Commit Graph

8108 Commits

Author SHA1 Message Date
Daniel Pouzzner b81cc50a70 src/internal.c: in ProcessReplyEx() in the verifyMessage case, refactor some gating/conditionalization around ATOMIC_USER, HAVE_ENCRYPT_THEN_MAC, atomicUser, and ssl->options.startedETMRead, to avoid "Logical disjunction always evaluates to true" from cppcheck incorrectLogicOperator (via multi-test cppcheck-force-source) (warned code introduced by 99a99e3d6e). 2024-10-02 19:19:39 -05:00
Reda Chouk ea852c1c67 missing argument 2024-10-02 17:21:50 +02:00
Reda Chouk 10f0885d88 Merge branch 'master' into fix-conversion 2024-10-02 17:14:06 +02:00
jordan 1690ad7366 acert: correct XFREE call. 2024-10-01 21:57:53 -04:00
Sean Parkinson ac788ec40d Merge pull request #7995 from julek-wolfssl/dtls12-cid
Implement DTLS 1.2 Connection ID (CID)
2024-10-02 09:00:59 +10:00
Daniel Pouzzner a04871f153 examples/pem/pem.c: fix double-free introduced in 65853a41b9;
configure.ac and src/include.am: add ENABLED_ARM_THUMB, BUILD_ARM_THUMB, BUILD_ARM_NONTHUMB, ENABLED_ARM_64, BUILD_ARM_64, ENABLED_ARM_32. and BUILD_ARM_32, and use them to gate building of ARM asm files, to fix "ISO C forbids an empty translation unit" warnings (the warning only affects inline asm files, but the gating is deployed more widely).
2024-10-01 16:03:37 -05:00
Reda Chouk 666e658398 trailing spaces and overlong lines fixes 2024-10-01 16:28:31 +02:00
Sean Parkinson f15700f1f6 Merge pull request #8031 from douzzer/20240930-clang-tidy
20240930-clang-tidy
2024-10-01 22:38:18 +10:00
Marco Oliverio 7e69c2049b dtls cid: address reviewer's comments 2024-10-01 06:45:37 +00:00
Daniel Pouzzner 65853a41b9 fixes, coddling, and suppressions for clang-tidy complaints:
examples/pem/pem.c: fix stdio stream leaks.

src/ssl.c and src/ssl_load.c: suppress concurrency-mt-unsafe around getenv().  getenv() is threadsafe as long as no threads putenv() or setenv().

wolfssl/openssl/asn1.h: add parentheses to fix bugprone-macro-parentheses in ASN1_EX_TEMPLATE_TYPE(), and suppress misfiring bugprone-macro-parentheses around IMPLEMENT_ASN1_FUNCTIONS().
2024-09-30 23:19:49 -05:00
JacobBarthelmeh 984dd9146f Merge pull request #8005 from ColtonWilley/copy_key_option
New option to always copy over key to SSL object
2024-09-30 14:20:07 -06:00
David Garske 47add7e9e2 Merge pull request #8020 from SparkiDev/arm32_base_chacha20_poly1305
ARM32 ChaCha20, Poly1305: assembly code
2024-09-30 06:53:37 -07:00
Sean Parkinson e4301bc554 ARM32 generated files: fix line lengths
Generated ARM32 assembly files no longer have lines with more than 80
characters.
2024-09-30 08:50:31 +10:00
Daniel Pouzzner 794f0d8d19 src/pk.c: add missing "keySz = padded_keySz" in _DH_compute_key() ct cleanup path.
wolfcrypt/src/wc_kyber_poly.c: add SAVE_VECTOR_REGISTERS2()...RESTORE_VECTOR_REGISTERS() wrappers for AVX2 implementations.

