John Safranek
b68b14b499
Merge pull request #4724 from embhorn/zd13462
...
Improve param checks of enc
2022-01-16 15:35:54 -08:00
Sean Parkinson
15f501358d
Merge pull request #4716 from julek-wolfssl/issue-4592
...
Verification: Domain check should only be performed on leaf certs
2022-01-17 08:40:14 +10:00
Juliusz Sosinowicz
31e84d82b8
Domain check should only be performed on leaf certs
...
- Refactor `*_set_verify` functions into common logic
- NULL protect `wolfSSL_X509_VERIFY_PARAM_set1_host` and add debug info
2022-01-14 18:16:42 +01:00
David Garske
f81e15f342
Merge pull request #4750 from SparkiDev/etm-disable
...
TLS EncryptThenMac; fix when extension response sent
2022-01-13 13:33:57 -08:00
Sean Parkinson
70b169e3f2
TLS EncryptThenMac; fix when extension response sent
...
Only respond with the extension when negotiated a block cipher.
2022-01-13 12:46:21 +10:00
elms
336e595ebb
Remove some lingering oldname return values
2022-01-11 17:09:52 -08:00
elms
efe2cea8d1
TLS: Default secure renegotiation compatability
...
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746
From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.
With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
2022-01-11 15:56:35 -08:00
David Garske
5910ada93d
Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene
...
cppcheck sweep
2022-01-10 12:52:22 -08:00
David Garske
6ce248e2f9
Improve documentation for wolfSSL_get1_session. Add wolfSSL specific naming on the internal session functions to avoid possible user conflicts. ZD13363 and ZD13487.
2022-01-10 07:47:19 -08:00
Daniel Pouzzner
355b5821b2
WOLFSSL_SESSION_EXPORT: fixes for scan-build complaints (deadcode.DeadStores) building --enable-all --enable-sessionexport.
2022-01-08 11:43:56 -06:00
Daniel Pouzzner
c50964cc35
src/internal.c: fix flubbed edit in wolfSSL_session_import_internal().
2022-01-08 11:08:57 -06:00
Daniel Pouzzner
56c28ff307
src/ssl.c: in wolfSSL_SESSION_has_ticket(), add (void)sess if !defined(HAVE_SESSION_TICKET), to fix -Wunused-parameter.
2022-01-08 02:39:50 -06:00
Daniel Pouzzner
8ba6027073
src/wolfio.c: fixes for cppcheck complaints: nullPointer uninitvar
2022-01-08 00:28:35 -06:00
Daniel Pouzzner
bb727d2ef2
src/ssl.c: fixes for cppcheck complaints: uselessAssignmentPtrArg autoVariables[not a defect; added suppression] invalidPrintfArgType_sint nullPointerRedundantCheck pointerSize
2022-01-08 00:28:09 -06:00
Daniel Pouzzner
4d3dfc451d
src/sniffer.c: fixes for cppcheck complaints: negativeIndex
2022-01-08 00:27:59 -06:00
Daniel Pouzzner
b69dc00bd7
src/internal.c: fixes for cppcheck complaints: nullPointerRedundantCheck uninitvar
2022-01-08 00:27:47 -06:00
Eric Blankenhorn
f74831a7da
Improve param checks of enc
2022-01-06 09:12:18 -06:00
David Garske
32223b9c3a
Merge pull request #4697 from LinuxJedi/isotp
...
Add ISO-TP support to wolfio
2022-01-05 10:34:43 -08:00
Andrew Hutchings
e847bf7301
ISO-TP buffer fixes
...
* Flow control failed on wrap around when there is going to be no more
flow control packets.
* If ISOTP_Send is provided more than 4095 bytes, limit it to 4095 bytes
as wolfSSL will retry with the rest.
* Set the default receive size to the max ISO-TP data size.
* A few other cleanups.
2022-01-05 11:37:15 +00:00
Andrew Hutchings
247cbdeef7
Cleanups for ISO-TP in wolfio
...
* Add Doxygen comments
* Make ISOTP_Send, ISOTP_Receive and wolfSSL_SetIO_ISOTP safer
* Reorder isotp_wolfssl_ctx
* Other minor cleanups
2022-01-04 12:57:11 +00:00
Marco Oliverio
4907696ed4
wolfssl: keys: add missing wc_AesFree() when setting new keys
2021-12-30 20:30:36 +01:00
Jacob Barthelmeh
73b4cc9476
fix for location of xmemset
2021-12-29 10:48:06 -07:00
Jacob Barthelmeh
05a19c852b
account for DTLS extra header size when reading msg from pool
2021-12-27 16:52:09 -07:00
Andrew Hutchings
7c2a2229c5
Use XMEMCPY and defined constannts for ISOTP
2021-12-24 11:56:16 +00:00
Daniel Pouzzner
54e9076c45
src/ssl.c: fix whitespace and heap reference in FreeSession() (re 569c066fab).
2021-12-24 01:16:32 -06:00
David Garske
02186dbd23
Fix for TLS v1.3 client session ticket resumption where the server opts to do a new handshake. Fix to make sure preMasterSz is valid.
