wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 08:52:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,504 Commits 12 Branches 184 Tags
0065756efcb52400add08970b23043f73631b6cf
Commit Graph

4537 Commits

Author SHA1 Message Date
John Safranek
e28303b40a In DoServerKeyExchange(), when reading the DH key from the server, the 
client was checking it too strictly. The pubkey value should be checked
as strictly as the generator, for too large. The public key value is
checked mathematically elsewhere.
 2020-10-21 21:47:32 -07:00
toddouska
e4eda3e125 Merge pull request #3384 from SparkiDev/tls13_sess_tick_compat 
TLS session tickets: cannot share between TLS 1.3 and TLS 1.2
 2020-10-20 15:56:03 -07:00
toddouska
7aae784a53 Merge pull request #3399 from dgarske/zd11128 
Fix for TLS sniffer with non-standard curves
 2020-10-20 15:14:53 -07:00
toddouska
a1afc6ca4f Merge pull request #3389 from tmael/ocsp_status 
Process multiple OCSP responses
 2020-10-20 15:11:42 -07:00
toddouska
1e43d65d2a Merge pull request #3392 from SparkiDev/ocsp_must_staple 
TLS OCSP Stapling: MUST staple option
 2020-10-20 15:07:08 -07:00
Sean Parkinson
ffd55ac1fe Merge pull request #3406 from ejohnstown/dh-fix-2 
DH Fix 2
 2020-10-21 08:05:42 +10:00
toddouska
c863ca54a3 Merge pull request #3308 from julek-wolfssl/thread-safety 
Introduce thread safety to unsafe functions in wolfSSL
 2020-10-20 14:56:04 -07:00
toddouska
7c89d10e53 Merge pull request #3260 from julek-wolfssl/non-blocking-scr 
(D)TLS non-blocking SCR with example
 2020-10-20 13:45:19 -07:00
John Safranek
2c5a4ba508 DH Fix 2 
1. Add some missing frees for the error cases when the server DH public
   key is rejected.
 2020-10-20 10:32:09 -07:00
John Safranek
cd05ed3347 iDH Fix 
1. Changed the bounds of checking the key from comparisons to constants
   to comparisons against WOLFSSL object settings for the DH key bounds.
2. Removed redundant bounds check on the server's prime.
 2020-10-19 08:08:04 -07:00
Juliusz Sosinowicz
147cb8e60c Jenkins scope fixes 2020-10-19 12:46:11 +02:00
John Safranek
fc86e6a960 Fix a double error return. 2020-10-16 18:18:47 -07:00
John Safranek
ec0aab1a23 DH Fix 
1. Check the length values for the DH key domain and public key in the
   server key exchange message to make sure they are within the bounds
   set by the configuration. (Minimum key size is 2048 bits for DH.)
 2020-10-16 16:28:27 -07:00
David Garske
85b4170047 Fix for TLS sniffer with non-standard curves. If curve not provided in key share data, then use private key curve. ZD 11128. 2020-10-16 16:13:42 -07:00
John Safranek
4364700c01 DH Fix 
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
   doesn't need to be in the check for weOwnDh before freeing. There
   could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
   destination buffer should be stored at the location pointed to by the
   size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
   value before generating or getting the DH keys.
 2020-10-16 15:35:23 -07:00
Juliusz Sosinowicz
24030d5f32 Move globalRNG and co to ssl.c 2020-10-16 17:33:28 +02:00
Sean Parkinson
07e69829d7 TLS 1.3 PSK: fix for session ticket timeout 
Return straightaway if the ticket is out of date.
Need to fallback to full handshake.
 2020-10-16 14:48:29 +10:00
Sean Parkinson
60b0b0170b TLS OCSP Stapling: MUST staple option 
Can enable OCSP Must Staple option to mean that if the client sends a
request for an OCSP Staple then it must receive a response.
 2020-10-16 09:03:27 +10:00
Sean Parkinson
134e1be189 TLS session tickets: cannot share between TLS 1.3 and TLS 1.2 
When parsing ticket, check TLS version to see whether they are version
compatible.
 2020-10-15 13:02:06 +10:00
David Garske
10b1884993 Added support for handling an OCSP response with multiple status responses. 2020-10-14 14:47:24 -07:00
toddouska
1c4b15d427 Merge pull request #3369 from dgarske/sniffer_ccm 
Add AES CCM support to sniffer
 2020-10-14 14:31:57 -07:00
toddouska
8898abcc99 Merge pull request #3378 from dgarske/zd11085 
Fixes SSLv3 use of ECDH in sniffer
 2020-10-14 14:30:15 -07:00
David Garske
232028d03b Merge pull request #3386 from ejohnstown/dh-maint 
Fuzz Fix
 2020-10-13 15:47:11 -07:00
David Garske
048a3a8d5b Merge pull request #3374 from JacobBarthelmeh/Testing 
NO_FILESYSTEM build on Windows
 2020-10-13 13:26:46 -07:00
John Safranek
422683f4c3 Fuzz Fix 
GetPublicDhKey() assumes the ssl session owns the DH public key parts, and
tries to free them. They belong to the CTX initially, so it shouldn't be
freeing them, necessarily.

