wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 12:52:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,877 Commits 12 Branches 184 Tags
8d9dc3d79f8a305adc45f15dd9136296ec23e7f4
Commit Graph

7384 Commits

Author SHA1 Message Date
Hideki Miyazaki
8d9dc3d79f skip DATE if flags is set when calling AddTrustedPeer 2023-11-03 09:38:23 +09:00
JacobBarthelmeh
79a6e1eb04 Merge pull request #6808 from SparkiDev/sp_sm2 
SP updates for SM2
 2023-10-13 10:17:17 -06:00
JacobBarthelmeh
f247e6b6f0 Merge pull request #6865 from per-allansson/wolfio-getaddrinfo-hints-a 
wolfio: request only IPv4 addresses unless IPv6 support is enabled
 2023-10-13 09:53:38 -06:00
JacobBarthelmeh
95137f91fa Merge pull request #6856 from dgarske/fips_win32 
Fixes for wolfCrypt FIPS DLL win32
 2023-10-13 09:49:26 -06:00
Per Allansson
5f20f1171d wolfio: request only IPv4 addresses unless IPv6 support is enabled 2023-10-13 15:25:16 +02:00
JacobBarthelmeh
26cc785fbc Merge pull request #6861 from douzzer/20231012-keylog-export-warning-fix 
20231012-keylog-export-warning-fix
 2023-10-12 17:04:39 -06:00
Sean Parkinson
0cc21a42f3 SP updates for SM2 
Allow wolfSSL to build with SP implementations of SM2.
Updates to SP implementation of other code.
 2023-10-13 08:14:15 +10:00
JacobBarthelmeh
26ab3b109a Merge pull request #6858 from anhu/FASCN_OID 
Support FASCN OID in wolfssl_dns_entry_othername_to_gn()
 2023-10-12 14:47:09 -06:00
David Garske
3cebf35b1b Cleanups for IDE/WIN10 user_settings.h to allow for FIPS 140-2 3389 cert. Fixed compiler warning with possible use of uninitialized data. 2023-10-12 12:04:51 -07:00
Daniel Pouzzner
0549dba3db configure.ac and src/tls.c: fix --enable-keylog-export to warn at configure time, then build cleanly. 2023-10-12 13:09:43 -05:00
Anthony Hu
f332995131 Support FASCN OID in wolfssl_dns_entry_othername_to_gn() 2023-10-11 20:33:13 -04:00
JacobBarthelmeh
f0bfcc50d7 Merge pull request #6748 from julek-wolfssl/dtls13-frag-ch2 
DTLS 1.3: allow fragmenting the second ClientHello message
 2023-10-11 11:13:57 -06:00
Hideki Miyazaki
f8604da8e3 change to use a cutom random generation func for PRNG 2023-10-11 06:50:26 +09:00
Juliusz Sosinowicz
64ed7d57eb Add comment 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
275c0a0838 Update window in one place only when stateful 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
c1a49fef99 Fix unreachable code error 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
3a881079d3 Fix async 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
2c6c52078a test_dtls13_frag_ch_pq: make sure kyber5 is used 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
c802193119 Simplify the pqc keyshare handling 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
0dbf97c867 fixup! Clear the keyshare instead of storing it 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
ada785e115 Address code review 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
8da863184c Force DTLS 1.3 when accepting fragmented CH 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
df8ee69075 Clear the keyshare instead of storing it 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
85a596e54a DTLS 1.3: allow fragmenting the second ClientHello message 
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
 2023-10-09 12:54:11 +02:00
Sean Parkinson
832e0f3726 Merge pull request #6842 from kaleb-himes/fix-err-introduce-with-cm-move 
Fix -4 return code when expected BAD_FUNC_ARG(-173)
 2023-10-09 07:04:24 +10:00
JacobBarthelmeh
5cb80ea898 Merge pull request #6847 from embhorn/zd16767 
Fix wolfSSL_set_verify_result to use correct value
 2023-10-06 16:52:32 -06:00
Eric Blankenhorn
b329c0d5f4 Fix wolfSSL_set_verify_result to use correct value 2023-10-06 16:34:31 -05:00
JacobBarthelmeh
a24d66939f Merge pull request #6843 from embhorn/gh6760_take2 
Fix RNG with writedup
 2023-10-06 09:11:33 -06:00
kaleb-himes
e51399ca0f Do the success checkout out front 2023-10-05 17:05:36 -06:00
Eric Blankenhorn
a494d04f10 Fix RNG with writedup 2023-10-05 16:03:42 -05:00
kaleb-himes
4bb6c51d2d Fix -4 return code when expected BAD_FUNC_ARG(-173) 2023-10-05 14:20:37 -06:00
Juliusz Sosinowicz
89946126f2 Remove dtls_expected_rx and use expected values directly 
We should always read MTU + EXTRA so that we capture the entire message and are able to correctly decrypt the entire datagram. A smaller MTU also breaks larger handshake messages sent during a connection like secure renegotiation in DTLS 1.2 (confirmed) and post-handshake messages in DTLS 1.3 (suspected).
