wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 08:02:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,940 Commits 12 Branches 184 Tags
a2eddc889f01a038072da18851483dc8dfacdee2
Commit Graph

8492 Commits

Author SHA1 Message Date
Koji Takeda
2f01c9d715 Detect unknown key format 2025-04-03 18:36:05 +09:00
Daniel Pouzzner
6d92dae632 configure.ac: add support for --enable-aesni-with-avx/USE_INTEL_SPEEDUP_FOR_AES (AESNI+AVX, but only for AES modes). 
linuxkm/lkcapi_glue.c: implement WC_LINUXKM_C_FALLBACK_IN_SHIMS, km_AesGet(), and km_AesFree().

src/include.am: add missing gates for AES-GCM and AES-XTS asm.

wolfcrypt/src/aes_xts_asm.S and wolfssl/wolfcrypt/sp_int.h: don't redefine HAVE_INTEL_AVX2.
 2025-04-02 17:00:48 -05:00
Daniel Pouzzner
0cea9c09f7 src/internal.c: fix -Wdeclaration-after-statement in ProcessCSR_ex(). 2025-03-22 23:51:59 -05:00
Daniel Pouzzner
1e89002762 fix various -Wdeclaration-after-statements, and add 
-Wdeclaration-after-statement to .github/workflows/pq-all.yml.

rearrange code/gating in wolfcrypt/src/wc_mlkem.c:mlkemkey_encapsulate() for
  clarity and to fix a -Wdeclaration-after-statement.

also, made mlkem_encapsulate_c() and mlkem_encapsulate() return error code
  (currently always zero) rather than void, for consistency.

configure.ac: fix Kyber/ML-KEM option setup.
 2025-03-21 15:46:44 -05:00
David Garske
9a3ea6fd73 Merge pull request #8568 from embhorn/msvs_pqc_build 
Fix MSVS build issues with PQC config
 2025-03-21 12:41:19 -07:00
Eric Blankenhorn
f663ed28b6 Fix MSVS build issues with PQC config 2025-03-21 11:49:55 -05:00
jordan
7c831263c8 coverity: unchecked return value in EchHashHelloInner. 2025-03-21 08:48:45 -04:00
David Garske
18ac695bb2 Merge pull request #8556 from SparkiDev/ech-config-control 
ECH: generate multiple configs and rotate echConfigs
 2025-03-20 17:05:43 -07:00
David Garske
86b01bddd8 Merge pull request #8428 from miyazakh/qt_jenkins 
Fix Qt Nightly Jenkins failure
 2025-03-20 17:03:03 -07:00
David Garske
01910a60aa Merge pull request #8542 from anhu/dual_alg_crit_ext 
Allow critical alt and basic constraints extensions
 2025-03-20 16:15:42 -07:00
David Garske
2c36ae268f Merge pull request #8536 from SparkiDev/kyber_to_mlkem 
Update Kyber APIs to ML-KEM APIs
 2025-03-20 11:07:53 -07:00
Eric Blankenhorn
ffe4420d19 Fix missing alert types in AlertTypeToString 2025-03-19 16:35:50 -05:00
Daniel Pouzzner
87c0ac90b8 configure.ac: 
* sense assert.h and define WOLFSSL_HAVE_ASSERT_H accordingly.
* force off enable_aesgcm_stream if 32 bit armasm or riscv-asm (not yet implemented or buildable).
* add AM_CONDITIONAL([BUILD_CHACHA_NOASM, ...]) when --enable-chacha=noasm.

src/include.am: gate armasm/riscv_asm chacha files on !BUILD_CHACHA_NOASM.

tests/api.c: add missing HAVE_CHACHA&&HAVE_POLY1305 gate around test_TLSX_CA_NAMES_bad_extension().

wolfcrypt/src/chacha.c: tweak WOLFSSL_ARMASM and WOLFSSL_RISCV_ASM codepaths to also depend on !NO_CHACHA_ASM.

