David Garske
a7f86f9473
Merge pull request #5517 from JacobBarthelmeh/Testing
...
misc. testing items from static analysis tools
2022-08-29 08:48:51 -07:00
Juliusz Sosinowicz
88deaf9b5c
SNI can appear in ServerHello for TLS 1.2
...
Co-authored-by: Eric Blankenhorn <eric@wolfssl.com >
2022-08-29 14:22:10 +02:00
JacobBarthelmeh
1e673aee3b
scan-build warning fix
2022-08-26 16:29:11 -07:00
David Garske
1976601811
Merge pull request #5505 from julek-wolfssl/dtls-plaintext
...
Ignore plaintext on established connections
2022-08-25 07:25:03 -07:00
Hayden Roche
9f39ffdba7
Fix wolfSSL_GENERAL_NAMES_free memory leak.
...
This function was just freeing the stack object itself of GENERAL_NAMES with
wolfSSL_sk_free, but this doesn't free the data in the items of the stack. The
fix is to replace wolfSSL_sk_free with wolfSSL_sk_GENERAL_NAME_free.
2022-08-24 18:42:30 -07:00
Juliusz Sosinowicz
159a3c8b03
Ignore plaintext on established connections
2022-08-24 21:40:19 +02:00
Sean Parkinson
2571f65e85
Check ECC signature in TLS
...
Verifying gnerated ECC signature in TLS handshake code to mitigate when
an attacker can gain knowledge of the private key through fault
injection in the signing process.
Requires WOLFSSL_CHECK_SIG_FAULTS to be defined.
2022-08-24 09:01:18 +10:00
David Garske
5c65974170
Fix for dynamic type macro typo.
2022-08-23 09:32:11 -07:00
Marco Oliverio
3a8e6f2280
fix: add explicit cast to abide g++ compiler
2022-08-23 16:58:24 +02:00
Marco Oliverio
cfbd061625
add initial support for ConnectionID DTLS extension
2022-08-23 16:58:24 +02:00
Marco Oliverio
171af05e96
tlsx: expose TLSX_Push
...
To be able to implement extension in separate compilation unit
2022-08-23 10:00:06 +02:00
David Garske
48463f6d54
Merge pull request #5388 from lealem47/crlPrint
...
Adding X509_CRL_print() function
2022-08-22 17:16:19 -07:00
JacobBarthelmeh
bd49d37aaf
Merge pull request #5492 from embhorn/zd14694
...
Fix for AddPacketInfo with WOLFSSL_CALLBACKS
2022-08-22 14:59:29 -06:00
Lealem Amedie
91a7b8067c
Addressing some PR feedback
2022-08-22 12:04:15 -07:00
David Garske
b9d9dc02bb
Merge pull request #5476 from julek-wolfssl/session-buffers
...
Remove WOLFSSL_SESSION_TYPE_REF buffers from WOLFSSL_SESSION
2022-08-22 11:59:39 -07:00
David Garske
d50e740c97
Merge pull request #5488 from julek-wolfssl/get_ex_new_index-docs
...
Add documentation explaining get_ex_new_index API limitations
2022-08-22 09:51:36 -07:00
David Garske
a7e318a7ad
Merge pull request #5484 from lealem47/allocators
...
Adding allocator funcs for dtls peer (for wrappers)
2022-08-22 09:29:54 -07:00
David Garske
1e5de8255e
Merge pull request #5472 from satoshiyamaguchi/trial3
...
Add/Extend PEM_read compatibility API's
2022-08-22 09:24:39 -07:00
Lealem Amedie
8f4b467f47
Fixing line lengths and SMALL_STACK code path
2022-08-22 09:17:23 -07:00
Eric Blankenhorn
22c44bd762
Fix for AddPacketInfo with WOLFSSL_CALLBACKS
2022-08-22 08:01:21 -05:00
Juliusz Sosinowicz
0dbd0ffb4e
Merge pull request #5483 from embhorn/zd14659
2022-08-22 14:28:29 +02:00
Juliusz Sosinowicz
e565d0d7de
Refactor and code review
...
- Refactor object hashing into one function
- Allow multiple WOLFSSL_ASSERT_SIZEOF_GE in one function
2022-08-22 14:19:48 +02:00
Juliusz Sosinowicz
8b2fcd0643
Add documentation explaining get_ex_new_index API limitations
2022-08-22 12:16:51 +02:00
Sean Parkinson
26c61f8e0f
Merge pull request #5473 from icing/quic-hello-retry
...
Respect disabled curves on HelloRetryRequests
2022-08-22 08:32:30 +10:00
Lealem Amedie
2059d05b7a
checking some ret values, fix trailing whitespace
2022-08-19 12:40:42 -07:00
Lealem Amedie
2a65220527
Adding X509_CRL_print() function
2022-08-19 12:21:35 -07:00
Lealem Amedie
da136e0c49
Adding allocator funcs for dtls peer (for wrappers)
2022-08-19 10:59:55 -07:00
David Garske
b417f94435
Merge pull request #5485 from SparkiDev/tls13_state_string_long
...
wolfSSL_state_string_long - update for TLS 1.3 and DTLS 1.3
2022-08-19 10:09:09 -07:00
David Garske
f3b9cfa71c
Merge pull request #5487 from icing/tls13_early_nr
...
