wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 23:29:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,825 Commits 12 Branches 184 Tags
dbe4ce0e248e12ef189dbd23810f47020ed43302
Commit Graph

4644 Commits

Author SHA1 Message Date
toddouska
b4c7b5e6ce Merge pull request #3525 from SparkiDev/tls13_session 
TLS 1.3: always add session when sending finished message
 2020-12-02 13:47:38 -08:00
John Safranek
6fc64263f2 Merge pull request #3519 from julek-wolfssl/scr-timeout 
Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage
 2020-11-30 11:40:35 -08:00
Sean Parkinson
22a8be412b TLS 1.3: always add session when sending finished message 2020-11-27 09:46:02 +10:00
John Safranek
4baf923218 Verify Callback Fix 
1. Removed a flag set that would force all certificates in a chain
   to be verified. There was a compile time option to make that happen
   already.
2. Replace some options for some test failure test cases that were added
   and immediately removed.
(ZD 11292)
 2020-11-24 11:46:10 -08:00
Juliusz Sosinowicz
95132b1c55 Make renegotiation information available outside of OPENSSL_EXTRA 2020-11-24 17:03:40 +01:00
Juliusz Sosinowicz
41d58465c0 Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage 
Reset DTLS stored messages on a FreeHandshakeResources call even if secure renegotiation is enabled. Without this, in a server initiated rehandshake, the server would keep old messages (ChangeCipherSpec and Finished) even when it sent a HelloRequest message.
 2020-11-24 16:06:35 +01:00
John Safranek
f5c2bef78f Merge pull request #3492 from julek-wolfssl/dtls-scr-optimizations 
Save the HelloRequest message just like other handshake mesasges
 2020-11-20 11:50:51 -08:00
Juliusz Sosinowicz
69bea008dd Save the HelloRequest message just like other handshake mesasges 
Implement a timeout mechanism for non-blocking sockets
 2020-11-20 11:41:19 +01:00
John Safranek
2d79e38436 Merge pull request #3485 from julek-wolfssl/dtls-scr-seq-correct-num 
Fix overlapping sequence number error.
 2020-11-19 14:19:13 -08:00
David Garske
d4c59e369e Merge pull request #3335 from julek-wolfssl/RSA-PSS-padding-in-EVP_Digest-API 
Enable RSA-PSS padding in EVP_Digest* API
 2020-11-19 09:31:12 -08:00
Sean Parkinson
91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska
aa9ed17afa Merge pull request #3512 from dgarske/openssl_pem 
Fix for missing `wolfSSL_PEM_write_bio_PrivateKey` with WebRTC
 2020-11-18 16:17:46 -08:00
toddouska
ca281f976e Merge pull request #3493 from dgarske/zd11245 
Sniffer fixes for handling TCP `out-of-range sequence number`
 2020-11-18 16:14:09 -08:00
toddouska
a280df1892 Merge pull request #3488 from kabuobeid/x509_objtxt_lname 
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
 2020-11-18 16:10:46 -08:00
toddouska
b0979f4225 Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska
3adeff672b Merge pull request #3472 from SparkiDev/pickhashsigalgo_rework 
TLS PickHashSigAlgo: rework
 2020-11-18 15:58:59 -08:00
toddouska
dedde4c058 Merge pull request #3456 from JacobBarthelmeh/Certs 
strict certificate version allowed from client
 2020-11-18 15:55:50 -08:00
toddouska
9bde34ef5b Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00
David Garske
4cfe5a1bc1 Fix for missing wolfSSL_PEM_write_bio_PrivateKey with WebRTC. If keygen or certgen is not specified this was incorrectly being excluded with opensslextra or opensslall. 2020-11-18 11:30:53 -08:00
Juliusz Sosinowicz
a0a3a2b74c Review changes 2020-11-17 19:15:12 +01:00
Juliusz Sosinowicz
b4754d5706 CAVP, Windows, and FIPS tests 2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
d18e2d7386 Refactoring and use salt length discover if available 2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
248dd12993 Enable RSA-PSS padding in EVP_Digest* API 2020-11-17 15:04:57 +01:00
David Garske
4a790cd024 Fixes for building with --disable-ecc and --disable-dh. 2020-11-16 12:17:27 -08:00
Kareem Abuobeid
da06ef8c3f Return long names instead of short names in wolfSSL_OBJ_obj2txt(). 2020-11-13 12:03:26 -07:00
David Garske
f02cc650a2 Fixes for handling TCP out-of-range sequence number. 2020-11-12 16:09:09 -08:00
David Garske
c7053e9a36 Fix scenario where FreeHandshakeResources is called and server hello is recevied and WOLFSSL arrays is NULL. 2020-11-12 16:09:00 -08:00
David Garske
b931b1bd4d Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning. 2020-11-12 12:51:41 -08:00
David Garske
cdf44f6ff6 Pass static ephemeral keys for TLS v1.2 as well. 2020-11-12 09:18:24 -08:00
John Safranek
e996a7d15b Scan-Build Fixes 
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.

