Commit Graph

29626 Commits

Author SHA1 Message Date
Daniel Pouzzner d6ead1b3e5 src/tls.c: fix possible null deref in TLSX_UseCertificateStatusRequestV2().
wolfcrypt/src/pkcs12.c: fix possible null deref in PKCS12_CoalesceOctetStrings(), and fix spelling of PKCS12_ConcatenateContent().
2025-01-07 00:00:48 -06:00
Daniel Pouzzner fffafe661a wolfcrypt/src/dh.c: in _DhSetKey(), add short-circuit comparisons to RFC 7919 known-good moduli, preempting overhead from mp_prime_is_prime().
wolfcrypt/test/test.c: in dh_ffdhe_test(), when defined(HAVE_PUBLIC_FFDHE), use wc_DhSetKey_ex() rather than wc_DhSetKey() to exercise the primality check in _DhSetKey().
2025-01-06 14:52:42 -06:00
David Garske 1679218a88 Merge pull request #8333 from SparkiDev/sp_int_rshb_codesonar
SP int: stop CodeSonar complaining about i being negatve
2025-01-06 11:44:32 -08:00
Daniel Pouzzner 5172ff7ee3 wolfcrypt/src/sha512.c: in Sha512FinalRaw() and wc_Sha384FinalRaw(), refactor out the scratch digest -- ByteReverseWords64() is safe in-place, and the scratch digest caused a SEGV in the XMEMCPY() on AVX512-capable targets built with gcc -march=native unless XALIGN(64), due to gcc bug(s). 2025-01-06 11:06:56 -06:00
Sean Parkinson 13ce92cc1f SP int: stop CodeSonar complaining about i being negatve
n is checked for negative and fail out in that case.
i is n devided by a positive constant and can never be negative.
2025-01-06 10:04:14 +10:00
mgrojo 11a40a610e Ada binding: add support for PSK client callback
Tested with:
`wolfSSL/wolfssl-examples/psk/server-psk.c`
after changing `DTLSv1_3_Client_Method` to `DTLSv1_2_Client_Method` to comply with the server example.
2025-01-04 20:03:04 +01:00
Juliusz Sosinowicz 341ed32223 Add bind9 CI testing 2025-01-03 20:47:51 +01:00
David Garske d6440be4a9 Fix for SSL_set_mtu -> wolfSSL_set_mtu_compat return code. Update comment for wolfSSL_is_init_finished indicating it works for TLS and DTLS. 2025-01-03 10:10:37 -08:00
Juliusz Sosinowicz 02e942334b Define WOLFSSL_MAX_SSL_SESSION_ID_LENGTH 2025-01-03 17:09:47 +01:00
Juliusz Sosinowicz 4cc3eec587 Implement wolfSSL_X509_STORE_set_default_paths 2025-01-03 17:09:30 +01:00
Juliusz Sosinowicz 5ee8af2351 wolfSSL_i2o_ECPublicKey: use uncompressed when selected 2025-01-03 14:24:34 +01:00
David Garske 71b7d0c9de Merge pull request #8328 from douzzer/20250102-fips-v6-update-to-5v7v6
20250102-fips-v6-update-to-5v7v6
2025-01-02 16:01:05 -08:00
David Garske 5a6e92c793 Merge pull request #8325 from SparkiDev/aarch64_cpuid_aesgcm_kyber
Aarch64 ASM: Use CPU features for more
2025-01-02 14:51:35 -08:00
kaleb-himes bb482d1881 Order into respective groups 2025-01-02 15:41:47 -07:00
Daniel Pouzzner 7d856aebd0 update FIPS v6 to point to wolfcrypt WCv6.0.0-RC3 (aka v5.7.6-stable) and fips WCv6.0.0-RC3. 2025-01-02 15:42:19 -06:00
Juliusz Sosinowicz 853c108802 update libssh2 version to pass tests 2025-01-02 17:00:57 +01:00
Juliusz Sosinowicz 353986bbf6 fips-check.sh: Update the help output 2025-01-02 12:43:43 +01:00
Sean Parkinson 7d3ee74a71 Aarch64 ASM: Use CPU features for more
AES GCM streaming - fix GHASH_ONE_BLOCK to use CPU feature information.
AES-GCM uses EOR3 (SHA-3 instruction) - split assembly code.
Kyber uses SQRDMLSH - split assembly code.

Changed define from WOLFSSL_AARCH64_NO_SQRMLSH to
WOLFSSL_AARCH64_NO_SQRDMLSH to match instruction.

Improved array data format for inline assembly code.
2025-01-02 19:56:04 +10:00
Daniel Pouzzner 239b85c804 Merge pull request #8323 from JacobBarthelmeh/release
prepare for release 5.7.6
v5.7.6-stable
2024-12-31 11:58:22 -06:00
Juliusz Sosinowicz c3ada2760a Add ntp 4.2.8p17 to tested versions 2024-12-31 17:06:46 +01:00
Juliusz Sosinowicz af96f294fa Add MD4 to EVP layer 2024-12-31 16:58:58 +01:00
JacobBarthelmeh 70e41d1ed1 prepare for release 5.7.6 2024-12-31 08:27:53 -07:00
Juliusz Sosinowicz 3cb2bb3759 OBJ_sn2nid: use correct short names 2024-12-31 12:50:04 +01:00
Daniel Pouzzner d40698a103 Merge pull request #8322 from JacobBarthelmeh/coverity
fix for dead code warning CID444417
2024-12-30 17:56:28 -06:00
JacobBarthelmeh c9bcbd8c52 fix for dead code warning CID444417 2024-12-30 16:14:28 -07:00
David Garske 8d7c60017c Merge pull request #8263 from JacobBarthelmeh/rsa_pss
account for rsa_pss_rsae vs rsa_pss_pss type
2024-12-28 13:47:30 -08:00
JacobBarthelmeh af4b5c2097 only run RSA-PSS interop test if cipher suites with ephemeral keys are available 2024-12-28 11:34:17 -08:00
JacobBarthelmeh 1ae0f7c66f do not do resume with new test case
add wolfssl_no_resume flag to openssl.test

