wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 20:42:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,129 Commits 12 Branches 184 Tags
7a0bcb05fb808bf72f7e00d24a40887d68c4bd38
Commit Graph

22129 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Safranek
7a0bcb05fb Generic Memory Pools 
1. Add checks for listSz against WOLFMEM_MAX_BUCKETS.
2. Use WOLFMEM_DEF_BUCKETS for the size when using the default memory
   descriptions.
3. Whitespace.
 2024-04-22 08:54:40 -07:00
John Safranek
15a0ae4244 Generic Memory Pools 
1. Add generic function wolfSSL_StaticBufferSz_ex() where one specifies
   the memory bucket list sizes and distribution.
2. Rewrote wolfSSL_StaticBufferSz() in terms of the new function.
3. Changed the list pointers on wc_LoadStaticMemory_ex() and
   wc_init_memory_heap() to be pointers to const.
 2024-04-22 08:54:40 -07:00
John Safranek
7481644842 Generic Memory Pools 
1. Add the function wc_LoadStaticMemory_ex(), which is a generic version
   of wc_LoadStaticMemory().
2. Modify wc_LoadStaticMemory() to call wc_LoadStaticMemory_ex() with
   the bucket lists.
3. Rename the function wolfSSL_load_static_memory() as
   wc_partition_static_memory(), make it static, move it higher in the file.
 2024-04-22 08:54:40 -07:00
John Safranek
2168b154b6 Generic Memory Pools 
1. Modify wolfSSL_CTX_load_static_memory() to use wc_LoadStaticMemory()
   instead of reimplementing it.
2. Initialize the pointers in wc_LoadStaticMemory() to null.
3. Whitespace changes.
 2024-04-22 08:54:37 -07:00
Sean Parkinson
b17ad46b30 Merge pull request #7458 from douzzer/20240422-wc_SRTCP_KDF_ex-Wconversion 
20240422-wc_SRTCP_KDF_ex-Wconversion
 2024-04-22 21:30:14 +10:00
Daniel Pouzzner
44e8f392ae wolfcrypt/src/kdf.c: fix -Wconversions in wc_SRTCP_KDF_ex(). 2024-04-22 01:11:46 -05:00
Sean Parkinson
5bb22d8343 Merge pull request #7439 from JacobBarthelmeh/build_test 
fix for WOLFSSL_NO_PEM build
 2024-04-22 10:48:57 +10:00
Sean Parkinson
e1b66ca62d Merge pull request #7407 from mrdeep1/key_share 
Handle PSK-Only negotiation with key_share not being sent in Server Hello
 2024-04-22 10:45:56 +10:00
Sean Parkinson
cfe645ca70 Merge pull request #7455 from kaleb-himes/SRTCP-48bit-indices 
Srtcp 48bit indices
 2024-04-22 10:43:07 +10:00
Sean Parkinson
eeadb2a7f3 Merge pull request #7457 from douzzer/20240420-wc_linuxkm_fpu_state_assoc-fixups 
20240420-wc_linuxkm_fpu_state_assoc-fixups
 2024-04-22 10:39:55 +10:00
Daniel Pouzzner
0a4eb1fbc7 linuxkm/linuxkm_memory.c: require kernel 5.4+ for AESNI/AVX, and add fixup code in wc_linuxkm_fpu_state_assoc_unlikely() to cope with migrations. in save_vector_registers_x86(), on kernel < 5.17, check test_thread_flag(TIF_NEED_FPU_LOAD) as a workaround for irq_fpu_usable() missing check for in_kernel_fpu. 2024-04-20 13:55:37 -05:00
JacobBarthelmeh
78670f5098 Merge pull request #7453 from douzzer/20240419-wolfSSL_CTX_SetTmpDH-double-free 
20240419-wolfSSL_CTX_SetTmpDH-double-free
 2024-04-19 13:48:37 -06:00
kaleb-himes
4b1edc78bb Add test case 2024-04-19 13:16:19 -06:00
kaleb-himes
e835517633 SRTCP 32-bit indices default plus errata 48-bit indices 2024-04-19 12:31:08 -06:00
JacobBarthelmeh
69be7a7c54 Merge pull request #7431 from lealem47/aes_cfb 
Fix for AES-CFB1 encrypt/decrypt on size (8*x-1) bits
 2024-04-19 10:55:27 -06:00
JacobBarthelmeh
a63ff277ed Merge pull request #7452 from douzzer/20240419-linuxkm-intelasm-expansion 
20240419-linuxkm-intelasm-expansion
 2024-04-19 10:46:11 -06:00
Daniel Pouzzner
39e2405e2f src/ssl_load.c: fix double-free in wolfSSL_CTX_SetTmpDH(). 2024-04-19 11:43:32 -05:00
JacobBarthelmeh
5f9ed54aaa Merge pull request #7451 from SparkiDev/test_fixes_1 
Fixes from configuration testing
 2024-04-19 10:43:31 -06:00
JacobBarthelmeh
c7f852fbbd Merge pull request #7450 from anhu/reneg_indic 
check for conflicting secure renegotiation macros (settings.h)
 2024-04-19 10:41:26 -06:00
JacobBarthelmeh
9242f611b2 Merge pull request #7449 from lealem47/nginx_stubs 
Adding stubs required for latest nginx
 2024-04-19 10:38:17 -06:00
Jon Shallow
7b22681287 Handle PSK-Only negotiation with key_share not being sent in Server Hello 
The wrong cipher suite is potentially chosen if key_share is not seen by the client.

