wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 00:09:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,049 Commits 12 Branches 184 Tags
6b1e3003fb43027e3fc72e17e99f3f17334297fe
Commit Graph

6173 Commits

Author SHA1 Message Date
David Garske
6b1e3003fb Merge pull request #5142 from SparkiDev/ssl_move_pk 
ssl.c rework
 2022-05-13 12:56:14 -07:00
David Garske
1a57e3065a Small cleanups. Missing (void), spelling and formatting. Also fixes for variations of 25519/448 build. 2022-05-13 09:24:59 -07:00
Sean Parkinson
852d5169d4 ssl.c rework 
Move the public key APIs out of ssl.c and into pk.c.
(RSA, DSA, DH and EC)
 2022-05-13 11:12:44 +10:00
Sean Parkinson
eea537e5ea Merge pull request #5124 from kaleb-himes/WIN_MULTICONFIG 
Address issues ID'd by new windows multi-config test
 2022-05-13 09:39:15 +10:00
Sean Parkinson
6aaee73585 Merge pull request #5133 from rizlik/cookie_keyshare_fix 
tls13: fix cookie has keyShare information check
 2022-05-13 08:01:59 +10:00
Sean Parkinson
d1308fcdfc Merge pull request #5122 from rizlik/tls13_pad_calc 
internal.c: fix pad-size when more records are received at once
 2022-05-13 07:59:36 +10:00
Daniel Pouzzner
c4920021d8 print errors to stderr, not stdout; 
fix whitespace in internal.c;

add missing error handling in examples/server/server.c around recvfrom().
 2022-05-12 13:07:32 -05:00
John Safranek
2cf87a8049 Merge pull request #5084 from julek-wolfssl/zd14101-dtls-want-write 
DTLS fixes with WANT_WRITE simulations
 2022-05-12 09:36:40 -07:00
David Garske
05ce8329c9 Merge pull request #5067 from miyazakh/compat_altcertchain 
"veify ok" if alternate cert chain mode is used
 2022-05-12 08:54:51 -07:00
David Garske
7a95be1a97 Merge pull request #5126 from JacobBarthelmeh/crl 
do not error out on CRL next date if using NO_VERIFY
 2022-05-12 08:44:29 -07:00
Juliusz Sosinowicz
9914da3046 Fix resumption failure and use range in connect state logic 2022-05-12 15:46:08 +02:00
Juliusz Sosinowicz
a31b76878f DTLS fixes with WANT_WRITE simulations 
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
 2022-05-12 15:46:08 +02:00
Marco Oliverio
829e9f5277 tls13: fix cookie has keyShare information check 
Fix the check to see if the cookie has key_share information or not (needed to
reconstruct the HelloRetryRequest). At the moment, it looks like we never send a
cookie without KeyShare extension. Indeed the HelloRetryRequest is sent only
because the client didn't provide a good KeyShareEntry in the first
ClientHello. When we will support DTLSv1.3, the HelloRetryRequest will be used
as a return-routability check and it may be sent without the KeyShare extension.
 2022-05-12 12:10:58 +02:00
Hideki Miyazaki
5d93a48ddf veify ok if alternate cert chain mode for verifyCallback 2022-05-12 06:15:18 +09:00
Daniel Pouzzner
9fbb4a923f src/internal.c:GetCipherKeaStr(): allow "ECDH" (in addition to "ECDHE") as a suite clause that maps to KEA "ECDH". 2022-05-10 15:12:00 -05:00
Daniel Pouzzner
77fa0ccb82 src/tls.c:BuildTlsFinished(): work around false positive -Wmaybe-uninitialized. 2022-05-10 15:10:23 -05:00
Jacob Barthelmeh
531120131a do not error out on CRL next date if using NO_VERIFY 2022-05-10 14:00:21 -06:00
Daniel Pouzzner
26673a0f28 where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; 
add macro XSTRCASECMP();

