wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 18:19:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,453 Commits 12 Branches 184 Tags
cc37227f1881f64aea2f0cc3173e844e60bc6005
Commit Graph

4848 Commits

Author SHA1 Message Date
Jacob Barthelmeh
0b0f370384 fix for haproxy and nginx build 2021-02-15 22:09:44 +07:00
Sean Parkinson
ba1c67843a Merge pull request #3752 from JacobBarthelmeh/Jenkins 
changes from nightly Jenkins test review
 2021-02-15 16:32:40 +10:00
Sean Parkinson
505514415d Merge pull request #3748 from JacobBarthelmeh/Testing 
always check index into certs
 2021-02-15 08:20:28 +10:00
Jacob Barthelmeh
1c852f60ab fix for g++ build 2021-02-12 23:26:54 +07:00
Jacob Barthelmeh
0938a0055d always use MAX_CHAIN_DEPTH for args->certs buffer 2021-02-12 15:18:14 +07:00
toddouska
f0ce6ada0f Merge pull request #3702 from guidovranken/zd11603 
Prevent dangling pointer in TLSX_Cookie_Use
 2021-02-11 12:31:02 -08:00
toddouska
80b9949052 Merge pull request #3739 from kaleb-himes/FusionRTOS-Porting-R3 
Fusion RTOS porting round 3
 2021-02-11 12:25:55 -08:00
toddouska
39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
Jacob Barthelmeh
90140fc5a4 always check index into certs 2021-02-11 21:50:51 +07:00
toddouska
032cc1645c Merge pull request #3713 from SparkiDev/tls_def_sess_ticket_cb 
TLS Session Ticket: default encryption callback
 2021-02-10 16:13:33 -08:00
toddouska
67b1280bbf Merge pull request #3545 from kabuobeid/smime 
Added support for reading S/MIME messages via SMIME_read_PKCS7.
 2021-02-10 15:59:32 -08:00
kaleb-himes
223ba43c2c Add debug message regarding failure 2021-02-10 12:15:43 -07:00
kaleb-himes
9e6ab4ab70 Address indendation, fix return on stub, remove warning 2021-02-10 11:26:29 -07:00
kaleb-himes
4c171524dd Address missed CloseSocket item and revert some white space changes 2021-02-10 09:14:54 -07:00
kaleb-himes
7e428f90f2 Revert zero return, to be handled in stand-alone PR 2021-02-10 05:31:57 -07:00
kaleb-himes
15f9902e94 Address new file issue by Jenkins and peer feedback on return val of time 2021-02-10 04:16:34 -07:00
Sean Parkinson
794cb5c7a9 TLS Session Ticket: default encryption callback 
Encrypts with ChaCha20-Poly1305 or AES-GCM.
Two keys in rotation.
Key used for encryption until ticket lifetime goes beyond expirary
(default 1 hour). If key can still be used for decryption, encrypt with
other key.
Private random used to generate keys.
 2021-02-10 14:31:54 +10:00
kaleb-himes
89b97a0fbf Implement peer feedback 2021-02-09 18:42:23 -07:00
toddouska
f63f0ccb94 Merge pull request #3740 from SparkiDev/tls13_one_hrr_sh 
TLS 1.3: Only allow one ServerHello and one HelloRetryRequest
 2021-02-09 14:59:10 -08:00
toddouska
9a7aba265a Merge pull request #3716 from kaleb-himes/OE10_ACVP_OE13_ACVP_WPAA 
OE10 and OE13 ACVP updates for armv8 PAA
 2021-02-09 14:50:42 -08:00
Kaleb Himes
73d7709724 Update comment about location for porting changes. 2021-02-09 15:39:12 -07:00
kaleb-himes
6d23728a56 Fusion RTOS porting round 3 2021-02-09 15:33:06 -07:00
toddouska
250b59f8fd Merge pull request #3688 from julek-wolfssl/correct-cert-free 
Use wolfSSL_X509_free to free ourCert
 2021-02-09 12:41:12 -08:00
Chris Conlon
012841bba3 Merge pull request #3738 from embhorn/cmp_layer_high 
Compatibility layer API
 2021-02-09 08:33:41 -07:00
Chris Conlon
71b495c422 Merge pull request #3712 from miyazakh/RND_bytes 
handle size greater than RNG_MAX_BLOCK_LEN
 2021-02-09 08:26:30 -07:00
Sean Parkinson
4d70d3a3c4 TLS 1.3: Only allow one ServerHello and one HelloRetryRequest 2021-02-09 12:51:53 +10:00
Kareem Abuobeid
a4e819c60a Added support for reading S/MIME messages via SMIME_read_PKCS7. 2021-02-08 17:14:37 -07:00
Sean Parkinson
3217c7afae Merge pull request #3732 from miyazakh/setverifydepth 
issue callback when exceeding depth limit rather than error out
 2021-02-09 09:51:45 +10:00
toddouska
f14f1f37d2 Merge pull request #3673 from elms/ssl_api/get_verify_mode 
SSL: add support for `SSL_get_verify_mode`
 2021-02-08 15:40:19 -08:00
toddouska
58f9b6ec01 Merge pull request #3676 from SparkiDev/tls13_blank_cert 
TLS 1.3: ensure key for signature in CertificateVerify
 2021-02-08 15:27:05 -08:00
Eric Blankenhorn
6cff3f8488 Adding X509_LOOKUP_ctrl 2021-02-08 12:17:14 -06:00
Eric Blankenhorn
47b9c5b054 Adding X509_STORE_CTX API 2021-02-08 08:25:14 -06:00
Eric Blankenhorn
de47b9d88a Adding X509_VERIFY_PARAM API 2021-02-08 08:25:14 -06:00
Hideki Miyazaki
f13186827a issue callback when exceeding depth limit rather than error out 2021-02-08 11:01:45 +09:00
kaleb-himes
776964f7c7 OE10 and OE13 ACVP updates for armv8 PAA 2021-02-03 15:38:08 -07:00
Hideki Miyazaki
431e1c8ffe handle size greater than RNG_MAX_BLOCK_LEN 2021-02-03 12:23:36 +09:00
Juliusz Sosinowicz
542e0d79ec Jenkins Fixes 
- explicit conversions
- not all curves available for wolfSSL_CTX_set1_groups_list
- group funcs depend on HAVE_ECC
- `InitSuites` after `ssl->suites` has been set
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
921fd34876 Detect version even if not compiled in 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
69dca4fd08 Rebase fixes 
- wolfSSL_CTX_set1_groups_list and wolfSSL_set1_groups_list should use wolfSSL_CTX_set1_groups and wolfSSL_set1_groups respectively because it converts to correct groups representation
- Change to using "SHA1" as main name for SHA1
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
46821196ab Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13 
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).

