Commit Graph

4216 Commits

Author SHA1 Message Date
Chris Conlon 1c1a01fffe rename dup to resolve NetBSD global shadow warnings 2020-06-03 14:11:12 -06:00
Chris Conlon d220168384 Merge pull request #3017 from kojo1/supplicant-error
alertWhy: unknown_ca for ASN_NO_SIGNER_E
2020-06-03 10:44:31 -05:00
toddouska c7331fa699 Merge pull request #3008 from embhorn/zd10320
Fix possible NULL dereference error in TLSX_SecureRenegotiation_Parse
2020-06-02 11:13:17 -07:00
Takashi Kojo 5bcd121ab5 alertWhy: unknown_ca for ASN_NO_SIGNER_E 2020-06-02 05:54:16 +09:00
toddouska 2ee8f335b7 Merge pull request #2992 from SparkiDev/tls13_enc_alert_2
Actually make TLS 1.3 alerts encrypted when possible
2020-05-29 13:04:49 -07:00
David Garske e498e07390 Merge pull request #3005 from cconlon/608a
ATECC608A improvements for use with Harmony 3 and PIC32MZ
2020-05-28 16:10:39 -07:00
toddouska 5962931b21 Merge pull request #2947 from SparkiDev/tls13_integ_fix
Fix TLS 1.3 integrity only for interop
2020-05-28 13:48:43 -07:00
Eric Blankenhorn 4e8f5fce66 Fix NULL dereference error 2020-05-28 12:17:29 -05:00
Sean Parkinson 3fec01c0aa Actually make TLS 1.3 alerts encrypted when possible
Pervious fix didn't work.
This time, if TLS 1.3 and encryption is on then it will encrypt the
alert.
2020-05-28 10:57:33 +10:00
Chris Conlon 896fcd9aec add WOLFSSL_ATECC6088A, Trust&GO support, PIC32 HAL compatibility, 608A expansions 2020-05-27 16:49:29 -06:00
JacobBarthelmeh 8e9f518caa fix for gcc 10+ error on snprintf 2020-05-27 16:20:39 -06:00
toddouska e388885407 Merge pull request #2997 from kaleb-himes/ZD10356
Fix a seg fault when cert not loaded prior to key check
2020-05-26 16:19:43 -07:00
Kaleb Himes 5179503e8f Merge pull request #2995 from julek-wolfssl/va-copy-check
Enable wolfSSL_BIO_vprintf on Windows
2020-05-26 08:58:05 -07:00
Sean Parkinson eed5943b6f Fix TLS 1.3 integrity only for interop
Make key size the size of the digest.
2020-05-25 16:02:53 +10:00
Chris Conlon 165fce7c57 Merge pull request #2988 from miyazakh/peakmem
added WOLFSSL_LEAVE for measuring peak memory script
2020-05-22 15:37:30 -06:00
kaleb-himes 53d2a17b43 Fix a seg fault when cert not loaded prior to key check 2020-05-22 15:03:11 -06:00
Juliusz Sosinowicz de61a8e5d3 Enable wolfSSL_BIO_vprintf on Windows
Enable wolfSSL_BIO_vprintf use with WOLFSSL_BIO_MEMORY and WOLFSSL_BIO_SSL on Windows with the HAVE_VA_COPY flag
2020-05-21 19:41:40 +02:00
David Garske 19848076ec Merge pull request #2986 from kaleb-himes/ZD9610_REPORT2
Fix building with openssl extra x509 small writes to heap without alloc
2020-05-20 08:10:43 -07:00
kaleb-himes 08c02b037c Fix building with openssl extra x509 small writes to heap without alloc 2020-05-19 17:12:36 -06:00
toddouska 7901f74d0b Merge pull request #2977 from SparkiDev/tlsx_ks_ecc_fix
KeyShare ECC shift index range check
2020-05-19 15:49:41 -07:00
toddouska 754c96965a Merge pull request #2974 from SparkiDev/tls13_enc_alert
If encryption setup, TLS 1.3 alerts encrypted
2020-05-19 15:48:54 -07:00
Sean Parkinson 5b918f7ace KeyShare ECC shift index range check 2020-05-18 08:49:38 +10:00
toddouska bdddb00ebc Merge pull request #2973 from kaleb-himes/FIPS-OE6
for OE6 sp_arm32.c asm code is inlined in rsa.c and ecc.c
2020-05-14 10:55:54 -07:00
toddouska fbfb28d5ee Merge pull request #2926 from SparkiDev/tls13_failnocert
Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3
2020-05-14 10:53:18 -07:00
toddouska 6f750c07b5 Merge pull request #2964 from SparkiDev/tls13down_tls12
Only check downgrade when TLS 1.2 and no flag set
2020-05-13 16:25:02 -07:00
Sean Parkinson 0295b5ae3b If encryption setup, TLS 1.3 alerts encrypted 2020-05-13 16:14:47 +10:00
kaleb-himes 9a8fc94181 for OE6 sp_arm32.c asm code is inlined in rsa.c and ecc.c 2020-05-12 16:28:39 -06:00
toddouska 6c9a0e440e Merge pull request #2959 from dgarske/wpas_tiny
Added wpa_supplicant support with reduced code size option
2020-05-11 08:55:22 -07:00
Sean Parkinson ed4899dd91 Only check downgrade when TLS 1.2 and no flag set
The flag, SSL_OP_NO_TLSv1_2, indicates not to negotiate TLS v1.2.
