Commit Graph

29626 Commits

Author SHA1 Message Date
Daniel Pouzzner 50a0773c09 Merge pull request #8285 from LinuxJedi/gaisler
Add initial support for Gaisler-BCC with Sparc
2024-12-21 11:03:39 -06:00
Daniel Pouzzner ed18bf3deb In wolfcrypt/src/port/ and IDE/, replace remaining uses of AES_BLOCK_SIZE with WC_AES_BLOCKSIZE for compatibility with OPENSSL_COEXIST.
Automated replacement with
```
git ls-files -z wolfcrypt/src/port/ IDE/ | xargs -0 pcre2grep -l '[^_]AES_BLOCK_SIZE' | xargs sed --regexp-extended --in-place 's/([^_])AES_BLOCK_SIZE/\1WC_AES_BLOCK_SIZE/g'
```

Checked for mis-transformations with
```
git ls-files -z | xargs -0 pcre2grep '[^-[()+*/[:space:]]WC_AES_BLOCK_SIZE' | less
```

Checked for residual hits with
```
git ls-files -z | xargs -0 pcre2grep '[^_]AES_BLOCK_SIZE' | less
```

Deliberately excluded:
* ChangeLog.md -- do not alter history.
* doc/ -- do not confuse documentation with newly prefixed macro, because AES_BLOCK_SIZE is available unless -DOPENSSL_COEXIST.
* tests/api.c -- the unit tests deliberately use compatibility names, and are not compatible with -DOPENSSL_COEXIST.
* wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs -- false positive hits on C# names.
* wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs -- false positive hits on C# names.
* reference in wolfssl/wolfcrypt/aes.h that defines AES_BLOCK_SIZE when -UOPENSSL_COEXIST.
* reference in wolfssl/wolfcrypt/settings.h that defines WC_AES_BLOCK_SIZE for old FIPS when -UWC_AES_BLOCK_SIZE.
2024-12-21 10:28:18 -06:00
Daniel Pouzzner 4ff73b9024 wolfssl/wolfcrypt/aes.h: fix stray reference to AES_BLOCK_SIZE in def for GHASH_ONE_BLOCK(). 2024-12-21 10:08:17 -06:00
Daniel Pouzzner 33a47c1c04 Merge pull request #8265 from JacobBarthelmeh/armasm
armasm with opensslcoexist build
2024-12-21 10:06:27 -06:00
Daniel Pouzzner b07f2cb461 wolfcrypt/src/coding.c: fix incorrect array bounds check in CEscape(), introduced in 8bbe8a7c8a (before which there was no bounds check at all). 2024-12-21 09:47:07 -06:00
Andrew Hutchings 231cea34ef Add initial support for Gaisler-BCC with Sparc
Slight modifications and documentation to get wolfSSL working with
Gaisler Sparc CPUs and their cross-compilers.
2024-12-21 09:19:58 +00:00
Daniel Pouzzner ad20593569 Merge pull request #8279 from LinuxJedi/sk_push_comments
Fix code comments for some x509.c functions
2024-12-21 00:09:18 -06:00
Daniel Pouzzner 67800c3a22 Merge pull request #8292 from JacobBarthelmeh/xsocktlen
set dk-s7g2 socklent
2024-12-21 00:01:33 -06:00
Daniel Pouzzner 5ef4732745 Merge pull request #8299 from JacobBarthelmeh/cert_regen
end of year test certificate renewal
2024-12-20 17:41:33 -06:00
Daniel Pouzzner 9d3e477b63 src/ssl.c: gate wolfSSL_dtls_set_pending_peer() on !defined(WOLFSSL_NO_SOCK), not just defined(WOLFSSL_DTLS_CID).
tests/api.c: in test_dtls12_basic_connection_id(), omit chacha20 suites if defined(HAVE_FIPS), and fix gate on DHE-PSK-NULL-SHA256.
2024-12-20 17:24:13 -06:00
Daniel Pouzzner afc7e0eb8c Merge pull request #8308 from cconlon/sessTickLenCheck
Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check
2024-12-20 16:41:09 -06:00
JacobBarthelmeh 961453b5ee fix for free'ing up memory after use 2024-12-20 14:58:57 -07:00
JacobBarthelmeh b273bff4e9 regenerate certs_test.h with raw dilithium keys 2024-12-20 11:50:11 -07:00
JacobBarthelmeh 67f3343a5d Merge pull request #8306 from SparkiDev/kyber_no_avx2_fix
ML-KEM/Kyber: fix kyber_prf() for when no AVX2
2024-12-20 11:40:46 -07:00
JacobBarthelmeh 7cebe95138 Merge pull request #8304 from SparkiDev/regression_fixes_15
Regression testing: fixes
2024-12-20 11:29:15 -07:00
JacobBarthelmeh 3dd9f4631d Merge pull request #8305 from kareem-wolfssl/zd19044
Fix a couple of missing bounds checks found via code analyzer.
2024-12-20 11:20:19 -07:00
JacobBarthelmeh 19e68ea71a add a faketime test and update cert buffers 2024-12-20 10:35:58 -07:00
Chris Conlon f68f99b000 Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check 2024-12-20 09:48:01 -07:00
Sean Parkinson e507c466d5 ML-KEM/Kyber: fix kyber_prf() for when no AVX2
When no AVX2 available, kyber_prf() is called to produce more than one
SHAKE-256 blocks worth of ouput. Otherwise only one block is needed.
Changed function to support an outlen of greater than one block.
2024-12-20 11:03:58 +10:00
Kareem 8bbe8a7c8a Fix a couple of missing bounds checks found via code analyzer. 2024-12-19 17:01:25 -07:00
night1rider 6617a8afca Updating Client/Server with myGenExtMaster Callback 2024-12-19 16:27:35 -07:00
Sean Parkinson b7c1e1cf35 Regression testing: fixes
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.

wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'

tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'

tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
2024-12-20 09:25:03 +10:00
Sean Parkinson 00f83facb2 Merge pull request #8302 from cconlon/sessTickLenCheck
Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side
2024-12-20 08:44:10 +10:00
night1rider 2f4329306b Initial Extended Master Secret PK Callback ZD#19038 2024-12-19 15:43:58 -07:00
JacobBarthelmeh 8ca790218c certs_test.h is using raw dilithium keys 2024-12-19 15:23:37 -07:00
Daniel Pouzzner ad8f74b650 examples/client/client.c and examples/client/client.c: use XSTRLCPY() to assure proper null termination. 2024-12-19 16:14:59 -06:00
JacobBarthelmeh 8fa238e554 Merge pull request #8301 from douzzer/20241219-gating-fixes
20241219-gating-fixes
2024-12-19 14:38:55 -07:00
JacobBarthelmeh 5b6ffe0795 add *.revoked to codespell skip 2024-12-19 14:35:43 -07:00
JacobBarthelmeh abc87f9c6f add regression test for gencertbuf.pl 2024-12-19 14:32:46 -07:00
Chris Conlon 1101841b95 Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side 2024-12-19 14:26:22 -07:00
JacobBarthelmeh e66905aaf6 fix for gencertbuf script and add dilithium public key 2024-12-19 14:25:12 -07:00
Daniel Pouzzner 994f218fcb src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL.
configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO.
2024-12-19 14:29:39 -06:00
Juliusz Sosinowicz ca4b1667ee strcpy -> strncpy 2024-12-19 11:19:47 +01:00
Juliusz Sosinowicz feff68d4fd Increase buffer to make room for \0 2024-12-19 11:01:27 +01:00
Daniel Pouzzner 836ee1cbd5 Merge pull request #8298 from lealem47/zd18920
Printing the rfc822Mailbox x509 attribute
2024-12-18 22:19:32 -06:00
Daniel Pouzzner ed76d8ea10 Merge pull request #8297 from miyazakh/ra_jankins
Fix RA6M4 jankins failure
2024-12-18 22:18:43 -06:00
Daniel Pouzzner be2e779280 Merge pull request #8205 from philljj/fedora_crypto_policy
fedora crypto-policies: initial support.
2024-12-18 20:54:36 -06:00
JacobBarthelmeh a5f9ec67c9 Merge pull request #8251 from gojimmypi/pr-post-release-bdd62314-espressif
Espressif Managed Component wolfSSL 5.7.4 post-release update
2024-12-18 16:45:33 -07:00
JacobBarthelmeh df3897d39f adjust tests after cert renewal 2024-12-18 16:19:51 -07:00
JacobBarthelmeh e998dda1db update test certs to have v3 2024-12-18 16:12:08 -07:00
JacobBarthelmeh 4ed14af331 if no extensions are present a v1 certificate was generated, add a SKID extension to avoid that 2024-12-18 16:11:18 -07:00
jordan b5c47d27e0 fedora crypto-policies: initial support. 2024-12-18 16:56:36 -06:00
JacobBarthelmeh bf6ef15be4 update test certificates in header file 2024-12-18 14:27:26 -07:00
JacobBarthelmeh 28184dd8cc update certificates in certs directory 2024-12-18 14:26:15 -07:00
David Garske afff48f0d6 Merge pull request #8253 from douzzer/20241204-more-C89-expansion
20241204-more-C89-expansion
2024-12-18 10:44:18 -08:00
Daniel Pouzzner 122502e2b1 wolfCrypt -Wconversion expansion: fix numerous warnings, all benign, from -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion. 2024-12-18 11:51:06 -06:00
Juliusz Sosinowicz 9cb75ef5f8 fixup! DTLS: Add server side stateless and CID QoL API 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz fe9a5fcd42 fixup! Code review and jenkins fixes 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz faa7b8dfaa wolfSSLReceive: Error return on interrupted connection
Interrupted connection should return control to the user since they may want to handle the signal that caused the interrupt. Otherwise, we might never give back control to the user (the timeout would error out but that causes a big delay).

socat.yml: in test 475, the test would send a SIGTERM after 3 seconds. We would continue to ignore this signal and continue to call `recvfrom`. Instead we should error out and give control back to the user.
2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz a1ee953411 Protect peer access when WOLFSSL_RW_THREADED 2024-12-18 09:31:25 +01:00