wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 17:49:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,291 Commits 12 Branches 184 Tags
3b75a410067d0f3d7956fbb62bd2689fa96e19f5
Commit Graph

21291 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
3b75a41006 Merge pull request #7057 from kaleb-himes/fix-fips-140-3-pr-failure 
Address fips 140-3 failures with wolfEngine support enabled
 2023-12-12 16:15:40 -08:00
kaleb-himes
ca5adfaecb Add comments per peer review 2023-12-12 15:21:28 -07:00
kaleb-himes
db7f08e12f Address fips 140-3 failures with wolfEngine support enabled 2023-12-12 15:14:51 -07:00
Sean Parkinson
ce74a34154 Merge pull request #7019 from dgarske/armasm_mmcau 
Patch to support NXP Kinetis MMCAU SHA2-256 with ARM ASM
 2023-12-13 07:26:11 +10:00
Sean Parkinson
6e953e4d53 Merge pull request #7044 from julek-wolfssl/zd/17137 
ocsp: don't error out if we can't verify our certificate
 2023-12-13 07:23:46 +10:00
Juliusz Sosinowicz
51ba745214 ocsp: don't error out if we can't verify our certificate 
We can omit either the CeritificateStatus message or the appropriate extension when we can not provide the OCSP staple that the peer is asking for. Let peer decide if it requires stapling and error out if we don't send it.
 2023-12-12 14:49:52 +01:00
Sean Parkinson
1aed438a21 Merge pull request #7053 from douzzer/20231208-asn-big-short-ints 
20231208-asn-big-short-ints
 2023-12-12 13:53:37 +10:00
Sean Parkinson
043dde18be Merge pull request #7048 from anhu/PQ_uninit_key_free 
Prevent freeing uninitialized keys
 2023-12-12 13:47:30 +10:00
Kaleb Himes
00a1c68f97 Merge pull request #7052 from dgarske/stm32_fips 
Fix to resolve collision between FIPS `RNG` in settings.h and STM32 HAL header
 2023-12-11 16:12:07 -07:00
Daniel Pouzzner
c1b5135918 wolfcrypt/src/evp.c and wolfcrypt/test/test.c: in FIPS builds <5.3, gate out AES-XTS functionality that depends on new APIs added in #7031 (b14aba48af and 931ac4e568) (AES-XTS is non-FIPS in FIPS <5.3). 2023-12-11 12:14:29 -06:00
Daniel Pouzzner
9c17d5d2fa support ASN ShortInts up to 4 bytes (2^32-1): 
* parameterize MAX_LENGTH_SZ using overrideable WOLFSSL_ASN_MAX_LENGTH_SZ, default value 5 (raised from 4).
* refactor other Misc_ASN constants to refer to MAX_LENGTH_SZ as appropriate.
* tweak BytePrecision() appropriately.
* refactor SetShortInt() to use BytePrecision() and include a length assert against MAX_SHORT_SZ to assure no buffer overruns with reduced WOLFSSL_ASN_MAX_LENGTH_SZ.
