wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 14:49:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,265 Commits 12 Branches 184 Tags
ebb378096a65ab241d77e4d4d4255eb20fe95c59
Commit Graph

6636 Commits

Author SHA1 Message Date
Marco Oliverio
a7a7a25ab0 ssl: move wolfSSL_GetSide outside ATOMIC_USER guard 2022-10-05 20:29:23 +02:00
Marco Oliverio
de6187f599 tls: send protocol_version fatal alert on version mismatch 
see rfc5246 Appendix E
 2022-10-05 20:29:23 +02:00
David Garske
bba3193f9c Merge pull request #5595 from haydenroche5/async_ticket_dec_fix 
Handle WC_PENDING_E from ticketEncCb in DoClientTicket properly.
 2022-09-29 14:41:35 -07:00
David Garske
26f01168b5 Merge pull request #5645 from rizlik/fix_bad_heap_hint 
fix: tls13: fix wrong heap hint argument of XFREE
 2022-09-29 13:06:31 -07:00
David Garske
ab44c89ab4 Merge pull request #5626 from haydenroche5/load_system_root_certs 
Add a function to load system CA certs into a WOLFSSL_CTX.
 2022-09-29 11:03:26 -07:00
David Garske
a5a9ab96e6 Merge pull request #5524 from rizlik/protocol_version_alerts 
Dtls13: improvements
 2022-09-29 10:59:06 -07:00
Marco Oliverio
32eca32c97 fix: tls13: fix wrong heap hint argument of XFREE 2022-09-29 17:56:59 +02:00
Sean Parkinson
754d274d8c Merge pull request #5593 from rizlik/ticket_nonce_size 
tls13: support ticketNonce with size bigger than MAX_TICKET_NONCE_SZ
 2022-09-29 08:11:22 +10:00
Marco Oliverio
56d6087749 tls13: support ticketNonce bigger than MAX_TICKET_NONCE_SZ 
to enable it, use WOLFSSL_TICKET_NONCE_MALLOC define
 2022-09-28 19:54:14 +02:00
Marco Oliverio
aa5d074d23 dtls13: abide g++ compiler errors 
```
src/tls13.c:5330:72: error: invalid conversion from 'void*' to 'const byte*' {aka 'const unsigned char*'} [-fpermissive]
 5330 |             ret = wc_HmacUpdate(&cookieHmac, ssl->buffers.dtlsCtx.peer.sa,
      |                                              ~~~~~~~~~~~~~~~~~~~~~~~~~~^~
      |                                                                        |
      |                                                                        void*
./wolfssl/wolfcrypt/hmac.h:191:55: note:   initializing argument 2 of 'int wc_HmacUpdate(Hmac*, const byte*, word32)'
  191 | WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz);
```
 2022-09-28 18:42:39 +02:00
Juliusz Sosinowicz
d8e10d8ef4 DTLS 1.3: Always reset state on HRR 2022-09-28 18:42:39 +02:00
Juliusz Sosinowicz
c72d315325 DTLS 1.3: Don't add HRR to ssl->dtls13Rtx 
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2022-09-28 18:42:38 +02:00
Juliusz Sosinowicz
145086f776 DTLS 1.3: Clear ssl->dtls13SendingAckOrRtx in ssl.c 2022-09-28 18:42:38 +02:00
Marco Oliverio
b3ecdd2ecb dtls13: support stateless cookie exchange on blocking socket 2022-09-28 18:42:38 +02:00
Marco Oliverio
0b525a52c4 tls13: send protocol_version alert on failed version negotiation 2022-09-28 18:42:38 +02:00
Marco Oliverio
88ec118e89 dtls13: drop unencrypted messages after epoch 1 2022-09-28 18:42:38 +02:00
Marco Oliverio
400671dc7c dtls: drop non-handshake messages before cookie exchange 2022-09-28 18:42:38 +02:00
Hayden Roche
8cae05348c Add a function to load system CA certs into a WOLFSSL_CTX. 
This new function, wolfSSL_CTX_load_system_CA_certs, currently only supports
Linux-based OS's. It searches through conventional CA directories and once it
finds one, attempts to load CA certs from it. After the first directory is
found, we don't check the others.

This commit also adds a function wolfSSL_get_system_CA_dirs, which returns a
pointer to an array of directories where wolfSSL_CTX_load_system_CA_certs will
look for CA certs. This is used in a unit test, where we only want to expect
success if one of these directories actually exists on the test system.

