wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 23:29:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,896 Commits 12 Branches 184 Tags
ec96e5ad74bcf8caafa7ab509bef180903f4e1a4
Commit Graph

2287 Commits

Author SHA1 Message Date
Daniel Pouzzner
ec96e5ad74 wolfSSL_BN_is_odd(): fix function signature to match header (unsigned long reverted to WOLFSSL_BN_ULONG). 2020-12-11 14:16:44 -06:00
Daniel Pouzzner
f277339528 add explicit casts to XMALLOC()s, even for (void *), to avoid warnings in C++ and MSVC/MSVS builds, and to avoid false positives on simple text searches. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
b723c7ddbe bn.h and ssl.c: define WOLFSSL_BN_ULONG to be target-native unsigned long, revert *_word() bn.h API functions to use WOLFSSL_BN_ULONG, and change wolfSSL_BN_get_word() to return WOLFSSL_BN_ULONG rather than unsigned long, for consistency. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
78b2b3ca3b ssl.c:wolfSSL_BN_get_word_1(): remove dead logic inadvertently retained. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
e6b587772f fix pointer type clash in wolfSSL_BN_mod_word(); restore accidentally removed WOLFSSL_KEY_GEN gate in dsa_test(). 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
53cfa55941 src/ssl.c and wolfssl/openssl/bn.h: refactor _word mp routines to consistently accept/return target-native unsigned long type, for compatibility with sp-math-all. needed because WOLFSSL_BN_ULONG can, surprisingly, be only 16 bits, when sp-math-all in a 32 bit build. 2020-12-10 14:16:20 -06:00
toddouska
367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Juliusz Sosinowicz
95132b1c55 Make renegotiation information available outside of OPENSSL_EXTRA 2020-11-24 17:03:40 +01:00
Juliusz Sosinowicz
41d58465c0 Adapt wolfSSL_dtls_got_timeout to secure renegotiation usage 
Reset DTLS stored messages on a FreeHandshakeResources call even if secure renegotiation is enabled. Without this, in a server initiated rehandshake, the server would keep old messages (ChangeCipherSpec and Finished) even when it sent a HelloRequest message.
 2020-11-24 16:06:35 +01:00
David Garske
d4c59e369e Merge pull request #3335 from julek-wolfssl/RSA-PSS-padding-in-EVP_Digest-API 
Enable RSA-PSS padding in EVP_Digest* API
 2020-11-19 09:31:12 -08:00
Sean Parkinson
91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
toddouska
aa9ed17afa Merge pull request #3512 from dgarske/openssl_pem 
Fix for missing `wolfSSL_PEM_write_bio_PrivateKey` with WebRTC
 2020-11-18 16:17:46 -08:00
toddouska
a280df1892 Merge pull request #3488 from kabuobeid/x509_objtxt_lname 
Return long names instead of short names in wolfSSL_OBJ_obj2txt().
 2020-11-18 16:10:46 -08:00
toddouska
b0979f4225 Merge pull request #3476 from dgarske/sniffer_hrr 
Fixes for TLS sniffer with v1.3 (HRR and Certs)
 2020-11-18 16:07:11 -08:00
toddouska
dedde4c058 Merge pull request #3456 from JacobBarthelmeh/Certs 
strict certificate version allowed from client
 2020-11-18 15:55:50 -08:00
toddouska
9bde34ef5b Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names 
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
 2020-11-18 15:52:52 -08:00
Sean Parkinson
d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
David Garske
4cfe5a1bc1 Fix for missing wolfSSL_PEM_write_bio_PrivateKey with WebRTC. If keygen or certgen is not specified this was incorrectly being excluded with opensslextra or opensslall. 2020-11-18 11:30:53 -08:00
Juliusz Sosinowicz
a0a3a2b74c Review changes 2020-11-17 19:15:12 +01:00
Juliusz Sosinowicz
b4754d5706 CAVP, Windows, and FIPS tests 2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
d18e2d7386 Refactoring and use salt length discover if available 2020-11-17 15:06:35 +01:00
Juliusz Sosinowicz
248dd12993 Enable RSA-PSS padding in EVP_Digest* API 2020-11-17 15:04:57 +01:00
David Garske
4a790cd024 Fixes for building with --disable-ecc and --disable-dh. 2020-11-16 12:17:27 -08:00
Kareem Abuobeid
da06ef8c3f Return long names instead of short names in wolfSSL_OBJ_obj2txt(). 2020-11-13 12:03:26 -07:00
David Garske
b931b1bd4d Fix to not allow free for globally cached sessions. Resolves a false-positive scan-build warning. 2020-11-12 12:51:41 -08:00
John Safranek
e996a7d15b Scan-Build Fixes 
1. Fixed a couple possible 0 byte allocations.
2. Fixed a couple missed frees due to error conditions.
3. Fixed a possible double free.

