wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 01:22:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,019 Commits 12 Branches 184 Tags
d72b401e8e44e2815668e45d0287aeddd2e43801
Commit Graph

6545 Commits

Author SHA1 Message Date
David Garske
d72b401e8e Merge pull request #5545 from icing/evp_chacha 
Add ChaCha20 as available cipher in the EVP API.
 2022-09-06 10:42:54 -07:00
David Garske
e2de8f3b6c Merge pull request #5554 from rizlik/dtls_cid_fix 
fix: dtls13: do not negotiate ConnectionID in HelloRetryRequest
 2022-09-06 09:28:25 -07:00
Stefan Eissing
9f47999002 Add ChaCha20 as available cipher in the EVP API. 
- wire the wc_ChaCha_* implementation into the EVP API
  as `wolfSSL_EVP_chacha20`
- follow IV conversions of OpenSSL
- add test case
- have QUIC support use this for header protection when
  CHACHA20_POLY1305 has been negotiated in the handshake.
 2022-09-06 10:06:02 +02:00
David Garske
483d7189c7 Merge pull request #5512 from SparkiDev/tls13_64bit_milli 
Make time in milliseconds 64-bits
 2022-09-05 16:19:03 -07:00
Sean Parkinson
e7dbb5b375 Merge pull request #5548 from dgarske/whitespace 
Whitespace cleanup
 2022-09-06 07:54:29 +10:00
Marco Oliverio
aee81764f2 fix: dtls13: do not negotiate ConnectionID in HelloRetryRequest 2022-09-05 17:00:09 +02:00
kaleb-himes
49065373aa Merge branch 'fix_sha256_debug' of github.com:gojimmypi/wolfssl 2022-09-04 19:26:38 -06:00
Sean Parkinson
b95df7529c Improve usage of 64-bit implementation of TimeNowInMilli 
Change to use 64-bits for types stored - use WOLFSSL_32BIT_MILLI_TIME if
a 64-bit type is not available.
TimeNowInMill() returns 0 on error instead of GETTIME_ERROR.
 2022-09-05 10:47:25 +10:00
David Garske
aa036b6ea4 Merge pull request #5532 from anhu/sphincs 
Add sphincs to wolfCrypt.
 2022-09-02 11:56:11 -07:00
David Garske
232a750cc2 Whitespace cleanup. 2022-09-02 09:54:17 -07:00
David Garske
4a8a11315b Merge pull request #5536 from SparkiDev/sha3_x64 
SHA-3 improvements
 2022-09-02 09:46:14 -07:00
JacobBarthelmeh
8ca63b93a4 Merge pull request #5539 from dgarske/ocsp_async 
Fix for async with OCSP non-blocking in `ProcessPeerCerts`
 2022-09-02 10:42:09 -06:00
David Garske
11bb8b3dc4 Merge pull request #5543 from SparkiDev/rsa_max_size_fix 
RSA max key size checks
 2022-09-02 09:26:19 -07:00
Anthony Hu
10ce703d71 Add sphincs to wolfCrypt. 
Note that we will not support sphincs in TLS so nothing above wolfcrypt changes.
 2022-09-02 11:53:55 -04:00
Sean Parkinson
daadd4a1b7 Merge pull request #5540 from dgarske/socksz 
Fixes for building with 32-bit and socket size sign/unsigned mismatch
 2022-09-02 16:33:41 +10:00
Sean Parkinson
3bf6baf596 RSA max key size checks 
Detect when certificate's RSA public key size is too big and fail on
loading of certificate.
Fix unit test to only attempt to use 3072 bit RSA-PSS keys when
RSA_MAX_SIZE supports it.
 2022-09-02 10:37:12 +10:00
Sean Parkinson
23fd6456c2 Merge pull request #5534 from dgarske/zd14420 
Fix for async session tickets
 2022-09-02 08:50:35 +10:00
Sean Parkinson
ef451d316c Make time in milliseconds 64-bits 
Allow for longer session ticket lives.
 2022-09-02 08:45:07 +10:00
David Garske
f530101ef1 Fix for async with OCSP non-blocking in ProcessPeerCerts. ZD 14754. 2022-09-01 14:39:52 -07:00
David Garske
2695f36642 Fixes for building with 32-bit and socket size sign/unsigned mismatch. 
Tested with: `./configure --enable-all CFLAGS="-m32 -DXSOCKLENT=int" LDFLAGS="-m32" && make`
 2022-09-01 11:39:34 -07:00
Marco Oliverio
401cfbd8e4 dtls13: enable hrr cookie by default 2022-09-01 09:37:35 +02:00
Marco Oliverio
edd723cc84 ssl: add new wolfSSL_disable_hrr_cookie() API to disable hrr cookie 
Add a way to disable hrr cookie so it can be enabled by default for DTLS
connections.
