wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 23:09:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,776 Commits 12 Branches 184 Tags
c07d0fe4b4e3ca4bd97812facff50f52ac004462
Commit Graph

17776 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
c07d0fe4b4 address peer review: 
use camel case not underscores in variable names;

restore use of const int variables for buffer sizes in several spots (for ease of smallstack code paths should they be needed);

use more MISRAish flow control in X509PrintSignature().

also, capture the retval from several more snprintf()s to pass directly to wolfSSL_BIO_write(), avoiding frivolous strlen()s.
 2022-08-09 23:23:11 -05:00
Daniel Pouzzner
371fbc698c src/x509.c: mollify bugprone-unused-return-value warnings around XSNPRINTF(); 
fix various possible buffer overruns;

fix various runtime-error-driven memory leaks;

various refactors for efficiency, clarity, and safety, including refactors to eliminate unsafe XSTRNCAT() calls.
 2022-08-08 18:55:38 -05:00
David Garske
7004157869 Merge pull request #5387 from TakayukiMatsuo/tk14445 
Suppress build errors when defining some disable macros
 2022-08-07 20:09:41 -07:00
TakayukiMatsuo
79fb1783c4 Suppress build errors when defining some disable macros 2022-08-07 17:11:22 +09:00
David Garske
2d2c55f1c1 Merge pull request #5431 from haydenroche5/wolfssl_error 
Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE.
 2022-08-05 15:14:44 -07:00
David Garske
96fcc129ec Merge pull request #5213 from JacobBarthelmeh/req 
expand functions included in opensslextra and add REQ print out
 2022-08-05 13:20:21 -07:00
Hayden Roche
3bf21b5a05 Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE. 
We have users who need to debug errors coming out of libwolfssl in production,
where --enable-debug isn't an option. Our error queue implementation is the
solution, but our usage of WOLFSSL_ERROR isn't consistent. This commit greatly
expands our usage of WOLFSSL_ERROR. There are too many error cases to tackle
all at once, and not all error cases are particularly meaningful or likely to be
hit in regular operation of the library. I've tried to focus on errors that
users are likely to hit, and I've chosen to ignore things like the mountain of
BUFFER_E and BAD_FUNC_ARG cases (for the most part). I've also tried to expand
WOLFSSL_ERROR usage in files where we haven't been using it historically
(e.g. aes.c), so the pattern is now there for other developers to follow. In
order to prevent these additions from exploding the size of libwolfssl, they're
all behind a new macro, WOLFSSL_ERROR_VERBOSE. If WOLFSSL_VERBOSE_ERRORS is
defined, WOLFSSL_ERROR_VERBOSE just maps to WOLFSSL_ERROR.
 2022-08-05 10:32:18 -07:00
JacobBarthelmeh
d6c895d19d use or with all/extra macro guard 2022-08-05 09:31:42 -07:00
JacobBarthelmeh
83f1ade1fc use extension free function with opensslextra and remove debug printf 2022-08-05 09:15:35 -07:00
Juliusz Sosinowicz
192f081833 Merge pull request #5439 from SparkiDev/tls13_ext_msgs 2022-08-05 10:49:13 +02:00
Sean Parkinson
c35b47f265 TLS !.3: restrict extension validity by message 
Extensions ServerName, SupportedGroups and ALPN must not appear in
server_hello.
Removed server_hello from the valid checks.
 2022-08-05 08:26:09 +10:00
Sean Parkinson
56be09005f Merge pull request #5427 from julek-wolfssl/dtls-timeout-and-closed-socket 
DTLS socket and timeout fixes
 2022-08-05 08:13:14 +10:00
JacobBarthelmeh
ff512a34c6 adjust temporary buffer size and memory free'ing 2022-08-04 15:11:24 -07:00
David Garske
7465691c70 Merge pull request #5437 from douzzer/20220804-fixes 
20220804 fixes
 2022-08-04 13:55:03 -07:00
Daniel Pouzzner
9d5e633a96 wolfcrypt/src/pkcs12.c: add WOLFSSL_SMALL_STACK path in freeDecCertList(). 2022-08-04 11:16:47 -05:00
Daniel Pouzzner
d7e33b3293 wolfcrypt/src/asn.c: fix null pointer deref in SetReqAttribSingle() (clang-analyzer-core.NonNullParamChecker). 2022-08-04 11:12:09 -05:00
David Garske
99dad91344 Merge pull request #5435 from douzzer/20220803-gcc-12-ASAN 
20220803-gcc-12-ASAN
 2022-08-04 08:41:26 -07:00
Juliusz Sosinowicz
6d4f0146ca Refactor sending alert on decryption failure 
Take sending of the alert outside of DecryptTls() and DecryptTls13(). The alert is now sent in ProcessReplyEx().
 2022-08-04 12:06:26 +02:00
Juliusz Sosinowicz
ebcfa31993 Refactor checking socket type into a function 2022-08-04 11:35:27 +02:00
Juliusz Sosinowicz
3278210e1c Silently discard DTLS msgs that fail decryption 
Don't send alerts when decryption fails inside a DTLS connection.
TLS should always send a bad_record_mac when decryption fails.
 2022-08-04 11:27:45 +02:00
Juliusz Sosinowicz
fd1e8c49eb Reset timeout when reading a valid DTLS message 
