Commit Graph

4129 Commits

Author SHA1 Message Date
Sean Parkinson 6621465433 Merge pull request #2890 from JacobBarthelmeh/Testing
set ChaCha counter state for TLS 1.3 AEAD
2020-04-09 10:28:50 +10:00
Sean Parkinson 7001599782 Another place where TLS 1.3 capable check is required 2020-04-08 11:36:47 +10:00
toddouska 6e8d3f224d Merge pull request #2888 from SparkiDev/tls13_down_rand
Fix downgrade fixed random to match spec
2020-04-07 14:22:07 -07:00
toddouska 690b546260 Merge pull request #2887 from dgarske/nodir
Fix for building with `NO_WOLFSSL_DIR`
2020-04-07 14:14:34 -07:00
toddouska b6f98a3cde Merge pull request #2886 from kaleb-himes/ZD10106
Avoid leak when HAVE_AESGCM and NO_AES_DECRYPT. Thanks to G.G. on ZD …
2020-04-07 14:13:43 -07:00
toddouska dec111722f Merge pull request #2880 from SparkiDev/tls_csr_ext_empty
GNU TLS server sends empty CSR extension
2020-04-07 13:08:21 -07:00
toddouska c002df4cce Merge pull request #2879 from ejohnstown/dtls-fix
DTLS Fix
2020-04-07 13:07:30 -07:00
toddouska 154dd552e9 Merge pull request #2877 from SparkiDev/tls_hmac_trunc
Allow use of truncated HMAC with TLS_hmac checking
2020-04-07 13:06:36 -07:00
toddouska 65cf5a0d46 Merge pull request #2802 from embhorn/zd9764
Fix for bidirectional shutdown
2020-04-07 13:03:54 -07:00
toddouska 4a4f383485 Merge pull request #2842 from julek-wolfssl/set_curve_groups_list
Check length to avoid XSTRNCMP accessing  memory after `list`
2020-04-07 13:02:18 -07:00
Jacob Barthelmeh bf332b459b set ChaCha counter state for TLS 1.3 AEAD 2020-04-07 10:36:23 -06:00
Sean Parkinson e6affa386f Fix downgrade fixed random to match spec 2020-04-07 09:42:08 +10:00
David Garske 31ea4b388c Fix for building with NO_WOLFSSL_DIR when compatibility layer is enabled. ZD 10117. 2020-04-06 10:33:16 -07:00
kaleb-himes 4ec0591e45 Avoid leak when HAVE_AESGCM and NO_AES_DECRYPT. Thanks to G.G. on ZD #10106 for the report 2020-04-06 09:43:24 -06:00
Sean Parkinson c0dc3091e1 GNU TLS server sends empty CSR extension 2020-04-03 16:03:41 +10:00
toddouska 6126aca387 Merge pull request #2874 from SparkiDev/tls13_cert_hash
When picking hash alg for ECC certs use key size
2020-04-02 09:52:10 -07:00
Juliusz Sosinowicz b1a80973dd size_t -> int 2020-04-02 18:45:53 +02:00
Sean Parkinson c48ea3f567 When picking hash alg for ECC certs use key size 2020-04-02 11:53:35 +10:00
John Safranek 04dcb8f774 DTLS Fix
If the finished message (well, next epoch handshake message) is received,
store it. Process it after a change cipher spec message.
2020-04-01 17:17:51 -07:00
Sean Parkinson e23a6b46b0 Allow use of truncated HMAC with TLS_hmac checking 2020-04-02 08:52:40 +10:00
Eric Blankenhorn 3f7ce61dbd Updates from review 2020-04-01 11:14:25 -05:00
David Garske 47d1cb8415 Changes to support IAR with position independent code (ROPI). Updated example wolfSSL IAR project to use "ropi" (Position indipendance for code and read-only data). 2020-03-31 08:17:09 -07:00
Sean Parkinson e17e064ce2 Allow setting of MTU in DTLS 2020-03-18 12:36:11 +10:00
toddouska eb6f44e491 Merge pull request #2847 from tmael/memLeak
Fix memory leak
2020-03-17 13:31:10 -07:00
Tesfa Mael a6b01904d2 Release mem during failure 2020-03-13 14:22:06 -07:00
toddouska bcc720ef68 Merge pull request #2773 from SKlimaRA/master
Coverity issues fixes.
