wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 13:32:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,776 Commits 12 Branches 184 Tags
c07d0fe4b4e3ca4bd97812facff50f52ac004462
Commit Graph

6430 Commits

Author SHA1 Message Date
Daniel Pouzzner
c07d0fe4b4 address peer review: 
use camel case not underscores in variable names;

restore use of const int variables for buffer sizes in several spots (for ease of smallstack code paths should they be needed);

use more MISRAish flow control in X509PrintSignature().

also, capture the retval from several more snprintf()s to pass directly to wolfSSL_BIO_write(), avoiding frivolous strlen()s.
 2022-08-09 23:23:11 -05:00
Daniel Pouzzner
371fbc698c src/x509.c: mollify bugprone-unused-return-value warnings around XSNPRINTF(); 
fix various possible buffer overruns;

fix various runtime-error-driven memory leaks;

various refactors for efficiency, clarity, and safety, including refactors to eliminate unsafe XSTRNCAT() calls.
 2022-08-08 18:55:38 -05:00
David Garske
7004157869 Merge pull request #5387 from TakayukiMatsuo/tk14445 
Suppress build errors when defining some disable macros
 2022-08-07 20:09:41 -07:00
TakayukiMatsuo
79fb1783c4 Suppress build errors when defining some disable macros 2022-08-07 17:11:22 +09:00
David Garske
2d2c55f1c1 Merge pull request #5431 from haydenroche5/wolfssl_error 
Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE.
 2022-08-05 15:14:44 -07:00
David Garske
96fcc129ec Merge pull request #5213 from JacobBarthelmeh/req 
expand functions included in opensslextra and add REQ print out
 2022-08-05 13:20:21 -07:00
Hayden Roche
3bf21b5a05 Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE. 
We have users who need to debug errors coming out of libwolfssl in production,
where --enable-debug isn't an option. Our error queue implementation is the
solution, but our usage of WOLFSSL_ERROR isn't consistent. This commit greatly
expands our usage of WOLFSSL_ERROR. There are too many error cases to tackle
all at once, and not all error cases are particularly meaningful or likely to be
hit in regular operation of the library. I've tried to focus on errors that
users are likely to hit, and I've chosen to ignore things like the mountain of
BUFFER_E and BAD_FUNC_ARG cases (for the most part). I've also tried to expand
WOLFSSL_ERROR usage in files where we haven't been using it historically
(e.g. aes.c), so the pattern is now there for other developers to follow. In
order to prevent these additions from exploding the size of libwolfssl, they're
all behind a new macro, WOLFSSL_ERROR_VERBOSE. If WOLFSSL_VERBOSE_ERRORS is
defined, WOLFSSL_ERROR_VERBOSE just maps to WOLFSSL_ERROR.
 2022-08-05 10:32:18 -07:00
JacobBarthelmeh
d6c895d19d use or with all/extra macro guard 2022-08-05 09:31:42 -07:00
JacobBarthelmeh
83f1ade1fc use extension free function with opensslextra and remove debug printf 2022-08-05 09:15:35 -07:00
Sean Parkinson
c35b47f265 TLS !.3: restrict extension validity by message 
Extensions ServerName, SupportedGroups and ALPN must not appear in
server_hello.
Removed server_hello from the valid checks.
 2022-08-05 08:26:09 +10:00
Sean Parkinson
56be09005f Merge pull request #5427 from julek-wolfssl/dtls-timeout-and-closed-socket 
DTLS socket and timeout fixes
 2022-08-05 08:13:14 +10:00
JacobBarthelmeh
ff512a34c6 adjust temporary buffer size and memory free'ing 2022-08-04 15:11:24 -07:00
David Garske
99dad91344 Merge pull request #5435 from douzzer/20220803-gcc-12-ASAN 
20220803-gcc-12-ASAN
 2022-08-04 08:41:26 -07:00
Juliusz Sosinowicz
6d4f0146ca Refactor sending alert on decryption failure 
Take sending of the alert outside of DecryptTls() and DecryptTls13(). The alert is now sent in ProcessReplyEx().
 2022-08-04 12:06:26 +02:00
Juliusz Sosinowicz
ebcfa31993 Refactor checking socket type into a function 2022-08-04 11:35:27 +02:00
Juliusz Sosinowicz
3278210e1c Silently discard DTLS msgs that fail decryption 
Don't send alerts when decryption fails inside a DTLS connection.
TLS should always send a bad_record_mac when decryption fails.
 2022-08-04 11:27:45 +02:00
Juliusz Sosinowicz
fd1e8c49eb Reset timeout when reading a valid DTLS message 
- Increment the DTLS 1.3 timeout on a long timeout
 2022-08-04 11:27:45 +02:00
Juliusz Sosinowicz
67d518544b EmbedReceiveFrom: fix when using a TCP socket 
- recvfrom() returns 0 on a closed TCP socket
- TCP sockets set WOLFSSL_CBIO_ERR_ISR on a timeout
 2022-08-04 11:27:45 +02:00
Sean Parkinson
9ea3e173d0 Merge pull request #5277 from JacobBarthelmeh/req_attr 
expand subject name and req attribute support
 2022-08-04 14:32:14 +10:00
David Garske
2c2a7750a4 Merge pull request #5414 from darktohka/feature/chacha20-poly1305-evp 
