d6440be4a9
Fix for SSL_set_mtu -> wolfSSL_set_mtu_compat return code. Update comment for wolfSSL_is_init_finished indicating it works for TLS and DTLS.
2025-01-03 10:10:37 -08:00
4cc3eec587
Implement wolfSSL_X509_STORE_set_default_paths
2025-01-03 17:09:30 +01:00
5ee8af2351
wolfSSL_i2o_ECPublicKey: use uncompressed when selected
2025-01-03 14:24:34 +01:00
af96f294fa
Add MD4 to EVP layer
2024-12-31 16:58:58 +01:00
3cb2bb3759
OBJ_sn2nid: use correct short names
2024-12-31 12:50:04 +01:00
c9bcbd8c52
fix for dead code warning CID444417
2024-12-30 16:14:28 -07:00
8d7c60017c
Merge pull request #8263 from JacobBarthelmeh/rsa_pss
...
account for rsa_pss_rsae vs rsa_pss_pss type
2024-12-28 13:47:30 -08:00
2e8f0176c9
Merge pull request #8316 from JacobBarthelmeh/x509ref
...
Up X509 refrence count and add test case
2024-12-27 10:37:28 -08:00
3ee08d81db
fix for check on number of objects when free'ing and add test case
2024-12-27 08:09:03 -08:00
5c6fdb52f1
Merge pull request #8319 from philljj/fix_coverity
...
coverity: correct lock message, check fd value.
2024-12-26 12:53:36 -08:00
f57f044b39
Merge pull request #8318 from dgarske/CID444418
...
Fix for finishedSz checking with TLSv1.3 and `WOLFSSL_HAVE_TLS_UNIQUE` (CID444418)
2024-12-24 15:41:25 -07:00
c71392bb7e
coverity: correct lock message, check fd value.
2024-12-24 16:31:16 -06:00
e1baf27831
CID444418. Fix for finishSz checking with TLSv1.3 and WOLFSSL_HAVE_TLS_UNIQUE.
2024-12-24 13:38:57 -08:00
545257e498
CID 444416
2024-12-24 09:35:40 -07:00
3aa2881cd4
account for rsa_pss_rsae vs rsa_pss_pss type
2024-12-23 23:45:33 -07:00
2409971b14
Merge pull request #8224 from julek-wolfssl/dtls-server-demux
...
DTLS: Add server side stateless and CID QoL API
2024-12-23 10:01:01 -07:00
ad20593569
Merge pull request #8279 from LinuxJedi/sk_push_comments
...
Fix code comments for some x509.c functions
2024-12-21 00:09:18 -06:00
9d3e477b63
src/ssl.c: gate wolfSSL_dtls_set_pending_peer() on !defined(WOLFSSL_NO_SOCK), not just defined(WOLFSSL_DTLS_CID).
...
tests/api.c: in test_dtls12_basic_connection_id(), omit chacha20 suites if defined(HAVE_FIPS), and fix gate on DHE-PSK-NULL-SHA256.
2024-12-20 17:24:13 -06:00
afc7e0eb8c
Merge pull request #8308 from cconlon/sessTickLenCheck
...
Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check
2024-12-20 16:41:09 -06:00
7cebe95138
Merge pull request #8304 from SparkiDev/regression_fixes_15
...
Regression testing: fixes
2024-12-20 11:29:15 -07:00
f68f99b000
Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check
2024-12-20 09:48:01 -07:00
8bbe8a7c8a
Fix a couple of missing bounds checks found via code analyzer.
2024-12-19 17:01:25 -07:00
b7c1e1cf35
Regression testing: fixes
...
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.
wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'
tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'
tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
2024-12-20 09:25:03 +10:00
00f83facb2
Merge pull request #8302 from cconlon/sessTickLenCheck
...
Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side
2024-12-20 08:44:10 +10:00
2f4329306b
Initial Extended Master Secret PK Callback ZD#19038
2024-12-19 15:43:58 -07:00
1101841b95
Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side
2024-12-19 14:26:22 -07:00
994f218fcb
src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL.
...
configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO.
2024-12-19 14:29:39 -06:00
836ee1cbd5
Merge pull request #8298 from lealem47/zd18920
...
Printing the rfc822Mailbox x509 attribute
2024-12-18 22:19:32 -06:00
b5c47d27e0
fedora crypto-policies: initial support.