check for version of openssl testing against

check if RSA is supported for test case

guard on test case for TLS versions supported
2024-12-28 02:09:49 -08:00
David Garske 2e8f0176c9 Merge pull request #8316 from JacobBarthelmeh/x509ref
Up X509 refrence count and add test case
2024-12-27 10:37:28 -08:00
JacobBarthelmeh 3ee08d81db fix for check on number of objects when free'ing and add test case 2024-12-27 08:09:03 -08:00
David Garske 5c6fdb52f1 Merge pull request #8319 from philljj/fix_coverity
coverity: correct lock message, check fd value.
2024-12-26 12:53:36 -08:00
JacobBarthelmeh f57f044b39 Merge pull request #8318 from dgarske/CID444418
Fix for finishedSz checking with TLSv1.3 and `WOLFSSL_HAVE_TLS_UNIQUE` (CID444418)
2024-12-24 15:41:25 -07:00
jordan c71392bb7e coverity: correct lock message, check fd value. 2024-12-24 16:31:16 -06:00
David Garske e1baf27831 CID444418. Fix for finishSz checking with TLSv1.3 and WOLFSSL_HAVE_TLS_UNIQUE. 2024-12-24 13:38:57 -08:00
JacobBarthelmeh 17c17cde13 Merge pull request #8317 from night1rider/CID_444416
Free Val and Oid before returning error
2024-12-24 10:38:26 -07:00
JacobBarthelmeh 838fe22e61 Merge pull request #8314 from SparkiDev/aarch64_no_crypto_fallback
Aarch64 ASM: check CPU features before hw crypto instr use
2024-12-24 10:15:23 -07:00
JacobBarthelmeh 98d212d60b Merge pull request #8315 from SparkiDev/regression_fixes_16
Regression testing fixes
2024-12-24 09:56:20 -07:00
msi-debian 545257e498 CID 444416 2024-12-24 09:35:40 -07:00
JacobBarthelmeh 3aa2881cd4 account for rsa_pss_rsae vs rsa_pss_pss type 2024-12-23 23:45:33 -07:00
Sean Parkinson cad2ebde04 Regression testing fixes
test.c: Dilithium private key not available in cert_test.h unless
signing is enabled.
./configure --disable-shared --enable-dilithium=make,44,65,87
./configure --disable-shared --enable-dilithium=make,sign,44,65,87
./configure --disable-shared --enable-dilithium=make,verify,44,65,87
test.c: Dilithium doesn't have decode/encode when
WOLFSSL_DILITHIUM_NO_ASN1 is defined.
./configure --disable-shared --enable-dilithium=yes
CFLAGS=-DWOLFSSL_DILITHIUM_NO_ASN1
2024-12-24 13:55:21 +10:00
Sean Parkinson e1851cd482 Aarch64 ASM: check CPU features before hw crypto instr use
For SHA-256, SHA-512 and SHA3, get the CPU features to see if hardware
crypto is available. If not then fallback to an alternate
implementation.
2024-12-24 12:08:12 +10:00
kaleb-himes 2d01363e57 Remove trailing whitespace on a line 2024-12-23 17:14:38 -07:00
Sean Parkinson 93812e4286 Merge pull request #8289 from JacobBarthelmeh/harden
add option for additional sanity checks
2024-12-24 09:17:08 +10:00
JacobBarthelmeh ee9b88541f change default to no for --enable-faultharden 2024-12-23 13:51:30 -07:00
kaleb-himes 5ad5ba2299 Fix more overlong lines and add one more customer setting 2024-12-23 11:44:56 -07:00
Daniel Pouzzner a13d0fdd86 Merge pull request #8311 from SparkiDev/aarch64_cpuid_fix
Aarch64 CPU id: fix for privilege instruction detection
2024-12-23 11:52:14 -06:00
JacobBarthelmeh 2409971b14 Merge pull request #8224 from julek-wolfssl/dtls-server-demux
DTLS: Add server side stateless and CID QoL API
2024-12-23 10:01:01 -07:00
JacobBarthelmeh 36d5342f6b Merge pull request #8310 from douzzer/20241221-wolfCrypt-more-AES_BLOCK_SIZE
20241221-wolfCrypt-more-AES_BLOCK_SIZE
2024-12-23 09:26:05 -07:00
Sean Parkinson e7d7e47e07 Aarch64 CPU id: fix for privilege instruction detection
AES/PMULL is in four bits 4-7.
When value is 0b0010, this indicates both AES and PMULL. Fix code to set
both.
2024-12-23 11:23:14 +10:00
David Garske 2bcad989da Merge pull request #8309 from douzzer/20241221-fix-CEscape-bounds-check
20241221-fix-CEscape-bounds-check
2024-12-21 14:51:46 -08:00