wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-09 01:35:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,187 Commits 12 Branches 184 Tags
c4afbb36858afa2bbd0ce818fd745ba77a8a0cef
Commit Graph

98 Commits

Author SHA1 Message Date
David Garske
99329b0fc4 Improvements to the CRL verify handling. 2019-08-23 16:09:39 -07:00
David Garske
586b74b05f Refactor of the verify option for processing X.509 files. Adds support for ignoring date checks when loading a CA using the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag on wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex. 2019-08-16 15:19:55 -07:00
John Safranek
246c444b93 Updates for v4.0.0 
Update the copyright dates on all the source files to the current year.
 2019-03-15 10:37:36 -07:00
John Safranek
e730cda550 Validate Date 
The ValidateDate() function is wrapped by a macro so it may be replaced
in environments without ASN_TIME built in. In two cases, OCSP and CRL,
ValidateDate() is called directly instead of by the macro. This change
fixes that.
 2018-09-04 13:39:26 -07:00
John Safranek
af89458af0 GCC-8 string fixes 
1. strncpy needs to include the source string's NULL.
2. Deleted a few redundant string modifications.
 2018-07-31 14:02:44 -07:00
John Safranek
586874b997 Rename INLINE 
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
 2018-06-26 15:17:46 -07:00
Chris Conlon
16738f1449 Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE 
openSSL compatibility APIs: X509_CRL, STORE
 2018-05-29 09:47:22 -06:00
Takashi Kojo
874022d938 fix #if conditions and others 2018-05-20 13:55:47 +09:00
Takashi Kojo
c275dfc5ab X509_STORE_add_crl 2018-05-20 13:55:46 +09:00
Takashi Kojo
98ef7f43e1 use wolfSSL_X509_CRL_free instead of XFREE 2018-05-20 13:55:46 +09:00
Takashi Kojo
6cef2e5d31 memory leak in d2i_X509_CRL 2018-05-20 13:55:45 +09:00
David Garske
f021375c4b Fixes for fsanitize reports. 2018-05-15 17:23:35 -07:00
David Garske
a38576146e * Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests. 
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
 2018-04-09 13:28:15 -07:00
David Garske
264496567a Improvements to EncryptedInfo. Added build option WOLFSSL_ENCRYPTED_KEYS to indicate support for EncryptedInfo. Improvements to wc_PBKDF1 to support more hash types and the non-standard extra data option. 2018-04-09 13:28:15 -07:00
Eric Blankenhorn
86767e727c Fixes for CID 185033 185028 185142 185064 185068 185079 185147 2018-04-06 13:15:16 -05:00
David Garske
7f30397252 Remove execute bit on all code files. 2017-10-23 11:16:40 -07:00
David Garske
911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
David Garske
6021c37ec7 Refactor WOLF_SSL_ to WOLFSSL_ (much better). 2017-10-11 09:10:43 -07:00
David Garske
6707be2b0e Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming. 2017-10-11 09:10:42 -07:00
David Garske
2f9f746053 Fix for CRL serial number matching to also check length. Fix for testing the verify callback override ‘-j’ to not enable CRL since the CA’s are not loaded for this test. 2017-06-21 10:36:49 -07:00
David Garske
68439d4317 Completed refactor to cleanup dynamic types. Refined the tmp buffers to new types for more granularity. Fixed several places where malloc/free type was mis-matched. Cleanup of the PKCS12 code to improve cleanup handling. Fix wc_PKCS12_parse to return 0 on success else failure. 2017-06-14 15:11:43 -07:00
David Garske
c55575665f Cleanup to use WANT_READ instead of async WC_PENDING_E for non-blocking OCSP and CRL. 2017-06-02 10:35:26 -07:00
David Garske
b3a85bc2c7 Fixes for OCSP and CRL with non-blocking sockets. Fix for OCSP and CRL file descriptor check to allow 0. 2017-06-02 09:36:35 -07:00
Sean Parkinson
15a2323c09 Compiling with g++ when configured with --enable-distro 2017-05-22 10:14:02 +10:00
David Garske
c1f82ece7a Fix for CRL issue with XFREE using invalid arg for heap. 2017-05-17 16:39:35 -07:00
Sean Parkinson
e5fe1a3750 Unlock on memory allocation failure. 2017-05-16 09:41:17 +10:00
Sean Parkinson
1a08143946 Fixup for async on master 2017-05-15 10:10:28 +10:00
Sean Parkinson
1e2a6412d7 Find the CRL entry again after lock 2017-05-15 10:10:28 +10:00
Sean Parkinson
c7e57e9c6c Late CRL check - copy data before use 2017-05-15 10:04:42 +10:00
Sean Parkinson
4723b8470a Allow a CRL's signature to be verified on use 2017-05-15 10:04:42 +10:00
Sean Parkinson
4d77e80d04 Fix loading of CRLs and certs. 
Change function wolfSSL_X509_LOOKUP_load_file to load multiple CRLs and
certificates from a file.
