not the size which could cause buffer overflow.
Fixes ZD13471
2022-01-13 13:26:32 +00:00
70b169e3f2
TLS EncryptThenMac; fix when extension response sent
...
Only respond with the extension when negotiated a block cipher.
2022-01-13 12:46:21 +10:00
ba579753ba
Merge pull request #4749 from ejohnstown/vpath-fix
2022-01-12 17:06:37 -08:00
15c5ac880e
PKCS7 Test Output
...
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
2022-01-12 14:51:11 -08:00
33f0e2eda5
In the wolfCrypt test, fix a few filenames to use the VPATH versions.
2022-01-12 14:50:43 -08:00
0acf8d0e75
Merge pull request #4732 from embhorn/zd13375
...
SP int, TFM: Init vars for static analysis
2022-01-13 07:06:19 +10:00
3ddfb0f189
Aarch64 SHA512: fixup to work on Apple M1
...
Directive needed on Apple to indicate SHA3 extensions available.
Fixup C file as well - remove unused constants not avaiable and
prototype function that is extern elsewhere.
2022-01-12 12:56:39 +10:00
336e595ebb
Remove some lingering oldname return values
2022-01-11 17:09:52 -08:00
723cfb2d0b
make server/client only work
2022-01-12 09:23:23 +09:00
efe2cea8d1
TLS: Default secure renegotiation compatability
...
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746
From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.
With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
2022-01-11 15:56:35 -08:00
abc9b7197d
Merge pull request #4676 from ThalesGroup/iotsafe-hkdf-extract
...
Iotsafe hkdf extract
2022-01-11 07:37:30 -08:00
f0f65f41b7
addressed review comments
2022-01-11 19:53:54 +09:00
c7b0b7003e
Merge pull request #4700 from dgarske/pkcs11_id
...
Improved the PKCS11 init to support slotId or tokenName
2022-01-11 14:25:37 +10:00
30777bb5ee
nit minor changes
2022-01-11 10:08:52 +08:00
9a4981a5a8
Improved the PKCS11 init to support slotId or tokenName. Adds new wc_Pkcs11Token_InitName and alters existing wc_Pkcs11Token_Init to allow NULL tokenName. ZD13348
2022-01-10 16:53:01 -08:00
5910ada93d
Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene
...
cppcheck sweep
2022-01-10 12:52:22 -08:00
6a02826bbf
Merge pull request #4740 from dgarske/sess_names_docs
...
Session doc and naming cleanups
2022-01-10 14:38:47 -06:00
5392190807
Merge pull request #4741 from danielinux/psoc6-sha512-fix
...
PsoC6 hw crypto: added missing wc_InitSha512_ex()
2022-01-10 12:32:13 -08:00
814e7c91e0
PsoC6 hw crypto: added missing wc_InitSha512_ex()
2022-01-10 18:30:53 +01:00
f72d198778
Merge pull request #4723 from dgarske/se050
2022-01-10 10:11:49 -07:00
43bbc5d2e5
Merge pull request #4738 from SparkiDev/sp_int_div_arm_2
...
SP int: ARM64/32 sp_div_word changes
2022-01-10 07:58:28 -08:00
6ce248e2f9
Improve documentation for wolfSSL_get1_session. Add wolfSSL specific naming on the internal session functions to avoid possible user conflicts. ZD13363 and ZD13487.
2022-01-10 07:47:19 -08:00
5cce1926bb
Init vars for static analysis
2022-01-10 08:24:29 -06:00
6398087d5b
SP int: ARM64/32 sp_div_word changes
...
Fixup up formatting.
Fix comments.
Aarch64: don't use variable r when hi can be used.
ARM 32-bit: Add a version that uses udiv - not available on all chips
and can be slower anyway.
2022-01-10 16:27:39 +10:00
1a291870a3
minor fixes
2022-01-10 10:28:14 +08:00
4bbf90d604
Merge pull request #4702 from SparkiDev/sp_int_div_arm
...
SP int: transplant the div_word from SP into SP int for ARM64 and ARM32
2022-01-09 17:54:39 -08:00
355b5821b2
WOLFSSL_SESSION_EXPORT: fixes for scan-build complaints (deadcode.DeadStores) building --enable-all --enable-sessionexport.
2022-01-08 11:43:56 -06:00
c50964cc35
src/internal.c: fix flubbed edit in wolfSSL_session_import_internal().
2022-01-08 11:08:57 -06:00
49fc54ef1f
linuxkm/linuxkm_wc_port.h: move XMALLOC/XREALLOC/XFREE definitions outside BUILDING_WOLFSSL gate as-was, for back-compat.
2022-01-08 02:41:02 -06:00
56c28ff307
src/ssl.c: in wolfSSL_SESSION_has_ticket(), add (void)sess if !defined(HAVE_SESSION_TICKET), to fix -Wunused-parameter.
2022-01-08 02:39:50 -06:00
ff0eb5a41e
wolfcrypt/test/test.c: in wolfcrypt_test(), tweak formatting of CheckRunTimeSettings() to resolve invalidPrintfArgType_uint from cppcheck --force.
2022-01-08 01:35:46 -06:00
a4444e6c3e
wolfcrypt/test/test.c: in rsa_oaep_padding_test(), remove accidentally repeated MEMORY_E check.
2022-01-08 01:10:02 -06:00
7341b54a20
wolfssl/wolfcrypt/tfm.h: fixes for cppcheck complaints: preprocessorErrorDirective[division/modulo by zero]
2022-01-08 00:34:33 -06:00
cb86da71fa
wolfssl/wolfcrypt/ecc.h: fixes for cppcheck complaints: preprocessorErrorDirective[division/modulo by zero]
2022-01-08 00:34:22 -06:00
fdb6a2d87d
wolfssl/test.h: fixes for cppcheck complaints: nullPointerRedundantCheck invalidScanfArgType_int
2022-01-08 00:34:09 -06:00
29fcbb0b19
wolfcrypt/test/test.c: fixes for cppcheck complaints: memleakOnRealloc nullPointerRedundantCheck uninitvar invalidPrintfArgType_uint
2022-01-08 00:33:54 -06:00
70ab36f81c
wolfcrypt/src/wc_port.c: fixes for cppcheck complaints: uninitvar nullPointer
2022-01-08 00:33:33 -06:00
8aa1100508
wolfcrypt/src/wc_pkcs11.c: fixes for cppcheck complaints: uninitvar
2022-01-08 00:32:48 -06:00
71b0b89e95
wolfcrypt/src/srp.c: fixes for cppcheck complaints: identicalInnerCondition
2022-01-08 00:32:37 -06:00
82b508b917
wolfcrypt/src/sha512.c: fixes for cppcheck complaints: nullPointerRedundantCheck
2022-01-08 00:32:26 -06:00
John Safranek
Kareem
David Garske
Juliusz Sosinowicz
Hideki Miyazaki
Andrew Hutchings
Sean Parkinson
elms
Saksik Remy
Eric Blankenhorn
Daniele Lacamera
Chris Conlon
Daniel Pouzzner