1. Add a check for weOwnDh first, then free the buffers if needed.
2. If there is a problem reading the keys, free the new buffers before exiting.
3. Set weOwnDh once the buffers and values have been stored
   successfully.
 2020-10-13 10:15:58 -07:00
David Garske
0d685e4f28 Merge pull request #3358 from douzzer/wolfSSL_get_ocsp_producedDate 
add wolfSSL_get_ocsp_producedDate().
 2020-10-12 15:21:10 -07:00
John Safranek
0ca202f389 Rename SKIP_SUITE to something more descriptive. Add some comments. 2020-10-12 09:49:02 -07:00
John Safranek
a05a305d70 Fix unused parameters in SKIP_SUITE. 2020-10-09 15:59:14 -07:00
John Safranek
6cfb038d11 Fix a bad ifdef. 2020-10-09 15:54:44 -07:00
John Safranek
2d85061c47 Maintenance Fixes 
Improve the reporting of the NTRU based cipher suites with the function
wolfSSL_sk_CIPHER_description().
 2020-10-09 15:01:39 -07:00
John Safranek
d8299e2764 Maintenance Fixes 
When building the list of ciphers with wolfSSL_get_ciphers_compat(),
skip the fake indicator ciphers like the renegotiation indication
and the quantum-safe hybrid since they do not have encryption or mac
algorithms associated to them.
 2020-10-09 15:01:38 -07:00
David Garske
f3fbb921c0 Fixes SSLv3 use of ECDH. The public key length byte needs to be skipped for import with SSLv3 and TLS (not TLS v1.3). ZD 11085 2020-10-09 12:01:41 -07:00
JacobBarthelmeh
bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
Daniel Pouzzner
570f55a0e3 wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac. 2020-10-08 23:26:28 -05:00
Daniel Pouzzner
7a77b6d990 rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true). 2020-10-08 22:47:16 -05:00
Daniel Pouzzner
e162d0f889 add wolfSSL_get_ocsp_producedDate(). 2020-10-08 22:47:16 -05:00
toddouska
4d11e3c83b Merge pull request #3365 from SparkiDev/ticket_align 
SSL session ticket: decrypted ticket access aligned
 2020-10-08 15:01:41 -07:00
David Garske
8a57eead51 Add AES CCM support to sniffer. ZD 11078. 2020-10-08 13:58:31 -07:00
Sean Parkinson
4f6c1db9a2 Merge pull request #3355 from douzzer/enable-more-all 
--enable-all coverage update, plus --enable-all-crypto and --enable-linuxkm-defaults
 2020-10-08 09:52:56 +10:00
Sean Parkinson
8d82fb2add SSL session ticket: decrypted ticket access aligned 
Decrypted session ticket using encrypted ticket buffer.
Alignment not correct on platforms requiring 32-bit aligned access.
Copy the decrypted data into temporary for access.
Also zeroize the unencrypted tickets after use.
 2020-10-08 08:56:49 +10:00
David Garske
4f3632c7a6 Fix for sniffer without TLS v1.3 (--enable-sniffer --disable-tls13). ZD11064. 2020-10-07 11:08:05 -07:00
Daniel Pouzzner
1c492dc0b6 cosmetic cleanups. 2020-10-06 22:14:08 -05:00
Daniel Pouzzner
a522207b14 fix memory leaks in src/internal.c:DoSessionTicket() and testsuite/testsuite.c:file_test(). 2020-10-01 14:38:26 -05:00
Daniel Pouzzner
2ed8f93592 src/internal.c: fix memory leaks in ProcessPeerCerts() and GetDhPublicKey(). 2020-10-01 14:38:26 -05:00
Kareem Abuobeid
d59784e646 Fix issues found by -fsanitize=thread. 2020-09-30 14:24:20 -07:00
toddouska
20d28e1b65 Merge pull request #3221 from julek-wolfssl/wolfSSL_dtls_import-const-buf 
Change buffer in wolfSSL_dtls_import to be const
 2020-09-30 10:45:25 -07:00
David Garske
3e0d478543 Fix for sniffer with TLS v1.2 session ticket. Logic broken in PR #3044. ZD 10926. 2020-09-29 11:11:32 -07:00
Juliusz Sosinowicz
2153009efa Fix access violation in Visual Studio Test 2020-09-29 19:47:58 +02:00
Juliusz Sosinowicz
52be7c94b8 Introduce thread safety to unsafe functions in wolfSSL 
Add warnings to one shot hash functions
 2020-09-29 16:29:45 +02:00
David Garske
7d33312f4b Merge pull request #3339 from ejohnstown/dtls-flag 
DTLS Flag
 2020-09-25 17:05:22 -07:00