wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 20:29:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,247 Commits 12 Branches 184 Tags
890abfbefcee5f40b413169dd17c035db99643c0
Commit Graph

6228 Commits

Author SHA1 Message Date
Sean Parkinson
890abfbefc pk.c: rework 
Re-order RSA functions.
Add comments to RSA functions.
Rework RSA function implementations.
 2022-06-10 09:54:32 +10:00
Daniel Pouzzner
088d378ba4 ssl.c:EncryptDerKey(): use XSTRLCPY() and XSTRLCAT() to build up cipherInfo, and remove XSTRCPY() macro from wolfssl/wolfcrypt/types.h (clang-tidy hates on it, albeit frivolously). 2022-06-07 08:22:48 -05:00
Daniel Pouzzner
711a900ff7 Merge pull request #5214 from lealem47/ghostFunc 
Removing ghosts and updating defines in openssl/buffer.h
 2022-06-06 17:05:33 -05:00
Lealem Amedie
07e0a6fa8e Removing ghost functions and fixing overflow warning in ssl.c 2022-06-06 11:33:26 -07:00
kaleb-himes
3bcdef1972 Fix various warnings and an uninitialized XFILE 2022-06-03 09:52:53 -06:00
Sean Parkinson
ee78e63b87 Merge pull request #5203 from dgarske/zd14289 
Fix the supported version extension to always check minDowngrade
 2022-06-03 08:31:36 +10:00
David Garske
2dd27c8d4a Fix the supported version extension to check the ssl->options.minDowngrade always. 2022-06-02 11:17:25 -07:00
Daniel Pouzzner
2e307e1cd3 tls13.c: fix null pointer deref in FreeDcv13Args(). 2022-06-02 10:32:05 -05:00
Juliusz Sosinowicz
3d71956b48 wolfssl-multi-test fixes: 
- Remove RetrySendAlert and SendAlert recursion
- args possible NULL dereference
 2022-06-02 16:08:25 +02:00
David Garske
9cfcdfc7aa Merge pull request #5149 from julek-wolfssl/store-frags-v2 
Re-use async to support WANT_WRITE while sending fragments
 2022-06-01 10:52:54 -07:00
Juliusz Sosinowicz
d29c656d4f SendAlert: clear output buffer to try and send the alert now 2022-06-01 16:48:57 +02:00
Juliusz Sosinowicz
df10e1fad2 Store RetrySendAlert error in ssl->error 2022-06-01 14:59:10 +02:00
Sean Parkinson
be743b2204 TLS 1.3: send ticket 
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
 2022-06-01 10:36:01 +10:00
Juliusz Sosinowicz
c74315f1ef Save pending alerts when using async io 
- Don't overwrite ssl->error
- Clear the error in ssl->error because the return of SendBuffered is now stored in ret instead
 2022-05-31 18:17:11 +02:00
David Garske
2ed85926d5 Merge pull request #5187 from kareem-wolfssl/hsHashesNull 
Confirm ssl->hsHashes is not NULL before attempting to dereference it.
 2022-05-30 10:41:35 -07:00
Juliusz Sosinowicz
8aa2da532c Combine preproc check into one statement 2022-05-30 15:27:36 +02:00
Juliusz Sosinowicz
8cb4819b53 Fix curve group matching on secure renegotiation 2022-05-27 21:26:55 +02:00
Juliusz Sosinowicz
50c0b3d2a2 Add testing/docs for blocking write 
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
 2022-05-27 21:26:55 +02:00
Kareem
98ec442b37 Confirm ssl->hsHashes is not NULL before attempting to dereference it. 2022-05-27 10:57:23 -07:00
Anthony Hu
df06db114d Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442 
Testing:

./autogen.sh
./configure --enable-psk
make all check

$ ./examples/server/server  -j -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!

