WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
17,794 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

17794 Commits (53fd4b37f2842c2094f739d7fbb6e310f72f7fc9)

Author SHA1 Message Date
David Garske 9450fa1412
Merge pull request #5375 from LinuxJedi/se050-private-key-add 
Add ECC private key insertion for SE050
 2022-07-20 12:42:13 -07:00
Kareem 741d61574b Make wolfSSL_CTX_clear_options available without OPENSSL_EXTRA. 2022-07-20 12:24:47 -07:00
Kareem 873890316c Don't require digital signature bit for static RSA cipher suites. 2022-07-20 12:08:20 -07:00
David Garske 564f79c91a
Merge pull request #5371 from douzzer/20220719-linuxkm-get_thread_size-no-thunks 
linuxkm: inhibit thunk generation in get_thread_size.
 2022-07-20 11:48:48 -07:00
David Garske 1c7f64cce9 Fixes for sniffer session ticket resumption with TLS v1.2. ZD14531. 2022-07-20 11:18:19 -07:00
David Garske b46a308544
Merge pull request #5361 from embhorn/zd14491 
Fix for build with NO_TLS
 2022-07-20 09:28:23 -07:00
Hayden Roche e6da540fb3 Fix backwards behavior for various wolfSSL_ERR* functions. 
wolfSSL_ERR_get_error and wolfSSL_ERR_peek_error_line_data should return the
earliest error in the queue (i.e. the error at the front), but prior to this
commit, they returned the latest/most recent one instead.

In DoAlert, we were adding an error to the queue for all alerts. However, a
close_notify isn't really an error. This commit makes it so DoAlert only adds
errors to the queue for non-close_notify alerts. In ReceiveData, similarly, we
were adding an error to the queue when the peer sent a close_notify, as
determined by ssl->error == ZERO_RETURN. Now, we don't add an error in this
case.
 2022-07-20 08:56:48 -07:00
Andrew Hutchings 07d2940757 Fix issue caused by undo in IDE 2022-07-20 16:42:09 +01:00
David Garske ab60865178
Merge pull request #5374 from julek-wolfssl/dtls-multiple-msgs 
ShrinkInputBuffer should not be called in the middle of ProcessReply
 2022-07-20 08:27:56 -07:00
Andrew Hutchings d7b4abfa0b Fixups to the SE050 ECC pkey insert function 2022-07-20 16:25:39 +01:00
David Garske 719e814841
Merge pull request #5370 from rizlik/dtls13_partial_read_fixes 
dtlsv1.3 fixes
 2022-07-20 08:03:29 -07:00
David Garske e4c1e71b38
Merge pull request #5364 from embhorn/zd14519 
Fix wolfSSL_Init error handling
 2022-07-20 08:03:08 -07:00
David Garske f4191a102b
Merge pull request #5304 from SKlimaRA/SKlimaRA/cert-pathlen 
drafted pathlen for cert struct
 2022-07-20 07:54:13 -07:00
David Garske aab2459d1f
Merge pull request #5372 from JacobBarthelmeh/copyright 
update copyright year to 2022
 2022-07-20 07:52:05 -07:00
David Garske c029b23043
Merge pull request #5308 from SparkiDev/ecies_gen_iv 
ECIES: Google Pay generates IV and places it before msg
 2022-07-20 06:46:14 -07:00
Marco Oliverio 2e0d53a07d fix: dtls13: use correct handshaketype on hello retry request 2022-07-20 15:25:50 +02:00
Marco Oliverio 3850e6b554 fix: dtls13: use aes for record numbers encryption if using aes-ccm 2022-07-20 15:25:50 +02:00
Marco Oliverio 066f17faad fix: dtls13: hello_retry_request type isn't an encrypted message 2022-07-20 15:25:50 +02:00
Marco Oliverio c0fc87342c tls13: avoid spurious state advances in connect/accept state machine 2022-07-20 15:25:50 +02:00
Marco Oliverio 11dfb713e9 openssl_compatible_default: use DTLSv1.0 as minDowngrade in DTLS 2022-07-20 15:25:46 +02:00
Marco Oliverio 6711756b03 dtls13: support stream-based medium 
Don't assume that the underlying medium of DTLS provides the full message in a
single operation. This is usually true for message-based socket (eg. using UDP)
and false for stream-based socket (eg. using TCP).

