wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 11:29:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,631 Commits 12 Branches 184 Tags
e83e0693b9604c0d4c83edad55e072bc077aafdb
Commit Graph

6762 Commits

Author SHA1 Message Date
Anthony Hu
7c576de914 Fixes from testing 2022-11-25 16:00:09 -05:00
Anthony Hu
0bfa5c9836 Purge NTRU and SABER. Not going to be standardized. 2022-11-25 14:54:08 -05:00
Anthony Hu
5e191b7218 Remove some unnecessary guarding. Preventing build on STM32. 2022-11-24 11:49:12 -05:00
Sean Parkinson
cf8ea5c606 Merge pull request #5812 from ejohnstown/crl-ocsp 
OCSP/CRL
 2022-11-24 12:42:17 +10:00
John Safranek
88f3570fe4 OCSP/CRL 
Added comments for the usage of OCSP_WANT_READ used with the CRL I/O
callback.
 2022-11-23 16:35:10 -08:00
David Garske
0a38553909 Merge pull request #5798 from JacobBarthelmeh/python 
account for 'pulled' error nodes
 2022-11-23 14:57:03 -08:00
John Safranek
909fd726cd OCSP/CRL 
Fixing issue #3070. When the OCSP responder returns an unknown exception,
continue through to checking the CRL. Before, it was setting the flag
to check CRL, then clearing it because of the exception.
 2022-11-23 10:50:12 -08:00
Anthony Hu
f3546b50fd Conform to pre-existing pattern. 2022-11-23 17:58:12 +00:00
Anthony Hu
6190666108 Support for Analog Devices MAXQ1080 and MAXQ1065 2022-11-23 11:57:31 -05:00
Sean Parkinson
54466b670a Merge pull request #5810 from Uriah-wolfSSL/haproxy-integration 
Added required config option and return value for HaProxy
 2022-11-23 10:01:17 +10:00
Jacob Barthelmeh
b6ae17804a update comments and check error case 2022-11-22 11:22:38 -07:00
Uriah Pollock
d373c0856a Added required config option and return value for HaProxy 2022-11-22 10:42:05 -06:00
Juliusz Sosinowicz
50f19ec225 Merge pull request #5806 from embhorn/zd15177 
Fix X509_get1_ocsp to set num of elements in stack
 2022-11-22 12:00:08 +01:00
Sean Parkinson
55718d214c Merge pull request #5801 from philljj/zd15172 
Fix leak in wolfSSL_X509_NAME_ENTRY_get_object.
 2022-11-22 15:11:18 +10:00
Eric Blankenhorn
dee73887b8 Fix X509_get1_ocsp to set num of elements in stack 2022-11-21 08:25:46 -06:00
Daniel Pouzzner
6f98a5b271 src/internal.c: in VerifyServerSuite(), narrow condition and fix return value in error check added in 647ce794dd. 2022-11-18 22:21:08 -06:00
jordan
153ab82ad8 Fix leak in wolfSSL_X509_NAME_ENTRY_get_object. 2022-11-18 11:23:15 -06:00
JacobBarthelmeh
143dac64a3 account for 'pulled' error nodes 2022-11-17 14:51:37 -08:00
David Garske
bd7b442df3 Merge pull request #5796 from tmael/mem_err 
Propagate malloc returning NULL up the call stack
 2022-11-16 12:45:42 -08:00
Tesfa Mael
2a2cf5671e Move error check in CompareSuites 2022-11-16 09:29:24 -08:00
Tesfa Mael
647ce794dd unmask malloc returning NULL 2022-11-16 09:25:25 -08:00
jordan
17105606b1 Cleanup format and typos, and use WOLFSSL_FILETYPE. 2022-11-15 11:45:11 -06:00
jordan
81ed2a60b4 Support ASN1/DER CRLs in LoadCertByIssuer. 
This fixes hash based dir lookup of ASN1/DER CRLs in OpenSSL
compatible API. The function wolfSSL_X509_load_crl_file is
called with entry->dir_type, rather than hardcoded filetype.

A new test crl was added, and existing crl 0fdb2da4.r0 was
reorganized to a new dir.

