wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 11:19:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,255 Commits 12 Branches 184 Tags
0ba3646f32ee7624de379d5aac413f04e796bc3e
Commit Graph

7511 Commits

Author SHA1 Message Date
Sean Parkinson
6c8bf7be55 Merge pull request #6963 from julek-wolfssl/dynamic-certs-n-ciphers 
Add API to choose dynamic certs based on client ciphers/sigalgs
 2023-12-08 07:45:36 +10:00
JacobBarthelmeh
9d0bb4c2bf Merge pull request #7040 from dgarske/win_vs 
Fixes for building wolfSSL in Visual Studio
 2023-12-07 10:02:33 -07:00
Juliusz Sosinowicz
fbe79d7317 Code review 2023-12-07 11:13:16 +01:00
Sean Parkinson
c6d6100136 Merge pull request #7010 from julek-wolfssl/dtls13-0.5-rtt 
dtls13: Add support for 0.5-RTT data
 2023-12-07 08:41:42 +10:00
David Garske
db14914951 Fixes for building wolfSSL in Visual Studio. Adds missing files. Fix for type cast warnings. 2023-12-06 13:20:27 -08:00
JacobBarthelmeh
2c9208b0c6 Merge pull request #6765 from kojo1/zd16462 
Eliminate bad record mac alert
 2023-12-06 09:15:41 -07:00
JacobBarthelmeh
4c85a5a146 Merge pull request #7028 from ejohnstown/ocsp-err-ret 
OCSP Error Return
 2023-12-05 11:00:51 -07:00
David Garske
b92aa59bd8 Merge pull request #6692 from JacobBarthelmeh/tls13 
fix setting ssl error with TLS 1.3 connect socket errors
 2023-12-05 09:15:29 -08:00
JacobBarthelmeh
1857648d7d Merge pull request #6976 from embhorn/gh6974 
Fix build errors with dtls1.3 and no tls1.2
 2023-12-04 14:53:35 -07:00
John Safranek
52658c51a9 OCSP Error Return 
1. In CheckOcspResponse(), remove the existing check for UNKNOWN
   certificate status. Given the values of ret and ocsp->error, unknown
   won't get checked.
2. Separated checks for UKNOWN and REJECTED for logging purposes. Return
   that as an error.
3. Anything else should be a failure.
 2023-12-04 11:31:04 -08:00
Jacob Barthelmeh
ef536f541f fix setting ssh error with TLS 1.3 connect socket errors 2023-12-04 09:09:09 -07:00
JacobBarthelmeh
a1e74d9974 Merge pull request #7014 from SparkiDev/ssl_free_tlsx_fixup 
SSL_free, TLSX_Remove calls: fix #if protection
 2023-11-30 16:56:46 -07:00
jordan
9265142369 Used codespell and fixed obvious typos. 2023-11-30 13:09:55 -06:00
JacobBarthelmeh
a7e5c6c721 Merge pull request #7011 from philljj/add_missing_aesinit 
Add missing wc_AesInit calls.
 2023-11-30 11:01:02 -07:00
Daniel Pouzzner
cb381a2336 src/tls.c: fix misspelling in TLSX_KeyShare_ProcessPqc(). 2023-11-30 10:12:17 -06:00
Sean Parkinson
7ebad05446 SSL_free, TLSX_Remove calls: fix #if protection 
TLSX_Remove calls added to FreeHanshakeResources() for when TLSX_FreeAll
can't be called but TLSX still being used.
Fix #if protection to compile in TLSX_Remove calls when available.
 2023-11-30 09:27:29 +10:00
Juliusz Sosinowicz
e891c721b8 fixup! dtls13: Add support for 0.5-RTT data 2023-11-29 23:22:38 +01:00
Juliusz Sosinowicz
3edfcfe162 Jenkins fixes 2023-11-29 23:17:10 +01:00
Juliusz Sosinowicz
9337cfbb16 Add wolfSSL_get_sigalg_info 2023-11-29 23:04:19 +01:00
Juliusz Sosinowicz
7c2344c389 Add API to get information about ciphersuites 2023-11-29 23:04:19 +01:00
Juliusz Sosinowicz
fbd8996949 Add API to choose dynamic certs based on client ciphers/sigalgs 2023-11-29 23:04:19 +01:00
Daniel Pouzzner
73ca6daf2b wolfssl/wolfcrypt/types.h: add needed (void)s for unused args to several XMALLOC/XFREE/XREALLOC macros that were missing them. 
src/quic.c: fix misspelled DYNAMIC_TYPE_TMP_BUFFER.
 2023-11-29 16:02:39 -06:00
jordan
3158e04863 Add missing wc_AesInit calls. 2023-11-29 12:54:28 -06:00
Juliusz Sosinowicz
a7dce98797 Don't touch processReply state in DoApplicationData 2023-11-29 19:11:49 +01:00
Juliusz Sosinowicz
c87339e5c3 dtls13: Add support for 0.5-RTT data 2023-11-29 15:55:59 +01:00
Daniel Pouzzner
4642077146 src/ssl.c: remove frivolous (void)heap to clear -Wdeclaration-after-statement. 
wolfcrypt/src/aes.c: add NEED_AES_TABLES gate around AesSetKey_C() implementations (fixes WOLFSSL_KCAPI_AES builds, probably among others).

