mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,662 Commits 5 Branches 162 Tags
Commit Graph

14662 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juliusz Sosinowicz
1acf906612 Code review changes 2021-07-06 15:39:23 +02:00
Juliusz Sosinowicz
6dfc702364 Correct serverDH_Pub length on renegotiation 
On a renegotiation the serverDH_Pub buffer may be too short. The previous DhGenKeyPair call may have generated a key that has a shorter binary representation (usually by one byte). Calling DhGenKeyPair with this shorter buffer results in a WC_KEY_SIZE_E error.
 2021-07-06 15:39:23 +02:00
Juliusz Sosinowicz
1b6b16c2c3 HaProxy 2.4-dev18 support 
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
    - `STACK_TYPE_X509_OBJ`
    - `OCSP_id_cmp`
    - `X509_STORE_get0_objects`
    - `X509V3_EXT_nconf_nid`
    - `X509V3_EXT_nconf`
    - `X509_chain_up_ref`
    - `X509_NAME_hash`
    - `sk_X509_NAME_new_null`
    - `X509_OBJECT_get0_X509`
    - `X509_OBJECT_get0_X509_CRL`
    - `ASN1_OCTET_STRING_free`
    - `X509_LOOKUP_TYPE`
    - `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
    - WOLFSSL_CTX
        - Enable all compiled in protocols
        - Allow anonymous ciphers
        - Set message grouping
        - Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
    - Return first that occured
    - Set correct value on date error
    - Set revoked error on OCSP or CRL error
    - Save value in session and restore on resumption
    - Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
 2021-07-06 15:39:23 +02:00
Jacob Barthelmeh
a6ce91f3bb fix for gcc-11 build with blake2 2021-07-06 14:53:39 +07:00
Jacob Barthelmeh
ae00b5acd0 some minor changes for unintialized and null infer reports 2021-07-06 14:13:45 +07:00
Sean Parkinson
34528eb6c9 ECC bench: can't use SAKKE curve with ECDH/ECDSA 
Skip curve benchmarking when all curves are being benchmarked.
 2021-07-06 12:19:50 +10:00
Guido Vranken
e0f268e522 Simplify mp_invmod_slow fix 2021-07-06 02:29:31 +02:00
Guido Vranken
9783d64f7e Add missing return value check in mp_invmod_slow 2021-07-06 02:13:42 +02:00
Sean Parkinson
08ebd34f31 SP math: montgomery reduction edge case 
4 and 6 word specific implementations now handle rare overflow correctly
in last mul-add of loop.
 2021-07-06 10:03:24 +10:00
Guido Vranken
460b513594 Fix compilation failure with WOLFSSL_PUBLIC_ECC_ADD_DBL 
Fixes https://github.com/wolfSSL/wolfssl/issues/4184
 2021-07-03 19:31:29 +02:00
TakayukiMatsuo
5df0f7820a Add wolfSSL_CTX_set_keylog_callback 2021-07-03 14:51:23 +09:00
Jacob Barthelmeh
89866846d6 check return of DSA decode 2021-07-03 03:41:40 +07:00
David Garske
26789ef877 Fix variable declaration mid-code. 2021-07-02 13:24:25 -07:00
David Garske
2dd169f9a1 Added new sniffer API for callback for key use ssl_SetKeyCallback. Support indicated by WOLFSSL_SNIFFER_KEY_CALLBACK. Trace cleanup for custom error. 2021-07-02 12:18:56 -07:00
kaleb-himes
93a8f36530 Fix basic constraints extension present and CA Boolean not asserted 2021-07-02 12:16:16 -06:00
TakayukiMatsuo
567d8ed704 Make wolfSSL_set_session return success on timeout under WOLFSSL_ERROR_CODE_OPENSSL macro definition. 2021-07-02 10:50:00 +09:00
TakayukiMatsuo
aef9e560b1 Make wolfSSL_CTX_set_timeout call wolfSSL_CTX_set_TicketHint internally to change session-ticket-lifetime-hint. 2021-07-02 09:15:01 +09:00
David Garske
197b959916
Merge pull request #4177 from SparkiDev/ecc_exp_point_size 
ECC: validate ordinate length before export
 2021-07-01 17:07:35 -07:00
David Garske
d16e374972
Merge pull request #4160 from JacobBarthelmeh/fuzzing 
better checking on length of streaming buffer
 2021-07-01 17:04:49 -07:00
David Garske
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7 
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
 2021-07-01 17:03:56 -07:00
JacobBarthelmeh
9b8142c1ff
Merge pull request #4174 from SparkiDev/zephyr_2_6_99 
Zephyr Project: update port to work with latest
 2021-07-02 03:23:10 +07:00
Daniel Pouzzner
e9e41d3344
Merge pull request #4070 from elms/fsanitize/undefined_fixes 
address errors with `-fsanitize=undefined`
 2021-07-01 13:00:06 -05:00
JacobBarthelmeh
45486ac904
Merge pull request #4166 from miyazakh/supportedversion_ex_mindowngrade 
not include smaller versions than minimum downgrade
 2021-07-01 21:00:20 +07:00
JacobBarthelmeh
7a42096643
Merge pull request #4175 from SparkiDev/sp_thumb_clang 
SP: Thumb implementaton that works with clang
 2021-07-01 20:39:06 +07:00
Sean Parkinson
a992480f91 ECC: validate ordinate length before export 2021-07-01 15:50:04 +10:00
Elms
75e807abc6 Fixes for gcc-10 and -fsanitize=undefined for rabbit.c 
* One introduced in #4156
* One from previous commit in this PR
 2021-06-30 22:20:17 -07:00
Sean Parkinson
6694775d4b Changes to compile without XTREAM_ALIGN 
Use macro to load 32 bits from input parameters key in hc128.c and input
in rabbit.c
Also fix warning about string copy.