Change CRL loading to have a flag to not verify CRL signature - only do
this when using wolfSSL_X509_LOOKUP_load_file() as the certificate is
not always available.
Add test case for loading multiple CRLs in one file without certificate.
 2017-05-15 10:04:42 +10:00
David Garske
8cd78edac1 Fixes for building with smallstack 2017-05-06 00:39:12 -04:00
toddouska
3bb1723476 Merge pull request #768 from dgarske/crl_lookup 
Added support for inline CRL lookup when HAVE_CRL_IO is defined
 2017-03-17 12:18:45 -07:00
toddouska
36ecbfb1a8 fix NO_ASN_TIME build with --enable-wpas 2017-03-15 14:57:38 -07:00
David Garske
628f740363 Added support for inline CRL lookup when HAVE_CRL_IO is defined (shares code with OCSP lookup in io.c). Added http chunk transfer encoding support. Added default connection timeout value (DEFAULT_TIMEOUT_SEC) and new wolfIO_SetTimeout() API with HAVE_IO_TIMEOUT. Added generic wolfIO_ API’s for connect, select, non-blocking, read and write. Added new define USE_WOLFSSL_IO to enable access to new wolfIO_* socket wrappers even when WOLFSSL_USER_IO is defined. Moved all API declarations for io.c into new io.h header. Added HAVE_HTTP_CLIENT to expose HTTP API’s. Moved SOCKET_T and SOCKET_ defines into io.h. Added WOLFIO_DEBUG define to display request/responses. 2017-03-15 12:26:18 -07:00
Sean Parkinson
614231f71c Fixes for extended configuration testing 2017-03-13 11:33:39 +10:00
David Garske
a55ebb4c18 Fixes for building CRL with Windows. Refactor load_verify_buffer and LoadCRL to use new wc_ReadDir* functions. Added new directory/file API's: wc_ReadDirFirst(), wc_ReadDirNext(), wc_ReadDirClose(). Moved MAX_PATH and MAX_FILENAME_SZ to wc_port.h. Moved BAD_PATH_ERROR into error-crypt.h. The wc_ReadDir is only supported when NO_WOLFSSL_DIR and NO_FILESYSTEM are not defined. Add map to __FUNCTION__ macro in Windows with debug enabled (to resolve build error with VS and __func__ missing). Fix cast warning on response from EncodeOcspRequestExtensions. Fix for cast to call to BuildCertificateStatus. 2017-03-08 11:21:11 -08:00
Jacob Barthelmeh
0cbc640aad memory managment in crl.c with crl monitor 2017-02-09 15:39:55 -07:00
David Garske
9399cc05cb Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined. 2016-12-07 07:07:27 -08:00
Nickolas Lapp
1792eba1a2 Rename *Mutex Functions with wc_ prefix. Expose these functions for 
Stunnel. Various other changes to enable stunnel compling
 2016-10-03 16:36:05 -06:00
Jacob Barthelmeh
8be5409bc5 static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint 2016-06-09 11:36:31 -06:00
Jacob Barthelmeh
738373038b clean up staticmemory with crl 2016-06-06 17:50:54 -06:00
Jacob Barthelmeh
2feee8856e revise static memory and update heap hint 2016-06-04 19:03:48 -06:00
Jacob Barthelmeh
e99a5b0483 prepare for release v3.9.0 2016-03-17 16:02:13 -06:00
David Garske
0683ecb727 Fixed FreeCRL issue with strdup memory. Added additional checks for WOLF_AES_CBC and WOLF_AES_COUNTER. Disabled memory tracker by default for wolfCrypt test and benchmark. Updated README to better document Linux Binutils LD bug workaround. 2016-03-16 09:41:19 -07:00
David Garske
ce9f14f713 Refactor of DerBuffer, so WOLFSSL object doesn't have to grow as a result of additional functionality. Removed InitDer. Changed all DerBuffers to use pointer and pass pointer to DerBuffer* to AllocDer and FreeDer. Result is more efficient code and reduced WOLFSSL object size. AllocDer uses first part of the allocated buffer for the actual DerBuffer. 2016-03-08 08:56:14 -08:00
David Garske
3fe5ee1a7c Refactor of the DER buffer handling. Added new DerBuffer struct that includes the type and heap ptr. Added new InitDer, AllocDer and FreeDer functions. Cleanup of some missing "heap" args on XMALLOC/XFREE. In FreeDer uses ForceZero if type is private key. 2016-02-18 22:42:15 -08:00
David Garske
f8876854f4 Spelling fixes in comments and error strings (ALGO_ID_E, ASN_TIME_E and WOLFSSL_ERROR function). 2016-01-29 16:13:09 -08:00
kaleb-himes
71741847d3 system read return size_t, cast to int 
remove whitespace
 2016-01-15 16:03:45 -07:00
toddouska
91b7cddb7c better error checking on condition variable operations, cleanup 2015-11-23 15:13:36 -08:00