Commit Graph

9037 Commits

Author SHA1 Message Date
David Garske 1744c11686 Merge pull request #9570 from kareem-wolfssl/variousFixes
Add SSL_get_rfd and SSL_get_wfd.  Various documentation updates.
2025-12-26 07:47:17 -08:00
Daniel Pouzzner f4f4c7cfae src/ssl.c: fix clang-analyzer-deadcode.DeadStores in check_cert_key(). 2025-12-24 17:49:33 -06:00
David Garske 2354ea196b Merge pull request #9513 from rizlik/dtls_header_fix
fix DTLS header headroom accounting
2025-12-23 17:20:12 -08:00
David Garske 0fae0a7ba6 Merge pull request #9397 from rizlik/earlydata_want_write_fixes
wolfssl: preserve early-data handling across WANT_WRITE retries
2025-12-23 17:19:39 -08:00
David Garske 57ef8a7caf Merge pull request #9574 from anhu/dtls_guard
Guard a bit of DTLS code.
2025-12-23 15:03:46 -08:00
Marco Oliverio 149bf19b4c split overlong line 2025-12-23 23:41:52 +01:00
Marco Oliverio 2e63845531 use wolfssl_local as local functions prefix 2025-12-23 23:39:07 +01:00
Marco Oliverio bafb8e56d5 use wolfssl_local_ as local functions prefix 2025-12-23 23:32:08 +01:00
David Garske d36bfabe18 Merge pull request #9560 from JacobBarthelmeh/clang
fix for shadows global declaration warning
2025-12-23 08:54:50 -08:00
David Garske 9de98cee73 Merge pull request #9569 from kareem-wolfssl/gh8152
Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
2025-12-23 08:53:51 -08:00
David Garske 70165c517b Merge pull request #9571 from mattia-moffa/20251222-sniffer-uint-underflow-vuln
Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM
2025-12-23 08:37:50 -08:00
Sean Parkinson b766f11e7b TLS 1.3, plaintext alert: ignore when expecting encrypted
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
2025-12-23 09:09:06 +10:00
Anthony Hu cb2a80bf53 Guard a bit of DTLS code. 2025-12-22 17:05:47 -05:00
Mattia Moffa ca78994298 Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM 2025-12-22 16:13:27 +01:00
Marco Oliverio 29d8fa7cb6 tls13: fix indentation alignment 2025-12-22 13:45:34 +01:00
Marco Oliverio 8cbc4047df internal: rename to use wolfssl internal prefix 2025-12-22 13:41:33 +01:00
Marco Oliverio aa4fb5d3e5 internal: GetMaxPlainTextSize: precise pad size when adjusting for MTU 2025-12-22 13:41:33 +01:00
Marco Oliverio 1200efdeb3 internal: GetRecordSize: precise header computation on fallback path 2025-12-22 13:41:33 +01:00
Marco Oliverio 75e7d5e9bd fix: split message > MTU on WOLFSSL_NO_DTLS_SIZE_CHECK 2025-12-22 12:49:31 +01:00
Marco Oliverio 14b124769a use wolfssl internal prefix for MaybeCheckAlertOnErr 2025-12-22 10:04:50 +01:00
Marco Oliverio 12c2cdafaf rename wolfSSL_MaybeCheckAlertOnErr in wolfMaybeCheckAlertOnErr 2025-12-22 09:51:06 +01:00
Marco Oliverio f4c48c19c1 fix: abide unused arguments when WOLFSSL_CHECK_ALER_ON_ERR is disabled 2025-12-22 09:51:06 +01:00
Marco Oliverio 38d8eb6f0d address reviewer's comments 2025-12-22 09:51:06 +01:00
Marco Oliverio 57282140a9 WOLFSSL_CHECK_ALERT_ON_ERR: ignore non fatal errors 2025-12-22 09:51:06 +01:00
Marco Oliverio 093d77727b early_data: avoid resetting ssl->earlyData after WANT_WRITE retry 2025-12-22 09:51:06 +01:00
Marco Oliverio a1c8790039 wolfssl: preserve early-data handling across WANT_WRITE retries
The early-data logic setups "early" exits in Accept/Connect state machine so
that the data exchanged during the handshake can be delivered to the
caller.

After the caller process the data, it usually calls Accept/Connect again
to cotinue the handshake.

Under non-blocking I/O there is the chance that these early exits are
skipped, this commit fixes that.

Server-side accept (TLS 1.3/DTLS 1.3) could skip the early-data shortcut
whenever sending the Finished flight first hit WANT_WRITE: when Accept
is called again and the data is eventually flushed into the I/O layer
the accept state is advanced past TLS13_ACCEPT_FINISHED_SENT, so the
next wolfSSL_accept() call skipped the block that marks
SERVER_FINISHED_COMPLETE and lets the application drain 0-RTT data. By
keeping the FALL_THROUGH into TLS13_ACCEPT_FINISHED_SENT and only
returning early while that handshake flag is still unset, we revisit the
shortcut immediately after the buffered flight is delivered, preserving
the intentional behaviour even under non-blocking I/O.

