wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 06:02:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,228 Commits 12 Branches 184 Tags
1acd6dfab2590ecb999bb3e94a1cb5019caa0cbf
Commit Graph

4775 Commits

Author SHA1 Message Date
toddouska
1acd6dfab2 Merge pull request #3635 from SparkiDev/hmac_openssl_fix 
HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0
 2021-01-21 15:57:30 -08:00
toddouska
85f08466f9 Merge pull request #3655 from SparkiDev/ext_cache_sess 
SESSION: internal cache sessions can't be freed same as external
 2021-01-21 15:54:16 -08:00
toddouska
7b12dddf75 Merge pull request #3666 from SparkiDev/tls13_tick_before_group 
TLS 1.3: don't group and wait on send session ticket
 2021-01-21 15:49:52 -08:00
David Garske
fbe5fe1945 Merge pull request #3669 from embhorn/gh3657 
Protect use of globalRNG
 2021-01-21 14:09:59 -08:00
Juliusz Sosinowicz
d8a01c6f8b DTLS: client re-send on duplicate HelloRequest as well 2021-01-21 12:45:16 +01:00
Juliusz Sosinowicz
969de38764 Reset dtls_start_timeout on a timeout 2021-01-21 12:45:16 +01:00
Juliusz Sosinowicz
774fdc9fd6 Free HS data on rehandshake 
When we call _Rehandshake before we receive application data and the receive application data during the renegotiation process then it is possible for the send queue to be preemptively deleted
 2021-01-21 12:45:16 +01:00
Eric Blankenhorn
02114e7739 Protect use of globalRNG 2021-01-20 16:30:18 -06:00
David Garske
57b06f700d Merge pull request #3656 from haydenroche5/windows_rsa_public_decrypt 
Allow wolfSSL_RSA_public_decrypt on Windows.
 2021-01-20 09:09:49 -08:00
Hayden Roche
12abb5191d Allow wolfSSL_RSA_public_decrypt on Windows. 2021-01-20 06:57:59 -06:00
Sean Parkinson
7ec8d70eee TLS 1.3: don't group and wait on send session ticket 
The state machine goes on and frees the handshake resources which frees
the digest for the client Finished message.
 2021-01-20 10:57:37 +10:00
John Safranek
eaa1bc1ace Merge pull request #3595 from julek-wolfssl/dtls-only-resend-on-timeout 
Only resend previous flight on a timeout from the network layer
 2021-01-19 10:43:13 -08:00
toddouska
a13e9bde29 Merge pull request #3599 from julek-wolfssl/nginx-mem-leak 
Fix memory leaks
 2021-01-18 15:31:50 -08:00
toddouska
4b5d7d0595 Merge pull request #3624 from SparkiDev/tls13_set_groups 
TLS 1.3 key share: add a key share from supported list
 2021-01-18 15:18:14 -08:00
toddouska
8ae609d078 Merge pull request #3626 from SparkiDev/tls13_middlebox_fix 
TLS send change cipher: Don't set keys when negotiating TLS 1.3
 2021-01-18 15:14:58 -08:00
toddouska
cd78a5dfb2 Merge pull request #3630 from SparkiDev/no_fs_all 
X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp
 2021-01-18 13:39:21 -08:00
toddouska
fff3c77568 Merge pull request #3644 from dgarske/zd11476 
Fix for sniffer with TLS v1.2 static ECDH ciphers
 2021-01-18 13:32:57 -08:00
toddouska
b1c8825e74 Merge pull request #3647 from dgarske/zd11424 
Fix for TLS v1.3 early data mac digest
 2021-01-18 13:31:44 -08:00
Sean Parkinson
ac76ef8ee7 Curve25519: replace uint64_t with word64 
Remove usages of stdint.h types
Added a sword type for signed words.
 2021-01-18 17:30:36 +10:00
Sean Parkinson
eda1b52ee2 TLS 1.3 integrity only: initialize HMAC 
Ensure the HMAC object is initialized when allocated.
 2021-01-15 11:27:26 +10:00
Sean Parkinson
878f797a2b SESSION: internal cache sessions can't be freed same as external 
refMutex is initialized for external sessions but not internal.
Differentiate by ensuring the refCount is always 1 or more for external
and 0 for internal.
 2021-01-15 11:02:34 +10:00
Sean Parkinson
5a4dfc1a29 Don't set encrypt side if sending early data 
Make check to see if early data has been or is going to be sent.
Last message encrypted with this key is EndOfEarlyData message.
