mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,738 Commits 5 Branches 162 Tags
Commit Graph

14738 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Safranek
50d007ded8
Merge pull request #4196 from JacobBarthelmeh/Release 
Release version 4.8.0
 2021-07-09 14:33:26 -07:00
John Safranek
84539be656
Merge pull request #4197 from JacobBarthelmeh/Jenkins 
Updates found with Jenkins tests
 2021-07-09 14:32:43 -07:00
Daniel Pouzzner
15c890179f Linux kernel module: add an explicit -ffreestanding to CFLAGS in linuxkm/Makefile, and in wc_port.h ifdef WOLFSSL_LINUXKM, ignore -Wtype-limits in Linux kernel header files (needed for kernel v5.13), and suppress inclusion of stdint-gcc.h. 2021-07-09 15:23:07 -05:00
Jacob Barthelmeh
88b70a3906 update google cert that was set to expire in Dec 2021 2021-07-09 23:57:50 +07:00
JacobBarthelmeh
c01a63508a account for testing on big endian system 2021-07-09 08:18:39 -06:00
Jacob Barthelmeh
f4c4cf8afe update changelog for release 4.8.0 2021-07-09 17:02:18 +07:00
David Garske
e1b487ab9f Fix for wc_export_int with WC_TYPE_HEX_STR, which was not returning the correct length. 2021-07-08 14:36:36 -07:00
David Garske
4f055653c7 Restore TLS v1.3 hello_retry behavior with session id. Fix for SNI with default (no name) putting newline due to fgets. 2021-07-08 13:50:08 -07:00
JacobBarthelmeh
500a6c8b27 prepare for release 4.8.0 2021-07-08 12:02:40 -06:00
David Garske
4cb076f22b Cleanup to remove duplicate stat sslResumptionValid. Add print of sslResumptionInserts. 2021-07-08 09:49:13 -07:00
David Garske
ddbe0e6dab Fix for sniffer stats on resume miss. The logic for hello_retry_request will no longer try and do resume, so restore BAD_SESSION_RESUME_STR error. 2021-07-08 09:31:59 -07:00
JacobBarthelmeh
127add4bf7 include stddef for size_t type for ptr 2021-07-08 07:06:20 -06:00
Jacob Barthelmeh
7bcd0da164 warning for length used on strncpy 2021-07-08 15:51:17 +07:00
Jacob Barthelmeh
263e03748e fix issue of handling partially streamed PKCS7 input 2021-07-08 15:25:40 +07:00
JacobBarthelmeh
a250e1f23a
Merge pull request #4194 from ejohnstown/to-fix 
Timeout Fix
 2021-07-08 14:34:42 +07:00
John Safranek
c9aa23ac7a
Merge pull request #4191 from dgarske/htons 
Fix for missing `XHTONS` with `WOLFSSL_USER_IO` and session tickets
 2021-07-07 16:21:59 -07:00
John Safranek
00cab36b36
Timeout Fix 
The macros setting up the timeout for the select used to timeout just
multiplied the ms by 1000 to make us. The BSD select used on macOS
doesn't like the us to be greater than 999999. Modified to carry the
excess us over into the seconds.
 2021-07-07 16:14:48 -07:00
Sean Parkinson
849020660f
Merge pull request #4182 from JacobBarthelmeh/CAAM 
check return of DSA decode
 2021-07-08 08:16:46 +10:00
John Safranek
b9dac74086
Merge pull request #4193 from JacobBarthelmeh/StaticAnalysisTests 
Static analysis tests
 2021-07-07 14:23:58 -07:00
JacobBarthelmeh
86e5287a14
Merge pull request #4032 from TakayukiMatsuo/tk11968 
Make wolfSSL_CTX_set_timeout reflect to Session-ticket-lifetime-hint
 2021-07-07 22:26:06 +07:00
Juliusz Sosinowicz
b7bd3766c7 Fix pedantic errors about macros in macros 2021-07-07 10:54:34 +02:00
JacobBarthelmeh
7b9d6a3f5e
Merge pull request #3792 from TakayukiMatsuo/os_keylog 
Add wolfSSL_CTX_set_keylog_callback
 2021-07-07 15:34:33 +07:00
Hayden Roche
7422f07fb5 Improve wolfIO_HttpProcessResponse HTTP header checking logic. 
Modify this function to just ensure that the response header starts with "HTTP
1.x 200" (where x is 0, 1, etc.).
 2021-07-06 15:18:26 -07:00
David Garske
41ac17cdc6 Improve support for XHTONS with WOLFSSL_USER_IO and session tickets with default encryption implementation !WOLFSSL_NO_DEF_TICKET_ENC_CB. 2021-07-06 13:13:35 -07:00
Jacob Barthelmeh
b1a6d88af6 fix for memory leak 2021-07-06 23:37:35 +07:00
Juliusz Sosinowicz
fc7533fe5e Code review changes 2021-07-06 16:14:25 +02:00
Juliusz Sosinowicz
1acf906612 Code review changes 2021-07-06 15:39:23 +02:00
Juliusz Sosinowicz
6dfc702364 Correct serverDH_Pub length on renegotiation 
On a renegotiation the serverDH_Pub buffer may be too short. The previous DhGenKeyPair call may have generated a key that has a shorter binary representation (usually by one byte). Calling DhGenKeyPair with this shorter buffer results in a WC_KEY_SIZE_E error.
