wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 14:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,457 Commits 12 Branches 184 Tags
fc86e6a96007fa39ecd63d6e8fea414efed79eae
Commit Graph

4514 Commits

Author SHA1 Message Date
John Safranek
fc86e6a960 Fix a double error return. 2020-10-16 18:18:47 -07:00
John Safranek
ec0aab1a23 DH Fix 
1. Check the length values for the DH key domain and public key in the
   server key exchange message to make sure they are within the bounds
   set by the configuration. (Minimum key size is 2048 bits for DH.)
 2020-10-16 16:28:27 -07:00
John Safranek
4364700c01 DH Fix 
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
   doesn't need to be in the check for weOwnDh before freeing. There
   could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
   destination buffer should be stored at the location pointed to by the
   size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
   value before generating or getting the DH keys.
 2020-10-16 15:35:23 -07:00
toddouska
1c4b15d427 Merge pull request #3369 from dgarske/sniffer_ccm 
Add AES CCM support to sniffer
 2020-10-14 14:31:57 -07:00
toddouska
8898abcc99 Merge pull request #3378 from dgarske/zd11085 
Fixes SSLv3 use of ECDH in sniffer
 2020-10-14 14:30:15 -07:00
David Garske
232028d03b Merge pull request #3386 from ejohnstown/dh-maint 
Fuzz Fix
 2020-10-13 15:47:11 -07:00
David Garske
048a3a8d5b Merge pull request #3374 from JacobBarthelmeh/Testing 
NO_FILESYSTEM build on Windows
 2020-10-13 13:26:46 -07:00
John Safranek
422683f4c3 Fuzz Fix 
GetPublicDhKey() assumes the ssl session owns the DH public key parts, and
tries to free them. They belong to the CTX initially, so it shouldn't be
freeing them, necessarily.

