Commit Graph

7281 Commits

Author SHA1 Message Date
JacobBarthelmeh 12685d7713 Merge pull request #6686 from dgarske/fix_cond
Fixes for wolfSSL conditional porting
2023-08-09 12:08:05 -06:00
JacobBarthelmeh 35f4a1a09d Merge pull request #6672 from anhu/cert_err_message
Add some OpenSSL compat error strings.
2023-08-09 09:28:51 -06:00
Juliusz Sosinowicz d747df2ae4 Make sure no mutexes are held when cond API are called 2023-08-09 16:25:58 +02:00
Juliusz Sosinowicz 7ba00f3b84 Initialize BIO methods at compile time 2023-08-09 16:23:46 +02:00
Anthony Hu 5daabe0801 Suggestion from Jacob to remove OPENSSL_EXTRA_X509_SMALL 2023-08-08 16:35:55 -04:00
David Garske 5b16586483 Fixes for wolfSSL conditional porting. Can cause deadlock in high usage situations. Added better signal support on MacOS. Issue created in PR #6437. 2023-08-08 12:46:42 -07:00
Daniel Pouzzner e51ca7941f fixes for code warned by clang-tidy:18 and cppcheck-2.11:
bugprone-inc-dec-in-conditions: examples/server/server.c:server_test(), src/internal.c:MatchDomainName(), src/x509.c:wolfSSL_X509_set_ext(), wolfcrypt/src/asn.c:MatchBaseName()

missingReturn: wolfcrypt/src/wc_port.c:mystrnstr()

bugprone-unused-return-value: wolfcrypt/src/wc_port.c:wolfSSL_NewThreadNoJoin()

clang-analyzer-deadcode.DeadStores: wolfssl/test.h:udp_accept()
2023-08-05 12:28:41 -05:00
JacobBarthelmeh 65b515aec8 Merge pull request #6655 from julek-wolfssl/threading-testing
Port testing to wolfSSL threading interface
2023-08-04 13:46:14 -06:00
Anthony Hu cec438a4e4 Add some OpenSSL compat error strings. 2023-08-04 13:26:28 -04:00
Juliusz Sosinowicz 90a6a14878 Merge pull request #6446 from JacobBarthelmeh/session 2023-08-04 11:34:59 +02:00
Juliusz Sosinowicz 67d6d438c5 Port testing to wolfSSL threading interface 2023-08-04 10:49:39 +02:00
JacobBarthelmeh 7f0cfcb27d Merge pull request #6667 from bandi13/byebyeCyaSSL
Byebye cya ssl
2023-08-03 15:43:01 -06:00
Andras Fekete a6c850d7f9 Fix CAVP errors 2023-08-03 12:05:40 -04:00
Juliusz Sosinowicz 8a9a363621 DTLS 1.3: move state machine forward when HVR received 2023-08-03 15:00:14 +02:00
Juliusz Sosinowicz 907a0201e7 Require HAVE_SECURE_RENEGOTIATION for API that perform SCR (not just indication) 2023-08-03 11:32:42 +02:00
Juliusz Sosinowicz 5a94dc961d DtlsShouldDrop: don't ignore app data sent before a SCR handshake 2023-08-03 11:32:03 +02:00
Andras Fekete b31e485dc9 Remove 'HAVE_FIPS_VERSION < 2' blocks 2023-08-02 17:08:03 -04:00
Juliusz Sosinowicz dee32247b9 Code review 2023-08-02 18:02:41 +02:00
Juliusz Sosinowicz bfe7bc0fcc Recover when the client sends a 0-length session ID when using tickets
Fixes ZD16477
2023-08-02 18:02:30 +02:00
Juliusz Sosinowicz 724fe53379 DoHelloVerifyRequest: only do DTLS 1.3 version check 2023-08-02 10:30:12 +02:00
Andras Fekete 25f542adb4 Clean up compile errors 2023-08-01 15:46:18 -04:00
JacobBarthelmeh 1468d77e50 Merge pull request #6644 from julek-wolfssl/zd/16441
TLSX_CA_Names_Parse: Verify the length of the extension
2023-07-31 16:03:23 -06:00
Juliusz Sosinowicz 854ae0dcdb Code review 2023-07-31 15:16:59 +02:00
Juliusz Sosinowicz a495bb4e7f TLSX_CA_Names_Parse: make sure to do cleanup when smallstack is on 2023-07-28 16:34:35 +02:00
Dimitri Papadopoulos 6d9c85a762 Fix typos found by codespell 2023-07-27 23:38:44 +02:00
David Garske c529b2f3aa Merge pull request #6627 from jpbland1/ocsp-nonce-usage-fix
fix bad & statement that was setting ocspSendNonce
2023-07-27 09:22:08 -07:00
Jacob Barthelmeh b16e7fd87b use Expect with test
fix for session expire check