wolfssl/wolfcrypt/types.h: in setup for wc_static_assert(), #include <assert.h> if WOLFSSL_HAVE_ASSERT_H, >=C11, or >=C++11.
 2025-03-13 23:17:57 -05:00
Hideki Miyazaki
9188e0a801 fix PR test failures 2025-03-13 09:48:34 +09:00
Hideki Miyazaki
b39c2206d7 modified client chain at server side 
added unit test
 2025-03-13 09:39:13 +09:00
Hideki Miyazaki
d6c0184fda fix qt jenkins failure 2025-03-13 09:39:13 +09:00
Sean Parkinson
74454715ec ECH: generate multiple configs and rotate echConfigs 
Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs, add
functions to rotate the server's echConfigs.
 2025-03-13 10:24:53 +10:00
Anthony Hu
b608946549 Guard fix. 2025-03-10 17:32:58 -04:00
John Bland
c48b4f2d86 add missing echX NULL check 2025-03-10 11:11:27 -04:00
John Bland
9b65bc22f1 fix uninitialized variable error 2025-03-10 10:18:48 -04:00
John Bland
a344ba1eb2 add missing echConfigs check 2025-03-10 09:35:40 -04:00
John Bland
1fd952d6d0 fix bad ech transaction hash calculations 2025-03-10 09:12:13 -04:00
John Bland
8ff08740f8 Merge branch 'master' into ech-hello-retry 2025-03-10 03:37:27 -04:00
Sean Parkinson
a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
Anthony Hu
f8506c3e04 Allow critical alt and basic constraints extensions 
Also properly track pathlen.
 2025-03-07 13:06:06 -05:00
Daniel Pouzzner
058014b3eb src/ssl.c: add missing !NO_WOLFSSL_SERVER gate around wolfSSL_get_servername(). 2025-02-28 19:07:03 -06:00
Daniel Pouzzner
d6b5c8e8ee src/ssl_asn1.c: fix misspelling cause by overbroad search+replace. 2025-02-28 18:25:41 -06:00
Daniel Pouzzner
50a3be6df7 wolfcrypt/src/sp_int.c. src/ssl_asn1.c. src/internal.c: rename several declarations to avoid shadowing global functions, for the convenience of obsolete (pre-4v8) gcc -Wshadow. 2025-02-28 15:29:58 -06:00
Daniel Pouzzner
f7b911f5cd src/ssl.c, src/internal.c: fix leak in wolfSSL_get_ciphers_compat(): fix gating (OPENSSL_EXTRA, not OPENSSL_ALL) in FreeSuites() re .suitesStack and .clSuitesStack, and similarly fix gating on the implementation of wolfSSL_sk_SSL_CIPHER_free(() and related. 
src/ssl_sess: suppress false positive clang-analyzer-unix.Malloc "Argument to 'free()' is the address of a global variable".
 2025-02-28 15:23:43 -06:00
Sean Parkinson
4f8a39cbcf Merge pull request #8498 from rizlik/ocsp_fixes 
OCSP openssl compat fixes
 2025-02-28 13:42:50 +10:00
Marco Oliverio
83f5644549 ocsp: Fix OcspEncodeCertID SetAlgoID return check 2025-02-27 19:38:44 +00:00
Marco Oliverio
814f0f8a09 Refactor CERT_ID encoding as per review comments 2025-02-27 12:50:37 +00:00
Daniel Pouzzner
f7ddc49487 linuxkm/linuxkm_wc_port.h: add #error if the user tries to use the kernel crypto fuzzer with FIPS AES-XTS (kernel bug). 
src/internal.c: fix shiftTooManyBitsSigned in DefTicketEncCb().

tests/api/test_sha256.c and wolfssl/wolfcrypt/sha256.h: gate raw transform APIs (wc_Sha256Transform(), wc_Sha256FinalRaw()) and tests on !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH).

move enum wc_HashFlags from wolfssl/wolfcrypt/hash.h to wolfssl/wolfcrypt/types.h to resolve circular dependency detected by cross-armv7m-armasm-thumb-fips-140-3-dev-sp-asm-all-crypto-only.

