wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 06:32:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,277 Commits 12 Branches 184 Tags
f414e65d4bfaabbff1003ca0ea5be5defeca69b3
Commit Graph

6235 Commits

Author SHA1 Message Date
Daniel Pouzzner
5a8c130040 fix whitespace 2022-06-14 09:43:05 -05:00
David Garske
0b78961111 Merge pull request #5186 from SparkiDev/pk_c_rework_1 
pk.c: rework
 2022-06-13 08:35:09 -07:00
Sean Parkinson
1de54ed8d7 Improve SessionSecret_callback code. 2022-06-13 10:43:09 +10:00
David Garske
cafe5646b6 Fix for TLS v1.1 length sanity check for large messages. 2022-06-10 13:35:06 -07:00
David Garske
d600a4b887 Spelling and Whitespace cleanups. Fix issue with trying to build pk.c directly and always getting warn even with WOLFSSL_IGNORE_FILE_WARN. 2022-06-10 09:06:55 -07:00
David Garske
49008b169c Merge pull request #5087 from haydenroche5/x509_print 
Add support for more extensions to wolfSSL_X509_print_ex.
 2022-06-10 08:19:23 -07:00
Sean Parkinson
890abfbefc pk.c: rework 
Re-order RSA functions.
Add comments to RSA functions.
Rework RSA function implementations.
 2022-06-10 09:54:32 +10:00
Hayden Roche
f479600066 Add support for more extensions to wolfSSL_X509_print_ex. 
- Key usage
- Extended key usage
- Subject alt name

Additionally, print out the criticality of the extensions.
 2022-06-09 16:50:10 +02:00
Daniel Pouzzner
088d378ba4 ssl.c:EncryptDerKey(): use XSTRLCPY() and XSTRLCAT() to build up cipherInfo, and remove XSTRCPY() macro from wolfssl/wolfcrypt/types.h (clang-tidy hates on it, albeit frivolously). 2022-06-07 08:22:48 -05:00
Daniel Pouzzner
711a900ff7 Merge pull request #5214 from lealem47/ghostFunc 
Removing ghosts and updating defines in openssl/buffer.h
 2022-06-06 17:05:33 -05:00
Lealem Amedie
07e0a6fa8e Removing ghost functions and fixing overflow warning in ssl.c 2022-06-06 11:33:26 -07:00
kaleb-himes
3bcdef1972 Fix various warnings and an uninitialized XFILE 2022-06-03 09:52:53 -06:00
Sean Parkinson
ee78e63b87 Merge pull request #5203 from dgarske/zd14289 
Fix the supported version extension to always check minDowngrade
 2022-06-03 08:31:36 +10:00
David Garske
2dd27c8d4a Fix the supported version extension to check the ssl->options.minDowngrade always. 2022-06-02 11:17:25 -07:00
Daniel Pouzzner
2e307e1cd3 tls13.c: fix null pointer deref in FreeDcv13Args(). 2022-06-02 10:32:05 -05:00
Juliusz Sosinowicz
3d71956b48 wolfssl-multi-test fixes: 
- Remove RetrySendAlert and SendAlert recursion
- args possible NULL dereference
 2022-06-02 16:08:25 +02:00
David Garske
9cfcdfc7aa Merge pull request #5149 from julek-wolfssl/store-frags-v2 
Re-use async to support WANT_WRITE while sending fragments
 2022-06-01 10:52:54 -07:00
Juliusz Sosinowicz
d29c656d4f SendAlert: clear output buffer to try and send the alert now 2022-06-01 16:48:57 +02:00
Juliusz Sosinowicz
df10e1fad2 Store RetrySendAlert error in ssl->error 2022-06-01 14:59:10 +02:00
Sean Parkinson
be743b2204 TLS 1.3: send ticket 
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
 2022-06-01 10:36:01 +10:00
Juliusz Sosinowicz
c74315f1ef Save pending alerts when using async io 
- Don't overwrite ssl->error
- Clear the error in ssl->error because the return of SendBuffered is now stored in ret instead
 2022-05-31 18:17:11 +02:00
David Garske
2ed85926d5 Merge pull request #5187 from kareem-wolfssl/hsHashesNull 
Confirm ssl->hsHashes is not NULL before attempting to dereference it.
 2022-05-30 10:41:35 -07:00
Juliusz Sosinowicz
8aa2da532c Combine preproc check into one statement 2022-05-30 15:27:36 +02:00
Juliusz Sosinowicz
8cb4819b53 Fix curve group matching on secure renegotiation 2022-05-27 21:26:55 +02:00
Juliusz Sosinowicz
50c0b3d2a2 Add testing/docs for blocking write 
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
 2022-05-27 21:26:55 +02:00
Kareem
98ec442b37 Confirm ssl->hsHashes is not NULL before attempting to dereference it. 2022-05-27 10:57:23 -07:00
Anthony Hu
df06db114d Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442 
Testing:

./autogen.sh
./configure --enable-psk
make all check

$ ./examples/server/server  -j -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!