 2022-09-01 09:37:34 +02:00
Sean Parkinson
ce8959ea77 SHA-3 improvements 
Add x86_64 assembly code:
  - BMI2
  - AVX2 (using ymm, slower than BMI2)
  - AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
 2022-09-01 17:11:58 +10:00
David Garske
db6d69143e Merge pull request #5533 from lealem47/crlPrintFix 
Add missing DN nid to work with PrintName()
 2022-08-31 18:32:55 -07:00
David Garske
96ab26e6e9 Fix for async session tickets. ZD14420 
```
./configure --enable-all --enable-asynccrypt CFLAGS="-DWOLFSSL_NO_DEF_TICKET_ENC_CB" && make
./examples/server/server -v 4 -r &
./examples/client/client -v 4 -r
```
 2022-08-31 15:28:49 -07:00
Lealem Amedie
2df1c25263 Add missing DN nid to work with PrintName() 2022-08-31 15:18:12 -07:00
David Garske
b1301d9dc4 Merge pull request #5518 from CallumMcLoughlin/master 
Allow Post Quantum Keyshare for DTLS 1.3
 2022-08-31 12:29:08 -07:00
David Garske
8722a46d52 Merge pull request #5503 from julek-wolfssl/dtls-fragments 
DTLS limit fragments
 2022-08-31 09:53:09 -07:00
Juliusz Sosinowicz
54bd786707 DTLS limit fragments 
- Limit the amount of fragments we store per a DTLS connection
- Error out when we reach the DTLS fragment connection limit
 2022-08-31 14:24:20 +02:00
CallumMcLoughlin
43388186bb Tidy up TLS 1.3 and DTLS 1.3 check 2022-08-30 19:59:36 +12:00
gojimmypi
1afc92dd7b internal.c: WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash when WOLFSSL_DEBUG_TLS 2022-08-29 17:06:52 -07:00
David Garske
a7f86f9473 Merge pull request #5517 from JacobBarthelmeh/Testing 
misc. testing items from static analysis tools
 2022-08-29 08:48:51 -07:00
Juliusz Sosinowicz
88deaf9b5c SNI can appear in ServerHello for TLS 1.2 
Co-authored-by: Eric Blankenhorn <eric@wolfssl.com>
 2022-08-29 14:22:10 +02:00
CallumMcLoughlin
91d3cd7111 Allow Post Quantum Keyshare for DTLS 1.3 2022-08-28 17:35:28 +12:00
JacobBarthelmeh
1e673aee3b scan-build warning fix 2022-08-26 16:29:11 -07:00
David Garske
1976601811 Merge pull request #5505 from julek-wolfssl/dtls-plaintext 
Ignore plaintext on established connections
 2022-08-25 07:25:03 -07:00
Hayden Roche
9f39ffdba7 Fix wolfSSL_GENERAL_NAMES_free memory leak. 
This function was just freeing the stack object itself of GENERAL_NAMES with
wolfSSL_sk_free, but this doesn't free the data in the items of the stack. The
fix is to replace wolfSSL_sk_free with wolfSSL_sk_GENERAL_NAME_free.
 2022-08-24 18:42:30 -07:00
Juliusz Sosinowicz
159a3c8b03 Ignore plaintext on established connections 2022-08-24 21:40:19 +02:00
Sean Parkinson
2571f65e85 Check ECC signature in TLS 
Verifying gnerated ECC signature in TLS handshake code to mitigate when
an attacker can gain knowledge of the private key through fault
injection in the signing process.
Requires WOLFSSL_CHECK_SIG_FAULTS to be defined.
 2022-08-24 09:01:18 +10:00
David Garske
5c65974170 Fix for dynamic type macro typo. 2022-08-23 09:32:11 -07:00
Marco Oliverio
3a8e6f2280 fix: add explicit cast to abide g++ compiler 2022-08-23 16:58:24 +02:00
Marco Oliverio
cfbd061625 add initial support for ConnectionID DTLS extension 2022-08-23 16:58:24 +02:00
Marco Oliverio
171af05e96 tlsx: expose TLSX_Push 
To be able to implement extension in separate compilation unit
 2022-08-23 10:00:06 +02:00
David Garske
48463f6d54 Merge pull request #5388 from lealem47/crlPrint 
Adding X509_CRL_print() function
 2022-08-22 17:16:19 -07:00
JacobBarthelmeh
bd49d37aaf Merge pull request #5492 from embhorn/zd14694 
Fix for AddPacketInfo with WOLFSSL_CALLBACKS
 2022-08-22 14:59:29 -06:00
Lealem Amedie
91a7b8067c Addressing some PR feedback 2022-08-22 12:04:15 -07:00
David Garske
b9d9dc02bb Merge pull request #5476 from julek-wolfssl/session-buffers 
Remove WOLFSSL_SESSION_TYPE_REF buffers from WOLFSSL_SESSION
 2022-08-22 11:59:39 -07:00
David Garske
d50e740c97 Merge pull request #5488 from julek-wolfssl/get_ex_new_index-docs 
Add documentation explaining get_ex_new_index API limitations
 2022-08-22 09:51:36 -07:00
David Garske
a7e318a7ad Merge pull request #5484 from lealem47/allocators 
Adding allocator funcs for dtls peer (for wrappers)
 2022-08-22 09:29:54 -07:00
David Garske
1e5de8255e Merge pull request #5472 from satoshiyamaguchi/trial3 
Add/Extend PEM_read compatibility API's
 2022-08-22 09:24:39 -07:00