To recreate:
    $ scan-build ./configure --disable-shared --enable-opensslextra=x509small --disable-memory
    $ scan-build ./configure --disable-shared --enable-opensslextra --disable-memory
 2020-11-12 09:06:59 -08:00
David Garske
ea21ddf540 Fix to only free existing key in SetStaticEphemeralKey if the incoming algorithm type has been specified. 2020-11-12 08:59:11 -08:00
David Garske
71d9f1e9bd Static ephemeral refactor to support loading both DHE and ECDHE keys. Added ability to specify key using snifftest input at run-time. Improved snifftest key loading for named keys and static ephemeral. 2020-11-12 08:59:11 -08:00
David Garske
c7bb602a30 Merge pull request #3482 from douzzer/scan-build-fixes-20201110 
scan-build fixes -- 1 null deref, 34 unused results
 2020-11-12 07:45:45 -08:00
Daniel Pouzzner
7850d71ccb add wolfSSL_get_cipher_suite_from_name(); add flags arg to GetCipherSuiteFromName(); fix GetCipherSuiteFromName() to prevent spurious substring matching; add SUITE_ALIAS() macros for use defining CipherSuiteInfo, and add CipherSuiteInfo.flags slot and associated logic, to allow alternative cipher names to be recognized; add "CCM8" cipher name variants wherever applicable, including the unit.test conf files, to recognize and test the OpenSSL variants; add tests in client_test() and server_test() to confirm correct forward and backward mapping of cipher names/aliases. 2020-11-11 22:47:47 -06:00
toddouska
d3e3b21c83 Merge pull request #3393 from dgarske/zd11104 
Fix for TLS ECDH (static DH) with non-standard curves
 2020-11-11 14:22:37 -08:00
Daniel Pouzzner
5fe1586688 fix 34 deadcode.DeadStores detected by llvm11 scan-build. 2020-11-11 13:04:14 -06:00
Jacob Barthelmeh
979216d595 add test case for rejecting version 2 x509 2020-11-11 18:57:09 +07:00
David Garske
fcd73135f5 Merge pull request #3479 from tmael/ocsp_NULL 
Check <hash> input parameter in GetCA
 2020-11-10 14:46:05 -08:00
David Garske
6bd98afdd0 Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined. 2020-11-10 09:47:37 -08:00
David Garske
d7dee5d9e6 Fix for ECC minimum key size, which is 112 bits. 2020-11-10 09:47:36 -08:00
David Garske
bfb6138fc5 Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow 
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
 2020-11-10 09:37:36 -08:00
Daniel Pouzzner
bd38124814 ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount. 2020-11-09 21:24:34 -06:00
toddouska
3050f28890 Merge pull request #3467 from cconlon/rc2vs 
rc2.c to Visual Studio projects, fix warnings
 2020-11-09 13:52:03 -08:00
David Garske
f02c3aab2e Merge pull request #3475 from ejohnstown/nsup 
Hush Unused Param Warning
 2020-11-09 11:04:05 -08:00
David Garske
7e3efa3792 Merge pull request #3474 from douzzer/lighttpd-update-1.4.56 
lighttpd support update for v1.4.56
 2020-11-09 09:24:58 -08:00
Tesfa Mael
a5caf1be01 Check for NULL 2020-11-09 08:45:48 -08:00
John Safranek
884a9b59ab Merge pull request #3461 from dgarske/fips_ready_wopensslextra 
Fix for FIPS ready with openssl compat
 2020-11-06 13:14:06 -08:00
John Safranek
abd6f6ce18 Hush Unused Param Warning 
Removed a guard check for NO_WOLFSSL_STUB from wolfSSL_X509_print_ex().
To recreate:

    $ ./configure --enable-opensslextra CPPFLAGS="-DNO_WOLFSSL_STUB"
    $ make
 2020-11-06 10:30:47 -08:00
Hayden Roche
2cad844d29 Merge pull request #3421 from dgarske/apache_httpd 
Apache httpd w/TLS 1.3 support
 2020-11-06 12:14:58 -06:00
David Garske
0d2e28ce80 Fix for error: unused function 'MonthStr' 2020-11-06 10:11:48 -08:00
Daniel Pouzzner
4030523eb5 ssl.c: remove duplicate definition of wolfSSL_CTX_check_private_key(). 2020-11-05 21:57:33 -06:00
Glenn Strauss
92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Glenn Strauss
daca327ba3 expose (get|set)_(app|ex)_data with HAVE_EX_DATA 
when OPENSSL_EXTRA_X509_SMALL is set
 2020-11-05 20:40:43 -06:00
Glenn Strauss
d01616a357 unhide some non-fs funcs hidden by NO_FILESYSTEM 2020-11-05 20:40:43 -06:00