To recreate:
    $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
    $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
 2020-11-12 09:06:59 -08:00
David Garske
a53b734c83 Fix for client_hello keyshare with multiple entries. Fix for change_cipher_spec after finished. 2020-11-12 08:59:11 -08:00
David Garske
ea21ddf540 Fix to only free existing key in SetStaticEphemeralKey if the incoming algorithm type has been specified. 2020-11-12 08:59:11 -08:00
David Garske
5cda549d00 Allow passing multiple keys (comma separated) with the sniffer test tool. This allows setting both DH and ECC static ephemeral keys. Do not fail on resume not found. 2020-11-12 08:59:11 -08:00
David Garske
720919198f Fix for Scan-buld and when building without ECC or DH. 2020-11-12 08:59:11 -08:00
David Garske
71d9f1e9bd Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral. 2020-11-12 08:59:11 -08:00
David Garske
1c87f3bdc1 Improve sniffer resume logic. 2020-11-12 08:59:10 -08:00
David Garske
b74f0fb6b8 Fixes for sniffer with hello_retry_request. Fix for TLS v1.3 certificate processing. 2020-11-12 08:59:10 -08:00
David Garske
c7bb602a30 Merge pull request #3482 from douzzer/scan-build-fixes-20201110 
scan-build fixes -- 1 null deref, 34 unused results
 2020-11-12 07:45:45 -08:00
Daniel Pouzzner
7850d71ccb add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases. 2020-11-11 22:47:47 -06:00
toddouska
d3e3b21c83 Merge pull request #3393 from dgarske/zd11104 
Fix for TLS ECDH (static DH) with non-standard curves
 2020-11-11 14:22:37 -08:00
Daniel Pouzzner
5fe1586688 fix 34 deadcode.DeadStores detected by llvm11 scan-build. 2020-11-11 13:04:14 -06:00
Juliusz Sosinowicz
d49038ae24 Fix overlapping sequence number error. 
wolfSSL wants to use the same sequence number for the ServerHello as the ClientHello. This is an issue when this sequence number is already taken.
 2020-11-11 15:35:05 +01:00
Jacob Barthelmeh
979216d595 add test case for rejecting version 2 x509 2020-11-11 18:57:09 +07:00
Sean Parkinson
5f0d788bfb TLS PickHashSigAlgo: rework 
Make default to pick lowest hash with RSA and ECC (TLS 1.2 and lower).
WOLFSSL_STRONGEST_HASH_SIG picks the strongest hash.
WOLFSSL_ECDSA_MATCH_HASH will pick the hash to match the ECC curve.
 2020-11-11 10:06:09 +10:00
David Garske
fcd73135f5 Merge pull request #3479 from tmael/ocsp_NULL 
Check <hash> input parameter in GetCA
 2020-11-10 14:46:05 -08:00
Daniel Pouzzner
958fec3b45 internal.c:ProcessPeerCerts(): fix a core.NullDereference detected by llvm9 and llvm11 scan-builds. 2020-11-10 16:40:28 -06:00
David Garske
8645e9754e Only set ssl->ecdhCurveOID if not already populated. 2020-11-10 09:47:38 -08:00
David Garske
1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske
5de80d8e41 Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske
6bd98afdd0 Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined. 2020-11-10 09:47:37 -08:00