David Garske
|
644050a736
|
Merge pull request #5329 from douzzer/20220706-fips-and-aarch64-fixes
20220706-fips-and-aarch64-fixes
|
2022-07-06 18:39:38 -07:00 |
|
Daniel Pouzzner
|
eff4fe398b
|
src/include.am: fix gating around sha* and BUILD_ARMASM, to avoid empty-translation-unit warnings for sha{256,512}.c on armasm builds.
|
2022-07-06 17:37:43 -05:00 |
|
Kareem
|
44a49aeefa
|
Fix potentially uninitialized variables in Dtls13SetRecordNumberKeys.
|
2022-07-06 13:45:15 -07:00 |
|
Kareem
|
c8f5bd3d61
|
Fix storage of SendBuffered's return code in wolfSSL_Connect. Store in ret initially, only store in ssl->error if there's an error. This matches the logic in wolfSSL_accept.
|
2022-07-06 12:09:47 -07:00 |
|
David Garske
|
b2d1bf96ed
|
Merge pull request #5276 from rizlik/dtls13_client_downgrade
Dtls: improve version negotiation
|
2022-07-06 11:57:53 -07:00 |
|
David Garske
|
a7fa7875e4
|
Merge pull request #5244 from julek-wolfssl/wpas-dpp
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
|
2022-07-06 11:35:52 -07:00 |
|
Marco Oliverio
|
df7e81d187
|
dtls: support version negotiation
|
2022-07-06 16:18:44 +02:00 |
|
Marco Oliverio
|
8fe3f51ecb
|
dtls13: client: recompute transcript hash on downgrade
If a lower version is negotiated, the transcript hash must be recomputed using
the <= v1.2 rules.
|
2022-07-06 16:18:44 +02:00 |
|
Marco Oliverio
|
5d74c49ecb
|
dtls13: allow processing of HelloVerifyRequest to support downgrade
HelloVerifyRequest is used in DTLSv1.2 to perform a return routability check, so
it can be the legitim reply from a DTLSv1.2 server to a ClientHello.
|
2022-07-06 16:18:44 +02:00 |
|
Juliusz Sosinowicz
|
9b085a44be
|
sessionSecretCb should only be called when a ticket is present
|
2022-07-06 15:08:57 +02:00 |
|
Juliusz Sosinowicz
|
63b4c475d4
|
wolfSSL_set_session_secret_cb: fix for NULL input
|
2022-07-06 14:23:08 +02:00 |
|
Juliusz Sosinowicz
|
ef73409fd4
|
TLSX_COOKIE is only defined with WOLFSSL_SEND_HRR_COOKIE
|
2022-07-06 10:04:15 +02:00 |
|
David Garske
|
9a256ca002
|
Merge pull request #5288 from haydenroche5/openldap
Add --enable-openldap option to configure.ac.
|
2022-07-05 16:04:51 -07:00 |
|
David Garske
|
08488b0fae
|
Merge pull request #5318 from embhorn/gh5314
Fix typos and bad macro names
|
2022-07-05 12:34:35 -07:00 |
|
Hayden Roche
|
f5a5d4ada5
|
Enhance OpenLDAP support.
- Add --enable-openldap to configure.ac
- Fix some issues around subject alt names and the WOLFSSL_GENERAL_NAME struct.
|
2022-07-05 10:40:07 -07:00 |
|
Eric Blankenhorn
|
394f36a0d7
|
Fix typos and bad macro names
|
2022-07-05 10:31:11 -05:00 |
|
Juliusz Sosinowicz
|
20e5c98b2c
|
Error out when server indicates resumption but does full handshake
|
2022-07-05 09:42:39 +02:00 |
|
Juliusz Sosinowicz
|
fd7bf8d04d
|
Do resuming check as soon as we get a non-resumption msg
|
2022-07-05 08:49:00 +02:00 |
|
Juliusz Sosinowicz
|
10c8a1668e
|
Reset cookie when resetting DTLS 1.3 state
|
2022-07-04 12:52:25 +02:00 |
|
Juliusz Sosinowicz
|
a8adde66c8
|
Use wc_HmacInit and wc_HmacFree in cookie logic
|
2022-07-04 12:51:50 +02:00 |
|
David Garske
|
00391a5ace
|
Rename callback to wolfDTLS_SetChGoodCb and add doxygen for it. Clarify DTLS_CTX.connected. Fix build errors for ./configure --enable-dtls --enable-dtls13 --disable-examples CFLAGS="-DNO_WOLFSSL_SERVER".
|
2022-07-04 11:08:39 +02:00 |
|
Juliusz Sosinowicz
|
7ea13bf5bf
|
Apply connected to sendto and address code review
|
2022-07-04 11:08:39 +02:00 |
|
Juliusz Sosinowicz
|
dd7073740b
|
DTLS 1.3: tie cookie to peer address
|
2022-07-04 11:08:39 +02:00 |
|
Juliusz Sosinowicz
|
afdd5648aa
|
Address code review
|
2022-07-04 11:08:39 +02:00 |
|
Juliusz Sosinowicz
|
d72edd03b8
|
dtls: wolfSSL_set_dtls_fd_connected
wolfSSL_set_dtls_fd_connected sets the connected socket file descriptor. This descriptor should be called without addr and addr_len.