wolfcrypt/src/sp_int.c: add missing casts to clear -Wconversions.
 2023-11-28 23:25:31 -06:00
JacobBarthelmeh
373fc537f1 Merge pull request #7003 from SparkiDev/ssl_make_x25519_key_temp 
SSL: make temp X25519/X448 key failure
 2023-11-28 10:46:51 -07:00
Sean Parkinson
09d2ba8bc8 Memory usage fixes: nonce type and TLSX extension free 
Nonce ciphers other than AES. Free uses DYNAMIC_TYPE_CIPHER.
AES allocation must use DYNAMIC_TYPE_CIPHER too.

If not all TLSX extensions can be freed, then free the ones that can.
Update TLSX_free() to have a message for each case.
 2023-11-28 12:56:06 +10:00
JacobBarthelmeh
36015e9131 Merge pull request #6998 from SparkiDev/tls_pad_no_hash_raw_fix 
TLS_hmac: when no raw hash, make sure maxSz is not neg
 2023-11-27 09:37:57 -07:00
Sean Parkinson
f65f8be176 SSL: make temp X25519/X448 key failure 
On failure to make the temporary X25519/X448 key, free it as the type is
stored in eccTempKeyPresent which also indicates a valid key is present.
Otherwise on SSL free, it will default to freeing the key with ECC APIs.
 2023-11-27 08:50:22 +10:00
JacobBarthelmeh
008d4958bf Merge pull request #7001 from dgarske/testnb 
Fix for TLS v1.3 in non-blocking loosing return code from `SendBuffered`
 2023-11-24 12:34:57 -07:00
David Garske
09b6974ae9 Fix for TLS v1.3 in non-blocking loosing return code from SendBuffered. Example: SendBuffered returns WANT_WRITE (-327) and sets ssl->error, then below it was doing ssl->error = ret where ret = 0. 2023-11-24 09:30:09 -08:00
Sean Parkinson
bc36202087 TLS_hmac: when no raw hash, make sure maxSz is not neg 
When padding byte is invalid, the maxSz can be negative.
Make maxSz 0 in this case so that blocks doesn't get very large and
cause delays.
 2023-11-23 09:51:44 +10:00
JacobBarthelmeh
5b3f5496f8 Merge pull request #6430 from kareem-wolfssl/memcached 
Add memcached support.
 2023-11-22 16:20:28 -07:00
gojimmypi
6c41a6a374 Initialize variables to appease Espressif compiler 2023-11-22 13:02:51 -08:00
JacobBarthelmeh
0306d07c47 Merge pull request #6994 from embhorn/gh6988 
Fix spelling warnings
 2023-11-22 13:29:51 -07:00
Kareem
e175410b00 memcached: Revert wolfSSL_in_connect_init changes 2023-11-22 11:55:16 -07:00
Eric Blankenhorn
7223b5a708 Fix spelling warnings 2023-11-22 12:34:56 -06:00
JacobBarthelmeh
2f920b5cc4 Merge pull request #6892 from embhorn/gh6890 
Add error reporting to loadX509orX509REQFromBuffer
 2023-11-22 11:18:45 -07:00
Kareem
72cbd9a44e memcached: Code review feedback 2023-11-21 17:59:55 -07:00
JacobBarthelmeh
ebbeb6c69e Merge pull request #6984 from res0nance/pqc-crash-fix 
tls: return immediately if kyber_id2type() fails
 2023-11-21 09:35:22 -07:00
Kareem
ca61034d22 Add memcached support. 
memcached support: add required functions/defines.

