wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 19:42:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,530 Commits 12 Branches 184 Tags
916c22e021bc92774642ac191fa58b356dd460b4
Commit Graph

7603 Commits

Author SHA1 Message Date
JacobBarthelmeh
2617669302 Merge pull request #7152 from douzzer/20240120-multi-test-fixes 
20240120-multi-test-fixes
 2024-01-22 08:19:23 -08:00
Sean Parkinson
d2d653cfdc Merge pull request #7145 from douzzer/20240119-DoTls13CertificateVerify-CreateSigData-error-handling 
20240119-DoTls13CertificateVerify-CreateSigData-error-handling
 2024-01-22 07:36:49 +10:00
Sean Parkinson
b0d64b419d Merge pull request #7084 from julek-wolfssl/set-cipher-ssl 
Allow SetCipherList to operate on SSL without modifying on SSL_CTX
 2024-01-22 07:31:22 +10:00
Daniel Pouzzner
2edd18c49d src/x509.c: fix nullPointerRedundantCheck in wolfSSL_X509V3_set_ctx(). also adds thorough WOLFSSL_MSG() coverage for failures. 2024-01-20 13:08:21 -06:00
David Garske
a3a7012c81 Merge pull request #7136 from jpbland1/x509-new-ex 
add heap hint support for a few of the x509 functions
 2024-01-19 09:29:47 -08:00
Daniel Pouzzner
9aa99c0c9a src/tls13.c: in DoTls13CertificateVerify(), add missing error handling in several calls to CreateSigData(). 2024-01-19 11:12:23 -06:00
John Bland
66f04958e3 use wolfSSL_CTX_new_ex for heap hint support 2024-01-19 11:20:50 -05:00
Juliusz Sosinowicz
1288d71132 Address code review 2024-01-19 15:59:22 +01:00
Juliusz Sosinowicz
afd0e5af4e Refactor haveAnon into useAnon 
(ctx->|ssl->options.)useAnon means that the user has signalled that they want anonymous ciphersuites
 2024-01-19 14:53:33 +01:00
Juliusz Sosinowicz
b8b847bbcf Allow SetCipherList to operate on SSL without modifying on SSL_CTX 2024-01-19 14:53:28 +01:00
David Garske
ac81d9d29c Merge pull request #7110 from Frauschi/pq_secure_element 
PQC: add CryptoCb support for PQC algorithms
 2024-01-18 13:29:28 -08:00
Anthony Hu
9be390250d Adding support for dual key/signature certificates. (#7112) 
Adding support for dual key/signature certificates with X9.146. Enabled with `--enable-dual-alg-certs` or `WOLFSSL_DUAL_ALG_CERTS`.
 2024-01-18 13:20:57 -08:00
Tobias Frauenschläger
4d259da60a PQC: CryptoCb support for KEM algorithm Kyber 
Add support for crypto callback and device id for all three Kyber PQC KEM
function calls.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-01-18 17:02:49 +01:00
Tobias Frauenschläger
8e6d151403 PQC: CryptoCb support for signature algorithms 
Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-01-18 17:02:38 +01:00
John Bland
41ea1109ec update uses of wolfSSL_X509_new and wolfSSL_X509_d2i 
where heap doesn't require a new ex function or struct field to avoid size increase
 2024-01-17 18:46:24 -05:00
Daniel Pouzzner
64667a5595 src/crl.c: fix "null pointer passed as argument 2" in new XMEMCPY() call in WC_RSA_PSS path of DupCRL_Entry(), added in b140f93b17, detected by gcc 14.0.0_pre20240107 p15 with sanitizers. 2024-01-17 13:38:05 -06:00
John Bland
03f32b623f update based on PR comments 2024-01-17 13:22:58 -05:00
John Bland
d1a3646d5c add heap hint support for a few of the x509 functions 2024-01-17 11:26:52 -05:00
David Garske
089468fbf1 Merge pull request #7132 from ejohnstown/x25519-ecdhe-psk 
ECDHE-PSK with x25519
 2024-01-16 20:16:01 -08:00
David Garske
11029127df Merge pull request #7119 from JacobBarthelmeh/crl 
support for RSA-PSS signatures with CRL
 2024-01-16 15:23:16 -08:00
John Safranek
746ffac84a ECDHE-PSK with x25519 
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
   is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
 2024-01-16 15:18:05 -08:00
JacobBarthelmeh
b140f93b17 refactor sigParams allocation and adjust test file name 2024-01-16 14:41:24 -07:00
JacobBarthelmeh
114d11a8d8 adding RSA-PSS macro guard around CRL use 2024-01-15 15:33:01 -07:00
Stanislav Klima
909b437571 cleared ticket and ticketNonce 2024-01-11 19:59:12 +01:00
Stanislav Klima
e63c50b1f3 fixed double free happening during EvictSessionFromCache 2024-01-11 19:52:03 +01:00
Sean Parkinson
8c6de41eb9 Merge pull request #7051 from JacobBarthelmeh/mb 
fix and enhancement for AES-GCM use with Xilsecure
 2024-01-12 03:44:43 +10:00
David Garske
06a32d3437 Merge pull request #7097 from lealem47/removeUserCrypto 
Remove user-crypto functionality and Intel IPP support
 2024-01-09 17:33:28 -08:00
JacobBarthelmeh
cd07e32b13 update crl files and add in compat support for RSA-PSS 2024-01-08 16:38:11 -08:00
JacobBarthelmeh
74f0625c89 add native asn template RSA-PSS support with CRL 2024-01-05 14:25:12 -08:00
Daniel Pouzzner
d5d476a3a1 Merge pull request #7113 from bandi13/codeSonarFixes 
Leak
 2024-01-05 12:38:17 -05:00
Andras Fekete
f84fa8dd8d Uninitialized variable 
Warning 581199.5810097
 2024-01-04 17:13:28 -05:00
Daniel Pouzzner
7f53bcc4d0 fixes for clang-tidy reported defects and misstylings --with-liboqs: 
* readability-named-parameter (style)
* bugprone-sizeof-expression (true bugs)
* clang-analyzer-deadcode.DeadStores (true bugs)
* clang-analyzer-core.NonNullParamChecker (true bug)
* clang-diagnostic-newline-eof (style)
* clang-diagnostic-shorten-64-to-32 (true but benign in practice)