Improved EarlyData Indicator reply fix based on PR #5486
2022-08-19 09:54:17 -07:00
Stefan Eissing
a7c0c4649e
Fixing Handshake Hash update when Preshared Keys offered by client,
...
but none of them was accepted.
- This applies to TLSv1.3 and QUIC
- QUIC test case to trigger the bug enabled
2022-08-19 15:56:20 +02:00
David Garske
1d0e83bd1a
Merge pull request #5474 from julek-wolfssl/zd14644-2
...
Match OpenSSL self signed error return.
2022-08-19 06:46:26 -07:00
Eric Blankenhorn
3d8562f07b
Fixes for build and runtime issues
2022-08-19 08:12:04 -05:00
Stefan Eissing
6cb0caa0a0
Adding disabledCurves as a member of WOLFSSL in the OPENSSL_EXTRA case.
...
- inheriting from WOLFSSL_CTX on creation
- enabling on WOLFSSL only when wolfSSL_set1_curves_list() is called
2022-08-19 11:03:23 +02:00
Stefan Eissing
7a5170b6e1
Improved EarlyData Indicator reply fix based on PR #5486
...
- PR #5486 had test failures in tls13.test and quit unit.test
- the extension was no longer added in SessionTicket messages
- added extra parameter to clarify how the TLSX is used
2022-08-19 10:07:06 +02:00
Satoshi Yamaguchi
61c7003520
Fix whitespace
2022-08-19 12:38:07 +09:00
Sean Parkinson
4b8cd6c62b
wolfSSL_state_string_long - update for TLS 1.3 and DTLS 1.3
2022-08-19 09:41:01 +10:00
Juliusz Sosinowicz
06022e85a3
Fix avoidSysCalls logic
2022-08-18 19:43:40 +02:00
Juliusz Sosinowicz
4d0ea62857
Refactor ticket size to not accidentally go over WOLFSSL_TICKET_ENC_SZ
...
- Optimize memory usage. Write directly to ssl->session->ticket in CreateTicket() and use a hash to make sure the InternalTicket was encrypted.
- DoClientTicket does not fatally error out anymore. Errors in the ticket result in the ticket being rejected instead.
2022-08-18 19:08:43 +02:00
Chris Conlon
e830a0f613
Merge pull request #5434 from satoshiyamaguchi/trial4
2022-08-17 17:04:36 -06:00
Juliusz Sosinowicz
68f71d0d96
Remove WOLFSSL_SESSION_TYPE_REF buffers from WOLFSSL_SESSION
2022-08-17 19:29:07 +02:00
Stefan Eissing
3918a2e29a
Renaming the named_curve parameter to curve_id to avoid shadowing.
2022-08-17 17:01:18 +02:00
Juliusz Sosinowicz
008e947fec
Match OpenSSL self signed error return.
...
OpenSSL compat expects ASN_SELF_SIGNED_E when a self signed cert can't be verified. This is useful when translating the error with GetX509Error into a X509_V_ERR_* error.
2022-08-17 12:40:16 +02:00
Stefan Eissing
d6548b6b88
Small refactoring of named group handling for readability and de-duplicating of code.
...
- add wolfSSL_CTX_curve_is_disabled() and wolfSSL_curve_is_disabled()
to have common checks on wether a curve has been disabled by user
- add macros returning 0 for above function when OPENSSL_EXTRA is not
defined, enabling use without #fidef check
- add macros for checking if named groups are in a certain range
WOLFSSL_NAMED_GROUP_IS_FFHDE()
WOLFSSL_NAMED_GROUP_IS_PQC()
Fixed QuicTransportParam_free() use without case when compiling
with c++.
2022-08-17 11:46:48 +02:00
Satoshi Yamaguchi
f5a257c383
Add WOLFSSL_LEAVE to wolfSSL_PEM_read_RSA_PUBKEY and wolfSSL_PEM_read_PUBKEY
2022-08-17 14:23:50 +09:00
Sean Parkinson
7435402c30
Fixes to better handle re-use of a WOLFSSL object via wolfSSL_clear.
2022-08-16 15:44:05 -07:00
Stefan Eissing
3434210b13
Fix memory leak in QUIC transport parameters extension
2022-08-16 18:13:25 +02:00
Satoshi Yamaguchi
524f9ebd32
Add argument check and error message to wolfSSL_PEM_read_RSA_PUBKEY
2022-08-16 17:35:51 +09:00
David Garske
e56a2355ca
Merge pull request #5464 from julek-wolfssl/zd14644
...
Translate the verify callback error to an X509_V_ERR_* value when OPENSSL_COMPATIBLE_DEFAULTS is defined
2022-08-15 06:30:36 -07:00
David Garske
28f22859bb
Merge pull request #5451 from embhorn/zd14428
...
Fix TSIP ret value in TLSX_KeyShare_ProcessEcc
2022-08-14 11:27:20 -07:00
Satoshi Yamaguchi
fba534dce0
Add wolfSSL_PEM_read_RSA_PUBKEY to OpenSSL compatible API
2022-08-14 16:08:22 +09:00