Daniel Pouzzner
d6ead1b3e5
src/tls.c: fix possible null deref in TLSX_UseCertificateStatusRequestV2().
...
wolfcrypt/src/pkcs12.c: fix possible null deref in PKCS12_CoalesceOctetStrings(), and fix spelling of PKCS12_ConcatenateContent().
2025-01-07 00:00:48 -06:00
Daniel Pouzzner
fffafe661a
wolfcrypt/src/dh.c: in _DhSetKey(), add short-circuit comparisons to RFC 7919 known-good moduli, preempting overhead from mp_prime_is_prime().
...
wolfcrypt/test/test.c: in dh_ffdhe_test(), when defined(HAVE_PUBLIC_FFDHE), use wc_DhSetKey_ex() rather than wc_DhSetKey() to exercise the primality check in _DhSetKey().
2025-01-06 14:52:42 -06:00
David Garske
1679218a88
Merge pull request #8333 from SparkiDev/sp_int_rshb_codesonar
...
SP int: stop CodeSonar complaining about i being negatve
2025-01-06 11:44:32 -08:00
Daniel Pouzzner
5172ff7ee3
wolfcrypt/src/sha512.c: in Sha512FinalRaw() and wc_Sha384FinalRaw(), refactor out the scratch digest -- ByteReverseWords64() is safe in-place, and the scratch digest caused a SEGV in the XMEMCPY() on AVX512-capable targets built with gcc -march=native unless XALIGN(64), due to gcc bug(s).
2025-01-06 11:06:56 -06:00
Sean Parkinson
13ce92cc1f
SP int: stop CodeSonar complaining about i being negatve
...
n is checked for negative and fail out in that case.
i is n devided by a positive constant and can never be negative.
2025-01-06 10:04:14 +10:00
mgrojo
11a40a610e
Ada binding: add support for PSK client callback
...
Tested with:
`wolfSSL/wolfssl-examples/psk/server-psk.c`
after changing `DTLSv1_3_Client_Method` to `DTLSv1_2_Client_Method` to comply with the server example.
2025-01-04 20:03:04 +01:00
Juliusz Sosinowicz
341ed32223
Add bind9 CI testing
2025-01-03 20:47:51 +01:00
David Garske
d6440be4a9
Fix for SSL_set_mtu -> wolfSSL_set_mtu_compat return code. Update comment for wolfSSL_is_init_finished indicating it works for TLS and DTLS.
2025-01-03 10:10:37 -08:00
Juliusz Sosinowicz
02e942334b
Define WOLFSSL_MAX_SSL_SESSION_ID_LENGTH
2025-01-03 17:09:47 +01:00
Juliusz Sosinowicz
4cc3eec587
Implement wolfSSL_X509_STORE_set_default_paths
2025-01-03 17:09:30 +01:00
Juliusz Sosinowicz
5ee8af2351
wolfSSL_i2o_ECPublicKey: use uncompressed when selected
2025-01-03 14:24:34 +01:00
David Garske
71b7d0c9de
Merge pull request #8328 from douzzer/20250102-fips-v6-update-to-5v7v6
...
20250102-fips-v6-update-to-5v7v6
2025-01-02 16:01:05 -08:00
David Garske
5a6e92c793
Merge pull request #8325 from SparkiDev/aarch64_cpuid_aesgcm_kyber
...
Aarch64 ASM: Use CPU features for more
2025-01-02 14:51:35 -08:00
kaleb-himes
bb482d1881
Order into respective groups
2025-01-02 15:41:47 -07:00
Daniel Pouzzner
7d856aebd0
update FIPS v6 to point to wolfcrypt WCv6.0.0-RC3 (aka v5.7.6-stable) and fips WCv6.0.0-RC3.
2025-01-02 15:42:19 -06:00
Juliusz Sosinowicz
853c108802
update libssh2 version to pass tests
2025-01-02 17:00:57 +01:00
Juliusz Sosinowicz
353986bbf6
fips-check.sh: Update the help output
2025-01-02 12:43:43 +01:00
Sean Parkinson
7d3ee74a71
Aarch64 ASM: Use CPU features for more
...
AES GCM streaming - fix GHASH_ONE_BLOCK to use CPU feature information.
AES-GCM uses EOR3 (SHA-3 instruction) - split assembly code.
Kyber uses SQRDMLSH - split assembly code.
Changed define from WOLFSSL_AARCH64_NO_SQRMLSH to
WOLFSSL_AARCH64_NO_SQRDMLSH to match instruction.
Improved array data format for inline assembly code.
2025-01-02 19:56:04 +10:00
Daniel Pouzzner
239b85c804
Merge pull request #8323 from JacobBarthelmeh/release
...
prepare for release 5.7.6
v5.7.6-stable
2024-12-31 11:58:22 -06:00
Juliusz Sosinowicz
c3ada2760a
Add ntp 4.2.8p17 to tested versions
2024-12-31 17:06:46 +01:00
Juliusz Sosinowicz
af96f294fa
Add MD4 to EVP layer
2024-12-31 16:58:58 +01:00
JacobBarthelmeh
70e41d1ed1
prepare for release 5.7.6
2024-12-31 08:27:53 -07:00
Juliusz Sosinowicz
3cb2bb3759
OBJ_sn2nid: use correct short names
2024-12-31 12:50:04 +01:00
Daniel Pouzzner
d40698a103
Merge pull request #8322 from JacobBarthelmeh/coverity
...
