wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 14:02:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,212 Commits 12 Branches 184 Tags
93812e4286bff2caff702eccff404d84852d4b7e
Commit Graph

24212 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sean Parkinson
93812e4286 Merge pull request #8289 from JacobBarthelmeh/harden 
add option for additional sanity checks
 2024-12-24 09:17:08 +10:00
JacobBarthelmeh
ee9b88541f change default to no for --enable-faultharden 2024-12-23 13:51:30 -07:00
Daniel Pouzzner
a13d0fdd86 Merge pull request #8311 from SparkiDev/aarch64_cpuid_fix 
Aarch64 CPU id: fix for privilege instruction detection
 2024-12-23 11:52:14 -06:00
JacobBarthelmeh
2409971b14 Merge pull request #8224 from julek-wolfssl/dtls-server-demux 
DTLS: Add server side stateless and CID QoL API
 2024-12-23 10:01:01 -07:00
JacobBarthelmeh
36d5342f6b Merge pull request #8310 from douzzer/20241221-wolfCrypt-more-AES_BLOCK_SIZE 
20241221-wolfCrypt-more-AES_BLOCK_SIZE
 2024-12-23 09:26:05 -07:00
Sean Parkinson
e7d7e47e07 Aarch64 CPU id: fix for privilege instruction detection 
AES/PMULL is in four bits 4-7.
When value is 0b0010, this indicates both AES and PMULL. Fix code to set
both.
 2024-12-23 11:23:14 +10:00
David Garske
2bcad989da Merge pull request #8309 from douzzer/20241221-fix-CEscape-bounds-check 
20241221-fix-CEscape-bounds-check
 2024-12-21 14:51:46 -08:00
Daniel Pouzzner
50a0773c09 Merge pull request #8285 from LinuxJedi/gaisler 
Add initial support for Gaisler-BCC with Sparc
 2024-12-21 11:03:39 -06:00
Daniel Pouzzner
ed18bf3deb In wolfcrypt/src/port/ and IDE/, replace remaining uses of AES_BLOCK_SIZE with WC_AES_BLOCKSIZE for compatibility with OPENSSL_COEXIST. 
Automated replacement with
```
git ls-files -z wolfcrypt/src/port/ IDE/ | xargs -0 pcre2grep -l '[^_]AES_BLOCK_SIZE' | xargs sed --regexp-extended --in-place 's/([^_])AES_BLOCK_SIZE/\1WC_AES_BLOCK_SIZE/g'
```

Checked for mis-transformations with
```
git ls-files -z | xargs -0 pcre2grep '[^-[()+*/[:space:]]WC_AES_BLOCK_SIZE' | less
```

Checked for residual hits with
```
git ls-files -z | xargs -0 pcre2grep '[^_]AES_BLOCK_SIZE' | less
```

Deliberately excluded:
* ChangeLog.md -- do not alter history.
* doc/ -- do not confuse documentation with newly prefixed macro, because AES_BLOCK_SIZE is available unless -DOPENSSL_COEXIST.
* tests/api.c -- the unit tests deliberately use compatibility names, and are not compatible with -DOPENSSL_COEXIST.
* wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs -- false positive hits on C# names.
* wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs -- false positive hits on C# names.
* reference in wolfssl/wolfcrypt/aes.h that defines AES_BLOCK_SIZE when -UOPENSSL_COEXIST.
* reference in wolfssl/wolfcrypt/settings.h that defines WC_AES_BLOCK_SIZE for old FIPS when -UWC_AES_BLOCK_SIZE.
 2024-12-21 10:28:18 -06:00
Daniel Pouzzner
4ff73b9024 wolfssl/wolfcrypt/aes.h: fix stray reference to AES_BLOCK_SIZE in def for GHASH_ONE_BLOCK(). 2024-12-21 10:08:17 -06:00
Daniel Pouzzner
33a47c1c04 Merge pull request #8265 from JacobBarthelmeh/armasm 
armasm with opensslcoexist build
 2024-12-21 10:06:27 -06:00
Daniel Pouzzner
b07f2cb461 wolfcrypt/src/coding.c: fix incorrect array bounds check in CEscape(), introduced in 8bbe8a7c8a (before which there was no bounds check at all). 2024-12-21 09:47:07 -06:00
Andrew Hutchings
231cea34ef Add initial support for Gaisler-BCC with Sparc 
Slight modifications and documentation to get wolfSSL working with
Gaisler Sparc CPUs and their cross-compilers.
 2024-12-21 09:19:58 +00:00
Daniel Pouzzner
ad20593569 Merge pull request #8279 from LinuxJedi/sk_push_comments 
Fix code comments for some x509.c functions
 2024-12-21 00:09:18 -06:00
Daniel Pouzzner
67800c3a22 Merge pull request #8292 from JacobBarthelmeh/xsocktlen 
set dk-s7g2 socklent
 2024-12-21 00:01:33 -06:00
Daniel Pouzzner
5ef4732745 Merge pull request #8299 from JacobBarthelmeh/cert_regen 
end of year test certificate renewal
 2024-12-20 17:41:33 -06:00
Daniel Pouzzner
9d3e477b63 src/ssl.c: gate wolfSSL_dtls_set_pending_peer() on !defined(WOLFSSL_NO_SOCK), not just defined(WOLFSSL_DTLS_CID). 
tests/api.c: in test_dtls12_basic_connection_id(), omit chacha20 suites if defined(HAVE_FIPS), and fix gate on DHE-PSK-NULL-SHA256.
 2024-12-20 17:24:13 -06:00
Daniel Pouzzner
afc7e0eb8c Merge pull request #8308 from cconlon/sessTickLenCheck 
Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check
 2024-12-20 16:41:09 -06:00
JacobBarthelmeh
961453b5ee fix for free'ing up memory after use 2024-12-20 14:58:57 -07:00
JacobBarthelmeh
b273bff4e9 regenerate certs_test.h with raw dilithium keys 2024-12-20 11:50:11 -07:00
JacobBarthelmeh
67f3343a5d Merge pull request #8306 from SparkiDev/kyber_no_avx2_fix 
ML-KEM/Kyber: fix kyber_prf() for when no AVX2
 2024-12-20 11:40:46 -07:00
JacobBarthelmeh
7cebe95138 Merge pull request #8304 from SparkiDev/regression_fixes_15 
Regression testing: fixes
 2024-12-20 11:29:15 -07:00
JacobBarthelmeh
3dd9f4631d Merge pull request #8305 from kareem-wolfssl/zd19044 
Fix a couple of missing bounds checks found via code analyzer.
 2024-12-20 11:20:19 -07:00
JacobBarthelmeh
19e68ea71a add a faketime test and update cert buffers 2024-12-20 10:35:58 -07:00
Chris Conlon
f68f99b000 Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check 2024-12-20 09:48:01 -07:00
Sean Parkinson
e507c466d5 ML-KEM/Kyber: fix kyber_prf() for when no AVX2 
When no AVX2 available, kyber_prf() is called to produce more than one
SHAKE-256 blocks worth of ouput. Otherwise only one block is needed.
Changed function to support an outlen of greater than one block.
 2024-12-20 11:03:58 +10:00
Kareem
8bbe8a7c8a Fix a couple of missing bounds checks found via code analyzer. 2024-12-19 17:01:25 -07:00
Sean Parkinson
b7c1e1cf35 Regression testing: fixes 
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.

wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'

tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'

tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
 2024-12-20 09:25:03 +10:00
Sean Parkinson
00f83facb2 Merge pull request #8302 from cconlon/sessTickLenCheck 
Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side
 2024-12-20 08:44:10 +10:00
JacobBarthelmeh
8ca790218c certs_test.h is using raw dilithium keys 2024-12-19 15:23:37 -07:00
Daniel Pouzzner
ad8f74b650 examples/client/client.c and examples/client/client.c: use XSTRLCPY() to assure proper null termination. 2024-12-19 16:14:59 -06:00
JacobBarthelmeh
8fa238e554 Merge pull request #8301 from douzzer/20241219-gating-fixes 
20241219-gating-fixes
 2024-12-19 14:38:55 -07:00
JacobBarthelmeh
5b6ffe0795 add *.revoked to codespell skip 2024-12-19 14:35:43 -07:00
JacobBarthelmeh
abc87f9c6f add regression test for gencertbuf.pl 2024-12-19 14:32:46 -07:00
Chris Conlon
1101841b95 Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side 2024-12-19 14:26:22 -07:00
JacobBarthelmeh
e66905aaf6 fix for gencertbuf script and add dilithium public key 2024-12-19 14:25:12 -07:00
Daniel Pouzzner
994f218fcb src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL. 
configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO.
 2024-12-19 14:29:39 -06:00
Juliusz Sosinowicz
ca4b1667ee strcpy -> strncpy 2024-12-19 11:19:47 +01:00
Juliusz Sosinowicz
feff68d4fd Increase buffer to make room for \0 2024-12-19 11:01:27 +01:00
Daniel Pouzzner
836ee1cbd5 Merge pull request #8298 from lealem47/zd18920 
Printing the rfc822Mailbox x509 attribute
 2024-12-18 22:19:32 -06:00
Daniel Pouzzner
ed76d8ea10 Merge pull request #8297 from miyazakh/ra_jankins 
Fix RA6M4 jankins failure
 2024-12-18 22:18:43 -06:00
Daniel Pouzzner
be2e779280 Merge pull request #8205 from philljj/fedora_crypto_policy 
fedora crypto-policies: initial support.
 2024-12-18 20:54:36 -06:00
JacobBarthelmeh
a5f9ec67c9 Merge pull request #8251 from gojimmypi/pr-post-release-bdd62314-espressif 
Espressif Managed Component wolfSSL 5.7.4 post-release update
 2024-12-18 16:45:33 -07:00
JacobBarthelmeh
df3897d39f adjust tests after cert renewal 2024-12-18 16:19:51 -07:00
JacobBarthelmeh
e998dda1db update test certs to have v3 2024-12-18 16:12:08 -07:00
JacobBarthelmeh
4ed14af331 if no extensions are present a v1 certificate was generated, add a SKID extension to avoid that 2024-12-18 16:11:18 -07:00
jordan
b5c47d27e0 fedora crypto-policies: initial support. 2024-12-18 16:56:36 -06:00
JacobBarthelmeh
bf6ef15be4 update test certificates in header file 2024-12-18 14:27:26 -07:00
JacobBarthelmeh
28184dd8cc update certificates in certs directory 2024-12-18 14:26:15 -07:00
David Garske
afff48f0d6 Merge pull request #8253 from douzzer/20241204-more-C89-expansion 
20241204-more-C89-expansion
 2024-12-18 10:44:18 -08:00