WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
15,890 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

2239 Commits (dec78169bfb27ed2281d7cdb3dac3effbfc4fe1c)

Author SHA1 Message Date
David Garske dec78169bf
Merge pull request #4658 from julek-wolfssl/apache-2.4.51 
Add Apache 2.4.51 support
 2021-12-16 08:52:10 -08:00
Juliusz Sosinowicz afa6237f56 Add WOLFSSL_FORCE_AUTO_RETRY option: force retrying of network reads 2021-12-16 15:33:30 +01:00
Juliusz Sosinowicz e78f7f734e Add Apache 2.4.51 support 
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
 2021-12-16 12:39:38 +01:00
Sean Parkinson 9f6aa36866
Merge pull request #4629 from dgarske/zd13337 
Additional checking for side on TLS messages
 2021-12-07 10:13:44 +10:00
David Garske 54c3e0ac73 Additional checking for side on TLS messages. ZD13337 2021-12-03 11:49:08 -08:00
Jacob Barthelmeh 1ec86ee4cc add human readable string of IP 2021-12-02 16:04:58 -07:00
David Garske 9f611e8b80
Merge pull request #4589 from JacobBarthelmeh/native-lwip 
Native LwIP support update
 2021-12-01 10:37:13 -08:00
Sean Parkinson d06ada2ccc
Merge pull request #4610 from julek-wolfssl/nginx-1.21.4 
Add support for Nginx 1.21.4
 2021-12-01 22:27:12 +10:00
Juliusz Sosinowicz aac1b406df Add support for Nginx 1.21.4 
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
 2021-12-01 09:49:52 +01:00
Daniel Pouzzner a33ae21801 whitespace cleanups and portability/pedantic fixes 2021-11-29 23:58:39 -06:00
Jacob Barthelmeh f7c34d22e6 add calls to user callback and adjust formating 2021-11-29 15:56:00 -07:00
Chris Conlon 7221e06ff7
Merge pull request #4588 from miyazakh/sce_protect_mode_e2studio 2021-11-29 15:32:48 -07:00
Hideki Miyazaki fb4e39f00a
addressed review comments prt1 2021-11-26 16:03:42 +09:00
Hideki Miyazaki 82eb23b300
addressed jenkins failures 2021-11-20 10:15:57 +09:00
David Garske 5182e2a8c8
Merge pull request #4580 from kareem-wolfssl/minor_fixes 
Check ssl->arrays in SendClientHello to avoid null dereference.  Allow building with fallthrough defined.
 2021-11-19 16:55:01 -08:00
Hideki Miyazaki d00c7641ae
addressed jenkins failure 2021-11-20 09:14:21 +09:00
David Garske 617668b9aa
Merge pull request #4585 from kareem-wolfssl/encryptMacFix 
Fix building Import/ExportOptions with HAVE_ENCRYPT_THEN_MAC undefined.
 2021-11-19 13:45:16 -08:00
Kareem fd6d479888 Rework ssl and ssl->arrays NULL checks, and add to SendTls13ClientHello as well. 2021-11-19 14:19:27 -07:00
Kareem 930e1ac473 Check ssl->arrays in SendClientHello to avoid null dereference. Allow building with fallthrough defined. 2021-11-19 14:06:54 -07:00
Hideki Miyazaki f50fcd918e support Renesas RA SCE protect mode on RA6M4 evaluation board 2021-11-19 14:22:16 +09:00
Sean Parkinson 7e81372131
Merge pull request #4583 from dgarske/zd13242 
Improve `ret` handling in the `ProcessPeerCerts` verify step.
 2021-11-19 10:22:08 +10:00
Kareem 757f3b8105 Fix building Import/ExportOptions with HAVE_ENCRYPT_THEN_MAC undefined. 2021-11-18 16:06:22 -07:00
David Garske 3054f20c6a Improve `ret` handling in the `ProcessPeerCerts` verify step. 2021-11-18 14:51:09 -08:00
David Garske 2841b5c93b
Merge pull request #3010 from kaleb-himes/ZD10203 
Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA
 2021-11-18 14:47:25 -08:00
JacobBarthelmeh b42a0d9712 native lwip update 2021-11-17 17:36:44 -07:00
Anthony Hu 39edf8d206 pulled up a line. 2021-11-17 16:38:30 -05:00
Anthony Hu 49c7abb875 Changes suggested by SparkiDev. 2021-11-17 16:38:30 -05:00
Anthony Hu 5c48e74c7f 0xFF 2021-11-17 16:38:30 -05:00
Anthony Hu 0ae0b31509 The following config: 
./configure --with-liboqs --enable-all --disable-psk --enable-intelasm --enable-aesni --enable-sp-math-all --enable-sp-asm CFLAGS="-O3"

