wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 21:52:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,111 Commits 12 Branches 184 Tags
ba20f54b5b36fdc7247f23b5feaf33ecdffa8fce
Commit Graph

6193 Commits

Author SHA1 Message Date
John Safranek
62cb2b4ca9 ASN.1 Additions for FPKI/CAC 
1. Add some OIDs used in the Federal PKI Policy Authority standard.
2. Added the SubjectDirectoryAttributes extension to certificate
   parsing. (limited to country of citizenship)
3. Rename constant label SUBJECT_INFO_ACCESS to SUBJ_INFO_ACC_OID
4. Added the SubjectInfoAccess extension to certificate parsing.
   (limited to one URL)
5. Add the SSH extended key usage flags.
6. Use some of the template changes on the new certificate items.
 2022-05-22 17:18:20 -07:00
Chris Conlon
ec39ee2cb6 Merge pull request #5070 from miyazakh/crypto_only_flwup 2022-05-20 17:08:29 -06:00
David Garske
9427ebc5be Merge pull request #5160 from haydenroche5/tls_unique 
Provide access to "Finished" messages outside the compat layer.
 2022-05-19 21:30:30 -07:00
Hayden Roche
6d9fbf7ab3 Provide access to "Finished" messages outside the compat layer. 
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
 2022-05-19 16:34:13 -07:00
Daniel Pouzzner
5988f35593 src/wolfio.c: in EmbedReceiveFrom((), clear peer before recvfrom() to fix clang-analyzer-core.UndefinedBinaryOperatorResult; add DTLS_ prefix to macros SENDTO_FUNCTION and RECVFROM_FUNCTION, and gate their definitions on their being undefined to allow overrides. 2022-05-19 11:31:24 -05:00
Sean Parkinson
cd41c8beaf Merge pull request #5147 from rizlik/do_alert_reset 
internal.c:reset input/processReply state if exiting after DoAlert()
 2022-05-19 09:36:44 +10:00
Marco Oliverio
be172af3cd internal.c: check that we have data before processing messages 
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
 2022-05-18 18:49:33 +02:00
Marco Oliverio
6940a5eaae internal.c:reset input/processReply state if exiting after DoAlert() 2022-05-18 18:35:29 +02:00
John Safranek
40063f7487 Merge pull request #5109 from rizlik/dtls_peer_matching_fix 
wolfio: dtls: fix incorrect peer matching check
 2022-05-18 09:12:26 -07:00
Hideki Miyazaki
5de9c45161 resolve merge and conflict 2022-05-18 11:37:22 +09:00
Hideki Miyazaki
54a96cef06 add test case 2022-05-18 11:16:10 +09:00
Hideki Miyazaki
88abc9f3c1 addressed review comments 
add to call wc_ecc_rs_to_sig and wc_ecc_verify_has
 2022-05-18 11:16:07 +09:00
Hideki Miyazaki
c1f117413f get crypto only compiled with openssl extra 2022-05-18 11:16:03 +09:00
Sean Parkinson
2f91028f2d TLS 1.3: pre-master secret zeroizing 2022-05-18 08:52:38 +10:00
David Garske
c9ae021427 Merge pull request #5143 from julek-wolfssl/x509-ret-empty-name 
Return subject and issuer X509_NAME obj even when not set
 2022-05-17 09:16:54 -07:00
Marco Oliverio
6df65c0162 wolfio: dtls: fix incorrect peer matching check 
Ignore packet if coming from a peer of a different size *or* from a different
peer. Avoid whole memcmp of sockaddr_in[6] struct because is not portable (there
are optional fields in struct sockaddr_in).
 2022-05-17 11:01:55 +02:00
David Garske
ec619e3f35 Merge pull request #5107 from julek-wolfssl/wpas-ex-data-leak 
Call ctx->rem_sess_cb when a session is about to be invalid
 2022-05-16 13:27:08 -07:00
Juliusz Sosinowicz
7f8f0dcffe Refactor cache ex_data update/retrieve into one function 
- Add explicit pointer cast
 2022-05-16 13:01:05 +02:00
Juliusz Sosinowicz
d996086a6d Return subject and issuer X509_NAME obj even when not set 
This allows the user to set the attributes of the subject and issuer name by calling X509_REQ_get_subject_name and adding attributes to it.
 2022-05-16 12:49:34 +02:00
David Garske
6b1e3003fb Merge pull request #5142 from SparkiDev/ssl_move_pk 
ssl.c rework
 2022-05-13 12:56:14 -07:00
David Garske
1a57e3065a Small cleanups. Missing (void), spelling and formatting. Also fixes for variations of 25519/448 build. 2022-05-13 09:24:59 -07:00
Sean Parkinson
852d5169d4 ssl.c rework 
Move the public key APIs out of ssl.c and into pk.c.
(RSA, DSA, DH and EC)
 2022-05-13 11:12:44 +10:00
Sean Parkinson
eea537e5ea Merge pull request #5124 from kaleb-himes/WIN_MULTICONFIG 
Address issues ID'd by new windows multi-config test
 2022-05-13 09:39:15 +10:00
Sean Parkinson
6aaee73585 Merge pull request #5133 from rizlik/cookie_keyshare_fix 
tls13: fix cookie has keyShare information check
 2022-05-13 08:01:59 +10:00
Sean Parkinson
d1308fcdfc Merge pull request #5122 from rizlik/tls13_pad_calc 
internal.c: fix pad-size when more records are received at once
 2022-05-13 07:59:36 +10:00
Daniel Pouzzner
c4920021d8 print errors to stderr, not stdout; 
fix whitespace in internal.c;

