wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 22:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,332 Commits 12 Branches 184 Tags
5f0d85adb5175e87bd2eb90afb5bb4bec896cb34
Commit Graph

6658 Commits

Author SHA1 Message Date
Hayden Roche
5f0d85adb5 Merge pull request #5666 from per-allansson/windows-wolfio-connect-timeout-bug 2022-10-11 07:42:46 -07:00
Juliusz Sosinowicz
b1f97c6bc0 Merge pull request #5652 from rizlik/send_alert_on_version_mismatch 2022-10-10 11:16:11 +02:00
Hayden Roche
12bfa24ecc Merge pull request #5559 from tmael/crl_bs_p 2022-10-09 09:45:49 -07:00
Hayden Roche
47ccd924c2 Merge pull request #5657 from julek-wolfssl/dtls-1.2-stateless 2022-10-09 09:31:07 -07:00
Tesfa Mael
5704c83f78 Unused param 2022-10-07 12:24:52 -07:00
Tesfa Mael
e4da4f60d9 Implemented suggested changes 2022-10-07 11:24:09 -07:00
Tesfa Mael
a738927846 Add CRL binary search, CRL_STATIC_REVOKED_LIST 2022-10-07 11:24:09 -07:00
John Safranek
b4e5ee3f6b Merge pull request #5672 from SparkiDev/kyber_inc_fix 
Kyber: only include source when not FIPS
 2022-10-07 08:39:54 -07:00
Hayden Roche
5c85c8e128 Merge pull request #5658 from philljj/fix_wolfSSL_sk_X509_new 2022-10-06 17:18:03 -07:00
Sean Parkinson
be41af6527 Kyber: only include source when not FIPS 2022-10-07 08:33:05 +10:00
jordan
8ff6dc2a9a clean up wolfSSL_sk_X509_new 2022-10-06 14:13:30 -05:00
Juliusz Sosinowicz
7f42792616 DTLS 1.2: Test stateless server connection 2022-10-06 18:53:13 +02:00
Per Allansson
68dc01e7b7 fix bug with wolfIO_TcpConnect not working with timeout 
- non-blocking connect() on Windows returns SOCKET_ERROR + WSAEWOULDBLOCK
- the check for fd against FD_SETSIZE is wrong (and not needed) on Windows
 2022-10-06 14:14:33 +02:00
jordan
2bd3814953 fix failed Visual Studio Build Test 2022-10-05 15:08:08 -05:00
Marco Oliverio
a7a7a25ab0 ssl: move wolfSSL_GetSide outside ATOMIC_USER guard 2022-10-05 20:29:23 +02:00
Marco Oliverio
de6187f599 tls: send protocol_version fatal alert on version mismatch 
see rfc5246 Appendix E
 2022-10-05 20:29:23 +02:00
Hayden Roche
6f4af1581b Merge pull request #5650 from SparkiDev/aes_x86_asm 2022-10-04 16:40:02 -07:00
Hayden Roche
79d9bc376f Merge pull request #5631 from dgarske/smallstack 2022-10-04 14:39:17 -07:00
Sean Parkinson
66ce7635b9 AES x86 ASM: new assembly 
Added new x86 assembly for AES.
AES-CBC decrypt only 4 blocks at a time (not 6 or 8) due to reduces
register count.
GCM implementation for AVX2, AVX1 and AESNI only.
Disabled looking for other assembly files for x86.
 2022-10-05 07:34:42 +10:00
jordan
984649eeac Correct wolfSSL_sk_X509_new in OpenSSL compatible API 2022-10-04 15:20:32 -05:00
Juliusz Sosinowicz
354cd2ed50 DTLS 1.2: Reset state when sending HelloVerifyRequest 2022-10-04 16:22:59 +02:00
David Garske
09f4a94b24 Fixes for small stack in TLS v1.3, HKDF and SHA2. Add new WC_ASN_HASH_SHA256 build option to allow forcing SHA2-256 for the internal certificate calculations. Fixes for integer.c with small stack (allocate only the size needed, not the max). 2022-10-03 12:52:11 -07:00
David Garske
f9506dc05a Add small stack to DoClientHello Suites (360 bytes). Add small stack for DRBG health test. Refactor of the small stack into its own header, to allow easier use in other files. Minor build fixes. 2022-09-30 14:06:31 -07:00
jordan
0f66c90b54 implement sk_X509_shift for zd 14898 2022-09-29 23:04:31 -05:00
David Garske
bba3193f9c Merge pull request #5595 from haydenroche5/async_ticket_dec_fix 
Handle WC_PENDING_E from ticketEncCb in DoClientTicket properly.
 2022-09-29 14:41:35 -07:00
David Garske
26f01168b5 Merge pull request #5645 from rizlik/fix_bad_heap_hint 
fix: tls13: fix wrong heap hint argument of XFREE
 2022-09-29 13:06:31 -07:00
David Garske
ab44c89ab4 Merge pull request #5626 from haydenroche5/load_system_root_certs 
Add a function to load system CA certs into a WOLFSSL_CTX.
 2022-09-29 11:03:26 -07:00
David Garske
a5a9ab96e6 Merge pull request #5524 from rizlik/protocol_version_alerts 
Dtls13: improvements
 2022-09-29 10:59:06 -07:00
Marco Oliverio
32eca32c97 fix: tls13: fix wrong heap hint argument of XFREE 2022-09-29 17:56:59 +02:00
Sean Parkinson
754d274d8c Merge pull request #5593 from rizlik/ticket_nonce_size 
tls13: support ticketNonce with size bigger than MAX_TICKET_NONCE_SZ
 2022-09-29 08:11:22 +10:00
Marco Oliverio
56d6087749 tls13: support ticketNonce bigger than MAX_TICKET_NONCE_SZ 
to enable it, use WOLFSSL_TICKET_NONCE_MALLOC define
 2022-09-28 19:54:14 +02:00
Marco Oliverio
aa5d074d23 dtls13: abide g++ compiler errors 
```
src/tls13.c:5330:72: error: invalid conversion from 'void*' to 'const byte*' {aka 'const unsigned char*'} [-fpermissive]
 5330 |             ret = wc_HmacUpdate(&cookieHmac, ssl->buffers.dtlsCtx.peer.sa,
      |                                              ~~~~~~~~~~~~~~~~~~~~~~~~~~^~
      |                                                                        |
      |                                                                        void*
./wolfssl/wolfcrypt/hmac.h:191:55: note:   initializing argument 2 of 'int wc_HmacUpdate(Hmac*, const byte*, word32)'
  191 | WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz);
```
 2022-09-28 18:42:39 +02:00
Juliusz Sosinowicz
d8e10d8ef4 DTLS 1.3: Always reset state on HRR 2022-09-28 18:42:39 +02:00
Juliusz Sosinowicz
c72d315325 DTLS 1.3: Don't add HRR to ssl->dtls13Rtx 
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2022-09-28 18:42:38 +02:00
Juliusz Sosinowicz
145086f776 DTLS 1.3: Clear ssl->dtls13SendingAckOrRtx in ssl.c 2022-09-28 18:42:38 +02:00
Marco Oliverio
b3ecdd2ecb dtls13: support stateless cookie exchange on blocking socket 2022-09-28 18:42:38 +02:00
Marco Oliverio
0b525a52c4 tls13: send protocol_version alert on failed version negotiation 2022-09-28 18:42:38 +02:00
Marco Oliverio
88ec118e89 dtls13: drop unencrypted messages after epoch 1 2022-09-28 18:42:38 +02:00
Marco Oliverio
400671dc7c dtls: drop non-handshake messages before cookie exchange 2022-09-28 18:42:38 +02:00
Hayden Roche
8cae05348c Add a function to load system CA certs into a WOLFSSL_CTX. 
This new function, wolfSSL_CTX_load_system_CA_certs, currently only supports
Linux-based OS's. It searches through conventional CA directories and once it
finds one, attempts to load CA certs from it. After the first directory is
found, we don't check the others.

