wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 12:22:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,528 Commits 12 Branches 184 Tags
82b1dc0cd07e5bf466b14bbc94d6e72dd2ef2d36
Commit Graph

17528 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
82b1dc0cd0 wolfcrypt/src/asn.c: move final return in DecodeECC_DSA_Sig() outside the NO_STRICT_ECDSA_LEN gate, to avoid no-return-from-non-void. 2022-07-06 17:39:59 -05:00
Daniel Pouzzner
eff4fe398b src/include.am: fix gating around sha* and BUILD_ARMASM, to avoid empty-translation-unit warnings for sha{256,512}.c on armasm builds. 2022-07-06 17:37:43 -05:00
Daniel Pouzzner
7c49449a79 wolfcrypt/src/port/arm/armv8-sha512.c: gate out Sha512_Family_GetHash() in builds that have 224 and 256 bit hashes gated out, to fix unused function warning. 2022-07-06 17:35:15 -05:00
Daniel Pouzzner
6b6abfac54 examples/client/client.c: remove break after err_sys() to mollify clang-tidy unreachable-break sensor. 2022-07-06 17:32:26 -05:00
Daniel Pouzzner
19106a9510 configure.ac and tests/api.c: lock out compkey on FIPS 140-3 RC12 and ready, and add backward-compat code in test_wc_ecc_export_x963_ex() to allow RC12 compkey builds to pass unit.test. 2022-07-06 17:31:56 -05:00
David Garske
b2d1bf96ed Merge pull request #5276 from rizlik/dtls13_client_downgrade 
Dtls: improve version negotiation
 2022-07-06 11:57:53 -07:00
David Garske
a7fa7875e4 Merge pull request #5244 from julek-wolfssl/wpas-dpp 
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
 2022-07-06 11:35:52 -07:00
David Garske
e92034cf6f Merge pull request #5274 from JacobBarthelmeh/Certs 
remove subject/issuer email from altEmailNames list
 2022-07-06 10:48:21 -07:00
Jacob Barthelmeh
711b2bb17a add a test case 2022-07-06 09:39:03 -06:00
David Garske
a171bebba4 Fix the wc_EccPublicKeyToDer_ex doxy. 2022-07-06 07:58:18 -07:00
Marco Oliverio
3abffc3a3c doc: add documentation for wolfDTLS[v1_3]_*_method() 2022-07-06 16:18:44 +02:00
Marco Oliverio
683adb5917 tests: add dtls downgrade tests 2022-07-06 16:18:44 +02:00
Marco Oliverio
fd4836772b examples: support DTLS version downgrading 2022-07-06 16:18:44 +02:00
Marco Oliverio
df7e81d187 dtls: support version negotiation 2022-07-06 16:18:44 +02:00
Marco Oliverio
8fe3f51ecb dtls13: client: recompute transcript hash on downgrade 
If a lower version is negotiated, the transcript hash must be recomputed using
the <= v1.2 rules.
 2022-07-06 16:18:44 +02:00
Marco Oliverio
5d74c49ecb dtls13: allow processing of HelloVerifyRequest to support downgrade 
HelloVerifyRequest is used in DTLSv1.2 to perform a return routability check, so
it can be the legitim reply from a DTLSv1.2 server to a ClientHello.
 2022-07-06 16:18:44 +02:00
David Garske
ec8149cd69 Merge pull request #5324 from julek-wolfssl/dtls13-hrr-fix 
TLSX_COOKIE is only defined with WOLFSSL_SEND_HRR_COOKIE
 2022-07-06 06:56:25 -07:00
Juliusz Sosinowicz
9b085a44be sessionSecretCb should only be called when a ticket is present 2022-07-06 15:08:57 +02:00
Juliusz Sosinowicz
63b4c475d4 wolfSSL_set_session_secret_cb: fix for NULL input 2022-07-06 14:23:08 +02:00
Juliusz Sosinowicz
39e53c2b7c Add wc_EccPublicKeyToDer_ex doxygen entry 2022-07-06 11:59:29 +02:00
Juliusz Sosinowicz
ef73409fd4 TLSX_COOKIE is only defined with WOLFSSL_SEND_HRR_COOKIE 2022-07-06 10:04:15 +02:00
Jacob Barthelmeh
ff6edbff94 refactor name constraint checks 2022-07-05 17:20:50 -06:00
David Garske
9a256ca002 Merge pull request #5288 from haydenroche5/openldap 
Add --enable-openldap option to configure.ac.