src/bio.c and src/ssl.c: add several missing WC_NO_ERR_TRACE()s, and tweak several returns to generate error traces.
2024-09-27 00:28:45 -05:00
David Garske 2285c02f1c Merge pull request #7998 from SparkiDev/kyber_aarch64_asm
Kyber Aarch64: assembly implementations of functions
2024-09-26 11:59:06 -07:00
Sean Parkinson 2323a5cf59 ARM32 ChaCha20, Poly1305: assembly code
Add assembly code for ChaCha20 and Poly1305 on ARM32 when no NEON
available.
2024-09-26 20:24:58 +10:00
Sean Parkinson de657787cf Kyber Aarch64: assembly implementations of functions
Aarch64 assembly implementation of Kyber functions.
SHA-3 assembly implementations when not hardware crypto.
2024-09-26 09:10:05 +10:00
JacobBarthelmeh 2328a7e407 Merge pull request #8017 from philljj/misc_cleanup
misc cleanup: extra spaces, typos.
2024-09-25 11:26:31 -06:00
jordan e5109b3f41 misc cleanup: extra spaces, typos. 2024-09-25 09:51:48 -05:00
Marco Oliverio 76f71a31f1 dtls13: support either side DTLSv1_3 method 2024-09-24 16:56:02 +00:00
Colton Willey cad2bbd7a7 Add NULL checks on key copy 2024-09-23 10:18:23 -07:00
Colton Willey 634e547fba Initial implementation of new option to always copy over key to SSL ctx 2024-09-23 10:04:33 -07:00
Daniel Pouzzner 55cd8a800f FIPS v5 gating fixes:
configure.ac:
* fix logic in "Forcing off" test expressions, first flubbed in 19106a9510;
* fix auto-enable of compkey to exclude v5 even if v5-dev.

src/tls13.c: fix gating for HKDF _ex() variants (>=6.0, not >=5.3).

wolfcrypt/src/error.c: snip out stray spaces at start of several ECC error message strings.

wolfcrypt/test/test.c:
* in render_error_message(), use wolfSSL_ERR_reason_error_string() if available rather than wc_GetErrorString(), to render non-wolfcrypt error strings;
* in ecc_test_deterministic_k(), ecc384_test_deterministic_k(), ecc521_test_deterministic_k(), on FIPS <6.0, gate out SHA384 and SHA512 tests (FIPS v5 only supports SHA256 in wc_ecc_gen_deterministic_k());
* in cmac_test(), gate use of wc_AesCmacGenerate_ex() and wc_AesCmacVerify_ex() on >=6.0, not >=5.3.
2024-09-20 13:53:36 -05:00
Juliusz Sosinowicz cf96ab22ba Address code review 2024-09-20 15:31:01 +02:00
Juliusz Sosinowicz 99a99e3d6e Implement DTLS 1.2 Connection ID (CID) 2024-09-20 15:31:01 +02:00
Daniel Pouzzner fbbb2b876b wolfssl/wolfcrypt/types.h: add static_assert() definitions;
wolfssl/internal.h: add DTLS13_HANDSHAKE_HEADER_SZ;

src/tls13.c: in EchHashHelloInner(), use falseHeader[DTLS13_HANDSHAKE_HEADER_SZ] to fix buffer overrun;

src/dtls13.c: add static assert for DTLS13_HANDSHAKE_HEADER_SZ.
2024-09-19 01:15:42 -05:00
JacobBarthelmeh 87dc45b938 Merge pull request #7986 from julek-wolfssl/crl-cb
Add crl error override callback
2024-09-18 10:43:37 -06:00
JacobBarthelmeh fcb8d3ffc5 Merge pull request #7887 from kojo1/crl-pss
allow sigParamsSz is zero and malloc(0) to return NULL
2024-09-18 10:04:29 -06:00
Reda Chouk 949565f156 Merge branch 'wolfSSL:master' into fix-conversion 2024-09-18 17:16:48 +02:00
Juliusz Sosinowicz ae6c872797 Add crl error override callback 2024-09-18 11:58:53 +02:00
Juliusz Sosinowicz 1e75a2367c Address code review 2024-09-18 10:35:29 +02:00
Juliusz Sosinowicz 74ac2cd07d dtls 1.3: pad plaintext when too short for record header protection 2024-09-18 10:35:29 +02:00
Juliusz Sosinowicz 29f51b6245 CheckcipherList: Check Cipher minor to detect TLS 1.3 ciphersuite 2024-09-18 10:35:29 +02:00
Juliusz Sosinowicz 4a26af0dfa dtls 1.3: Add cid size to output buffer length 2024-09-18 10:35:29 +02:00
Juliusz Sosinowicz 6d5fefde4a dtls 1.3: Check header length before copying 2024-09-18 10:35:29 +02:00
Daniel Pouzzner 04c781ad9b wolfcrypt/src/dh.c: in wc_DhAgree_ct(), implement failsafe constant-time key size fixup, to work around sp-math constant-time key clamping.
also fix a -Wunused in src/ssl_load.c:DataToDerBuffer() teased out by configuration permutations.
2024-09-16 17:33:25 -05:00
Daniel Pouzzner 80f3b0d3d8 Merge pull request #7926 from philljj/x509_acert_support
x509 attribute cert support
2024-09-14 00:30:29 -05:00
Daniel Pouzzner 84f0800b96 configure.ac:
* set DEFAULT_ENABLED_ALL_ASM=no if enable_afalg or ENABLED_32BIT;
* omit enable_srtp_kdf from enable-all-crypto if enable_afalg.

