wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 20:12:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,923 Commits 12 Branches 184 Tags
5018d6c2bbcfeb3a4b8fd58dcef558d09000311e
Commit Graph

7399 Commits

Author SHA1 Message Date
Sean Parkinson
ce1e44d5e8 TLS 1.3: compiling with WOLFSSL_PSK_ONE_ID fix 
Move use of 'suites' into non-WOLFSSL_PSK_ONE_ID path as variable
declared and used only in that case.
 2023-10-20 10:32:45 +10:00
JacobBarthelmeh
a3bf7a66a4 Merge pull request #6886 from julek-wolfssl/openvpn-master-fix 
Define SSL_get_peer_tmp_key
 2023-10-18 13:17:15 -06:00
David Garske
22ab21749c Merge pull request #6869 from bigbrett/ios-ca-api 
Add support for new Apple trust APIs with WOLFSSL_SYS_CA_CERTS
 2023-10-18 10:29:41 -07:00
Juliusz Sosinowicz
f99c7cbb21 Define SSL_get_peer_tmp_key 2023-10-18 19:24:11 +02:00
JacobBarthelmeh
269090353e Merge pull request #6884 from kareem-wolfssl/zd16824 
Add explicit break to switch statement in GetHmacLength
 2023-10-18 11:20:55 -06:00
Sean Parkinson
1e84d24c20 SM2 named curve disabled: value outside of supported values 
SM2 named curve value is specified in specification.
Values 0-14 aren't used, so, those bits in disabledCurves are used for
values over 31.
Add range checks.
 2023-10-18 10:51:37 +10:00
Kareem
f59b22d3a0 Add explicit break to switch statement in GetHmacLength 2023-10-17 14:14:05 -07:00
Brett
0244c2a254 Add support for new Apple trust APIs with WOLFSSL_SYS_CA_CERTS 2023-10-16 14:37:21 -06:00
JacobBarthelmeh
ae3fdbec47 add free in error case CID 327286 2023-10-16 13:59:05 -06:00
JacobBarthelmeh
74b63b6409 fix for derefernce warning on debug message 2023-10-16 13:52:42 -06:00
JacobBarthelmeh
8be0e14bd2 add unlock in error case CID 327294 2023-10-16 13:46:18 -06:00
JacobBarthelmeh
99d46d9a6d fix for derefernce warning CID 327296 & CID 327298 2023-10-16 13:36:24 -06:00
JacobBarthelmeh
ed001829df Fix for dereference CID 327300 & CID 327301 2023-10-16 13:33:15 -06:00
JacobBarthelmeh
d35112064b Merge pull request #6840 from philljj/xmss_hooks_support 
Add XMSS/XMSSMT wolfCrypt hooks.
 2023-10-16 10:58:12 -06:00
JacobBarthelmeh
79a6e1eb04 Merge pull request #6808 from SparkiDev/sp_sm2 
SP updates for SM2
 2023-10-13 10:17:17 -06:00
JacobBarthelmeh
f247e6b6f0 Merge pull request #6865 from per-allansson/wolfio-getaddrinfo-hints-a 
wolfio: request only IPv4 addresses unless IPv6 support is enabled
 2023-10-13 09:53:38 -06:00
JacobBarthelmeh
95137f91fa Merge pull request #6856 from dgarske/fips_win32 
Fixes for wolfCrypt FIPS DLL win32
 2023-10-13 09:49:26 -06:00
Per Allansson
5f20f1171d wolfio: request only IPv4 addresses unless IPv6 support is enabled 2023-10-13 15:25:16 +02:00
JacobBarthelmeh
26cc785fbc Merge pull request #6861 from douzzer/20231012-keylog-export-warning-fix 
20231012-keylog-export-warning-fix
 2023-10-12 17:04:39 -06:00
Sean Parkinson
0cc21a42f3 SP updates for SM2 
Allow wolfSSL to build with SP implementations of SM2.
Updates to SP implementation of other code.