Integrate chacha20-poly1305 into the EVP interface
 2022-08-03 18:21:17 -07:00
Sean Parkinson
1dc848d8e3 Merge pull request #5429 from dgarske/sniffer_async2 
Fix for sniffer to ensure the session was polled before trying to reprocess it
 2022-08-04 08:18:55 +10:00
Sean Parkinson
e32cfb79e5 Merge pull request #5419 from dgarske/aurix 
Support for Infineon AURIX IDE and minor compiler warnings.
 2022-08-04 08:01:57 +10:00
Daniel Pouzzner
a7f0c92c0d src/internal.c: in GetCipherKeaStr(), when gcc-12 or higher and __SANITIZE_ADDRESS__, wrap in a pragma to ignore -Wstringop-overread, due to false positives. 2022-08-03 12:30:29 -05:00
David Garske
664fe390d6 Merge pull request #5382 from icing/announce-pskkem-plain 
Announce TLSX_PSK_KEY_EXCHANGE_MODES in non-resuming ClientHello
 2022-08-03 07:40:24 -07:00
David Garske
4937557ddc Merge pull request #5422 from julek-wolfssl/dtls-async-fix 
Fix dtls + async multi-test misc errors
 2022-08-03 07:24:58 -07:00
David Garske
53e0483e47 Support for Infineon AURIX IDE. Fixes for Aurix compiler warnings. 2022-08-02 16:53:47 -07:00
David Garske
9d2ed67a5c Fix for sniffer to ensure the session was polled before trying to reprocess it. 2022-08-02 08:11:21 -07:00
Anthony Hu
fd412ed298 Fix so curl can do FTPS on TLS 1.3 with session resumption. 2022-08-02 10:51:14 -04:00
JacobBarthelmeh
99ed727179 add WOLFSSL_CERT_NAME_ALL macro guard and new values to set subject 2022-08-01 10:52:09 -07:00
Jacob Barthelmeh
52b80ea52a expand functions included in opensslextra and add REQ print out 2022-08-01 09:21:43 -07:00
Marco Oliverio
8878922f95 fix: dtls13: use correct buffer index to get epoch bits 
Fixes: d079662765
 2022-08-01 14:24:20 +02:00
Juliusz Sosinowicz
fb2feee9b6 Fix dtls + async multi-test misc errors 
DTLS uses DtlsMsgStore() to process messages when using async crypto. A check was skipping the storing straight to DtlsMsgDrain().
 2022-07-29 15:49:49 +02:00
Stefan Eissing
a943de7969 Changes after PR review. 
- removed additions to REAME.md
- changed coding style of conditional PSKKEM announce
  as requested.
 2022-07-29 11:26:08 +02:00
Stefan Eissing
c8008e29b9 Announce TLSX_PSK_KEY_EXCHANGE_MODES in non-resuming ClientHello. 
- can be reverted to previous style by defining NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
- QUIC interop testing reveals that at least QUIC stacks refrain from
  issuing session tickets unless the ClientHello shows this extension.
 2022-07-29 11:18:56 +02:00
David Garske
da422eb422 Merge pull request #5406 from SparkiDev/mp_int_size 
Maths bit size: ensure size is right
 2022-07-28 15:36:58 -07:00
Disyer
52cc73a6a4 Integrate chacha20-poly1305 into the EVP interface 2022-07-28 13:01:35 +03:00
Daniel Pouzzner
9256d6aa7c src/internal.c: fixes for redundant assignments and preprocessor typo. 2022-07-27 14:42:00 -05:00
Daniel Pouzzner
c63e22701f src/pk.c: fix type mismatch in return value. 2022-07-27 14:42:00 -05:00
Daniel Pouzzner
ed449d5b20 wolfsentry integration: avoid redundant and frivolous dispatches (ssl.c wolfSSL_connect(), wolfSSL_negotiate(), wolfSSL_accept(); tls13.c wolfSSL_connect_TLSv13(), wolfSSL_accept_TLSv13()). 2022-07-27 14:42:00 -05:00
David Garske
a56d25d58e Merge pull request #5408 from julek-wolfssl/FreeAsyncCtx-location 
FreeAsyncCtx should only be called when advancing state
 2022-07-27 09:59:28 -07:00
Juliusz Sosinowicz
e9b3b5936f FreeAsyncCtx should only be called when advancing state 
The call to FreeAsyncCtx after SendBuffered was added to clean up state when we are ready to advance state. If we do not advance state, then clean up should be handled in the relevant state.
 2022-07-27 14:14:22 +02:00
Sean Parkinson
460845ba49 Maths bit size: ensure size is right 
Ensure WOLFSSL_MAX_RSA_BITS works.
Fix SP math size defines.
Regression testing maths implementations.
 2022-07-27 18:58:30 +10:00
Sean Parkinson
01aad13c38 Rework 2022-07-27 12:02:15 +10:00
David Garske
9c480ece66 Fix to use the new outTmp. 2022-07-26 15:48:58 -07:00
Marco Oliverio
856ea2ffc8 internal.c: RsaDec improvements 2022-07-26 20:59:01 +02:00
Marco Oliverio
1727efbc2c internal.c: rsa decription buffer handling 2022-07-26 20:59:01 +02:00
David Garske
a98642ba61 Merge pull request #5383 from julek-wolfssl/negating-ciphersuites 
Expand SetCipherList()
 2022-07-25 08:26:47 -07:00
Juliusz Sosinowicz
e7cd1562b4 Expand SetCipherList() 
- support disabling ciphersuites starting from the default list
 2022-07-25 11:14:16 +02:00
Eric Blankenhorn
4369873540 Fix to copy TLS version with wolfSSL_write_dup 2022-07-22 15:09:35 -05:00
Juliusz Sosinowicz
6f2889c07d BIO_eof returns 1 when no more data remains in the BIO 2022-07-22 13:24:32 +02:00