Commit Graph

17559 Commits

Author SHA1 Message Date
David Garske 03a32250da Fix for KCAPI HMAC forcing use of software for HKDF. 2022-07-08 09:06:30 -07:00
David Garske 3d124c093e Fix PK function name in log. Remove the ECC logging (spams benchmark with --enable-debug). 2022-07-08 09:06:08 -07:00
David Garske 905f71d80d Fix with macro redefinition error if building with NO_WOLFSSL_ALLOC_ALIGN. 2022-07-08 09:05:29 -07:00
JacobBarthelmeh f7595cc77d Merge pull request #5338 from julek-wolfssl/tcp-sendto
sendto can't specify addr on a TCP socket
2022-07-08 09:39:39 -06:00
David Garske a2b75e313a Merge pull request #5339 from douzzer/20220708-DUW_TEST-bugprone-macro-parentheses
tests/api.c: fix bugprone-macro-parentheses in DUW_TEST().
2022-07-08 07:46:20 -07:00
Daniel Pouzzner 48d3cf593e tests/api.c: fix bugprone-macro-parentheses in DUW_TEST(). 2022-07-08 07:57:29 -05:00
Juliusz Sosinowicz 251642a44a sendto can't specify addr on a TCP socket
From the man page
       If  sendto()  is used on a connection-mode (SOCK_STREAM, SOCK_SEQPACKET) socket, the arguments dest_addr and
       addrlen are ignored (and the error EISCONN may be returned when they are not NULL  and  0),  and  the  error
       ENOTCONN  is  returned  when the socket was not actually connected.
2022-07-08 12:14:23 +02:00
David Garske 58cb91602d Merge pull request #5337 from douzzer/20220707-DtlsUpdateWindowGTSeq-overshift
20220707-DtlsUpdateWindowGTSeq-overshift
2022-07-07 21:53:26 -07:00
David Garske c9e9a421e9 Merge pull request #5336 from SparkiDev/aes_ctr_opt
AES-CTR: improve performance when multiple blocks
2022-07-07 21:51:08 -07:00
Daniel Pouzzner 91438c1087 wolfssl/wolfcrypt/settings.h: refactor Math Library Selection for clarity, and to include WOLFSSL_SP_MATH as an available math back end. 2022-07-07 21:02:16 -05:00
David Garske 49d292ec4f Merge pull request #5335 from SparkiDev/ecc_imp_exp_fix
ECC import and export fixes
2022-07-07 17:52:20 -07:00
Daniel Pouzzner b952c2f777 src/internal.c: add codepath in _DtlsUpdateWindowGTSeq() to avoid a word32 overshift. 2022-07-07 19:36:20 -05:00
Sean Parkinson 2bfac42d65 AES-CTR: improve performance when multiple blocks
When in and out aren't the same pointer, for multiples of block size
input:
  - generate the counters into the output buffer
  - encrypt output buffer
  - XOR in the input
Faster than encrypting a block at a time.
2022-07-08 09:56:20 +10:00
Sean Parkinson 70b9833e98 ECC import and export fixes
On raw import, don't import ordinates that are larger than the curve
size.
On export of compressed point, don't export ordinate if it is larger
than the curve size.
2022-07-08 08:54:53 +10:00
David Garske 4e1e1e922a Merge pull request #5278 from ejohnstown/dtls-seq
Refactor DTLS Window Update (Fix #5211)
2022-07-07 10:22:21 -07:00
Chris Conlon 5e453ad932 Merge pull request #5323 from SparkiDev/sha512_arm32_asm_align 2022-07-07 09:47:37 -06:00
Juliusz Sosinowicz e295328436 Fix window handling around word32 boundary 2022-07-07 17:37:10 +02:00
David Garske a771baf551 Merge pull request #5332 from SparkiDev/memusage_fix_2
SP math: fix configure.ac to allow its use
2022-07-07 07:40:13 -07:00
David Garske 738d79c5d5 Merge pull request #5330 from SparkiDev/aesni_no_sse4
AESNI: fix configure to use minimal compiler flags
2022-07-06 20:44:40 -07:00
Daniel Pouzzner 2111d6b179 Merge pull request #5322 from SparkiDev/sp_math_all_arm32_div_word_fix
SP math all: fix div word for ARM32
2022-07-06 22:18:07 -05:00
Sean Parkinson 74baa0dafa SP math: fix configure.ac to allow its use
Choosing SP and SP math was resulting in only integer.c being used.
Fixed now.
Reorder realloc calls for memory logging to ensure scripts can match
allocate and free calls.
2022-07-07 12:16:12 +10:00
David Garske 644050a736 Merge pull request #5329 from douzzer/20220706-fips-and-aarch64-fixes
20220706-fips-and-aarch64-fixes
2022-07-06 18:39:38 -07:00
David Garske cb6fa921a4 Merge pull request #5328 from haydenroche5/cmake_sp_math_all_default
Make changes to CMake to support SP math default.
2022-07-06 18:39:30 -07:00
John Safranek 8f3449ffea Refactor DTLS Window Update (Fix #5211)
1. Rename _DtlsUpdateWindow() as wolfSSL_Dtls_UpdateWindow() and make
   it public so it may be tested.
2. Rename the internal functions DtlsWindowUpdate(), DtlsWindowCheck(),
   and DtlsUpdateWindowGTSeq() as _DtlsWindowUpdate() and
   _DtlsWindowCheck(), and _DtlsUpdateWindowGTSeq().
3. When updating the DTLS sequence window, and the next sequence
   number (lo) wraps to zero, increment the next sequence number (hi)
   by 1.
