wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 09:39:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,370 Commits 12 Branches 184 Tags
2bb8eeae85045de6c63824dfecfcf999c1d81efa
Commit Graph

6984 Commits

Author SHA1 Message Date
Sean Parkinson
a268222167 Merge pull request #6169 from rizlik/wssl-alerts 
Wssl alerts
 2023-03-15 07:48:57 +10:00
Marco Oliverio
4227f763a8 ssl: send alert on bad psk 2023-03-14 09:27:19 +00:00
Marco Oliverio
7b53baea62 refactor: more centralized extra alerts 
on handshake messages' errors:

- don't send alerts on WANT_READ, WANT_WRITE and WC_PENDING_E "errors"
- use return error code to decide which alert description
  to send
- use alert description handshake_failure in the general case
- if a fatal alert was already sent, do not send any new alerts. This allow
  a more specific alert description in case the exact description can't be
  derived from the return code
 2023-03-14 09:27:18 +00:00
Marco Oliverio
f666a7d4b7 internal.c: fix fall_through compilation issues 
src/internal.c: In function 'SendCertificateVerify':
./wolfssl/wolfcrypt/types.h:345:40: error: attribute 'fallthrough' not preceding a case label or default label [-Werror]
  345 |                 #define FALL_THROUGH ; __attribute__ ((fallthrough))

