Commit Graph

6334 Commits

Author SHA1 Message Date
David Garske 644050a736 Merge pull request #5329 from douzzer/20220706-fips-and-aarch64-fixes
20220706-fips-and-aarch64-fixes
2022-07-06 18:39:38 -07:00
Daniel Pouzzner eff4fe398b src/include.am: fix gating around sha* and BUILD_ARMASM, to avoid empty-translation-unit warnings for sha{256,512}.c on armasm builds. 2022-07-06 17:37:43 -05:00
Kareem 44a49aeefa Fix potentially uninitialized variables in Dtls13SetRecordNumberKeys. 2022-07-06 13:45:15 -07:00
Kareem c8f5bd3d61 Fix storage of SendBuffered's return code in wolfSSL_Connect. Store in ret initially, only store in ssl->error if there's an error. This matches the logic in wolfSSL_accept. 2022-07-06 12:09:47 -07:00
David Garske b2d1bf96ed Merge pull request #5276 from rizlik/dtls13_client_downgrade
Dtls: improve version negotiation
2022-07-06 11:57:53 -07:00
David Garske a7fa7875e4 Merge pull request #5244 from julek-wolfssl/wpas-dpp
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
2022-07-06 11:35:52 -07:00
Marco Oliverio df7e81d187 dtls: support version negotiation 2022-07-06 16:18:44 +02:00
Marco Oliverio 8fe3f51ecb dtls13: client: recompute transcript hash on downgrade
If a lower version is negotiated, the transcript hash must be recomputed using
the <= v1.2 rules.
2022-07-06 16:18:44 +02:00
Marco Oliverio 5d74c49ecb dtls13: allow processing of HelloVerifyRequest to support downgrade
HelloVerifyRequest is used in DTLSv1.2 to perform a return routability check, so
it can be the legitim reply from a DTLSv1.2 server to a ClientHello.
2022-07-06 16:18:44 +02:00
Juliusz Sosinowicz 9b085a44be sessionSecretCb should only be called when a ticket is present 2022-07-06 15:08:57 +02:00
Juliusz Sosinowicz 63b4c475d4 wolfSSL_set_session_secret_cb: fix for NULL input 2022-07-06 14:23:08 +02:00
Juliusz Sosinowicz ef73409fd4 TLSX_COOKIE is only defined with WOLFSSL_SEND_HRR_COOKIE 2022-07-06 10:04:15 +02:00
David Garske 9a256ca002 Merge pull request #5288 from haydenroche5/openldap
Add --enable-openldap option to configure.ac.
2022-07-05 16:04:51 -07:00
David Garske 08488b0fae Merge pull request #5318 from embhorn/gh5314
Fix typos and bad macro names
2022-07-05 12:34:35 -07:00
Hayden Roche f5a5d4ada5 Enhance OpenLDAP support.
- Add --enable-openldap to configure.ac
- Fix some issues around subject alt names and the WOLFSSL_GENERAL_NAME struct.
2022-07-05 10:40:07 -07:00
Eric Blankenhorn 394f36a0d7 Fix typos and bad macro names 2022-07-05 10:31:11 -05:00
Juliusz Sosinowicz 20e5c98b2c Error out when server indicates resumption but does full handshake 2022-07-05 09:42:39 +02:00
Juliusz Sosinowicz fd7bf8d04d Do resuming check as soon as we get a non-resumption msg 2022-07-05 08:49:00 +02:00
Juliusz Sosinowicz 10c8a1668e Reset cookie when resetting DTLS 1.3 state 2022-07-04 12:52:25 +02:00
Juliusz Sosinowicz a8adde66c8 Use wc_HmacInit and wc_HmacFree in cookie logic 2022-07-04 12:51:50 +02:00
David Garske 00391a5ace Rename callback to wolfDTLS_SetChGoodCb and add doxygen for it. Clarify DTLS_CTX.connected. Fix build errors for ./configure --enable-dtls --enable-dtls13 --disable-examples CFLAGS="-DNO_WOLFSSL_SERVER". 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz 7ea13bf5bf Apply connected to sendto and address code review 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz dd7073740b DTLS 1.3: tie cookie to peer address 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz afdd5648aa Address code review 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz d72edd03b8 dtls: wolfSSL_set_dtls_fd_connected
wolfSSL_set_dtls_fd_connected sets the connected socket file descriptor. This descriptor should be called without addr and addr_len.