4. Fix an off-by-one error that wrapped around when saving the
   packet sequence number in the bit-field window.
5. Adding a test for wolfSSL_DtlsUpdateWindow() function. With many test
   cases. It is set up in a table format with running check values.
6. Change location of incrementing the difference when calculating the
   location for setting the bit.
7. Updated the check of the sequence difference in the GT scenario.
8. In the DTLS window update functions remove newDiff and just use diff.
9. Handle the cases where the DTLS window crosses the high order word
   sequence number change.
10. Add a debug option to print out the state of the DTLS sequence number
   window.
2022-07-06 18:20:06 -07:00
David Garske 90c2f4ad00 Merge pull request #5327 from kareem-wolfssl/connectRetFix
Fix storage of SendBuffered's return code in wolfSSL_Connect.
2022-07-06 17:53:04 -07:00
Sean Parkinson 9ba77300f9 AESNI: fix configure to use minimal compiler flags 2022-07-07 09:30:48 +10:00
Sean Parkinson 992c7b3b6f SP math all: fix div word for ARM32
Fixup sp_mulmod NULL access.
2022-07-07 08:56:31 +10:00
Daniel Pouzzner 82b1dc0cd0 wolfcrypt/src/asn.c: move final return in DecodeECC_DSA_Sig() outside the NO_STRICT_ECDSA_LEN gate, to avoid no-return-from-non-void. 2022-07-06 17:39:59 -05:00
Daniel Pouzzner eff4fe398b src/include.am: fix gating around sha* and BUILD_ARMASM, to avoid empty-translation-unit warnings for sha{256,512}.c on armasm builds. 2022-07-06 17:37:43 -05:00
Daniel Pouzzner 7c49449a79 wolfcrypt/src/port/arm/armv8-sha512.c: gate out Sha512_Family_GetHash() in builds that have 224 and 256 bit hashes gated out, to fix unused function warning. 2022-07-06 17:35:15 -05:00
Daniel Pouzzner 6b6abfac54 examples/client/client.c: remove break after err_sys() to mollify clang-tidy unreachable-break sensor. 2022-07-06 17:32:26 -05:00
Daniel Pouzzner 19106a9510 configure.ac and tests/api.c: lock out compkey on FIPS 140-3 RC12 and ready, and add backward-compat code in test_wc_ecc_export_x963_ex() to allow RC12 compkey builds to pass unit.test. 2022-07-06 17:31:56 -05:00
Hayden Roche d9bf39ffaa Make changes to CMake to support SP math default.
We recently made SP math the default big integer math library. Some changes to
the CMake code are needed for this to work.
2022-07-06 14:14:12 -07:00
Kareem 44a49aeefa Fix potentially uninitialized variables in Dtls13SetRecordNumberKeys. 2022-07-06 13:45:15 -07:00
Kareem c8f5bd3d61 Fix storage of SendBuffered's return code in wolfSSL_Connect. Store in ret initially, only store in ssl->error if there's an error. This matches the logic in wolfSSL_accept. 2022-07-06 12:09:47 -07:00
David Garske b2d1bf96ed Merge pull request #5276 from rizlik/dtls13_client_downgrade
Dtls: improve version negotiation
2022-07-06 11:57:53 -07:00
David Garske a7fa7875e4 Merge pull request #5244 from julek-wolfssl/wpas-dpp
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
2022-07-06 11:35:52 -07:00
David Garske e92034cf6f Merge pull request #5274 from JacobBarthelmeh/Certs
remove subject/issuer email from altEmailNames list
2022-07-06 10:48:21 -07:00
Jacob Barthelmeh 711b2bb17a add a test case 2022-07-06 09:39:03 -06:00
David Garske a171bebba4 Fix the wc_EccPublicKeyToDer_ex doxy. 2022-07-06 07:58:18 -07:00
Marco Oliverio 3abffc3a3c doc: add documentation for wolfDTLS[v1_3]_*_method() 2022-07-06 16:18:44 +02:00
Marco Oliverio 683adb5917 tests: add dtls downgrade tests 2022-07-06 16:18:44 +02:00
Marco Oliverio fd4836772b examples: support DTLS version downgrading 2022-07-06 16:18:44 +02:00
Marco Oliverio df7e81d187 dtls: support version negotiation 2022-07-06 16:18:44 +02:00
Marco Oliverio 8fe3f51ecb dtls13: client: recompute transcript hash on downgrade
If a lower version is negotiated, the transcript hash must be recomputed using
the <= v1.2 rules.
2022-07-06 16:18:44 +02:00
Marco Oliverio 5d74c49ecb dtls13: allow processing of HelloVerifyRequest to support downgrade
HelloVerifyRequest is used in DTLSv1.2 to perform a return routability check, so
it can be the legitim reply from a DTLSv1.2 server to a ClientHello.
2022-07-06 16:18:44 +02:00
David Garske ec8149cd69 Merge pull request #5324 from julek-wolfssl/dtls13-hrr-fix
TLSX_COOKIE is only defined with WOLFSSL_SEND_HRR_COOKIE
2022-07-06 06:56:25 -07:00
Juliusz Sosinowicz 9b085a44be sessionSecretCb should only be called when a ticket is present 2022-07-06 15:08:57 +02:00
Juliusz Sosinowicz 63b4c475d4 wolfSSL_set_session_secret_cb: fix for NULL input 2022-07-06 14:23:08 +02:00
Juliusz Sosinowicz 39e53c2b7c Add wc_EccPublicKeyToDer_ex doxygen entry 2022-07-06 11:59:29 +02:00