 2023-12-11 12:14:29 -06:00
David Garske
f068bebb94 Fix to resolve collision between RNG in settings.h and the STM32 Cube HAL (ex: stm32h7xx.h). In STM32 platforms we use NO_OLD_RNGNAME (see https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_stm32.h#L616) 2023-12-11 10:01:21 -08:00
David Garske
540012844b Merge pull request #7049 from lealem47/ghIssue6983 
Enable cURL and QUIC from CMake
 2023-12-11 09:40:31 -08:00
David Garske
cb6676fa27 Merge pull request #7030 from julek-wolfssl/gh/7000 
Store ssl->options.dtlsStateful when exporting DTLS session
 2023-12-11 09:39:54 -08:00
David Garske
b5eb8995c9 Fix possible unused variable warning. 2023-12-11 09:22:47 -08:00
Juliusz Sosinowicz
4ce4dd7479 Use correct size for memset 2023-12-11 14:30:54 +01:00
Sean Parkinson
03a82711aa Merge pull request #7036 from anhu/SCSV 
Make sure to send SCSV when application sets ciphersuites
 2023-12-11 07:15:23 +10:00
JacobBarthelmeh
ac447d1afb Merge pull request #7031 from douzzer/20231201-openssl-compat-fixes 
20231201-openssl-compat-fixes
 2023-12-08 17:25:53 -07:00
JacobBarthelmeh
f708d42ef7 Merge pull request #7046 from dgarske/crl_cleanups 
Various cleanups - CRL and comments - 20231207
 2023-12-08 17:15:01 -07:00
JacobBarthelmeh
38eddd7f89 Merge pull request #7043 from gojimmypi/PR-Espressif-README 
Espressif README files
 2023-12-08 17:11:59 -07:00
David Garske
8a5a467543 Patch to support NXP Kinetis MMCAU SHA2-256 (FREESCALE_MMCAU_CLASSIC_SHA) with --enable-armasm. 2023-12-08 15:56:20 -08:00
Lealem Amedie
de4bd42de0 Enable cURL and QUIC from CMake 2023-12-08 15:57:29 -07:00
kareem-wolfssl
0c9555b29e Merge pull request #7045 from julek-wolfssl/memcached-retry 
Retry memcached tests 3 times on error
 2023-12-08 14:03:54 -07:00
JacobBarthelmeh
0ba3646f32 Merge pull request #7037 from gojimmypi/PR-Expressif-Benchmark 
Espressif benchmark update
 2023-12-08 13:51:44 -07:00
Juliusz Sosinowicz
1bf0d8c896 Use SIGKILL to actually kill the runner 2023-12-08 20:23:00 +01:00
Anthony Hu
40015a06c4 Prevent freeing uninitialized keys 2023-12-08 13:52:24 -05:00
gojimmypi
62c0910e15 sync w/upstream; resolve merge conflict 2023-12-08 09:06:10 -08:00
JacobBarthelmeh
448b83697a Merge pull request #7035 from gojimmypi/PR-Espressif-wolfcrypt 
Espressif wolfcrypt updates
 2023-12-08 09:07:46 -07:00
JacobBarthelmeh
ae9632b14a Merge pull request #7025 from bandi13/universalScriptSimplify 
Massively simplify apple-universal script
 2023-12-08 09:03:30 -07:00
Juliusz Sosinowicz
6c7b47e003 Store ssl->options.dtlsStateful when exporting DTLS session 2023-12-08 15:35:34 +01:00
Juliusz Sosinowicz
21381b939b Retry memcached tests 3 times on error 2023-12-08 13:53:08 +01:00
gojimmypi
17c663b257 Espressif README files 2023-12-07 16:21:50 -08:00
David Garske
434526c345 Expand WOLFSSL_NO_CRL_DATE_CHECK to the process cert CRL next date check. Fix typo for DEBUG_CRYPTOCB. Add comments for wc_ValidateDate arguments. Improve linker script example for FIPS to put stdlib before FIPS and not force KEEP. 2023-12-07 14:45:16 -08:00
JacobBarthelmeh
c4b77adf48 Merge pull request #7007 from night1rider/ardunio-wolfssl 
Ardunio Fixes relating to internal Intel Galileo Tests
 2023-12-07 14:48:58 -07:00
Sean Parkinson
6c8bf7be55 Merge pull request #6963 from julek-wolfssl/dynamic-certs-n-ciphers 