This commit also adds a function wolfSSL_get_system_CA_dirs, which returns a
pointer to an array of directories where wolfSSL_CTX_load_system_CA_certs will
look for CA certs. This is used in a unit test, where we only want to expect
success if one of these directories actually exists on the test system.

Finally, this commit adds support for SSL_CTX_set_default_verify_paths to the
compatibility layer. It doesn't model the exact behavior of its OpenSSL
counterpart; it's mostly a wrapper around wolfSSL_CTX_load_system_CA_certs,
manipulating the return value of that function to conform to OpenSSL's
conventions.
 2022-09-28 08:50:46 -07:00
John Safranek
9d9fa0132e Merge pull request #5622 from lealem47/sniffer_sequence 
Fix for sniffer to decode out of order packets
 2022-09-26 07:53:00 -07:00
John Safranek
b4077d80c9 Merge pull request #5620 from JacobBarthelmeh/Certs 
fix for return value of x509 print
 2022-09-25 19:32:52 -07:00
Daniel Pouzzner
f80fb7f1aa Merge pull request #5625 from dgarske/esp32_cleanups 
Fixes for various build configurations
 2022-09-23 20:46:44 -05:00
David Garske
2421727b1c Merge pull request #5441 from kareem-wolfssl/quietShutdown 
Make wolfSSL quiet_shutdown functions available when using OPENSSL_EXTRA_X509_SMALL.
 2022-09-23 14:40:29 -07:00
David Garske
606f58a851 Spelling and whitespace cleanups. 2022-09-23 13:58:58 -07:00
David Garske
7970d5d794 Merge pull request #5152 from SparkiDev/armv7a_neon_asm 
ARM ASM: ARMv7a with NEON instructions
 2022-09-23 08:46:03 -07:00
Lealem Amedie
a322e09150 Fix for sniffer to decode out of order packets 2022-09-22 15:12:51 -07:00
Jacob Barthelmeh
39815a53fa fix for return value of x509 print 2022-09-22 14:09:50 -06:00
John Safranek
f271bef7b5 Merge pull request #5618 from lealem47/dc 
Fix for incorrect DN NID and confusion with DC
 2022-09-21 15:00:25 -07:00
Lealem Amedie
f177d9364a Fix for incorrect DN NID and confusion with DC 2022-09-21 13:11:12 -07:00