Commit Graph

12664 Commits

Author SHA1 Message Date
David Garske fb9ed686cb Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available). 2020-11-10 09:47:36 -08:00
David Garske 045fc4d686 Fixes to support overriding minimum key sizes for examples. 2020-11-10 09:47:36 -08:00
David Garske bfb6138fc5 Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
2020-11-10 09:37:36 -08:00
Daniel Pouzzner 5625929c83 scripts/external.test: skip test when -UHAVE_ECC. 2020-11-10 01:27:45 -06:00
Daniel Pouzzner 196ae63eb2 scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible). 2020-11-10 00:03:02 -06:00
Daniel Pouzzner bd38124814 ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount. 2020-11-09 21:24:34 -06:00
toddouska 3050f28890 Merge pull request #3467 from cconlon/rc2vs
rc2.c to Visual Studio projects, fix warnings
2020-11-09 13:52:03 -08:00
David Garske f02c3aab2e Merge pull request #3475 from ejohnstown/nsup
Hush Unused Param Warning
2020-11-09 11:04:05 -08:00
Daniel Pouzzner 4b1a779fcc tests: fix for fips-test -Wunused-variable on "rng" 2020-11-09 11:54:49 -06:00
David Garske 7e3efa3792 Merge pull request #3474 from douzzer/lighttpd-update-1.4.56
lighttpd support update for v1.4.56
2020-11-09 09:24:58 -08:00
Daniel Pouzzner 22bcceb2d3 src/sniffer.c: guard against null arguments to TraceSetNamedServer(), to eliminate -Werror=format-overflow= warnings from gcc. 2020-11-06 17:40:12 -06:00
Kaleb Himes 937a7ce8ce Merge pull request #3448 from dgarske/crypto_cb
Improve the crypto callback for ASN
2020-11-06 15:26:11 -07:00
John Safranek 884a9b59ab Merge pull request #3461 from dgarske/fips_ready_wopensslextra
Fix for FIPS ready with openssl compat
2020-11-06 13:14:06 -08:00
Chris Conlon ac4c8a0112 Merge pull request #3419 from ethanlooney/29th_branch
Added case for Logging.c unit test
2020-11-06 13:10:24 -07:00
toddouska 4110297b62 Merge pull request #3473 from embhorn/zd11198
wc_SetIssuerRaw should copy raw subject to issuer
2020-11-06 10:48:37 -08:00
toddouska b4e7f196df Merge pull request #3470 from SparkiDev/config_fix_3
TLS configurations fixes
2020-11-06 10:35:51 -08:00
toddouska 3f25cda354 Merge pull request #3469 from SparkiDev/cpuid_sp_asm
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
2020-11-06 10:34:40 -08:00
John Safranek abd6f6ce18 Hush Unused Param Warning
Removed a guard check for NO_WOLFSSL_STUB from wolfSSL_X509_print_ex().
To recreate:

    $ ./configure --enable-opensslextra CPPFLAGS="-DNO_WOLFSSL_STUB"
    $ make
2020-11-06 10:30:47 -08:00
toddouska f3d961b1b1 Merge pull request #3453 from dgarske/ZD11159
Fix for possible memory leak when overriding error for verify callback
2020-11-06 10:18:52 -08:00
toddouska f9ec7c472a Merge pull request #3440 from ejohnstown/ntf3
Nightly Test Fix
2020-11-06 10:15:23 -08:00
Hayden Roche 2cad844d29 Merge pull request #3421 from dgarske/apache_httpd
Apache httpd w/TLS 1.3 support
2020-11-06 12:14:58 -06:00
David Garske 0d2e28ce80 Fix for error: unused function 'MonthStr' 2020-11-06 10:11:48 -08:00
Daniel Pouzzner dcff103c84 tests/api.c: fixes for compilability re NO_BIO 2020-11-05 22:19:16 -06:00
Daniel Pouzzner 4030523eb5 ssl.c: remove duplicate definition of wolfSSL_CTX_check_private_key(). 2020-11-05 21:57:33 -06:00
Glenn Strauss f9e48ee361 build updates for lighttpd: recommend -DNO_BIO
(cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a)
2020-11-05 20:40:43 -06:00
Glenn Strauss 92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Glenn Strauss 030eb9347c lighttpd: allow ssl3, tls1.0 if explicitly enabled 2020-11-05 20:40:43 -06:00
Glenn Strauss 7cee131e37 restore --enable-lighty with --enable-all
protect lighttpd recommendations (and recommended restrictions)
to when building wolfSSL specifically for use by lighttpd, and
omit these optional settings when building `--enable-all`
2020-11-05 20:40:43 -06:00
David Garske a9a495270c Fix to disable CRL monitor for single threaded or lighttpd. Do not set --enable-lighty with --enable-all. 2020-11-05 20:40:43 -06:00
Glenn Strauss daca327ba3 expose (get|set)_(app|ex)_data with HAVE_EX_DATA
when OPENSSL_EXTRA_X509_SMALL is set
2020-11-05 20:40:43 -06:00
Glenn Strauss d01616a357 unhide some non-fs funcs hidden by NO_FILESYSTEM 2020-11-05 20:40:43 -06:00
Glenn Strauss bcf1f0375b build updates for lighttpd: recommended flags 2020-11-05 20:40:43 -06:00
Glenn Strauss f4e2db831e enable SNI_Callback for lighttpd 2020-11-05 20:40:43 -06:00
Glenn Strauss be7592fb43 implement wolfSSL_dup_CA_list()
wolfSSL_dup_CA_list() duplicates a WOLF_STACK_OF(WOLFSSL_X509_NAME)

