mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13,095 Commits 5 Branches 162 Tags
Commit Graph

13095 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
68209f91fb
Merge pull request #3465 from kaleb-himes/DOX_UPDATE_wc_RsaPublicEncrypt 
Address report on issue #3161
 2020-11-10 14:52:20 -08:00
David Garske
fcd73135f5
Merge pull request #3479 from tmael/ocsp_NULL 
Check <hash> input parameter in GetCA
 2020-11-10 14:46:05 -08:00
Daniel Pouzzner
958fec3b45 internal.c:ProcessPeerCerts(): fix a core.NullDereference detected by llvm9 and llvm11 scan-builds. 2020-11-10 16:40:28 -06:00
Chris Conlon
7b50cddf8c
Merge pull request #3387 from ethanlooney/27th_branch 
Added unit test for evp.c
 2020-11-10 13:27:33 -07:00
David Garske
8645e9754e Only set ssl->ecdhCurveOID if not already populated. 2020-11-10 09:47:38 -08:00
David Garske
1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske
fa1af37470 Fix for FIPS ready CAVP tests. For now it requires ECC 192-bit. 2020-11-10 09:47:37 -08:00
David Garske
5de80d8e41 Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske
b13848e568 Fix tests to handle ECC < 224 not enabled. 2020-11-10 09:47:37 -08:00
David Garske
6bd98afdd0 Only allow TLS ECDH key sizes < 160-bits if ECC_WEAK_CURVES is defined. 2020-11-10 09:47:37 -08:00
David Garske
c697520826 Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits. 2020-11-10 09:47:36 -08:00
David Garske
62dca90e74 Fix for server-side reporting of curve in wolfSSL_get_curve_name if client_hello includes ffdhe, but ECC curve is used. 2020-11-10 09:47:36 -08:00
David Garske
d7dee5d9e6 Fix for ECC minimum key size, which is 112 bits. 2020-11-10 09:47:36 -08:00
David Garske
6ac1fc5cff Fix include.am typo. 2020-11-10 09:47:36 -08:00
David Garske
10f459f891 Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256. 2020-11-10 09:47:36 -08:00
David Garske
fb9ed686cb Fix for TLS with non-standard curves. The generted ECC ephemeral key did not use the same curve type as peer. Only the server was populating ssl->ecdhCurveOID. Now the curveOID is populated for both and as a fail-safe the peer key curve is used as default (when available). 2020-11-10 09:47:36 -08:00
David Garske
045fc4d686 Fixes to support overriding minimum key sizes for examples. 2020-11-10 09:47:36 -08:00
David Garske
bfb6138fc5
Merge pull request #3480 from douzzer/fix-sniffer-printf-null-Wformat-overflow 
TraceSetNamedServer() null arg default vals; FIPS wc_MakeRsaKey() PRIME_GEN_E retries; external.test config dependencies
 2020-11-10 09:37:36 -08:00
Daniel Pouzzner
5625929c83 scripts/external.test: skip test when -UHAVE_ECC. 2020-11-10 01:27:45 -06:00
Daniel Pouzzner
196ae63eb2 scripts/external.test: skip test when -DWOLFSSL_SNIFFER (staticCipherList in client.c is incompatible). 2020-11-10 00:03:02 -06:00
Daniel Pouzzner
bd38124814 ssl.c: refactor wolfSSL_RSA_generate_key() and wolfSSL_RSA_generate_key_ex() to retry failed wc_MakeRsaKey() on PRIME_GEN_E when -DHAVE_FIPS, matching non-FIPS behavior, to eliminate exposed nondeterministic failures due to finite failCount. 2020-11-09 21:24:34 -06:00
toddouska
3050f28890
Merge pull request #3467 from cconlon/rc2vs 
rc2.c to Visual Studio projects, fix warnings
 2020-11-09 13:52:03 -08:00
David Garske
f02c3aab2e
Merge pull request #3475 from ejohnstown/nsup 
Hush Unused Param Warning
 2020-11-09 11:04:05 -08:00
Daniel Pouzzner
4b1a779fcc tests: fix for fips-test -Wunused-variable on "rng" 2020-11-09 11:54:49 -06:00
David Garske
7e3efa3792
Merge pull request #3474 from douzzer/lighttpd-update-1.4.56 
