wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 08:39:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,591 Commits 12 Branches 184 Tags
01808bebcab11d9e05a76a75310cd5e5cb5d5db3
Commit Graph

8425 Commits

Author SHA1 Message Date
jordan
95e26f5b27 coverity: dereference before null check. 2025-02-19 23:23:41 -05:00
Sean Parkinson
82b50f19c6 ML-KEM/Kyber: improvements 
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
 2025-02-20 08:14:15 +10:00
JacobBarthelmeh
539056e749 Merge pull request #8475 from embhorn/gh8473 
Fix QUIC callback failure
 2025-02-19 14:00:47 -07:00
Eric Blankenhorn
66ed35c910 Fix QUIC callback failure 2025-02-19 10:56:44 -06:00
Marco Oliverio
7db3c34e2b ocsp: enable OPENSSL tlsext status cb for NGINX and HAPROXY 2025-02-17 14:53:49 +00:00
Marco Oliverio
a1d1f0ddf1 ocsp: enable SSL_CTX_set_tlsext_status_cb only in OPENSSL_ALL 2025-02-17 11:29:09 +00:00
Marco Oliverio
0945101948 ocsp: fix: remove duplicated code 2025-02-17 11:25:24 +00:00
Marco Oliverio
1eecf326fd ocsp: use ocspReponse->heap in OcspFindSigner + minors 2025-02-17 08:59:29 +00:00
Marco Oliverio
c1c9af5cb6 minor: improve indentation of guards 2025-02-17 08:59:29 +00:00
Marco Oliverio
851d74fd69 ocsp-resp-refactor: address reviewer's comments 2025-02-17 08:59:29 +00:00
Marco Oliverio
3a3238eb9f ocsp: refactor wolfSSL_OCSP_response_get1_basic 
The internal fields of OcspResponse refer to the resp->source buffer.
Copying these fields is complex, so it's better to decode the response again.
 2025-02-17 08:58:03 +00:00
Marco Oliverio
f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify 
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
 2025-02-17 08:58:03 +00:00
Marco Oliverio
d7711f04ab openssl compat: skip OCSP response verification in statusCb 
This aligns with OpenSSL behavior
 2025-02-17 08:58:02 +00:00
Marco Oliverio
dedbb2526c ocsp: fix memory leaks in OpenSSL compat layer 2025-02-17 08:58:02 +00:00
David Garske
842b9a3709 Merge pull request #8433 from julek-wolfssl/dtls-cid-negative-tests 
Update DTLS CID Tests and Reorganize Test Utilities
 2025-02-14 11:26:57 -08:00
David Garske
29f2767b88 Merge pull request #8441 from philljj/wolfio_comments 
wolfio: comment ifdef endif blocks.
 2025-02-14 08:55:31 -08:00
David Garske
3075e57207 Whitespace and filename comment. 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
7380ec68bb cmake.yml: fix error and run tests with ctest 2025-02-14 09:51:29 -06:00
jordan
f2bb063ca4 wolfio: peer review comment cleanup. 2025-02-14 08:36:26 -05:00
Daniel Pouzzner
60c1558142 Merge pull request #8447 from dgarske/memleak 
Fixed possible memory leaks
 2025-02-14 00:26:09 -06:00
Colton Willey
e197cdfb36 Fix memory leak in X509 STORE 2025-02-13 14:49:18 -08:00
David Garske
f943f6ff5c Fixed possible memory leaks reported by nielsdos in PR 8415 and 8414. 2025-02-13 08:20:37 -08:00
David Garske
846ba43a29 Merge pull request #8392 from SparkiDev/curve25519_blinding 
Curve25519: add blinding when using private key
 2025-02-12 16:20:51 -08:00
Sean Parkinson
365aac0306 Merge pull request #8393 from anhu/draft-tls-westerbaan-mldsa 
New codepoint for MLDSA
 2025-02-13 10:20:30 +10:00
Sean Parkinson
bb84ebfd7a Curve25519: add blinding when using private key 
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
 2025-02-13 08:52:35 +10:00
Anthony Hu
aa59eab732 More minor mods. Now interops with oqs-provider. 2025-02-12 17:17:22 -05:00
jordan
