wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 06:42:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,508 Commits 12 Branches 184 Tags
bd8a612d6cd64bb482ea5470448019193987f262
Commit Graph

1647 Commits

Author SHA1 Message Date
toddouska
a13ebf5258 Merge pull request #2543 from embhorn/zd5706 
Update DoVerifyCallback to check verify param hostName and ipasc
 2019-12-05 14:38:47 -08:00
toddouska
5d41ef171c Merge pull request #2610 from ejohnstown/maintenance-DTLS 
Maintenance: DTLS
 2019-11-26 15:17:22 -08:00
toddouska
9ecafa7afe Merge pull request #2557 from tmael/cert_store_ls_x509 
Retrieve a stack of X509 certs
 2019-11-26 15:16:09 -08:00
toddouska
a2d036dcba Merge pull request #2601 from SparkiDev/certs_exts_fix 
ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
 2019-11-20 16:17:28 -08:00
John Safranek
71690fc73a Maintenance: DTLS 
1. Updated the window scrolling. There was a couple off-by-one errors in
the DTLS window handling. They canceled each other out, but there was a
rare case where they would shift too much.
 2019-11-20 13:46:23 -08:00
John Safranek
188eb45433 Maintenance: DTLS 
Removed redundant sequence increment when sending the Server Hello message.
 2019-11-20 13:08:01 -08:00
John Safranek
19d8ef405c Maintenance: DTLS 
When encrypting with AES-GCM, AES-CCM, or PolyChacha, do not increment
the DTLS sequence number. The sequence number should only be incremented
in BuildMessage. This was done because the sequence number used to be
incremented after calculating the HMAC or after the encrypt for AEAD
ciphers. The HMAC has been separated from the sequence increment.
 2019-11-20 10:56:56 -08:00
toddouska
88fb7efb8c Merge pull request #2602 from SparkiDev/certs_exts_free 
ProcessPeerCerts jump to error handling instead of returning
 2019-11-20 09:25:48 -08:00
toddouska
5de27443d0 Merge pull request #2596 from dgarske/mqx_fio_cleanup 
Support for MQX 5.0 and cleanup of the MQX includes
 2019-11-19 11:49:03 -08:00
Sean Parkinson
1b8f136d29 ProcessPeerCerts jump to error handling instead of returning 2019-11-19 13:17:29 +10:00
Sean Parkinson
f08dfb4afc ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly 2019-11-19 13:03:20 +10:00
toddouska
c6dac64438 Merge pull request #2594 from ejohnstown/maintenance-BLAKE2 
Maintenance BLAKE2
 2019-11-18 17:05:01 -08:00
toddouska
b646b7258b Merge pull request #2585 from dgarske/webrtc_m79 
Support for Google WebRTC (ref m79)
 2019-11-18 15:33:49 -08:00
John Safranek
8347d00bf2 Maintenance BLAKE2 
1. Remove the BLAKE2 HMAC from wolfSSL and its testing.
 2019-11-18 13:31:15 -08:00
David Garske
1542482cd5 Cleanup of the MQX file headers for STDIO. Cleanup of fio.h and nio.h includes to use wc_port.h. ZD 9453. 2019-11-18 12:14:34 -08:00
Tesfa Mael
520a032b71 Add show x509 test 2019-11-15 13:23:08 -08:00
John Safranek
3cd5a97473 Maintenance 
1. When getting the DH public key, initialize the P, G, and Pub pointers
to NULL, then set that we own the DH parameters flag. This allows
FreeSSL to correctly clean up the DH key.
 2019-11-14 14:42:58 -08:00
Eric Blankenhorn
8c6c4e2432 Add unique error codes to verify failures 2019-11-14 16:02:02 -06:00
David Garske
af142b307b Support for WebRTC (ref m79): 
* Fixed `set1_curves_list` API's to use `const char*` for names.
* Fixed `ossl_typ.h` to include `ssl.h` compatibility.
* Added `SSL_CTX_up_ref`.
* Added `wolfSSL_set1_curves_list`
* Added `TLS_method` and `DTLS_method`
* Added `SSL_CIPHER_standard_name`.
* Added `X509_STORE_CTX_get0_cert`
* Added `SSL_CTX_set_cert_verify_callback`.
* Enabled "either" side support when `--enable-opensslall` is used.
* Changed `SSL_CIPHER_get_rfc_name` to use `wolfSSL_CIPHER_get_name` instead of stub.
 2019-11-13 12:34:33 -08:00
toddouska
99292158e4 Merge pull request #2573 from JacobBarthelmeh/staticmemory 
handle case to avoid memcpy when staticmemory IO pool gives same buffer
 2019-11-13 11:29:13 -08:00
toddouska
8246e02756 Merge pull request #2502 from cariepointer/gcm-tls10-fix 
Return error with AES-GCM and negotiated versions < TLSv1.2
 2019-11-08 15:06:54 -08:00
Jacob Barthelmeh
fd3e4abb46 handle case to avoid memcpy when staticmemory IO pool gives same buffer 2019-11-07 11:36:20 -07:00
Eric Blankenhorn
caaab11f60 Update from review 2019-11-06 15:58:50 -06:00
tmael
969488434a Merge pull request #2544 from JacobBarthelmeh/SanityChecks 
add null checks (QSH and CRYPTOCELL)
 2019-11-06 12:18:00 -08:00
JacobBarthelmeh
cd7001904a Merge pull request #2561 from ejohnstown/x509-loss 
X.509 and Secure Renegotiation
 2019-11-06 10:53:18 -07:00
John Safranek
72e1afbe99 X.509 and Secure Renegotiation 
1. When retaining the handshake resources for a session using resumption, do not delete the peer's certificate. If keeping peer certificates is enabled, the certificate needs to exist so it may be examined.