|
2022-07-04 11:08:39 +02:00 |
|
Juliusz Sosinowicz
|
c6aa4fc526
|
DTLS 1.3: allow the server to operate without maintaining state
|
2022-07-04 11:08:39 +02:00 |
|
Juliusz Sosinowicz
|
8fb48464e3
|
Add callback when we parse a verified ClientHello
|
2022-07-04 11:08:39 +02:00 |
|
Sean Parkinson
|
7b9c214b3c
|
Merge pull request #4985 from kareem-wolfssl/iarWarningsFix
Fix compilation warnings from IAR.
|
2022-07-04 08:23:26 +10:00 |
|
Kareem
|
96aedc2f47
|
Fix SetCurve max sizes. Add fix for potentially uninitialized type in ProcessReplyEx.
|
2022-07-01 13:18:33 -07:00 |
|
David Garske
|
bd75e1d6a4
|
Merge pull request #5307 from kareem-wolfssl/miscfixes2
Fix a couple of STM32 bugs, and add some missing mutex frees.
|
2022-07-01 09:46:22 -07:00 |
|
David Garske
|
0459e83a59
|
Merge pull request #5310 from SparkiDev/memusage_fix_1
TLS memusage: reduce usage
|
2022-07-01 09:13:05 -07:00 |
|
Sean Parkinson
|
7d58dc5678
|
TLS memusage: reduce usage
Reduce the amount allocated to reduce maximum overall dynamic memory
usage.
Rework ServerKeyExchange by extracting the handling of the signed data.
|
2022-07-01 14:24:59 +10:00 |
|
Kareem
|
b2e7f4a8eb
|
Fix cast spacing. Don't cast in wolfSSL_X509_set_version, check is valid as is.
|
2022-06-30 16:26:43 -07:00 |
|
Kareem
|
7555cd0685
|
Fix a couple of STM32 bugs, and add some missing mutex frees.
|
2022-06-30 16:11:16 -07:00 |
|
Daniel Pouzzner
|
2bdcbcc8be
|
src/tls13.c: fix whitespace.
|
2022-06-30 17:17:50 -05:00 |
|
Daniel Pouzzner
|
4f6527353b
|
src/{pk.c,x509.c}: style/clarity cleanups from dgarske.
|
2022-06-30 17:07:35 -05:00 |
|
Daniel Pouzzner
|
1a9388b935
|
src/pk.c: fix misuses around snprintf().
|
2022-06-30 17:07:35 -05:00 |
|
Daniel Pouzzner
|
28213ad198
|
src/x509.c: fix wolfSSL_X509_signature_print() to print raw signature algorithm as hex digits, not as an (unprintable) string; fix printed-null bug in wolfSSL_X509_NAME_print_ex() (relates particularly to calls from wolfSSL_X509_NAME_print_ex_fp()).
|
2022-06-30 17:07:35 -05:00 |
|
Daniel Pouzzner
|
5bd8288b37
|
fix printed-null bug in wolfssl_print_number().
|
2022-06-30 17:07:35 -05:00 |
|
Chris Conlon
|
867a1f7afa
|
Merge pull request #5289 from TakayukiMatsuo/tls13
|
2022-06-30 15:49:53 -06:00 |
|
Kareem
|
e09bbb1989
|
Fix compilation warnings from IAR.
|
2022-06-30 14:30:06 -07:00 |
|
TakayukiMatsuo
|
ba19737627
|
Add support for TLS1.3
|
2022-06-30 23:00:05 +09:00 |
|
Sean Parkinson
|
1ba9ea9759
|
Fix mismatched dynamic types
|
2022-06-30 13:00:57 +10:00 |
|
Sean Parkinson
|
f2acaa8ee9
|
Merge pull request #5242 from SKlimaRA/SKlimaRA/strict-verification
zd14249
|
2022-06-30 08:19:42 +10:00 |
|
Kaleb Himes
|
2257030792
|
Merge pull request #5296 from dgarske/sniffer
Sniffer fixes (async TLS v1.3, async removal of `WC_HW_WAIT_E` and sanitize leak)
|
2022-06-29 09:16:54 -07:00 |
|
David Garske
|
d76c46a96f
|
Fix for sniffer async issue with TLS v1.3.
|
2022-06-28 16:01:06 -07:00 |
|
Sean Parkinson
|
092b37f709
|
Merge pull request #5287 from haydenroche5/aes_ctr_clear_left_on_iv_set
Clear the leftover byte count in Aes struct when setting IV.
|
2022-06-29 08:30:01 +10:00 |
|
David Garske
|
e49f07694e
|
Fix for sniffer possible malloc of zero size causing a -fsanitize=address leak report.
|
2022-06-28 12:54:25 -07:00 |
|
David Garske
|
5ade360d9e
|
Fix to avoid using WC_HW_WAIT_E for sniffer. ZD14398
|
2022-06-28 12:38:57 -07:00 |
|
David Garske
|
b84b808b1b
|
Merge pull request #5167 from ejohnstown/cac-ext
Add support for some FPKI certificate cases, UUID, FASC-N, PIV extension
|
2022-06-27 09:06:15 -07:00 |
|