wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 13:32:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,388 Commits 12 Branches 184 Tags
51d66877f7dcfd090673862bb7288951ab960bb3
Commit Graph

16388 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hayden Roche
51d66877f7 Add wolfSSL_EVP_PKEY_paramgen to the compatibility layer. 
Currently, it only supports ECC, which is all we need it for for the OpenSplice
port we're working on. In the ECC case, all it needs to do is set the group
appropriately. The logic is very similar to `wolfSSL_EVP_PKEY_keygen`, minus
the final step of actually generating the key.
 2022-02-23 13:59:15 -08:00
David Garske
fef8a57eb2 Merge pull request #4880 from julek-wolfssl/plain-alert 
Detect if we are processing a plaintext alert
 2022-02-22 10:11:08 -08:00
David Garske
e8c9a413ca Merge pull request #4878 from SparkiDev/sp_x64_oob_write_fix_1 
ECC with SP math: OOB write
 2022-02-22 09:53:32 -08:00
David Garske
b40226099d Merge pull request #4877 from SparkiDev/sp_x64_asm_fix_1 
SP asm: fix map function to use p not point
 2022-02-22 09:50:53 -08:00
Sean Parkinson
d10900e124 ECC with SP math: OOB write 
Don't let input points ordinates be greater than modulus in length.
 2022-02-22 17:00:23 +10:00
Sean Parkinson
78f116b27f SP asm: fix map function to use p not point 2022-02-22 16:33:24 +10:00
Sean Parkinson
2a750acf03 Merge pull request #4873 from dgarske/async_v5.2.0 
Asynchronous Release v5.2.0: TLS 1.3 HelloRetryRequest
 2022-02-22 10:35:17 +10:00
David Garske
250a06f759 Merge pull request #4865 from SparkiDev/sp_int_mont_red 
SP int: Montgomery Reduction
 2022-02-21 16:20:17 -08:00
David Garske
31abc99f6f Fix for async handling of TLS v1.3 hello retry broken in #4863. 2022-02-21 14:14:20 -08:00
David Garske
6a81cc976e Merge pull request #4872 from SparkiDev/tls13_empty_cert_cli 
TLS 1.3: fail immediately if server sends empty certificate message
 2022-02-21 14:10:40 -08:00
David Garske
38d4da56ab Merge pull request #4857 from julek-wolfssl/ZD13631 
Reported in ZD13631
 2022-02-21 14:01:51 -08:00
David Garske
d834c50c85 Merge pull request #4858 from julek-wolfssl/ZD13611 
Reported in ZD13611
 2022-02-21 14:01:42 -08:00
David Garske
e6c07a296d Merge pull request #4866 from ejohnstown/release 
Prepare for release 5.2.0
v5.2.0-stable 		2022-02-21 09:09:58 -08:00
Sean Parkinson
9263e6ead3 TLS 1.3: fail immediately if server sends empty certificate message 2022-02-21 21:34:13 +10:00
John Safranek
ad8bf40b5e Update readme for release. 2022-02-20 13:05:04 -08:00
John Safranek
bb8af1cac5 Prepare for release 5.2.0 
1. Update versions as appropriate.
2. Modify FreeAtomicUser() to only free the Aes data in the callback
   contexts if the contexts exist.
 2022-02-18 13:55:22 -08:00
David Garske
ffb4ae07df Merge pull request #4871 from wolfSSL/small-leak 
Fix Small Memory Leaks
 2022-02-18 13:53:56 -08:00
John Safranek
041d300b2b Fix Small Memory Leaks 
Found with the configuration running the unit test through valgrind.

    % ./configure CFLAGS=-DNO_WOLFSSL_CIPHER_SUITE_TEST \
      --enable-all --disable-fastmath --enable-debug --disable-shared

1. ssl.c: In wolfSSL_DSA_generate_key(), we initialize (and allocate)
   all the parameters in the key (p, q, g, x, y), and then we generate a
   key, initializes (and allocates) x and y, again. mp_clear them
   first.
2. evp.c: When printing public keys, the temporary mp_int wasn't getting
   correctly freed.
3. evp.c: When printing public keys, modified the utility functions to
   return once with a do-while-0 loop.
 2022-02-18 10:01:49 -08:00
John Safranek
4b0c8c07f4 Merge pull request #4870 from elms/fix/tls13_renegotiation_info_ext 
tls13: fix not including RENEGOTIATION_INFO ext
 2022-02-17 13:09:02 -08:00
elms
208c457348 tls13: fix to not send RENEGOTIATION_INFO ext 
Introduced in PR #4742 to enable sending of extension in TLS1.2
without fully supporting secure renegotiation in accordance with
RFC 5746 4.3 https://datatracker.ietf.org/doc/html/rfc5746#section-4.3
 2022-02-17 11:22:17 -08:00
David Garske
95ae242550 Merge pull request #4869 from wolfSSL/silabs-aes 
SILABS port: fix sizeof
 2022-02-17 10:45:47 -08:00
David Garske
b343c2691b Merge pull request #4867 from maximevince/master 
Fix WOLFSSL_NO_TLS12 for Async dev
 2022-02-17 10:18:18 -08:00
John Safranek
4361d1bdd2 SILABS port: fix sizeof 
A sizeof wasn't dereferencing a pointer using the sizeof the pointer and
not the actual struct. This is limited to setting the key for an AES
operation only when using SILABS SE2 acceleration.
 2022-02-17 08:52:46 -08:00
Maxime Vincent
111ae9da84 Fix WOLFSSL_NO_TLS12 for Async dev 2022-02-17 08:10:19 +01:00
Juliusz Sosinowicz
c5875cfc5a Detect if we are processing a plaintext alert 2022-02-16 10:50:44 +01:00
David Garske
df0b516c68 Merge pull request #4863 from SparkiDev/tls13_auth 
TLS 1.3: improved checks on received message type
 2022-02-15 11:33:34 -08:00
Juliusz Sosinowicz
15d0dd258a Add cert test for UID name component 2022-02-15 14:05:46 +01:00
Sean Parkinson
ea5785f6fd SP int: Montgomery Reduction 
Improve performance for ECC curves when all bits in words are used (mask
is 0).
On 64-bit platforms, improves performance for 256 and 384 bit curves.
On 32-bit platforms, improves performance for 224, 256, 384 bit curves.
 2022-02-15 17:19:57 +10:00
Sean Parkinson
94c03a77f5 TLS 1.3: improved checks on received message type 
pskNegotiated field added to indicate Session Ticket or PSK negotiated.

