Commit Graph

5850 Commits

Author SHA1 Message Date
John Safranek b68b14b499 Merge pull request #4724 from embhorn/zd13462
Improve param checks of enc
2022-01-16 15:35:54 -08:00
Sean Parkinson 15f501358d Merge pull request #4716 from julek-wolfssl/issue-4592
Verification: Domain check should only be performed on leaf certs
2022-01-17 08:40:14 +10:00
Juliusz Sosinowicz 31e84d82b8 Domain check should only be performed on leaf certs
- Refactor `*_set_verify` functions into common logic
- NULL protect `wolfSSL_X509_VERIFY_PARAM_set1_host` and add debug info
2022-01-14 18:16:42 +01:00
David Garske f81e15f342 Merge pull request #4750 from SparkiDev/etm-disable
TLS EncryptThenMac; fix when extension response sent
2022-01-13 13:33:57 -08:00
Sean Parkinson 70b169e3f2 TLS EncryptThenMac; fix when extension response sent
Only respond with the extension when negotiated a block cipher.
2022-01-13 12:46:21 +10:00
elms 336e595ebb Remove some lingering oldname return values 2022-01-11 17:09:52 -08:00
elms efe2cea8d1 TLS: Default secure renegotiation compatability
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746

From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.

With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
2022-01-11 15:56:35 -08:00
David Garske 5910ada93d Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene
cppcheck sweep
2022-01-10 12:52:22 -08:00
David Garske 6ce248e2f9 Improve documentation for wolfSSL_get1_session. Add wolfSSL specific naming on the internal session functions to avoid possible user conflicts. ZD13363 and ZD13487. 2022-01-10 07:47:19 -08:00
Daniel Pouzzner 355b5821b2 WOLFSSL_SESSION_EXPORT: fixes for scan-build complaints (deadcode.DeadStores) building --enable-all --enable-sessionexport. 2022-01-08 11:43:56 -06:00
Daniel Pouzzner c50964cc35 src/internal.c: fix flubbed edit in wolfSSL_session_import_internal(). 2022-01-08 11:08:57 -06:00
Daniel Pouzzner 56c28ff307 src/ssl.c: in wolfSSL_SESSION_has_ticket(), add (void)sess if !defined(HAVE_SESSION_TICKET), to fix -Wunused-parameter. 2022-01-08 02:39:50 -06:00
Daniel Pouzzner 8ba6027073 src/wolfio.c: fixes for cppcheck complaints: nullPointer uninitvar 2022-01-08 00:28:35 -06:00
Daniel Pouzzner bb727d2ef2 src/ssl.c: fixes for cppcheck complaints: uselessAssignmentPtrArg autoVariables[not a defect; added suppression] invalidPrintfArgType_sint nullPointerRedundantCheck pointerSize 2022-01-08 00:28:09 -06:00
Daniel Pouzzner 4d3dfc451d src/sniffer.c: fixes for cppcheck complaints: negativeIndex 2022-01-08 00:27:59 -06:00
Daniel Pouzzner b69dc00bd7 src/internal.c: fixes for cppcheck complaints: nullPointerRedundantCheck uninitvar 2022-01-08 00:27:47 -06:00
Eric Blankenhorn f74831a7da Improve param checks of enc 2022-01-06 09:12:18 -06:00
David Garske 32223b9c3a Merge pull request #4697 from LinuxJedi/isotp
Add ISO-TP support to wolfio
2022-01-05 10:34:43 -08:00
Andrew Hutchings e847bf7301 ISO-TP buffer fixes
* Flow control failed on wrap around when there is going to be no more
  flow control packets.
* If ISOTP_Send is provided more than 4095 bytes, limit it to 4095 bytes
  as wolfSSL will retry with the rest.
* Set the default receive size to the max ISO-TP data size.
* A few other cleanups.
2022-01-05 11:37:15 +00:00
Andrew Hutchings 247cbdeef7 Cleanups for ISO-TP in wolfio
* Add Doxygen comments
* Make ISOTP_Send, ISOTP_Receive and wolfSSL_SetIO_ISOTP safer
* Reorder isotp_wolfssl_ctx
* Other minor cleanups
2022-01-04 12:57:11 +00:00
Marco Oliverio 4907696ed4 wolfssl: keys: add missing wc_AesFree() when setting new keys 2021-12-30 20:30:36 +01:00
Jacob Barthelmeh 73b4cc9476 fix for location of xmemset 2021-12-29 10:48:06 -07:00
Jacob Barthelmeh 05a19c852b account for DTLS extra header size when reading msg from pool 2021-12-27 16:52:09 -07:00
Andrew Hutchings 7c2a2229c5 Use XMEMCPY and defined constannts for ISOTP 2021-12-24 11:56:16 +00:00
Daniel Pouzzner 54e9076c45 src/ssl.c: fix whitespace and heap reference in FreeSession() (re 569c066fab). 2021-12-24 01:16:32 -06:00
David Garske 02186dbd23 Fix for TLS v1.3 client session ticket resumption where the server opts to do a new handshake. Fix to make sure preMasterSz is valid. 2021-12-23 18:45:52 -08:00
David Garske a92fb0eb42 Fix for session resumption to ensure use of the right cipher suite. ZD13297 2021-12-23 18:42:41 -08:00
Sean Parkinson f1f15f411f Merge pull request #4688 from embhorn/gh4684
Fix missing include ws2tcpip.h for VS build
2021-12-24 11:58:12 +10:00
Sean Parkinson 929174be6b Merge pull request #4667 from dgarske/zd13363
Improve TLS client side session cache references
2021-12-24 11:23:06 +10:00
David Garske a75e152b93 Merge pull request #4698 from JacobBarthelmeh/Jenkins
fix for user_settings_all.h build on 'VS' and build with libz + pkcs7 test
2021-12-23 16:54:40 -08:00
David Garske 1e4b13dfac Only include ws2tcpip.h if not user IO. 2021-12-23 15:25:25 -08:00
David Garske 569c066fab Improve TLS client side session cache references to provide option for not returning an internal session cache pointer. Now use wolfSSL_get1_sesson for reference logic, that requires calling wolfSSL_SESSION_free. To disable this feature use NO_SESSION_CACHE_REF. 2021-12-23 14:25:45 -08:00
Daniel Pouzzner 7b5b1f5a4d src/ssl.c: refine integration of wolfCrypt_SetPrivateKeyReadEnable_fips(), started by 52754123d9: depend on fips 5.1+, and call as matched pair in wolfSSL_Init() and wolfSSL_Cleanup(). 2021-12-23 16:05:25 -06:00
David Garske f950f24b1a Merge pull request #4691 from JacobBarthelmeh/sessionExport
retain same size for exported session
2021-12-23 14:03:11 -08:00
David Garske 57d2555ac8 Merge pull request #4695 from douzzer/20211222-fips-config-update-and-fix-test_RsaDecryptBoundsCheck
fips config update and test-driven cleanup
2021-12-23 10:38:36 -08:00
Andrew Hutchings bb8d38c2a1 Add ISO-TP support to wolfio
ISO-TP is a commonly used simple transport layer for CAN bus which
allows larger than the 1-8 bytes payload than the CAN bus protocol
allows.