$ cat /tmp/test
Client_identitySHA256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

Server:
$ gnutls-serv --http --priority NORMAL:+ECDHE-PSK:+PSK:+ECDHE-ECDSA:+AES-128-CCM-8:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL:+SHA256 --pskpasswd=/tmp/test

Client:
$ examples/client/client -vd -g -s -p 5556 2>&1| grep HTTP
 2024-04-19 17:14:28 +01:00
Daniel Pouzzner
0264a518e1 wolfcrypt/src/ed25519.c: in ed25519_pairwise_consistency_test(), add casts to mollify -Wconversion. 2024-04-19 01:41:35 -05:00
Daniel Pouzzner
28480ec0ea linuxkm/Kbuild: add SHA-2, SHA-3, ChaCha20, and poly1305, to kernel-safe vectorized-asm list. 2024-04-19 01:35:45 -05:00
Daniel Pouzzner
85f3fb9d07 Merge pull request #7409 from SparkiDev/asm_x64_rip_fix 
SHA-256 x64 ASM - fix use of %rip
 2024-04-19 02:33:47 -04:00
Sean Parkinson
d2b9a365f2 ChaCha20 and Poly1305 x64 ASM - fixu use of %rip 
Get the address of the constants into a register at start instead of
calculating the address relative to the instruction pointer each time.
 2024-04-19 09:59:54 +10:00
Sean Parkinson
97d560d9af Fixes from configuration testing 
asn1.c: Allow sample to build without coding (base64 decoding).

set_curves_list(): function for ECC, Ed25519, Ed448 but this block of
code is ECC only. Fixed #ifdef protection.