2024-12-18 16:56:36 -06:00
9cb75ef5f8
fixup! DTLS: Add server side stateless and CID QoL API
2024-12-18 09:31:25 +01:00
fe9a5fcd42
fixup! Code review and jenkins fixes
2024-12-18 09:31:25 +01:00
faa7b8dfaa
wolfSSLReceive: Error return on interrupted connection
...
Interrupted connection should return control to the user since they may want to handle the signal that caused the interrupt. Otherwise, we might never give back control to the user (the timeout would error out but that causes a big delay).
socat.yml: in test 475, the test would send a SIGTERM after 3 seconds. We would continue to ignore this signal and continue to call `recvfrom`. Instead we should error out and give control back to the user.
2024-12-18 09:31:25 +01:00
a1ee953411
Protect peer access when WOLFSSL_RW_THREADED
2024-12-18 09:31:25 +01:00
4795e0d920
Refactor dtls pending peer processing
2024-12-18 09:31:25 +01:00
3ded2bc05d
Code review and jenkins fixes
2024-12-18 09:31:25 +01:00
71337d2959
Client TLS: Set traffic decrypt keys when parsing Finished
2024-12-18 09:31:25 +01:00
daa57c492d
DTLS: Add server side stateless and CID QoL API
...
- wolfDTLS_accept_stateless - statelessly listen for incoming connections
- wolfSSL_inject - insert data into WOLFSSL object
- wolfSSL_SSL(Enable|Disable)Read - enable/disable reading from IO
- wolfSSL_get_wfd - get the write side file descriptor
- wolfSSL_dtls_set_pending_peer - set the pending peer that will be upgraded to regular peer when we successfully de-protect a DTLS record
- wolfSSL_dtls_get0_peer - zero copy access to the peer address
- wolfSSL_is_stateful - boolean to check if we have entered stateful processing
- wolfSSL_dtls_cid_get0_rx - zero copy access to the rx cid
- wolfSSL_dtls_cid_get0_tx - zero copy access to the tx cid
- wolfSSL_dtls_cid_parse - extract cid from a datagram/message
2024-12-18 09:31:24 +01:00
651dab3dbf
Printing the rfc822Mailbox x509 attribute
2024-12-17 15:39:23 -07:00
356889a528
Add --disable-tls option that can be used with --enable-all to disable TLS features and set NO_TLS. Useful for allowing certificate manager and crypto compatibility API's only.
2024-12-17 13:40:03 -08:00
6151160e58
Further fixes with NO_TLS to support use with compatibility layer.
2024-12-17 09:24:38 -08:00
a2b5da8651
Fix nested NO_TLS.
2024-12-17 08:33:33 -08:00
14e3372826
Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check
2024-12-17 08:33:32 -08:00
22e95081cd
Merge pull request #8181 from gojimmypi/dev-compiler-message
...
Initialize vars & change types to appease Windows/VS
2024-12-16 23:19:05 -06:00
e3876fcab7
Merge pull request #8287 from JacobBarthelmeh/sigfault
...
fix for sig fault harden build
2024-12-16 09:04:29 +10:00
d7e40e7413
Merge pull request #8264 from dgarske/various_20241206
...
Various cleanups and fixes
2024-12-13 13:48:10 -07:00
68e85ef33a
Merge pull request #8252 from anhu/use_srtp_retcode
...
wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 up…
2024-12-13 13:35:49 -07:00
a22176af40
fix for sig fault harden build
2024-12-13 10:34:23 -07:00
d4af181593
Add support for the RFC822 Mailbox attribute.
2024-12-12 12:37:32 -07:00
8ecbd3479e
Fix code comments for some x509.c functions
...
The return of `wolfSSL_sk_push` was changed, but some of the functions
that use it did not have their return comments updated appropriately.
2024-12-12 16:21:16 +00:00
88241f1a2c
Merge pull request #8267 from ColtonWilley/pkcs11_cert_support
...
PKCS11 cert support
2024-12-11 16:04:58 -06:00
David Garske
Juliusz Sosinowicz
JacobBarthelmeh
jordan
msi-debian
Daniel Pouzzner
Chris Conlon
Kareem
Sean Parkinson
night1rider
Lealem Amedie
Andrew Hutchings