 2023-10-05 16:58:45 +02:00
Juliusz Sosinowicz
80c8c62fb2 Proper initial_ctx clean up 
- Call wolfSSL_CTX_free on ssl->initial_ctx so that it decrements the counter and free's the object
- Clean up where ssl->initial_ctx is free'd. It only needs to be free'd when the ssl object is being free'd
 2023-10-05 16:58:45 +02:00
JacobBarthelmeh
96205fc80d Merge pull request #6820 from julek-wolfssl/zd/16550-int-crl 
CRL verify the entire chain including loaded CA's
 2023-10-04 14:37:50 -06:00
Juliusz Sosinowicz
7baf151c37 CRL verify the entire chain including loaded CA's 
- Regen CRL's as most of them are expired
- certs/crl/extra-crls/ca-int-cert-revoked.pem: CRL that revokes certs/intermediate/ca-int-cert.pem signed by certs/ca-cert.pem
- Add CheckCertCRL_ex API to not depend on DecodedCert
- CheckCertCRLList: accept raw serial or hashed version to work with Signers
- Add XELEM_CNT to simplify pre-proc element counting
 2023-10-03 11:45:43 +02:00
Marco Oliverio
c70b3f297e fix: tls13: don't use stale suites pointers in CheckPreSharedKeys 2023-10-02 15:03:55 +00:00
JacobBarthelmeh
369db531d2 Merge pull request #6817 from anhu/tls13_server_suppgroups 
Allow the server to send supported groups extension in TLS 1.3
 2023-09-29 13:53:37 -06:00
Anthony Hu
7c1cc5e8f9 Allow the server to send supported groups extension in TLS 1.3 2023-09-29 12:42:44 -04:00
Sean Parkinson
3ea0fb30dd AES XTS x64 ASM: add AVX1 and AESNI implementations 
Adding AES-XTS AVX1 and AESNI implementations.
Fix name in comment at top of x64 assembly files.
 2023-09-28 14:44:23 -05:00
Sean Parkinson
9acba6ee2d Static RSA length check 
Better length check on decrypted pre-master secret length.
 2023-09-27 07:55:53 +10:00
Kareem
df6a65e151 Prevent current handshake counter from underflowing. 2023-09-22 14:47:00 -07:00
David Garske
16e6a8c150 Merge pull request #6795 from jpbland1/ech-double-free-fix 
Fix ECH double free on rejection
 2023-09-20 14:25:11 -07:00
David Garske
bc02006def Merge pull request #6794 from res0nance/fix-memory-type 
pqc: fix memory type for shared secret storage server side
 2023-09-20 14:24:42 -07:00
John Bland
f71423d626 set ssl->hsHashesEch to NULL regardless of acceptance 
to avoid double free, clean up style violations
 2023-09-20 14:51:40 -04:00
Andras Fekete
9ed19cddfa Need to increment state after the async task completes 2023-09-20 12:23:14 -04:00
res0nance
0983ea9a80 pqc: fix memory type for shared secret storage server side 
This gets copied to preMasterSecret and freed in
TLSX_KeyShare_ProcessPqc with the SECRET type but is allocated
with the TLSX type.
 2023-09-20 15:45:26 +08:00
Andras Fekete
da39f66ff0 Remove accidental comment left in. 2023-09-19 13:10:16 -04:00
Andras Fekete
186d3c2eb4 Fixes to various Async issues 2023-09-19 13:10:16 -04:00
David Garske
763de1a685 Merge pull request #6790 from bandi13/codesonar 
Clean up memory leaks
 2023-09-19 09:48:22 -07:00
David Garske
eca28ea2f6 Merge pull request #6789 from bandi13/renameAsyncEnumPart2 
Clean up double enum
 2023-09-19 09:08:32 -07:00