John Safranek
0ee01f08bc
Merge pull request #4984 from douzzer/20220325-multi-test-cleanup
...
20220325 multi-test fixes
2022-03-25 15:06:34 -07:00
David Garske
3af3274dcd
Merge pull request #4982 from SparkiDev/sp_x64_improvements
...
SP ASM improvements
2022-03-25 13:04:01 -07:00
David Garske
07f9ca60ac
Fix for async without threading. ./configure --enable-asynccrypt --enable-all CFLAGS="-DWC_NO_ASYNC_THREADING".
2022-03-25 12:43:04 -07:00
David Garske
0930086fa1
Fix for increased mcapi (used by Microchip) ctx sizes if PK callbacks is enabled due to key id/label.
2022-03-25 12:36:07 -07:00
Daniel Pouzzner
008c8509c6
multi-test fixes: whitespace in wolfcrypt/src/random.c and wolfcrypt/test/test.c, bugprone-macro-parentheses and -Wenum-compare in WS_RETURN_CODE() (wolfssl/ssl.h), and clang-analyzer-deadcode.DeadStores in api.c.
2022-03-25 13:26:41 -05:00
David Garske
04e2b6c62a
Merge pull request #4983 from douzzer/20220324-gcc-12-fixes
...
fixups for warnings from gcc-12
2022-03-24 19:16:27 -07:00
Sean Parkinson
7eb95674ee
Merge pull request #4966 from dgarske/kcapi
...
Fixes for KCAPI AES GCM and ECC
2022-03-25 10:18:16 +10:00
Sean Parkinson
fd66f6bcec
SP ASM improvements
...
Change Karatsuba implementations for x86_64.
Fix ECC code to better handle corner cases.
Add 'lower' versions of functions wehn an input is known to be less than m.
Add mont_add/dbl/tpl/sub for P384.
Change ECC point add to be cache-attack resistant.
Change mod_exp to be cache-attack resistant.
2022-03-25 10:04:25 +10:00
John Safranek
14522f25ff
Merge pull request #4904 from kaleb-himes/OE22_NS9210_FIX
...
Fix up random.h conflicts with cert 3389 releases and some NETOS issues
2022-03-24 16:07:23 -07:00
Sean Parkinson
feb58a8455
Merge pull request #4956 from julek-wolfssl/bind-9.18.0
...
bind 9.18.0 fixes
2022-03-25 08:27:34 +10:00
Daniel Pouzzner
12776b3772
fixups for warnings from gcc-12:
...
src/internal.c: use XMEMCMP(), not ==, to compare array elements (fixes conflict of 74408e3ee3 vs 617eda9d44 );
fix spelling of NAMEDGROUP_LEN (was NAMEDGREOUP_LEN);
src/ssl.c: in CheckcipherList() and wolfSSL_parse_cipher_list(), use XMEMCPY(), not XSTRNCPY(), to avoid (benign) -Wstringop-truncation;
scripts/sniffer-tls13-gen.sh: fix for shellcheck SC2242 (exit 1, not -1).
2022-03-24 16:33:36 -05:00
David Garske
b509e174bb
Whitespace fix.
2022-03-24 10:19:28 -07:00
Anthony Hu
ceae169a34
Merge pull request #4969 from dgarske/pk_pubkey
2022-03-24 12:40:03 -04:00
David Garske
624f1499f0
Merge pull request #4978 from julek-wolfssl/issue/4970
...
Prefer status_request_v2 over status_request when both are present
2022-03-24 08:30:12 -07:00
David Garske
5a0d794e88
Merge pull request #4980 from anhu/iv_docs
...
Correction about AES using IV in docs
2022-03-24 08:29:55 -07:00
Juliusz Sosinowicz
29c0c9bf48
Rebase fixes
2022-03-24 13:41:50 +01:00
Juliusz Sosinowicz
850b8c5c3b
OpenSSL compatible API
...
`WOLFSSL_ERROR_CODE_OPENSSL` breaks ABI compatiblity due to changing the expected return code. Let's only do this when building with the full compatibility layer.
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz
88d5059c36
Jenkins fixes
...
`WS_RETURN_CODE` was not functioning properly in master
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz
98bc8402db
Refactor memory BIO
...
- use the `WOLFSSL_BUF_MEM` struct to resize the internal memory buffer
- add a `WOLFSSL_BIO_RESIZE_THRESHOLD` define that will be used to determine how often to shrink the internal buffer. This should cut down on the number of free/malloc calls made significantly. This should help with our inefficient 1 byte reads in `loadX509orX509REQFromPemBio`.
- implement `wolfSSL_BUF_MEM_resize` which allows bi-directional buffer size manipulation
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz
ae9b01c5b8
bind 9.18.0 fixes
...
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
2022-03-24 12:16:59 +01:00
Anthony Hu
f71a85d5f9
Merge pull request #4979 from dgarske/sniffer_tidy
2022-03-23 15:13:20 -04:00
Anthony Hu
1bc71da1df
Correction about AES using IV in docs
2022-03-23 13:35:13 -04:00
David Garske
6e550c8d75
Fix for KCAPI ECC KeyGen. Disable ECC consistency checks with KCAPI. Allow public AddSignature (used to be public). Fix KCAPI ECC SharedSecret output size.