Yeilds the following erorr:

src/internal.c: In function ‘DoServerKeyExchange’:
src/internal.c:24487:28: error: ‘sigAlgo’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
24487 |                         if (sigAlgo == ed448_sa_algo &&
      |                            ^

This fixes it.
 2021-11-17 16:38:30 -05:00
Sean Parkinson d6219567c1
Merge pull request #4565 from dgarske/spelling 
Fixes for spelling errors
 2021-11-15 08:20:41 +10:00
David Garske a626a4fb02 Fixes for spelling errors. 2021-11-12 10:27:49 -08:00
Juliusz Sosinowicz 361975abbc Refactor sk_*_free functions 
Use a single `wolfSSL_sk_pop_free` and `wolfSSL_sk_free` function that free's the stack and optionally free's the node content as well.
 2021-11-12 13:55:37 +01:00
kaleb-himes 6547bcb44c Consistency in PP checking on use of WOLFSSL_CRYPTO_EX_DATA 2021-11-11 17:47:17 -07:00
Sean Parkinson b5fd899113 TLS 1.2: check signature algo in ServerKeyExchange 2021-11-11 18:54:30 +10:00
David Garske df82b01e68 Added x448 static ephemeral support. 2021-11-09 08:27:42 -08:00
David Garske e91439f2eb Fixes for static ephemeral key support with threading and possible use after free. 2021-11-09 08:25:47 -08:00
Daniel Pouzzner 18e487069b src/internal.c: fix typo introduced in earlier "typographic cleanup". 2021-11-08 18:24:08 -06:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
David Garske 3a9be7373f
Merge pull request #4532 from embhorn/zd13139 
Fix mem leak in HandleTlsResumption
 2021-11-08 08:39:45 -08:00
Eric Blankenhorn d6264059ac Fix mem leak in HandleTlsResumption 2021-11-05 11:40:40 -05:00
Chris Conlon ae84a2a326
Merge pull request #4293 from TakayukiMatsuo/set_min_proto 
Add support for value zero as version parameter for SSL_CTX_set_min/max_proto_version
 2021-11-04 14:59:34 -06:00
Anthony Hu 81def76b18 The NIST round 3 Falcon Signature Scheme integration. 2021-11-02 11:12:10 -04:00
David Garske 6b3ff9bae2
Merge pull request #4459 from julek-wolfssl/missing-ext 
Add x509 name attributes and extensions to DER parsing and generation
 2021-10-28 14:30:37 -07:00
David Garske 0a26335243
Merge pull request #4446 from ejohnstown/dtls-sizing 
DTLS Sizing
 2021-10-28 14:15:36 -07:00
Juliusz Sosinowicz a6be157628 Gate new AKID functionality on `WOLFSSL_AKID_NAME` 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz c162196b27 Add x509 name attributes and extensions to DER parsing and generation 
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz 894303be59 Make the `wolfSSL_GetMaxFragSize` parameter meaning consistent 
- Add testing for sending as much app data as possible in a single DTLS record
 2021-10-28 14:46:15 +02:00
John Safranek 7cbfb27fa0 When adding cipherExtraData(), also account for TLSv1.3. 2021-10-27 15:12:31 -07:00
John Safranek 9f3f9c53fd Remove debugging printfs. Added some guards around DTLS and AEAD only things. 2021-10-27 15:12:31 -07:00
Juliusz Sosinowicz be3b6b47ef DTLS MTU fixes 2021-10-27 15:12:31 -07:00