wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 21:09:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,563 Commits 12 Branches 184 Tags
16afe7ff8754cb82daf3a16339ed277fb1d99895
Commit Graph

5689 Commits

Author SHA1 Message Date
David Garske
d24bfb6bf7 Merge pull request #4530 from anhu/falcon-pqsig 
The NIST round 3 Falcon Signature Scheme integration.
 2021-11-03 09:35:01 -07:00
Anthony Hu
81def76b18 The NIST round 3 Falcon Signature Scheme integration. 2021-11-02 11:12:10 -04:00
Anthony Hu
e1cc1e831e Fix for being able to build with LIBOQS but without DH 
The following configuration yielded a compile error:
./configure --with-liboqs --disable-dh

This fixes bug reported on ZD13028.
 2021-11-02 10:16:38 -04:00
Sean Parkinson
2745f394e5 Merge pull request #4525 from cconlon/sslopno 
TLS 1.3: check SSL_OP_NO_TLSv1_2 in TLS 1.3 clients
 2021-11-02 09:40:59 +10:00
Jacob Barthelmeh
03bc45c5b1 check if private key exists before using with private key check function 2021-10-29 10:51:24 -06:00
Chris Conlon
afad1374a3 check SSL_OP_NO_TLSv1_2 in TLS 1.3 enabled client 2021-10-28 16:30:02 -06:00
David Garske
6b3ff9bae2 Merge pull request #4459 from julek-wolfssl/missing-ext 
Add x509 name attributes and extensions to DER parsing and generation
 2021-10-28 14:30:37 -07:00
David Garske
0a26335243 Merge pull request #4446 from ejohnstown/dtls-sizing 
DTLS Sizing
 2021-10-28 14:15:36 -07:00
David Garske
6bb7e3900e Merge pull request #4511 from JacobBarthelmeh/Testing 
build fixes and PKCS7 BER encoding fix
 2021-10-28 10:52:58 -07:00
Juliusz Sosinowicz
8cba5dda17 Need to free x509 in tests 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
a6be157628 Gate new AKID functionality on WOLFSSL_AKID_NAME 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
d9af698aa4 Implement raw AKID with WOLFSSL_ASN_TEMPLATE 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
c162196b27 Add x509 name attributes and extensions to DER parsing and generation 
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
894303be59 Make the wolfSSL_GetMaxFragSize parameter meaning consistent 
- Add testing for sending as much app data as possible in a single DTLS record
 2021-10-28 14:46:15 +02:00
John Safranek
7cbfb27fa0 When adding cipherExtraData(), also account for TLSv1.3. 2021-10-27 15:12:31 -07:00
John Safranek
9f3f9c53fd Remove debugging printfs. Added some guards around DTLS and AEAD only things. 2021-10-27 15:12:31 -07:00
Juliusz Sosinowicz
be3b6b47ef DTLS MTU fixes 2021-10-27 15:12:31 -07:00
John Safranek
77ebd11781 Updating based on MTU. Debugging prints. 2021-10-27 15:12:31 -07:00
John Safranek
be2e7e25ac Change the calculation for the extra data size in a DTLS message when checking to see if it'll fit in an MTU. (ZD12983) 2021-10-27 15:12:31 -07:00
David Garske
c16f0db1b5 Fixes for handling WC_PENDING_E async responses in API unit test and examples. Resolves all issues with --enable-all --enable-asynccrypt --with-intelqa=. 2021-10-27 15:08:39 -07:00
David Garske
a2ad01604f Fix devId, which must be -2 or INVALID_DEVID (not 0). Fix RSA doc typo. 2021-10-27 15:08:38 -07:00
David Garske
eb56b652ca Fix for async TLS v1.3 with multiple WC_PENDING_E on client_hello and server_hello processing. Fix for not aligned NUMA. 2021-10-27 15:08:38 -07:00
Sean Parkinson
34095dfd38 Merge pull request #4509 from dgarske/fix_sesstick 
Fix for session ticket handling with error cases
 2021-10-28 08:07:10 +10:00
Daniel Pouzzner
f413ff8b3a tls.c: TLSX_SupportedFFDHE_Set(): add handling for malloc failures. 2021-10-27 15:11:04 -05:00
Daniel Pouzzner
ac8fbe3fbd ssl.c: fix a couple trivial rebase errors. 2021-10-26 20:24:29 -05:00
John Safranek
75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
John Safranek
40e3cac695 Use correct value for pSz when setting the dhKeySize in the session. 2021-10-26 20:24:28 -05:00
John Safranek
f2c4567164 Like the public key, zero pad the front of the private key. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
bc91187063 tls.c:TLSX_KeyShare_GenDhKey(): fix typo. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e61d88657d WOLFSSL_ASYNC_CRYPT: in EccSharedSecret(), don't try to wolfSSL_AsyncInit() if there's no priv_key to supply an asyncDev; in RSA _ifc_pairwise_consistency_test(), disable async to force blocking crypto. 2021-10-26 20:24:28 -05:00
David Garske
303aa312a8 Fix the TLS v1.3 async key share support. Added WOLFSSL_NO_PUBLIC_FFDHE option to test without public FFDHE API's. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e4d075de20 src/internal.c: FreeX509(): remove redundant free of x509->CRLInfo. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
32349749a6 internal.c: SendServerKeyExchange(): check retval from wc_DhGetNamedKeyParamSize(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
f60cb94b82 wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e894340a64 tls13.c: mac2hash(): accommodate scenario where all hashes are gated out of the build (peer review). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
972c6c032e ssl.c: clean up MD5->SHA refactor of wolfSSL_LH_strhash() (peer review). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
87b965c964 include.am: in FIPS clauses, include wolfcrypt/src/aes_gcm_asm.S in src_libwolfssl_la_SOURCES when BUILD_AESNI, regardless of BUILD_INTELASM, as in the corresponding non-FIPS clause. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
4a451caf7b src/sniffer.c: fix rebase errors. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
083b97c5a3 tls.c: fix rebase error in TLSX_KeyShare_FreeAll(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
b93a18b34e src/internal.c: in SendServerKeyExchange() case diffie_hellman_kea, #ifdef HAVE_SECURE_RENEGOTIATION, enlarge buffers.serverDH_Pub.buffer to accomodate larger new key replacing smaller old key, whether or not ssl->namedGroup is set (copy-paste of existing in !ssl->namedGroup path). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
67db7b7f32 fixes for issues identified by Jenkins run: 
Makefile.am: clean .build_params file;

ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();

move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);

fix new unused-label defect in wc_ecc_shared_secret_gen_sync();

fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);

fix NO_INLINE ForceZero() prototype;

ecc.c: add missing if (err == MP_OKAY) in build_lut();

wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;

ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;

WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
947a0d6a2f autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS; 
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;

add support for EXTRA_CFLAGS on the make command line;

in FIPS builds, exclude pkcallbacks from --enable-all;

linuxkm: move test.o out of PIE container (uses function pointers as operands).
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f1c1f76851 ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
220a255281 use WOLFSSL_BIO_ERROR, not SOCKET_INVALID (both macros have value -1), as the default/unset value of WOLFSSL_BIO.num, to avoid unnecessary dependency on HAVE_SOCKADDR. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
4cf1826c8f PRAGMA_GCC_*: refactor macros to properly push a context, and refactor their use in src/tls13.c:DeriveKey() to deal with gcc context quirks that otherwise disabled the warning mask when defined(HAVE_FIPS); add a missing #ifndef NO_MD5 in ssl.c:wolfSSL_LH_strhash(). 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
54b3f1b252 src/tls.c:TLSX_KeyShare_GenDhKey(): don't generate a key if one is already set. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
b673622322 FIPS 140-3 misc fixes including fixes for rebase errors. 2021-10-26 20:24:26 -05:00
John Safranek
f53a4db4e7 Unwind a few changes adding guards so it'll build with old FIPS. 2021-10-26 20:24:26 -05:00
John Safranek
04ffd2ab45 Fixes: 
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
 2021-10-26 20:24:26 -05:00
John Safranek
908ec9b14a Modify ffdhe to not return addresses. 2021-10-26 20:24:25 -05:00