 2021-07-06 15:39:23 +02:00
Juliusz Sosinowicz
1b6b16c2c3 HaProxy 2.4-dev18 support 
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
    - `STACK_TYPE_X509_OBJ`
    - `OCSP_id_cmp`
    - `X509_STORE_get0_objects`
    - `X509V3_EXT_nconf_nid`
    - `X509V3_EXT_nconf`
    - `X509_chain_up_ref`
    - `X509_NAME_hash`
    - `sk_X509_NAME_new_null`
    - `X509_OBJECT_get0_X509`
    - `X509_OBJECT_get0_X509_CRL`
    - `ASN1_OCTET_STRING_free`
    - `X509_LOOKUP_TYPE`
    - `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
    - WOLFSSL_CTX
        - Enable all compiled in protocols
        - Allow anonymous ciphers
        - Set message grouping
        - Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
    - Return first that occured
    - Set correct value on date error
    - Set revoked error on OCSP or CRL error
    - Save value in session and restore on resumption
    - Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
 2021-07-06 15:39:23 +02:00
Jacob Barthelmeh
a6ce91f3bb fix for gcc-11 build with blake2 2021-07-06 14:53:39 +07:00
Jacob Barthelmeh
ae00b5acd0 some minor changes for unintialized and null infer reports 2021-07-06 14:13:45 +07:00
Sean Parkinson
34528eb6c9 ECC bench: can't use SAKKE curve with ECDH/ECDSA 
Skip curve benchmarking when all curves are being benchmarked.
 2021-07-06 12:19:50 +10:00
Guido Vranken
e0f268e522 Simplify mp_invmod_slow fix 2021-07-06 02:29:31 +02:00
Guido Vranken
9783d64f7e Add missing return value check in mp_invmod_slow 2021-07-06 02:13:42 +02:00
Sean Parkinson
08ebd34f31 SP math: montgomery reduction edge case 
4 and 6 word specific implementations now handle rare overflow correctly
in last mul-add of loop.
 2021-07-06 10:03:24 +10:00
Guido Vranken
460b513594 Fix compilation failure with WOLFSSL_PUBLIC_ECC_ADD_DBL 
Fixes https://github.com/wolfSSL/wolfssl/issues/4184
 2021-07-03 19:31:29 +02:00
TakayukiMatsuo
5df0f7820a Add wolfSSL_CTX_set_keylog_callback 2021-07-03 14:51:23 +09:00
Jacob Barthelmeh
89866846d6 check return of DSA decode 2021-07-03 03:41:40 +07:00
David Garske
26789ef877 Fix variable declaration mid-code. 2021-07-02 13:24:25 -07:00
David Garske
2dd169f9a1 Added new sniffer API for callback for key use ssl_SetKeyCallback. Support indicated by WOLFSSL_SNIFFER_KEY_CALLBACK. Trace cleanup for custom error. 2021-07-02 12:18:56 -07:00
kaleb-himes
93a8f36530 Fix basic constraints extension present and CA Boolean not asserted 2021-07-02 12:16:16 -06:00
TakayukiMatsuo
567d8ed704 Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition. 2021-07-02 10:50:00 +09:00
TakayukiMatsuo
aef9e560b1 Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint. 2021-07-02 09:15:01 +09:00
David Garske
197b959916
Merge pull request #4177 from SparkiDev/ecc_exp_point_size 
ECC: validate ordinate length before export
 2021-07-01 17:07:35 -07:00
David Garske
d16e374972
Merge pull request #4160 from JacobBarthelmeh/fuzzing 
better checking on length of streaming buffer
 2021-07-01 17:04:49 -07:00
David Garske
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7 
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
 2021-07-01 17:03:56 -07:00
JacobBarthelmeh
9b8142c1ff
Merge pull request #4174 from SparkiDev/zephyr_2_6_99 
Zephyr Project: update port to work with latest
 2021-07-02 03:23:10 +07:00
Daniel Pouzzner
e9e41d3344
Merge pull request #4070 from elms/fsanitize/undefined_fixes 
address errors with `-fsanitize=undefined`
 2021-07-01 13:00:06 -05:00
JacobBarthelmeh
45486ac904
Merge pull request #4166 from miyazakh/supportedversion_ex_mindowngrade 
not include smaller versions than minimum downgrade
 2021-07-01 21:00:20 +07:00
JacobBarthelmeh
7a42096643
Merge pull request #4175 from SparkiDev/sp_thumb_clang 
SP: Thumb implementaton that works with clang
 2021-07-01 20:39:06 +07:00