wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 21:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,238 Commits 12 Branches 184 Tags
98eda78857cfc463e8980c30fa3f989c8be08e5f
Commit Graph

8320 Commits

Author SHA1 Message Date
JacobBarthelmeh
c9bcbd8c52 fix for dead code warning CID444417 2024-12-30 16:14:28 -07:00
David Garske
8d7c60017c Merge pull request #8263 from JacobBarthelmeh/rsa_pss 
account for rsa_pss_rsae vs rsa_pss_pss type
 2024-12-28 13:47:30 -08:00
David Garske
2e8f0176c9 Merge pull request #8316 from JacobBarthelmeh/x509ref 
Up X509 refrence count and add test case
 2024-12-27 10:37:28 -08:00
JacobBarthelmeh
3ee08d81db fix for check on number of objects when free'ing and add test case 2024-12-27 08:09:03 -08:00
David Garske
5c6fdb52f1 Merge pull request #8319 from philljj/fix_coverity 
coverity: correct lock message, check fd value.
 2024-12-26 12:53:36 -08:00
JacobBarthelmeh
f57f044b39 Merge pull request #8318 from dgarske/CID444418 
Fix for finishedSz checking with TLSv1.3 and `WOLFSSL_HAVE_TLS_UNIQUE` (CID444418)
 2024-12-24 15:41:25 -07:00
jordan
c71392bb7e coverity: correct lock message, check fd value. 2024-12-24 16:31:16 -06:00
David Garske
e1baf27831 CID444418. Fix for finishSz checking with TLSv1.3 and WOLFSSL_HAVE_TLS_UNIQUE. 2024-12-24 13:38:57 -08:00
msi-debian
545257e498 CID 444416 2024-12-24 09:35:40 -07:00
JacobBarthelmeh
3aa2881cd4 account for rsa_pss_rsae vs rsa_pss_pss type 2024-12-23 23:45:33 -07:00
JacobBarthelmeh
2409971b14 Merge pull request #8224 from julek-wolfssl/dtls-server-demux 
DTLS: Add server side stateless and CID QoL API
 2024-12-23 10:01:01 -07:00
Daniel Pouzzner
ad20593569 Merge pull request #8279 from LinuxJedi/sk_push_comments 
Fix code comments for some x509.c functions
 2024-12-21 00:09:18 -06:00
Daniel Pouzzner
9d3e477b63 src/ssl.c: gate wolfSSL_dtls_set_pending_peer() on !defined(WOLFSSL_NO_SOCK), not just defined(WOLFSSL_DTLS_CID). 
tests/api.c: in test_dtls12_basic_connection_id(), omit chacha20 suites if defined(HAVE_FIPS), and fix gate on DHE-PSK-NULL-SHA256.
 2024-12-20 17:24:13 -06:00
Daniel Pouzzner
afc7e0eb8c Merge pull request #8308 from cconlon/sessTickLenCheck 
Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check
 2024-12-20 16:41:09 -06:00
JacobBarthelmeh
7cebe95138 Merge pull request #8304 from SparkiDev/regression_fixes_15 
Regression testing: fixes
 2024-12-20 11:29:15 -07:00
Chris Conlon
f68f99b000 Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check 2024-12-20 09:48:01 -07:00
Kareem
8bbe8a7c8a Fix a couple of missing bounds checks found via code analyzer. 2024-12-19 17:01:25 -07:00
Sean Parkinson
b7c1e1cf35 Regression testing: fixes 
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.

wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'

tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'

tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
 2024-12-20 09:25:03 +10:00
Sean Parkinson
00f83facb2 Merge pull request #8302 from cconlon/sessTickLenCheck 
Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side
 2024-12-20 08:44:10 +10:00
Chris Conlon
1101841b95 Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side 2024-12-19 14:26:22 -07:00
Daniel Pouzzner
994f218fcb src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL. 
configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO.
 2024-12-19 14:29:39 -06:00
Daniel Pouzzner
836ee1cbd5 Merge pull request #8298 from lealem47/zd18920 
Printing the rfc822Mailbox x509 attribute
 2024-12-18 22:19:32 -06:00
jordan
b5c47d27e0 fedora crypto-policies: initial support. 2024-12-18 16:56:36 -06:00
Juliusz Sosinowicz
9cb75ef5f8 fixup! DTLS: Add server side stateless and CID QoL API 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
fe9a5fcd42 fixup! Code review and jenkins fixes 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
faa7b8dfaa wolfSSLReceive: Error return on interrupted connection 
Interrupted connection should return control to the user since they may want to handle the signal that caused the interrupt. Otherwise, we might never give back control to the user (the timeout would error out but that causes a big delay).