add FIPS_VERSION_GE(7,0) gates to new null-arg tests in test_wc_Shake{128,256}_*().

optimize ByteReverseWords() for cases where only one operand is unaligned, and add correct handling of unaligned data in ByteReverseWords64() to resolve unaligned access sanitizer report in cross-aarch64_be-all-sp-asm-unittest-sanitizer.
 2025-02-26 20:55:56 -06:00
Sean Parkinson
a0d6afbb04 Merge pull request #8505 from jmalak/ow-fixes 
various fixes for Open Watcom build
 2025-02-27 10:31:19 +10:00
David Garske
512f928650 Fix cast warnings with g++. 2025-02-26 14:45:23 -08:00
Tobias Frauenschläger
75d63071df Fix memory leak in handshake 
Make sure peer dilithium keys are properly freed.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-26 15:34:00 +01:00
Tobias Frauenschläger
491e70be7a PSK fix 
Fix compilation in case PSK is enabled, not Session tickets are
disabled.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-26 15:33:59 +01:00
Tobias Frauenschläger
be6888c589 Fixes for Dilithium in TLS handshake 
Some fixes to better handle Dilithium keys and signatures in the TLS
handshake.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-26 15:33:59 +01:00
Marco Oliverio
5f05209c77 ocsp: fix wolfSSL_d2i_OCSP_CERTID 2025-02-25 22:22:43 +00:00
Jiri Malak
ddfbbc68ac various fixes for Open Watcom build 
- fix build for OS/2
- fix build for Open Watcom 1.9
 2025-02-25 22:52:36 +01:00
David Garske
bac6771828 Merge pull request #8499 from SparkiDev/crl_list_fix 
CRL: fix memory allocation failure leaks
 2025-02-25 09:54:55 -08:00
David Garske
4eda5e1f7f Merge pull request #8491 from jmalak/winsock-guard 
correct comment for _WINSOCKAPI_ macro manipulation
 2025-02-25 09:51:23 -08:00
Daniel Pouzzner
0589a34f91 Merge pull request #8135 from gasbytes/fix-conversion 
Fix conversion on various files
 2025-02-25 10:01:31 -06:00
Marco Oliverio
3bd4b35657 ocsp: support CERT_ID encoding in i2d_OCSP_CERTID 2025-02-25 15:45:11 +00:00
Marco Oliverio
4016120f37 ocsp: populate digest type in cert_to_id 
- Added validation for digest type in `wolfSSL_OCSP_cert_to_id` function.
- Defined `OCSP_DIGEST` based on available hash types.
- Set `hashAlgoOID` in `certId` based on `OCSP_DIGEST`.
- Updated `asn.h` to define `OCSP_DIGEST` and `OCSP_DIGEST_SIZE` based on
  available hash types.
 2025-02-25 15:42:44 +00:00
Reda Chouk
9178c53f79 Fix: Address and clean up code conversion in various files. 2025-02-25 11:17:58 +01:00
Sean Parkinson
6f268c4369 CRL: fix memory allocation failure leaks 
On memory allocation failure, some functions were leaking memory.

Also add reference counting to CRL object so that a deep copy of a list
of CRLs doesn't leak memory.
The test was explicitly freeing each CRL in the list.
 2025-02-25 09:05:03 +10:00
Tobias Frauenschläger
fd8f6e168b PQC Clang-tidy fixes 
Fixes two clang-tidy warnings in error cases.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-24 09:28:23 +01:00
Daniel Pouzzner
0116ab6ca2 Merge pull request #8484 from jmalak/offsetof 
Rename OFFSETOF macro to WolfSSL specific WC_OFFSETOF name
 2025-02-23 14:45:43 -06:00
Jiri Malak
d066e6b9a5 correct comment for _WINSOCKAPI_ macro manipulation 
The issue is with MINGW winsock2.h header file which is not compatible
with Miscrosoft version and handle _WINSOCKAPI_ macro differently
 2025-02-23 11:15:38 +01:00