Commit Graph

17668 Commits

Author SHA1 Message Date
JacobBarthelmeh 35d40f263e more macro guards with CAAM builds 2022-07-22 16:19:55 -07:00
Sean Parkinson dc8b796d1d Merge pull request #5347 from dgarske/async_sess_tick
Support for asynchronous session ticket callback
2022-07-22 08:04:48 +10:00
Daniel Pouzzner 02e512142c Merge pull request #5359 from haydenroche5/unit_test_refactor
Begin refactor of api.c.
2022-07-21 15:52:40 -05:00
David Garske 281825db20 Merge pull request #5353 from rizlik/dtls13_async_fixes
Dtls13 async fixes
2022-07-21 13:24:35 -07:00
David Garske 69e2f5243c Merge pull request #5326 from gojimmypi/ESP32_HW_Update_PR
Espressif ESP32 Hardware Acceleration Update and Cleanup
2022-07-21 12:09:09 -07:00
Marco Oliverio 163acb89af dtls13: consider certificate_request processed on WC_PENDING_E
The error is due to the message triggered by the processing of the
message (Connect()->SendTls13Certificate/SendTls13CertificateVerify/SendTls13Verify). Consider
the message processed to avoid double processing.
2022-07-21 12:00:18 -07:00
Marco Oliverio aca83b42d7 fix: dtls13: send immediately post-handshake certificate request 2022-07-21 12:00:18 -07:00
Marco Oliverio 53dde1dafe dtls12: async: store the message only if async is really used 2022-07-21 12:00:18 -07:00
David Garske 964ea85d3d Fix typos for dynamic types in dtls13.c. 2022-07-21 12:00:18 -07:00
Marco Oliverio dce63fdfb3 async: fix issue with DTLSv1.3 2022-07-21 12:00:16 -07:00
Marco Oliverio 07afc594a8 dtls13: aesthetic only changes 2022-07-21 11:55:50 -07:00
David Garske b5ce0b021e Merge pull request #5381 from rizlik/async_fix
fix: async: don't rewind index if post-handshake connect() fails
2022-07-21 11:53:15 -07:00
David Garske c5e7ccca2c Merge pull request #5380 from danielinux/typo-doc
Fixed typo in dox_comments
2022-07-21 11:52:56 -07:00
Hayden Roche daf5135642 Begin refactor of api.c.
- Modify all existing tests to return an int. This moves us in the direction of
being able to return error/success from a test rather than just calling abort
when something fails. Also, all tests now have the same signature, so they can
easily be members of an array of test cases.
- Wrap each test in a TEST_CASE struct, which just stores a pointer to the test
function and the name of the test, for now. In the future, other metadata can
be added (e.g. should this test be run/skipped) to TEST_CASE, if desired.
- Modify all tests to return 0 on success. Right now, this doesn't do us much
good because the failure mechanism isn't returning some value != 0, it's
abort.
- Add TestSetup and TestCleanup functions that run before and after each test,
respectively. The former does nothing right now, and the latter clears the
error queue, if the error queue is compiled in.
2022-07-21 10:12:26 -07:00
JacobBarthelmeh 1281d97b1e Merge pull request #5373 from haydenroche5/error_queue_fix
Fix backwards behavior for various wolfSSL_ERR* functions.
2022-07-21 09:35:21 -06:00
Marco Oliverio a235de25fe fix: async: don't rewind index if post-handshake connect() fails
During post-handshake authentication async code mistakes connect() error code
with the error code of DoTls13CertificateRequest and wrongly rewinds the buffer.