- Increment the DTLS 1.3 timeout on a long timeout
 2022-08-04 11:27:45 +02:00
Juliusz Sosinowicz
67d518544b EmbedReceiveFrom: fix when using a TCP socket 
- recvfrom() returns 0 on a closed TCP socket
- TCP sockets set WOLFSSL_CBIO_ERR_ISR on a timeout
 2022-08-04 11:27:45 +02:00
Sean Parkinson
9ea3e173d0 Merge pull request #5277 from JacobBarthelmeh/req_attr 
expand subject name and req attribute support
 2022-08-04 14:32:14 +10:00
David Garske
2c2a7750a4 Merge pull request #5414 from darktohka/feature/chacha20-poly1305-evp 
Integrate chacha20-poly1305 into the EVP interface
 2022-08-03 18:21:17 -07:00
Sean Parkinson
1dc848d8e3 Merge pull request #5429 from dgarske/sniffer_async2 
Fix for sniffer to ensure the session was polled before trying to reprocess it
 2022-08-04 08:18:55 +10:00
Sean Parkinson
e32cfb79e5 Merge pull request #5419 from dgarske/aurix 
Support for Infineon AURIX IDE and minor compiler warnings.
 2022-08-04 08:01:57 +10:00
David Garske
3f07900c1b Merge pull request #5432 from embhorn/zd14172 
Fix dead code warnings and build error
 2022-08-03 15:01:20 -07:00
David Garske
791250c6c0 Merge pull request #5428 from TakayukiMatsuo/rx65n_fix 
Fix build error and update manuals for Renesas RX boards
 2022-08-03 11:04:25 -07:00
Daniel Pouzzner
6e8417e631 wolfssl/wolfcrypt/blake2-int.h: remove alignment specs on __blake2s_state and __blake2b_state, as they are unneeded, and are not honored by gcc-12+ in stack allocations, leading to (true positive) misaligned-access errors from ASAN. 2022-08-03 12:30:45 -05:00
Daniel Pouzzner
a7f0c92c0d src/internal.c: in GetCipherKeaStr(), when gcc-12 or higher and __SANITIZE_ADDRESS__, wrap in a pragma to ignore -Wstringop-overread, due to false positives. 2022-08-03 12:30:29 -05:00
David Garske
664fe390d6 Merge pull request #5382 from icing/announce-pskkem-plain 
Announce TLSX_PSK_KEY_EXCHANGE_MODES in non-resuming ClientHello
 2022-08-03 07:40:24 -07:00
David Garske
0c1add08e3 Merge pull request #5416 from darktohka/feature/chacha20-outl-bytes 
Ensure ChaCha20 updates out length during cipher update
 2022-08-03 07:26:02 -07:00
David Garske
4937557ddc Merge pull request #5422 from julek-wolfssl/dtls-async-fix 
Fix dtls + async multi-test misc errors
 2022-08-03 07:24:58 -07:00
Eric Blankenhorn
ecdccb6180 Fix build error with WOLFSSL_AES_DIRECT 2022-08-03 09:09:28 -05:00
Eric Blankenhorn
f713c75a73 Fix dead code warnings in evpCipherBlock and wc_CryptKey 2022-08-03 08:08:00 -05:00
David Garske
53e0483e47 Support for Infineon AURIX IDE. Fixes for Aurix compiler warnings. 2022-08-02 16:53:47 -07:00
Juliusz Sosinowicz
72b0f15075 Merge pull request #5424 from anhu/curl_ftps_fix 2022-08-02 23:22:11 +02:00
David Garske
9d2ed67a5c Fix for sniffer to ensure the session was polled before trying to reprocess it. 2022-08-02 08:11:21 -07:00
Anthony Hu
fd412ed298 Fix so curl can do FTPS on TLS 1.3 with session resumption. 2022-08-02 10:51:14 -04:00
TakayukiMatsuo
3c51d872ea Fix build error and update manuals 2022-08-02 16:45:37 +09:00
Sean Parkinson
9db4ae64b9 Merge pull request #5423 from douzzer/20220729-fixes 
20220729-fixes
 2022-08-02 08:03:53 +10:00
JacobBarthelmeh
99ed727179 add WOLFSSL_CERT_NAME_ALL macro guard and new values to set subject 2022-08-01 10:52:09 -07:00
Jacob Barthelmeh
52b80ea52a expand functions included in opensslextra and add REQ print out 2022-08-01 09:21:43 -07:00
David Garske
4602e6d892 Merge pull request #5426 from rizlik/epoch_bits_fix 
fix: dtls13: use correct buffer index to get epoch bits
 2022-08-01 07:41:44 -07:00
Marco Oliverio
8878922f95 fix: dtls13: use correct buffer index to get epoch bits 
Fixes: d079662765
 2022-08-01 14:24:20 +02:00
Daniel Pouzzner
791508220f wolfssl/internal.h: fix spurious assert failure on jumbo RSA key configurations (> 8192 bits); mollify bugprone-macro-parentheses. 2022-07-29 09:33:14 -05:00
Juliusz Sosinowicz
fb2feee9b6 Fix dtls + async multi-test misc errors 
DTLS uses DtlsMsgStore() to process messages when using async crypto. A check was skipping the storing straight to DtlsMsgDrain().
 2022-07-29 15:49:49 +02:00
Stefan Eissing
a943de7969 Changes after PR review. 
- removed additions to REAME.md
- changed coding style of conditional PSKKEM announce
  as requested.
 2022-07-29 11:26:08 +02:00
Stefan Eissing
1db8013566 Update README with note about change in TLSX_PSK_KEY_EXCHANGE_MODES use. 2022-07-29 11:18:56 +02:00
Stefan Eissing
c8008e29b9 Announce TLSX_PSK_KEY_EXCHANGE_MODES in non-resuming ClientHello. 
- can be reverted to previous style by defining NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
- QUIC interop testing reveals that at least QUIC stacks refrain from
  issuing session tickets unless the ClientHello shows this extension.
 2022-07-29 11:18:56 +02:00