Commit Graph

22027 Commits

Author SHA1 Message Date
kaleb-himes 2e63ae750d Comments for SP800-38E TODO, wolfEntropy optional setup and remove forced errors api.c 2024-04-09 09:48:33 -06:00
kaleb-himes 8092104396 Address a flush-left in test.c and gt 80 column limit in settings.h 2024-04-09 09:48:33 -06:00
kaleb-himes b7d88e0852 Cleanup duplicate forward dec logic with different macros 2024-04-09 09:48:33 -06:00
kaleb-himes 84f5b4e5bf Touchup a few more edge cases caught by Jenkins 2024-04-09 09:48:33 -06:00
kaleb-himes 829d028d98 Add configure for wolfEngine with new module 2024-04-09 09:48:33 -06:00
kaleb-himes 4df091ae2a Restore debug messages that were cluttering up logs 2024-04-09 09:48:33 -06:00
kaleb_himes 81f5ac7f6c SRTP-KDF FS Preview 2024-04-09 09:48:33 -06:00
JacobBarthelmeh dd79ca5d96 Merge pull request #7405 from SparkiDev/mismatch_cs_alert
No match cipher suite alert type change
2024-04-09 09:31:12 -06:00
JacobBarthelmeh 144ffdc713 Merge pull request #7400 from philljj/test_xmss_pubraw
Add wc_XmssKey_ExportPubRaw to wolfcrypt test.
2024-04-09 09:14:23 -06:00
jordan 4a069ee5c1 Small cleanup for review. 2024-04-08 21:41:33 -05:00
Sean Parkinson d96e5ec589 No match cipher suite alert type change
TLS 1.0/1.1/1.2 specifications require the of a return a handshake
failure alert when no cipher suites match.
TLS 1.3 specification requires the return of a "handshake_failure" or
"insufficient_security" fatal alert.

Change alert sent from "illegal_parameter" to "handshake_failure".
2024-04-08 11:25:50 +10:00
Daniel Pouzzner d1efccd259 Merge pull request #7381 from dgarske/netdb_ioctl
Restore `HAVE_NETDB_H` and `HAVE_SYS_IOCTL_H` checks in the wolfio.c.
2024-04-05 16:02:21 -04:00
Daniel Pouzzner a518f493b5 Merge pull request #7388 from JacobBarthelmeh/x509_cases
check for critical policy extension when not supported
2024-04-05 15:59:03 -04:00
Daniel Pouzzner 7d66cc46ff Merge pull request #7375 from mrdeep1/fix_rpk
RPK: Define Certificates correctly for (D)TLS1.2
2024-04-05 15:48:25 -04:00
Daniel Pouzzner 2ba12a89df Merge pull request #7386 from anhu/reseed_public
Make wc_RNG_DRBG_Reseed() a wolfCrypt API.
2024-04-05 14:27:26 -04:00
Anthony Hu cf2f58bfdf Merge pull request #7395 from douzzer/20240403-RPK-cleanups
20240403-RPK-cleanups
2024-04-05 13:43:15 -04:00
Anthony Hu 3908bc34ed Merge pull request #7399 from douzzer/20240405-tls-endian-fixes
20240405-tls-endian-fixes
2024-04-05 13:40:07 -04:00
jordan d0802335a8 Add wc_XmssKey_ExportPubRaw to wolfcrypt test. 2024-04-05 12:09:04 -05:00
Daniel Pouzzner cdf2504612 fixes for non-portable (endian-sensitive) code patterns around word16 in TLS layer. 2024-04-05 10:42:05 -05:00
Kaleb Himes 9d56484d33 Merge pull request #7398 from douzzer/20240404-fips-VERSION3
20240404-fips-VERSION3
2024-04-05 07:53:32 -06:00
Daniel Pouzzner 9542843874 wolfssl/wolfcrypt/settings.h: streamline definitions of WOLFSSL_FIPS_VERSION_CODE for the !HAVE_FIPS and !HAVE_FIPS_VERSION cases; add WOLFSSL_FIPS_VERSION2_CODE and fix the incumbent FIPS_VERSION_{LT,LE,EQ,GE,GT} definitions to use it. 2024-04-04 22:27:51 -05:00
kaleb-himes ae2a92e449 add "VERSION3" variants of macros for testing and computing FIPS versions. 2024-04-04 17:39:07 -05:00
Daniel Pouzzner 747755b3c4 fixes for analyzer carps around HAVE_RPK:
fix clang-analyzer-deadcode.DeadStores in src/tls.c TLSX_ClientCertificateType_GetSize();

fix clang-analyzer-deadcode.DeadStores in tests/api.c test_tls13_rpk_handshake();