$ ./examples/client/client  -s -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
 2022-05-27 11:05:55 -04:00
Juliusz Sosinowicz
4e8c362152 Allocate ssl->async seperately to the SSL object 2022-05-26 23:08:48 +02:00
Juliusz Sosinowicz
733fe1a8d3 Use WOLFSSL_ASYNC_IO for WOLFSSL_NONBLOCK_OCSP 
- Enable ssl->async to store function arguments for non-blocking OCSP
- Remove ssl->nonblockarg
 2022-05-26 23:08:48 +02:00
Juliusz Sosinowicz
c151dcec50 Re-use async to support WANT_WRITE while sending fragments 
- Async I/O can be turned off with WOLFSSL_NO_ASYNC_IO
- WOLFSSL_ASYNC_IO functionality enabled in SendCertificateVerify() and SendServerKeyExchange() to allow safe re-entry into SendHandshakeMsg()
- Testing size of structs is refactored int WOLFSSL_ASSERT_SIZEOF_GE()
 2022-05-26 23:08:48 +02:00
Eric Blankenhorn
2800d00bb4 Fix to move wolfSSL_ERR_clear_error outside gate for OPENSSL_EXTRA 2022-05-26 06:11:45 -05:00
David Garske
fa80aa6505 Merge pull request #5132 from JacobBarthelmeh/req 
Add support for additional CSR attributes
 2022-05-25 13:35:46 -07:00
David Garske
17d7098bf6 Merge pull request #5168 from rizlik/dtls_resume 
internal.c: dtls:  HelloVerifyRequest on resumption
 2022-05-25 11:23:08 -07:00
Marco Oliverio
6c0b65d655 internal.c: dtls: HelloVerifyRequest on resumption 2022-05-25 10:38:32 +02:00
David Garske
5aea58d1e8 Merge pull request #5175 from douzzer/20220524-shellcheck-warnings 
20220524-shellcheck-warnings
 2022-05-24 14:21:49 -07:00
David Garske
74cbd08ff5 Merge pull request #5164 from cconlon/x509date 
Remove WOLFSSL_ALT_NAMES restriction on notBefore/notAfter use in Cert struct
 2022-05-24 12:41:00 -07:00
Daniel Pouzzner
b66fa1680a fix whitespace. 2022-05-24 12:13:14 -05:00
Chris Conlon
6a26dab73a X.509 cert validity for CertFromX509() and EncodeCert() shouldn't be protected by WOLFSSL_ALT_NAMES 2022-05-24 10:28:46 -06:00
kareem-wolfssl
465a6ceb64 Merge pull request #4920 from SparkiDev/old_timing_pad_verify 
Make old less secure TimingPadVerify implementation available
 2022-05-23 13:43:59 -07:00
Chris Conlon
ec39ee2cb6 Merge pull request #5070 from miyazakh/crypto_only_flwup 2022-05-20 17:08:29 -06:00
David Garske
9427ebc5be Merge pull request #5160 from haydenroche5/tls_unique 
Provide access to "Finished" messages outside the compat layer.
 2022-05-19 21:30:30 -07:00
Hayden Roche
6d9fbf7ab3 Provide access to "Finished" messages outside the compat layer. 
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
 2022-05-19 16:34:13 -07:00
Daniel Pouzzner
5988f35593 src/wolfio.c: in EmbedReceiveFrom((), clear peer before recvfrom() to fix clang-analyzer-core.UndefinedBinaryOperatorResult; add DTLS_ prefix to macros SENDTO_FUNCTION and RECVFROM_FUNCTION, and gate their definitions on their being undefined to allow overrides. 2022-05-19 11:31:24 -05:00
Sean Parkinson
cd41c8beaf Merge pull request #5147 from rizlik/do_alert_reset 
internal.c:reset input/processReply state if exiting after DoAlert()
 2022-05-19 09:36:44 +10:00
Marco Oliverio
be172af3cd internal.c: check that we have data before processing messages 
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
 2022-05-18 18:49:33 +02:00
Marco Oliverio
6940a5eaae internal.c:reset input/processReply state if exiting after DoAlert() 2022-05-18 18:35:29 +02:00
John Safranek
40063f7487 Merge pull request #5109 from rizlik/dtls_peer_matching_fix 
wolfio: dtls: fix incorrect peer matching check
 2022-05-18 09:12:26 -07:00
Hideki Miyazaki
5de9c45161 resolve merge and conflict 2022-05-18 11:37:22 +09:00
Hideki Miyazaki
54a96cef06 add test case 2022-05-18 11:16:10 +09:00
Hideki Miyazaki
88abc9f3c1 addressed review comments 
add to call wc_ecc_rs_to_sig and wc_ecc_verify_has
 2022-05-18 11:16:07 +09:00