In file included from ./wolfssl/internal.h:27,
                 from src/internal.c:92:
src/internal.c: In function 'SendCertificateVerify':
./wolfssl/wolfcrypt/types.h:345:40: error: attribute 'fallthrough' not preceding a case label or default label [-Werror]
  345 |                 #define FALL_THROUGH ; __attribute__ ((fallthrough))
 2023-03-14 09:27:18 +00:00
JacobBarthelmeh
d7cd7bc256 adjust guards around PreSharedKey structure for non tls13 builds 2023-03-13 14:47:25 -07:00
Juliusz Sosinowicz
4c7aa5c8dd Address code review 2023-03-09 19:00:25 +01:00
Juliusz Sosinowicz
335722c586 Async fixes 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
f5f67f43d7 Reset DTLS sequence number 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
a432502a98 Refactor sequence number reset for DTLS into one function 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
db1f199a11 Add comment about keyshare negotiation 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
cbedae2f55 This path in TLSX_KeyShare_Choose should not be taken normally 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
06749144d5 Add RFC link to help understand constraints 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
f2032e8744 Clear decrypted ticket that failed checks in DoClientTicket_ex 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
b0d7656ad2 Rebase fixes 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
61c2059cd9 Differentiate between empty and missing extension 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
5f39c594aa TLS 1.3: hold decrypted ticket to check which ciphersuite matches 
DTLS 1.3: Move stateless ticket decoding to FindPskSuiteFromExt
 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
8c08dbb6ce Adding checks for SigAlgs, KeyShare, and Supported Groups 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
2bbdf6979a Reuse ReadVector16 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
de6ed96feb CopyExtensions -> CopySupportedGroup 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
5f65752414 Refactor alerts into one location 
Remove previous stateless code. Now all DTLS 1.3 stateless handling is done in dtls.c
 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
51a384eba5 Read cookie extension into separate field 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
5b0903a82d Missing casts 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
b5e7761e58 For DTLS 1.3 use PSK for ticket 
Resumption info is also necessary when WOLFSSL_DTLS_NO_HVR_ON_RESUME is not defined.
 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
969c610ef7 Fix unused variable 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
57dccc4cf4 Calculate cookie in SendStatelessReplyDtls13() 
Not touching ssl->hsHashes while in stateless mode
 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
c15043b191 Refactor SendStatelessReply 1.3 branch into new function 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
2f31cdef69 Re-create hs header for hash 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz
aa9dcca624 Rebase and Jenkins fixes 2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
a999909969 Use PSK callback to get the ciphersuite to use 
- Allocate additional byte in TLSX_PreSharedKey_New for null terminator
 2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
6160f93f94 Fix Jenkins errors 2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
7dfa96a729 Define usePSK when ext is present 2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz
984d709db0 dtls 1.3: Stateless ClientHello parsing 2023-03-07 12:02:54 +01:00
Chris Conlon
9bc3b867e0 Merge pull request #6157 from miyazakh/add_favouriteDrinkNID 2023-03-06 16:45:14 -07:00
David Garske
86e1b0d8ab Merge pull request #6165 from SparkiDev/bn_move 
BN compatibility API: move implementation out to separate API
 2023-03-06 09:27:24 -08:00
David Garske
9f66a58afd Merge pull request #6159 from philljj/zd15693 
Fix ASN1_STRING leak in create_by_NID and create_by_txt
 2023-03-06 09:25:37 -08:00
Sean Parkinson
e4c2386b61 BN compatibility API: move implementation out to separate API 
BN APIs from ssl.c have been moved out to ssl_bn.c that is included in
ssl.c.
Added defines for BN_rand() and BN_pseudo_rand() to indicate which bits
are to be set.
'internal' field now always maps to the ;mpi' field that is a MP
integer.
SetIndividualInternal/External renamed to wolfssl_bn_get/set_value.
Fixed BN APIs to work as closely to OpenSSL as possible.
Added tests.
Moved wolfssl_make_rng out to ssl.c as BN APIs are using it now.
SP int and TFM now check trials are in a valid range for
mp_prime_is_prime_ex().
 2023-03-06 14:32:10 +10:00
Hideki Miyazaki
05b0796361 add favourite drink pilot attibute type to get it from the encoding 2023-03-04 14:20:48 +09:00
Daniel Pouzzner
e76d12f932 src/ssl.c: fix a couple suppressions to use C comment syntax, for C89 goodness. 2023-03-03 22:01:52 -06:00
jordan
51dbb44799 Fix ASN1_STRING leak in create_by_NID and create_by_txt 2023-03-03 08:22:35 -06:00
Sean Parkinson
a8723f71cb Merge pull request #6154 from kaleb-himes/wolfmikey-w-fips-140-3 
Allow building of sakke as external non-FIPS algorithm with wolfmikey product
 2023-03-03 08:18:40 +10:00
David Garske
41a9b1148f Merge pull request #6152 from philljj/spelling_cleanup 
Used codespell and fixed obvious typos in src and wolfssl.
 2023-03-02 11:39:45 -08:00
David Garske
871754b97c Merge pull request #6153 from bandi13/fixZD15705 
Fix memory leak
 2023-03-02 11:39:03 -08:00
kaleb-himes
7ca4b1bc66 Allow building of sakke as external non-FIPS algorithm with wolfmikey product 2023-03-02 11:30:56 -07:00
Andras Fekete
406d8753be Fix memory leak 2023-03-02 11:15:32 -05:00
jordan
409ed6232a Used codespell and fixed obvious typos in src and wolfssl. 2023-03-02 09:52:07 -06:00
David Garske
17ad27c350 Fixes for building with C++17. Adds new USE_CPLUSPLUS_BYTE build option to use std::byte as byte to avoid redefinition issues when customer application sets default namespace to "std" or wants to use "byte". 
Tested using `./configure CC="g++ -std=c++17" --enable-all && make check`.
 2023-03-01 12:49:47 -08:00
Kareem
08a3e2cb6e Avoid building TLSX_SetResponse unless it is being used. Initialize PIC32 UPDPTR register in all cases. 2023-02-28 14:37:45 -07:00
David Garske
469226f214 Merge pull request #6107 from anhu/ecc_pub 
Fixes for encoding/decoding ecc public keys.
 2023-02-24 08:36:15 -08:00
Anthony Hu
c2daca1393 Fixes for encoding/decoding ecc public keys. 2023-02-23 13:56:48 -05:00
David Garske
ffa392cdb5 Merge pull request #6125 from embhorn/gh6007 
Include sys/time.h for WOLFSSL_RIOT_OS
 2023-02-22 16:06:10 -08:00