Also, completes the stub wolfSSL_X509_LOOKUP_add_dir. A new
test function test_X509_LOOKUP_add_dir was added to tests/api.c
 2022-11-11 15:13:00 -06:00
David Garske
f4621a6807 Merge pull request #5786 from philljj/zd15125 
Fix incorrect self signed error return.
 2022-11-10 14:13:38 -08:00
jordan
5ad6ff23d5 Use local int lastErr instead of args->lastErr. 2022-11-10 13:46:51 -06:00
David Garske
3b23a49a5f Merge pull request #5761 from tim-weller-wolfssl/zd15084-x509-crl-fail 
Link newly created x509 store's certificate manager to self by default
 2022-11-10 06:10:18 -08:00
David Garske
c573ba9864 Merge pull request #5758 from per-allansson/dtls13-fips 
Allow DTLS 1.3 to compile when FIPS is enabled
 2022-11-09 18:18:06 -08:00
Sean Parkinson
5d2124e70d Merge pull request #5787 from dgarske/fixes_minor 
Fix for `test_wolfSSL_sk_CIPHER_description` incorrectly failing
 2022-11-10 09:22:08 +10:00
tim-weller-wolfssl
3bc3ec25b8 Add link of newly created x509 store's certificate manager to self by default 2022-11-09 17:17:30 -06:00
David Garske
57ae840f39 Fix for test_wolfSSL_sk_CIPHER_description incorrectly failing with TLS v1.3 NULL cipher. 2022-11-09 12:05:16 -08:00
jordan
961c696436 Fix incorrect self signed error return. 
ASN_SELF_SIGNED_E was being overwritten with ASN_NO_SIGNER_E when
compiled with certreq and certgen.
 2022-11-09 10:27:31 -06:00
David Garske
eac3b4e189 Merge pull request #5752 from julek-wolfssl/alt-name-str-type 
Set alt name type to V_ASN1_IA5STRING
 2022-11-08 15:42:39 -08:00
Daniel Pouzzner
48ba365fd6 fixes for defects: 
clang-analyzer-deadcode.DeadStores in examples/server/server.c;

-Werror=use-after-free and LeakSanitizer Direct leak in tests/api.c;

nullPointerRedundantCheck in src/pk.c which identified a semantically consequential flub.
 2022-11-08 14:04:16 -06:00
Sean Parkinson
3d228415f4 Merge pull request #5734 from dgarske/zd15017 
Fixes for async sniffer handling of packets with multiple TLS messages
 2022-11-08 14:46:40 +10:00
David Garske
887b4bd9f0 Merge pull request #5767 from haydenroche5/load_system_root_certs 
Improve logic for enabling system CA certs on Apple devices.
 2022-11-07 15:15:13 -08:00
David Garske
6ca8336c52 Fix for asynchronous sniffer edge case for back to back sessions where new session was created while still pending. 2022-11-07 13:52:40 -08:00
David Garske
59774ae576 Fixes for building with use of heap hint and compatibility layer. Fix for invalid OSSL callback function errors. 2022-11-07 11:33:39 -08:00
Hayden Roche
d7cbd8cd17 Improve logic for enabling system CA certs on Apple devices. 
In configure.ac and CMakeLists.txt, check for the header
Security/SecTrustSettings.h. If this header is found, enable the feature. If
it isn't, disable it. For non-configure/non-CMake builds, require the user to
explicitly define HAVE_SECURITY_SECTRUSTSETTINGS_H if they want to use system
CA certs (handled in settings.h).
 2022-11-04 13:52:45 -07:00
Hayden Roche
5d70f3efce Merge pull request #5730 from philljj/zd15040 2022-11-04 13:32:48 -07:00
Hayden Roche
4a917219f7 Merge pull request #5608 from SparkiDev/pk_c_rework_2 2022-11-04 13:32:36 -07:00
Hayden Roche
e3621d5bb1 Merge pull request #5771 from dgarske/revert-5622-sniffer_sequence 2022-11-04 13:25:48 -07:00
JacobBarthelmeh
8225d3642b save next status with OCSP response verify 2022-11-03 22:39:47 -07:00
David Garske
1ec2b14922 Revert "Fix for sniffer to decode out of order packets" 2022-11-03 09:50:15 -07:00
Per Allansson
0a88bb9779 Allow DTLS 1.3 to compile when FIPS is enabled 2022-10-31 08:42:13 +01:00
Sean Parkinson
4efba8f437 ForceZero fix: encryption fail and not EtM 
Zeroizing of plaintext on encryption failure will use wrong size when
not using Encrypt-then-MAC. Size may go negative and cast to unsigned.
 2022-10-31 09:14:16 +10:00
Juliusz Sosinowicz
8bbbdfa3f9 Set alt name type to V_ASN1_IA5STRING 2022-10-28 19:58:01 +02:00
jordan
c4e758dda5 Fix X509 subject and issuer name_hash mismatch 
Fix logging message and g++ invalid conversion error.
 2022-10-27 19:31:30 -05:00
jordan
822f11d1a1 Fix X509 subject and issuer name_hash mismatch 
Refactor duplicate code a bit more.
 2022-10-27 15:15:55 -05:00
Sean Parkinson
b1e37377a1 TLS performance fix: ForceZero minimization 
Don't ForceZero the output buffer before free.
ForceZero it when encryption fails.

ShrinkInputBuffer needs to zeroize input buffer even if not currently
encrypting as it may be using the buffer on wolfSSL object reuse.

Fix SP to zeroize the whole buffer.

Fix DH to check cBuf when WOLFSSL_CHECK_MEM_ZERO defined.
 2022-10-27 17:00:42 +10:00
Sean Parkinson
7a4657c881 Fixes from review 3 2022-10-27 11:25:27 +10:00