Sean Parkinson
cd41c8beaf
Merge pull request #5147 from rizlik/do_alert_reset
...
internal.c:reset input/processReply state if exiting after DoAlert()
2022-05-19 09:36:44 +10:00
Marco Oliverio
be172af3cd
internal.c: check that we have data before processing messages
...
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
2022-05-18 18:49:33 +02:00
Marco Oliverio
6940a5eaae
internal.c:reset input/processReply state if exiting after DoAlert()
2022-05-18 18:35:29 +02:00
Sean Parkinson
2f91028f2d
TLS 1.3: pre-master secret zeroizing
2022-05-18 08:52:38 +10:00
David Garske
ec619e3f35
Merge pull request #5107 from julek-wolfssl/wpas-ex-data-leak
...
Call ctx->rem_sess_cb when a session is about to be invalid
2022-05-16 13:27:08 -07:00
Sean Parkinson
eea537e5ea
Merge pull request #5124 from kaleb-himes/WIN_MULTICONFIG
...
Address issues ID'd by new windows multi-config test
2022-05-13 09:39:15 +10:00
Sean Parkinson
d1308fcdfc
Merge pull request #5122 from rizlik/tls13_pad_calc
...
internal.c: fix pad-size when more records are received at once
2022-05-13 07:59:36 +10:00
Daniel Pouzzner
c4920021d8
print errors to stderr, not stdout;
...
fix whitespace in internal.c;
add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
John Safranek
2cf87a8049
Merge pull request #5084 from julek-wolfssl/zd14101-dtls-want-write
...
DTLS fixes with WANT_WRITE simulations
2022-05-12 09:36:40 -07:00
David Garske
05ce8329c9
Merge pull request #5067 from miyazakh/compat_altcertchain
...
"veify ok" if alternate cert chain mode is used
2022-05-12 08:54:51 -07:00
Juliusz Sosinowicz
a31b76878f
DTLS fixes with WANT_WRITE simulations
...
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
2022-05-12 15:46:08 +02:00
Hideki Miyazaki
5d93a48ddf
veify ok if alternate cert chain mode for verifyCallback
2022-05-12 06:15:18 +09:00
Daniel Pouzzner
9fbb4a923f
src/internal.c:GetCipherKeaStr(): allow "ECDH" (in addition to "ECDHE") as a suite clause that maps to KEA "ECDH".
2022-05-10 15:12:00 -05:00
Daniel Pouzzner
26673a0f28
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp;
...
add macro XSTRCASECMP();
update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
Marco Oliverio
f06ac9965c
internal.c: fix: plaintext check account for the current record only
2022-05-10 13:12:09 +02:00
Marco Oliverio
db23d8a0cf
internal.c: don't skip records if we don't process early-data
...
If we don't process early data, we want to skip only the current record and not
all the received data
2022-05-10 13:04:43 +02:00
Marco Oliverio
445c1e6ceb
internal.c: don't check TLS13 plaintext limit twice
...
Plaintext size is checked before decryption in TLS 1.3
2022-05-10 12:51:50 +02:00
kaleb-himes
d5f7beefd4
Address issues ID'd by new windows multi-config test
2022-05-09 16:50:56 -06:00
Marco Oliverio
0c7e9a0104
internal.c: fix pad-size when more records are received at once
...
don't consider the end of the record the end of received data as more records
may be read at once when DTLS will be supported.
2022-05-09 11:00:31 +02:00
David Garske
36877d78b4
Merge pull request #5078 from julek-wolfssl/wpas-tls13
...
Clean up wolfSSL_clear() and add some more logging
2022-05-06 11:45:43 -07:00
Juliusz Sosinowicz
b6b007de3c
Call ctx->rem_sess_cb when a session is about to be invalid
...
Allow the user to register a session remove callback with wolfSSL_CTX_sess_set_remove_cb() that will be called when the session is about to be free'd or evicted from cache.
2022-05-06 16:34:28 +02:00
David Garske
628a91efda
Fix for size calculation for encrypt then mac without openssl extra enabled. Fix for cast warning.
2022-05-02 17:11:48 -06:00
David Garske
277d6dc5dd
Fix minor clang-tidy warnings for async.
2022-04-27 10:22:19 -07:00
John Safranek
7436a41bc7
Merge pull request #5046 from SparkiDev/cppcheck_fixes_8
...
cppcheck: fixes
2022-04-26 10:37:42 -07:00
John Safranek
7e8598f75b
Merge pull request #5081 from dgarske/sniffer_decrypt
...
Restore sniffer internal decrypt function. This allows decrypting TLS…
2022-04-26 09:37:32 -07:00
David Garske
273ed1df76
Restore sniffer internal decrypt function. This allows decrypting TLS v1.2 traffic ignoring AEAD errors.
