wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 21:29:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,793 Commits 12 Branches 184 Tags
2fe6555fcf7873925c7d8a4e70dfa173d9a61fd3
Commit Graph

6820 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
2fe6555fcf DtlsMsgCombineFragBuckets: Remove realloc dependency 2022-12-20 13:53:03 +01:00
JacobBarthelmeh
3d1775320b Merge pull request #5900 from icing/tls12-no-tickets 
WOLFSSL_OP_NO_TICKET fix for TLSv1.2
 2022-12-16 14:42:50 -07:00
David Garske
07dcd5270e Merge pull request #5898 from cconlon/androidSystemCa 
Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs()
 2022-12-16 06:12:24 -08:00
Stefan Eissing
9d0b16097e Fix builds without session tickets. 2022-12-16 09:40:51 +01:00
Stefan Eissing
dccabc60a5 Disabling TLSv1.2 session tickets when WOLFSSL_OP_NO_TICKET is being set. 
There seems to have been a misunderstanding that WOLFSSL_OP_NO_TICKET would only disable tickets
for TLS version lower than 1.2. But it includes 1.2 as well.
 2022-12-16 09:29:44 +01:00
Chris Conlon
f9bd8f76de add Android system CA certs path for to wolfSSL_CTX_load_system_CA_certs() usage 2022-12-15 16:39:48 -07:00
gojimmypi
e0c9586b79 initialize resp_length = 0 in tls.c 2022-12-15 12:51:33 -08:00
Stefan Eissing
78fd5d7dbc Fix wolfSSL_set_SSL_CTX() to be usable during handshake. 
This method requires some explanation. Its sibling is
  int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
which re-inits the WOLFSSL* with all settings in the new CTX.
That one is the right one to use *before* a handshake is started.

This method was added by OpenSSL to be used *during* the handshake, e.g.
when a server inspects the SNI in a ClientHello callback and
decides which set of certificates to use.

Since, at the time the SNI callback is run, some decisions on
Extensions or the ServerHello might already have been taken, this
method is very restricted in what it does:
 - changing the server certificate(s)
 - changing the server id for session handling
and everything else in WOLFSSL* needs to remain untouched.
 2022-12-15 09:33:01 +01:00
Sean Parkinson
a3f3c76faa Merge pull request #5890 from anhu/fix_iv_size 
Fix the wrong IV size.
 2022-12-15 08:43:25 +10:00
Sean Parkinson
3d8f25ab7d Merge pull request #5430 from dgarske/sniffer_multithread 
Support for multi-threaded sniffer
 2022-12-15 08:18:49 +10:00
Anthony Hu
472a31a801 Fix the wrong IV size. 2022-12-14 13:04:38 -05:00
Anthony Hu
ad6d6be620 Kyber with DTLS 1.3 tests 2022-12-14 12:46:24 -05:00
David Garske
6be0512728 Peer review cleanups. 2022-12-14 09:25:04 -08:00
David Garske
e33d59cd76 Review cleanups. 2022-12-13 10:55:22 -08:00
Anthony Hu
364835dc9e Allow session tickets to properly resume when using PQ KEMs. 
Found with:

```
./configure --with-liboqs --enable-session-ticket
./examples/server/server -v 4 -r --pqc P521_KYBER_LEVEL5
./examples/client/client -v 4 -r --pqc P521_KYBER_LEVEL5
```
 2022-12-13 11:36:00 -05:00
Sean Parkinson
a7a6d5b297 Merge pull request #5874 from JacobBarthelmeh/tls13 
adjust post auth support with TLS 1.3
 2022-12-13 09:39:31 +10:00
David Garske
d0c9ec6681 Merge pull request #5854 from JacobBarthelmeh/Certs 
fix other name san parsing and add RID cert to test parsing
 2022-12-12 14:44:07 -08:00
David Garske
a1e883b43d Merge pull request #5875 from JacobBarthelmeh/Compatibility-Layer 
fix for handling DEFAULT:... cipher suite list
 2022-12-12 14:43:50 -08:00
David Garske
78f495cdae Merge pull request #5877 from SparkiDev/x509v3_d2i_aia 
X509v3 EXT d2i: fix freeing of aia
 2022-12-12 08:59:15 -08:00
David Garske
de22dbe61d Support for multi-threaded sniffer. Add support for atomic operations instead of mutex in wc_port.h. 2022-12-12 08:39:42 -08:00
David Garske
b871829833 Merge pull request #5811 from lealem47/zd15184 
Async Sniffer: Fix for decryption after second handshake
 2022-12-12 08:21:35 -08:00
Sean Parkinson
7f3de91e25 X509v3 EXT d2i: fix freeing of aia 
aia is a stack and must be pop freed rather than freed with XFREE.
Extract function that creates Authority Info Access stack.

