Commit Graph

7608 Commits

Author SHA1 Message Date
JacobBarthelmeh eb1fff3ad3 Merge pull request #7141 from julek-wolfssl/zd/17249
EarlySanityCheckMsgReceived: version_negotiated should always be checked
2024-01-22 12:18:57 -08:00
JacobBarthelmeh 0c150d2391 Merge pull request #7150 from dgarske/getenv
Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV`
2024-01-22 08:33:24 -08:00
JacobBarthelmeh 2617669302 Merge pull request #7152 from douzzer/20240120-multi-test-fixes
20240120-multi-test-fixes
2024-01-22 08:19:23 -08:00
Sean Parkinson d2d653cfdc Merge pull request #7145 from douzzer/20240119-DoTls13CertificateVerify-CreateSigData-error-handling
20240119-DoTls13CertificateVerify-CreateSigData-error-handling
2024-01-22 07:36:49 +10:00
Sean Parkinson b0d64b419d Merge pull request #7084 from julek-wolfssl/set-cipher-ssl
Allow SetCipherList to operate on SSL without modifying on SSL_CTX
2024-01-22 07:31:22 +10:00
Daniel Pouzzner 2edd18c49d src/x509.c: fix nullPointerRedundantCheck in wolfSSL_X509V3_set_ctx(). also adds thorough WOLFSSL_MSG() coverage for failures. 2024-01-20 13:08:21 -06:00
David Garske 76550465bd Fixes build with NO_STDIO_FILESYSTEM defined. 2024-01-19 12:49:53 -08:00
David Garske a4affd9431 Improve use of XGETENV in wolfSSL_RAND_file_name to check for macro. 2024-01-19 12:13:19 -08:00
David Garske a3a7012c81 Merge pull request #7136 from jpbland1/x509-new-ex
add heap hint support for a few of the x509 functions
2024-01-19 09:29:47 -08:00
Daniel Pouzzner 9aa99c0c9a src/tls13.c: in DoTls13CertificateVerify(), add missing error handling in several calls to CreateSigData(). 2024-01-19 11:12:23 -06:00
John Bland 66f04958e3 use wolfSSL_CTX_new_ex for heap hint support 2024-01-19 11:20:50 -05:00
Juliusz Sosinowicz 1288d71132 Address code review 2024-01-19 15:59:22 +01:00
Juliusz Sosinowicz f6ef146149 EarlySanityCheckMsgReceived: version_negotiated should always be checked
Multiple handshake messages in one record will fail the MsgCheckBoundary() check on the client side when the client is set to TLS 1.3 but allows downgrading.
  --> ClientHello
  <-- ServerHello + rest of TLS 1.2 flight
  Client returns OUT_OF_ORDER_E because in TLS 1.3 the ServerHello has to be the last message in a record. In TLS 1.2 the ServerHello can be in the same record as the rest of the server's first flight.
2024-01-19 14:57:35 +01:00
Juliusz Sosinowicz afd0e5af4e Refactor haveAnon into useAnon
(ctx->|ssl->options.)useAnon means that the user has signalled that they want anonymous ciphersuites
2024-01-19 14:53:33 +01:00
Juliusz Sosinowicz b8b847bbcf Allow SetCipherList to operate on SSL without modifying on SSL_CTX 2024-01-19 14:53:28 +01:00
David Garske ac81d9d29c Merge pull request #7110 from Frauschi/pq_secure_element
PQC: add CryptoCb support for PQC algorithms
2024-01-18 13:29:28 -08:00
Anthony Hu 9be390250d Adding support for dual key/signature certificates. (#7112)
Adding support for dual key/signature certificates with X9.146. Enabled with `--enable-dual-alg-certs` or `WOLFSSL_DUAL_ALG_CERTS`.
2024-01-18 13:20:57 -08:00
Tobias Frauenschläger 4d259da60a PQC: CryptoCb support for KEM algorithm Kyber
Add support for crypto callback and device id for all three Kyber PQC KEM
function calls.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-01-18 17:02:49 +01:00
Tobias Frauenschläger 8e6d151403 PQC: CryptoCb support for signature algorithms
Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-01-18 17:02:38 +01:00
John Bland 41ea1109ec update uses of wolfSSL_X509_new and wolfSSL_X509_d2i
where heap doesn't require a new ex function or struct field to avoid size increase
2024-01-17 18:46:24 -05:00
Daniel Pouzzner 64667a5595 src/crl.c: fix "null pointer passed as argument 2" in new XMEMCPY() call in WC_RSA_PSS path of DupCRL_Entry(), added in b140f93b17, detected by gcc 14.0.0_pre20240107 p15 with sanitizers. 2024-01-17 13:38:05 -06:00
John Bland 03f32b623f update based on PR comments 2024-01-17 13:22:58 -05:00
John Bland d1a3646d5c add heap hint support for a few of the x509 functions 2024-01-17 11:26:52 -05:00
David Garske 089468fbf1 Merge pull request #7132 from ejohnstown/x25519-ecdhe-psk
ECDHE-PSK with x25519
2024-01-16 20:16:01 -08:00
David Garske 11029127df Merge pull request #7119 from JacobBarthelmeh/crl
support for RSA-PSS signatures with CRL
2024-01-16 15:23:16 -08:00
John Safranek 746ffac84a ECDHE-PSK with x25519
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
   is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
2024-01-16 15:18:05 -08:00
JacobBarthelmeh b140f93b17 refactor sigParams allocation and adjust test file name 2024-01-16 14:41:24 -07:00
JacobBarthelmeh 114d11a8d8 adding RSA-PSS macro guard around CRL use 2024-01-15 15:33:01 -07:00
Stanislav Klima 909b437571 cleared ticket and ticketNonce 2024-01-11 19:59:12 +01:00
Stanislav Klima e63c50b1f3 fixed double free happening during EvictSessionFromCache 2024-01-11 19:52:03 +01:00
Sean Parkinson 8c6de41eb9 Merge pull request #7051 from JacobBarthelmeh/mb
fix and enhancement for AES-GCM use with Xilsecure
2024-01-12 03:44:43 +10:00
David Garske 06a32d3437 Merge pull request #7097 from lealem47/removeUserCrypto
Remove user-crypto functionality and Intel IPP support
2024-01-09 17:33:28 -08:00
JacobBarthelmeh cd07e32b13 update crl files and add in compat support for RSA-PSS 2024-01-08 16:38:11 -08:00
JacobBarthelmeh 74f0625c89 add native asn template RSA-PSS support with CRL 2024-01-05 14:25:12 -08:00
Daniel Pouzzner d5d476a3a1 Merge pull request #7113 from bandi13/codeSonarFixes
Leak
2024-01-05 12:38:17 -05:00
Andras Fekete f84fa8dd8d Uninitialized variable
Warning 581199.5810097
2024-01-04 17:13:28 -05:00
Daniel Pouzzner 7f53bcc4d0 fixes for clang-tidy reported defects and misstylings --with-liboqs:
* readability-named-parameter (style)
* bugprone-sizeof-expression (true bugs)
* clang-analyzer-deadcode.DeadStores (true bugs)
* clang-analyzer-core.NonNullParamChecker (true bug)
* clang-diagnostic-newline-eof (style)
* clang-diagnostic-shorten-64-to-32 (true but benign in practice)