2. Free the saved peer certificate when receiving a peer certificate during a renegotiation.
 2019-11-05 11:03:34 -08:00
Chris Conlon
e429558166 use wc_RsaPSS_CheckPadding() for selftest build instead of extended 2019-11-05 10:48:36 -07:00
toddouska
e2b7bee9c8 Merge pull request #2533 from cariepointer/apache_bio_want_read 
Apache: Return WANT_READ in wolfSSLReceive if BIO retry and read flags are set
 2019-11-04 16:52:28 -08:00
toddouska
b723acf0f6 Merge pull request #2534 from SparkiDev/pss_1024_sha512_tls12 
Pass the length of the RSA key in bits to PSS padding check in TLS
 2019-11-04 11:42:55 -08:00
toddouska
f4afa4bc87 Merge pull request #2540 from SparkiDev/etm_rehand 
Fix Encrypt-Then-MAC when rehandshaking
 2019-11-04 11:41:44 -08:00
Eric Blankenhorn
6839110507 Update from review 2019-10-31 17:45:33 -05:00
Jacob Barthelmeh
550fbcfff7 add null checks (QSH and CRYPTOCELL) 2019-10-31 10:07:47 -06:00
Eric Blankenhorn
58d800fbb7 Adding support for IP address verification 2019-10-31 09:15:22 -05:00
Eric Blankenhorn
9fc33e461c Check names in verify callback. 2019-10-31 09:15:22 -05:00
Sean Parkinson
4be36ef2bd Fix Encrypt-Then-MAC when rehandshaking 
New, encrypted handshakes change over to ETM correctly now.
 2019-10-31 09:14:42 +10:00
David Garske
760a90ef5d Fixes for cases where mutex is not being free'd. 2019-10-30 10:11:06 -07:00
Sean Parkinson
eb03e5de1e Pass the length of the RSA key in bits to PSS padding check in TLS 2019-10-29 11:56:35 +10:00
Carie Pointer
e8db4cc2a0 Apache: Return WANT_READ in wolfSSLReceive if BIO retry and read flags are set 2019-10-28 15:08:00 -07:00
Sean Parkinson
8a92e1eae6 Fix check for plaintext length when using Encrypt-Then-MAC 2019-10-28 16:28:52 +10:00
Carie Pointer
ad9522c765 Add WOLFSSL_OLDTLS_AEAD_CIPHERSUITES to allow AEAD cipher suites in TLSv1.0 and TLSv1.1 2019-10-25 09:51:11 -07:00
John Safranek
26793359a2 Fix DTLS+OPENSSLALL+FIPS Failure 
There was a problem with the combination of DTLS, OpenSSL Compatibility,
and FIPSv2 where the DTLS server would fail out because a HMAC key was
too short. FIPS requires a HMAC key be a minimum size. The DTLS server
uses HMAC to generate the first cookie key when initialized. When using
OpenSSL, the feature for creating a DTLS endpoint with its side being
set late is tested. The DTLS cookie wasn't getting set at init because
the server was "neither" at the time. Added a call to set cookie when
initializing a neither endpoint into a server.
 2019-10-18 16:30:27 -07:00
David Garske
0e73af8b88 Merge pull request #2515 from JacobBarthelmeh/Testing 
Initial pass on test cycle
 2019-10-17 16:02:17 -07:00
Jacob Barthelmeh
b7d4c9f839 fix build with no server and enable all 2019-10-16 14:19:50 -06:00
toddouska
d30e4ac74f Merge pull request #2499 from ejohnstown/sniffer-features 
Sniffer Features
 2019-10-14 15:35:55 -07:00
John Safranek
774c0c5c3c Remove a redundant sequence number check for epoch 0. 2019-10-10 14:21:14 -07:00
John Safranek
fabc6596b3 Merge pull request #2369 from JacobBarthelmeh/Testing 
fix for inject clear alert from client test case
 2019-10-10 13:25:51 -07:00
Carie Pointer
af8968ee5e Add REQUIRES_AEAD and move functionallity for checking AEAD ciphers to CipherRequires() 2019-10-09 14:37:39 -07:00
Carie Pointer
df22115920 Return error with AES-GCM and negotiated versions < TLSv1.2 2019-10-07 08:28:00 -07:00
David Garske
625bd121f2 Merge pull request #2495 from JacobBarthelmeh/staticmemory 
check on if free'ing ctx/method back to heap hint
 2019-10-07 08:10:05 -07:00
John Safranek
4292936efc wolfSSL Global 
1. Renamed the global variable tag to WOLFSSL_GLOBAL.
2. Tagged several more global variables with WOLFSSL_GLOBAL.
 2019-10-04 14:54:17 -07:00