JacobBarthelmeh
8946e3fb4b
Merge pull request #7702 from rizlik/ocspv2
...
ocsp stapling improvements
2024-07-05 10:29:25 -06:00
Marco Oliverio
053170613a
fixup! csrv2multi: pending ca list
2024-07-05 15:26:41 +00:00
JacobBarthelmeh
5ca9b2f8a4
Merge pull request #7712 from SparkiDev/kyber_ml_kem
...
KYBER/ML-KEM: make ML-KEM available
2024-07-05 09:15:08 -06:00
JacobBarthelmeh
e6fbe25398
Merge pull request #7711 from SparkiDev/dilithium_kats
...
Dilithium: Add KATs and fix key generation
2024-07-04 19:40:08 -06:00
Sean Parkinson
1fd9f2af91
KYBER/ML-KEM: make ML-KEM available
...
Added ML-KEM instead of Kyber implementation with WOLFSSL_ML_KEM.
Tests added from NIST for ML-KEM operations.
2024-07-04 23:51:23 +10:00
Sean Parkinson
387f36657c
Dilithium: Add KATs and fix key generation
...
Add KATs from NIST and fix key generation to produce output of KATs.
2024-07-04 22:22:11 +10:00
Marco Oliverio
3e58cfd864
fixup! ocsp: improvements
2024-07-04 10:21:20 +02:00
Marco Oliverio
fe932b893c
fixup! csrv2multi: pending ca list
2024-07-04 10:21:20 +02:00
JacobBarthelmeh
1c23d2222c
Merge pull request #7693 from philljj/zd18204
...
Fixes ZD 18204: check hashsigalgo matches ssl suites.
2024-07-03 17:12:43 -06:00
jordan
f7f3ba9c76
check hashsigalgo matches ssl suites on client side.
2024-07-03 11:59:18 -05:00
JacobBarthelmeh
ba1eedb46b
Merge pull request #7697 from SparkiDev/arm32_ldrd_strd_fix
...
ARM32 SHA-3 ASM: fix ldrd/strd for ARMv6
2024-07-02 17:18:06 -06:00
JacobBarthelmeh
d7b0aa92cb
Merge pull request #7694 from SparkiDev/sp_x64_asm_fix_3
...
SP Intel x64 ASM: fix get_from_table ASM
2024-07-02 17:13:49 -06:00
JacobBarthelmeh
6409b68b21
Merge pull request #7698 from dgarske/asan_compat_list
...
Fix ASAN warning with compatibility layer cipher list parsing
2024-07-02 17:12:38 -06:00
JacobBarthelmeh
4ff0af79c7
Merge pull request #7705 from aidangarske/SHA3-cryptocb
...
Sha3.c wc_Sha3Update and wc_Sha3Final Hash Type Change
2024-07-02 17:11:01 -06:00
JacobBarthelmeh
a490d4fdf7
Merge pull request #7628 from SparkiDev/alert_after_ch
...
TLS: wrong TLS version in alert after ClientHello
2024-07-02 17:10:24 -06:00
JacobBarthelmeh
5aca239714
Merge pull request #7692 from gasbytes/sni-csharp-wrapper-patch
...
Sni csharp wrapper patch
2024-07-02 16:49:31 -06:00
aidan garske
804f25d76b
Sha3.c wc_Sha3Update and wc_Sha3Final changes so that hash type is determined in the processing functions.
2024-07-02 10:32:57 -07:00
Marco Oliverio
9222cb1304
ocsp: improvements
2024-07-02 09:51:34 +02:00
Marco Oliverio
b5206e8504
csrv2multi: pending ca list
2024-07-02 09:51:34 +02:00
Juliusz Sosinowicz
7814e4c264
DoCertificateStatus: Clean up logic in WOLFSSL_CSR2_OCSP_MULTI
2024-07-02 01:29:44 +02:00
Juliusz Sosinowicz
dabfad9f6c
Fix ocsp stapling test 2
2024-07-02 01:29:44 +02:00
JacobBarthelmeh
32066373c2
Merge pull request #7695 from dgarske/compat_realloc
...
Fixes for building the compatibility layer with no realloc
2024-07-01 11:37:52 -06:00
JacobBarthelmeh
bbf3bb4bf4
Merge pull request #7699 from SparkiDev/regression_fixes_13
...
Regression testing: fix compilation for unusual configs
2024-07-01 11:02:46 -06:00
Sean Parkinson
1e3f623ff3
Regression testing: fix compilation for unusual configs
...
Disable ECC but have OPENSSL_EXTRA and curve25519 - fix #ifdef
protection in ssl.c.
tests/api.c:
SSL_SESSION_get_max_fragment_length is not available when no session
cache.
ASN1 APIs using generalized time disabled when NO_ASN_TIME defined so
disable tests.
2024-07-01 21:52:56 +10:00
Sean Parkinson
45442db047
ARM32 SHA-3 ASM: fix ldrd/strd for ARMv6
...
LDRD/STRD not available with ARMv6 and the alternative is two ldr/str
operations. Pointer was 64-bits causing second ldr/str to be 8 bytes
passed first and not 4 bytes. Fixed in asm to add 4 rather than index.
2024-07-01 15:23:53 +10:00
jordan
7dfef18cf4
Refactor unneeded PickHashSigAlgo_ex function.