Finally, this commit adds support for SSL_CTX_set_default_verify_paths to the
compatibility layer. It doesn't model the exact behavior of its OpenSSL
counterpart; it's mostly a wrapper around wolfSSL_CTX_load_system_CA_certs,
manipulating the return value of that function to conform to OpenSSL's
conventions.
 2022-09-28 08:50:46 -07:00
John Safranek
9d9fa0132e Merge pull request #5622 from lealem47/sniffer_sequence 
Fix for sniffer to decode out of order packets
 2022-09-26 07:53:00 -07:00
John Safranek
b4077d80c9 Merge pull request #5620 from JacobBarthelmeh/Certs 
fix for return value of x509 print
 2022-09-25 19:32:52 -07:00
Daniel Pouzzner
f80fb7f1aa Merge pull request #5625 from dgarske/esp32_cleanups 
Fixes for various build configurations
 2022-09-23 20:46:44 -05:00
David Garske
2421727b1c Merge pull request #5441 from kareem-wolfssl/quietShutdown 
Make wolfSSL quiet_shutdown functions available when using OPENSSL_EXTRA_X509_SMALL.
 2022-09-23 14:40:29 -07:00
David Garske
606f58a851 Spelling and whitespace cleanups. 2022-09-23 13:58:58 -07:00
David Garske
7970d5d794 Merge pull request #5152 from SparkiDev/armv7a_neon_asm 
ARM ASM: ARMv7a with NEON instructions
 2022-09-23 08:46:03 -07:00
Lealem Amedie
a322e09150 Fix for sniffer to decode out of order packets 2022-09-22 15:12:51 -07:00
Jacob Barthelmeh
39815a53fa fix for return value of x509 print 2022-09-22 14:09:50 -06:00
John Safranek
f271bef7b5 Merge pull request #5618 from lealem47/dc 
Fix for incorrect DN NID and confusion with DC
 2022-09-21 15:00:25 -07:00
Lealem Amedie
f177d9364a Fix for incorrect DN NID and confusion with DC 2022-09-21 13:11:12 -07:00
tim-weller-wolfssl
62766b0758 Updates to remove warnings and build issues found with IAR tools. Update test function / example to avoid memory leak. Update to pass error codes along rather than mask them at lower levels. 
Make logic to avoid masking return error conditionally compiled based on STSAFE configuration

Update logic at second crypto-callback location to return error code rather than mask it
 2022-09-21 14:16:49 -05:00
David Garske
680182cab5 Merge pull request #5614 from rizlik/oobread 
Fix: parsing oob read in dtls1.3
 2022-09-21 10:08:32 -07:00
JacobBarthelmeh
2bf583aa57 Merge pull request #5526 from miyazakh/qt_jenkins_fix 
Fix qt nightly test failure
 2022-09-21 09:38:45 -06:00
Marco Oliverio
400d3c6963 dtls13: Dtls13ParseUnifiedRecordLayer: add overflow check 2022-09-21 16:01:35 +02:00
Marco Oliverio
804081e7c2 fix: GetDtls13RecordHeader:requires correct minimum size 2022-09-21 16:01:35 +02:00
David Garske
a36604079b Merge pull request #5609 from philljj/master 
Fixes DTLS 1.3 client use-after-free error
 2022-09-21 06:38:09 -07:00
Marco Oliverio
1a983b4a8f session: use plain buffer to store ticket nonce in ticket 2022-09-21 14:51:07 +02:00
jordan
427383233d Fix formatting, add check to not support plain HTTP requests in DTLS 2022-09-20 14:41:11 -05:00
David Garske
624aca80dc Merge pull request #5606 from julek-wolfssl/zd14813-cont 
0 len sz is allowed
 2022-09-20 09:49:17 -07:00
jordan
8336dbf366 Fixes DTLS 1.3 client use-after-free error 2022-09-20 09:17:08 -05:00
Marco Oliverio
05b6cb5279 internal: drops bad DTLS records on established connection 2022-09-20 11:18:30 +02:00
Marco Oliverio
655ac3e822 refactor: new define to remove some preprocessor directives 2022-09-20 11:18:26 +02:00
David Garske
73dbc873bd Merge pull request #5586 from julek-wolfssl/dtls-misc-security 
Add missing minor security checks
 2022-09-19 09:47:00 -07:00
Juliusz Sosinowicz
8ca4a6086e 0 len sz is allowed 
In async mode, we always store all handshake messages before processing them. The server hello done message has a length of 0 but we still need to store it to process it.
 2022-09-19 14:00:13 +02:00
Daniel Pouzzner
ac0d7f4d84 src/internal.c: 
in DtlsMsgNew(), iff WOLFSSL_ASYNC_CRYPT, allow sz==0 allocation, to fix infinite loop in ProcessReplyEx() around DoDtlsHandShakeMsg();

in DtlsMsgAssembleCompleteMessage() restore fix from 0603031362 for pointerOutOfBounds (undefined behavior) construct;

in ProcessReplyEx(), in WOLFSSL_DTLS13 case ack, check and propagate error from DoDtls13Ack() (fix from @guidovranken).
 2022-09-17 13:02:51 -05:00
Daniel Pouzzner
02cc7bf82e fix whitespace/linelength/indentation. 2022-09-17 12:53:37 -05:00
Chris Conlon
e6bd6a94a0 Merge pull request #5521 from TakayukiMatsuo/clientverify 2022-09-16 16:55:38 -06:00
JacobBarthelmeh
7a728c0c48 Merge pull request #5569 from SparkiDev/kyber 
Kyber: Add option to build Kyber API
 2022-09-16 14:56:02 -06:00
JacobBarthelmeh
c6f6086b15 Merge pull request #5576 from julek-wolfssl/dtls-windows 
Fix build errors and warnings for MSVC with DTLS 1.3
 2022-09-16 11:11:46 -06:00
Hideki Miyazaki
a948c78ac7 addressed review comments. remove Qt case guard 2022-09-16 21:25:42 +09:00
Juliusz Sosinowicz
9ef10b5435 Check return of DtlsMsgCreateFragBucket() 2022-09-16 12:13:12 +02:00
Hideki Miyazaki
a98cda3516 fix qsscertificate test failure 2022-09-16 07:48:05 +09:00