8eaa85e412
update copyright year to 2022
2022-07-19 10:44:31 -06:00
8b904e9082
Fix for build with NO_TLS
2022-07-19 11:12:18 -05:00
e7303d697b
Fix wolfSSL_Init error handling
2022-07-15 09:30:30 -05:00
a1b7c29309
Make wolfSSL_(get|set)_options available outside compat layer.
...
Also make wolfSSL_CTX_get_options available.
2022-07-14 16:03:58 -07:00
f6c4e295b1
add more subject name support and expande REQ attributes creation support
2022-07-13 22:02:49 -07:00
5dcb1ba21f
remove carriage return from CONF strings
2022-07-13 22:02:49 -07:00
ccc5952369
global fixup to check or explicitly ignore return values from failable library/system calls that weren't already being checked;
...
add wolfCrypt error codes IO_FAILED_E "Input/output failure" and SYSLIB_FAILED_E "System/library call failed";
tests/api.c and tests/unit.c: flush stdout for error message in Fail() macro, add fflush(stdout) after printf()s, print success message at end of unit_test(), and send several error messages to stderr instead of stdout;
wolfcrypt/test/test.c: add fallthrough macro definition of printf() that pairs it with fflush(stdout);
unit.h: in definition of macro AssertPtr(), add PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"");
sp_int.c: refactor several lingering instances of "if (0) { ... }" code pattern to #if 0 ... #endif.
2022-07-11 22:28:09 -05:00
34c576d2a7
Fixes for possible NULL dereference for heap hint in pk.c Fix typo in api.c test for dynamic type.
2022-07-11 14:41:11 -07:00
032d59b077
adjust sizeof type for getsockopt argument
2022-07-11 07:10:11 -07:00
7379e377ab
cast for g++ warning
2022-07-08 15:11:29 -07:00
720030b5a9
Improvements to error handling for AddSessionToClientCache.
2022-07-08 09:06:51 -07:00
3d124c093e
Fix PK function name in log. Remove the ECC logging (spams benchmark with --enable-debug).
2022-07-08 09:06:08 -07:00
f7595cc77d
Merge pull request #5338 from julek-wolfssl/tcp-sendto
...
sendto can't specify addr on a TCP socket
2022-07-08 09:39:39 -06:00
251642a44a
sendto can't specify addr on a TCP socket
...
From the man page
If sendto() is used on a connection-mode (SOCK_STREAM, SOCK_SEQPACKET) socket, the arguments dest_addr and
addrlen are ignored (and the error EISCONN may be returned when they are not NULL and 0), and the error
ENOTCONN is returned when the socket was not actually connected.
2022-07-08 12:14:23 +02:00
b952c2f777
src/internal.c: add codepath in _DtlsUpdateWindowGTSeq() to avoid a word32 overshift.
2022-07-07 19:36:20 -05:00
4e1e1e922a
Merge pull request #5278 from ejohnstown/dtls-seq
...
Refactor DTLS Window Update (Fix #5211 )
2022-07-07 10:22:21 -07:00
e295328436
Fix window handling around word32 boundary
2022-07-07 17:37:10 +02:00
644050a736
Merge pull request #5329 from douzzer/20220706-fips-and-aarch64-fixes
...
20220706-fips-and-aarch64-fixes
2022-07-06 18:39:38 -07:00
8f3449ffea
Refactor DTLS Window Update ( Fix #5211 )
...
1. Rename _DtlsUpdateWindow() as wolfSSL_Dtls_UpdateWindow() and make
it public so it may be tested.
2. Rename the internal functions DtlsWindowUpdate(), DtlsWindowCheck(),
and DtlsUpdateWindowGTSeq() as _DtlsWindowUpdate() and
_DtlsWindowCheck(), and _DtlsUpdateWindowGTSeq().
3. When updating the DTLS sequence window, and the next sequence
number (lo) wraps to zero, increment the next sequence number (hi)
by 1.
4. Fix an off-by-one error that wrapped around when saving the
packet sequence number in the bit-field window.
5. Adding a test for wolfSSL_DtlsUpdateWindow() function. With many test
cases. It is set up in a table format with running check values.
6. Change location of incrementing the difference when calculating the
location for setting the bit.
7. Updated the check of the sequence difference in the GT scenario.
8. In the DTLS window update functions remove newDiff and just use diff.
9. Handle the cases where the DTLS window crosses the high order word
sequence number change.
10. Add a debug option to print out the state of the DTLS sequence number
window.
2022-07-06 18:20:06 -07:00
eff4fe398b
src/include.am: fix gating around sha* and BUILD_ARMASM, to avoid empty-translation-unit warnings for sha{256,512}.c on armasm builds.
2022-07-06 17:37:43 -05:00
44a49aeefa
Fix potentially uninitialized variables in Dtls13SetRecordNumberKeys.
2022-07-06 13:45:15 -07:00
c8f5bd3d61
Fix storage of SendBuffered's return code in wolfSSL_Connect. Store in ret initially, only store in ssl->error if there's an error. This matches the logic in wolfSSL_accept.
