wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 16:22:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,519 Commits 12 Branches 184 Tags
04430f55caf53d857edaa39f462fa2d68ccee2f6
Commit Graph

8490 Commits

Author SHA1 Message Date
Sean Parkinson
4b77d4caa1 Merge pull request #7589 from rizlik/sp800_56c 
wolfcrypt: support NIST 800-56C Option 1 KDF
 2024-05-31 11:55:12 +10:00
Sean Parkinson
fc8a509b06 Merge pull request #7597 from ColtonWilley/max_altnames_and_name_constraints 
Max limits on number of alternative names and name constraints
 2024-05-31 11:24:30 +10:00
David Garske
7fadd4ed9f Merge pull request #7595 from JacobBarthelmeh/static 
Pull in some staticmemory features
 2024-05-30 16:31:54 -07:00
JacobBarthelmeh
ebdc8b9a32 rename of macros, add descriptions, minor fixes 2024-05-30 14:48:52 -06:00
JacobBarthelmeh
34ca03770f still compile in wc_RsaKeyToDer with keygen but NO_CERTS 2024-05-30 09:58:25 -06:00
Marco Oliverio
174456437e wolcrypt: NIST_SP_800_56C address reviewer's comments 2024-05-30 11:39:49 +02:00
Colton Willey
a17677c946 Remove trailing whitespace 2024-05-29 21:29:55 -07:00
Colton Willey
af537a6ae3 Move definition to beginning of block 2024-05-29 17:02:29 -07:00
JacobBarthelmeh
cf61df129c fix typo with NO_CERTS macro 2024-05-29 17:08:01 -06:00
Colton Willey
b00ae2ac69 Initial implementation of max limits on number of alternative names and name constraints 2024-05-29 15:55:17 -07:00
JacobBarthelmeh
6cca3a0d92 tie in static memory debug callback 2024-05-29 15:50:14 -06:00
JacobBarthelmeh
288fe430f5 tying in lean staticmemory build with --enable-staticmemory=small 2024-05-29 15:50:11 -06:00
JacobBarthelmeh
18d80864b9 add lean static memory build 2024-05-29 15:44:09 -06:00
Marco Oliverio
8d41e68d1f fix: minor typos 2024-05-28 22:59:01 +02:00
Marco Oliverio
5306a85465 wolfcrypt: support NIST 800-56C Option 1 KDF 2024-05-28 14:40:52 +02:00
Daniel Pouzzner
8de00d7651 fix benign clang-analyzer-deadcode.DeadStores in pq crypto files introduced in 9a58301ab1. 2024-05-24 14:24:02 -05:00
David Garske
3b5517692e Merge pull request #7582 from aidangarske/hpke_test_fix 
Revert change from PR #7570
 2024-05-24 07:35:39 -07:00
David Garske
51f19f42c6 Merge pull request #7574 from douzzer/20240522-quantum-safe-linuxkm 
20240522-quantum-safe-linuxkm
 2024-05-24 07:35:01 -07:00
aidan garske
3670bfb9ae Revert change from PR #7570 2024-05-23 12:34:59 -07:00
Tobias Frauenschläger
d28dd602e5 Various fixes for dual algorithm certificates (#7577) 
This commit adds varios fixes for the implementation of hybrid
certificates with two algorithms:
* Support for Certificate Signing Requests (both creating hybrid ones
  and also verifying ones)
* Fix for SAN fields in the DecodedCert and PreTBS generation
* Fix related to WOLFSSL_SMALL_STACK

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-05-23 15:03:55 -04:00
Anthony Hu
b98e4e0093 Merge pull request #7576 from Frauschi/pqc_private_key_fix 
Fix PQC and hybrid certificate regressions
 2024-05-23 15:03:16 -04:00
Chris Conlon
e05dbd531e Merge pull request #7570 from jackctj117/test 
Code Coverage for hpke.c test case HAVE_CURVE448 using test.c
 2024-05-23 11:49:37 -06:00
Chris Conlon
688ae60cd9 Merge pull request #7573 from aidangarske/hpke_sha512_test 
Add test for HPKE for Curve448
 2024-05-23 11:46:30 -06:00
David Garske
40db521f8b Merge pull request #7575 from josepho0918/cmac 
Simplify CMAC verification logic
 2024-05-23 10:37:57 -07:00
Tobias Frauenschläger
9a58301ab1 Fix PQC and hybrid certificate regressions 
Due to recent changes in the logic to decode private keys and to parse
the TLS1.3 CertificateVerify message, some regressions regarding PQC
private keys and hybrid certificates have been introduced:
* Decoding PQC private keys fails as the PKCS8 header of a decoded DER
  file is now already removed before parsing the key.
* The key size wasn't properly stored in the context for PQC keys after
  decoding a certificate (always the maximum size)
* The two 16-bit size values in case of a hybrid signature in the
  CertificateVerify message have been incorrectly decoded as 32-bit
  values instead of 16-bit values. This resulted in wrong values,
  leading to segmentation faults.

