wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 15:22:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,704 Commits 12 Branches 184 Tags
ea21ddf540f0f796c335fb86dc240f73dceeee6e
Commit Graph

2259 Commits

Author SHA1 Message Date
David Garske
ea21ddf540 Fix to only free existing key in SetStaticEphemeralKey if the incoming algorithm type has been specified. 2020-11-12 08:59:11 -08:00
David Garske
71d9f1e9bd Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral. 2020-11-12 08:59:11 -08:00
David Garske
c7bb602a30 Merge pull request #3482 from douzzer/scan-build-fixes-20201110 
scan-build fixes -- 1 null deref, 34 unused results
 2020-11-12 07:45:45 -08:00
toddouska
d3e3b21c83 Merge pull request #3393 from dgarske/zd11104 
Fix for TLS ECDH (static DH) with non-standard curves
 2020-11-11 14:22:37 -08:00
Daniel Pouzzner
5fe1586688 fix 34 deadcode.DeadStores detected by llvm11 scan-build. 2020-11-11 13:04:14 -06:00
David Garske
fcd73135f5 Merge pull request #3479 from tmael/ocsp_NULL 
Check <hash> input parameter in GetCA
 2020-11-10 14:46:05 -08:00
David Garske
6bd98afdd0 Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined. 2020-11-10 09:47:37 -08:00
David Garske
d7dee5d9e6 Fix for ECC minimum key size, which is 112 bits. 2020-11-10 09:47:36 -08:00
David Garske
bfb6138fc5 Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow 
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
 2020-11-10 09:37:36 -08:00
Daniel Pouzzner
bd38124814 ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount. 2020-11-09 21:24:34 -06:00
toddouska
3050f28890 Merge pull request #3467 from cconlon/rc2vs 
rc2.c to Visual Studio projects, fix warnings
 2020-11-09 13:52:03 -08:00
David Garske
f02c3aab2e Merge pull request #3475 from ejohnstown/nsup 
Hush Unused Param Warning
 2020-11-09 11:04:05 -08:00
David Garske
7e3efa3792 Merge pull request #3474 from douzzer/lighttpd-update-1.4.56 
lighttpd support update for v1.4.56
 2020-11-09 09:24:58 -08:00
Tesfa Mael
a5caf1be01 Check for NULL 2020-11-09 08:45:48 -08:00
John Safranek
884a9b59ab Merge pull request #3461 from dgarske/fips_ready_wopensslextra 
Fix for FIPS ready with openssl compat
 2020-11-06 13:14:06 -08:00
John Safranek
abd6f6ce18 Hush Unused Param Warning 
Removed a guard check for NO_WOLFSSL_STUB from wolfSSL_X509_print_ex().
To recreate:

    $ ./configure --enable-opensslextra CPPFLAGS="-DNO_WOLFSSL_STUB"
    $ make
 2020-11-06 10:30:47 -08:00
Hayden Roche
2cad844d29 Merge pull request #3421 from dgarske/apache_httpd 
Apache httpd w/TLS 1.3 support
 2020-11-06 12:14:58 -06:00
David Garske
0d2e28ce80 Fix for error: unused function 'MonthStr' 2020-11-06 10:11:48 -08:00
Daniel Pouzzner
4030523eb5 ssl.c: remove duplicate definition of wolfSSL_CTX_check_private_key(). 2020-11-05 21:57:33 -06:00
Glenn Strauss
92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Glenn Strauss
daca327ba3 expose (get|set)_(app|ex)_data with HAVE_EX_DATA 
when OPENSSL_EXTRA_X509_SMALL is set
 2020-11-05 20:40:43 -06:00
Glenn Strauss
d01616a357 unhide some non-fs funcs hidden by NO_FILESYSTEM 2020-11-05 20:40:43 -06:00
Glenn Strauss
be7592fb43 implement wolfSSL_dup_CA_list() 
wolfSSL_dup_CA_list() duplicates a WOLF_STACK_OF(WOLFSSL_X509_NAME)

(replaces stub function)
 2020-11-05 20:40:43 -06:00
Glenn Strauss
503de43cbd build updates for lighttpd 
Update configure.ac and various #ifdefs to enable WolfSSL to
build features for use by lighttpd.