 2021-01-14 09:44:09 +10:00
David Garske
d7aa8e1795 Fix for issue where mac digest changes between early data and server_hello, which can leave section of response uninitialized. ZD11424 2021-01-13 11:10:12 -08:00
David Garske
aaec9832e4 Fix for sniffer with TLS v1.2 static ECDH ciphers. The sniffer will now correctly try using the key for ECC if the RSA key decode fails. ZD 11476. 2021-01-12 09:49:32 -08:00
Sean Parkinson
129f3fd13f HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0 2021-01-12 09:16:24 +10:00
Juliusz Sosinowicz
0fe3efb8b4 Add option to only resend previous DTLS flight on a network read timeout 2021-01-07 19:13:35 +01:00
Sean Parkinson
5accd57c21 X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp 
configuration: --enable-all --disable-filesystem
wolfSSL_X509_NAME_print_ex_fp has XFILE as a parameter and cannot be
compiled with --disable-filesystem
 2021-01-06 11:05:58 +10:00
Sean Parkinson
a6b69b6864 TLS send change cipher: Don't set keys when negotiating TLS 1.3 2021-01-05 14:32:48 +10:00
Sean Parkinson
f196c60c66 TLS 1.3 key share: add a key share from supported list 2021-01-05 13:08:48 +10:00
Tesfa Mael
46e260dd61 Correct unsigned arithmetic 2021-01-04 15:48:27 -08:00
John Safranek
ef56bc09f1 Merge pull request #3596 from julek-wolfssl/dtls-multiple-hellorequest 
Calling wolfSSL_Rehandshake during renegotiation should not be an error
 2020-12-31 13:53:32 -08:00
Tesfa Mael
9598c03716 Free mutex and fix test script 2020-12-30 17:40:15 -08:00
John Safranek
c482d16029 Merge pull request #3544 from haydenroche5/ocsp_stapling_bug 
Fix bug where OCSP stapling wasn't happening even when requested by client
 2020-12-29 14:23:10 -08:00
Juliusz Sosinowicz
8c07aafc43 Fix memory leaks 
- Freeing the session object depends on the callback return
- The session object is malloc'ed when ssl->options.internalCacheOff
- wolfSSL_CTX_use_certificate needs to own the cert when KEEP_OUR_CERT because either it is up ref'ed or copied
 2020-12-28 22:33:01 +01:00
Juliusz Sosinowicz
54479359f3 Calling wolfSSL_Rehandshake during renegotiation should not be an error 
If we call wolfSSL_Rehandshake during a renegotiation then it should not result in a SECURE_RENEGOTIATION_E. wolfSSL_Rehandshake might be called when multiple HelloRequest messages are processed or the user could call this API during renegotiation. Either way wolfSSL should not treat this as an error if renegotiation is enabled.
 2020-12-24 12:10:04 +01:00
Jacob Barthelmeh
81980aa7b6 fix regression of --enable-wpas=small build 2020-12-23 01:30:34 +07:00
Jacob Barthelmeh
8c16bd2450 fix for infer memory leak report and for clang unused warning 2020-12-21 17:24:35 +07:00
Jacob Barthelmeh
f30d4c1b0b fix for nightly g++ build test 2020-12-21 17:24:35 +07:00
Daniel Pouzzner
4d1d891a34 src/ssl.c: fix deadstore in wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio() warned by LLVM11 scan-build. 2020-12-18 17:30:25 -06:00
toddouska
fcf060b19b Merge pull request #3581 from cconlon/releasefixes_selftest 
Release fixes for CAVP selftest builds
 2020-12-18 14:15:53 -08:00
toddouska
7e5f838f48 Merge pull request #3577 from dgarske/releasefixes_async 
Release fixes for asynchronous crypto
 2020-12-18 14:10:01 -08:00
toddouska
cdc0753bfb Merge pull request #3571 from JacobBarthelmeh/Testing 
Some initial testing and clean up
 2020-12-18 14:05:26 -08:00
Chris Conlon
a222be1fa3 rename dup to dupl, fix variable shadow warning on i386 selftest compiler 2020-12-18 10:53:55 -07:00
David Garske
73a5ee5ffb Fix for async post handshake auth. The re-handshake was not resetting the processReply state. 2020-12-17 15:10:11 -08:00
Juliusz Sosinowicz
f2694134b0 Fix after rebase 2020-12-17 17:28:29 +01:00
Juliusz Sosinowicz
c03744db61 Refactor wc_CheckPrivateKey 
- Change wc_CheckPrivateKey to wc_CheckPrivateKeyCert and wc_CheckPrivateKey
- wolfSSL_X509_check_private_key no longer needs to decode cert to check key
- Fix scope in api.c
 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
24b89928dc Code review names changes and refactoring 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
3231cfe9e0 Refactor extension stack generation 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
8b9f8029a8 Sanity check protocol version. 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
22ae66dfe1 wolfSSL_BIO_do_connect should look for a socket bio in the chain 2020-12-17 14:27:46 +01:00