1. Add a check for weOwnDh first, then free the buffers if needed.
2. If there is a problem reading the keys, free the new buffers before exiting.
3. Set weOwnDh once the buffers and values have been stored
   successfully.
 2020-10-13 10:15:58 -07:00
David Garske
0d685e4f28 Merge pull request #3358 from douzzer/wolfSSL_get_ocsp_producedDate 
add wolfSSL_get_ocsp_producedDate().
 2020-10-12 15:21:10 -07:00
John Safranek
0ca202f389 Rename SKIP_SUITE to something more descriptive. Add some comments. 2020-10-12 09:49:02 -07:00
John Safranek
a05a305d70 Fix unused parameters in SKIP_SUITE. 2020-10-09 15:59:14 -07:00
John Safranek
6cfb038d11 Fix a bad ifdef. 2020-10-09 15:54:44 -07:00
John Safranek
2d85061c47 Maintenance Fixes 
Improve the reporting of the NTRU based cipher suites with the function
wolfSSL_sk_CIPHER_description().
 2020-10-09 15:01:39 -07:00
John Safranek
d8299e2764 Maintenance Fixes 
When building the list of ciphers with wolfSSL_get_ciphers_compat(),
skip the fake indicator ciphers like the renegotiation indication
and the quantum-safe hybrid since they do not have encryption or mac
algorithms associated to them.
 2020-10-09 15:01:38 -07:00
David Garske
f3fbb921c0 Fixes SSLv3 use of ECDH. The public key length byte needs to be skipped for import with SSLv3 and TLS (not TLS v1.3). ZD 11085 2020-10-09 12:01:41 -07:00
JacobBarthelmeh
bfb10ddfb5 NO_FILESYSTEM build on Windows 2020-10-09 09:45:00 -07:00
Daniel Pouzzner
570f55a0e3 wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac. 2020-10-08 23:26:28 -05:00
Daniel Pouzzner
7a77b6d990 rename wolfSSL_get_ocsp_producedDate(WOLFSSL *, struct tm *) to wolfSSL_get_ocsp_producedDate_tm(), and add wolfSSL_get_ocsp_producedDate() accessing the raw ASN.1 producedDate; fix location of prototypes in ssl.h to obtain proper conditionalization; omit frivolous nullness test on ssl->ocspProducedDate (always true). 2020-10-08 22:47:16 -05:00
Daniel Pouzzner
e162d0f889 add wolfSSL_get_ocsp_producedDate(). 2020-10-08 22:47:16 -05:00
toddouska
4d11e3c83b Merge pull request #3365 from SparkiDev/ticket_align 
SSL session ticket: decrypted ticket access aligned
 2020-10-08 15:01:41 -07:00
David Garske
8a57eead51 Add AES CCM support to sniffer. ZD 11078. 2020-10-08 13:58:31 -07:00
Sean Parkinson
4f6c1db9a2 Merge pull request #3355 from douzzer/enable-more-all 
--enable-all coverage update, plus --enable-all-crypto and --enable-linuxkm-defaults
 2020-10-08 09:52:56 +10:00
Sean Parkinson
8d82fb2add SSL session ticket: decrypted ticket access aligned 
Decrypted session ticket using encrypted ticket buffer.
Alignment not correct on platforms requiring 32-bit aligned access.
Copy the decrypted data into temporary for access.
Also zeroize the unencrypted tickets after use.
 2020-10-08 08:56:49 +10:00
David Garske
4f3632c7a6 Fix for sniffer without TLS v1.3 (--enable-sniffer --disable-tls13). ZD11064. 2020-10-07 11:08:05 -07:00
Daniel Pouzzner
1c492dc0b6 cosmetic cleanups. 2020-10-06 22:14:08 -05:00
Daniel Pouzzner
a522207b14 fix memory leaks in src/internal.c:DoSessionTicket() and testsuite/testsuite.c:file_test(). 2020-10-01 14:38:26 -05:00
Daniel Pouzzner
2ed8f93592 src/internal.c: fix memory leaks in ProcessPeerCerts() and GetDhPublicKey(). 2020-10-01 14:38:26 -05:00
Kareem Abuobeid
d59784e646 Fix issues found by -fsanitize=thread. 2020-09-30 14:24:20 -07:00
toddouska
20d28e1b65 Merge pull request #3221 from julek-wolfssl/wolfSSL_dtls_import-const-buf 
Change buffer in wolfSSL_dtls_import to be const
 2020-09-30 10:45:25 -07:00
David Garske
3e0d478543 Fix for sniffer with TLS v1.2 session ticket. Logic broken in PR #3044. ZD 10926. 2020-09-29 11:11:32 -07:00
David Garske
7d33312f4b Merge pull request #3339 from ejohnstown/dtls-flag 
DTLS Flag
 2020-09-25 17:05:22 -07:00
John Safranek
b36877c20b DTLS Flag 
Fix an ifdef flag that should have been WOLFSSL_DTLS, not HAVE_DTLS.
 2020-09-25 10:49:34 -07:00
David Garske
5ef5c279b5 Fix for previous max fragment commit to correctly process a TLS packet with multiple handshake messages. Fix to free the wolfSSL objects first then wolfSSL_CTX. 2020-09-24 15:53:12 -07:00
David Garske
bbaf4090b8 Fixes for sniffer when using static ECC keys. Adds TLS v1.2 ECC key fallback detection and fixes new ECC RNG requirement for timing resistance. 2020-09-24 15:03:26 -07:00
David Garske
7cfbc598ed Fix to not assume TLS v1.3 based on extended key share extension. 2020-09-24 13:05:01 -07:00
David Garske
bc960a9c25 Fix for sniffer with SNI enabled to properly handle WOLFSSL_SUCCESS error code in ProcessClientHello. ZD 10926 2020-09-24 13:05:01 -07:00
David Garske
7e2d44ba9a Fix possible unused rhSize. 2020-09-24 13:05:01 -07:00
David Garske
b5163bd1fa Added support for 802.11Q VLAN frames. Fix build error with unused "ret" when building with WOLFSSL_SNIFFER_WATCH. Fixed bad characters in sniffer README.md configure example. 2020-09-24 13:05:01 -07:00
David Garske
ce1c1fe0a6 Fix for sniffer using HAVE_MAX_FRAGMENT in "certificate" type message. ZD 10903 2020-09-24 13:05:01 -07:00
toddouska
1668f6f626 Merge pull request #3244 from douzzer/20200820-linuxkm 
Linux Kernel Module support
 2020-09-24 12:57:22 -07:00
toddouska
d75d3108b0 Merge pull request #3314 from SparkiDev/evp_hmac_sha3 
Test wolfSSL_HMAC with SHA-3
 2020-09-24 12:48:40 -07:00
Daniel Pouzzner
09b9ac8b86 add AM_CONDITIONAL([BUILD_DEBUG],...) to configure.ac, and use it to gate inclusion of wolfcrypt/src/debug.c in src/include.am; remove superfluous includes from wolfcrypt/src/debug.c. 2020-09-23 18:32:17 -05:00
Daniel Pouzzner
6a3da9477e fix --enable-stacksize[-verbose] (HAVE_STACK_SIZE[_VERBOSE]) to work correctly in testsuite.c. 2020-09-23 18:32:17 -05:00
Daniel Pouzzner
60a686f48c tidying suggested by Sean in review. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
63e3eae416 src/wolfio.c: update patch to wolfIO_HttpProcessResponse() (PR #3204). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
87b2384cac linuxkm settings.h: define NO_STDIO_FILESYSTEM 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
05bca8b0ee when BUILD_LINUXKM, suppress building the library; rename $KROOT/$KARCH to $KERNEL_ROOT/$KERNEL_ARCH; remove SIMD enablement from linuxkm CFLAGS; add linuxkm support for -DKERNEL_OPT=x. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
925afe3b74 cast XMALLOC() return values assiduously, for Visual Studio compatibility. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
f5975d95db src/ssl.c: use heap for workspace in wolfSSL_X509_sign(), wolfSSL_d2i_RSAPrivateKey_bio(), and wolfSSL_CTX_use_RSAPrivateKey(). 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
0e480d1a14 Linux KM compilability cont'd: conform to C89isms (declarations before statements); iffdef WOLFSSL_LINUXKM use do_div() for long long division rather than C operator (avoids unresolvable compile-time callouts to libgcc function); misc gating and relocations for includes. 2020-09-23 18:32:15 -05:00