2020-05-11 13:18:50 +10:00
Hideki Miyazaki 5dfc36d32a added WOLFSSL_LEAVE for measuring peak memory script 2020-05-09 17:03:17 +09:00
David Garske 10aa8a4ffc Added support --enable-wpas=small for reduced code size when building against the WPA supplicant with EAP-TLS. This does not use OPENSSL_EXTRA, which helps reduce code size. 2020-05-08 13:38:26 -07:00
toddouska 6b930d996c Merge pull request #2958 from julek-wolfssl/ASN_IP_TYPE-without-openssl
Support IP alternative subject name without OpenSSL
2020-05-08 13:27:27 -07:00
toddouska 3ef7e588d2 Merge pull request #2932 from kaleb-himes/ZD10223
Fix building with one-side only tls13/dtls
2020-05-07 08:43:36 -07:00
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
kaleb-himes 62d67c3da1 Don't need if not using TLS 1.2 2020-05-04 12:54:36 -06:00
toddouska d848495a66 Merge pull request #2937 from dgarske/wolfio_tcpcon_fd
Fix issue with failed TCP connect using invalid socket file descriptor
2020-05-04 11:22:54 -07:00
David Garske 31502ec3f9 Fix issue with failed TCP connect using invalid socket file descriptor on close. Fixes #2936 2020-05-01 07:32:00 -07:00
Sean Parkinson 7879d3762a TLS13: Prepend the SupportedVersions extension to list
Must have SupportedVersions at start of list for Cookie to be
constructed correctly.
Application can set the key share extension before handshake and
SupportedVersions will be added after. Extensions written in order of
adding to list.
Prepend SupportedVersions so that it will always appear in the correct
place so when reconstructing HelloRetryRequest, the extensions will
always be in the same order.
2020-04-30 08:46:23 +10:00
kaleb-himes 951cb4aaf4 Fix building with one-side only tls13/dtls 2020-04-28 14:33:00 -06:00
toddouska f770d28ff0 Merge pull request #2916 from dgarske/testfixes
Improvements to ECC key decode and tests
2020-04-28 09:57:44 -07:00
toddouska a585e4115e Merge pull request #2927 from SparkiDev/tls13_ccs
In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row
2020-04-28 09:52:46 -07:00
toddouska cb6fc56f3b Merge pull request #2921 from dgarske/fixes_g++
Fixes for G++ and enable-all
2020-04-28 09:51:34 -07:00
David Garske 6185e0f477 Remove execute bit on files. 2020-04-27 11:16:02 -07:00
Sean Parkinson c153873337 Fail when WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT set in TLS1.3 2020-04-27 16:17:03 +10:00
Sean Parkinson df1b7f34f1 In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row 2020-04-27 15:27:02 +10:00
David Garske 6d025f8c0f Refactor of the EVP macType to use enum wc_HashType to resolve issues with invalid casting. 2020-04-24 07:43:44 -07:00
David Garske b07dfa425d Fixes for ./configure CC="g++" --enable-all && make. Resolves issues with implicit casts and use of reserved template keyword. 2020-04-23 15:26:04 -07:00
toddouska 7318121d3a Merge pull request #2915 from dgarske/async_v4.4.0
Fixes for async release v4.4.0
2020-04-23 09:26:08 -07:00
David Garske 4592e0ec95 Fix for use of incorrect devId for wolfSSL_SHA3_256_Init. 2020-04-22 10:16:20 -07:00
John Safranek ccd096e1bb Memory Leak Fix
1. In `wolfSSL_d2i_DHparams()`, when setting the internal key on a
   WOLFSSL_KEY, set the flag inSet.
2. Not a leak, but in `wolfSSL_EVP_PKEY_set1_DH()`, only allocate one
   buffer to store the flat key. Saves an alloc, memcpy, and free.
2020-04-21 10:21:59 -07:00