2024-06-28 18:32:13 -05:00
JacobBarthelmeh
98a5a4c201
Merge pull request #7660 from julek-wolfssl/zd/18188
...
wolfSSL_get_SSL_CTX: Make parameter const
2024-06-28 16:40:06 -06:00
David Garske
7faf0dccc7
Fix for ASAN warning with compatibility layer lists in ParseCipherList and CheckcipherList (ZD 18175). Add test case for ASAN to trigger NULL + 1 warning. Cleanup messy WOLFSSL_TIRTOS in api.c.
2024-06-28 15:26:40 -07:00
David Garske
2fd7a2e4ae
Fix for test.c memcb_test and missing XREALLOC.
2024-06-28 15:25:01 -07:00
JacobBarthelmeh
80d4f71eb9
Merge pull request #7683 from SparkiDev/def_ticket_cb_inlen
...
SSL default ticket encryption callback: check in len on decrypt
2024-06-28 16:04:58 -06:00
JacobBarthelmeh
4913289ce5
Merge pull request #7696 from SparkiDev/dilithium_fix_2
...
Dilithium: fixes
2024-06-28 16:00:05 -06:00
Sean Parkinson
864a9d0598
Dilithium: fixes
...
TLS uses DER API now and needs to be protected with the right #ifdefs.
Do the right check of size in wc_Dilithium_PrivateKeyDecode().
Don't require public key when doing private DER.
2024-06-28 10:55:16 +10:00
David Garske
2a86ca43f8
Fixes for building the compatibility layer with WOLFSSL_NO_REALLOC. Tested using ./configure --enable-opensslextra CFLAGS="-DWOLFSSL_NO_REALLOC".
...
Improve benchmark FreeRTOS default tick rate logic. For example Xilinx FreeRTOS uses 10ms tick (not default 1ms), so include `configTICK_RATE_HZ` in calculation if available.
Fix test.c warning around too many parens with no realloc.
2024-06-27 16:02:28 -07:00
Sean Parkinson
4dc52484f6
SP Intel x64 ASM: fix get_from_table ASM
...
Use movdqu instead of vmovdqu so that function works on SSE2 only CPUs.
2024-06-28 07:42:56 +10:00
JacobBarthelmeh
85552d0fc8
Merge pull request #7662 from julek-wolfssl/enable-WOLFSSL_RSA_KEY_CHECK
...
Enable WOLFSSL_RSA_KEY_CHECK with OPENSSLALL
2024-06-27 09:49:00 -06:00
jordan
107cc82a06
Fixes ZD 18204: check hashsigalgo matches ssl suites.
2024-06-27 10:45:02 -05:00
JacobBarthelmeh
c047e55b92
Merge pull request #7687 from douzzer/20240626-EvictSessionFromCache-ticketNonce-data-leak
...
20240626-EvictSessionFromCache-ticketNonce-data-leak
2024-06-27 09:41:42 -06:00
gasbytes
91cad98d67
1023 <- 1024, changed buffer to textmate
2024-06-27 17:35:43 +02:00
JacobBarthelmeh
5420c1a081
Merge pull request #7689 from douzzer/20240626-linuxkm-cp-no-clobber
...
20240626-linuxkm-cp-no-clobber
2024-06-27 09:32:24 -06:00
JacobBarthelmeh
7691bb6a2a
Merge pull request #7690 from SparkiDev/regression_fixes_12
...
Regression testing: memory allocation failure
2024-06-27 09:32:00 -06:00
gasbytes
97adb4be6e
fixed wolfSSL_SNI_GetFromBuffer
2024-06-27 17:03:05 +02:00
Juliusz Sosinowicz
f66e5a52bd
wolfSSL_get_SSL_CTX: Make parameter const
2024-06-27 15:48:46 +02:00
gasbytes
6dd43caae9
wolfSSL_SNI_GetRequest working, fixing up wolfSSL_SNI_GetFromBuffer
2024-06-27 15:05:02 +02:00
Sean Parkinson
4d56cc1790
Regression testing: memory allocation failure
...
Fixes from memory allocation failure testing.
Also:
fix asn.c to have ifdef protection around code compiled in with dual
algorithm certificates.
fix test_tls13_rpk_handshake() to support no TLS 1.2 or no TLS 1.3.
fix wc_xmss_sigsleft() to initialize the index to avoid compilation
error.
2024-06-27 17:17:53 +10:00
Daniel Pouzzner
ae0d40b119
linuxkm/Makefile: use old/deprecated cp --no-clobber rather than newfangled cp --update=none in libwolfssl.ko recipe, for compatibility with older cp (pre-coreutils-9.3 of 2023-04-18). note that coreutils-9.5 restores the behavior of --no-clobber pre-9.2, whereby skips of existing files are non-errors.
2024-06-26 17:58:29 -05:00
Daniel Pouzzner
4d43dbf83b
src/ssl_sess.c: in EvictSessionFromCache(), free session->ticketNonce.data if it was dynamically allocated. fixes memory leak via wolfSSL_Cleanup().
2024-06-26 14:15:42 -05:00
Daniel Pouzzner
474b8a0673
Merge pull request #7682 from SparkiDev/dilithium_fix_1
...
Dilithium: fix public and private key decode
2024-06-26 00:03:03 -04:00
Takashi Kojo
3d7583e743
Merge pull request #7684 from kojo1/pk-fix
...
Fix in pk.c
2024-06-26 11:33:38 +09:00
Takashi Kojo
72b6074b93
Fixes in pk.c
2024-06-26 08:47:41 +09:00
Sean Parkinson
6d0dc7f2e7
SSL default ticket encryption callback: check in len on decrypt
...
Make sure that the length of the data to decrypt is correct for the
default ticket encryption implementation.
2024-06-26 08:21:17 +10:00