wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 22:02:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,080 Commits 12 Branches 184 Tags
99d60a07817fca44261a92c8be226bfd4acd863d
Commit Graph

6561 Commits

Author SHA1 Message Date
JacobBarthelmeh
e867f0d312 Merge pull request #5574 from haydenroche5/ecc_nb_tls 
Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer.
 2022-09-12 16:24:00 -06:00
Sean Parkinson
375b9c1a59 TLS 1.3 Middle-Box compat: fix missing brace 2022-09-12 13:11:49 +10:00
JacobBarthelmeh
fa6bc79f8b Merge pull request #5578 from douzzer/20220909-fixes 
20220909-fixes
 2022-09-09 16:37:35 -06:00
Daniel Pouzzner
0603031362 fix whitespace in wolfssl/wolfcrypt/settings.h; 
fix bugprone-macro-parentheses in wolfssl/ssl.h;

fix pointerOutOfBounds and declaration-after-statement in src/internal.c DtlsMsgAssembleCompleteMessage().
 2022-09-09 15:25:06 -05:00
JacobBarthelmeh
757a18ab7e Merge pull request #5496 from SKlimaRA/SKlimaRA/SetCipherListBytes 
Support for setting cipher list with bytes
 2022-09-09 13:42:51 -06:00
David Garske
23ba1e7e98 Minor cleanups. Gate these API's on OPENSSL_EXTRA or WOLFSSL_SET_CIPHER_BYTES to keep code size reduced. 2022-09-09 10:49:49 -07:00
JacobBarthelmeh
6526ffc5f8 Merge pull request #5567 from haydenroche5/hmac_sha1_fix 
Fix HMAC compat layer function for SHA-1.
 2022-09-09 09:45:21 -06:00
Hayden Roche
226a8b676d Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer. 
This requires the async code.
 2022-09-08 11:34:59 -07:00
David Garske
52653c654d Merge pull request #5571 from julek-wolfssl/sk-cmp-param-fix 
Set correct types in wolfSSL_sk_*_new functions
 2022-09-08 08:47:20 -07:00
David Garske
64376d4d9e Merge pull request #5555 from julek-wolfssl/dtls-fragment-buckets 
Don't over-allocate memory for DTLS fragments
 2022-09-08 07:46:04 -07:00
Juliusz Sosinowicz
28af88788a Set correct types in wolfSSL_sk_*_new functions 
- Use WOLF_SK_COMPARE_CB() to generate the correct types instead of using void* for the callback parameters.
- Remove WOLFSSL_STACK.comp entirely since it is not used anywhere. Ignore input parameters that used to set this member.
 2022-09-08 11:55:32 +02:00
Hayden Roche
18450eb94b Fix HMAC compat layer function for SHA-1. 
This function would only accept the string "SHA" for SHA-1-based HMAC, but it
should also accept "SHA1." This is similar to how wolfSSL_EVP_get_digestbyname
allows both "SHA" and "SHA1." We didn't have a test for this in api.c. I added
one, and it failed before my fix here.
 2022-09-07 15:25:31 -07:00
Juliusz Sosinowicz
28895ed0cd Use a union and struct for padding in DtlsFragBucket 
Zero length arrays are not allowed so `byte padding[0]` is not a valid member. Changed to use a union and struct instead.
 2022-09-07 13:04:26 +02:00
Juliusz Sosinowicz
8bf3e0829e Don't over-allocate memory for DTLS fragments 
Don't reserve the full message length of memory. Instead we only allocate memory for the fragments that we have already received. We also dynamically combine memory fragments when we receive overlap.
 2022-09-07 13:04:06 +02:00
David Garske
d72b401e8e Merge pull request #5545 from icing/evp_chacha 
Add ChaCha20 as available cipher in the EVP API.
 2022-09-06 10:42:54 -07:00
David Garske
e2de8f3b6c Merge pull request #5554 from rizlik/dtls_cid_fix 
fix: dtls13: do not negotiate ConnectionID in HelloRetryRequest
 2022-09-06 09:28:25 -07:00
Stefan Eissing
9f47999002 Add ChaCha20 as available cipher in the EVP API. 
- wire the wc_ChaCha_* implementation into the EVP API
  as `wolfSSL_EVP_chacha20`
- follow IV conversions of OpenSSL
- add test case
- have QUIC support use this for header protection when
  CHACHA20_POLY1305 has been negotiated in the handshake.
 2022-09-06 10:06:02 +02:00
David Garske
483d7189c7 Merge pull request #5512 from SparkiDev/tls13_64bit_milli 
Make time in milliseconds 64-bits
 2022-09-05 16:19:03 -07:00
Sean Parkinson
e7dbb5b375 Merge pull request #5548 from dgarske/whitespace 
Whitespace cleanup
 2022-09-06 07:54:29 +10:00
Marco Oliverio
aee81764f2 fix: dtls13: do not negotiate ConnectionID in HelloRetryRequest 2022-09-05 17:00:09 +02:00
kaleb-himes
49065373aa Merge branch 'fix_sha256_debug' of github.com:gojimmypi/wolfssl 2022-09-04 19:26:38 -06:00
Sean Parkinson
b95df7529c Improve usage of 64-bit implementation of TimeNowInMilli 
