wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 22:32:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,282 Commits 12 Branches 184 Tags
2033970369dc13bc0e47e87ec16ddb46d797ca9e
Commit Graph

4793 Commits

Author SHA1 Message Date
Hayden Roche
fc845da9f0 Fix issue with DoHandShakeMsgType/ShrinkInputBuffer when encryption is on (e.g. 
during renegotiation).

This issue was brought to light by ZD 10911. When encryption is on (indicated
by the return value of IsEncryptionOn), DoHandShakeMsgType will finish up by
incrementing the input buffer index past the padding and MAC (if encrypt-then-
mac is enabled). In ProcessReply, if there are more messages to be read, the
index is decremented back before the padding and MAC. The issue arises when
ShrinkInputBuffer is called in between and copies data from the dynamic input
buffer to the static one. That function will get called with the index post-
increment, and thus the padding and MAC won't get copied into the static buffer,
which isn't what we want, since ProcessReply is going to decrement the index
since it thinks the padding and MAC are still there. This commit makes it so
the padding and MAC get included in the call to ShrinkInputBuffer when
encryption is on.
 2021-01-28 15:37:00 -06:00
Jacob Barthelmeh
bbcb98a8f7 fix for tested x509 small build 2021-01-27 23:00:24 +07:00
John Safranek
d0e2566ad8 Merge pull request #3679 from julek-wolfssl/dtls-window 
Correct old DTLS msg rcv update
 2021-01-26 12:20:59 -08:00
Juliusz Sosinowicz
3d4f836c00 Correctly insert out of order msgs to queue 2021-01-26 15:12:08 +01:00
toddouska
27ef5b9a3d Merge pull request #3675 from SparkiDev/tls_no_ticket 
TLS Session Ticket: Option to disable for TLS 1.2 and below
 2021-01-25 14:54:10 -08:00
toddouska
cf9e4f0caf Merge pull request #3518 from julek-wolfssl/openssh-fixes-v2 
Fixes for openssh
 2021-01-25 14:45:56 -08:00
David Garske
cd4dae8f09 Merge pull request #3674 from ejohnstown/alerts 
Alerts
 2021-01-22 09:16:56 -08:00
Juliusz Sosinowicz
b918fb9efe Correct old DTLS msg rcv update 2021-01-22 14:33:33 +01:00
Sean Parkinson
a84f1c813a TLS Session Ticket: Option to disable for TLS 1.2 and below 
Customer may want session ticket supported with TLS 1.3 but not TLS 1.2
and below.
 2021-01-22 13:19:29 +10:00
John Safranek
6f21995ec5 Alerts 
Expand the guard around sending the PSK identity alert with a more limited option than enabling it with all the other alerts.
 2021-01-21 16:42:54 -08:00
David Garske
830b3cb676 Merge pull request #3653 from kojo1/fopen_binMode 
binary mode, fopen
 2021-01-21 16:20:07 -08:00
David Garske
aa64a8e835 Merge pull request #3672 from embhorn/zd11547 
Fix FIPS compile errors
 2021-01-21 16:08:53 -08:00
toddouska
1acd6dfab2 Merge pull request #3635 from SparkiDev/hmac_openssl_fix 
HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0
 2021-01-21 15:57:30 -08:00
toddouska
85f08466f9 Merge pull request #3655 from SparkiDev/ext_cache_sess 
SESSION: internal cache sessions can't be freed same as external
 2021-01-21 15:54:16 -08:00
toddouska
7b12dddf75 Merge pull request #3666 from SparkiDev/tls13_tick_before_group 
TLS 1.3: don't group and wait on send session ticket
 2021-01-21 15:49:52 -08:00
John Safranek
fe7be3e15f Alerts 
Alerts the server sends between receiving the client's CCS message and before it sends its own CCS message should not be encrypted.
 2021-01-21 14:48:10 -08:00
David Garske
fbe5fe1945 Merge pull request #3669 from embhorn/gh3657 
Protect use of globalRNG
 2021-01-21 14:09:59 -08:00
Eric Blankenhorn
fd8527c15e Fix FIPS compile errors 2021-01-21 15:27:42 -06:00
Juliusz Sosinowicz
d8a01c6f8b DTLS: client re-send on duplicate HelloRequest as well 2021-01-21 12:45:16 +01:00
Juliusz Sosinowicz
969de38764 Reset dtls_start_timeout on a timeout 2021-01-21 12:45:16 +01:00
Juliusz Sosinowicz
774fdc9fd6 Free HS data on rehandshake 
When we call _Rehandshake before we receive application data and the receive application data during the renegotiation process then it is possible for the send queue to be preemptively deleted
 2021-01-21 12:45:16 +01:00
Eric Blankenhorn
02114e7739 Protect use of globalRNG 2021-01-20 16:30:18 -06:00
David Garske
57b06f700d Merge pull request #3656 from haydenroche5/windows_rsa_public_decrypt 
Allow wolfSSL_RSA_public_decrypt on Windows.
 2021-01-20 09:09:49 -08:00
Hayden Roche