fixes for sanitizer reported defects --with-liboqs: null pointer memcpy()s in TLSX_KeyShare_GenPqcKey() and server_generate_pqc_ciphertext().

fixes for silent crypto-critical failure in wolfSSL_liboqsGetRandomData(): refactor to accommodate oversize numOfBytes, and abort() if wc_RNG_GenerateBlock() returns failure.
2024-01-04 15:57:09 -06:00
Sean Parkinson 9e468a900b Merge pull request #7096 from julek-wolfssl/zd/17219
Add fencing to ClientSessionToSession()
2024-01-05 07:24:00 +10:00
Juliusz Sosinowicz 14c812cdb7 Code review
Add server side check
2024-01-04 13:19:44 +01:00
Juliusz Sosinowicz 5bdcfaa5d0 server: allow reading 0-RTT data after writing 0.5-RTT data 2024-01-04 13:19:44 +01:00
Daniel Pouzzner 9db20774d8 Merge pull request #7099 from jpbland1/tls13-bounds-check
TLS13 padding bounds check
2024-01-04 01:09:36 -05:00
John Bland b37716f5ce refactor and remove word16 index 2024-01-03 19:19:13 -05:00
John Bland 245c87fe8f clean up variable definitions 2024-01-03 17:39:20 -05:00
John Bland e1435e96d2 do bounds check on full word32 size to match
inputBuffer length
2024-01-03 17:21:08 -05:00
Daniel Pouzzner bcfaf0372c Merge pull request #7026 from Frauschi/liboqs
Improve liboqs integration
2024-01-03 16:20:26 -05:00
Sean Parkinson 52db533d9b Merge pull request #7106 from bandi13/20231114-codesonar-fixes
20231114 codesonar fixes
2024-01-04 07:16:33 +10:00
Daniel Pouzzner 7e60b029c2 Merge branch 'master' into liboqs 2024-01-03 15:56:05 -05:00
Andras Fekete e5d8ce9983 Fix memset size 2024-01-03 11:09:20 -05:00
Andras Fekete d164a6c543 Buffer Overrun
Warning 545843.5806721
2024-01-03 10:00:31 -05:00
Andras Fekete c404df78b1 Uninitialized variable
Warning 581196.3236230
2024-01-03 09:59:18 -05:00