wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 08:09:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,896 Commits 12 Branches 184 Tags
bc03b5793c94556a5fd85cfa2e390c9506065eb4
Commit Graph

4366 Commits

Author SHA1 Message Date
David Garske
c0a664a8e5 Merge pull request #3200 from douzzer/20200805 
Add an error-checking wc_curve25519_make_pub() routine to the API for use by Wireguard
 2020-08-07 16:32:52 -07:00
toddouska
1724347f7a Merge pull request #3091 from julek-wolfssl/sess-serialization 
Expose session serialization outside of `OPENSSL_EXTRA`
 2020-08-07 15:41:27 -07:00
Eric Blankenhorn
064bfa583d Fix CheckAltNames to handle IP type 2020-08-07 10:12:56 -05:00
toddouska
82d927d40f Merge pull request #3199 from dgarske/openssl_sha 
Fix for building openssl compat without SHA-1
 2020-08-06 15:59:26 -07:00
Daniel Pouzzner
758665e347 Fix for TLS anonymous cipher and PKCS11 cast warnings. (author=dgarske) 2020-08-06 17:49:55 -05:00
Sean Parkinson
132adeac14 Merge pull request #3188 from julek-wolfssl/missing-cipherExtraData 
Move `cipherExtraData` so that it is available when HAVE_SESSION_TICKET
 2020-08-07 08:18:57 +10:00
toddouska
e121139178 Merge pull request #3179 from ejohnstown/suitesz 
Suite Size Check
 2020-08-06 11:05:10 -07:00
toddouska
4e9d49556e Merge pull request #3194 from SparkiDev/unit_fix_1 
Fix unit.test to not fail randomly
 2020-08-06 10:51:12 -07:00
David Garske
435eabfb4b Fix build error with unused variables. Added compat function for X509_add_ext. 2020-08-06 07:51:04 -07:00
Sean Parkinson
8afd629a30 Fix unit.test to not fail randomly 
Get the serial number from the certificate to calculate the encoding size.
Fix making of the certificate to copy serial number out if not already set.
 2020-08-06 08:52:21 +10:00
David Garske
c421445ba9 Added no SHA-1 hash support for OPENSSL compatibility. Fix for ./configure --enable-opensslextra --disable-sha. This allows using SHA2-256 for the hashing including the derived issuerHash and subjectHash. Adds issuer hash openssl compatibility function X509_issuer_name_hash. 2020-08-05 14:43:24 -07:00
toddouska
8d00b015c1 Merge pull request #3182 from dgarske/configall_noold 
Fix to NOT enable SSLV3 and TLS v1.0 with `--enable-all`
 2020-08-04 12:25:59 -07:00
toddouska
3e84f1c53f Merge pull request #2882 from dgarske/example_configs 
Added area for template user_settings files in `examples/config`
 2020-08-03 16:32:57 -07:00
Juliusz Sosinowicz
6c92116124 Move cipherExtraData so that it is available when HAVE_SESSION_TICKET 2020-08-03 15:32:49 +02:00
David Garske
4f91d60d22 Fixes for build issues without OPENSSL_EXTRA defined. 2020-07-31 15:25:58 -07:00
David Garske
197c21a508 Fix for --enable-all (also used by --enable-distro) to NOT enable SSLV3 and TLS v1.0. 2020-07-31 13:54:08 -07:00
John Safranek
fd4f8fe7a0 Suite Size Check 
1. Check that the cipher suite size is even when doing the Client
   Hello message.
2. Check that the cipher suite size is a multiple of three when doing
   the Old Client Hello message.
3. Check that the hash/signature algorithm list size is even when
   processing the extensions.
 2020-07-31 11:44:24 -07:00
toddouska
ff08a01f94 Merge pull request #3171 from SparkiDev/tls13_fin_fix 
TLS 1.3: Client requires cert_vfy before finished when not PSK
 2020-07-31 11:28:24 -07:00
toddouska
64f6dc08f7 Merge pull request #3164 from SparkiDev/tls13_ocsp2 
TLS 1.3 server MUST NOT use OCSP Status V2
 2020-07-29 16:23:24 -07:00
Sean Parkinson
f59a1fa295 TLS 1.3: Client requires cert_vfy before finished when not PSK 2020-07-29 10:21:34 +10:00
Sean Parkinson
76a35f2a77 TLS 1.3: Client with no certificate an error with define 
WOLFSSL_NO_CLIENT_CERT_ERROR
 2020-07-27 09:54:51 +10:00
Sean Parkinson
b775058f49 TLS 1.3 server MUST NOT use OCSP Status V2 
Parses the extension but does not use the information.
TLSX code change to ensure that the OCSP Status V2 extension is not
written out in EncryptedExtension, CertificateRequest nor Certificate
messages.