Enable keying material for OpenVPN
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
ff43d39015 GCC complains about empty if 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
5d5d2e1f02 Check that curves in set_groups functions are valid 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
c18701ebe7 Implement RFC 5705: Keying Material Exporters for TLS 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
fdde2337a4 Add static buffer to wolfSSL_ERR_error_string 
Add ED448 and ED25519 to wolfssl_object_info
Add more error messages
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
6ed45a23d9 Fix getting cipher suites in compat layer 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
294e46e21a Set options when creating SSL 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
3494218d98 Implement missing functionality for OpenVPN 2.5 2021-02-02 12:06:11 +01:00
Hayden Roche
fc845da9f0 Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption is on (e.g. 
during renegotiation).

This issue was brought to light by ZD 10911. When encryption is on (indicated
by the return value of IsEncryptionOn), DoHandShakeMsgType will finish up by
incrementing the input buffer index past the padding and MAC (if encrypt-then-
mac is enabled). In ProcessReply, if there are more messages to be read, the
index is decremented back before the padding and MAC. The issue arises when
ShrinkInputBuffer is called in between and copies data from the dynamic input
buffer to the static one. That function will get called with the index post-
increment, and thus the padding and MAC won't get copied into the static buffer,
which isn't what we want, since ProcessReply is going to decrement the index
since it thinks the padding and MAC are still there. This commit makes it so
the padding and MAC get included in the call to ShrinkInputBuffer when
encryption is on.
 2021-01-28 15:37:00 -06:00
Guido Vranken
3da6b8364e Prevent dangling pointer in TLSX_Cookie_Use 
ZD 11603
 2021-01-28 18:53:35 +01:00
Jacob Barthelmeh
bbcb98a8f7 fix for tested x509 small build 2021-01-27 23:00:24 +07:00