Juliusz Sosinowicz
7ba00f3b84
Initialize BIO methods at compile time
2023-08-09 16:23:46 +02:00
David Garske
5b16586483
Fixes for wolfSSL conditional porting. Can cause deadlock in high usage situations. Added better signal support on MacOS. Issue created in PR #6437 .
2023-08-08 12:46:42 -07:00
Daniel Pouzzner
e51ca7941f
fixes for code warned by clang-tidy:18 and cppcheck-2.11:
...
bugprone-inc-dec-in-conditions: examples/server/server.c:server_test(), src/internal.c:MatchDomainName(), src/x509.c:wolfSSL_X509_set_ext(), wolfcrypt/src/asn.c:MatchBaseName()
missingReturn: wolfcrypt/src/wc_port.c:mystrnstr()
bugprone-unused-return-value: wolfcrypt/src/wc_port.c:wolfSSL_NewThreadNoJoin()
clang-analyzer-deadcode.DeadStores: wolfssl/test.h:udp_accept()
2023-08-05 12:28:41 -05:00
JacobBarthelmeh
65b515aec8
Merge pull request #6655 from julek-wolfssl/threading-testing
...
Port testing to wolfSSL threading interface
2023-08-04 13:46:14 -06:00
Juliusz Sosinowicz
90a6a14878
Merge pull request #6446 from JacobBarthelmeh/session
2023-08-04 11:34:59 +02:00
Juliusz Sosinowicz
67d6d438c5
Port testing to wolfSSL threading interface
2023-08-04 10:49:39 +02:00
JacobBarthelmeh
7f0cfcb27d
Merge pull request #6667 from bandi13/byebyeCyaSSL
...
Byebye cya ssl
2023-08-03 15:43:01 -06:00
Andras Fekete
a6c850d7f9
Fix CAVP errors
2023-08-03 12:05:40 -04:00
Juliusz Sosinowicz
8a9a363621
DTLS 1.3: move state machine forward when HVR received
2023-08-03 15:00:14 +02:00
Juliusz Sosinowicz
907a0201e7
Require HAVE_SECURE_RENEGOTIATION for API that perform SCR (not just indication)
2023-08-03 11:32:42 +02:00
Juliusz Sosinowicz
5a94dc961d
DtlsShouldDrop: don't ignore app data sent before a SCR handshake
2023-08-03 11:32:03 +02:00
Andras Fekete
b31e485dc9
Remove 'HAVE_FIPS_VERSION < 2' blocks
2023-08-02 17:08:03 -04:00
Juliusz Sosinowicz
dee32247b9
Code review
2023-08-02 18:02:41 +02:00
Juliusz Sosinowicz
bfe7bc0fcc
Recover when the client sends a 0-length session ID when using tickets
...
Fixes ZD16477
2023-08-02 18:02:30 +02:00
Juliusz Sosinowicz
724fe53379
DoHelloVerifyRequest: only do DTLS 1.3 version check
2023-08-02 10:30:12 +02:00
Andras Fekete
25f542adb4
Clean up compile errors
2023-08-01 15:46:18 -04:00
JacobBarthelmeh
1468d77e50
Merge pull request #6644 from julek-wolfssl/zd/16441
...
TLSX_CA_Names_Parse: Verify the length of the extension
2023-07-31 16:03:23 -06:00
Juliusz Sosinowicz
854ae0dcdb
Code review
2023-07-31 15:16:59 +02:00
Juliusz Sosinowicz
a495bb4e7f
TLSX_CA_Names_Parse: make sure to do cleanup when smallstack is on
2023-07-28 16:34:35 +02:00
Dimitri Papadopoulos
6d9c85a762
Fix typos found by codespell
2023-07-27 23:38:44 +02:00
David Garske
c529b2f3aa
Merge pull request #6627 from jpbland1/ocsp-nonce-usage-fix
...
fix bad & statement that was setting ocspSendNonce
2023-07-27 09:22:08 -07:00
Jacob Barthelmeh
b16e7fd87b
use Expect with test
...
fix for session expire check
better name for test function
rewrite test case
make new session also timeout in 1 second
2023-07-26 15:10:22 -07:00
JacobBarthelmeh
7c11c0f201
conversion warning flagged on Windows test builds
2023-07-26 13:48:33 -07:00
JacobBarthelmeh
3e5e16f1ff
Merge pull request #6641 from julek-wolfssl/gh/6555
...
Dtls13GetRnMask: Correctly get chacha counter on BE systems
2023-07-26 11:29:39 -06:00
JacobBarthelmeh
48434f7814
Merge pull request #6653 from julek-wolfssl/kerberos-update
...
Updates for Kerberos 5 1.21.1
2023-07-26 11:26:57 -06:00
Juliusz Sosinowicz
4a175ba280
Updates for Kerberos 5 1.21.1
...