Change to use 64-bits for types stored - use WOLFSSL_32BIT_MILLI_TIME if
a 64-bit type is not available.
TimeNowInMill() returns 0 on error instead of GETTIME_ERROR.
 2022-09-05 10:47:25 +10:00
David Garske
aa036b6ea4 Merge pull request #5532 from anhu/sphincs 
Add sphincs to wolfCrypt.
 2022-09-02 11:56:11 -07:00
David Garske
232a750cc2 Whitespace cleanup. 2022-09-02 09:54:17 -07:00
David Garske
4a8a11315b Merge pull request #5536 from SparkiDev/sha3_x64 
SHA-3 improvements
 2022-09-02 09:46:14 -07:00
JacobBarthelmeh
8ca63b93a4 Merge pull request #5539 from dgarske/ocsp_async 
Fix for async with OCSP non-blocking in `ProcessPeerCerts`
 2022-09-02 10:42:09 -06:00
David Garske
11bb8b3dc4 Merge pull request #5543 from SparkiDev/rsa_max_size_fix 
RSA max key size checks
 2022-09-02 09:26:19 -07:00
Anthony Hu
10ce703d71 Add sphincs to wolfCrypt. 
Note that we will not support sphincs in TLS so nothing above wolfcrypt changes.
 2022-09-02 11:53:55 -04:00
Sean Parkinson
daadd4a1b7 Merge pull request #5540 from dgarske/socksz 
Fixes for building with 32-bit and socket size sign/unsigned mismatch
 2022-09-02 16:33:41 +10:00
Sean Parkinson
3bf6baf596 RSA max key size checks 
Detect when certificate's RSA public key size is too big and fail on
loading of certificate.
Fix unit test to only attempt to use 3072 bit RSA-PSS keys when
RSA_MAX_SIZE supports it.
 2022-09-02 10:37:12 +10:00
Sean Parkinson
23fd6456c2 Merge pull request #5534 from dgarske/zd14420 
Fix for async session tickets
 2022-09-02 08:50:35 +10:00
Sean Parkinson
ef451d316c Make time in milliseconds 64-bits 
Allow for longer session ticket lives.
 2022-09-02 08:45:07 +10:00
David Garske
f530101ef1 Fix for async with OCSP non-blocking in ProcessPeerCerts. ZD 14754. 2022-09-01 14:39:52 -07:00
David Garske
2695f36642 Fixes for building with 32-bit and socket size sign/unsigned mismatch. 
Tested with: `./configure --enable-all CFLAGS="-m32 -DXSOCKLENT=int" LDFLAGS="-m32" && make`
 2022-09-01 11:39:34 -07:00
Marco Oliverio
401cfbd8e4 dtls13: enable hrr cookie by default 2022-09-01 09:37:35 +02:00
Marco Oliverio
edd723cc84 ssl: add new wolfSSL_disable_hrr_cookie() API to disable hrr cookie 
Add a way to disable hrr cookie so it can be enabled by default for DTLS
connections.
 2022-09-01 09:37:34 +02:00
Sean Parkinson
ce8959ea77 SHA-3 improvements 
Add x86_64 assembly code:
  - BMI2
  - AVX2 (using ymm, slower than BMI2)
  - AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
 2022-09-01 17:11:58 +10:00
David Garske
db6d69143e Merge pull request #5533 from lealem47/crlPrintFix 
Add missing DN nid to work with PrintName()
 2022-08-31 18:32:55 -07:00
David Garske
96ab26e6e9 Fix for async session tickets. ZD14420 
```
./configure --enable-all --enable-asynccrypt CFLAGS="-DWOLFSSL_NO_DEF_TICKET_ENC_CB" && make
./examples/server/server -v 4 -r &
./examples/client/client -v 4 -r
```
 2022-08-31 15:28:49 -07:00
Lealem Amedie
2df1c25263 Add missing DN nid to work with PrintName() 2022-08-31 15:18:12 -07:00
David Garske
b1301d9dc4 Merge pull request #5518 from CallumMcLoughlin/master 
Allow Post Quantum Keyshare for DTLS 1.3
 2022-08-31 12:29:08 -07:00
David Garske
8722a46d52 Merge pull request #5503 from julek-wolfssl/dtls-fragments 
DTLS limit fragments
 2022-08-31 09:53:09 -07:00
Juliusz Sosinowicz
54bd786707 DTLS limit fragments 
- Limit the amount of fragments we store per a DTLS connection
- Error out when we reach the DTLS fragment connection limit
 2022-08-31 14:24:20 +02:00
CallumMcLoughlin
43388186bb Tidy up TLS 1.3 and DTLS 1.3 check 2022-08-30 19:59:36 +12:00
gojimmypi
1afc92dd7b internal.c: WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash when WOLFSSL_DEBUG_TLS 2022-08-29 17:06:52 -07:00
David Garske
a7f86f9473 Merge pull request #5517 from JacobBarthelmeh/Testing 
misc. testing items from static analysis tools
 2022-08-29 08:48:51 -07:00
Juliusz Sosinowicz
88deaf9b5c SNI can appear in ServerHello for TLS 1.2 
Co-authored-by: Eric Blankenhorn <eric@wolfssl.com>
 2022-08-29 14:22:10 +02:00
CallumMcLoughlin
91d3cd7111 Allow Post Quantum Keyshare for DTLS 1.3 2022-08-28 17:35:28 +12:00
JacobBarthelmeh
1e673aee3b scan-build warning fix 2022-08-26 16:29:11 -07:00
David Garske
1976601811 Merge pull request #5505 from julek-wolfssl/dtls-plaintext 
Ignore plaintext on established connections
 2022-08-25 07:25:03 -07:00