2022-03-23 09:37:50 -07:00
David Garske
8bafa7f601
Fix for KCAPI ECC sign (was not returning the signature, since ret always 0).
2022-03-23 09:37:50 -07:00
David Garske
c9e3094cb0
Fixes for KCAPI ECC verify. Cleanup of the pubkey_raw. Fix KCAPI AES possible used uninitialized.
2022-03-23 09:37:50 -07:00
David Garske
8d695f97c9
Fix for KCAPI KcapiEcc_LoadKey parameter to kcapi_kpp_keygen. Added option to release handle on load. Fixes for KCAPI sign output length. Added additional argument checking.
2022-03-23 09:37:50 -07:00
David Garske
318350f63b
Fix for ecc_check_privkey_gen with KCAPI. Fix KCAPI ECDSA to ensure we don't leak handle for multiple sign/verify calls.
2022-03-23 09:37:50 -07:00
David Garske
9f2dc408a0
Fixes for KCAPI AES GCM. Add guards for algorithm macros on KCAPI.
2022-03-23 09:37:50 -07:00
David Garske
1b0e5f4806
Allow disabling DRBG with KCAPI. Add KCAPI /dev/hwrng support.
2022-03-23 09:37:50 -07:00
David Garske
5fe6f1c875
For KCAPI do not force enable ECC curves, set K or seed callback, disable AES GCM tests with non standard IV.
2022-03-23 09:37:50 -07:00
David Garske
b04954dc98
Merge pull request #4977 from SparkiDev/ssl_move_x509_store
...
ssl.c: move out X509 store APIs to new file
2022-03-23 09:36:33 -07:00
David Garske
f129c32273
Fixes for whitespace, script bug and bit-field type.
2022-03-23 09:31:04 -07:00
Juliusz Sosinowicz
4412496adb
Prefer status_request_v2 over status_request when both are present
...
Reported in https://github.com/wolfSSL/wolfssl/issues/4970
2022-03-23 11:20:22 +01:00
Sean Parkinson
90f53aed34
ssl.c: move out X509 store APIs to new file
2022-03-23 13:59:54 +10:00
Daniel Pouzzner
d864fc9a3f
Merge pull request #4972 from julek-wolfssl/asn-time-tz-diff
...
`mktime` may return a negative due to timezones around the unix epoch
2022-03-22 14:03:59 -05:00
David Garske
cf0e4a0e3d
Merge pull request #4976 from anhu/kill_tabs
...
Get rid of tabs I added previously.
2022-03-22 11:35:00 -07:00
Anthony Hu
c41bef6486
Get rid of tabs I added previously.
2022-03-22 11:56:15 -04:00
David Garske
aa38d99538
Fix for TLS PK callback issue with Ed25519/Ed448 and public key not being set.
2022-03-22 08:33:54 -07:00
JacobBarthelmeh
c377a709e1
Merge pull request #4953 from cconlon/apiVersionDiff
...
More checks on OPENSSL_VERSION_NUMBER for API prototype differences
2022-03-21 16:59:06 -06:00
Anthony Hu
2babac6cb5
Merge pull request #4875 from dgarske/sniffer_async
2022-03-21 16:47:23 -04:00
David Garske
59665a44b5
Fixes for allowing server to have a public key set when using external key with PK callbacks.
2022-03-21 13:14:24 -07:00
David Garske
29c120356e
Sniffer asynchronous support.
...
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807 .
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
2022-03-21 12:05:08 -07:00
David Garske
c213c725d7
Merge pull request #4971 from SparkiDev/fp_div2_mod_ct_oob
...
TFM fp_div_2_ct: rework to avoid overflow
2022-03-21 09:11:41 -07:00
David Garske
8bf14ba1d3
Merge pull request #4957 from JacobBarthelmeh/Compatibility-Layer
...
alter return value and add error string
2022-03-21 09:10:04 -07:00
David Garske
08d6474878
Merge pull request #4954 from SparkiDev/rsa_fermat
...
RSA: check for small difference between p and q
2022-03-21 09:09:38 -07:00
David Garske
b90df0a6aa
Merge pull request #4951 from ejohnstown/wolfrand
...
wolfRand for AMD
2022-03-21 09:09:19 -07:00
Juliusz Sosinowicz
d7037da0b5
mktime may return a negative due to timezones around the unix epoch
2022-03-21 17:07:13 +01:00
Juliusz Sosinowicz
9763030675
Merge pull request #4845 from cconlon/pkcs7compat
2022-03-21 15:26:37 +01:00
Sean Parkinson
8dbd8b0ad6
RSA: check for small difference between p and q
2022-03-21 10:58:14 +10:00
Sean Parkinson
aa14607a6f
TFM fp_div_2_ct: rework to avoid overflow
...
Don't set the overflow word. Instead integrate the div by 2 into the
function so that the overflow word doesn't need to be stored.
2022-03-21 10:43:06 +10:00