fix null pointer to XMEMCPY() in src/internal.c CopyDecodedName().
2024-04-04 00:15:01 -05:00
JacobBarthelmeh 8b587b563c Merge pull request #7286 from Frauschi/hybrid_signatures
Improvements to dual algorithm certificates
2024-04-03 13:37:16 -06:00
Daniel Pouzzner 8511b2dc6b ProcessBuffer(): in WOLFSSL_DUAL_ALG_CERTS code path, fall through without disrupting ret, if cert->sapkiOID and cert->sapkiLen are unset. 2024-04-03 13:54:57 -05:00
David Garske 57603823e3 Merge pull request #7387 from JacobBarthelmeh/sm2
fix for oss-fuzz sm2 test build
2024-04-03 10:08:46 -07:00
JacobBarthelmeh f6a24efe23 Merge pull request #7389 from dgarske/nxp_mmcau_sha256
Fix the NXP MMCAU HW acceleration for SHA2-256
2024-04-03 10:39:04 -06:00
Anthony Hu 9bfab33726 Address comments from Jacob. 2024-04-03 09:04:28 -04:00
David Garske d7c6d7af44 Fix the NXP MMCAU HW acceleration for SHA2-256. Broken with LMS SHA2 refactor. 2024-04-02 19:32:41 -07:00
JacobBarthelmeh c768f76d5a Merge pull request #7315 from fabiankeil/disable-3des-ciphers
Allow to enable DES3 support without the DES3 ciphers
2024-04-02 17:48:01 -06:00
JacobBarthelmeh 75da69911c Merge pull request #7369 from dgarske/infineon_modustoolbox
Support for Infineon Modus Toolbox with wolfSSL
2024-04-02 17:34:07 -06:00
JacobBarthelmeh 983616afa0 check for critical policy extension when not supported 2024-04-02 16:46:47 -06:00
JacobBarthelmeh 04ebc966d0 Merge pull request #7385 from philljj/spelling_cleanup
Used codespell and fixed obvious typos.
2024-04-02 14:35:51 -06:00
JacobBarthelmeh d4f5825fd2 fix for sp build with ecc_map_ex 2024-04-02 11:40:53 -06:00
JacobBarthelmeh ed4f052215 Merge pull request #7382 from bandi13/reEnableTest
Revert "Disable broken library"
2024-04-02 10:51:50 -06:00
JacobBarthelmeh b334750bf2 Merge pull request #7383 from embhorn/zd17763
Fix build error with RECORD_SIZE defined
2024-04-02 10:51:11 -06:00
Anthony Hu 598a3bfdcd Make wc_RNG_DRBG_Reseed() a wolfCrypt API. 2024-04-02 12:33:35 -04:00
jordan b65e42bf4d Used codespell and fixed obvious typos. 2024-04-02 10:19:39 -05:00
Eric Blankenhorn e072677379 Fix build error with RECORD_SIZE defined 2024-04-02 10:02:35 -05:00
Fabian Keil 790129ee71 cmake: Add WOLFSSL_DES3_TLS_SUITES option 2024-04-02 16:27:11 +02:00
Daniel Pouzzner 092dba4593 wolfcrypt/src/asn.c: fix for benign identicalInnerCondition in ParseCertRelative(). 2024-04-01 23:50:05 -05:00
Anthony Hu 10d210ce26 Parenthesis 2024-04-01 19:05:59 -04:00
Anthony Hu 2d532dd6b8 Clean up after another round of analyzer execution. 2024-04-01 18:56:44 -04:00
Andras Fekete 6524fbb43f Revert "Disable broken library"
This reverts commit ce52a68c3d.
2024-04-01 18:11:42 -04:00
Anthony Hu 3a3a7c2a67 Forgot to clean up the preTBS. 2024-04-01 17:37:04 -04:00
Anthony Hu 6a4d4bf6f1 cks_order is used later; don't let it fall out of scope. 2024-04-01 17:37:03 -04:00
Anthony Hu 8f599defe0 Add check inspired by original implementation of asn. 2024-04-01 17:37:03 -04:00
Daniel Pouzzner 2f3495f286 src/tls13.c: remove unreachable break in DoTls13CertificateVerify().
tests/api.c: fix various use-after-frees of file in do_dual_alg_root_certgen() and do_dual_alg_server_certgen().
2024-04-01 17:37:03 -04:00
Anthony Hu e4b7857e43 If WOLFSSL_TRUST_PEER_CERT is defined, the negative test is no longer negative. 2024-04-01 17:37:03 -04:00
Tobias Frauenschläger 136eaae4f1 Improvements to dual alg certificates
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
	(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
  file/buffer
* More API support for alternative private keys

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-04-01 17:37:03 -04:00