wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 18:42:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,218 Commits 12 Branches 184 Tags
75b178f66640741dec97bda2d3314143a32db47f
Commit Graph

3751 Commits

Author SHA1 Message Date
Sean Parkinson
4594151588 Merge pull request #7418 from ejohnstown/generic-pool 
Generic Memory Pools
 2024-05-01 08:53:56 +10:00
Daniel Pouzzner
442d3f30cc src/ssl.c: refactor fix in wolfSSL_RAND_bytes() for race on initGlobalRNG to retain the initial check on initGlobalRNG, and just recheck it, to avoid possible access to uninitialized globalRNGMutex. 2024-04-25 23:47:39 -05:00
Daniel Pouzzner
963e14a1fe src/ssl.c: code style tweak from peer review. 2024-04-25 22:09:28 -05:00
Daniel Pouzzner
8e8e9bd0eb src/ssl.c: fix races in wolfSSL_Init() and wolfSSL_RAND_bytes(). 2024-04-25 22:09:28 -05:00
Sean Parkinson
c8e51112c3 Merge pull request #7372 from julek-wolfssl/zd/17435 
Add secret logging callback to TLS <= 1.2
 2024-04-26 09:41:58 +10:00
Juliusz Sosinowicz
c62faa048c Add secret logging callback to TLS <= 1.2 2024-04-25 17:11:07 +02:00
Anthony Hu
329650fb4c Get rid of some code with NO_OLD_TLS 2024-04-24 16:00:45 -04:00
John Safranek
2168b154b6 Generic Memory Pools 
1. Modify wolfSSL_CTX_load_static_memory() to use wc_LoadStaticMemory()
   instead of reimplementing it.
2. Initialize the pointers in wc_LoadStaticMemory() to null.
3. Whitespace changes.
 2024-04-22 08:54:37 -07:00
Sean Parkinson
97d560d9af Fixes from configuration testing 
asn1.c: Allow sample to build without coding (base64 decoding).

set_curves_list(): function for ECC, Ed25519, Ed448 but this block of
code is ECC only. Fixed #ifdef protection.

wolfSSL_CTX_set1_curves_list and wolfSSL_set1_curves_list also available
when Curve25519/Curve448 compiled in but not ECC.
 2024-04-19 08:40:19 +10:00
Sean Parkinson
8e9810e87e ssl.c: Move functions out to separate files 
Moved E[CD][25519||448] APIs to pk.c
Move public key PEM APIs to pk.c.
Move wolfSSL loading and using of private keys and certificates to
ssl_load.c
Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c.
Move session and session cache APIs to ssl_sess.c.
Other minor fixes.
 2024-04-16 10:30:59 +10:00
Daniel Pouzzner
8511b2dc6b ProcessBuffer(): in WOLFSSL_DUAL_ALG_CERTS code path, fall through without disrupting ret, if cert->sapkiOID and cert->sapkiLen are unset. 2024-04-03 13:54:57 -05:00
Anthony Hu
9bfab33726 Address comments from Jacob. 2024-04-03 09:04:28 -04:00
Tobias Frauenschläger
136eaae4f1 Improvements to dual alg certificates 
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
	(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
  file/buffer
* More API support for alternative private keys

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-04-01 17:37:03 -04:00
Daniel Pouzzner
58462840c1 src/ssl.c: add missing cast in wolfSSL_GetSessionFromCache(). 2024-03-28 15:14:19 -05:00
JacobBarthelmeh
9f240bb34c fix for warning of no stdint.h include with uintptr_t 2024-03-14 00:38:02 +07:00
Daniel Pouzzner
321a72c906 misc fixes: 
wolfcrypt/test/test.c: fix gating for verify4 in scrypt_test(), and fix WOLFSSL_SMALL_STACK -Wframe-larger-than=2048 warnings in sha256_test() and sha512_test().

src/ssl.c: fix for true-but-benign nullPointerRedundantCheck in ProcessBufferTryDecodeEd25519().

