mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7,743 Commits 5 Branches 162 Tags
Commit Graph

2890 Commits

Author SHA1 Message Date
toddouska
9d86d323ef
Merge pull request #1628 from JacobBarthelmeh/Fuzzer 
sanity check on hashing size
 2018-06-20 17:46:38 -07:00
Jacob Barthelmeh
bf63003237 sanity check before reading word16 from buffer 2018-06-20 16:48:40 -06:00
Jacob Barthelmeh
2f43d5eece update size to be used with fuzzing 2018-06-20 15:29:05 -06:00
Jacob Barthelmeh
61655ef56d comment on sz value and sanity check before fuzzing 2018-06-20 09:21:56 -06:00
Jacob Barthelmeh
38f916a798 sanity check on hashing size 2018-06-18 15:50:44 -06:00
Jacob Barthelmeh
c98aca32c4 static analysis report fixes 2018-06-15 17:00:45 -06:00
Jacob Barthelmeh
a1295b3148 memory management with test cases 2018-06-15 15:43:42 -06:00
toddouska
0d0aa74444
Merge pull request #1623 from dgarske/fix_atecc508a 
Fixes for build with `WOLFSSL_ATECC508A` defined
 2018-06-15 11:06:33 -07:00
toddouska
55945acd55
Merge pull request #1622 from cconlon/cavp-selftest-fix 
fix CAVP self test build with newer raw hash functions
 2018-06-15 11:02:15 -07:00
Jacob Barthelmeh
c03c10e1d4 move location of wolfSSL_d2i_RSA_PublicKey to fix x509 small build 2018-06-14 14:38:15 -06:00
toddouska
139a08a98e
Merge pull request #1621 from SparkiDev/tls13_no_cs 
Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests
 2018-06-14 09:08:13 -07:00
David Garske
5b2bb44bc8 Fixes for build with WOLFSSL_ATECC508A defined. 2018-06-13 20:10:01 -07:00
toddouska
15348d4936
Merge pull request #1612 from dgarske/fixmatchdomainname 
Fixes for `MatchDomainName` to properly detect failures
 2018-06-13 13:13:52 -07:00
Chris Conlon
1db5d6ebd6 fix CAVP self test build with newer raw hash functions 2018-06-13 09:55:16 -06:00
Sean Parkinson
a03c15e598 Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests 2018-06-13 11:42:16 +10:00
David Garske
1f16b36402 Fixes for MatchDomainName to properly detect failures: 
* Fix `MatchDomainName` to also check for remaining len on success check.
* Enhanced `DNS_entry` to include actual ASN.1 length and use it thoughout (was using XSTRLEN).

Added additional tests for matching on domain name:
* Check for bad common name with embedded null (CN=localhost\0h, Alt=None) - Note: Trouble creating cert with this criteria
* Check for bad alternate name with embedded null (CN=www.nomatch.com, Alt=localhost\0h)
* Check for bad common name (CN=www.nomatch.com, Alt=None)
* Check for bad alternate name (CN=www.nomatch.com, Alt=www.nomatch.com)
* Check for good wildcard common name (CN=*localhost, Alt=None)
* Check for good wildcard alternate name (CN=www.nomatch.com, Alt=*localhost)
 2018-06-12 14:15:34 -07:00
David Garske
292e9535ae Fix for wolfSSL_ERR_clear_error to call wc_ClearErrorNodes when its available (mismatched macros), which was incorrectly causing test_wolfSSL_ERR_put_error to fail. Added test_wolfSSL_PEM_PrivateKey test for ECC based key. Refactored the RNG test to only run the reseed test if TEST_RESEED_INTERVAL is defined. This is the test that was causing the tests/api.c to take so long to complete. Will add this macro to the enable options test. 2018-06-12 09:38:18 -07:00
David Garske
e1890a4b0e Added some bad argument checks on compatibility functions BIO_new_mem_buf and PEM_read_bio_PrivateKey. 2018-06-12 09:38:18 -07:00
David Garske
ad0a10441d Fixes for building with openssl compatibility enabled and no TLS client/server. 
Resolves issues building with:
`./configure --enable-opensslextra --disable-rsa --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`
`./configure --enable-opensslextra --disable-ecc --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples`