All three regressions are fixed with the changes in this commit.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-05-23 16:01:28 +02:00
Joseph Chen
8a7e3ba52e Simplify CMAC verification logic 2024-05-23 15:12:10 +08:00
Daniel Pouzzner
5c497c62e7 initial linuxkm compatibility (no asm yet) for wc_kyber, wc_xmss, and wc_lms, and smallstack refactors for kyber512_kat(), kyber768_kat(), kyber1024_kat(), and kyber_test(). 2024-05-23 00:15:32 -05:00
Jack Tjaden
14068fb7f3 Removed returns & check next case for ret 2024-05-22 15:58:09 -06:00
Daniel Pouzzner
110f4ec737 wolfcrypt/src/sha256.c: in WC_NO_INTERNAL_FUNCTION_POINTERS code path (linuxkm), fix oversight whereby Transform_Sha256_AVX1_Sha() was used on targets with false IS_INTEL_SHA(intel_flags). the former SHA256_AVX1 method id is now split into SHA256_AVX1_SHA and SHA256_AVX1_NOSHA, with corresponding fixes in Sha256_SetTransform(), inline_XTRANSFORM() and inline_XTRANSFORM_LEN(). 2024-05-22 15:39:46 -05:00
aidan garske
fe5cc9589b Add HPKE Curve448 test case, however HPKE does not support 448 yet, so expect bad function argument return code. 2024-05-22 12:49:56 -07:00
Jack Tjaden
1a000ef94c single_test and BAD_FUNC_ARG fix 2024-05-22 13:13:56 -06:00
Jack Tjaden
52b6c361f9 test.c code coverage test hpke.c 2024-05-22 11:51:44 -06:00
Daniel Pouzzner
c5ce984966 wolfcrypt/src/wc_xmss_impl.c:wc_xmssmt_sign_next_idx(): use (XmssIdx)1, not (word32)1, for a shift-by-height operand; 
src/ssl.c:set_curves_list(): don't attempt to enable curves that are out-of-range for word32 disabled.
 2024-05-21 13:57:40 -05:00
Sean Parkinson
43b2c80862 Merge pull request #7552 from dgarske/ecies_own_salt 
Add option for using a custom salt for ourselves
 2024-05-21 09:19:12 +10:00
David Garske
5a0594d257 Match wc_ecc_ctx_set_kdf_salt argument names between header and implementation. 2024-05-20 08:38:23 -07:00
Daniel Pouzzner
d0e73783f1 wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: add FIPS_AES_XTS_MAX_BYTES_PER_TWEAK and struct XtsAesStreamData, with improved error checking on streaming AES-XTS APIs; 
wolfcrypt/test/test.c and linuxkm/lkcapi_glue.c: update AES-XTS streaming calls to use struct XtsAesStreamData;

linuxkm/lkcapi_glue.c: add handling for CONFIG_CRYPTO_MANAGER*.
 2024-05-18 22:00:00 -05:00
Daniel Pouzzner
5c6218696b wolfcrypt/src/misc.c: fix -Wconversions in CopyString(); 
src/ssl.c: fix missing semicolon in wolfSSL_CTX_check_private_key().
 2024-05-18 02:31:58 -05:00
David Garske
391431c7d8 Merge pull request #7539 from bandi13/fixConversionPart2 
Fix conversion part2
 2024-05-17 12:29:46 -07:00
David Garske
95095f5bc4 Add option for using a custom salt for ourselves. ZD 17988 2024-05-17 08:16:04 -07:00
Sean Parkinson
c0015cbda6 Merge pull request #7549 from douzzer/20240516-wc_AesXtsEnDecryptFinal 
20240516-wc_AesXtsEnDecryptFinal
 2024-05-17 09:43:26 +10:00
David Garske
219a338107 Merge pull request #7547 from philljj/spelling_cleanup 
Used codespell and fixed some obvious typos.
 2024-05-16 14:10:19 -07:00
Daniel Pouzzner
6d0f611ab5 AES-XTS: add wc_AesXtsEncryptFinal() and wc_AesXtsDecryptFinal() for API consistency, and add error-checking (block alignment check) to wc_AesXtsEncryptUpdate() and wc_AesXtsDecryptUpdate(). 2024-05-16 15:20:37 -05:00
jordan
040e0c956a Used codespell and fixed obvious typos. 2024-05-16 13:53:26 -05:00
Juliusz Sosinowicz
d9f7629296 Add grpc support 
- Fix BIO_BIO type
  - Set retry flags correctly
- Add CRL callback
- Copy the alt names instead of trying to share a pointer
- Allow calling wolfSSL_get_servername on client side (to get the requested name)
- Return the chain in wolfSSL_X509_STORE_CTX_get_chain in the correct order
  - Peer first, top CA last
- Fix leak in RebuildFullName
- Add CopyString helper function
- Implement
  - X509_CRL_dup
  - ASN1_UTCTIME_set
  - X509_STORE_CTX_get0_param
  - X509_STORE_get0_param
  - X509_STORE_set_verify_cb
  - X509_STORE_set_get_crl
  - X509_set1_notAfter
  - X509_set1_notBefore
 2024-05-16 18:20:53 +02:00
JacobBarthelmeh
21204244c5 Merge pull request #7394 from embhorn/zd17779 
Add null check to wolfSSL_Free
 2024-05-16 09:31:37 -06:00
gojimmypi
7f1af2feb3 Fix PlatformIO freertos semphr.h include 2024-05-15 18:24:00 -07:00
kaleb-himes
76527c3eaa Address a report from multi-test about 8-bit chars 2024-05-15 15:21:41 -04:00
Eric Blankenhorn
4e5a98e65d Fix from rebase 2024-05-15 14:03:12 -05:00
kaleb-himes
fa08e2cb62 Fix a long line in pbkdf2 test 2024-05-15 14:02:44 -04:00
kaleb-himes
6719909f4e Add logging.h header in pwdbased.c when DEBUG_WOLFSSL 2024-05-15 14:02:44 -04:00