fixes for sanitizer reported defects --with-liboqs: null pointer memcpy()s in TLSX_KeyShare_GenPqcKey() and server_generate_pqc_ciphertext().

fixes for silent crypto-critical failure in wolfSSL_liboqsGetRandomData(): refactor to accommodate oversize numOfBytes, and abort() if wc_RNG_GenerateBlock() returns failure.
 2024-01-04 15:57:09 -06:00
Sean Parkinson
9e468a900b Merge pull request #7096 from julek-wolfssl/zd/17219 
Add fencing to ClientSessionToSession()
 2024-01-05 07:24:00 +10:00
Juliusz Sosinowicz
14c812cdb7 Code review 
Add server side check
 2024-01-04 13:19:44 +01:00
Juliusz Sosinowicz
5bdcfaa5d0 server: allow reading 0-RTT data after writing 0.5-RTT data 2024-01-04 13:19:44 +01:00
Daniel Pouzzner
9db20774d8 Merge pull request #7099 from jpbland1/tls13-bounds-check 
TLS13 padding bounds check
 2024-01-04 01:09:36 -05:00
John Bland
b37716f5ce refactor and remove word16 index 2024-01-03 19:19:13 -05:00
John Bland
245c87fe8f clean up variable definitions 2024-01-03 17:39:20 -05:00
John Bland
e1435e96d2 do bounds check on full word32 size to match 
inputBuffer length
 2024-01-03 17:21:08 -05:00
Daniel Pouzzner
bcfaf0372c Merge pull request #7026 from Frauschi/liboqs 
Improve liboqs integration
 2024-01-03 16:20:26 -05:00
Sean Parkinson
52db533d9b Merge pull request #7106 from bandi13/20231114-codesonar-fixes 
20231114 codesonar fixes
 2024-01-04 07:16:33 +10:00
Daniel Pouzzner
7e60b029c2 Merge branch 'master' into liboqs 2024-01-03 15:56:05 -05:00
Andras Fekete
e5d8ce9983 Fix memset size 2024-01-03 11:09:20 -05:00
Andras Fekete
d164a6c543 Buffer Overrun 
Warning 545843.5806721
 2024-01-03 10:00:31 -05:00
Andras Fekete
c404df78b1 Uninitialized variable 
Warning 581196.3236230
 2024-01-03 09:59:18 -05:00
jordan
e175004f85 Fix Infer Uninitialized Values. 2024-01-02 12:16:20 -06:00
JacobBarthelmeh
567243d257 touch up autoconf build with xilinx and sp macro guards 2024-01-02 08:50:59 -08:00
Daniel Pouzzner
b17ec3b4bc cppcheck-2.13.0 mitigations peer review: 
* add explanation in DoSessionTicket() re autoVariables.
* re-refactor ECC_KEY_MAX_BITS() in ecc.c to use two separate macros, ECC_KEY_MAX_BITS() with same definition as before, and ECC_KEY_MAX_BITS_NONULLCHECK().
* in rsip_vprintf() use XVSNPRINTF() not vsnprintf().
* in types.h, fix fallthrough definition of WC_INLINE macro in !NO_INLINE cascade to be WC_MAYBE_UNUSED as it is when NO_INLINE.
 2023-12-28 16:38:47 -06:00
Daniel Pouzzner
44b18de704 fixes for cppcheck-2.13.0 --force: 
* fix null pointer derefs in wc_InitRsaKey_Id() and wc_InitRsaKey_Label() (nullPointerRedundantCheck).
* fix use of wrong printf variant in rsip_vprintf() (wrongPrintfScanfArgNum).
* fix wrong printf format in bench_xmss_sign_verify() (invalidPrintfArgType_sint).
* add missing WOLFSSL_XFREE_NO_NULLNESS_CHECK variants of XFREE() (WOLFSSL_LINUXKM, FREESCALE_MQX, FREESCALE_KSDK_MQX).
* suppress false-positive uninitvar on "limit" in CheckTLS13AEADSendLimit().
* suppress true-but-benign-positive autoVariables in DoClientHello().
* in wolfcrypt/src/ecc.c, refactor ECC_KEY_MAX_BITS() as a local function to resolve true-but-benign-positive identicalInnerCondition.
* refactor flow in wc_ecc_sign_hash_ex() to resolve true-but-benign-positive identicalInnerCondition.
 2023-12-28 15:06:21 -06:00
Daniel Pouzzner
457188f55e Merge pull request #7070 from dgarske/cryptocb_moreinfo 
Fixes for TLS with crypto callbacks
 2023-12-27 18:55:56 -05:00