12abb5191d Allow wolfSSL_RSA_public_decrypt on Windows. 2021-01-20 06:57:59 -06:00
Sean Parkinson
7ec8d70eee TLS 1.3: don't group and wait on send session ticket 
The state machine goes on and frees the handshake resources which frees
the digest for the client Finished message.
 2021-01-20 10:57:37 +10:00
John Safranek
eaa1bc1ace Merge pull request #3595 from julek-wolfssl/dtls-only-resend-on-timeout 
Only resend previous flight on a timeout from the network layer
 2021-01-19 10:43:13 -08:00
toddouska
a13e9bde29 Merge pull request #3599 from julek-wolfssl/nginx-mem-leak 
Fix memory leaks
 2021-01-18 15:31:50 -08:00
toddouska
4b5d7d0595 Merge pull request #3624 from SparkiDev/tls13_set_groups 
TLS 1.3 key share: add a key share from supported list
 2021-01-18 15:18:14 -08:00
toddouska
8ae609d078 Merge pull request #3626 from SparkiDev/tls13_middlebox_fix 
TLS send change cipher: Don't set keys when negotiating TLS 1.3
 2021-01-18 15:14:58 -08:00
toddouska
cd78a5dfb2 Merge pull request #3630 from SparkiDev/no_fs_all 
X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp
 2021-01-18 13:39:21 -08:00
toddouska
fff3c77568 Merge pull request #3644 from dgarske/zd11476 
Fix for sniffer with TLS v1.2 static ECDH ciphers
 2021-01-18 13:32:57 -08:00
toddouska
b1c8825e74 Merge pull request #3647 from dgarske/zd11424 
Fix for TLS v1.3 early data mac digest
 2021-01-18 13:31:44 -08:00
Sean Parkinson
ac76ef8ee7 Curve25519: replace uint64_t with word64 
Remove usages of stdint.h types
Added a sword type for signed words.
 2021-01-18 17:30:36 +10:00
Sean Parkinson
eda1b52ee2 TLS 1.3 integrity only: initialize HMAC 
Ensure the HMAC object is initialized when allocated.
 2021-01-15 11:27:26 +10:00
Sean Parkinson
878f797a2b SESSION: internal cache sessions can't be freed same as external 
refMutex is initialized for external sessions but not internal.
Differentiate by ensuring the refCount is always 1 or more for external
and 0 for internal.
 2021-01-15 11:02:34 +10:00
Takashi Kojo
d72f0a50f4 binary mode fopen to avoid auto expand to CR/LF on Widonws 2021-01-15 06:05:55 +09:00
Sean Parkinson
5a4dfc1a29 Don't set encrypt side if sending early data 
Make check to see if early data has been or is going to be sent.
Last message encrypted with this key is EndOfEarlyData message.
 2021-01-14 09:44:09 +10:00
David Garske
d7aa8e1795 Fix for issue where mac digest changes between early data and server_hello, which can leave section of response uninitialized. ZD11424 2021-01-13 11:10:12 -08:00
David Garske
aaec9832e4 Fix for sniffer with TLS v1.2 static ECDH ciphers. The sniffer will now correctly try using the key for ECC if the RSA key decode fails. ZD 11476. 2021-01-12 09:49:32 -08:00
Sean Parkinson
129f3fd13f HMAC OpenSSL API: initialise HMAC ctx on new and allow key length of 0 2021-01-12 09:16:24 +10:00
Juliusz Sosinowicz
a745947498 Code review changes 2021-01-08 15:27:30 +01:00
Juliusz Sosinowicz
23a4d64caf wolfSSL_EVP_PKEY_set1_EC_KEY should generate PKCS8 internal DER buffer 
This PKCS8 buffer should include both the private and the public parts of the key.
 2021-01-08 15:27:30 +01:00
Juliusz Sosinowicz
cd4affddac Set ecc_key.rng when using ECC_TIMING_RESISTANT 
Set ecc_key.rng to either a local rng struct or the globalRNG object when using ECC_TIMING_RESISTANT
Add helpful logs to some ecc functions
 2021-01-08 15:18:00 +01:00
Juliusz Sosinowicz
0fe3efb8b4 Add option to only resend previous DTLS flight on a network read timeout 2021-01-07 19:13:35 +01:00
Sean Parkinson
5accd57c21 X509 API no file system: hide wolfSSL_X509_NAME_print_ex_fp 
configuration: --enable-all --disable-filesystem
wolfSSL_X509_NAME_print_ex_fp has XFILE as a parameter and cannot be
compiled with --disable-filesystem
 2021-01-06 11:05:58 +10:00
Sean Parkinson
a6b69b6864 TLS send change cipher: Don't set keys when negotiating TLS 1.3 2021-01-05 14:32:48 +10:00
Sean Parkinson
f196c60c66 TLS 1.3 key share: add a key share from supported list 2021-01-05 13:08:48 +10:00
Tesfa Mael
46e260dd61 Correct unsigned arithmetic 2021-01-04 15:48:27 -08:00
John Safranek
ef56bc09f1 Merge pull request #3596 from julek-wolfssl/dtls-multiple-hellorequest 
Calling wolfSSL_Rehandshake during renegotiation should not be an error
 2020-12-31 13:53:32 -08:00
Tesfa Mael
9598c03716 Free mutex and fix test script 2020-12-30 17:40:15 -08:00