wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 13:22:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,161 Commits 12 Branches 184 Tags
d29c656d4f2b362a0cf993e51acb6956825801a6
Commit Graph

6214 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
d29c656d4f SendAlert: clear output buffer to try and send the alert now 2022-06-01 16:48:57 +02:00
Juliusz Sosinowicz
df10e1fad2 Store RetrySendAlert error in ssl->error 2022-06-01 14:59:10 +02:00
Juliusz Sosinowicz
c74315f1ef Save pending alerts when using async io 
- Don't overwrite ssl->error
- Clear the error in ssl->error because the return of SendBuffered is now stored in ret instead
 2022-05-31 18:17:11 +02:00
Juliusz Sosinowicz
8aa2da532c Combine preproc check into one statement 2022-05-30 15:27:36 +02:00
Juliusz Sosinowicz
8cb4819b53 Fix curve group matching on secure renegotiation 2022-05-27 21:26:55 +02:00
Juliusz Sosinowicz
50c0b3d2a2 Add testing/docs for blocking write 
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
 2022-05-27 21:26:55 +02:00
Juliusz Sosinowicz
4e8c362152 Allocate ssl->async seperately to the SSL object 2022-05-26 23:08:48 +02:00
Juliusz Sosinowicz
733fe1a8d3 Use WOLFSSL_ASYNC_IO for WOLFSSL_NONBLOCK_OCSP 
- Enable ssl->async to store function arguments for non-blocking OCSP
- Remove ssl->nonblockarg
 2022-05-26 23:08:48 +02:00
Juliusz Sosinowicz
c151dcec50 Re-use async to support WANT_WRITE while sending fragments 
- Async I/O can be turned off with WOLFSSL_NO_ASYNC_IO
- WOLFSSL_ASYNC_IO functionality enabled in SendCertificateVerify() and SendServerKeyExchange() to allow safe re-entry into SendHandshakeMsg()
- Testing size of structs is refactored int WOLFSSL_ASSERT_SIZEOF_GE()
 2022-05-26 23:08:48 +02:00
Eric Blankenhorn
2800d00bb4 Fix to move wolfSSL_ERR_clear_error outside gate for OPENSSL_EXTRA 2022-05-26 06:11:45 -05:00
David Garske
fa80aa6505 Merge pull request #5132 from JacobBarthelmeh/req 
Add support for additional CSR attributes
 2022-05-25 13:35:46 -07:00
David Garske
17d7098bf6 Merge pull request #5168 from rizlik/dtls_resume 
internal.c: dtls:  HelloVerifyRequest on resumption
 2022-05-25 11:23:08 -07:00
Marco Oliverio
6c0b65d655 internal.c: dtls: HelloVerifyRequest on resumption 2022-05-25 10:38:32 +02:00
David Garske
5aea58d1e8 Merge pull request #5175 from douzzer/20220524-shellcheck-warnings 
20220524-shellcheck-warnings
 2022-05-24 14:21:49 -07:00
David Garske
74cbd08ff5 Merge pull request #5164 from cconlon/x509date 
Remove WOLFSSL_ALT_NAMES restriction on notBefore/notAfter use in Cert struct
 2022-05-24 12:41:00 -07:00
Daniel Pouzzner
b66fa1680a fix whitespace. 2022-05-24 12:13:14 -05:00
Chris Conlon
6a26dab73a X.509 cert validity for CertFromX509() and EncodeCert() shouldn't be protected by WOLFSSL_ALT_NAMES 2022-05-24 10:28:46 -06:00
kareem-wolfssl
465a6ceb64 Merge pull request #4920 from SparkiDev/old_timing_pad_verify 
Make old less secure TimingPadVerify implementation available
 2022-05-23 13:43:59 -07:00
Chris Conlon
ec39ee2cb6 Merge pull request #5070 from miyazakh/crypto_only_flwup 2022-05-20 17:08:29 -06:00
David Garske
9427ebc5be Merge pull request #5160 from haydenroche5/tls_unique 
Provide access to "Finished" messages outside the compat layer.
 2022-05-19 21:30:30 -07:00
Hayden Roche
6d9fbf7ab3 Provide access to "Finished" messages outside the compat layer. 