Fix running unit test when defining DEBUG_WOLFSSL_VERBOSE without OPENSSL_EXTRA.

Break out session_id_context APIs into separate option WOLFSSL_SESSION_ID_CTX, so they can be used without OPENSSL_EXTRA.

Make wolfSSL_ERR_get_error and wolfSSL_CTX_set_mode available for memcached.

Add --enable-memcached.

Include required defines for memcached.

Revert unit test fix, no longer needed.

Add Github actions test for memcached.  Stop defining DEBUG_WOLFSSL_VERBOSE for memcached.

Add auto retry to writes.

Memcached CI: correct libevent package name.

Memcached CI: Add pkgconfig path for Github CI wolfSSL prefix.

memcached: Fix WOLFSSL_OP_NO_RENEGOTIATION going outside of int bounds, add LD_LIBRARY_PATH for memcached CI test.

memcached CI: Use correct path for wolfSSL

memcached: Add required perl dependency for SSL tests

memcached: Update to 1.6.22

memcached: actually test tls

memcached: Update wolfSSL_SSL_in_before to be side agnostic.
 2023-11-20 10:10:34 -07:00
Daniel Pouzzner
7dedfe08ef cryptonly and linuxkm fixes: fix --enable-all[-crypto] with --enable-opensslextra and --enable-cryptonly (build failures detected by multi-test linuxkm-all-asm-cryptonly-opensslextra-pie after merge of 54f2d56300 and e2bbacd548). 2023-11-19 17:22:46 -06:00
Sean Parkinson
9ed0018954 Merge pull request #6980 from gojimmypi/SM-cipher-type-PR 
Fix evp SM cipherType check
 2023-11-20 07:22:54 +10:00
res0nance
98789dc000 tls: return immediately if kyber_id2type() fails 
This prevents a crash as ecc_key is not initialized but the
free function is still called.
 2023-11-18 15:44:03 +08:00
gojimmypi
16dba37ae6 fix wolfSSL_EVP_CIPHER_CTX_ctrl() SM GCM/CCM type 2023-11-17 07:56:56 -08:00
JacobBarthelmeh
957a0ce300 Merge pull request #6964 from lealem47/zd16470 
Parse explicit parameters in StoreEccKey()
 2023-11-16 15:59:21 -07:00
JacobBarthelmeh
6945093221 Merge pull request #6935 from SparkiDev/ssl_crypto_extract 
ssl.c: Move out crypto compat APIs
 2023-11-16 11:58:14 -07:00
Daniel Pouzzner
263973bde9 src/wolfio.c: fix stack allocations for cookie digests on NO_SHA builds; 
configure.ac: fix dependencies for enable_dsa vs enable_sha in enable-all, enable-all-crypto, and ENABLED_DSA setup.
 2023-11-15 14:43:23 -06:00
Eric Blankenhorn
7bbeadcf97 Fix build errors with dtls1.3 and no tls1.2 2023-11-15 10:37:09 -06:00