2021-12-23 18:45:52 -08:00
David Garske
a92fb0eb42
Fix for session resumption to ensure use of the right cipher suite. ZD13297
2021-12-23 18:42:41 -08:00
Sean Parkinson
f1f15f411f
Merge pull request #4688 from embhorn/gh4684
...
Fix missing include ws2tcpip.h for VS build
2021-12-24 11:58:12 +10:00
Sean Parkinson
929174be6b
Merge pull request #4667 from dgarske/zd13363
...
Improve TLS client side session cache references
2021-12-24 11:23:06 +10:00
David Garske
a75e152b93
Merge pull request #4698 from JacobBarthelmeh/Jenkins
...
fix for user_settings_all.h build on 'VS' and build with libz + pkcs7 test
2021-12-23 16:54:40 -08:00
David Garske
1e4b13dfac
Only include ws2tcpip.h if not user IO.
2021-12-23 15:25:25 -08:00
David Garske
569c066fab
Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use wolfSSL_get1_sesson for reference logic, that requires calling wolfSSL_SESSION_free. To disable this feature use NO_SESSION_CACHE_REF.
2021-12-23 14:25:45 -08:00
Daniel Pouzzner
7b5b1f5a4d
src/ssl.c: refine integration of wolfCrypt_SetPrivateKeyReadEnable_fips(), started by 52754123d9: depend on fips 5.1+, and call as matched pair in wolfSSL_Init() and wolfSSL_Cleanup().
2021-12-23 16:05:25 -06:00
David Garske
f950f24b1a
Merge pull request #4691 from JacobBarthelmeh/sessionExport
...
retain same size for exported session
2021-12-23 14:03:11 -08:00
David Garske
57d2555ac8
Merge pull request #4695 from douzzer/20211222-fips-config-update-and-fix-test_RsaDecryptBoundsCheck
...
fips config update and test-driven cleanup
2021-12-23 10:38:36 -08:00
Andrew Hutchings
bb8d38c2a1
Add ISO-TP support to wolfio
...
ISO-TP is a commonly used simple transport layer for CAN bus which
allows larger than the 1-8 bytes payload than the CAN bus protocol
allows.
This implements our own ISO-TP transport layer for wolfSSL when compiled
with `WOLFSSL_ISOTP`.
2021-12-23 18:27:34 +00:00
David Garske
a8605309c6
Merge pull request #4692 from haydenroche5/wolfssl_init_fipsv5
...
Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
2021-12-23 09:28:36 -08:00
JacobBarthelmeh
63df8f0836
add fe_low_mem.c to wolfssl vs project and fix a couple warnings
2021-12-23 16:55:51 +00:00
Sean Parkinson
86e51b97e9
Merge pull request #4689 from haydenroche5/wolfengine_compression_fix
...
Fix usage of SSL_OP_NO_COMPRESSION that was breaking wolfEngine.
2021-12-23 10:47:30 +10:00
Daniel Pouzzner
a5b3daf216
fix whitespace.
2021-12-22 17:34:06 -06:00
Hayden Roche
52754123d9
Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
...
Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and
server), since they are now redundant.
2021-12-22 14:21:06 -08:00
Chris Conlon
8670e33baf
Merge pull request #4651 from TakayukiMatsuo/tsip_sce
2021-12-22 15:00:32 -07:00
Jacob Barthelmeh
fd39197e4b
retain same size for exported session
2021-12-22 14:28:42 -07:00
Hayden Roche
646ceb259a
Fix usage of SSL_OP_NO_COMPRESSION that was breaking wolfEngine.
...
Replace instances of SSL_OP_NO_COMPRESSION with WOLFSSL_OP_NO_COMPRESSION in
ssl.c. Only define SSL_OP_NO_COMPRESSION when using the compatibility layer.
Before these changes, wolfEngine builds were failing due to
SSL_OP_NO_COMPRESSION being defined in both wolfSSL and OpenSSL headers.
2021-12-22 10:23:51 -08:00
David Garske
9d137668c7
Merge pull request #4675 from julek-wolfssl/openssh-8.8
...
Fix macro name conflicts with openssh
2021-12-22 08:31:36 -08:00
Juliusz Sosinowicz
8435eb4644
Add WC_ namespace to variable handling defines
2021-12-22 12:16:02 +01:00
TakayukiMatsuo
cd96330f2a
Integrate Renesas TSIP specific code into Renesas common logics
2021-12-22 13:18:32 +09:00
David Garske
af0bcef0ef
Merge pull request #4648 from embhorn/zd13365
...
Fix - wolfSSL_init should cleanup on failure of a component
2021-12-21 17:17:16 -08:00
Sean Parkinson
bb306d14b7
Merge pull request #4643 from kareem-wolfssl/zd13328
...
Fix building with OPENSSL_EXTRA defined and NO_WOLFSSL_STUB not defined.
2021-12-21 08:02:17 +10:00
Anthony Hu
7d4c13b9a4
--with-liboqs now defines HAVE_LIBOQS and HAVE_PQC
...
AKA: The Great Rename of December 2021
2021-12-20 11:48:03 -05:00