update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
 2022-05-10 12:20:12 -05:00
Marco Oliverio
f06ac9965c internal.c: fix: plaintext check account for the current record only 2022-05-10 13:12:09 +02:00
Marco Oliverio
db23d8a0cf internal.c: don't skip records if we don't process early-data 
If we don't process early data, we want to skip only the current record and not
all the received data
 2022-05-10 13:04:43 +02:00
Marco Oliverio
445c1e6ceb internal.c: don't check TLS13 plaintext limit twice 
Plaintext size is checked before decryption in TLS 1.3
 2022-05-10 12:51:50 +02:00
kaleb-himes
d5f7beefd4 Address issues ID'd by new windows multi-config test 2022-05-09 16:50:56 -06:00
Marco Oliverio
0c7e9a0104 internal.c: fix pad-size when more records are received at once 
don't consider the end of the record the end of received data as more records
may be read at once when DTLS will be supported.
 2022-05-09 11:00:31 +02:00
Sean Parkinson
59fdf05155 Merge pull request #5111 from kaleb-himes/ABI-check-test-rev2 
Refactor wolfSSL_ASN1_TIME_adj to use GetFormattedTimeString (new API)
 2022-05-09 09:15:57 +10:00
David Garske
421f54e60a Merge pull request #5118 from douzzer/20220405-declaration-after-statement 
20220405 declaration after statement
 2022-05-06 16:16:52 -07:00
David Garske
36877d78b4 Merge pull request #5078 from julek-wolfssl/wpas-tls13 
Clean up wolfSSL_clear() and add some more logging
 2022-05-06 11:45:43 -07:00
Daniel Pouzzner
99b44f15ef fix various -Wdeclaration-after-statement, with and without --enable-smallstack. 2022-05-06 13:34:32 -05:00
David Garske
3e774be88c Minor text and formatting cleanups. 2022-05-06 11:01:40 -07:00
kaleb-himes
ef89e2e637 Rename utc_str[_buf] -> time_str[_buf] (semantic change) 2022-05-06 08:18:14 -06:00
Juliusz Sosinowicz
7e9896d162 Only clear session when we didn't complete a handshake 
- Allow overriding buffer size with `WOLFSSL_MSG_EX_BUF_SZ`
- Allow disabling `WOLFSSL_MSG_EX` by defining `NO_WOLFSSL_MSG_EX`
 2022-05-06 12:35:49 +02:00
kaleb-himes
ecf449dfe0 Refactor wolfSSL_ASN1_TIME_adj to use GetUnformattedTimeString (new API) 2022-05-05 16:25:25 -06:00
David Garske
5f539b3921 Improve the sniffer asynchronous test case to support multiple concurrent streams. 2022-05-03 16:43:15 -07:00
David Garske
628a91efda Fix for size calculation for encrypt then mac without openssl extra enabled. Fix for cast warning. 2022-05-02 17:11:48 -06:00
Jacob Barthelmeh
38c01b9d9f fix for infer diff report 2022-04-29 10:34:38 -06:00
JacobBarthelmeh
df4dd7d5b3 Merge pull request #5088 from dgarske/sniffer_async_2 
Fix to properly trap errors in sniffer (broken after async additions)
 2022-04-28 09:47:05 -06:00
David Garske
277d6dc5dd Fix minor clang-tidy warnings for async. 2022-04-27 10:22:19 -07:00
David Garske
8bf228d346 Merge pull request #5083 from SparkiDev/d2i_ecpriv_der 
d2i_ECPrivateKey() takes DER encoded data
 2022-04-27 09:32:04 -07:00
David Garske
fbc2ccca1e Fix to properly trap errors in sniffer SetupKeys after async changes. Fix minor scan-build warnings. 2022-04-27 08:28:36 -07:00
Sean Parkinson
f86f4a8ca0 d2i_ECPrivateKey() takes DER encoded data 
Code was incorrectly using data as a private key instead of DER
decoding.
Fixed i2d_EcPrivateKey() to output DER encoded data.
 2022-04-27 09:39:50 +10:00
David Garske
cbc27f7de4 Merge pull request #5085 from douzzer/20220426-multi-test 
20220426 multi-test fixups
 2022-04-26 11:15:59 -07:00
John Safranek
7436a41bc7 Merge pull request #5046 from SparkiDev/cppcheck_fixes_8 
cppcheck: fixes
 2022-04-26 10:37:42 -07:00
John Safranek
7e8598f75b Merge pull request #5081 from dgarske/sniffer_decrypt 
Restore sniffer internal decrypt function. This allows decrypting TLS…
 2022-04-26 09:37:32 -07:00
Daniel Pouzzner
e6d267ef16 src/ssl.c wolSSL_DH_new_by_nid(): fix cppcheck nullPointer report. 2022-04-26 09:58:07 -05:00
Sean Parkinson
8737d46bb1 Merge pull request #5018 from haydenroche5/libspdm 
Make changes to compatibility layer to support libspdm.
 2022-04-26 09:55:22 +10:00
Sean Parkinson
d362b6dd08 Merge pull request #5033 from haydenroche5/ec_key_print_fp 
Add wolfSSL_EC_KEY_print_fp to compat layer.
 2022-04-26 09:51:37 +10:00
David Garske
273ed1df76 Restore sniffer internal decrypt function. This allows decrypting TLS v1.2 traffic ignoring AEAD errors. 2022-04-25 16:28:09 -07:00
Sean Parkinson
20e5e654a3 cppcheck: fixes 
CBIORecv/Send are only assigned once.
IOCB_ReadCtx/WriteCtx only assigned once.
BuildMessage checks output and input wiht sizeOnly every call - state
machine doesn't cache these.
Renamed alias_tbl variables to something unique.
Other cppcheck fixes.
Also reworked pem_read_bio_key().
 2022-04-26 09:26:41 +10:00
Masashi Honma
3ab5ccd04f Add support for EVP_PKEY_sign/verify functionality (#5056) 
* Fix wolfSSL_RSA_public_decrypt() return value to match Openssl
* Add support for EVP_PKEY_verify_init() and EVP_PKEY_verify()
* wpa_supplicant SAE public key functionality requires this function.
* Add DSA support for EVP_PKEY_sign/verify()
* Add ECDSA support for EVP_PKEY_sign/verify()
* Add tests for EVP_PKEY_sign_verify()
* Fix "siglen = keySz" at error cases
* Fix wolfSSL_DSA_do_sign() usage
1. Check wolfSSL_BN_num_bytes() return value
2. Check siglen size
3. Double the siglen
* Check return code of wolfSSL_i2d_ECDSA_SIG() in wolfSSL_EVP_DigestSignFinal()
* Add size calculations to `wolfSSL_EVP_PKEY_sign`
* Add size checks to wolfSSL_EVP_PKEY_sign before writing out signature
* Use wc_ecc_sig_size() to calculate ECC signature size
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
 2022-04-25 14:19:56 -07:00
Juliusz Sosinowicz
4013f83e4f Add some missing logs and implement WOLFSSL_MSG_EX() 
WOLFSSL_MSG_EX() uses XVSNPRINTF to allow for formatted strings to be printed. It uses a 100 byte internal stack buffer to format the log message.
 2022-04-25 15:59:07 +02:00
David Garske
4ecf3545d7 Improve scan-build fix for ProcessPeerCertParse checking of empty dCert. With WOLFSSL_SMALL_CERT_VERIFY it is NULL. 2022-04-22 16:07:24 -07:00