 2023-10-13 08:14:15 +10:00
JacobBarthelmeh
26ab3b109a Merge pull request #6858 from anhu/FASCN_OID 
Support FASCN OID in wolfssl_dns_entry_othername_to_gn()
 2023-10-12 14:47:09 -06:00
David Garske
3cebf35b1b Cleanups for IDE/WIN10 user_settings.h to allow for FIPS 140-2 3389 cert. Fixed compiler warning with possible use of uninitialized data. 2023-10-12 12:04:51 -07:00
Daniel Pouzzner
0549dba3db configure.ac and src/tls.c: fix --enable-keylog-export to warn at configure time, then build cleanly. 2023-10-12 13:09:43 -05:00
Anthony Hu
f332995131 Support FASCN OID in wolfssl_dns_entry_othername_to_gn() 2023-10-11 20:33:13 -04:00
JacobBarthelmeh
f0bfcc50d7 Merge pull request #6748 from julek-wolfssl/dtls13-frag-ch2 
DTLS 1.3: allow fragmenting the second ClientHello message
 2023-10-11 11:13:57 -06:00
Hideki Miyazaki
f8604da8e3 change to use a cutom random generation func for PRNG 2023-10-11 06:50:26 +09:00
jordan
f32c6a0d25 XMSS/XMSSMT hooks support: fix build. 2023-10-09 10:13:32 -05:00
Juliusz Sosinowicz
64ed7d57eb Add comment 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
275c0a0838 Update window in one place only when stateful 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
c1a49fef99 Fix unreachable code error 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
3a881079d3 Fix async 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
2c6c52078a test_dtls13_frag_ch_pq: make sure kyber5 is used 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
c802193119 Simplify the pqc keyshare handling 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
0dbf97c867 fixup! Clear the keyshare instead of storing it 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
ada785e115 Address code review 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
8da863184c Force DTLS 1.3 when accepting fragmented CH 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
df8ee69075 Clear the keyshare instead of storing it 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
85a596e54a DTLS 1.3: allow fragmenting the second ClientHello message 
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
 2023-10-09 12:54:11 +02:00
Sean Parkinson
832e0f3726 Merge pull request #6842 from kaleb-himes/fix-err-introduce-with-cm-move 
Fix -4 return code when expected BAD_FUNC_ARG(-173)
 2023-10-09 07:04:24 +10:00
JacobBarthelmeh
5cb80ea898 Merge pull request #6847 from embhorn/zd16767 
Fix wolfSSL_set_verify_result to use correct value
 2023-10-06 16:52:32 -06:00
Eric Blankenhorn
b329c0d5f4 Fix wolfSSL_set_verify_result to use correct value 2023-10-06 16:34:31 -05:00
JacobBarthelmeh
a24d66939f Merge pull request #6843 from embhorn/gh6760_take2 
Fix RNG with writedup
 2023-10-06 09:11:33 -06:00
kaleb-himes
e51399ca0f Do the success checkout out front 2023-10-05 17:05:36 -06:00
Eric Blankenhorn
a494d04f10 Fix RNG with writedup 2023-10-05 16:03:42 -05:00
kaleb-himes
4bb6c51d2d Fix -4 return code when expected BAD_FUNC_ARG(-173) 2023-10-05 14:20:37 -06:00
Juliusz Sosinowicz
89946126f2 Remove dtls_expected_rx and use expected values directly 
We should always read MTU + EXTRA so that we capture the entire message and are able to correctly decrypt the entire datagram. A smaller MTU also breaks larger handshake messages sent during a connection like secure renegotiation in DTLS 1.2 (confirmed) and post-handshake messages in DTLS 1.3 (suspected).
 2023-10-05 16:58:45 +02:00
Juliusz Sosinowicz
80c8c62fb2 Proper initial_ctx clean up 
- Call wolfSSL_CTX_free on ssl->initial_ctx so that it decrements the counter and free's the object
- Clean up where ssl->initial_ctx is free'd. It only needs to be free'd when the ssl object is being free'd
 2023-10-05 16:58:45 +02:00
jordan
33d4b331fb Add XMSS/XMSSMT wolfCrypt hooks. 2023-10-05 09:18:50 -05:00
JacobBarthelmeh
96205fc80d Merge pull request #6820 from julek-wolfssl/zd/16550-int-crl 
CRL verify the entire chain including loaded CA's
 2023-10-04 14:37:50 -06:00
Juliusz Sosinowicz
7baf151c37 CRL verify the entire chain including loaded CA's 
- Regen CRL's as most of them are expired
- certs/crl/extra-crls/ca-int-cert-revoked.pem: CRL that revokes certs/intermediate/ca-int-cert.pem signed by certs/ca-cert.pem
- Add CheckCertCRL_ex API to not depend on DecodedCert
- CheckCertCRLList: accept raw serial or hashed version to work with Signers
- Add XELEM_CNT to simplify pre-proc element counting
 2023-10-03 11:45:43 +02:00