Daniel Pouzzner
87b2384cac
linuxkm settings.h: define NO_STDIO_FILESYSTEM
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
05bca8b0ee
when BUILD_LINUXKM, suppress building the library; rename $KROOT/$KARCH to $KERNEL_ROOT/$KERNEL_ARCH; remove SIMD enablement from linuxkm CFLAGS; add linuxkm support for -DKERNEL_OPT=x.
2020-09-23 18:32:16 -05:00
Daniel Pouzzner
925afe3b74
cast XMALLOC() return values assiduously, for Visual Studio compatibility.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
f5975d95db
src/ssl.c: use heap for workspace in wolfSSL_X509_sign(), wolfSSL_d2i_RSAPrivateKey_bio(), and wolfSSL_CTX_use_RSAPrivateKey().
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
0e480d1a14
Linux KM compilability cont'd: conform to C89isms (declarations before statements); iffdef WOLFSSL_LINUXKM use do_div() for long long division rather than C operator (avoids unresolvable compile-time callouts to libgcc function); misc gating and relocations for includes.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
dd825d90c4
more LKM WIP: polish up the struct DRBG refactor ("struct DRBG_internal"), tweaks for buildability on 3.x kernels (now builds on 3.x, 4.x, and 5.x up to 5.8.1), move a slew of #[un]def[ines] from wc_port.h to settings.h where they belong, misc cleanup.
2020-09-23 18:32:15 -05:00
Daniel Pouzzner
3c2155f4a9
linuxkm WIP -- update for kernels 4.9.x (LTS representative) and 5.8.x (latest).
2020-09-23 18:32:15 -05:00
David Garske
6425ebb60e
Linux Kernel Module support using "--enable-linuxkm".
2020-09-23 18:32:15 -05:00
toddouska
1c07de883c
Merge pull request #3306 from SparkiDev/tls13_pha_psk
...
TLS 1.3: Post-handshake Authentication and resumption secret
2020-09-23 16:06:55 -07:00
toddouska
2f74817e32
Merge pull request #3288 from embhorn/zd10901
...
Fix mp_radix_size off by 1 error
2020-09-23 09:19:02 -07:00
Sean Parkinson
4ed3438be0
TLS 1.3: Post-handshake Authentication and resumption secret
...
The master secret in arrays is not available post-handshake.
Use the master secret in the session when calculating resumption secret.
2020-09-23 17:09:06 +10:00
Jacob Barthelmeh
cb3338bd57
fix WOLFSSL_X509_NAME parse of empty feild and add test case
2020-09-21 18:44:13 -06:00
toddouska
0e66f9d835
Merge pull request #3299 from dgarske/ocsp_certchain
...
Fix for possible NULL use if certChain not loaded and OCSP cert request called
2020-09-21 13:40:21 -07:00
toddouska
1274a01dc7
Merge pull request #3289 from dgarske/wpas_small
...
Fixes for building `--enable-wpas=small` with WPA Supplicant v2.7
2020-09-21 13:37:58 -07:00
toddouska
0f6d391ea1
Merge pull request #3295 from SparkiDev/tls13_p521
...
TLS 1.3: Fix P-521 algorithm matching
2020-09-21 13:36:48 -07:00
David Garske
b4c964f729
Fix for possible NULL buffer use if certChain not loaded and OCSP cert request called.
2020-09-18 09:15:44 -07:00
David Garske
d37adefe98
Fixes for edge case builds with certificate req/gen/ext without --enable-opensslextra.
2020-09-18 09:14:41 -07:00
David Garske
780e8a4619
Fixes for building --enable-wpas=small with WPA Supplicant v2.7.
2020-09-18 09:14:41 -07:00
Sean Parkinson
d63ff07edc
TLS 1.3: Fix P-521 algorithm matching
...
Digest size compared to key size - P521 has large key size.
Fixed to round down.
Added P-521 keys and certificates.
Added testing of P-521 keys and certificcates to unittest.
2020-09-18 10:51:55 +10:00
toddouska
85da1a1d0a
Merge pull request #3271 from SparkiDev/tls13_peek
...
TLS 1.3: allow wolfSSL_peek() to return WANT_READ
2020-09-16 15:02:42 -07:00
toddouska
a3fca7f593
Merge pull request #3247 from JacobBarthelmeh/Compatibility-Layer
...
Compatiblity Layer Fixes for serial number / ASN1 time / and order of name components
2020-09-16 14:53:51 -07:00
Eric Blankenhorn
78a1670334
Fix mp_radix_size off by 1 error
2020-09-10 09:58:26 -05:00
Juliusz Sosinowicz
e34ccaf481
Fix window check
...
If `curLT` then diff needs to be decremented. For example: `diff` = 1 represents last packet so it would be the `window[idx] & (1 << 0)` bit of the window variable.
2020-09-09 23:27:49 +02:00
John Safranek
39b5448601
Merge pull request #3279 from dgarske/minor_fixes
...
Minor build fixes for typo and CMake
2020-09-08 16:45:52 -07:00
JacobBarthelmeh
58e03b2d26
Merge pull request #3272 from embhorn/zd10650
...
