wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 14:02:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,821 Commits 12 Branches 184 Tags
37c0d52fa892b224fc304fd78786f6276076a6eb
Commit Graph

20821 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juliusz Sosinowicz
37c0d52fa8 Dump manual memio stream with WOLFSSL_DUMP_MEMIO_STREAM 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
c802193119 Simplify the pqc keyshare handling 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
0dbf97c867 fixup! Clear the keyshare instead of storing it 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
230f81712c fixup! Clear the keyshare instead of storing it 2023-10-09 12:54:11 +02:00
Anthony Hu
f640fdf91f Adding a post-quantum DTLS 1.3 test. 
This exercises the fragmenting of ClientHello via large post-quantum key share.

./configure --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtls \
            --enable-dtls13 --with-liboqs
 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
ada785e115 Address code review 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
8da863184c Force DTLS 1.3 when accepting fragmented CH 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
df8ee69075 Clear the keyshare instead of storing it 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz
85a596e54a DTLS 1.3: allow fragmenting the second ClientHello message 
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
 2023-10-09 12:54:11 +02:00
Sean Parkinson
832e0f3726 Merge pull request #6842 from kaleb-himes/fix-err-introduce-with-cm-move 
Fix -4 return code when expected BAD_FUNC_ARG(-173)
 2023-10-09 07:04:24 +10:00
JacobBarthelmeh
c082216661 Merge pull request #6836 from anhu/iar_ewarm_gitignore 
Changes to what gets ignored by git for the IAR-EWARM IDE
 2023-10-06 20:57:25 -06:00
JacobBarthelmeh
5cb80ea898 Merge pull request #6847 from embhorn/zd16767 
Fix wolfSSL_set_verify_result to use correct value
 2023-10-06 16:52:32 -06:00
Eric Blankenhorn
b329c0d5f4 Fix wolfSSL_set_verify_result to use correct value 2023-10-06 16:34:31 -05:00
Anthony Hu
52a9730f56 Changes to gitignore for IAR-EWARM IDE. 2023-10-06 17:02:22 -04:00
JacobBarthelmeh
fd2d098566 Merge pull request #6821 from bigbrett/aes-eax 
AES EAX mode
 2023-10-06 14:14:28 -06:00
Brett Nicholas
fafb9e81c0 Add support for AES EAX mode, as described in https://eprint.iacr.org/2003/069 2023-10-06 11:10:06 -06:00
JacobBarthelmeh
a7950a3739 Merge pull request #6846 from SparkiDev/aes_xts_arm_hw_crypto 
Aarch64 and ARM32 AES XTS with crypto instructions
 2023-10-06 09:58:38 -06:00
JacobBarthelmeh
a24d66939f Merge pull request #6843 from embhorn/gh6760_take2 
Fix RNG with writedup
 2023-10-06 09:11:33 -06:00
Sean Parkinson
862a98abe0 Aarch64 and ARM32 AES XTS with crypto instructions 
Optimised assembly of AES-XTS for Aarch64 and ARM32 using hardware
crypto instructions.
Aarch64 has loop unrolling.
Update aes.c to not have AES-XTS implementation when assembly
compilable.
Update test of AES-XTS to check expected cipher text of partial block
encryption.
 2023-10-06 12:39:31 +10:00
kaleb-himes
e51399ca0f Do the success checkout out front 2023-10-05 17:05:36 -06:00
JacobBarthelmeh
5a5a8c9b47 Merge pull request #6841 from julek-wolfssl/fix-all-scr 
Fixes for bugs exposed with SCR
 2023-10-05 16:55:01 -06:00
JacobBarthelmeh
c26ad8d19a Merge pull request #6828 from SparkiDev/mp_sqrtmod_prime_cust_curve 
mp_sqrtmod_prime: bail early on the check for small values
 2023-10-05 16:32:01 -06:00
JacobBarthelmeh
22b838c22b Merge pull request #6799 from kojo1/no_malloc 
fix NO_MALLOC guard in an error case
 2023-10-05 16:23:54 -06:00
Eric Blankenhorn
a494d04f10 Fix RNG with writedup 2023-10-05 16:03:42 -05:00
kaleb-himes
4bb6c51d2d Fix -4 return code when expected BAD_FUNC_ARG(-173) 2023-10-05 14:20:37 -06:00
JacobBarthelmeh
2c4556c797 Merge pull request #6835 from julek-wolfssl/no-ossl-defs-in-release 
Add option to disable OPENSSL_COMPATIBLE_DEFAULTS
 2023-10-05 10:47:50 -06:00
JacobBarthelmeh
1b4435d134 Merge pull request #6839 from julek-wolfssl/eol-repos 
Remove unsupported distros from readme badge
 2023-10-05 10:46:49 -06:00
JacobBarthelmeh
a333e775c7 Merge pull request #6837 from anhu/doc_corr 
Minor correction to documentation
 2023-10-05 10:46:12 -06:00
Chris Conlon
6968105984 Merge pull request #6831 from miyazakh/renesas_tsip_fix 
fix compile error due to rz port change
 2023-10-05 09:43:34 -06:00
Juliusz Sosinowicz
858c66de3c Add configs that exposed this bug 2023-10-05 16:58:45 +02:00
Juliusz Sosinowicz
89946126f2 Remove dtls_expected_rx and use expected values directly 
We should always read MTU + EXTRA so that we capture the entire message and are able to correctly decrypt the entire datagram. A smaller MTU also breaks larger handshake messages sent during a connection like secure renegotiation in DTLS 1.2 (confirmed) and post-handshake messages in DTLS 1.3 (suspected).