Fix spelling issue raised by codespell.
 2022-12-12 10:13:13 +10:00
Sean Parkinson
9ab8867b42 TLS: detect duplicate known extensions 
TLS specification requires that there not be more than one extension of
the same type in a given extension block. E.g. ClientHello
 2022-12-12 08:35:04 +10:00
JacobBarthelmeh
8b296877ab fix for handling DEFAULT:... cipher suite list 2022-12-10 14:53:43 -08:00
JacobBarthelmeh
389cf6ed0a adjust post auth support with TLS 1.3 2022-12-10 06:49:51 -08:00
Anthony Hu
937d247c7d Don't create a key if we don't support the curve. 
Found with the following configuration:

./configure --enable-tls13 --disable-oldtls --enable-static --enable-singlethreaded --enable-dtls --enable-dtls13 --enable-dtls-mtu --enable-sp=yes,4096 --disable-shared --disable-sha3 --disable-dh --enable-curve25519 --enable-secure-renegotiation --enable-debug --enable-opensslextra 'CFLAGS=-DWOLFSSL_DTLS_ALLOW_FUTURE -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DFP_MAX_BITS=8192 -fomit-frame-pointer'
 2022-12-08 12:13:12 -05:00
JacobBarthelmeh
eb69ccb22c Merge pull request #5856 from icing/errq-improvements 
Improvements in OpenSSL Compat ERR Queue handling.
 2022-12-08 09:28:05 -07:00
Stefan Eissing
02094ebb2e Updates after review by JacobBarthelmeh. 
- fix err/ret rename leftover for python builds
- add documenetation to thread-local functions
- move generic queue functions up
 2022-12-08 09:53:05 +01:00
Stefan Eissing
45f9ef5dd9 Improvements in OpenSSL Compat ERR Queue handling. 
Configuration
- thread-local storaoge is selected when available
- '--enable-error-queue-per-thread' and '--disable-error-queue-per-thread' can
  be used as before to explicitly en-/disable the feature.

Implementation:
- with thread-local-storage, error queue is realized in one struct without
  allocations. Queue size is restricted to 16 entries (per thread), which
  is the same limit in OpenSSL 1.1.x.
- without thread-local-storage, all error queue operations are mutex locked
- wc_PeekErrorNodeLineData() and wc_GetErrorNodeErr() added for use by SSL
  functions to allow locked queue iterations/manipulations.
 2022-12-07 18:14:45 +01:00
Kosmas Valianos
11f9bd85ee Fix wrong function name in wolfSSL_X509_get_name_oneline() 2022-12-07 16:00:05 +01:00
Sean Parkinson
e5d03cf5ad Merge pull request #5848 from philljj/fix_mingw64_build 
Fix mingw-w64 build issues on windows.
 2022-12-07 08:57:07 +10:00
jordan
246ce8dbe1 Cleanup spaces. 2022-12-06 15:24:34 -06:00
David Garske
6bde6af973 Merge pull request #5858 from anhu/dtls13_fixups 
Fixups for problems discovered while testing for DTLS 1.3
 2022-12-06 10:44:26 -08:00
David Garske
824c280d12 Merge pull request #5807 from lealem47/sniffer_error 
Improvement for sniffer error messages
 2022-12-06 09:40:07 -08:00
Anthony Hu
7935a11b3e Fixups for problems discovered while testing for DTLS 1.3 2022-12-06 11:30:23 -05:00
David Garske
a6c98a11d9 Merge pull request #5845 from anhu/re-sign 
Don't regenerate in wolfSSL_PEM_write_bio_X509().
 2022-12-06 06:35:13 -08:00
JacobBarthelmeh
f1daa2d356 fix other name san parsing and add RID cert to test parsing 2022-12-05 15:51:33 -08:00
David Garske
9d9549fbd3 Merge pull request #5836 from anhu/kyber_cleanup 
Remove kyber-90s and route all kyber through wolfcrypt.
 2022-12-05 13:18:44 -08:00
jordan
87113cc88d Fix mingw-w64 build issues on windows. 2022-12-03 17:00:44 -06:00
Anthony Hu
57a5c9701d Missed a free of der 2022-12-02 17:23:47 -05:00
Anthony Hu
f58f3bd986 Don't regenerate in test_wolfSSL_PEM_write_bio_X509(). We don't have the private key. 2022-12-02 16:41:24 -05:00
Lealem Amedie
c506812cf0 Improvement for some sniffer error messages 2022-12-02 13:27:29 -08:00
Daniel Pouzzner
3ea8dd2f67 src/dtls.c: add WOLFCRYPT_ONLY gating. 2022-12-02 15:13:31 -06:00
Lealem Amedie
dd89fe269e Fix logic in GetSnifferServer 2022-12-02 13:13:16 -08:00
Lealem Amedie
ed69bb33a6 Async Sniffer: Fix for decryption after second handshake 2022-12-02 13:11:23 -08:00
David Garske
8fb92a283a Merge pull request #5716 from rizlik/dtls_cookie_stateless 
dtls: allow for stateless client hello parsing
 2022-12-01 13:47:33 -08:00
David Garske
d1e6ce064f Merge pull request #5832 from JacobBarthelmeh/fuzzing 
free signer if malloc cases fail
 2022-12-01 10:35:15 -08:00
Marco Oliverio
fc4b008912 dtls: fix heap hint in XFREE 2022-12-01 16:47:37 +00:00
Marco Oliverio
af00c89f18 dtls v1.2: stateless support WOLFSSL_DTLS_NO_HVR_ON_RESUME 2022-12-01 16:30:54 +00:00
Marco Oliverio
cc7dad3ee6 dtls v1.2: support stateless client hello processing 2022-12-01 16:30:54 +00:00