- wolfssl_ec_point_mul: fix parameters being passed into ec_mul2add
- Compile in compressed ecc key parsing for OPENSSLALL
- Improve debugging around compat layer ecc operations
- wolfSSL_BN_div: dv can be NULL
- Add spake like computation test
- Add CI krb5 testing
- Add timeouts to CI
2023-07-26 16:40:38 +02:00
Juliusz Sosinowicz
5947c9ae8c
TLSX_CA_Names_Parse: Verify the length of the extension
2023-07-26 13:32:37 +02:00
Juliusz Sosinowicz
5cf42244f0
Add comment back in
2023-07-26 12:04:11 +02:00
gojimmypi
31dfdf8360
TLS SM2, SM3, SM4-CBC: hash details for SM3
2023-07-25 17:25:11 -07:00
Daniel Pouzzner
cebb4da307
fixes and workarounds for cppcheck 2.11 with uninitvar checks reactivated, and legacyUninitvar suppressed globally (as before):
...
src/internal.c:wolfSSL_DtlsUpdateWindow(): shiftTooManyBitsSigned and integerOverflowCond (true positive, fixed);
src/ssl.c:wolfSSL_GetSessionFromCache(): autoVariables (true positive, intentional and now suppressed);
wolfcrypt/src/asn.c: several uninitvars in EccSpecifiedECDomainDecode(), wc_EccPrivateKeyDecode(), DecodeSingleResponse(), and DecodeResponseData() (false positives due to bug in cppcheck short circuit eval analysis, mitigated by refactoring && expressions to nested-if constructs that are semantically identical);
src/ssl.c:wolfSSL_GetSessionFromCache(): nullPointer (false positive due to bug in cppcheck value flow analysis, workarounded).
2023-07-25 11:31:01 -05:00
David Garske
c0b4cde6df
Merge pull request #6632 from jpbland1/ocsp-want-read-error
...
OCSP_WANT_READ mishandled re-run
2023-07-25 08:23:46 -07:00
John Bland
a9c9662124
fix bad & statement that was setting ocspSendNonce
...
to 1 when WOLFSSL_OCSP_NO_NONCE was selected
related to but doesn't solve zd 16377
2023-07-24 16:51:10 -04:00
JacobBarthelmeh
1285ae7816
Merge pull request #6506 from DimitriPapadopoulos/codespell
...
Fix typos found by codespell
2023-07-24 10:34:29 -06:00
Juliusz Sosinowicz
ab560aa6b8
Fix ClientHello parsing when no extensions are present
2023-07-24 09:14:21 +02:00
Juliusz Sosinowicz
56fc5bbf87
Dtls13GetRnMask: Correctly get chacha counter on BE systems
...
The issue was that BIG_ENDIAN is defined in endian.h (on linux). Our define is BIG_ENDIAN_ORDER.
2023-07-24 09:13:10 +02:00
JacobBarthelmeh
d3202600a4
Merge pull request #6525 from lealem47/san
...
Improve subjectAltName extension parsing and printing
2023-07-22 08:19:54 -06:00
JacobBarthelmeh
2acc4a6dd5
Merge pull request #6561 from lealem47/zd16348
...
Fix for adding pkcs9 contentType entry name
2023-07-21 17:04:47 -06:00
JacobBarthelmeh
c2a3f5316d
Merge pull request #6591 from embhorn/zd16296
...
Add CRL_REPORT_LOAD_ERRORS option
2023-07-21 17:00:23 -06:00
John Bland
2e4b651b87
update tls13 to handle an OCSP_WANT_READ, update
...
async client test to retry connect on OCSP_WANT_READ instead of timing out
2023-07-21 16:24:59 -04:00
Lealem Amedie
0cd5a293ca
Fix for parsing pkcs9_contentType
2023-07-21 13:57:45 -06:00
Lealem Amedie
4821859bbc
Fix for adding pkcs9 contentType entry name
2023-07-21 13:57:45 -06:00
Kareem
4bb907522b
Fix wolfSSL_SMIME_write_PKCS7 not removing NULL characters between sections.
2023-07-21 11:08:15 -07:00
Eric Blankenhorn
f9cb9560c4
Add CRL_REPORT_LOAD_ERRORS option
2023-07-21 10:06:35 -05:00
Lealem Amedie
ec49e6b44d
Avoid clash b/n two surname entries
2023-07-19 17:10:23 -06:00
Lealem Amedie
ec4527c789
address more feedback
2023-07-19 16:27:03 -06:00
Lealem Amedie
16058ce168
Address review comments
2023-07-19 12:01:01 -06:00
JacobBarthelmeh
8065ba18f9
Merge pull request #6620 from douzzer/20230714-WC_DO_NOTHING
...
20230714-WC_DO_NOTHING
2023-07-18 17:04:02 -06:00
John Bland
9ea681030f
change conditional compile to use WOLFSSL_NONBLOCK_OCSP
...
instead of HAVE_OCSP
2023-07-18 17:56:43 -04:00
John Bland
e12f1f44b4
make OCSP error entry conditional to cut down on size
2023-07-18 14:55:16 -04:00
John Bland
7ee38350c0
undo supressing the OCSP_WANT_READ error, instead
...
add it to the list of non-fatal errors so that a socket close alert wont be sent out but the caller still won't block and will instead get OCSP_WANT_READ as an error back from wolfSSL_connect
2023-07-18 14:05:16 -04:00