 2023-10-05 16:58:45 +02:00
Juliusz Sosinowicz
80c8c62fb2 Proper initial_ctx clean up 
- Call wolfSSL_CTX_free on ssl->initial_ctx so that it decrements the counter and free's the object
- Clean up where ssl->initial_ctx is free'd. It only needs to be free'd when the ssl object is being free'd
 2023-10-05 16:58:45 +02:00
Juliusz Sosinowicz
9abc611550 Update dtls in readme 2023-10-05 13:32:58 +02:00
Juliusz Sosinowicz
6b28a68e42 Add DTLS 1.3 to README 2023-10-05 13:26:35 +02:00
Juliusz Sosinowicz
c88fec1534 Remove unsupported distros from readme badge 2023-10-05 13:22:34 +02:00
Juliusz Sosinowicz
8ce8359bd7 Add option to disable OPENSSL_COMPATIBLE_DEFAULTS 2023-10-05 10:30:44 +02:00
Anthony Hu
630d75153f Minor correction to documentation 2023-10-04 16:51:55 -04:00
JacobBarthelmeh
96205fc80d Merge pull request #6820 from julek-wolfssl/zd/16550-int-crl 
CRL verify the entire chain including loaded CA's
 2023-10-04 14:37:50 -06:00
David Garske
4d81725438 Merge pull request #6832 from jpbland1/cryptocb-key-context 
add devCtx to all keys for use in cryptoCb
 2023-10-04 09:34:06 -07:00
JacobBarthelmeh
94043723c9 Merge pull request #6833 from douzzer/20231003-options-h-flag-order-etc 
20231003-options-h-flag-order-etc
 2023-10-04 09:01:58 -06:00
Daniel Pouzzner
45b613ee55 wolfcrypt/test/test.c: fix error codes in hpke_test_single(), hpke_test(), and ecc521_test_deterministic_k(). 2023-10-03 22:44:11 -05:00
Daniel Pouzzner
71649388a0 configure.ac: in options.h generation, fix order of flags to match Makefile order. 2023-10-03 21:11:59 -05:00
John Bland
f4acc8f33d add devCtx to all keys for use in cryptoCb 2023-10-03 19:29:36 -04:00
Hideki Miyazaki
f9fb966bb4 fix compile error due to rz port change 2023-10-04 06:47:12 +09:00
JacobBarthelmeh
88d25036a0 Merge pull request #6823 from rizlik/stale_suites_fix 
fix: tls13: don't use stale suites pointers in CheckPreSharedKeys
 2023-10-03 11:41:53 -06:00
Juliusz Sosinowicz
7baf151c37 CRL verify the entire chain including loaded CA's 
- Regen CRL's as most of them are expired
- certs/crl/extra-crls/ca-int-cert-revoked.pem: CRL that revokes certs/intermediate/ca-int-cert.pem signed by certs/ca-cert.pem
- Add CheckCertCRL_ex API to not depend on DecodedCert
- CheckCertCRLList: accept raw serial or hashed version to work with Signers
- Add XELEM_CNT to simplify pre-proc element counting
 2023-10-03 11:45:43 +02:00
Sean Parkinson
e55e6790dd mp_sqrtmod_prime: bail early on the check for small values 
When using custom curves, only use the first 22 values with the prime to
calculate Legendre symbol. The known curves work and defeats long running
times when non-prime values are passed in.
 2023-10-03 16:48:34 +10:00
Daniel Pouzzner
5066771f10 Merge pull request #6824 from bandi13/PRB-fips-ready-config-issues 
Fix issue created by 62c14e4d5b
 2023-10-03 00:47:14 -04:00
JacobBarthelmeh
1a3bf5e932 Merge pull request #6822 from douzzer/20230930-aes-xts-test-gate 
20230930-aes-xts-test-gate
 2023-10-02 17:57:17 -06:00
Andras Fekete
47f0d5a5d0 Fix issue created by 62c14e4d5b 2023-10-02 12:34:33 -04:00