wolfSSL_CTX_set1_curves_list and wolfSSL_set1_curves_list also available
when Curve25519/Curve448 compiled in but not ECC.
 2024-04-19 08:40:19 +10:00
Lealem Amedie
7a7af18887 Guard with OPENSSL_EXTRA instead of WOLFSSL_NGINX 2024-04-18 16:33:37 -06:00
Anthony Hu
85326da7fc check for conflicting HAVE_RENEGOTIATION_INDICATION and HAVE_SECURE_RENEGOTIATION in settings.h 2024-04-18 17:51:33 -04:00
JacobBarthelmeh
fe671f72e1 Merge pull request #7435 from SparkiDev/ssl_misc_fixup 
ssl_misc.c: wolfssl_file_len() protection
 2024-04-18 14:36:38 -06:00
JacobBarthelmeh
ef153101b7 Merge pull request #7433 from SparkiDev/eddsa_fips_checks 
EdDSA FIPS checks on public key
 2024-04-18 14:34:31 -06:00
JacobBarthelmeh
9666e4d7e4 Merge pull request #7448 from douzzer/20240418-pq-hybrid-fixes 
20240418-pq-hybrid-fixes
 2024-04-18 14:31:27 -06:00
Daniel Pouzzner
e48f06bd53 fixes for WOLFSSL_DUAL_ALG_CERTS: "cannot take address of bit-field ‘altKeyType’" and "‘altPrivateKeyType’" in ProcessBufferTryDecode(), "‘heap’ undeclared" in ProcessBufferCertAltPublicKey(), "‘consumed’ undeclared" in ProcessFile(), "‘keySz’ undeclared" in wolfSSL_CTX_use_PrivateKey_Id(). 2024-04-18 13:49:44 -05:00
Lealem Amedie
a1cf316630 Adding stubs required for latest nginx 2024-04-18 12:28:31 -06:00
Lealem Amedie
295033441c Fix for AES-CFB1 encrypt/decrypt on size (8*x-1) bits 2024-04-18 11:31:28 -06:00
kaleb-himes
0bd5967093 Adjust FIPS version and default configuration 2024-04-18 08:41:05 -06:00
Sean Parkinson
08b42b7c93 Merge pull request #7443 from douzzer/20240418-fix-aes_xts_128_test-DEBUG_VECTOR_REGISTER_ACCESS 
20240418-fix-aes_xts_128_test-DEBUG_VECTOR_REGISTER_ACCESS
 2024-04-18 21:10:40 +10:00
Daniel Pouzzner
436efb0078 wolfcrypt/test/test.c: in aes_xts_128_test(), change DEBUG_VECTOR_REGISTER_ACCESS gates to DEBUG_VECTOR_REGISTER_ACCESS_AESXTS (currently unused), after refactor of AES-XTS C fallback in 9f55dba2f2. (per-call fallback is no longer supported for AES-XTS.) 2024-04-18 00:59:03 -05:00
JacobBarthelmeh
41f31f4635 Merge pull request #7440 from douzzer/20240417-fix-LoadSystemCaCertsWindows 
20240417-fix-LoadSystemCaCertsWindows
 2024-04-17 15:47:48 -06:00
JacobBarthelmeh
58167a2ebb Merge pull request #7434 from douzzer/20240416-fips-v6-fixes 
20240416-fips-v6-fixes
 2024-04-17 13:52:35 -06:00
Daniel Pouzzner
6e3a9d5447 src/ssl_load.c: in LoadSystemCaCertsWindows(), fix flub introduced in 8e9810e87e. 2024-04-17 13:24:26 -05:00
JacobBarthelmeh
c2e60d523f fix for WOLFSSL_NO_PEM build 2024-04-17 11:16:18 -06:00
Sean Parkinson
593cb77e51 ssl_misc.c: wolfssl_file_len() protection 
wolfssl_file_len is now used by wolfssl_read_file_static() which is
compiled in with less restrictions.
Fix #ifdef protection.
 2024-04-17 22:44:13 +10:00
Sean Parkinson
c590fe514f EdDSA FIPS checks on public key 
Check that the Ed25519 and Ed448 public key is valid even without
private key.
Perform pairwise consistency test, only in FIPS, when making a key i
Ed25519 and Ed448.
 2024-04-17 17:50:33 +10:00
Daniel Pouzzner
3df11e7eab fixes for cppcheck uninitvar src/pk.c (false positives) and nullPointerRedundantCheck in src/ssl_load.c (true positive). 2024-04-17 01:00:41 -05:00
Daniel Pouzzner
fac834c80a configure.ac: in setup for enable-all and enable-all-crypto with enable-32bit, fix inconsistency whereby SHAKE was enabled but SHA512 and SHA3 weren't; remove unneeded+unwanted ENABLED_32BIT conditional force-off of SHA512, SHA384, SHA3, ED25519 (harmonizes with FIPS v6). 2024-04-17 00:43:41 -05:00
Daniel Pouzzner
d0edb3d0a9 scripts/aria-cmake-build-test.sh: fix masked exit value. 2024-04-17 00:43:41 -05:00
Daniel Pouzzner
855175da47 wolfcrypt/src/fe_448.c: fix several out-of-order declarations in fe448_mul_8(). 2024-04-17 00:43:41 -05:00
Daniel Pouzzner
9f55dba2f2 wolfcrypt/src/aes.c: in AES-XTS AESNI, use cautious strategy as in AESGCM_STREAM for SAVE_VECTOR_REGISTERS, due to random failures seen with DEBUG_VECTOR_REGISTER_ACCESS_FUZZING using the old per-call fallback strategy. 2024-04-17 00:43:41 -05:00
Daniel Pouzzner
b2f594e84b fixes for --enable-32bit CFLAGS=-m32 --enable-fips=v6 (fixes "#error ED448 requires SHAKE256"). 2024-04-17 00:43:41 -05:00
JacobBarthelmeh
03ed52bd81 Merge pull request #7297 from SparkiDev/ssl_move_5 
ssl.c: Move functions out to separate files
 2024-04-16 17:56:55 -06:00