 2020-07-27 09:32:14 +10:00
toddouska
e84defb268 Merge pull request #3044 from dgarske/sniffer_tls13 
TLS v1.3 sniffer support
 2020-07-24 11:46:38 -07:00
David Garske
38cef2b3c9 Merge pull request #3151 from ejohnstown/dtls-size 
DTLS Size Fix
 2020-07-24 08:19:50 -07:00
JacobBarthelmeh
81475fac96 Merge pull request #3154 from embhorn/zd10651 
Fix build error with X509_SMALL config
 2020-07-23 13:34:29 -06:00
John Safranek
839044d9e1 1. Remove dead assignment from client test. 
2. Fix memory leak in example server test.
3. Use verify callback on certificates to allow callback to fail
   them.
4. Restore the forced failure test cases.
5. Make the verify action thread local.
 2020-07-23 12:26:49 -07:00
JacobBarthelmeh
303d0dfedb Merge pull request #3157 from embhorn/zd10631 
Fix build issue with OPENSSL_EXTRA_X509_SMALL
 2020-07-23 13:18:28 -06:00
toddouska
e198f6e73b Merge pull request #3141 from SparkiDev/tls_cert_alert 
Send more detail alerts for bad certificates
 2020-07-22 16:46:14 -07:00
toddouska
d75e6d4f55 Merge pull request #3131 from JacobBarthelmeh/Testing 
add sanity check on padSz
 2020-07-22 16:39:27 -07:00
Eric Blankenhorn
9b421ce497 Fix for config failure 2020-07-22 17:22:46 -05:00
Eric Blankenhorn
39271e9234 Fix build issue with OPENSSL_EXTRA_X509_SMALL 2020-07-22 14:08:57 -05:00
Eric Blankenhorn
89913076f1 Fix build error with X509_SMALL config 2020-07-21 16:36:30 -05:00
Sean Parkinson
c45e192581 Send more detail alerts for bad certificates 2020-07-22 00:07:23 +10:00
John Safranek
5d5aa129ca When attempting to send a message with DTLS, if it is too large, return an error rather than splitting it across records. (ZD 10602) 2020-07-20 16:14:53 -07:00
John Safranek
10c293a76c SCTP Test 
1. Removed test cases for DTLSv1.0 that used AEAD ciphers.
2. Cleaned up some typos in the test configs.
3. Fixed typo in a WOLFSSL_SCTP ifdef check.
 2020-07-20 15:03:48 -07:00
David Garske
9409d8682f Fix for building without session-ticket. 2020-07-17 15:22:35 -07:00
David Garske
e15e0828bf Cleanup of the SHOW_SECRET debugging. Use only latest wolf API's (not older Cyassl names). 2020-07-17 15:22:35 -07:00
David Garske
3be390d50d Added TLS v1.3 session resumption support. TLS v1.3 uses session tickets and a resumption secret is derived after the "finished" message. This uses the internal static wolf session cache to retain the resumption secret between sniffer sessions. 2020-07-17 15:22:35 -07:00
David Garske
1b051d9c5b TLS v1.3 sniffer support: 
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
 2020-07-17 15:22:35 -07:00
JacobBarthelmeh
01a01c373f sanity check on return value for wolfSSL_X509_NAME_ENTRY_get_object 2020-07-17 11:03:12 -06:00
toddouska
9137794cb4 Merge pull request #3105 from embhorn/zd10457_a 
Adding wolfSSL_X509_check_ip_asc
 2020-07-16 10:53:27 -07:00
Eric Blankenhorn
f2b279e834 Update from review 2020-07-15 20:57:04 -05:00
toddouska
fbe0c8cba7 Merge pull request #3122 from JacobBarthelmeh/Compatibility-Layer 
fix X509 multiple OU's and refactor
 2020-07-15 15:06:22 -07:00
toddouska
925e9d9213 Merge pull request #3075 from julek-wolfssl/dtls-no-cookie 
DTLS session resumption fixes
 2020-07-15 14:07:34 -07:00
Eric Blankenhorn
525a3cb9c3 Move API out of OPENSSL_EXTRA 2020-07-15 10:48:11 -05:00
Eric Blankenhorn
d1a82589f9 Adding wolfSSL_X509_check_ip_asc 2020-07-15 10:48:11 -05:00
David Garske
12478a4534 Merge pull request #3128 from tmael/fips_ossl 
Correct string truncation of XSTRNCAT
 2020-07-14 17:17:27 -07:00
Jacob Barthelmeh
a8736dd89d set heap hint for name malloc 2020-07-14 14:23:49 -06:00
toddouska
1caa6f860b Merge pull request #3088 from kaleb-himes/ZD10539 
Change Hash union to wc_Hmac_Hash
 2020-07-14 11:23:30 -07:00
Jacob Barthelmeh
173b9833fc fixes for edge build cases and static memory 2020-07-14 09:07:23 -06:00