Commit Graph

14466 Commits

Author SHA1 Message Date
Sean Parkinson 945acb4c2f Reorg of ssl.c: standard C wrappers, EX_DATA, BUF_MEM, TXT_DB 2021-06-23 11:28:38 +10:00
Sean Parkinson 2923d812bd Merge pull request #4058 from miyazakh/qt_oslext_cs
TLS: extend set_cipher_list() compatibility layer API
2021-06-23 10:12:11 +10:00
John Safranek a5852fe440 Merge pull request #4119 from julek-wolfssl/dtls-seq-num-refactor
Refactor `dtls_expected_peer_handshake_number` handling
2021-06-22 16:29:45 -07:00
Sean Parkinson eccfb4f632 Merge pull request #4125 from dgarske/sniffer_etsi
TLS: Fixes for sniffer and static ephemeral keys
2021-06-23 09:17:13 +10:00
Chris Conlon 4b3bd3e384 Merge pull request #4049 from miyazakh/set_verifyDepth_3
Set verify depth limit
2021-06-22 10:23:43 -06:00
Chris Conlon b70e028200 Merge pull request #4087 from miyazakh/get_ciphers_compat
higher priority of cipher suite is on top of stack
2021-06-22 10:22:43 -06:00
Chris Conlon 446393bcab Merge pull request #3793 from TakayukiMatsuo/os_base64
Add wolfSSL_EVP_Encode/Decode APIs
2021-06-22 10:19:30 -06:00
Chris Conlon b050463dce Merge pull request #4059 from miyazakh/qt_unit_test
fix qt unit test
2021-06-22 10:12:48 -06:00
David Garske 67b87a8883 Merge pull request #4127 from douzzer/wolfsentry-client
outbound connection filtering and wolfSentry integration
2021-06-22 07:27:18 -07:00
David Garske c4ea64b7fc Merge pull request #4140 from SparkiDev/set_sig_algs 2021-06-21 19:18:10 -07:00
David Garske 52582ede28 Merge pull request #4146 from SparkiDev/pkcs11_dec_final
PKCS #11: Use C_Decrypt instead of C_DecryptUpdate
2021-06-21 15:28:45 -07:00
Sean Parkinson ab2c1e117e Merge pull request #4149 from guidovranken/wc_ecc_verify_hash_ex-alloc-check
ECC: wc_ecc_verify_hash_ex, return if ALLOC_CURVE_SPECS() fails
2021-06-22 08:24:22 +10:00
David Garske 716237c5dd Fix minor line length and spelling. 2021-06-21 15:09:39 -07:00
David Garske 4942220718 Merge pull request #4150 from elms/fix/sniffer_no_dh
Fix build with `--enable-sniffer --disable-dh`
2021-06-21 12:47:58 -07:00
Elms a409e7c9ce Fix build with --enable-sniffer --disable-dh 2021-06-21 09:42:51 -07:00
David Garske 7491a44bb4 Fix for possible memory leak case on mp_init failure in wc_ecc_verify_hash_ex with WOLFSSL_SMALL_STACK. 2021-06-21 09:19:47 -07:00
Guido Vranken 7c600e3ebc In wc_ecc_verify_hash_ex, return if ALLOC_CURVE_SPECS() fails
This prevents a NULL pointer dereference later in the function.
2021-06-20 22:29:20 +02:00
Kaleb Himes 149920fc14 Merge pull request #4110 from dgarske/config_examples
Additional user_settings.h examples
2021-06-18 12:00:29 -05:00
David Garske 5a685ca37e Merge pull request #4139 from SparkiDev/etm_check_pad
TLS EtM: check all padding bytes are the same value
2021-06-18 08:14:46 -07:00
David Garske 15065175d8 Merge pull request #4145 from SparkiDev/sp_int_neg_mod
SP int negative: check size of a in mp_mod
2021-06-18 08:14:02 -07:00
Sean Parkinson 7224fcd9bc TLS: add support for user setting signature algorithms 2021-06-18 16:19:01 +10:00
Hideki Miyazaki fbb7a40295 simplified string parse 2021-06-18 11:55:09 +09:00
Hideki Miyazaki b52ff200de addressed code review part2 2021-06-18 11:22:23 +09:00
Hideki Miyazaki 368dd7b501 address review comments part1 2021-06-18 11:22:22 +09:00
Hideki Miyazaki 23a3c7f5f5 fixed no-termination 2021-06-18 11:22:21 +09:00
Hideki Miyazaki 1ebb4a47f6 addressed jenkins failure 2021-06-18 11:22:20 +09:00
Hideki Miyazaki a4ff5de369 always tls13 suites in the front position 2021-06-18 11:22:20 +09:00
Hideki Miyazaki 4feedb72cc simulate set_ciphersuites comp. API 2021-06-18 11:22:19 +09:00
Sean Parkinson 699a75c211 PKCS #11: Use C_Decrypt instead of C_DecryptUpdate
Some PKCS #11 devices need final called (implicit in C_Decrypt).