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
 2022-05-19 16:34:13 -07:00
Daniel Pouzzner
5988f35593 src/wolfio.c: in EmbedReceiveFrom((), clear peer before recvfrom() to fix clang-analyzer-core.UndefinedBinaryOperatorResult; add DTLS_ prefix to macros SENDTO_FUNCTION and RECVFROM_FUNCTION, and gate their definitions on their being undefined to allow overrides. 2022-05-19 11:31:24 -05:00
Sean Parkinson
cd41c8beaf Merge pull request #5147 from rizlik/do_alert_reset 
internal.c:reset input/processReply state if exiting after DoAlert()
 2022-05-19 09:36:44 +10:00
Marco Oliverio
be172af3cd internal.c: check that we have data before processing messages 
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
 2022-05-18 18:49:33 +02:00
Marco Oliverio
6940a5eaae internal.c:reset input/processReply state if exiting after DoAlert() 2022-05-18 18:35:29 +02:00
John Safranek
40063f7487 Merge pull request #5109 from rizlik/dtls_peer_matching_fix 
wolfio: dtls: fix incorrect peer matching check
 2022-05-18 09:12:26 -07:00
Hideki Miyazaki
5de9c45161 resolve merge and conflict 2022-05-18 11:37:22 +09:00
Hideki Miyazaki
54a96cef06 add test case 2022-05-18 11:16:10 +09:00
Hideki Miyazaki
88abc9f3c1 addressed review comments 
add to call wc_ecc_rs_to_sig and wc_ecc_verify_has
 2022-05-18 11:16:07 +09:00
Hideki Miyazaki
c1f117413f get crypto only compiled with openssl extra 2022-05-18 11:16:03 +09:00
Sean Parkinson
2f91028f2d TLS 1.3: pre-master secret zeroizing 2022-05-18 08:52:38 +10:00
David Garske
c9ae021427 Merge pull request #5143 from julek-wolfssl/x509-ret-empty-name 
Return subject and issuer X509_NAME obj even when not set
 2022-05-17 09:16:54 -07:00
Marco Oliverio
6df65c0162 wolfio: dtls: fix incorrect peer matching check 
Ignore packet if coming from a peer of a different size *or* from a different
peer. Avoid whole memcmp of sockaddr_in[6] struct because is not portable (there
are optional fields in struct sockaddr_in).
 2022-05-17 11:01:55 +02:00
David Garske
ec619e3f35 Merge pull request #5107 from julek-wolfssl/wpas-ex-data-leak 
Call ctx->rem_sess_cb when a session is about to be invalid
 2022-05-16 13:27:08 -07:00
Juliusz Sosinowicz
7f8f0dcffe Refactor cache ex_data update/retrieve into one function 
- Add explicit pointer cast
 2022-05-16 13:01:05 +02:00
Juliusz Sosinowicz
d996086a6d Return subject and issuer X509_NAME obj even when not set 
This allows the user to set the attributes of the subject and issuer name by calling X509_REQ_get_subject_name and adding attributes to it.
 2022-05-16 12:49:34 +02:00
JacobBarthelmeh
fb9b96d498 fix for index increment and change test case expected return values 2022-05-13 14:07:29 -07:00
David Garske
6b1e3003fb Merge pull request #5142 from SparkiDev/ssl_move_pk 
ssl.c rework
 2022-05-13 12:56:14 -07:00
David Garske
1a57e3065a Small cleanups. Missing (void), spelling and formatting. Also fixes for variations of 25519/448 build. 2022-05-13 09:24:59 -07:00
Sean Parkinson
852d5169d4 ssl.c rework 
Move the public key APIs out of ssl.c and into pk.c.
(RSA, DSA, DH and EC)
 2022-05-13 11:12:44 +10:00
Sean Parkinson
eea537e5ea Merge pull request #5124 from kaleb-himes/WIN_MULTICONFIG 
Address issues ID'd by new windows multi-config test
 2022-05-13 09:39:15 +10:00
Sean Parkinson
6aaee73585 Merge pull request #5133 from rizlik/cookie_keyshare_fix 
tls13: fix cookie has keyShare information check
 2022-05-13 08:01:59 +10:00
Sean Parkinson
d1308fcdfc Merge pull request #5122 from rizlik/tls13_pad_calc 
internal.c: fix pad-size when more records are received at once
 2022-05-13 07:59:36 +10:00
Daniel Pouzzner
c4920021d8 print errors to stderr, not stdout; 
fix whitespace in internal.c;

add missing error handling in examples/server/server.c around recvfrom().
 2022-05-12 13:07:32 -05:00
John Safranek
2cf87a8049 Merge pull request #5084 from julek-wolfssl/zd14101-dtls-want-write 
DTLS fixes with WANT_WRITE simulations
 2022-05-12 09:36:40 -07:00
David Garske
05ce8329c9 Merge pull request #5067 from miyazakh/compat_altcertchain 
"veify ok" if alternate cert chain mode is used
 2022-05-12 08:54:51 -07:00
David Garske
7a95be1a97 Merge pull request #5126 from JacobBarthelmeh/crl 
do not error out on CRL next date if using NO_VERIFY
 2022-05-12 08:44:29 -07:00
Juliusz Sosinowicz
9914da3046 Fix resumption failure and use range in connect state logic 2022-05-12 15:46:08 +02:00
Juliusz Sosinowicz
a31b76878f DTLS fixes with WANT_WRITE simulations 
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
 2022-05-12 15:46:08 +02:00
Marco Oliverio
829e9f5277 tls13: fix cookie has keyShare information check 
Fix the check to see if the cookie has key_share information or not (needed to
reconstruct the HelloRetryRequest). At the moment, it looks like we never send a
cookie without KeyShare extension. Indeed the HelloRetryRequest is sent only
because the client didn't provide a good KeyShareEntry in the first
ClientHello. When we will support DTLSv1.3, the HelloRetryRequest will be used
as a return-routability check and it may be sent without the KeyShare extension.
 2022-05-12 12:10:58 +02:00