better name for test function

rewrite test case

make new session also timeout in 1 second
2023-07-26 15:10:22 -07:00
JacobBarthelmeh 7c11c0f201 conversion warning flagged on Windows test builds 2023-07-26 13:48:33 -07:00
JacobBarthelmeh 3e5e16f1ff Merge pull request #6641 from julek-wolfssl/gh/6555
Dtls13GetRnMask: Correctly get chacha counter on BE systems
2023-07-26 11:29:39 -06:00
JacobBarthelmeh 48434f7814 Merge pull request #6653 from julek-wolfssl/kerberos-update
Updates for Kerberos 5 1.21.1
2023-07-26 11:26:57 -06:00
Juliusz Sosinowicz 4a175ba280 Updates for Kerberos 5 1.21.1
- wolfssl_ec_point_mul: fix parameters being passed into ec_mul2add
- Compile in compressed ecc key parsing for OPENSSLALL
- Improve debugging around compat layer ecc operations
- wolfSSL_BN_div: dv can be NULL
- Add spake like computation test
- Add CI krb5 testing
- Add timeouts to CI
2023-07-26 16:40:38 +02:00
Juliusz Sosinowicz 5947c9ae8c TLSX_CA_Names_Parse: Verify the length of the extension 2023-07-26 13:32:37 +02:00
Juliusz Sosinowicz 5cf42244f0 Add comment back in 2023-07-26 12:04:11 +02:00
gojimmypi 31dfdf8360 TLS SM2, SM3, SM4-CBC: hash details for SM3 2023-07-25 17:25:11 -07:00
Daniel Pouzzner cebb4da307 fixes and workarounds for cppcheck 2.11 with uninitvar checks reactivated, and legacyUninitvar suppressed globally (as before):
src/internal.c:wolfSSL_DtlsUpdateWindow(): shiftTooManyBitsSigned and integerOverflowCond (true positive, fixed);

src/ssl.c:wolfSSL_GetSessionFromCache(): autoVariables (true positive, intentional and now suppressed);

wolfcrypt/src/asn.c: several uninitvars in EccSpecifiedECDomainDecode(), wc_EccPrivateKeyDecode(), DecodeSingleResponse(), and DecodeResponseData() (false positives due to bug in cppcheck short circuit eval analysis, mitigated by refactoring && expressions to nested-if constructs that are semantically identical);

src/ssl.c:wolfSSL_GetSessionFromCache(): nullPointer (false positive due to bug in cppcheck value flow analysis, workarounded).
2023-07-25 11:31:01 -05:00
David Garske c0b4cde6df Merge pull request #6632 from jpbland1/ocsp-want-read-error
OCSP_WANT_READ mishandled re-run
2023-07-25 08:23:46 -07:00
John Bland a9c9662124 fix bad & statement that was setting ocspSendNonce
to 1 when WOLFSSL_OCSP_NO_NONCE was selected
related to but doesn't solve zd 16377
2023-07-24 16:51:10 -04:00
JacobBarthelmeh 1285ae7816 Merge pull request #6506 from DimitriPapadopoulos/codespell
Fix typos found by codespell
2023-07-24 10:34:29 -06:00
Juliusz Sosinowicz ab560aa6b8 Fix ClientHello parsing when no extensions are present 2023-07-24 09:14:21 +02:00
Juliusz Sosinowicz 56fc5bbf87 Dtls13GetRnMask: Correctly get chacha counter on BE systems
The issue was that BIG_ENDIAN is defined in endian.h (on linux). Our define is BIG_ENDIAN_ORDER.
2023-07-24 09:13:10 +02:00
JacobBarthelmeh d3202600a4 Merge pull request #6525 from lealem47/san
Improve subjectAltName extension parsing and printing
2023-07-22 08:19:54 -06:00
JacobBarthelmeh 2acc4a6dd5 Merge pull request #6561 from lealem47/zd16348
Fix for adding pkcs9 contentType entry name
2023-07-21 17:04:47 -06:00
JacobBarthelmeh c2a3f5316d Merge pull request #6591 from embhorn/zd16296
Add CRL_REPORT_LOAD_ERRORS option
2023-07-21 17:00:23 -06:00
John Bland 2e4b651b87 update tls13 to handle an OCSP_WANT_READ, update
async client test to retry connect on OCSP_WANT_READ instead of timing out
2023-07-21 16:24:59 -04:00
Lealem Amedie 0cd5a293ca Fix for parsing pkcs9_contentType 2023-07-21 13:57:45 -06:00
Lealem Amedie 4821859bbc Fix for adding pkcs9 contentType entry name 2023-07-21 13:57:45 -06:00
Kareem 4bb907522b Fix wolfSSL_SMIME_write_PKCS7 not removing NULL characters between sections. 2023-07-21 11:08:15 -07:00
Eric Blankenhorn f9cb9560c4 Add CRL_REPORT_LOAD_ERRORS option 2023-07-21 10:06:35 -05:00
Lealem Amedie ec49e6b44d Avoid clash b/n two surname entries 2023-07-19 17:10:23 -06:00
Lealem Amedie ec4527c789 address more feedback 2023-07-19 16:27:03 -06:00