2021-06-18 12:14:34 +10:00
Hideki Miyazaki 23fc810b3c added more context 2021-06-18 11:10:13 +09:00
Hideki Miyazaki ddf2a0227f additional fix for set verify depth to be compliant with openssl limit 2021-06-18 11:00:51 +09:00
Hideki Miyazaki 2bbf7cc0fb addressed review comments 2021-06-18 10:49:24 +09:00
David Garske 3d5c5b39ac Merge pull request #4134 from embhorn/joi-cert
Update use of joi cert and add to renew script.
2021-06-17 18:28:12 -07:00
Daniel Pouzzner b59c60db8a ssl.c: fix build gating on wolfSSL_X509_get_ex_new_index() again (fixing rebase error). 2021-06-17 20:14:54 -05:00
Daniel Pouzzner 8c75553e08 wolfSentry integration: move rest of recyclable code out of examples and into wolfsentry_setup() in wolfssl/test.h, and implement peer review corrections on error codes and string.h wrapper macros. 2021-06-17 20:05:40 -05:00
Daniel Pouzzner 55ed985c9a include error-ssl.h, not error-crypt.h, in wolfssl/test.h, and fix rebase error in src/ssl.c. 2021-06-17 20:05:40 -05:00
Daniel Pouzzner 1c9ea6228c ssl.c: fix build gating on wolfSSL_X509_get_ex_new_index(). 2021-06-17 20:05:40 -05:00
Daniel Pouzzner 93dfb4c7f4 add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config.
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-17 20:05:40 -05:00
Sean Parkinson 2fb80ceb59 Merge pull request #4133 from dgarske/crypto_cb_25519
Adds crypto callback support for Ed/Curve25519 and SHA2-512/384
2021-06-18 09:47:30 +10:00
David Garske 18fc1b7e63 Merge pull request #4006 from elms/refactor_pointer_manipulation 2021-06-17 16:37:03 -07:00
Sean Parkinson 485cfd798b SP int negative: check size of a in mp_mod
When using negative numbers, t is allocated to be one digit longer than
a->used. Fail when a->used is SP_DIGIT_MAX.
2021-06-18 09:28:51 +10:00
Hideki Miyazaki 951de64e2c set PSK at the beginning 2021-06-18 07:59:35 +09:00
Hideki Miyazaki 3386069490 add LOAD flag to be compliant with OpenSSL 2021-06-18 07:59:34 +09:00
Hideki Miyazaki af917cc55e tell error code 2021-06-18 07:59:34 +09:00
Hideki Miyazaki 976b6ae97c not push CA, revert error code when being OpensslExtra mode 2021-06-18 07:59:33 +09:00
Hideki Miyazaki cd73cf3d0f fix Qt unit test verifyClientCert 2021-06-18 07:59:32 +09:00
Hideki Miyazaki 8b9bf041c1 addressed review comments 2021-06-18 07:50:06 +09:00
Sean Parkinson 98ce4e901a TLS EtM: check all padding bytes are the same value
Must be constant time so as not to provide an oracle.
That is, don't leak length of data and padding.
2021-06-18 08:42:48 +10:00
Hideki Miyazaki 22430ccdd3 higher priority of cipher suite is on top of stack 2021-06-18 07:42:41 +09:00
David Garske 9181c949ae Added static ciphers and sniffer. Fixed spelling. 2021-06-17 15:19:45 -07:00