add missing error handling in examples/server/server.c around recvfrom().
 2022-05-12 13:07:32 -05:00
John Safranek
2cf87a8049 Merge pull request #5084 from julek-wolfssl/zd14101-dtls-want-write 
DTLS fixes with WANT_WRITE simulations
 2022-05-12 09:36:40 -07:00
David Garske
05ce8329c9 Merge pull request #5067 from miyazakh/compat_altcertchain 
"veify ok" if alternate cert chain mode is used
 2022-05-12 08:54:51 -07:00
David Garske
7a95be1a97 Merge pull request #5126 from JacobBarthelmeh/crl 
do not error out on CRL next date if using NO_VERIFY
 2022-05-12 08:44:29 -07:00
Juliusz Sosinowicz
9914da3046 Fix resumption failure and use range in connect state logic 2022-05-12 15:46:08 +02:00
Juliusz Sosinowicz
a31b76878f DTLS fixes with WANT_WRITE simulations 
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
 2022-05-12 15:46:08 +02:00
Marco Oliverio
829e9f5277 tls13: fix cookie has keyShare information check 
Fix the check to see if the cookie has key_share information or not (needed to
reconstruct the HelloRetryRequest). At the moment, it looks like we never send a
cookie without KeyShare extension. Indeed the HelloRetryRequest is sent only
because the client didn't provide a good KeyShareEntry in the first
ClientHello. When we will support DTLSv1.3, the HelloRetryRequest will be used
as a return-routability check and it may be sent without the KeyShare extension.
 2022-05-12 12:10:58 +02:00
Hideki Miyazaki
5d93a48ddf veify ok if alternate cert chain mode for verifyCallback 2022-05-12 06:15:18 +09:00
Daniel Pouzzner
9fbb4a923f src/internal.c:GetCipherKeaStr(): allow "ECDH" (in addition to "ECDHE") as a suite clause that maps to KEA "ECDH". 2022-05-10 15:12:00 -05:00
Daniel Pouzzner
77fa0ccb82 src/tls.c:BuildTlsFinished(): work around false positive -Wmaybe-uninitialized. 2022-05-10 15:10:23 -05:00
Jacob Barthelmeh
531120131a do not error out on CRL next date if using NO_VERIFY 2022-05-10 14:00:21 -06:00
Daniel Pouzzner
26673a0f28 where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp; 
add macro XSTRCASECMP();

update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
 2022-05-10 12:20:12 -05:00
Marco Oliverio
f06ac9965c internal.c: fix: plaintext check account for the current record only 2022-05-10 13:12:09 +02:00
Marco Oliverio
db23d8a0cf internal.c: don't skip records if we don't process early-data 
If we don't process early data, we want to skip only the current record and not
all the received data
 2022-05-10 13:04:43 +02:00
Marco Oliverio
445c1e6ceb internal.c: don't check TLS13 plaintext limit twice 
Plaintext size is checked before decryption in TLS 1.3
 2022-05-10 12:51:50 +02:00
kaleb-himes
d5f7beefd4 Address issues ID'd by new windows multi-config test 2022-05-09 16:50:56 -06:00
Marco Oliverio
0c7e9a0104 internal.c: fix pad-size when more records are received at once 
don't consider the end of the record the end of received data as more records
may be read at once when DTLS will be supported.
 2022-05-09 11:00:31 +02:00
Sean Parkinson
59fdf05155 Merge pull request #5111 from kaleb-himes/ABI-check-test-rev2 
Refactor wolfSSL_ASN1_TIME_adj to use GetFormattedTimeString (new API)
 2022-05-09 09:15:57 +10:00
David Garske
421f54e60a Merge pull request #5118 from douzzer/20220405-declaration-after-statement 
20220405 declaration after statement
 2022-05-06 16:16:52 -07:00
David Garske
36877d78b4 Merge pull request #5078 from julek-wolfssl/wpas-tls13 
Clean up wolfSSL_clear() and add some more logging
 2022-05-06 11:45:43 -07:00
Daniel Pouzzner
99b44f15ef fix various -Wdeclaration-after-statement, with and without --enable-smallstack. 2022-05-06 13:34:32 -05:00
David Garske
3e774be88c Minor text and formatting cleanups. 2022-05-06 11:01:40 -07:00
Juliusz Sosinowicz
b6b007de3c Call ctx->rem_sess_cb when a session is about to be invalid 
Allow the user to register a session remove callback with wolfSSL_CTX_sess_set_remove_cb() that will be called when the session is about to be free'd or evicted from cache.
 2022-05-06 16:34:28 +02:00
kaleb-himes
ef89e2e637 Rename utc_str[_buf] -> time_str[_buf] (semantic change) 2022-05-06 08:18:14 -06:00
Juliusz Sosinowicz
7e9896d162 Only clear session when we didn't complete a handshake 
- Allow overriding buffer size with `WOLFSSL_MSG_EX_BUF_SZ`
- Allow disabling `WOLFSSL_MSG_EX` by defining `NO_WOLFSSL_MSG_EX`
 2022-05-06 12:35:49 +02:00