Check for non-blocking return code in BioSend
2020-09-08 14:25:16 -06:00
David Garske
6f5a7e87c5
Fix for CMake to only set ranlib arguments for Mac. Fix for stray typo of , -> ;. Fixes #3275 and Fixes #3278
2020-09-08 11:07:12 -07:00
Juliusz Sosinowicz
ee2d051536
Fix failing nightly
...
Failed tests when configured with `./configure --enable-dtls --enable-opensslextra --enable-sessioncerts`. Valgrind discovered a use after free bug. Nulling session->peer fixes the issue.
2020-09-07 14:36:57 +02:00
Sean Parkinson
93bb12ce86
TLS 1.3: allow wolfSSL_peek() to return WANT_READ
...
When handshake message is processed in wolfSSL_peek() then return
WANT_READ from peek instead of blocking waiting for application data.
Server may send an alert if the client certificate is invalid.
The server also may send NewSesionTicket after client has sent finished
message.
To detect alert before handling application data, then the socket needs
to be checked for data. If the data is an alert then wolfSSL_peek() will
handle the alert, but if it is a NewSessionTicket then wolfSSL_peek()
will process it and block waiting for application data - so return
WANT_READ if no application data seen after processing handshake
message.
2020-09-07 08:30:24 +10:00
toddouska
7fd51cf9d9
Merge pull request #3267 from SparkiDev/no_client_auth
...
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
2020-09-03 15:55:38 -07:00
toddouska
9901eb9272
Merge pull request #3249 from SparkiDev/tls13_early_data_fix
...
TLS 1.3 Early Data: fix
2020-09-03 14:49:39 -07:00
toddouska
b3acd57de5
Merge pull request #3254 from dgarske/leaks
...
Fixes valgrind leak reports (related to small stack cache)
2020-09-02 10:44:49 -07:00
toddouska
9268de229a
Merge pull request #3266 from dgarske/unit_test
...
Fix for DH compute key compatibility function failure
2020-09-02 10:23:23 -07:00
JacobBarthelmeh
914905f1bc
Merge pull request #3193 from embhorn/zd10457_b
...
Fix CheckHostName matching
2020-09-02 10:36:02 -06:00
toddouska
6f56c3c800
Merge pull request #3204 from dgarske/ocsp_nonblock
...
Fix for OCSP response in non-blocking mode and testing script improvements
2020-09-01 15:56:52 -07:00
Jacob Barthelmeh
fd2074da00
fix for order of components in issuer when using compatiblity layer api to generate cert
2020-09-01 09:27:45 -06:00
Sean Parkinson
89b9a77eca
Get builds with WOLFSSL_NO_CLIENT_AUTH compiling and testing
...
Fix build for no client or server and no client auth.
Fix tests to detect when no client auth compiled and test is trying to
do client auth.
2020-09-01 15:27:46 +10:00
David Garske
c587ff72d2
Fix for occasional unit.test failure in test_wolfSSL_EVP_PKEY_derive.
2020-08-31 14:04:51 -07:00
David Garske
28b2be37cd
Merge pull request #3259 from ejohnstown/sniffer-no-oldtls
...
Sniffer without OldTls
2020-08-31 07:34:24 -07:00
Sean Parkinson
db864be6a4
TLS 1.3 Early Data: fix
...
Will process early data packets now.
Added test to check output of server for early data being received.
2020-08-31 09:03:05 +10:00
Juliusz Sosinowicz
c6d1d524fc
HAVE_SESSION_TICKET can also be defined without TLS 1.2
2020-08-28 16:05:28 +02:00
David Garske
3e685fdb5b
Fix for DTLS DoClientHello HMAC free (function has another exit point).
2020-08-27 10:02:15 -07:00
Jacob Barthelmeh
ab52bcf43d
add overried for max entries and certificate generation size
2020-08-26 19:22:57 -06:00
John Safranek
5b39976cc0
Sniffer without OldTls
...
1. Put a guard around the call to DeriveKeys() when building with
--enable-sniffer --disable-oldtls. Disabling OldTls removes the
DeriveKeys() function. Similar logic used in internal.c.
2020-08-26 16:47:44 -07:00
Eric Blankenhorn
ea5c290d60
Fix CheckHostName matching
2020-08-26 14:03:17 -05:00
David Garske
6d5731b8e9
Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with WOLFSSL_SMALL_STACK_CACHE. Added return code checking and cleanup for openssl_test.
2020-08-26 09:45:26 -07:00
David Garske
61545df606
Fix to make sure DTLS cookie HMAC free gets called. Note: This does not cover the many error case paths.
2020-08-26 09:41:26 -07:00
David Garske
14e1489365
Fix for SRP leaks with WOLFSSL_SMALL_STACK_CACHE
2020-08-26 09:41:09 -07:00
Jacob Barthelmeh
bc58dde700
fix for serial number containing 0's and for RNG fail case
2020-08-26 00:03:39 -06:00
Jacob Barthelmeh
ef9beaf271
adjust sanity check on serial number size to match fix
2020-08-24 18:15:05 -06:00
Jacob Barthelmeh
c4a6fba591
fix for ASN1 time and serial number
2020-08-24 17:00:19 -06:00