wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 08:42:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,235 Commits 12 Branches 184 Tags
e971bd7315a5d595a29a6bbfac69548286edf816
Commit Graph

6617 Commits

Author SHA1 Message Date
Sean Parkinson
754d274d8c Merge pull request #5593 from rizlik/ticket_nonce_size 
tls13: support ticketNonce with size bigger than MAX_TICKET_NONCE_SZ
 2022-09-29 08:11:22 +10:00
Marco Oliverio
56d6087749 tls13: support ticketNonce bigger than MAX_TICKET_NONCE_SZ 
to enable it, use WOLFSSL_TICKET_NONCE_MALLOC define
 2022-09-28 19:54:14 +02:00
John Safranek
9d9fa0132e Merge pull request #5622 from lealem47/sniffer_sequence 
Fix for sniffer to decode out of order packets
 2022-09-26 07:53:00 -07:00
John Safranek
b4077d80c9 Merge pull request #5620 from JacobBarthelmeh/Certs 
fix for return value of x509 print
 2022-09-25 19:32:52 -07:00
Daniel Pouzzner
f80fb7f1aa Merge pull request #5625 from dgarske/esp32_cleanups 
Fixes for various build configurations
 2022-09-23 20:46:44 -05:00
David Garske
2421727b1c Merge pull request #5441 from kareem-wolfssl/quietShutdown 
Make wolfSSL quiet_shutdown functions available when using OPENSSL_EXTRA_X509_SMALL.
 2022-09-23 14:40:29 -07:00
David Garske
606f58a851 Spelling and whitespace cleanups. 2022-09-23 13:58:58 -07:00
David Garske
7970d5d794 Merge pull request #5152 from SparkiDev/armv7a_neon_asm 
ARM ASM: ARMv7a with NEON instructions
 2022-09-23 08:46:03 -07:00
Lealem Amedie
a322e09150 Fix for sniffer to decode out of order packets 2022-09-22 15:12:51 -07:00
Jacob Barthelmeh
39815a53fa fix for return value of x509 print 2022-09-22 14:09:50 -06:00
John Safranek
f271bef7b5 Merge pull request #5618 from lealem47/dc 
Fix for incorrect DN NID and confusion with DC
 2022-09-21 15:00:25 -07:00
Lealem Amedie
f177d9364a Fix for incorrect DN NID and confusion with DC 2022-09-21 13:11:12 -07:00
tim-weller-wolfssl
62766b0758 Updates to remove warnings and build issues found with IAR tools. Update test function / example to avoid memory leak. Update to pass error codes along rather than mask them at lower levels. 
Make logic to avoid masking return error conditionally compiled based on STSAFE configuration

Update logic at second crypto-callback location to return error code rather than mask it
 2022-09-21 14:16:49 -05:00
David Garske
680182cab5 Merge pull request #5614 from rizlik/oobread 
Fix: parsing oob read in dtls1.3
 2022-09-21 10:08:32 -07:00
JacobBarthelmeh
2bf583aa57 Merge pull request #5526 from miyazakh/qt_jenkins_fix 
Fix qt nightly test failure
 2022-09-21 09:38:45 -06:00
Marco Oliverio
400d3c6963 dtls13: Dtls13ParseUnifiedRecordLayer: add overflow check 2022-09-21 16:01:35 +02:00
Marco Oliverio
804081e7c2 fix: GetDtls13RecordHeader:requires correct minimum size 2022-09-21 16:01:35 +02:00
David Garske
a36604079b Merge pull request #5609 from philljj/master 
Fixes DTLS 1.3 client use-after-free error
 2022-09-21 06:38:09 -07:00
Marco Oliverio
1a983b4a8f session: use plain buffer to store ticket nonce in ticket 2022-09-21 14:51:07 +02:00
jordan
427383233d Fix formatting, add check to not support plain HTTP requests in DTLS 2022-09-20 14:41:11 -05:00
David Garske
624aca80dc Merge pull request #5606 from julek-wolfssl/zd14813-cont 
0 len sz is allowed
 2022-09-20 09:49:17 -07:00
jordan
8336dbf366 Fixes DTLS 1.3 client use-after-free error 2022-09-20 09:17:08 -05:00
David Garske
73dbc873bd Merge pull request #5586 from julek-wolfssl/dtls-misc-security 
Add missing minor security checks
 2022-09-19 09:47:00 -07:00
Juliusz Sosinowicz
8ca4a6086e 0 len sz is allowed 
In async mode, we always store all handshake messages before processing them. The server hello done message has a length of 0 but we still need to store it to process it.
 2022-09-19 14:00:13 +02:00
Daniel Pouzzner
ac0d7f4d84 src/internal.c: 
in DtlsMsgNew(), iff WOLFSSL_ASYNC_CRYPT, allow sz==0 allocation, to fix infinite loop in ProcessReplyEx() around DoDtlsHandShakeMsg();