peerAuthGood field added to indicate that any require peer
authentication (certificate, if required, or PSK) have been performed.
 2022-02-15 13:25:16 +10:00
Sean Parkinson
9906c9c55e Merge pull request #4862 from dgarske/no_server 
Fix typo for no server
 2022-02-15 10:31:12 +10:00
David Garske
07045083a9 Merge pull request #4859 from SparkiDev/sp_int_thumb_small 
SP int: fixup ARM Thumb asm for small builds
 2022-02-14 16:07:50 -08:00
Sean Parkinson
6571151d17 SP int: fixup ARM Thumb asm for small builds 
Small builds or arm Thumb can't use r7.
 2022-02-15 08:34:21 +10:00
David Garske
c992ddbfc0 Merge pull request #4853 from SparkiDev/curve448_128bit_perf 
Curve448: inline Karatsuba in sqr and mul for 128-bit impl
 2022-02-14 12:04:57 -08:00
David Garske
16566f329e Fix typo for no server. Should be NO_WOLFSSL_SERVER. 2022-02-14 10:37:34 -08:00
David Garske
ff4ee20f05 Merge pull request #4860 from SparkiDev/disable_hmac 
Configure HMAC: define NO_HMAC when HMAC disabled
 2022-02-14 10:08:32 -08:00
Juliusz Sosinowicz
445ed2f234 Reported in ZD13631 
`ssl->peerVerifyRet` wasn't being cleared when retrying with an alternative cert chain
 2022-02-14 11:01:59 +01:00
Sean Parkinson
f02296a4e6 Configure HMAC: define NO_HMAC when HMAC disabled 2022-02-14 17:22:10 +10:00
Sean Parkinson
38653510eb Curve448: inline Karatsuba in sqr and mul for 128-bit impl 2022-02-14 09:09:57 +10:00
Juliusz Sosinowicz
4e5380668c Reported in ZD13611 
The `UID` name component could not be parsed if it appears in a subject or issuer name
 2022-02-12 00:36:07 +01:00
David Garske
2fa542eb28 Merge pull request #4846 from haydenroche5/fips_mode_compat 
Implement FIPS_mode and FIPS_mode_set in the compat layer.
 2022-02-11 12:50:30 -08:00
David Garske
88f202aa22 Merge pull request #4855 from julek-wolfssl/issue-4854 
wolfSSL_get_error may return SSL_ERROR_NONE on ret <= 0
 2022-02-11 09:01:16 -08:00
Juliusz Sosinowicz
4f8ffc4586 wolfSSL_get_error may return SSL_ERROR_NONE on ret <= 0 
Fix docs mismatch reported in https://github.com/wolfSSL/wolfssl/issues/4854
 2022-02-11 12:37:12 +01:00
Daniel Pouzzner
34b6102816 Merge pull request #4847 from douzzer/20220209_clang-Os 
fixes for clang -Os on clang >= 12.0.0
 2022-02-10 21:31:01 -06:00
Chris Conlon
7da3b8458a Merge pull request #4851 from miyazakh/update_RA6M3_rmunsrc 2022-02-10 18:14:09 -07:00
Daniel Pouzzner
fbf38fff07 wolfcrypt/src/sp_int.c: fix comment around clang-12+ -Os. 2022-02-10 16:43:17 -06:00
Daniel Pouzzner
5c9510d92e fips_check.sh: for linuxv2 add COPY_DIRECT with wolfcrypt/src/{aes_asm.S,aes_asm.asm}; for linuxv5 add wolfcrypt/src/aes_gcm_asm.S to COPY_DIRECT; fix whitespace. 2022-02-10 16:01:08 -06:00
Daniel Pouzzner
cbc253d713 wolfcrypt/test/test.c: gate ecc_encrypt_e2e_test() on !HAVE_FIPS || FIPS_VERSION_GE(5,3). 2022-02-10 16:00:52 -06:00
Daniel Pouzzner
c581e13380 bwrap tweaks: 
in scripts/ocsp.test, don't call ping.test when $AM_BWRAPPED = yes (ping is setuid, so fails under bwrap);

in scripts/unit.test.in, don't bwrap if $AM_BWRAPPED = yes (double-bwrapping always fails);

in testsuite/testsuite.c testsuite_test(), build tempName using tempDir, and try to assign tempDir from XGETENV("TMPDIR"), fallback to hardcoded "/tmp".
 2022-02-10 15:54:39 -06:00
Daniel Pouzzner
91578df19d fixes for clang -Os on clang >= 12.0.0; fixes for bugs in blake2s. 2022-02-10 15:54:10 -06:00
Hayden Roche
562fcd3916 Implement FIPS_mode and FIPS_mode_set in the compat layer. 2022-02-10 13:14:05 -08:00