Add API to choose dynamic certs based on client ciphers/sigalgs
 2023-12-08 07:45:36 +10:00
Sean Parkinson
61b0efce4f Merge pull request #7039 from embhorn/zd17127 
Check for neg size in fp_read_unsigned_bin
 2023-12-08 07:44:09 +10:00
gojimmypi
5e5286d30d Merge branch 'master' of https://github.com/wolfSSL/wolfssl into PR-Expressif-Benchmark 2023-12-07 13:26:20 -08:00
Eric Blankenhorn
27e93276de Check for neg size in fp_read_unsigned_bin 2023-12-07 14:26:12 -06:00
Anthony Hu
9fda21748a for clients only 2023-12-07 14:05:33 -05:00
JacobBarthelmeh
5caa71ec6a Merge pull request #7038 from SparkiDev/heapmath_mp_add_d 
Heapmath mp_add_d: fix for when a and c same pointer
 2023-12-07 10:04:13 -07:00
JacobBarthelmeh
9d0bb4c2bf Merge pull request #7040 from dgarske/win_vs 
Fixes for building wolfSSL in Visual Studio
 2023-12-07 10:02:33 -07:00
Anthony Hu
3c5b402740 Make sure to send SCSV when application sets ciphersuites 2023-12-07 11:53:55 -05:00
Juliusz Sosinowicz
fbe79d7317 Code review 2023-12-07 11:13:16 +01:00
Daniel Pouzzner
803b17a8b3 src/ssl_crypto.c: in wolfSSL_CMAC_CTX_free(), gate wc_CmacFree() on !FIPS || FIPS>=5.3. 2023-12-06 23:04:52 -06:00
Daniel Pouzzner
106e39bd76 tests/api.c: in test_wc_CmacFinal(), don't use wc_CmacFinalNoFree() if FIPS <5.3. 2023-12-06 21:58:55 -06:00
Daniel Pouzzner
931ac4e568 add documentation for wc_AesXtsInit(), wc_AesXtsSetKeyNoInit(), wc_CmacFinalNoFree(), and wc_CmacFree(); 
rename wc_AesXtsSetKey_NoInit() to wc_AesXtsSetKeyNoInit() for morphological consistency;

refactor wc_AesXtsSetKey() to call wc_AesXtsSetKeyNoInit() and clean up on failure;

readability tweak in wolfSSL_EVP_CipherFinal().
 2023-12-06 19:26:46 -06:00
Daniel Pouzzner
b14aba48af wolfcrypt/src/cmac.c: add wc_CmacFree(), revert wc_CmacFinal(), rename wc_CmacFinal() as wc_CmacFinalNoFree() removing its deallocation clauses, and add new wc_CmacFinal() that calls wc_CmacFinalNoFree() then calls wc_CmacFree() unconditionally, for compatibility with legacy client code (some of which may have previously leaked). 
tests/api.c: modify test_wc_CmacFinal() to use wc_CmacFinalNoFree() except for the final call.

wolfcrypt/src/aes.c:
* fix wc_AesEaxEncryptAuth() and wc_AesEaxDecryptAuth() to call wc_AesEaxFree() only if wc_AesEaxInit() succeeded.
* fix wc_AesEaxInit() to free all resources on failure.
* revert wc_AesEaxEncryptFinal() and wc_AesEaxDecryptFinal() changes, then change wc_CmacFinal() calls in them to wc_CmacFinalNoFree() calls.
* wc_AesEaxFree(): add wc_CmacFree() calls.
 2023-12-06 16:55:57 -06:00
Sean Parkinson
c6d6100136 Merge pull request #7010 from julek-wolfssl/dtls13-0.5-rtt 
dtls13: Add support for 0.5-RTT data
 2023-12-07 08:41:42 +10:00
JacobBarthelmeh
0ffb586030 Merge pull request #7032 from SparkiDev/sp_int_neg_mont_red 
SP int neg sp_mont_red_ex: disallow negative numbers
 2023-12-06 15:04:46 -07:00
Sean Parkinson
226c631feb Heapmath mp_add_d: fix for when a and c same pointer 
When parameters a and c to mp_add_d are the same pointer, c->sign was
being set to zero/positive and then a->sign was being checked.
Set the c->sign at end as it will always be zero/positive through the
code and the sign of the result isn't otherwise used.
 2023-12-07 07:51:43 +10:00