Commit Graph

1171 Commits

Author SHA1 Message Date
David Garske d75c2e2a91 Added new WOLFSSL_EXTRA define for expanded API's without openssl extra. Removed old GOAHEAD_WS, which had build errors and current project requires full openssl extra compatability. Fix unused arg build warnings for OCSP. The WOLFSSL_EXTRA adds: wolfSSL_CTX_set_quiet_shutdown, wolfSSL_set_quiet_shutdown, wolfSSL_set_accept_state and wolfSSL_set_connect_state. 2017-12-27 08:55:28 -08:00
Chris Conlon 2660ff0b93 Merge pull request #1251 from kojo1/openSSL-Compat-201711
openSSL compatibility 201711
2017-12-21 16:25:46 -07:00
Chris Conlon e97f8b5a9c fix scanbuild issues, internal.c and tfm.c 2017-12-20 12:18:49 -07:00
David Garske 4712376ce1 Fix for OCSP non-blocking with check all flag set. 2017-12-19 16:52:47 -08:00
toddouska ddae61afbd Merge pull request #1259 from dgarske/fix_ocsp_nonblock
Fixes for handling non-blocking OCSP
2017-12-18 16:43:24 -08:00
David Garske 5b003918ef Fix for #ifdef issue causing some X509 functions to be unavailable when DH and ECC were disabled. Fix for HashAlgoToType not being available if building with DH and ECC disabled and RSA PSS enabled. 2017-12-18 11:10:12 -08:00
David Garske de05c563b6 Fix to handle non-blocking OCSP when WOLFSSL_NONBLOCK_OCSP is defined and not using async. OCSP callback should return OCSP_WANT_READ. Added ability to simulate non-blocking OCSP using TEST_NONBLOCK_CERTS. 2017-12-08 03:12:33 +01:00
Sean Parkinson 4f97a49213 Fix placement of #endif 2017-12-08 09:13:53 +10:00
toddouska ecb9e799a9 Merge pull request #1243 from dgarske/def_sec_reneg
Adds new define to enable secure-renegotiation by default
2017-11-29 14:40:23 -08:00
Takashi Kojo 05b9b39e06 free ctx->alpn_cli_protos 2017-11-24 06:27:36 +09:00
Takashi Kojo 5f025de0f8 pull ssl->protoMsgCb() from Part5 2017-11-24 05:49:41 +09:00
dgarske 8c15c65343 Merge pull request #1216 from abrahamsonn/windows-errors
Windows errors
2017-11-21 15:21:14 -08:00
David Garske 60a6da1c14 Adds new option to enable secure-renegotiation by default (used by IIS for client authentication). WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT. 2017-11-20 16:15:06 -08:00
Sean Parkinson 5ccf54dd1a Handle reading record layer padding 2017-11-20 12:08:18 +10:00
toddouska 21e391fbce Merge pull request #1235 from SparkiDev/tls13_draft21
Update code to support Draft 21 of TLS v1.3
2017-11-17 13:11:03 -08:00
abrahamsonn 6793a7bc4c Voided 2 variables outside of their ifdef's 2017-11-16 14:54:54 -07:00
Sean Parkinson cb8e284464 Update code to support Draft 21 of TLS v1.3 2017-11-15 16:40:48 +10:00
David Garske fd455d5a5e Fix for handling of static RSA PKCS formatting failures so they are indistinguishable from from correctly formatted RSA blocks (per RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG creation for consistency in client case. Removed obsolete PMS_VERSION_ERROR. 2017-11-14 14:05:50 -08:00
abrahamsonn f17470b42b Added more of the requested changes & made an attempt to remove merge conflicts 2017-11-14 15:05:32 -07:00
David Garske 20f5c61675 Added debug message when signature/algorithm list is truncated. 2017-11-14 10:31:48 -08:00
David Garske b08a99057c Cleanup of hashSigAlgo handling in DoClientHello. 2017-11-13 15:02:13 -08:00
David Garske 2b5c4ffa7f Enhancement to allow override of maximum sig/algos using new WOLFSSL_MAX_SIGALGO define (default is 32). 2017-11-13 14:35:15 -08:00
Moisés Guimarães 0dd2ba2d80 adds unsupported_extension behavior to SNI 2017-11-03 15:31:13 -03:00
JacobBarthelmeh 5e02100921 Merge pull request #1192 from dgarske/client_staticmem
Added static memory support to client example
2017-11-02 14:49:33 -06:00
dgarske 1d1e904acb Merge pull request #942 from ghoso/dev201705
New openssl compatibility functions for: `BN_mod_inverse`, `PKCS5_PBKDF2_HMAC_SHA1` and 
`SSL_set_tlsext_status_type`.