in DtlsMsgAssembleCompleteMessage() restore fix from 0603031362 for pointerOutOfBounds (undefined behavior) construct;

in ProcessReplyEx(), in WOLFSSL_DTLS13 case ack, check and propagate error from DoDtls13Ack() (fix from @guidovranken).
 2022-09-17 13:02:51 -05:00
Daniel Pouzzner
02cc7bf82e fix whitespace/linelength/indentation. 2022-09-17 12:53:37 -05:00
Chris Conlon
e6bd6a94a0 Merge pull request #5521 from TakayukiMatsuo/clientverify 2022-09-16 16:55:38 -06:00
JacobBarthelmeh
7a728c0c48 Merge pull request #5569 from SparkiDev/kyber 
Kyber: Add option to build Kyber API
 2022-09-16 14:56:02 -06:00
JacobBarthelmeh
c6f6086b15 Merge pull request #5576 from julek-wolfssl/dtls-windows 
Fix build errors and warnings for MSVC with DTLS 1.3
 2022-09-16 11:11:46 -06:00
Hideki Miyazaki
a948c78ac7 addressed review comments. remove Qt case guard 2022-09-16 21:25:42 +09:00
Juliusz Sosinowicz
9ef10b5435 Check return of DtlsMsgCreateFragBucket() 2022-09-16 12:13:12 +02:00
Hideki Miyazaki
a98cda3516 fix qsscertificate test failure 2022-09-16 07:48:05 +09:00
Juliusz Sosinowicz
4b3f6ada8a Do not allow 0 size DtlsMsg 2022-09-15 16:18:24 +02:00
Juliusz Sosinowicz
1941fb2b35 Keep a separate drop counter for each epoch 2022-09-15 15:49:05 +02:00
Juliusz Sosinowicz
67473bac28 Code review fixes 
- Mark old epochs as invalid so we don't attempt to decrypt with them
- Return a non-zero value if possible in unit tests
- Move Dtls13CheckAEADFailLimit to dtls13.c
- Reset state in processreply
 2022-09-15 14:39:33 +02:00
Juliusz Sosinowicz
63ba2f7b8f TLS 1.3: Check maximum records encrypted with one key set 2022-09-15 12:17:46 +02:00
Juliusz Sosinowicz
4e9106c355 Enforce maximum amount of failed decryptions in DTLS 1.3 2022-09-15 12:17:46 +02:00
TakayukiMatsuo
c7de58ebaf Add code to fallback to S/W if TSIP cannot handle 2022-09-15 11:16:37 +09:00
JacobBarthelmeh
f21b021bb6 Merge pull request #5590 from SparkiDev/tlsx_symbol_fix 
TLSX: function not used
 2022-09-14 09:10:56 -06:00
JacobBarthelmeh
8b641df116 Merge pull request #5588 from SparkiDev/tls13_cs_fixes 
TLSv1.3 cipher suites: fixes
 2022-09-14 09:06:31 -06:00
Sean Parkinson
e8d5cf9662 TLSX: function not used 2022-09-14 09:52:26 +10:00
Sean Parkinson
79d85f6c13 TLS cipher suite: improvements 
wolfSSL_clear: check return from InitSSL_Suites() call.
TLS13: check ClientHello cipher suite length is even.
Silently remove duplicate cipher suites from user input.
Add tests of duplicate cipher suite removal.
 2022-09-14 09:26:00 +10:00
JacobBarthelmeh
12ec2272d6 Merge pull request #5585 from icing/groups-key-share 
wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements.
 2022-09-13 10:36:25 -06:00
Anthony Hu
bcf4dbe697 Changes inspired by Feedback from Sean. 
Define WOLFSSL_HAVE_KYBER when HAVE_LIBOQS is defined.
Fix some misleading debug output.
Fix benchmarking logic.
 2022-09-13 10:07:28 -04:00
Anthony Hu
a2635be9e6 wolfCrypt support for external Kyber implementations (liboqs and pqm4) 2022-09-13 10:07:28 -04:00
Sean Parkinson
8c1e2c52e7 Kyber: Add option to build Kyber API 
wolfSSL Kyber implementation not included.
Added tests and benchmarking.
 2022-09-13 10:07:27 -04:00
Stefan Eissing
531f125925 Fix build without TLS13. 2022-09-13 11:18:27 +02:00
Stefan Eissing
bebb686217 Fixes for different build scenarios: 
- fix the type cast in SMALL_STACK builds
- only use new behviour when wolfSSL_set_groups() is available
 2022-09-13 11:10:59 +02:00
Juliusz Sosinowicz
112fc540bb Fix build errors and warnings for MSVC with DTLS 1.3 2022-09-13 10:13:44 +02:00
Sean Parkinson
5e945f94b4 TLSv1.3 cipher suites: fixes 
Handle multiple instances of the same cipher suite being in the server's
list.
Fix client order negotiation of cipher suite when doing pre-shared keys.
 2022-09-13 17:25:11 +10:00