 2021-06-30 21:58:30 -07:00
Elms
56d879f422 address scan-build issues for clang 6 and 10 2021-06-30 21:58:30 -07:00
Elms
c9597ea735 sha3: align data for Sha3Update 2021-06-30 21:58:30 -07:00
Elms
dc7beab784 address errors with -fsanitize=undefined 
- fix null dereferences or undefined `memcpy` calls
 - fix alignment in `myCryptoDevCb`
 - fix default dtls context assignment
 - add align configure option to force data alignment

TESTED:
 `./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
 2021-06-30 21:58:30 -07:00
Sean Parkinson
4cff893c5f SP math all: allow reading of bin up to max digit size 2021-07-01 14:29:58 +10:00
David Garske
f9cd83743a Fix include.am typo. 2021-06-30 08:42:15 -07:00
David Garske
23b573c70a Autoconf Include.am fixes, spelling and copyright. 2021-06-30 08:38:17 -07:00
David Garske
c820b5679a
Merge pull request #4173 from SparkiDev/sp_int_mingw64 2021-06-30 06:57:58 -07:00
Jacob Barthelmeh
893b71e8c1 remove dead code 2021-06-30 19:54:25 +07:00
Juliusz Sosinowicz
0277fa6d7c Remove unused wolfSSL_StartSecureRenegotiation 2021-06-30 13:51:11 +02:00
Jacob Barthelmeh
23eededc36 simplify and fix max stream buffer length 2021-06-30 15:26:44 +07:00
Hideki Miyazaki
b0688688c1
addressed review comments 2021-06-30 13:52:46 +09:00
Sean Parkinson
60a520c525 SP: Thumb implementaton that works with clang 2021-06-30 13:10:29 +10:00
Sean Parkinson
d1fb736136 Zephyr Project: update port to work with latest 2021-06-30 10:29:54 +10:00
Sean Parkinson
36d534034c SP math: cast number to sp_digit rather than declare as long 2021-06-30 09:28:51 +10:00
David Garske
ae68de060a
Merge pull request #4171 from SparkiDev/sp_small_fast_modexp 
SP: allow fast mod_exp to be compiled for small C code
 2021-06-29 13:32:55 -07:00
David Garske
0d1672dfee
Merge pull request #4170 from SparkiDev/sp_mingw64 
SP: Don't cast number to sp_digit rather than declare as long
 2021-06-29 13:32:28 -07:00
Chris Conlon
9179071af5
Merge pull request #4153 from JacobBarthelmeh/Testing 
fix for keyid with ktri cms
 2021-06-29 11:40:00 -06:00
David Garske
e59cc79a1f Document new WOLFSSL_SP_FAST_MODEXP option. 2021-06-29 09:16:27 -07:00
David Garske
a748b5264e Fix for wolfcrypt/src/sp_int.c:2720:34: error: left shift count >= width of type with mingw64. 2021-06-29 09:13:32 -07:00
David Garske
b0e9531f26
Merge pull request #4169 from SparkiDev/dh_anon_tls12 
TLS: Get DH anon working TLS 1.2 and below
 2021-06-29 08:53:44 -07:00
Sean Parkinson
303f944935 SP: allow fast mod_exp to be compiled for small C code 2021-06-29 12:51:21 +10:00
Sean Parkinson
08e560e0a7 SP: Don't cast number to sp_digit rather than declare as long 
mingw64 has numbers as 32-bit type when declarted long.
Fixup some line lengths.
 2021-06-29 11:07:47 +10:00
Sean Parkinson
f56bf3d8ee TLS: Get DH anon working TLS 1.2 and below 
Send the server DH parameters in ServerKeyExchange.
./configure '--enable-anon' '--disable-rsa' '--enable-oldtls'
 2021-06-29 10:29:39 +10:00