wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 03:12:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,502 Commits 12 Branches 184 Tags
be8e4d19498fcdf098e82569c8a59617a472e643
Commit Graph

12502 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
be8e4d1949 Fix to reduce memory use with small stack on ECC key import. 2020-10-22 12:41:49 -07:00
David Garske
f75dc4727d Merge pull request #3408 from ejohnstown/opt-fix 
Example Client OCSP Option Fix
 2020-10-22 09:00:04 -07:00
John Safranek
e28303b40a In DoServerKeyExchange(), when reading the DH key from the server, the 
client was checking it too strictly. The pubkey value should be checked
as strictly as the generator, for too large. The public key value is
checked mathematically elsewhere.
 2020-10-21 21:47:32 -07:00
John Safranek
d2dac8e4b8 Example Client OCSP Option Fix 
1. Before checking to see if the must staple flag is on the 'W' option,
   check the length of myoptarg.
 2020-10-21 13:30:51 -07:00
toddouska
e4eda3e125 Merge pull request #3384 from SparkiDev/tls13_sess_tick_compat 
TLS session tickets: cannot share between TLS 1.3 and TLS 1.2
 2020-10-20 15:56:03 -07:00
toddouska
7aae784a53 Merge pull request #3399 from dgarske/zd11128 
Fix for TLS sniffer with non-standard curves
 2020-10-20 15:14:53 -07:00
toddouska
7c38be407c Merge pull request #3398 from dgarske/async_test 
Fixes for `--enable-asynccrypt` tests
 2020-10-20 15:13:51 -07:00
toddouska
a1afc6ca4f Merge pull request #3389 from tmael/ocsp_status 
Process multiple OCSP responses
 2020-10-20 15:11:42 -07:00
toddouska
1e43d65d2a Merge pull request #3392 from SparkiDev/ocsp_must_staple 
TLS OCSP Stapling: MUST staple option
 2020-10-20 15:07:08 -07:00
Sean Parkinson
ffd55ac1fe Merge pull request #3406 from ejohnstown/dh-fix-2 
DH Fix 2
 2020-10-21 08:05:42 +10:00
toddouska
c863ca54a3 Merge pull request #3308 from julek-wolfssl/thread-safety 
Introduce thread safety to unsafe functions in wolfSSL
 2020-10-20 14:56:04 -07:00
toddouska
7c89d10e53 Merge pull request #3260 from julek-wolfssl/non-blocking-scr 
(D)TLS non-blocking SCR with example
 2020-10-20 13:45:19 -07:00
John Safranek
2c5a4ba508 DH Fix 2 
1. Add some missing frees for the error cases when the server DH public
   key is rejected.
 2020-10-20 10:32:09 -07:00
David Garske
a575403ca3 Merge pull request #3404 from haydenroche5/cmake 
Tweak CMakeLists.txt
 2020-10-20 06:58:00 -07:00
Sean Parkinson
ebde736ee7 Merge pull request #3400 from ejohnstown/dh-fix 
DH Fix
 2020-10-20 11:45:18 +10:00
David Garske
fb35013bf2 Merge pull request #3402 from douzzer/lkm-kernel_time_t 
Linux __kernel_time_t version test
 2020-10-19 17:28:48 -07:00
Hayden Roche
06977ebbdf Tweak CMakeLists.txt 
- Change minimum CMake version from 2.6 to 3.0, which has support for targets.
- Favor explicit file lists in CMakeLists.txt over globs.
- Use target_compile_options to specify -DNO_MAIN_DRIVER for the unit_test target.
 2020-10-19 16:38:51 -05:00
Hayden Roche
31b6c507f9 Tweak CMakeLists.txt 
- Add generated CMake files/directories to .gitignore.
- Use lowercase for CMake commands, UPPERCASE for variables.
- Favor the CMake "option" command over SET(... CACHE BOOL ...).
- Use CMAKE_CURRENT_SOURCE_DIR in place of CMAKE_CURRENT_BINARY_DIR.
- Use CMAKE_USE_PTHREADS_INIT instead of CMAKE_HAVE_PTHREAD_H.
- Use target_include_directories on the wolfssl library target instead of include_directories.
 2020-10-19 16:07:48 -05:00
Daniel Pouzzner
48f4b927f6 wc_port.h: fix threshold of change in __kernel_time_t typedef from kernel 5.0.0 to 5.5.0 to accommodate Ubuntu 20.02 (kernel 5.4) -- see 2a785996cc (diff-2cd5bedb19d5e0a575d6f73a6c3290ecf8d9c01eb7567ba6fa282cb1b0ce2d54) 2020-10-19 13:27:00 -05:00
John Safranek
cd05ed3347 iDH Fix 
1. Changed the bounds of checking the key from comparisons to constants
   to comparisons against WOLFSSL object settings for the DH key bounds.