This implements our own ISO-TP transport layer for wolfSSL when compiled
with `WOLFSSL_ISOTP`.
2021-12-23 18:27:34 +00:00
David Garske a8605309c6 Merge pull request #4692 from haydenroche5/wolfssl_init_fipsv5
Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
2021-12-23 09:28:36 -08:00
JacobBarthelmeh 63df8f0836 add fe_low_mem.c to wolfssl vs project and fix a couple warnings 2021-12-23 16:55:51 +00:00
Sean Parkinson 86e51b97e9 Merge pull request #4689 from haydenroche5/wolfengine_compression_fix
Fix usage of SSL_OP_NO_COMPRESSION that was breaking wolfEngine.
2021-12-23 10:47:30 +10:00
Daniel Pouzzner a5b3daf216 fix whitespace. 2021-12-22 17:34:06 -06:00
Hayden Roche 52754123d9 Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init.
Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and
server), since they are now redundant.
2021-12-22 14:21:06 -08:00
Chris Conlon 8670e33baf Merge pull request #4651 from TakayukiMatsuo/tsip_sce 2021-12-22 15:00:32 -07:00
Jacob Barthelmeh fd39197e4b retain same size for exported session 2021-12-22 14:28:42 -07:00
Hayden Roche 646ceb259a Fix usage of SSL_OP_NO_COMPRESSION that was breaking wolfEngine.
Replace instances of SSL_OP_NO_COMPRESSION with WOLFSSL_OP_NO_COMPRESSION in
ssl.c. Only define SSL_OP_NO_COMPRESSION when using the compatibility layer.
Before these changes, wolfEngine builds were failing due to
SSL_OP_NO_COMPRESSION being defined in both wolfSSL and OpenSSL headers.
2021-12-22 10:23:51 -08:00
David Garske 9d137668c7 Merge pull request #4675 from julek-wolfssl/openssh-8.8
Fix macro name conflicts with openssh
2021-12-22 08:31:36 -08:00
Juliusz Sosinowicz 8435eb4644 Add WC_ namespace to variable handling defines 2021-12-22 12:16:02 +01:00
TakayukiMatsuo cd96330f2a Integrate Renesas TSIP specific code into Renesas common logics 2021-12-22 13:18:32 +09:00
David Garske af0bcef0ef Merge pull request #4648 from embhorn/zd13365
Fix - wolfSSL_init should cleanup on failure of a component
2021-12-21 17:17:16 -08:00
Sean Parkinson bb306d14b7 Merge pull request #4643 from kareem-wolfssl/zd13328
Fix building with OPENSSL_EXTRA defined and NO_WOLFSSL_STUB not defined.
2021-12-21 08:02:17 +10:00
Anthony Hu 7d4c13b9a4 --with-liboqs now defines HAVE_LIBOQS and HAVE_PQC
AKA: The Great Rename of December 2021
2021-12-20 11:48:03 -05:00