Commit Graph

6513 Commits

Author SHA1 Message Date
David Garske a7f86f9473 Merge pull request #5517 from JacobBarthelmeh/Testing
misc. testing items from static analysis tools
2022-08-29 08:48:51 -07:00
Juliusz Sosinowicz 88deaf9b5c SNI can appear in ServerHello for TLS 1.2
Co-authored-by: Eric Blankenhorn <eric@wolfssl.com>
2022-08-29 14:22:10 +02:00
JacobBarthelmeh 1e673aee3b scan-build warning fix 2022-08-26 16:29:11 -07:00
David Garske 1976601811 Merge pull request #5505 from julek-wolfssl/dtls-plaintext
Ignore plaintext on established connections
2022-08-25 07:25:03 -07:00
Hayden Roche 9f39ffdba7 Fix wolfSSL_GENERAL_NAMES_free memory leak.
This function was just freeing the stack object itself of GENERAL_NAMES with
wolfSSL_sk_free, but this doesn't free the data in the items of the stack. The
fix is to replace wolfSSL_sk_free with wolfSSL_sk_GENERAL_NAME_free.
2022-08-24 18:42:30 -07:00
Juliusz Sosinowicz 159a3c8b03 Ignore plaintext on established connections 2022-08-24 21:40:19 +02:00
Sean Parkinson 2571f65e85 Check ECC signature in TLS
Verifying gnerated ECC signature in TLS handshake code to mitigate when
an attacker can gain knowledge of the private key through fault
injection in the signing process.
Requires WOLFSSL_CHECK_SIG_FAULTS to be defined.
2022-08-24 09:01:18 +10:00
David Garske 5c65974170 Fix for dynamic type macro typo. 2022-08-23 09:32:11 -07:00
Marco Oliverio 3a8e6f2280 fix: add explicit cast to abide g++ compiler 2022-08-23 16:58:24 +02:00
Marco Oliverio cfbd061625 add initial support for ConnectionID DTLS extension 2022-08-23 16:58:24 +02:00
Marco Oliverio 171af05e96 tlsx: expose TLSX_Push
To be able to implement extension in separate compilation unit
2022-08-23 10:00:06 +02:00
David Garske 48463f6d54 Merge pull request #5388 from lealem47/crlPrint
Adding X509_CRL_print() function
2022-08-22 17:16:19 -07:00
JacobBarthelmeh bd49d37aaf Merge pull request #5492 from embhorn/zd14694
Fix for AddPacketInfo with WOLFSSL_CALLBACKS
2022-08-22 14:59:29 -06:00
Lealem Amedie 91a7b8067c Addressing some PR feedback 2022-08-22 12:04:15 -07:00
David Garske b9d9dc02bb Merge pull request #5476 from julek-wolfssl/session-buffers
Remove WOLFSSL_SESSION_TYPE_REF buffers from WOLFSSL_SESSION
2022-08-22 11:59:39 -07:00
David Garske d50e740c97 Merge pull request #5488 from julek-wolfssl/get_ex_new_index-docs
Add documentation explaining get_ex_new_index API limitations
2022-08-22 09:51:36 -07:00
David Garske a7e318a7ad Merge pull request #5484 from lealem47/allocators
Adding allocator funcs for dtls peer (for wrappers)
2022-08-22 09:29:54 -07:00
David Garske 1e5de8255e Merge pull request #5472 from satoshiyamaguchi/trial3
Add/Extend PEM_read compatibility API's
2022-08-22 09:24:39 -07:00
Lealem Amedie 8f4b467f47 Fixing line lengths and SMALL_STACK code path 2022-08-22 09:17:23 -07:00
Eric Blankenhorn 22c44bd762 Fix for AddPacketInfo with WOLFSSL_CALLBACKS 2022-08-22 08:01:21 -05:00
Juliusz Sosinowicz 0dbd0ffb4e Merge pull request #5483 from embhorn/zd14659 2022-08-22 14:28:29 +02:00
Juliusz Sosinowicz e565d0d7de Refactor and code review
- Refactor object hashing into one function
- Allow multiple WOLFSSL_ASSERT_SIZEOF_GE in one function
2022-08-22 14:19:48 +02:00
Juliusz Sosinowicz 8b2fcd0643 Add documentation explaining get_ex_new_index API limitations 2022-08-22 12:16:51 +02:00
Sean Parkinson 26c61f8e0f Merge pull request #5473 from icing/quic-hello-retry
Respect disabled curves on HelloRetryRequests
2022-08-22 08:32:30 +10:00
Lealem Amedie 2059d05b7a checking some ret values, fix trailing whitespace 2022-08-19 12:40:42 -07:00
Lealem Amedie 2a65220527 Adding X509_CRL_print() function 2022-08-19 12:21:35 -07:00
Lealem Amedie da136e0c49 Adding allocator funcs for dtls peer (for wrappers) 2022-08-19 10:59:55 -07:00
David Garske b417f94435 Merge pull request #5485 from SparkiDev/tls13_state_string_long
wolfSSL_state_string_long - update for TLS 1.3 and DTLS 1.3
2022-08-19 10:09:09 -07:00
David Garske f3b9cfa71c Merge pull request #5487 from icing/tls13_early_nr
Improved EarlyData Indicator reply fix based on PR #5486
2022-08-19 09:54:17 -07:00
Stefan Eissing a7c0c4649e Fixing Handshake Hash update when Preshared Keys offered by client,
but none of them was accepted.