$ ./examples/client/client  -s -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
 2022-05-27 11:05:55 -04:00
Juliusz Sosinowicz
4e8c362152 Allocate ssl->async seperately to the SSL object 2022-05-26 23:08:48 +02:00
Juliusz Sosinowicz
733fe1a8d3 Use WOLFSSL_ASYNC_IO for WOLFSSL_NONBLOCK_OCSP 
- Enable ssl->async to store function arguments for non-blocking OCSP
- Remove ssl->nonblockarg
 2022-05-26 23:08:48 +02:00
Juliusz Sosinowicz
c151dcec50 Re-use async to support WANT_WRITE while sending fragments 
- Async I/O can be turned off with WOLFSSL_NO_ASYNC_IO
- WOLFSSL_ASYNC_IO functionality enabled in SendCertificateVerify() and SendServerKeyExchange() to allow safe re-entry into SendHandshakeMsg()
- Testing size of structs is refactored int WOLFSSL_ASSERT_SIZEOF_GE()
 2022-05-26 23:08:48 +02:00
Eric Blankenhorn
2800d00bb4 Fix to move wolfSSL_ERR_clear_error outside gate for OPENSSL_EXTRA 2022-05-26 06:11:45 -05:00
David Garske
fa80aa6505 Merge pull request #5132 from JacobBarthelmeh/req 
Add support for additional CSR attributes
 2022-05-25 13:35:46 -07:00
David Garske
17d7098bf6 Merge pull request #5168 from rizlik/dtls_resume 
internal.c: dtls:  HelloVerifyRequest on resumption
 2022-05-25 11:23:08 -07:00
Marco Oliverio
6c0b65d655 internal.c: dtls: HelloVerifyRequest on resumption 2022-05-25 10:38:32 +02:00
David Garske
5aea58d1e8 Merge pull request #5175 from douzzer/20220524-shellcheck-warnings 
20220524-shellcheck-warnings
 2022-05-24 14:21:49 -07:00
David Garske
74cbd08ff5 Merge pull request #5164 from cconlon/x509date 
Remove WOLFSSL_ALT_NAMES restriction on notBefore/notAfter use in Cert struct
 2022-05-24 12:41:00 -07:00
Daniel Pouzzner
b66fa1680a fix whitespace. 2022-05-24 12:13:14 -05:00
Chris Conlon
6a26dab73a X.509 cert validity for CertFromX509() and EncodeCert() shouldn't be protected by WOLFSSL_ALT_NAMES 2022-05-24 10:28:46 -06:00
kareem-wolfssl
465a6ceb64 Merge pull request #4920 from SparkiDev/old_timing_pad_verify 
Make old less secure TimingPadVerify implementation available
 2022-05-23 13:43:59 -07:00
Chris Conlon
ec39ee2cb6 Merge pull request #5070 from miyazakh/crypto_only_flwup 2022-05-20 17:08:29 -06:00
David Garske
9427ebc5be Merge pull request #5160 from haydenroche5/tls_unique 
Provide access to "Finished" messages outside the compat layer.
 2022-05-19 21:30:30 -07:00
Hayden Roche
6d9fbf7ab3 Provide access to "Finished" messages outside the compat layer. 
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
 2022-05-19 16:34:13 -07:00
Daniel Pouzzner
5988f35593 src/wolfio.c: in EmbedReceiveFrom((), clear peer before recvfrom() to fix clang-analyzer-core.UndefinedBinaryOperatorResult; add DTLS_ prefix to macros SENDTO_FUNCTION and RECVFROM_FUNCTION, and gate their definitions on their being undefined to allow overrides. 2022-05-19 11:31:24 -05:00
Sean Parkinson
cd41c8beaf Merge pull request #5147 from rizlik/do_alert_reset 
internal.c:reset input/processReply state if exiting after DoAlert()
 2022-05-19 09:36:44 +10:00
Marco Oliverio
be172af3cd internal.c: check that we have data before processing messages 
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
 2022-05-18 18:49:33 +02:00
Marco Oliverio
6940a5eaae internal.c:reset input/processReply state if exiting after DoAlert() 2022-05-18 18:35:29 +02:00
John Safranek
40063f7487 Merge pull request #5109 from rizlik/dtls_peer_matching_fix 
wolfio: dtls: fix incorrect peer matching check
 2022-05-18 09:12:26 -07:00
Hideki Miyazaki
5de9c45161 resolve merge and conflict 2022-05-18 11:37:22 +09:00
Hideki Miyazaki
54a96cef06 add test case 2022-05-18 11:16:10 +09:00
Hideki Miyazaki
88abc9f3c1 addressed review comments 
add to call wc_ecc_rs_to_sig and wc_ecc_verify_has
 2022-05-18 11:16:07 +09:00
Hideki Miyazaki
c1f117413f get crypto only compiled with openssl extra 2022-05-18 11:16:03 +09:00
Sean Parkinson
2f91028f2d TLS 1.3: pre-master secret zeroizing 2022-05-18 08:52:38 +10:00
David Garske
c9ae021427 Merge pull request #5143 from julek-wolfssl/x509-ret-empty-name 
Return subject and issuer X509_NAME obj even when not set
 2022-05-17 09:16:54 -07:00
Marco Oliverio
6df65c0162 wolfio: dtls: fix incorrect peer matching check 
Ignore packet if coming from a peer of a different size *or* from a different
peer. Avoid whole memcmp of sockaddr_in[6] struct because is not portable (there
are optional fields in struct sockaddr_in).
 2022-05-17 11:01:55 +02:00
David Garske
ec619e3f35 Merge pull request #5107 from julek-wolfssl/wpas-ex-data-leak 
Call ctx->rem_sess_cb when a session is about to be invalid
 2022-05-16 13:27:08 -07:00
Juliusz Sosinowicz
7f8f0dcffe Refactor cache ex_data update/retrieve into one function 
- Add explicit pointer cast
 2022-05-16 13:01:05 +02:00
Juliusz Sosinowicz
d996086a6d Return subject and issuer X509_NAME obj even when not set 
This allows the user to set the attributes of the subject and issuer name by calling X509_REQ_get_subject_name and adding attributes to it.
 2022-05-16 12:49:34 +02:00