lighttpd support update for v1.4.56
 2020-11-09 09:24:58 -08:00
Tesfa Mael
a5caf1be01 Check for NULL 2020-11-09 08:45:48 -08:00
Daniel Pouzzner
22bcceb2d3 src/sniffer.c: guard against null arguments to TraceSetNamedServer(), to eliminate -Werror=format-overflow= warnings from gcc. 2020-11-06 17:40:12 -06:00
Chris Conlon
c0c452b0a1 reset content length in PKCS7_VerifySignedData for multiPart OCTET_STRING bundles 2020-11-06 16:36:58 -07:00
Kaleb Himes
937a7ce8ce
Merge pull request #3448 from dgarske/crypto_cb 
Improve the crypto callback for ASN
 2020-11-06 15:26:11 -07:00
John Safranek
884a9b59ab
Merge pull request #3461 from dgarske/fips_ready_wopensslextra 
Fix for FIPS ready with openssl compat
 2020-11-06 13:14:06 -08:00
Ethan Looney
a6e0d3eb29 Changed hardcoded values to variables, changed where some variables were defined, etc 2020-11-06 14:04:27 -07:00
Chris Conlon
ac4c8a0112
Merge pull request #3419 from ethanlooney/29th_branch 
Added case for Logging.c unit test
 2020-11-06 13:10:24 -07:00
toddouska
4110297b62
Merge pull request #3473 from embhorn/zd11198 
wc_SetIssuerRaw should copy raw subject to issuer
 2020-11-06 10:48:37 -08:00
toddouska
b4e7f196df
Merge pull request #3470 from SparkiDev/config_fix_3 
TLS configurations fixes
 2020-11-06 10:35:51 -08:00
toddouska
3f25cda354
Merge pull request #3469 from SparkiDev/cpuid_sp_asm 
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
 2020-11-06 10:34:40 -08:00
John Safranek
abd6f6ce18
Hush Unused Param Warning 
Removed a guard check for NO_WOLFSSL_STUB from wolfSSL_X509_print_ex().
To recreate:

    $ ./configure --enable-opensslextra CPPFLAGS="-DNO_WOLFSSL_STUB"
    $ make
 2020-11-06 10:30:47 -08:00
toddouska
f3d961b1b1
Merge pull request #3453 from dgarske/ZD11159 
Fix for possible memory leak when overriding error for verify callback
 2020-11-06 10:18:52 -08:00
toddouska
f9ec7c472a
Merge pull request #3440 from ejohnstown/ntf3 
Nightly Test Fix
 2020-11-06 10:15:23 -08:00
Hayden Roche
2cad844d29
Merge pull request #3421 from dgarske/apache_httpd 
Apache httpd w/TLS 1.3 support
 2020-11-06 12:14:58 -06:00
David Garske
0d2e28ce80 Fix for error: unused function 'MonthStr' 2020-11-06 10:11:48 -08:00
Daniel Pouzzner
dcff103c84 tests/api.c: fixes for compilability re NO_BIO 2020-11-05 22:19:16 -06:00
Daniel Pouzzner
4030523eb5 ssl.c: remove duplicate definition of wolfSSL_CTX_check_private_key(). 2020-11-05 21:57:33 -06:00
Glenn Strauss
f9e48ee361 build updates for lighttpd: recommend -DNO_BIO 
(cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a)
 2020-11-05 20:40:43 -06:00
Glenn Strauss
92c3296e13 preprocessor -DNO_BIO to omit OpenSSL BIO API 2020-11-05 20:40:43 -06:00
Glenn Strauss
030eb9347c lighttpd: allow ssl3, tls1.0 if explicitly enabled 2020-11-05 20:40:43 -06:00
Glenn Strauss
7cee131e37 restore --enable-lighty with --enable-all 
protect lighttpd recommendations (and recommended restrictions)
to when building wolfSSL specifically for use by lighttpd, and
omit these optional settings when building `--enable-all`
 2020-11-05 20:40:43 -06:00
David Garske
a9a495270c Fix to disable CRL monitor for single threaded or lighttpd. Do not set --enable-lighty with --enable-all. 2020-11-05 20:40:43 -06:00
Glenn Strauss
daca327ba3 expose (get|set)_(app|ex)_data with HAVE_EX_DATA 
when OPENSSL_EXTRA_X509_SMALL is set
 2020-11-05 20:40:43 -06:00
Glenn Strauss
d01616a357 unhide some non-fs funcs hidden by NO_FILESYSTEM 2020-11-05 20:40:43 -06:00
Glenn Strauss
bcf1f0375b build updates for lighttpd: recommended flags 2020-11-05 20:40:43 -06:00