Ticket 3872
 2018-06-12 09:38:18 -07:00
toddouska
cb8351c027
Merge pull request #1607 from SparkiDev/tls13_interop_ver 
Return TLS 1.3 draft version in ServerHello
 2018-06-12 08:30:48 -07:00
toddouska
766323e90f
Merge pull request #1613 from SparkiDev/tls13_post_auth 
Fix post authentication for TLS 1.3
 2018-06-12 08:29:38 -07:00
toddouska
3b74dbf86a
Merge pull request #1609 from SparkiDev/tls13_time 
Don't include sys/time.h explicitly in tls13.c
 2018-06-12 08:27:43 -07:00
toddouska
49b82456eb
Merge pull request #1618 from cconlon/opensslcompat 
Align return values for EVP_DigestUpdate/Final for OpenSSL Compatibility
 2018-06-12 08:25:18 -07:00
toddouska
29410ada1e
Merge pull request #1595 from SparkiDev/tls13_cipher_down 
Fix for downgrading from TLS 1.3 due to old cipher suite
 2018-06-12 08:24:26 -07:00
toddouska
f2a20c4232
Merge pull request #1573 from SparkiDev/tls_pad_vfy 
Constant time padding and HMAC verification in TLS
 2018-06-12 08:22:32 -07:00
Sean Parkinson
b7caab938e Fix post authentication for TLS 1.3 2018-06-12 09:49:23 +10:00
Chris Conlon
a472325f89 return WOLFSSL_FAILURE on error from EVP_DigestUpdate() and EVP_DigestFinal() 2018-06-11 14:27:08 -06:00
David Garske
e99fc3026d Fixed issue with MatchDomainName. Fixes issue #1606. This is a valid and confirmed bug report in v3.15.0. Applies to ./configure --enable-sni case with wolfSSL_CTX_UseSNI where common name has wildcards. Pushing fix for visibility now and will add test case. 2018-06-08 10:09:53 -07:00
toddouska
bea0e6142a
Merge pull request #1608 from dgarske/maxcerfix 
Resolves issue with reassembling large certificates
 2018-06-08 08:25:14 -07:00
Sean Parkinson
587f4ae79e Don't include sys/time.h explicitly in tls13.c 2018-06-08 09:00:12 +10:00
David Garske
00ddeb07d8 Resolves issue with reassembling large certificates. The ProcessPeerCerts function was using the wrong max size check for certs. Built and test with ./configure CFLAGS="-DMAX_CERTIFICATE_SZ=20000". 2018-06-07 15:56:37 -07:00
Sean Parkinson
020b69aba0 Return TLS 1.3 draft version in ServerHello 2018-06-07 22:01:42 +10:00
Sean Parkinson
fcd2234841 Fix for downgrading from TLS 1.3 due to old cipher suite 
TLS 1.3 specification doesn't allow downgrading based on cipher suite.
 2018-06-04 12:42:41 +10:00
Takashi Kojo
3ff8c45aa8 FILE to XFILE 2018-06-01 09:30:20 +09:00
John Safranek
8a61b7303a Remove execute bit from a few files. 2018-05-31 10:14:47 -07:00
David Garske
a2fdc6262d
Merge pull request #1586 from ejohnstown/suite-info 
Rerefactor Cipher Suite List
 2018-05-30 07:54:13 -07:00
Go Hosohara
b84f111d51 rebase with master branch and fix some code. 2018-05-30 17:15:07 +09:00
Go Hosohara
8cd357aa3a d2i_PKCS12_fp 2018-05-30 12:10:41 +09:00
Go Hosohara
c715bb5ade X509_check_ca 2018-05-30 12:08:27 +09:00
Go Hosohara
3f6b7c8833 Merge with openSSL-Compat-CRL-STORE on kojo1/wolfssl 2018-05-30 12:08:27 +09:00
Go Hosohara
0fb446ad36 i2c_ASN1_INTEGER 2018-05-30 12:03:58 +09:00
Go Hosohara
d7e4bbf1cf ASN1_STRING_print_ex 2018-05-30 11:56:43 +09:00
Go Hosohara
5c11e1440f ASN1_TIME_to_generalizedtime 2018-05-30 11:56:43 +09:00
Go Hosohara
b1ef0c808e Add all stubs. 2018-05-30 11:56:42 +09:00
Go Hosohara
5ff460bb7f OPENSSL_add_all_algorightms_noconf 2018-05-30 11:53:18 +09:00
Go Hosohara
005284a127 ASN1_GENERALIZEDTIME_free 2018-05-30 11:53:17 +09:00
Go Hosohara
24ff55b085 RAND_poll 2018-05-30 11:53:17 +09:00
Sean Parkinson
e684156a1e Constant time padding and HMAC verification in TLS 2018-05-30 09:10:46 +10:00
John Safranek
b2225a0bc0 Rerefactor Cipher Suite List 
1. Do not add iana_name to the struct if disabling error strings.
2. Change the IANA_NAME macro to SUITE_INFO, and build the suite info records as appropriate for the error string enablement.
 2018-05-29 14:34:57 -07:00
toddouska
0a35c37211
Merge pull request #1584 from SparkiDev/tls_many_nst 
Allow multiple NewSessionTicket messages
 2018-05-29 13:43:59 -07:00