socat.yml: in test 475, the test would send a SIGTERM after 3 seconds. We would continue to ignore this signal and continue to call `recvfrom`. Instead we should error out and give control back to the user.
 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
a1ee953411 Protect peer access when WOLFSSL_RW_THREADED 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
4795e0d920 Refactor dtls pending peer processing 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
3ded2bc05d Code review and jenkins fixes 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
71337d2959 Client TLS: Set traffic decrypt keys when parsing Finished 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
daa57c492d DTLS: Add server side stateless and CID QoL API 
- wolfDTLS_accept_stateless - statelessly listen for incoming connections
- wolfSSL_inject - insert data into WOLFSSL object
- wolfSSL_SSL(Enable|Disable)Read - enable/disable reading from IO
- wolfSSL_get_wfd - get the write side file descriptor
- wolfSSL_dtls_set_pending_peer - set the pending peer that will be upgraded to regular peer when we successfully de-protect a DTLS record
- wolfSSL_dtls_get0_peer - zero copy access to the peer address
- wolfSSL_is_stateful - boolean to check if we have entered stateful processing
- wolfSSL_dtls_cid_get0_rx - zero copy access to the rx cid
- wolfSSL_dtls_cid_get0_tx - zero copy access to the tx cid
- wolfSSL_dtls_cid_parse - extract cid from a datagram/message
 2024-12-18 09:31:24 +01:00
Lealem Amedie
651dab3dbf Printing the rfc822Mailbox x509 attribute 2024-12-17 15:39:23 -07:00
David Garske
356889a528 Add --disable-tls option that can be used with --enable-all to disable TLS features and set NO_TLS. Useful for allowing certificate manager and crypto compatibility API's only. 2024-12-17 13:40:03 -08:00
David Garske
6151160e58 Further fixes with NO_TLS to support use with compatibility layer. 2024-12-17 09:24:38 -08:00
David Garske
a2b5da8651 Fix nested NO_TLS. 2024-12-17 08:33:33 -08:00
David Garske
14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
Daniel Pouzzner
22e95081cd Merge pull request #8181 from gojimmypi/dev-compiler-message 
Initialize vars & change types to appease Windows/VS
 2024-12-16 23:19:05 -06:00
Sean Parkinson
e3876fcab7 Merge pull request #8287 from JacobBarthelmeh/sigfault 
fix for sig fault harden build
 2024-12-16 09:04:29 +10:00
JacobBarthelmeh
d7e40e7413 Merge pull request #8264 from dgarske/various_20241206 
Various cleanups and fixes
 2024-12-13 13:48:10 -07:00
JacobBarthelmeh
68e85ef33a Merge pull request #8252 from anhu/use_srtp_retcode 
wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 up…
 2024-12-13 13:35:49 -07:00
JacobBarthelmeh
a22176af40 fix for sig fault harden build 2024-12-13 10:34:23 -07:00
Kareem
d4af181593 Add support for the RFC822 Mailbox attribute. 2024-12-12 12:37:32 -07:00
Andrew Hutchings
8ecbd3479e Fix code comments for some x509.c functions 
The return of `wolfSSL_sk_push` was changed, but some of the functions
that use it did not have their return comments updated appropriately.
 2024-12-12 16:21:16 +00:00
Daniel Pouzzner
88241f1a2c Merge pull request #8267 from ColtonWilley/pkcs11_cert_support 
PKCS11 cert support
 2024-12-11 16:04:58 -06:00
Colton Willey
2039d6371f Remove redundant NULL check 2024-12-11 12:25:35 -08:00
Daniel Pouzzner
2ea2e6bf59 Merge pull request #8233 from ColtonWilley/x509_store_add_cert_ref_count 
Use proper ref count handling when adding to x509 store
 2024-12-11 11:54:29 -06:00
Colton Willey
0c20a20acc Use char instead of sword8, sanity length check on CKA_VALUE 2024-12-09 16:09:04 -08:00
Colton Willey
0cda59e00e Add support for cert format in get cert crypto callback 2024-12-09 14:32:02 -08:00
Colton Willey
c83c9e68c9 Updates per review comments 2024-12-09 13:10:32 -08:00
Daniel Pouzzner
e248d8499a move !defined(EXTERNAL_OPTS_OPENVPN) assert from src/internal.c to wolfssl/wolfcrypt/types.h with refinements; refine logic+message of assert in wolfssl/wolfcrypt/settings.h re "wolfssl/options.h included in compiled wolfssl library object..". 2024-12-09 15:02:41 -06:00