The bug was never triggered because of side effects of ShrinkBuffer (removed in
40cb6e0853)
2022-07-21 16:35:43 +02:00
Daniele Lacamera a18b1939ac Fixed typo in dox_comments 2022-07-21 10:19:51 +02:00
gojimmypi c60fae8731 wc_Sha256Free checks lockDepth for Espressif RTOS 2022-07-21 09:08:10 +02:00
gojimmypi bd28b52aaa #include "wolfssl/wolfcrypt/settings.h" 2022-07-21 09:06:01 +02:00
gojimmypi 9da0ff0f31 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into ESP32_HW_Update_PR 2022-07-21 08:21:17 +02:00
gojimmypi 58aec606c6 wolfSSL license, not wolfSSH 2022-07-21 08:12:54 +02:00
gojimmypi 6937062b9a wolfSSL license, not wolfSSH 2022-07-21 08:09:19 +02:00
JacobBarthelmeh a4e3dc9638 Merge pull request #5379 from douzzer/20220720-fixes
20220720-fixes
2022-07-20 21:34:08 -06:00
David Garske 8605195709 Support for asynchronous session ticket callback (can return WC_PENDING_E). Requires wolfAsyncCrypt support. ZD 14420. 2022-07-20 16:43:17 -07:00
Daniel Pouzzner 542c53f3ac snip out errant "#/" strings added to various text files by copyright boilerplate update in 8eaa85e412. 2022-07-20 18:23:28 -05:00
Daniel Pouzzner a3fd714501 configure.ac: allow --enable-opensslextra with --enable-linuxkm if --enable-cryptonly is also given. 2022-07-20 18:21:29 -05:00
Daniel Pouzzner 3842889649 src/tls13.c: in SendTls13ClientHello(), move nullness check on WOLFSSL* ssl back to the start of the function. 2022-07-20 18:19:58 -05:00
David Garske 706ab6aac0 Merge pull request #5377 from kareem-wolfssl/rsaKeyEncipher
Don't require digital signature bit for static RSA cipher suites.  Make wolfSSL_CTX_clear_options available without OPENSSL_EXTRA.
2022-07-20 15:28:55 -07:00
Sean Parkinson bd2b510487 Merge pull request #5376 from dgarske/sniff_tlsv12_sessticket
Fixes for sniffer session ticket resumption with TLS v1.2
2022-07-21 08:22:33 +10:00
David Garske 9450fa1412 Merge pull request #5375 from LinuxJedi/se050-private-key-add
Add ECC private key insertion for SE050
2022-07-20 12:42:13 -07:00
Kareem 741d61574b Make wolfSSL_CTX_clear_options available without OPENSSL_EXTRA. 2022-07-20 12:24:47 -07:00
Kareem 873890316c Don't require digital signature bit for static RSA cipher suites. 2022-07-20 12:08:20 -07:00
David Garske 564f79c91a Merge pull request #5371 from douzzer/20220719-linuxkm-get_thread_size-no-thunks
linuxkm: inhibit thunk generation in get_thread_size.
2022-07-20 11:48:48 -07:00
David Garske 1c7f64cce9 Fixes for sniffer session ticket resumption with TLS v1.2. ZD14531. 2022-07-20 11:18:19 -07:00
David Garske b46a308544 Merge pull request #5361 from embhorn/zd14491
Fix for build with NO_TLS
2022-07-20 09:28:23 -07:00
Hayden Roche e6da540fb3 Fix backwards behavior for various wolfSSL_ERR* functions.
wolfSSL_ERR_get_error and wolfSSL_ERR_peek_error_line_data should return the
earliest error in the queue (i.e. the error at the front), but prior to this
commit, they returned the latest/most recent one instead.

In DoAlert, we were adding an error to the queue for all alerts. However, a
close_notify isn't really an error. This commit makes it so DoAlert only adds
errors to the queue for non-close_notify alerts. In ReceiveData, similarly, we
were adding an error to the queue when the peer sent a close_notify, as
determined by ssl->error == ZERO_RETURN. Now, we don't add an error in this
case.
2022-07-20 08:56:48 -07:00
Andrew Hutchings 07d2940757 Fix issue caused by undo in IDE 2022-07-20 16:42:09 +01:00
David Garske ab60865178 Merge pull request #5374 from julek-wolfssl/dtls-multiple-msgs
ShrinkInputBuffer should not be called in the middle of ProcessReply
2022-07-20 08:27:56 -07:00
Andrew Hutchings d7b4abfa0b Fixups to the SE050 ECC pkey insert function 2022-07-20 16:25:39 +01:00
David Garske 719e814841 Merge pull request #5370 from rizlik/dtls13_partial_read_fixes
dtlsv1.3 fixes
2022-07-20 08:03:29 -07:00
David Garske e4c1e71b38 Merge pull request #5364 from embhorn/zd14519
Fix wolfSSL_Init error handling
2022-07-20 08:03:08 -07:00
David Garske f4191a102b Merge pull request #5304 from SKlimaRA/SKlimaRA/cert-pathlen
drafted pathlen for cert struct
2022-07-20 07:54:13 -07:00
David Garske aab2459d1f Merge pull request #5372 from JacobBarthelmeh/copyright
update copyright year to 2022
2022-07-20 07:52:05 -07:00
David Garske c029b23043 Merge pull request #5308 from SparkiDev/ecies_gen_iv
ECIES: Google Pay generates IV and places it before msg
2022-07-20 06:46:14 -07:00
Marco Oliverio 2e0d53a07d fix: dtls13: use correct handshaketype on hello retry request 2022-07-20 15:25:50 +02:00
Marco Oliverio 3850e6b554 fix: dtls13: use aes for record numbers encryption if using aes-ccm 2022-07-20 15:25:50 +02:00
Marco Oliverio 066f17faad fix: dtls13: hello_retry_request type isn't an encrypted message 2022-07-20 15:25:50 +02:00
Marco Oliverio c0fc87342c tls13: avoid spurious state advances in connect/accept state machine 2022-07-20 15:25:50 +02:00
Marco Oliverio 11dfb713e9 openssl_compatible_default: use DTLSv1.0 as minDowngrade in DTLS 2022-07-20 15:25:46 +02:00
Marco Oliverio 6711756b03 dtls13: support stream-based medium
Don't assume that the underlying medium of DTLS provides the full message in a
single operation. This is usually true for message-based socket (eg. using UDP)
and false for stream-based socket (eg. using TCP).

Commit changes:

- Do not error out if we don't have the full message while parsing the header.
- Do not assume that the record header is still in the buffer when decrypting
  the message.
- Try to get more data if we didn't read the full DTLS header.
2022-07-20 14:53:07 +02:00