Commit changes:

- Do not error out if we don't have the full message while parsing the header.
- Do not assume that the record header is still in the buffer when decrypting
  the message.
- Try to get more data if we didn't read the full DTLS header.
 2022-07-20 14:53:07 +02:00
Juliusz Sosinowicz 40cb6e0853 ShrinkInputBuffer should not be called in the middle of ProcessReply 2022-07-20 11:57:48 +02:00
Andrew Hutchings ea34fb1643 Add ECC private key insertion for SE050 
This adds a utility function which allows an ECC private key to be
inserted into the SE050's permanent storage.
 2022-07-20 10:45:26 +01:00
Stanislav Klima 66c5a947fd XSTRNCPY, fixed typos 2022-07-20 08:56:59 +02:00
Sean Parkinson 09bba3510f ECIES: Google Pay ECIES 
Generates IV and places it before msg
Uses 12 byte IV with AES-CTR
Add API to explicitly set KDF salt.
 2022-07-20 09:30:47 +10:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Eric Blankenhorn 8b904e9082 Fix for build with NO_TLS 2022-07-19 11:12:18 -05:00
Daniel Pouzzner 0dac3ec022 linuxkm: inhibit thunk generation in get_thread_size. 2022-07-19 10:20:04 -05:00
Stanislav Klima 1a44bad8cc drafted test case for path len 2022-07-19 15:34:20 +02:00
Stanislav Klima 3d721bd533 more WOLFSSL_CERT_EXT 2022-07-19 11:00:36 +02:00
Stanislav Klima 6ce5f645f3 added ASN template code and WOLFSSL_CERT_EXT, still missing testcase 2022-07-19 10:38:47 +02:00
David Garske 9a3efb67b8
Merge pull request #5368 from lealem47/disableAes 
Fix for --disable-aes without --disable-aesgcm
 2022-07-18 15:05:59 -07:00
David Garske feb3f889af
Merge pull request #5369 from embhorn/zd14522 
Fix var init in wc_ecc_shared_secret
 2022-07-18 14:17:53 -07:00
Lealem Amedie cee9f9a871 Fix for --disable-aes without --disable-aesgcm 2022-07-18 10:26:20 -07:00
Chris Conlon c63abe398f
Merge pull request #5321 from miyazakh/tsip_add_usecase 2022-07-18 09:35:43 -06:00
Eric Blankenhorn f55fe7fccd Fix var init in wc_ecc_shared_secret 2022-07-18 09:13:07 -05:00
David Garske 218ab7e396
Merge pull request #5362 from haydenroche5/ssl_set_options_public 
Make wolfSSL_(get|set)_options available outside compat layer.
 2022-07-15 10:36:29 -07:00
Eric Blankenhorn e7303d697b Fix wolfSSL_Init error handling 2022-07-15 09:30:30 -05:00
Andrew Hutchings 8a757ef7cf
Merge pull request #5363 from dgarske/se050_curve25519 
Fixes for SE050 Curve25519 endianness
 2022-07-15 08:49:27 +01:00
Hideki Miyazaki 15725400a7
addressed review comments 5 2022-07-15 13:46:30 +09:00
Hayden Roche a1b7c29309 Make wolfSSL_(get|set)_options available outside compat layer. 
Also make wolfSSL_CTX_get_options available.
 2022-07-14 16:03:58 -07:00
David Garske dec8a7fd93 Fixes for SE050 Curve25519 endianness (SDK assumes little endian). Fix for ECC `se050_ecc_shared_secret` use of wrong pointer on error handle free. 2022-07-14 15:34:50 -07:00
David Garske 6cc2665a81
Merge pull request #5358 from SparkiDev/sp_int_armv6 
SP int ARM32: replace clz instruction when not supported
 2022-07-14 15:32:00 -07:00
Chris Conlon 350ff552c4
Merge pull request #5351 from kojo1/renesas-csp 2022-07-14 16:10:34 -06:00
JacobBarthelmeh abba59f735 order of array of names for asn template build 2022-07-14 13:15:59 -07:00
JacobBarthelmeh 8862e1f8cf resolve name conflict 2022-07-14 09:41:36 -07:00
David Garske e3c65d86d6
Merge pull request #5360 from LinuxJedi/se050-sign-fix-b 
Missed a small part of my original SE050 sign fix
 2022-07-14 06:39:11 -07:00
Hideki Miyazaki fd885d89eb
Added multi thread use case 
Improve not to use forward declaration struct definition

 - include ssl.h rather than forward declaration struct to resolve struct name
 - to include ssl.h, it needs to avoid cyclic reference for crypt structure. therefore, Sha and Aes definitions are moved to another header file
 2022-07-14 17:25:21 +09:00
Andrew Hutchings 3f390efb24 Missed a small part of my original SE050 sign fix 
Empty keyId handling now exists so we shouldn't return `BAD_FUNC_ARG`.
 2022-07-14 07:47:33 +01:00
Andrew Hutchings c211b90aab
Merge pull request #5357 from dgarske/se050_fixes 
Fixes for SE050 ED25519 private key loading and Curve25519/ECC handle leak
 2022-07-14 07:14:54 +01:00