On the client, the same pattern showed up after SendTls13ClientHello()
buffered due to WANT_WRITE: after flushing, the connect state is already
CLIENT_HELLO_SENT so the early-data exit is no longer executed. We now
fall through into the CLIENT_HELLO_SENT case and only short-circuit once
per handshake, ensuring the reply-processing loop still executes on the
retry.
2025-12-22 09:51:05 +01:00
Kareem 7c4feb5e87 Improve the error message returned by BAD_KEY_SHARE_DATA.
Fixes #9084.
2025-12-19 17:17:33 -07:00
Kareem a1999d29ed Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
wolfSSL's support for WOLFSSL_SYS_CA_CERTS uses APIs which don't depend on !NO_FILESYSTEM
on Windows/Mac.

Fixes #8152.
2025-12-19 16:37:50 -07:00
JacobBarthelmeh d5723d0d89 Merge pull request #9544 from julek-wolfssl/gh/9362
Check KeyShare after HRR
2025-12-19 14:36:31 -07:00
JacobBarthelmeh a3072c7a8d fix for shadows global declaration warning 2025-12-18 17:18:39 -07:00
Daniel Pouzzner 8a8ef3512e src/internal.c: in FreeSSL_Ctx(), use wolfSSL_RefWithMutexFree(&ctx->ref), matching refactor in #8187. 2025-12-18 11:48:31 -06:00
Marco Oliverio 988ba340ba address reviewer's comments 2025-12-18 10:28:54 +01:00
Sean Parkinson a103f5af8b Merge pull request #9545 from douzzer/20251211-DRBG-SHA2-smallstackcache-prealloc
20251211-DRBG-SHA2-smallstackcache-prealloc
2025-12-18 10:07:37 +10:00
JacobBarthelmeh 911e996a8d Merge pull request #9546 from SparkiDev/curve25519_base_smul_improv
Curve25519: improved smul
2025-12-17 15:28:56 -07:00
Daniel Pouzzner fc7d4ffad4 PR#9545 20251211-DRBG-SHA2-smallstackcache-prealloc addressing peer review: clear dest if necessary in InitHandshakeHashesAndCopy(), style tweaks in random.c, explanatory comments in sha512.c. 2025-12-17 11:07:22 -06:00
Daniel Pouzzner dc0fe803a5 src/internal.c: in InitHandshakeHashesAndCopy(), don't call InitHandshakeHashes(), to avoid leaking in the later wc_FooCopy() operation. 2025-12-17 11:01:10 -06:00
Daniel Pouzzner cd3e81a656 src/ssl_load.c: in ProcessBufferCert(), check ctx for nullness before accessing ctx->verifyNone (fixes -Wnull-dereference reported by multi-test dtls-no-rsa-no-dh after merge of 36e66eb763). 2025-12-17 11:01:10 -06:00
Juliusz Sosinowicz f61bfd7805 Check KeyShare after HRR 2025-12-17 10:27:04 +01:00
Sean Parkinson f54266c2c6 Curve25519: improved smul
Use the Ed25519 base smul in Curve25519 base mul and covert to
Montogmery curve for a faster implementation.
Only when Ed25519 is compiled in or WOLFSSL_CURVE25519_USE_ED25519 is
defined.
When compiling Intel x64 assembly and Aarch64 assembly, always define
WOLFSSL_CURVE25519_USE_ED25519.
Can't use with blinding - normal C implementation.

Optimized the Curve25519 smul slightly for Intel x64 and Aarch64.
Improved the conditional table lookup on Intel x64 to use AVX2 when
available.
2025-12-17 13:25:36 +10:00
JacobBarthelmeh 75fdf959c1 Merge pull request #9514 from kareem-wolfssl/zd20936
Fix uninitialized variable, fix potentially undefined printf reference in HASH_DRBG_Generate.
2025-12-16 14:48:17 -07:00
JacobBarthelmeh 9156b50bbc Merge pull request #9538 from SparkiDev/tls13_dup_ext_alert_code_fix
TLS 1.3: duplicate extension alert code fix
2025-12-16 14:43:19 -07:00
Marco Oliverio 0fa0fd2317 (d)tls: refactor wolfSSL_GetMaxFragSize(), simplify length computations 2025-12-16 10:46:29 +01:00
Sean Parkinson 5512c2d0b4 Merge pull request #9541 from jackctj117/empty-hash-comment
Added comment with empty hash use
2025-12-16 08:34:16 +10:00
Sean Parkinson 85d40c8e9b Merge pull request #9522 from JacobBarthelmeh/time
tie in use of check_time with x509 store
2025-12-16 08:24:49 +10:00
Kareem 968662063d Merge remote-tracking branch 'upstream/master' into zd20936 2025-12-15 14:06:18 -07:00
Sean Parkinson d3863e5fa3 TLS 1.3: duplicate extension alert code fix
The specification states to return illegal_parameter when a message is
syntactically correct but semantically invalid. (RFC 8446 section 6,
Paragraph 5)
2025-12-15 10:00:56 -08:00
jackctj117 585a8d22aa Added comment with empty hash imofrmation 2025-12-15 10:52:24 -07:00
Sean Parkinson 44be44a509 TLS 1.3 missing extension: return correct alert code
Change TLS 1.3 handling to return missing_extension alert code when
 - KeyShare is present but SupportedGroups is missing and
 - SupportedGroups is present but KeyShare is missing

Added tests for this.
2025-12-15 09:07:13 +10:00
Lealem Amedie 61e58f0f04 Fix for analyzer null dereference 2025-12-12 12:31:07 -07:00
Kareem 3797c03e6c Merge remote-tracking branch 'upstream/master' into zd20936 2025-12-12 11:37:34 -07:00