(replaces stub function)
2020-11-05 20:40:43 -06:00
Glenn Strauss e5ed227a87 build updates for lighttpd: -DOPENSSL_ALL
avoid potential for WolfSSL to silently omit expected functionality
2020-11-05 20:40:43 -06:00
Glenn Strauss 503de43cbd build updates for lighttpd
Update configure.ac and various #ifdefs to enable WolfSSL to
build features for use by lighttpd.

Change signature of wolfSSL_GetVersion() to take const arg.
Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with
SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *)
2020-11-05 20:40:43 -06:00
kaleb-himes 182a3e6bc2 Also addressing opensslall, pkcs7 and combinations 2020-11-05 17:29:30 -07:00
Ethan Looney 232ac03bbe Changed it to only the inverse 2020-11-05 14:38:23 -07:00
Eric Blankenhorn a92e31f6cb Fix from review 2020-11-05 14:47:10 -06:00
David Garske d784bd61cd Merge pull request #3462 from kabuobeid/wolfrand_freescale_ecc_fix
Fix build issue when building wolfrand on a Freescale platform.
2020-11-05 12:29:49 -08:00
Ethan Looney 06f1a1870d Added inverse case 2020-11-05 13:05:15 -07:00
David Garske 1dc7293b19 Fix the return code. openssl uses void on these, but let's go ahead and do a return code. 2020-11-05 09:31:12 -08:00
David Garske 063fb2cfa0 Merge pull request #3455 from douzzer/linuxkm-install-rules
add "module", "modules_install", and "clean_module" rules for linuxkm
2020-11-05 09:09:35 -08:00
Kaleb Himes 648c5e4735 Merge pull request #3471 from douzzer/fix-scan-build-20201104
fix various possibly spurious scan-build null deref reports.
2020-11-05 09:36:42 -07:00
Eric Blankenhorn fa9a0a4b49 Copy raw subject to issuer 2020-11-05 09:06:02 -06:00
Daniel Pouzzner 5751319e00 fix various possibly spurious scan-build null deref reports. 2020-11-04 23:11:42 -06:00
Kaleb Himes b40543b342 Merge pull request #3466 from douzzer/fix-benchmark-dh-key-size
fix bench_dh() key size initialization
2020-11-04 20:33:06 -07:00
Sean Parkinson 8a42ee7ffd TLS configurations fixes
--enable-leanpsk --disable-tls13:
    ensure WriteSEQ is defined when !WOLFSSL_NO_TLS12 (tls.c)

CFLAGS=-DWOLFSSL_NO_CLIENT_AUTH -disable-tls13"
TLS server was expecting certificate from peer when verifyPeer is
set. Fix with checks for !WOLFSSL_NO_CLIENT_AUTH.
2020-11-05 12:21:19 +10:00
Sean Parkinson 2588fe366e cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
WOLFSSL_X86_64_BUILD is defined only when fast math is enabled.
Define it when SP ASM is enabled and on an x86_64 host.
Undo cpuid code being enabled when WOLFSSL_SP_ASM as it shouldn't for
non-Intel CPUs.
2020-11-05 11:16:27 +10:00
Kareem Abuobeid 37952b2776 Fix build issue when building wolfrand on a Freescale platform. 2020-11-04 16:52:59 -07:00