2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz c6aa4fc526 DTLS 1.3: allow the server to operate without maintaining state 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz 8fb48464e3 Add callback when we parse a verified ClientHello 2022-07-04 11:08:39 +02:00
Sean Parkinson 7b9c214b3c Merge pull request #4985 from kareem-wolfssl/iarWarningsFix
Fix compilation warnings from IAR.
2022-07-04 08:23:26 +10:00
Kareem 96aedc2f47 Fix SetCurve max sizes. Add fix for potentially uninitialized type in ProcessReplyEx. 2022-07-01 13:18:33 -07:00
David Garske bd75e1d6a4 Merge pull request #5307 from kareem-wolfssl/miscfixes2
Fix a couple of STM32 bugs, and add some missing mutex frees.
2022-07-01 09:46:22 -07:00
David Garske 0459e83a59 Merge pull request #5310 from SparkiDev/memusage_fix_1
TLS memusage: reduce usage
2022-07-01 09:13:05 -07:00
Sean Parkinson 7d58dc5678 TLS memusage: reduce usage
Reduce the amount allocated to reduce maximum overall dynamic memory
usage.
Rework ServerKeyExchange by extracting the handling of the signed data.
2022-07-01 14:24:59 +10:00
Kareem b2e7f4a8eb Fix cast spacing. Don't cast in wolfSSL_X509_set_version, check is valid as is. 2022-06-30 16:26:43 -07:00
Kareem 7555cd0685 Fix a couple of STM32 bugs, and add some missing mutex frees. 2022-06-30 16:11:16 -07:00
Daniel Pouzzner 2bdcbcc8be src/tls13.c: fix whitespace. 2022-06-30 17:17:50 -05:00
Daniel Pouzzner 4f6527353b src/{pk.c,x509.c}: style/clarity cleanups from dgarske. 2022-06-30 17:07:35 -05:00
Daniel Pouzzner 1a9388b935 src/pk.c: fix misuses around snprintf(). 2022-06-30 17:07:35 -05:00
Daniel Pouzzner 28213ad198 src/x509.c: fix wolfSSL_X509_signature_print() to print raw signature algorithm as hex digits, not as an (unprintable) string; fix printed-null bug in wolfSSL_X509_NAME_print_ex() (relates particularly to calls from wolfSSL_X509_NAME_print_ex_fp()). 2022-06-30 17:07:35 -05:00
Daniel Pouzzner 5bd8288b37 fix printed-null bug in wolfssl_print_number(). 2022-06-30 17:07:35 -05:00
Chris Conlon 867a1f7afa Merge pull request #5289 from TakayukiMatsuo/tls13 2022-06-30 15:49:53 -06:00
Kareem e09bbb1989 Fix compilation warnings from IAR. 2022-06-30 14:30:06 -07:00
TakayukiMatsuo ba19737627 Add support for TLS1.3 2022-06-30 23:00:05 +09:00
Sean Parkinson 1ba9ea9759 Fix mismatched dynamic types 2022-06-30 13:00:57 +10:00
Sean Parkinson f2acaa8ee9 Merge pull request #5242 from SKlimaRA/SKlimaRA/strict-verification
zd14249
2022-06-30 08:19:42 +10:00
Kaleb Himes 2257030792 Merge pull request #5296 from dgarske/sniffer
Sniffer fixes (async TLS v1.3, async removal of `WC_HW_WAIT_E` and sanitize leak)
2022-06-29 09:16:54 -07:00
David Garske d76c46a96f Fix for sniffer async issue with TLS v1.3. 2022-06-28 16:01:06 -07:00
Sean Parkinson 092b37f709 Merge pull request #5287 from haydenroche5/aes_ctr_clear_left_on_iv_set
Clear the leftover byte count in Aes struct when setting IV.
2022-06-29 08:30:01 +10:00
David Garske e49f07694e Fix for sniffer possible malloc of zero size causing a -fsanitize=address leak report. 2022-06-28 12:54:25 -07:00
David Garske 5ade360d9e Fix to avoid using WC_HW_WAIT_E for sniffer. ZD14398 2022-06-28 12:38:57 -07:00
David Garske b84b808b1b Merge pull request #5167 from ejohnstown/cac-ext
Add support for some FPKI certificate cases, UUID, FASC-N, PIV extension
2022-06-27 09:06:15 -07:00