 2022-07-05 16:04:51 -07:00
David Garske
4376ade9c8 Merge pull request #5123 from fabiankeil/configure-amd64-support 
configure: Improve defaults for 64-bit BSDs
 2022-07-05 13:52:02 -07:00
David Garske
08488b0fae Merge pull request #5318 from embhorn/gh5314 
Fix typos and bad macro names
 2022-07-05 12:34:35 -07:00
Hayden Roche
f5a5d4ada5 Enhance OpenLDAP support. 
- Add --enable-openldap to configure.ac
- Fix some issues around subject alt names and the WOLFSSL_GENERAL_NAME struct.
 2022-07-05 10:40:07 -07:00
Fabian Keil
eb9a9ceef8 configure: Improve defaults for 64-bit BSDs 
... by consistently treating host cpu "amd64" like host cpu "x86_64".

Tested on ElectroBSD amd64.
 2022-07-05 19:37:31 +02:00
John Safranek
ded3f4e9b6 Merge pull request #5284 from julek-wolfssl/dtls-good-ch-cb 
DTLS 1.3: additions for event driven server in wolfssl-examples
 2022-07-05 10:14:59 -07:00
David Garske
1c009e8f91 Merge pull request #5311 from SparkiDev/ed_check_pubkey 
Ed25519/Ed448: assume public key is not trusted
 2022-07-05 09:25:50 -07:00
Eric Blankenhorn
394f36a0d7 Fix typos and bad macro names 2022-07-05 10:31:11 -05:00
Juliusz Sosinowicz
4caffee590 ForceZero the private key on import error 2022-07-05 13:44:31 +02:00
Juliusz Sosinowicz
20e5c98b2c Error out when server indicates resumption but does full handshake 2022-07-05 09:42:39 +02:00
Juliusz Sosinowicz
fd7bf8d04d Do resuming check as soon as we get a non-resumption msg 2022-07-05 08:49:00 +02:00
Juliusz Sosinowicz
144f2612e4 wc_ecc_export_x963_ex returns LENGTH_ONLY_E on a NULL output 2022-07-05 08:49:00 +02:00
Juliusz Sosinowicz
8e84560f71 CSR: confirm the signature when verify == VERIFY 2022-07-05 08:49:00 +02:00
Juliusz Sosinowicz
afaf41823c wpa_supplicant uses larger challenge passwords for x509 requests 2022-07-05 08:49:00 +02:00
Juliusz Sosinowicz
5179741ddb wpas: validate ecc points are on the curve 2022-07-05 08:48:37 +02:00
Juliusz Sosinowicz
ee3636f2e7 wc_EccPublicKeyToDer_ex: exporting the public key in compressed form 2022-07-05 08:48:18 +02:00
Juliusz Sosinowicz
448cde5a4b Support for new DPP in wpa_supplicant 
- Add null check to asn template code in MakeCertReq and test
- ENABLED_ECCCUSTCURVES can also be "all"
 2022-07-05 08:48:18 +02:00
Sean Parkinson
4a962b7fb2 Ed25519/448: improvements 
Check lengths of buffers in import functions.
priv/pub key set flag set on success only.
 2022-07-05 09:02:05 +10:00
David Garske
1b64b82a6f Merge pull request #5316 from LinuxJedi/fix-embos-mutex 
Use the correct mutex type for embOS
 2022-07-04 11:51:20 -07:00
David Garske
07b8f45d35 Merge pull request #5315 from rizlik/dtls_doDtls_fix 
fix: examples/server: dtls mode checking
 2022-07-04 10:20:20 -07:00
Andrew Hutchings
f8c67345d6 Use the correct mutex type for embOS 
OS_MUTEX_Lock() is acutally a non-blocking mutex lock, for
wc_LockMutex() we need a blocking mutex. Switch to this.
 2022-07-04 15:59:36 +01:00
Juliusz Sosinowicz
9dc2c27e3d Expand wolfDTLS_SetChGoodCb() docs 2022-07-04 14:31:24 +02:00
Juliusz Sosinowicz
10c8a1668e Reset cookie when resetting DTLS 1.3 state 2022-07-04 12:52:25 +02:00
Juliusz Sosinowicz
a8adde66c8 Use wc_HmacInit and wc_HmacFree in cookie logic 2022-07-04 12:51:50 +02:00
David Garske
00391a5ace Rename callback to wolfDTLS_SetChGoodCb and add doxygen for it. Clarify DTLS_CTX.connected. Fix build errors for ./configure --enable-dtls --enable-dtls13 --disable-examples CFLAGS="-DNO_WOLFSSL_SERVER". 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz
7ea13bf5bf Apply connected to sendto and address code review 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz
dd7073740b DTLS 1.3: tie cookie to peer address 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz
e605cfeccb Add docs for new features 2022-07-04 11:08:39 +02:00