2022-04-25 16:28:09 -07:00
Sean Parkinson
20e5e654a3
cppcheck: fixes
...
CBIORecv/Send are only assigned once.
IOCB_ReadCtx/WriteCtx only assigned once.
BuildMessage checks output and input wiht sizeOnly every call - state
machine doesn't cache these.
Renamed alias_tbl variables to something unique.
Other cppcheck fixes.
Also reworked pem_read_bio_key().
2022-04-26 09:26:41 +10:00
Juliusz Sosinowicz
4013f83e4f
Add some missing logs and implement WOLFSSL_MSG_EX()
...
WOLFSSL_MSG_EX() uses XVSNPRINTF to allow for formatted strings to be printed. It uses a 100 byte internal stack buffer to format the log message.
2022-04-25 15:59:07 +02:00
David Garske
4ecf3545d7
Improve scan-build fix for ProcessPeerCertParse checking of empty dCert. With WOLFSSL_SMALL_CERT_VERIFY it is NULL.
2022-04-22 16:07:24 -07:00
David Garske
e9b80e53fa
Fix issue with InitX509Name.
2022-04-22 16:02:54 -07:00
David Garske
84a33183a6
Various scan-build fixes.
2022-04-22 16:02:54 -07:00
David Garske
3755b88a02
Fix InitX509Name to set dynamicName on init.
2022-04-22 16:02:53 -07:00
David Garske
c41b1b1b9b
Fix to ensure args->dCert is set for ProcessPeerCertParse.
2022-04-22 16:02:53 -07:00
David Garske
ec76f79e9d
Fixes for sniffer decrypt broken in PR #4875 . The TLS v1.2 sniffer decrypt did not have ssl->curRL set for proper auth tag calculation and was placing the data at offset + 8 to leave room for explicit IV.
2022-04-19 16:31:27 -07:00
Eric Blankenhorn
ab6dc8d669
Add ability to set ECC Sign userCTX using WOLFSSL_CTX
2022-04-11 08:41:27 -05:00
Daniel Pouzzner
0d6c283f7a
fixes for -Werror=declaration-after-statement in debug builds.
2022-04-04 09:29:26 -05:00
Daniel Pouzzner
ae3996fd0e
fix codebase for -Wvla -Wdeclaration-after-statement; fix some whitespace.
2022-04-01 14:44:10 -05:00
Eric Blankenhorn
ea38e1aab5
Add wolfSSL_CTX_SetCertCbCtx to set user context for CB
2022-03-30 12:27:11 -05:00
Daniel Pouzzner
12776b3772
fixups for warnings from gcc-12:
...
src/internal.c: use XMEMCMP(), not ==, to compare array elements (fixes conflict of 74408e3ee3 vs 617eda9d44 );
fix spelling of NAMEDGROUP_LEN (was NAMEDGREOUP_LEN);
src/ssl.c: in CheckcipherList() and wolfSSL_parse_cipher_list(), use XMEMCPY(), not XSTRNCPY(), to avoid (benign) -Wstringop-truncation;
scripts/sniffer-tls13-gen.sh: fix for shellcheck SC2242 (exit 1, not -1).
2022-03-24 16:33:36 -05:00
Anthony Hu
ceae169a34
Merge pull request #4969 from dgarske/pk_pubkey
2022-03-24 12:40:03 -04:00
David Garske
aa38d99538
Fix for TLS PK callback issue with Ed25519/Ed448 and public key not being set.
2022-03-22 08:33:54 -07:00
David Garske
59665a44b5
Fixes for allowing server to have a public key set when using external key with PK callbacks.
2022-03-21 13:14:24 -07:00
David Garske
29c120356e
Sniffer asynchronous support.
...
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807 .
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
2022-03-21 12:05:08 -07:00
David Garske
8bf14ba1d3
Merge pull request #4957 from JacobBarthelmeh/Compatibility-Layer
...
alter return value and add error string
2022-03-21 09:10:04 -07:00
Sean Parkinson
ef66a12a24
Merge pull request #4961 from dgarske/cust_fixups
...
Various portability improvements (Time, DTLS epoch size, IV alloc)
2022-03-18 11:38:57 +10:00
David Garske
b546b2a5ec
Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID.
2022-03-17 14:48:30 -07:00
David Garske
ae25a48509
Improve the build message to not always allocate the IV (16 byte) (use fixed buffer if <= 16 bytes).
2022-03-17 14:01:57 -07:00
David Garske
3fba5d17c3
Various portability improvements:
...
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
2022-03-17 14:00:55 -07:00
JacobBarthelmeh
d0e83be596
alter return value and add error string
2022-03-15 10:26:59 -07:00
Sean Parkinson
9ed061cc96
TLS: add peer authentication failsafe for TLS 1.2 and below
...
Tightened the TLS 1.3 failsafe checks too.
2022-03-15 08:51:44 +10:00