linuxkm: add GetCAByAKID to wolfssl_linuxkm_pie_redirect_table.

src/x509.c: in GenerateDNSEntryIPString(), use XMEMSET() to initialize tmpName, not = {0}, to avoid unmaskable compiler emission of memset() call.

wolfssl/openssl/ssl.h: add OPENSSL_EXTRA to an existing OPENSSL_ALL-gated section, consistent with gating of correspinding section in wolfssl/ssl.h.

wolfssl/wolfcrypt/settings.h: adopt setup for WOLFSSL_SP_NO_UMAAL from wolfssl/wolfcrypt/sp_int.h now that it's used by wolfcrypt/src/port/arm/thumb2-poly1305-asm.S.
2024-09-13 18:01:11 -05:00
jordan 7faed6cded X509 attribute cert (acert) support. 2024-09-13 08:03:55 -05:00
Daniel Pouzzner e9d820b730 Merge pull request #7799 from anhu/fips_macro_guard
Better macro guarding fix undeclared var error
2024-09-12 17:56:00 -05:00
Daniel Pouzzner b736d78950 Merge pull request #7948 from anhu/MATCH_SUITE
Convert MATCH_SUITE_ERROR to OpenSSL error in wolfSSL_get_error()
2024-09-12 17:50:35 -05:00
Daniel Pouzzner e3301b06f6 OpenSSL coexistence tweaks 2024-09-12 16:37:41 -05:00
Daniel Pouzzner ad7c25b409 Merge pull request #7823 from cconlon/rsaPssSignPkCallbackNoPrehashTls13
PK callbacks: add build option to give full data to TLS 1.3 RSA-PSS sign callback instead of hash
2024-09-12 15:40:59 -05:00
David Garske 20e2e33e25 Merge pull request #7939 from SparkiDev/thumb2_poly1305
undefined
2024-09-12 11:15:53 -07:00
Sean Parkinson 27033c225f Thumb-2 ChaCha, Poly1305: implemention in assembly
Implementation of ChaCha algorithm for ARM Thumb-2.
Implementation of Poly1305 algorithm for ARM Thumb-2.
2024-09-12 10:59:01 +10:00
Sean Parkinson 1c8f1e6921 Merge pull request #7802 from douzzer/20240725-wc_DhAgree_ct
20240725-wc_DhAgree_ct
2024-09-11 08:06:58 +10:00
Reda Chouk 79d3b955ed tls.c type conversion fixed. 2024-09-10 13:51:21 +02:00
Sean Parkinson 500a3b41e4 Merge pull request #7932 from barracuda156/dispatch
Fixes for earlier macOS
2024-09-10 10:29:45 +10:00
Daniel Pouzzner 49a680540c add constant time DH key agreement APIs:
* adds wc_DhAgree_ct().
* adds wolfSSL_DH_compute_key_padded(), using wc_DhAgree_ct() if available, with fallback fixup code.
* adds unit test coverage in api.c:test_wolfSSL_DH() for expected-success calls to wolfSSL_DH_compute_key() and wolfSSL_DH_compute_key_padded().
2024-09-09 16:24:07 -05:00
Reda Chouk 884b51151b Merge branch 'fix-conversion' of github.com:gasbytes/wolfssl into fix-conversion 2024-09-09 16:06:16 +02:00