Change signature of wolfSSL_GetVersion() to take const arg.
Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with
SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *)
 2020-11-05 20:40:43 -06:00
David Garske
1dc7293b19 Fix the return code. openssl uses void on these, but let's go ahead and do a return code. 2020-11-05 09:31:12 -08:00
David Garske
3b4ec74174 Fixes for openssl compatibility. Added SSL_CTX_set_post_handshake_auth and SSL_set_post_handshake_auth API's for enabling or disabling post handshake authentication for TLS v1.3. 2020-11-04 15:05:50 -08:00
Chris Conlon
6953049305 fix Visual Studio type conversion warnings 2020-11-04 11:11:40 -07:00
David Garske
d6b219bd38 Fix for ./configure --enable-fips=ready --enable-opensslextra. 2020-11-03 14:23:08 -08:00
Chris Conlon
54fe98716d Merge pull request #3415 from kojo1/config-options 
Config options
 2020-10-30 11:55:11 -06:00
David Garske
a15769b12e Merge pull request #3435 from ejohnstown/ntf2 
Nightly Test Fix 2
 2020-10-28 06:39:15 -07:00
David Garske
4277ec62f9 Merge pull request #3431 from kaleb-himes/NO_FILESYSTEM_FIX 
Remove file system constraint on wolfSSL_CTX_check_private_key()
 2020-10-27 15:25:59 -07:00
John Safranek
6a77a8d8d6 Compatibility Layer 
When making a AUTHORITY KEY object, if the ASN1 OBJECT fails, the key object is leaked.
 2020-10-27 14:51:35 -07:00
kaleb-himes
f934fb03bd Remove file system constraint on wolfSSL_CTX_check_private_key() 2020-10-27 08:57:46 -06:00
John Safranek
7dbd6102d2 Compatibility Layer 
When wolfSSL_X509_NAME_ENTRY_create_by_txt() needs to make a new ASN.1 object ID, actually store it in the name entry.
 2020-10-26 16:10:44 -07:00
John Safranek
9c1049f112 Compatibility Layer 
1. Changed the ASN1_OBJECT member of the X509_NAME_ENTRY to be a pointer
   rather than an object. It could lead to a double free on the name
   entry.
2. The ASN1_OBJECT allocator should set the dynamic flag, as the
   deallocator is the one that uses it.
3. General changes to treat the member as a pointer rather than a
   member.
4. In the api test, we were iterating over the name members in the name
   checking the NIDs. After the loop we freed the name member object.
   This led to a double free error.
 2020-10-25 14:38:07 -07:00
Takashi Kojo
02536461e6 fix for --enable-opensslall --disable-sha224 2020-10-24 07:06:24 +09:00
David Garske
a50e88430f Add OPENSSL_init_crypto and OPENSSL_init_ssl API's. 2020-10-23 12:13:08 -07:00
David Garske
6dbc1cb75d Add support for TLS v1.3 compatibility API SSL_verify_client_post_handshake for the server-side to support rehandshake. Required for Apache v2.4.39 with TLS v1.3. 2020-10-23 12:13:08 -07:00
toddouska
1e43d65d2a Merge pull request #3392 from SparkiDev/ocsp_must_staple 
TLS OCSP Stapling: MUST staple option
 2020-10-20 15:07:08 -07:00
toddouska
c863ca54a3 Merge pull request #3308 from julek-wolfssl/thread-safety 
Introduce thread safety to unsafe functions in wolfSSL
 2020-10-20 14:56:04 -07:00
Juliusz Sosinowicz
147cb8e60c Jenkins scope fixes 2020-10-19 12:46:11 +02:00
Juliusz Sosinowicz
24030d5f32 Move globalRNG and co to ssl.c 2020-10-16 17:33:28 +02:00
Sean Parkinson
60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
David Garske
0d685e4f28 Merge pull request #3358 from douzzer/wolfSSL_get_ocsp_producedDate 
add wolfSSL_get_ocsp_producedDate().
 2020-10-12 15:21:10 -07:00
John Safranek
0ca202f389 Rename SKIP_SUITE to something more descriptive. Add some comments. 2020-10-12 09:49:02 -07:00
John Safranek
a05a305d70 Fix unused parameters in SKIP_SUITE. 2020-10-09 15:59:14 -07:00
John Safranek
d8299e2764 Maintenance Fixes 
When building the list of ciphers with wolfSSL_get_ciphers_compat(),
skip the fake indicator ciphers like the renegotiation indication
and the quantum-safe hybrid since they do not have encryption or mac
algorithms associated to them.
 2020-10-09 15:01:38 -07:00
Daniel Pouzzner
570f55a0e3 wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac. 2020-10-08 23:26:28 -05:00
Daniel Pouzzner
7a77b6d990 rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true). 2020-10-08 22:47:16 -05:00
Daniel Pouzzner
e162d0f889 add wolfSSL_get_ocsp_producedDate(). 2020-10-08 22:47:16 -05:00