tests/api.c: fix for -Wmaybe-uninitialized in test_wc_PKCS7_VerifySignedData_RSA() identified via cross-m68k-all-asm.
 2024-03-05 17:44:33 -06:00
Daniel Pouzzner
7fbb209684 ssl.c: in wolfSSL_Init(), fix cppcheck identicalInnerCondition warning on non-FIPS configurations. 2024-03-01 17:54:55 -06:00
Eric Blankenhorn
cf733c306c Merge pull request #7284 from douzzer/20240229-mutex-initializer-global-refactor 
20240229-mutex-initializer-global-refactor
 2024-03-01 16:43:10 -06:00
Daniel Pouzzner
dfbde4514b global refactor of static mutex initialization to use WOLFSSL_MUTEX_INITIALIZER, and adjustment of WOLFSSL_MUTEX_INITIALIZER macro to take an argument, for Linux kernel compatibility. 2024-02-29 02:11:32 -06:00
Sean Parkinson
9addb3e45d SSL: Change other ProcessBufferTryDecode*() 
Ed448, Falcon and Dilithium changed to return 0 when key format is 0.
 2024-02-29 07:37:41 +10:00
Sean Parkinson
b53cc0e98c SSL: Loading bad private key 
Fix ProcessBufferTryDecodeRsa and ProcessBufferTryDecodeEcc to only
clear error when key format isn't known.
 2024-02-28 21:47:45 +10:00
Daniel Pouzzner
daf43cd04f Merge pull request #7260 from kosmas-valianos/missingConst 
Add const in the list of wolfSSL_CTX_set1_groups_list() and wolfSSL_set1_groups_list()
 2024-02-28 00:28:37 -05:00
Juliusz Sosinowicz
4caef93346 Implement transient certs 
Add wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to store.
 2024-02-20 14:33:36 +01:00
Kosmas Valianos
73a6935386 Add const in the list of wolfSSL_CTX_set1_groups_list() and wolfSSL_set1_groups_list() 
aligning with the wolfSSL_CTX_set1_sigalgs_list()/wolfSSL_set1_sigalgs_list() API
 2024-02-20 09:14:39 +01:00
Juliusz Sosinowicz
44de6dfdd3 Return correct values in get_signature APIs and write tests 2024-02-16 11:32:22 +01:00
Juliusz Sosinowicz
6537c7163c Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid 2024-02-16 11:32:04 +01:00
gojimmypi
bf29066d70 Add wolfSSL debug messages 2024-02-08 17:22:36 -08:00
David Garske
dec4caa98f Merge pull request #7206 from julek-wolfssl/gh/7196 
Fix write_dup with chacha-poly
 2024-02-07 08:40:30 -08:00
gojimmypi
10b5c375ef introduce MICRO_SESSION_CACHE, update comments 2024-02-06 14:07:50 -08:00
Juliusz Sosinowicz
5b5d6481de Fix write_dup with chacha-poly 2024-02-02 19:47:25 +01:00
JacobBarthelmeh
0c150d2391 Merge pull request #7150 from dgarske/getenv 
Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV`
 2024-01-22 08:33:24 -08:00
Sean Parkinson
b0d64b419d Merge pull request #7084 from julek-wolfssl/set-cipher-ssl 
Allow SetCipherList to operate on SSL without modifying on SSL_CTX
 2024-01-22 07:31:22 +10:00
David Garske
76550465bd Fixes build with NO_STDIO_FILESYSTEM defined. 2024-01-19 12:49:53 -08:00
David Garske
a4affd9431 Improve use of XGETENV in wolfSSL_RAND_file_name to check for macro. 2024-01-19 12:13:19 -08:00
David Garske
a3a7012c81 Merge pull request #7136 from jpbland1/x509-new-ex 
add heap hint support for a few of the x509 functions
 2024-01-19 09:29:47 -08:00
Juliusz Sosinowicz
1288d71132 Address code review 2024-01-19 15:59:22 +01:00
Juliusz Sosinowicz
afd0e5af4e Refactor haveAnon into useAnon 
(ctx->|ssl->options.)useAnon means that the user has signalled that they want anonymous ciphersuites
 2024-01-19 14:53:33 +01:00
Juliusz Sosinowicz
b8b847bbcf Allow SetCipherList to operate on SSL without modifying on SSL_CTX 2024-01-19 14:53:28 +01:00
David Garske
ac81d9d29c Merge pull request #7110 from Frauschi/pq_secure_element 
PQC: add CryptoCb support for PQC algorithms
 2024-01-18 13:29:28 -08:00
Anthony Hu
9be390250d Adding support for dual key/signature certificates. (#7112) 
Adding support for dual key/signature certificates with X9.146. Enabled with `--enable-dual-alg-certs` or `WOLFSSL_DUAL_ALG_CERTS`.
 2024-01-18 13:20:57 -08:00
Tobias Frauenschläger
8e6d151403 PQC: CryptoCb support for signature algorithms 
Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-01-18 17:02:38 +01:00
John Bland
41ea1109ec update uses of wolfSSL_X509_new and wolfSSL_X509_d2i 
where heap doesn't require a new ex function or struct field to avoid size increase
 2024-01-17 18:46:24 -05:00
John Bland
03f32b623f update based on PR comments 2024-01-17 13:22:58 -05:00
John Bland
d1a3646d5c add heap hint support for a few of the x509 functions 2024-01-17 11:26:52 -05:00
Stanislav Klima
909b437571 cleared ticket and ticketNonce 2024-01-11 19:59:12 +01:00
Stanislav Klima
e63c50b1f3 fixed double free happening during EvictSessionFromCache 2024-01-11 19:52:03 +01:00
David Garske
06a32d3437 Merge pull request #7097 from lealem47/removeUserCrypto 
Remove user-crypto functionality and Intel IPP support
 2024-01-09 17:33:28 -08:00
Sean Parkinson
9e468a900b Merge pull request #7096 from julek-wolfssl/zd/17219 
Add fencing to ClientSessionToSession()
 2024-01-05 07:24:00 +10:00
Juliusz Sosinowicz
5bdcfaa5d0 server: allow reading 0-RTT data after writing 0.5-RTT data 2024-01-04 13:19:44 +01:00
jordan
e175004f85 Fix Infer Uninitialized Values. 2024-01-02 12:16:20 -06:00