9dfcc6a477 wolfio: comment ifdef endif blocks. 2025-02-12 09:51:51 -05:00
Sean Parkinson
bcd89b0592 Merge pull request #8388 from julek-wolfssl/BN_CTX_get 
Implement BN_CTX_get
 2025-02-12 08:08:58 +10:00
David Garske
be5f203274 Merge pull request #8425 from philljj/ecdsa_mldsa_test_api 
dual alg: add ML-DSA test, and misc cleanup.
 2025-02-10 15:05:44 -08:00
jordan
557e43bcd7 dual alg: peer review cleanup, and more function comments. 2025-02-10 10:08:35 -05:00
jordan
937d6d404a dual alg: clean up comments and line lengths. 2025-02-07 09:22:16 -05:00
Daniel Pouzzner
1e17d737c8 "#undef _WINSOCKAPI_" after defining it to "block inclusion of winsock.h header file", to fix #warning in /usr/x86_64-w64-mingw32/usr/include/winsock2.h. 2025-02-06 18:41:20 -06:00
Sean Parkinson
ae8b8c4164 Read DER BIO: fix for when BIO data is less than seq buffer size 
wolfssl_read_der_bio did not not handle the length to be read from the
BIO being less than the size of the sequence buffer.
 2025-02-07 08:46:49 +10:00
jordan
035d4022fb dual alg: add ML-DSA test, and misc cleanup. 2025-02-06 15:50:37 -05:00
David Garske
60c5a0ac7f Peer review feedback. Thank you @jmalak 2025-02-04 14:32:24 -08:00
David Garske
345c969164 Fixes for Watcom compiler and new CI test 
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
 2025-02-04 12:38:52 -08:00
Daniel Pouzzner
b466bde5d0 src/internal.c and src/ssl.c: in CheckcipherList() and ParseCipherList(), refactor "while (next++)" to "while (next)" to avoid clang21 UndefinedBehaviorSanitizer "applying non-zero offset 1 to null pointer". 2025-02-04 12:07:29 -06:00
Juliusz Sosinowicz
8b7b9636aa Remove BN_CTX_init as its no longer in OpenSSL for a long time 2025-02-04 16:37:21 +01:00
Juliusz Sosinowicz
91bffeead3 wolfSSL_BN_CTX_get: prepend to list skipping need to traverse the list 2025-02-04 16:37:21 +01:00
Juliusz Sosinowicz
841d13e81c Implement BN_CTX_get 2025-02-04 16:37:21 +01:00
Sean Parkinson
92491e6368 TLS 1.3 HRR KeyShare: Improve comments 
HelloRetryRequest has the key exchange group it wants to use.
A KeyShare for that group must not have been in the ClientHello.
 2025-02-04 10:16:27 +10:00
Sean Parkinson
eb15a1213c Merge pull request #8416 from embhorn/zd19323 
Clear old ssl->error after retry
 2025-02-04 08:54:10 +10:00
Eric Blankenhorn
e9892c22a2 Clear old ssl->error after retry 2025-02-03 14:18:09 -06:00
Eric Blankenhorn
b488af1d34 Fix compat layer ASN1_TIME_diff to accept NULL output params 2025-01-31 15:55:35 -06:00
Sean Parkinson
3f47963802 Merge pull request #8396 from douzzer/20250129-CT-tweaks 
20250129-CT-tweaks
 2025-01-31 09:10:22 +10:00
Juliusz Sosinowicz
c36d23029f dtls: malloc needs to allocate the size of the dereferenced object 2025-01-30 18:32:22 +01:00
Juliusz Sosinowicz
9a8bc248de dtls: remove dead code 2025-01-30 18:32:22 +01:00
Juliusz Sosinowicz
3cd64581eb dtls: better sanitize incoming messages in stateless handling 2025-01-30 18:32:22 +01:00
Juliusz Sosinowicz
2590aebfd9 dtls13: don't overrun hdr->epoch 2025-01-30 17:59:48 +01:00
Daniel Pouzzner
0de38040f4 CT tweaks: 
in wolfcrypt/src/coding.c, add ALIGN64 to hexDecode[], and add hexEncode[] for use by Base16_Encode();

in wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h:

move ctMask*() up so that min() and max() can use them, and add ctMaskWord32GTE();

add ALIGN64 to kHexChar[];

add CT implementation of CharIsWhiteSpace();

remove min_size_t() and max_size_t() recently added, but only one user (refactored).
 2025-01-30 01:24:40 -06:00