fix for dead code warning CID444417
2024-12-30 17:56:28 -06:00
JacobBarthelmeh
c9bcbd8c52
fix for dead code warning CID444417
2024-12-30 16:14:28 -07:00
David Garske
8d7c60017c
Merge pull request #8263 from JacobBarthelmeh/rsa_pss
...
account for rsa_pss_rsae vs rsa_pss_pss type
2024-12-28 13:47:30 -08:00
JacobBarthelmeh
af4b5c2097
only run RSA-PSS interop test if cipher suites with ephemeral keys are available
2024-12-28 11:34:17 -08:00
JacobBarthelmeh
1ae0f7c66f
do not do resume with new test case
...
add wolfssl_no_resume flag to openssl.test
check for version of openssl testing against
check if RSA is supported for test case
guard on test case for TLS versions supported
2024-12-28 02:09:49 -08:00
David Garske
2e8f0176c9
Merge pull request #8316 from JacobBarthelmeh/x509ref
...
Up X509 refrence count and add test case
2024-12-27 10:37:28 -08:00
JacobBarthelmeh
3ee08d81db
fix for check on number of objects when free'ing and add test case
2024-12-27 08:09:03 -08:00
David Garske
5c6fdb52f1
Merge pull request #8319 from philljj/fix_coverity
...
coverity: correct lock message, check fd value.
2024-12-26 12:53:36 -08:00
JacobBarthelmeh
f57f044b39
Merge pull request #8318 from dgarske/CID444418
...
Fix for finishedSz checking with TLSv1.3 and `WOLFSSL_HAVE_TLS_UNIQUE` (CID444418)
2024-12-24 15:41:25 -07:00
jordan
c71392bb7e
coverity: correct lock message, check fd value.
2024-12-24 16:31:16 -06:00
David Garske
e1baf27831
CID444418. Fix for finishSz checking with TLSv1.3 and WOLFSSL_HAVE_TLS_UNIQUE.
2024-12-24 13:38:57 -08:00
JacobBarthelmeh
17c17cde13
Merge pull request #8317 from night1rider/CID_444416
...
Free Val and Oid before returning error
2024-12-24 10:38:26 -07:00
JacobBarthelmeh
838fe22e61
Merge pull request #8314 from SparkiDev/aarch64_no_crypto_fallback
...
Aarch64 ASM: check CPU features before hw crypto instr use
2024-12-24 10:15:23 -07:00
JacobBarthelmeh
98d212d60b
Merge pull request #8315 from SparkiDev/regression_fixes_16
...
Regression testing fixes
2024-12-24 09:56:20 -07:00
msi-debian
545257e498
CID 444416
2024-12-24 09:35:40 -07:00
JacobBarthelmeh
3aa2881cd4
account for rsa_pss_rsae vs rsa_pss_pss type
2024-12-23 23:45:33 -07:00
Sean Parkinson
cad2ebde04
Regression testing fixes
...
test.c: Dilithium private key not available in cert_test.h unless
signing is enabled.
./configure --disable-shared --enable-dilithium=make,44,65,87
./configure --disable-shared --enable-dilithium=make,sign,44,65,87
./configure --disable-shared --enable-dilithium=make,verify,44,65,87
test.c: Dilithium doesn't have decode/encode when
WOLFSSL_DILITHIUM_NO_ASN1 is defined.
./configure --disable-shared --enable-dilithium=yes
CFLAGS=-DWOLFSSL_DILITHIUM_NO_ASN1
2024-12-24 13:55:21 +10:00
Sean Parkinson
e1851cd482
Aarch64 ASM: check CPU features before hw crypto instr use
...
For SHA-256, SHA-512 and SHA3, get the CPU features to see if hardware
crypto is available. If not then fallback to an alternate
implementation.
2024-12-24 12:08:12 +10:00
kaleb-himes
2d01363e57
Remove trailing whitespace on a line
2024-12-23 17:14:38 -07:00
Sean Parkinson
93812e4286
Merge pull request #8289 from JacobBarthelmeh/harden
...
add option for additional sanity checks
2024-12-24 09:17:08 +10:00
JacobBarthelmeh
ee9b88541f
change default to no for --enable-faultharden
2024-12-23 13:51:30 -07:00
kaleb-himes
5ad5ba2299
Fix more overlong lines and add one more customer setting
2024-12-23 11:44:56 -07:00
Daniel Pouzzner
a13d0fdd86
Merge pull request #8311 from SparkiDev/aarch64_cpuid_fix
...
Aarch64 CPU id: fix for privilege instruction detection
2024-12-23 11:52:14 -06:00
JacobBarthelmeh
2409971b14
Merge pull request #8224 from julek-wolfssl/dtls-server-demux
...
DTLS: Add server side stateless and CID QoL API
2024-12-23 10:01:01 -07:00
JacobBarthelmeh
36d5342f6b
Merge pull request #8310 from douzzer/20241221-wolfCrypt-more-AES_BLOCK_SIZE
...
20241221-wolfCrypt-more-AES_BLOCK_SIZE
2024-12-23 09:26:05 -07:00
Sean Parkinson
e7d7e47e07
Aarch64 CPU id: fix for privilege instruction detection
...
AES/PMULL is in four bits 4-7.
When value is 0b0010, this indicates both AES and PMULL. Fix code to set
both.
2024-12-23 11:23:14 +10:00
David Garske
2bcad989da
Merge pull request #8309 from douzzer/20241221-fix-CEscape-bounds-check
...
20241221-fix-CEscape-bounds-check
2024-12-21 14:51:46 -08:00