JacobBarthelmeh
2af55903c5
Merge pull request #6187 from SparkiDev/tls13_server_id
...
Server ID - long id, TLS 1.3 - cache client session for tickets
2023-03-21 16:48:05 -06:00
Sean Parkinson
17e20b8c36
Server ID - long id, TLS 1.3 - cache client session for tickets
...
Long server IDs were being truncated. Hash long IDs instead.
TLS 1.3 session ticket on client side no longer added session to client
cache. Explicit call added.
2023-03-21 15:29:07 +10:00
Marco Oliverio
84d8245e58
internal: move SendAlerts outside of GetRecordHeader
...
This will give a chance to DTLS logic to ignore an error.
2023-03-20 10:50:00 +00:00
Marco Oliverio
aabd665e73
SendAlert: propagate return error in non-fatal SendAlert
2023-03-20 10:50:00 +00:00
JacobBarthelmeh
327692b09f
Merge pull request #6200 from kareem-wolfssl/zd15324_2
...
Fix IAR warnings.
2023-03-17 15:04:35 -06:00
JacobBarthelmeh
9c3cfab328
Merge pull request #6196 from bandi13/zd15783
...
OCSP_CERT_UNKNOWN
2023-03-17 14:33:57 -06:00
JacobBarthelmeh
06d970c999
Merge pull request #6181 from kareem-wolfssl/zd15767
...
Fix not ignoring date errors when VERIFY_SKIP_DATE is set
2023-03-17 10:53:41 -06:00
Kareem
5126dc87e6
Fix IAR warnings.
2023-03-16 15:46:41 -07:00
Kareem
cc51b2d52e
Add additional fix for absolute URN issue from PR #5964 and add test.
2023-03-16 14:56:44 -07:00
JacobBarthelmeh
fb6f2d1790
cast on input of XISALNUM
2023-03-15 15:43:28 -07:00
Andras Fekete
69024d121f
Revert change
2023-03-15 10:16:34 -04:00
Andras Fekete
682354628b
Better return value
2023-03-15 09:58:39 -04:00
Andras Fekete
1967375ea5
Pass up the error
2023-03-14 18:11:00 -04:00
Andras Fekete
c6e7ea685e
Add in CERT_UNKNOWN detection
2023-03-14 18:09:45 -04:00
Sean Parkinson
a268222167
Merge pull request #6169 from rizlik/wssl-alerts
...
Wssl alerts
2023-03-15 07:48:57 +10:00
Marco Oliverio
4227f763a8
ssl: send alert on bad psk
2023-03-14 09:27:19 +00:00
Marco Oliverio
7b53baea62
refactor: more centralized extra alerts
...
on handshake messages' errors:
- don't send alerts on WANT_READ, WANT_WRITE and WC_PENDING_E "errors"
- use return error code to decide which alert description
to send
- use alert description handshake_failure in the general case
- if a fatal alert was already sent, do not send any new alerts. This allow
a more specific alert description in case the exact description can't be
derived from the return code
2023-03-14 09:27:18 +00:00
Marco Oliverio
f666a7d4b7
internal.c: fix fall_through compilation issues
...
src/internal.c: In function 'SendCertificateVerify':
./wolfssl/wolfcrypt/types.h:345:40: error: attribute 'fallthrough' not preceding a case label or default label [-Werror]
345 | #define FALL_THROUGH ; __attribute__ ((fallthrough))
In file included from ./wolfssl/internal.h:27,
from src/internal.c:92:
src/internal.c: In function 'SendCertificateVerify':
./wolfssl/wolfcrypt/types.h:345:40: error: attribute 'fallthrough' not preceding a case label or default label [-Werror]
345 | #define FALL_THROUGH ; __attribute__ ((fallthrough))
2023-03-14 09:27:18 +00:00
JacobBarthelmeh
d7cd7bc256
adjust guards around PreSharedKey structure for non tls13 builds
2023-03-13 14:47:25 -07:00
Juliusz Sosinowicz
4c7aa5c8dd
Address code review
2023-03-09 19:00:25 +01:00
Juliusz Sosinowicz
335722c586
Async fixes
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
f5f67f43d7
Reset DTLS sequence number
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
a432502a98
Refactor sequence number reset for DTLS into one function
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
db1f199a11
Add comment about keyshare negotiation
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
cbedae2f55
This path in TLSX_KeyShare_Choose should not be taken normally
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
06749144d5
Add RFC link to help understand constraints
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
f2032e8744
Clear decrypted ticket that failed checks in DoClientTicket_ex
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
b0d7656ad2
Rebase fixes
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
61c2059cd9
Differentiate between empty and missing extension
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
5f39c594aa
TLS 1.3: hold decrypted ticket to check which ciphersuite matches
...
DTLS 1.3: Move stateless ticket decoding to FindPskSuiteFromExt
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
8c08dbb6ce
Adding checks for SigAlgs, KeyShare, and Supported Groups
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
2bbdf6979a
Reuse ReadVector16
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
de6ed96feb
CopyExtensions -> CopySupportedGroup
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
5f65752414
Refactor alerts into one location
...
Remove previous stateless code. Now all DTLS 1.3 stateless handling is done in dtls.c
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
51a384eba5
Read cookie extension into separate field
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
5b0903a82d
Missing casts
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
b5e7761e58
For DTLS 1.3 use PSK for ticket
...
Resumption info is also necessary when WOLFSSL_DTLS_NO_HVR_ON_RESUME is not defined.
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
969c610ef7
Fix unused variable
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
57dccc4cf4
Calculate cookie in SendStatelessReplyDtls13()
...
Not touching ssl->hsHashes while in stateless mode
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
c15043b191
Refactor SendStatelessReply 1.3 branch into new function
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
2f31cdef69
Re-create hs header for hash
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
aa9dcca624
Rebase and Jenkins fixes
2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
a999909969
Use PSK callback to get the ciphersuite to use
...
- Allocate additional byte in TLSX_PreSharedKey_New for null terminator
2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
6160f93f94
Fix Jenkins errors
2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
7dfa96a729
Define usePSK when ext is present
2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
984d709db0
dtls 1.3: Stateless ClientHello parsing
2023-03-07 12:02:54 +01:00
Chris Conlon
9bc3b867e0
Merge pull request #6157 from miyazakh/add_favouriteDrinkNID
2023-03-06 16:45:14 -07:00
David Garske
86e1b0d8ab
Merge pull request #6165 from SparkiDev/bn_move
...
BN compatibility API: move implementation out to separate API
2023-03-06 09:27:24 -08:00
David Garske
9f66a58afd
Merge pull request #6159 from philljj/zd15693
...
Fix ASN1_STRING leak in create_by_NID and create_by_txt
2023-03-06 09:25:37 -08:00
Sean Parkinson
e4c2386b61
BN compatibility API: move implementation out to separate API
...
BN APIs from ssl.c have been moved out to ssl_bn.c that is included in
ssl.c.
Added defines for BN_rand() and BN_pseudo_rand() to indicate which bits
are to be set.
'internal' field now always maps to the ;mpi' field that is a MP
integer.
SetIndividualInternal/External renamed to wolfssl_bn_get/set_value.
Fixed BN APIs to work as closely to OpenSSL as possible.
Added tests.
Moved wolfssl_make_rng out to ssl.c as BN APIs are using it now.
SP int and TFM now check trials are in a valid range for
mp_prime_is_prime_ex().
2023-03-06 14:32:10 +10:00