- This applies to TLSv1.3 and QUIC
- QUIC test case to trigger the bug enabled
2022-08-19 15:56:20 +02:00
David Garske 1d0e83bd1a Merge pull request #5474 from julek-wolfssl/zd14644-2
Match OpenSSL self signed error return.
2022-08-19 06:46:26 -07:00
Eric Blankenhorn 3d8562f07b Fixes for build and runtime issues 2022-08-19 08:12:04 -05:00
Stefan Eissing 6cb0caa0a0 Adding disabledCurves as a member of WOLFSSL in the OPENSSL_EXTRA case.
- inheriting from WOLFSSL_CTX on creation
- enabling on WOLFSSL only when wolfSSL_set1_curves_list() is called
2022-08-19 11:03:23 +02:00
Stefan Eissing 7a5170b6e1 Improved EarlyData Indicator reply fix based on PR #5486
- PR #5486 had test failures in tls13.test and quit unit.test
- the extension was no longer added in SessionTicket messages
- added extra parameter to clarify how the TLSX is used
2022-08-19 10:07:06 +02:00
Satoshi Yamaguchi 61c7003520 Fix whitespace 2022-08-19 12:38:07 +09:00
Sean Parkinson 4b8cd6c62b wolfSSL_state_string_long - update for TLS 1.3 and DTLS 1.3 2022-08-19 09:41:01 +10:00
Juliusz Sosinowicz 06022e85a3 Fix avoidSysCalls logic 2022-08-18 19:43:40 +02:00
Juliusz Sosinowicz 4d0ea62857 Refactor ticket size to not accidentally go over WOLFSSL_TICKET_ENC_SZ
- Optimize memory usage. Write directly to ssl->session->ticket in CreateTicket() and use a hash to make sure the InternalTicket was encrypted.
- DoClientTicket does not fatally error out anymore. Errors in the ticket result in the ticket being rejected instead.
2022-08-18 19:08:43 +02:00
Chris Conlon e830a0f613 Merge pull request #5434 from satoshiyamaguchi/trial4 2022-08-17 17:04:36 -06:00
Juliusz Sosinowicz 68f71d0d96 Remove WOLFSSL_SESSION_TYPE_REF buffers from WOLFSSL_SESSION 2022-08-17 19:29:07 +02:00
Stefan Eissing 3918a2e29a Renaming the named_curve parameter to curve_id to avoid shadowing. 2022-08-17 17:01:18 +02:00
Juliusz Sosinowicz 008e947fec Match OpenSSL self signed error return.
OpenSSL compat expects ASN_SELF_SIGNED_E when a self signed cert can't be verified. This is useful when translating the error with GetX509Error into a X509_V_ERR_* error.
2022-08-17 12:40:16 +02:00
Stefan Eissing d6548b6b88 Small refactoring of named group handling for readability and de-duplicating of code.
- add wolfSSL_CTX_curve_is_disabled() and wolfSSL_curve_is_disabled()
  to have common checks on wether a curve has been disabled by user
- add macros returning 0 for above function when OPENSSL_EXTRA is not
  defined, enabling use without #fidef check
- add macros for checking if named groups are in a certain range
  WOLFSSL_NAMED_GROUP_IS_FFHDE()
  WOLFSSL_NAMED_GROUP_IS_PQC()

Fixed QuicTransportParam_free() use without case when compiling
with c++.
2022-08-17 11:46:48 +02:00
Satoshi Yamaguchi f5a257c383 Add WOLFSSL_LEAVE to wolfSSL_PEM_read_RSA_PUBKEY and wolfSSL_PEM_read_PUBKEY 2022-08-17 14:23:50 +09:00
Sean Parkinson 7435402c30 Fixes to better handle re-use of a WOLFSSL object via wolfSSL_clear. 2022-08-16 15:44:05 -07:00
Stefan Eissing 3434210b13 Fix memory leak in QUIC transport parameters extension 2022-08-16 18:13:25 +02:00
Satoshi Yamaguchi 524f9ebd32 Add argument check and error message to wolfSSL_PEM_read_RSA_PUBKEY 2022-08-16 17:35:51 +09:00
David Garske e56a2355ca Merge pull request #5464 from julek-wolfssl/zd14644
Translate the verify callback error to an X509_V_ERR_* value when OPENSSL_COMPATIBLE_DEFAULTS is defined
2022-08-15 06:30:36 -07:00
David Garske 28f22859bb Merge pull request #5451 from embhorn/zd14428
Fix TSIP ret value in TLSX_KeyShare_ProcessEcc
2022-08-14 11:27:20 -07:00
Satoshi Yamaguchi fba534dce0 Add wolfSSL_PEM_read_RSA_PUBKEY to OpenSSL compatible API 2022-08-14 16:08:22 +09:00