2. Removed redundant bounds check on the server's prime.
 2020-10-19 08:08:04 -07:00
Juliusz Sosinowicz
147cb8e60c Jenkins scope fixes 2020-10-19 12:46:11 +02:00
Sean Parkinson
f0d400a506 Merge pull request #3401 from kojo1/EVPcipher_tbl 
cipher_tbl for EVP_get_cipherbyname
 2020-10-19 14:28:59 +10:00
Takashi Kojo
a87f7c9185 cipher_tbl for EVP_get_cipherbyname 2020-10-19 06:17:15 +09:00
John Safranek
4f8c2b971f Move the binSz check variable to a spot where it is only declared in the same condition it is used and initialize it to zero. 2020-10-17 19:07:44 -07:00
John Safranek
fc86e6a960 Fix a double error return. 2020-10-16 18:18:47 -07:00
John Safranek
ec0aab1a23 DH Fix 
1. Check the length values for the DH key domain and public key in the
   server key exchange message to make sure they are within the bounds
   set by the configuration. (Minimum key size is 2048 bits for DH.)
 2020-10-16 16:28:27 -07:00
David Garske
85b4170047 Fix for TLS sniffer with non-standard curves. If curve not provided in key share data, then use private key curve. ZD 11128. 2020-10-16 16:13:42 -07:00
David Garske
fbd98be7af Fixes for --enable-asynccrypt tests after PR #3244. 2020-10-16 15:55:17 -07:00
John Safranek
4364700c01 DH Fix 
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
   doesn't need to be in the check for weOwnDh before freeing. There
   could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
   destination buffer should be stored at the location pointed to by the
   size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
   value before generating or getting the DH keys.
 2020-10-16 15:35:23 -07:00
Juliusz Sosinowicz
24030d5f32 Move globalRNG and co to ssl.c 2020-10-16 17:33:28 +02:00
David Garske
ab88ab160c Merge pull request #3395 from douzzer/misc-fixes-20201015 
misc fixes for coverage and buildability
 2020-10-16 07:28:48 -07:00
Sean Parkinson
07e69829d7 TLS 1.3 PSK: fix for session ticket timeout 
Return straightaway if the ticket is out of date.
Need to fallback to full handshake.
 2020-10-16 14:48:29 +10:00
Sean Parkinson
a595e3cc48 Merge pull request #3394 from ejohnstown/wolfssh-update 
wolfSSH Update
 2020-10-16 09:08:37 +10:00
Sean Parkinson
60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
David Garske
9793414d78 Merge pull request #3381 from SparkiDev/ecc_ct_fix 
ECC mulmod: some curves can't do order-1
 2020-10-15 14:46:46 -07:00
Daniel Pouzzner
eb7a79aa5e misc fixes for coverage and buildability: add MD2 to --enable-all*; fix spelling of "Sno" to "no" for $ENABLED_BLAKE2S default; when ENABLED_QSH add -DWOLFSSL_STATIC_DH -DWOLFSSL_STATIC_PSK (relates to ZD11073); add missing gating for !defined(WOLFSSL_DEVCRYPTO) in api.c:test_wc_Sha256FinalRaw(); fix tests/api.c:IsValidCipherSuite() to build under gcc10 (relates to ZD11073). 2020-10-15 15:05:29 -05:00
John Safranek
69ac13c2e9 wolfSSH Update 
Originally, wolfSSH required some algorithms to be enabled in wolfCrypt
to work correctly. wolfSSH is now more flexible with how wolfCrypt is
configured, and these combinations do not have to be restricted.
 2020-10-15 11:37:31 -07:00
David Garske
49b3fb21c8 Merge pull request #3391 from ejohnstown/autoconf-fix 
Automake Fixes
 2020-10-15 10:12:27 -07:00
Sean Parkinson
134e1be189 TLS session tickets: cannot share between TLS 1.3 and TLS 1.2 
When parsing ticket, check TLS version to see whether they are version
compatible.
 2020-10-15 13:02:06 +10:00
John Safranek
c2bb359eb4 Automake Fixes 
1. A couple cert scripts don't need to be included in the makefile or the distribution.
 2020-10-14 17:23:58 -07:00
toddouska
f69fa13e02 Merge pull request #3357 from guidovranken/StoreECC_DSA_Sig-fix 
Improve StoreECC_DSA_Sig bounds checking
 2020-10-14 16:53:46 -07:00
David Garske
b18d43abb9 Fix for possible uninitialized use of prev. 2020-10-14 15:52:51 -07:00
toddouska
026ba4e750 Merge pull request #3368 from dgarske/zd11057 
Fix for possible malformed encrypted key with DES3 causing negative length
 2020-10-14 15:32:48 -07:00
David Garske
751f64b4aa Fix for OCSP single response last optional part handling and restore original size arg since its required for the ASN elements. 2020-10-14 14:55:18 -07:00
David Garske
10b1884993 Added support for handling an OCSP response with multiple status responses. 2020-10-14 14:47:24 -07:00
toddouska
1c4b15d427 Merge pull request #3369 from dgarske/sniffer_ccm 
Add AES CCM support to sniffer
 2020-10-14 14:31:57 -07:00
toddouska
8898abcc99 Merge pull request #3378 from dgarske/zd11085 
Fixes SSLv3 use of ECDH in sniffer
 2020-10-14 14:30:15 -07:00
toddouska
3f4bf9144b Merge pull request #3366 from SparkiDev/pkcs11_lookup 
PKCS #11: improve key lookup
 2020-10-14 14:22:56 -07:00
Tesfa Mael
5ac3e7d542 Process multiple ocsp responses 2020-10-14 01:10:07 -07:00
David Garske
232028d03b Merge pull request #3386 from ejohnstown/dh-maint 
Fuzz Fix
 2020-10-13 15:47:11 -07:00