2020-03-13 10:20:45 -07:00
toddouska 464631f920 Merge pull request #2841 from JacobBarthelmeh/Certs
add function wolfSSL_X509_NAME_ENTRY_create_by_txt
2020-03-13 10:17:52 -07:00
Tesfa Mael 452b4c03a6 Fix memory leak 2020-03-12 23:24:44 -07:00
Jacob Barthelmeh 0be0cf44e4 fix for returning NULL when text not found and add test case 2020-03-10 09:54:31 -06:00
Stanislav Klima 93326a7aeb Changed dst NULL check. 2020-03-10 09:55:27 +01:00
Jacob Barthelmeh fb0ad6532f set inital state of TLS 1.3 peerSuites structure 2020-03-09 15:13:01 -06:00
Stanislav Klima 3fcbcbf42a Revert "Logically dead code."
This reverts commit 2db62f744a.
2020-03-09 17:45:15 +01:00
toddouska ab8bfc241d Merge pull request #2833 from JacobBarthelmeh/Compatibility-Layer
compile for NO_WOLFSSL_STUB
2020-03-06 11:04:36 -08:00
Juliusz Sosinowicz fe9a876895 Check length to avoid XSTRNCMP accessing memory after list 2020-03-06 17:13:59 +01:00
Jacob Barthelmeh 1035d73a05 add function wolfSSL_X509_NAME_ENTRY_create_by_txt 2020-03-05 16:29:55 -07:00
Sean Parkinson 6fcfde0651 Fix to show the FFDHE group when negotiated 2020-03-05 12:37:49 +10:00
toddouska 9f6cf8a154 Merge pull request #2834 from dgarske/various_tls
Fix for TLS server with TLSv1.2 or less `wolfSSL_get_curve_name`
2020-03-04 16:24:28 -08:00
toddouska 9b54af199c Merge pull request #2822 from dgarske/notime_openssl
Fixes for building NO_ASN_TIME with OPENSSL_EXTRA
2020-03-04 16:22:18 -08:00
David Garske c5b4fe1283 Fix for namedGroup missing. 2020-03-03 15:35:56 -08:00
Jacob Barthelmeh bb76495233 compile for NO_WOLFSSL_STUB 2020-03-03 14:03:11 -07:00
David Garske 730c95cf38 Fix for TLS server incorrectly showing "FFDHE_2048" for "SSL curve name is" when using ECDHE and TLS v1.2 or less. The PickHashSigAlgo should be resetting ssl->namedGroup to indicate a named group was not used. 2020-03-03 09:20:58 -08:00
David Garske 4895fd7b0b Added "either" side functions for SSLv3. These are only enabled with WOLFSSL_EITHER_SIDE and WOLFSSL_ALLOW_SSLV3. ZD 9984. 2020-03-03 09:18:11 -08:00
John Safranek 127e304901 DTLS Fix
An endpoint's retransmit pool was being reset when receiving its peer's
change cipher spec message. When the finished message was lost, and
retransmits need to happen, they weren't available, so nothing happened.
Moved the reset to the finished case rather than CCS.
2020-03-01 16:43:10 -08:00
Sean Parkinson 8cccb9008b Change to work for other TLS versions
Send alert when client doesn't send a certificate on request.
2020-03-02 08:50:57 +10:00
Sean Parkinson 6334dd9cb0 Allow mutual authentication to be required for TLS 1.3 2020-03-02 08:50:57 +10:00
David Garske 92114fef75 Fixes for building NO_ASN_TIME with OPENSSL_EXTRA. Fixes #2820.
* `./configure --enable-opensslextra CFLAGS="-DNO_ASN_TIME"`
2020-02-28 09:35:17 -08:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
toddouska 3349dbc852 Merge pull request #2807 from dgarske/arg_checks
Added missing argument checks for public API's in `wolfio.c`
2020-02-27 12:03:32 -08:00
toddouska eddf4abf8e Merge pull request #2775 from embhorn/api_port
openSSL compatibility API for EVP, BIO, and SSL_SESSION
2020-02-27 11:51:21 -08:00
Sean Parkinson f568f394b1 Merge pull request #2824 from julek-wolfssl/EVP-aesgcm
Fix AES-GCM IV length in wolfSSL_EVP_CIPHER_iv_length
2020-02-27 14:06:56 +10:00