2022-07-06 12:09:47 -07:00
b2d1bf96ed
Merge pull request #5276 from rizlik/dtls13_client_downgrade
...
Dtls: improve version negotiation
2022-07-06 11:57:53 -07:00
a7fa7875e4
Merge pull request #5244 from julek-wolfssl/wpas-dpp
...
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
2022-07-06 11:35:52 -07:00
df7e81d187
dtls: support version negotiation
2022-07-06 16:18:44 +02:00
8fe3f51ecb
dtls13: client: recompute transcript hash on downgrade
...
If a lower version is negotiated, the transcript hash must be recomputed using
the <= v1.2 rules.
2022-07-06 16:18:44 +02:00
5d74c49ecb
dtls13: allow processing of HelloVerifyRequest to support downgrade
...
HelloVerifyRequest is used in DTLSv1.2 to perform a return routability check, so
it can be the legitim reply from a DTLSv1.2 server to a ClientHello.
2022-07-06 16:18:44 +02:00
9b085a44be
sessionSecretCb should only be called when a ticket is present
2022-07-06 15:08:57 +02:00
63b4c475d4
wolfSSL_set_session_secret_cb: fix for NULL input
2022-07-06 14:23:08 +02:00
ef73409fd4
TLSX_COOKIE is only defined with WOLFSSL_SEND_HRR_COOKIE
2022-07-06 10:04:15 +02:00
9a256ca002
Merge pull request #5288 from haydenroche5/openldap
...
Add --enable-openldap option to configure.ac.
2022-07-05 16:04:51 -07:00
08488b0fae
Merge pull request #5318 from embhorn/gh5314
...
Fix typos and bad macro names
2022-07-05 12:34:35 -07:00
f5a5d4ada5
Enhance OpenLDAP support.
...
- Add --enable-openldap to configure.ac
- Fix some issues around subject alt names and the WOLFSSL_GENERAL_NAME struct.
2022-07-05 10:40:07 -07:00
394f36a0d7
Fix typos and bad macro names
2022-07-05 10:31:11 -05:00
20e5c98b2c
Error out when server indicates resumption but does full handshake
2022-07-05 09:42:39 +02:00
fd7bf8d04d
Do resuming check as soon as we get a non-resumption msg
2022-07-05 08:49:00 +02:00
10c8a1668e
Reset cookie when resetting DTLS 1.3 state
2022-07-04 12:52:25 +02:00
a8adde66c8
Use wc_HmacInit and wc_HmacFree in cookie logic
2022-07-04 12:51:50 +02:00
00391a5ace
Rename callback to wolfDTLS_SetChGoodCb and add doxygen for it. Clarify DTLS_CTX.connected. Fix build errors for ./configure --enable-dtls --enable-dtls13 --disable-examples CFLAGS="-DNO_WOLFSSL_SERVER".
2022-07-04 11:08:39 +02:00
7ea13bf5bf
Apply connected to sendto and address code review
2022-07-04 11:08:39 +02:00
dd7073740b
DTLS 1.3: tie cookie to peer address
2022-07-04 11:08:39 +02:00
afdd5648aa
Address code review
2022-07-04 11:08:39 +02:00
d72edd03b8
dtls: wolfSSL_set_dtls_fd_connected
...
wolfSSL_set_dtls_fd_connected sets the connected socket file descriptor. This descriptor should be called without addr and addr_len.
2022-07-04 11:08:39 +02:00
c6aa4fc526
DTLS 1.3: allow the server to operate without maintaining state
2022-07-04 11:08:39 +02:00
8fb48464e3
Add callback when we parse a verified ClientHello
2022-07-04 11:08:39 +02:00
7b9c214b3c
Merge pull request #4985 from kareem-wolfssl/iarWarningsFix
...
Fix compilation warnings from IAR.
2022-07-04 08:23:26 +10:00
96aedc2f47
Fix SetCurve max sizes. Add fix for potentially uninitialized type in ProcessReplyEx.
2022-07-01 13:18:33 -07:00
bd75e1d6a4
Merge pull request #5307 from kareem-wolfssl/miscfixes2
...
Fix a couple of STM32 bugs, and add some missing mutex frees.
2022-07-01 09:46:22 -07:00
0459e83a59
Merge pull request #5310 from SparkiDev/memusage_fix_1
...
TLS memusage: reduce usage
2022-07-01 09:13:05 -07:00
7d58dc5678
TLS memusage: reduce usage
...
Reduce the amount allocated to reduce maximum overall dynamic memory
usage.
Rework ServerKeyExchange by extracting the handling of the signed data.
2022-07-01 14:24:59 +10:00
Jacob Barthelmeh
Eric Blankenhorn
Hayden Roche
Daniel Pouzzner
David Garske
Juliusz Sosinowicz
John Safranek
Kareem
Marco Oliverio
Sean Parkinson