2017-11-02 10:47:14 -07:00
David Garske 4084255fd5 Improve SSL failure cleanup case where ssl->ctx isn't set yet. 2017-11-02 09:48:43 -07:00
David Garske 229cecfb61 Fix static memory failure case (insuficient mem) in InitSSL case where ssl->ctx isn't set yet and SSL_ResourceFree is called NULL dereferece happens. 2017-11-02 09:48:43 -07:00
David Garske 72f44aba87 Fix for X509 FreeAltNames with static memory enabled. 2017-11-02 09:48:43 -07:00
David Garske 6369794b6f Fixes for static memory with -r session resumption option on client. Fix for possible failed InitSSL cleanup using NULL ssl->ctx for static memory. 2017-11-02 09:48:43 -07:00
Sean Parkinson f4ae86dc1b Fix TLS extension code
Don't respond with TLS v1.3 extensions if doing TLS v1.2 or lower.
Use calculated size in SendServerHello rather than fixed maximum.
2017-11-01 18:08:11 +10:00
Go Hosohara 9c9978ce9f OpenSSL Compatibility functions on PR#942. 2017-11-01 13:00:47 +09:00
toddouska 264c481c71 Merge pull request #1191 from SparkiDev/tls13_no_ecc
Fix no ECC builds with TLS13 code.
2017-10-26 10:49:59 -07:00
toddouska ee489b12ef Merge pull request #1198 from dgarske/fix_build
Fix build errors with various configs.
2017-10-26 09:46:50 -07:00
David Garske 94e0b06b9f Fix build errors with configs for no ASN and no PKI with PSK. 2017-10-26 07:34:41 -07:00
David Garske b4d802d524 Fix cipher_name_idx to be const. 2017-10-25 16:57:53 -07:00
Sean Parkinson 323db1a95d Fix no ECC builds with TLS13 code.
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
2017-10-24 09:11:24 -07:00
toddouska c0105b3008 Merge pull request #1175 from dgarske/cleanup_inlines
Cleanup to consolidate the inline helpers
2017-10-24 08:15:12 -07:00
Moisés Guimarães 96667b47ee ec point format TLS extension (#1034)
* adds client support to ec_point_format
* adds ec_point_format support for server side
* makes ec-point-format activation dependent on supported-curves activation
* removes recursive functions preserving the writing order
* renames EllipticCurves to SupportedCurves
2017-10-23 14:06:20 -07:00
David Garske 7f30397252 Remove execute bit on all code files. 2017-10-23 11:16:40 -07:00
David Garske 911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
David Garske 7f2e6e1d8a Cleanup to consolidate the inline helpers like cto, ato and bto into misc.c. Relocate the word24 typedef into types.h. 2017-10-18 09:06:48 -07:00
toddouska 1377577af5 Merge pull request #1187 from dgarske/build_fixes
Build fixes for various TLS 1.3 disable options
2017-10-18 08:59:46 -07:00
David Garske 8659140494 Build fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). 2017-10-17 09:39:32 -07:00
Sean Parkinson 9e4e58fe8c Disallow upgrading to TLS v1.3
Change SupportedVersions extension to only include TLS v1.3 if downgrade
is disabled.
Fix parsing of SupportedVersions extension
Don't upgrade
Only downgrade in SupportedVersions extension if option enabled
2017-10-17 08:52:12 +10:00
toddouska 6fd53d31c2 Merge pull request #1157 from dgarske/old-names
Refactor SSL_ and hashing types to use wolf specific prefix
2017-10-13 09:09:44 -07:00
toddouska 04106a0089 Merge pull request #1174 from dgarske/ocsp_cb_ctx
Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object
2017-10-12 10:02:49 -07:00
David Garske 6021c37ec7 Refactor WOLF_SSL_ to WOLFSSL_ (much better). 2017-10-11 09:10:43 -07:00
David Garske 6707be2b0e Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming. 2017-10-11 09:10:42 -07:00
David Garske 4c8d228080 Added WOLFSSL_ALT_CERT_CHAINS option to enable checking cert aginst multiple CA's. Added new API's for wolfSSL_get_peer_alt_chain and wolfSSL_is_peer_alt_cert_chain, which allow a way to know if alternate cert chain is used and provides a way to get it (when SESSION_CERTS is defined). Cleanup of the defines to enable debugging certs (just use SHOW_CERTS now). 2017-10-10 08:55:35 -07:00
David Garske 280de41515 Improvement to wolfSSL_SetOCSP_Cb to set the context per WOLFSSL object (callback functions are same). Adding API unit tests next. 2017-10-06 12:18:21 -07:00