wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 15:52:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,022 Commits 12 Branches 184 Tags
a8415a79265c0fe2d2a691ce03ee771ec7fc402f
Commit Graph

22022 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JacobBarthelmeh
a8415a7926 Merge pull request #7367 from mrdeep1/hello_verify_request 
Support DTLS1.3 downgrade when using PSK
 2024-04-09 16:17:59 -06:00
JacobBarthelmeh
dd79ca5d96 Merge pull request #7405 from SparkiDev/mismatch_cs_alert 
No match cipher suite alert type change
 2024-04-09 09:31:12 -06:00
JacobBarthelmeh
144ffdc713 Merge pull request #7400 from philljj/test_xmss_pubraw 
Add wc_XmssKey_ExportPubRaw to wolfcrypt test.
 2024-04-09 09:14:23 -06:00
jordan
4a069ee5c1 Small cleanup for review. 2024-04-08 21:41:33 -05:00
Sean Parkinson
d96e5ec589 No match cipher suite alert type change 
TLS 1.0/1.1/1.2 specifications require the of a return a handshake
failure alert when no cipher suites match.
TLS 1.3 specification requires the return of a "handshake_failure" or
"insufficient_security" fatal alert.

Change alert sent from "illegal_parameter" to "handshake_failure".
 2024-04-08 11:25:50 +10:00
Daniel Pouzzner
d1efccd259 Merge pull request #7381 from dgarske/netdb_ioctl 
Restore `HAVE_NETDB_H` and `HAVE_SYS_IOCTL_H` checks in the wolfio.c.
 2024-04-05 16:02:21 -04:00
Daniel Pouzzner
a518f493b5 Merge pull request #7388 from JacobBarthelmeh/x509_cases 
check for critical policy extension when not supported
 2024-04-05 15:59:03 -04:00
Daniel Pouzzner
7d66cc46ff Merge pull request #7375 from mrdeep1/fix_rpk 
RPK: Define Certificates correctly for (D)TLS1.2
 2024-04-05 15:48:25 -04:00
Daniel Pouzzner
2ba12a89df Merge pull request #7386 from anhu/reseed_public 
Make wc_RNG_DRBG_Reseed() a wolfCrypt API.
 2024-04-05 14:27:26 -04:00
Anthony Hu
cf2f58bfdf Merge pull request #7395 from douzzer/20240403-RPK-cleanups 
20240403-RPK-cleanups
 2024-04-05 13:43:15 -04:00
Anthony Hu
3908bc34ed Merge pull request #7399 from douzzer/20240405-tls-endian-fixes 
20240405-tls-endian-fixes
 2024-04-05 13:40:07 -04:00
jordan
d0802335a8 Add wc_XmssKey_ExportPubRaw to wolfcrypt test. 2024-04-05 12:09:04 -05:00
Daniel Pouzzner
cdf2504612 fixes for non-portable (endian-sensitive) code patterns around word16 in TLS layer. 2024-04-05 10:42:05 -05:00
Kaleb Himes
9d56484d33 Merge pull request #7398 from douzzer/20240404-fips-VERSION3 
20240404-fips-VERSION3
 2024-04-05 07:53:32 -06:00
Daniel Pouzzner
9542843874 wolfssl/wolfcrypt/settings.h: streamline definitions of WOLFSSL_FIPS_VERSION_CODE for the !HAVE_FIPS and !HAVE_FIPS_VERSION cases; add WOLFSSL_FIPS_VERSION2_CODE and fix the incumbent FIPS_VERSION_{LT,LE,EQ,GE,GT} definitions to use it. 2024-04-04 22:27:51 -05:00
kaleb-himes
ae2a92e449 add "VERSION3" variants of macros for testing and computing FIPS versions. 2024-04-04 17:39:07 -05:00
Daniel Pouzzner
747755b3c4 fixes for analyzer carps around HAVE_RPK: 
fix clang-analyzer-deadcode.DeadStores in src/tls.c TLSX_ClientCertificateType_GetSize();

fix clang-analyzer-deadcode.DeadStores in tests/api.c test_tls13_rpk_handshake();

fix null pointer to XMEMCPY() in src/internal.c CopyDecodedName().
 2024-04-04 00:15:01 -05:00
JacobBarthelmeh
8b587b563c Merge pull request #7286 from Frauschi/hybrid_signatures 
Improvements to dual algorithm certificates
 2024-04-03 13:37:16 -06:00
Daniel Pouzzner
8511b2dc6b ProcessBuffer(): in WOLFSSL_DUAL_ALG_CERTS code path, fall through without disrupting ret, if cert->sapkiOID and cert->sapkiLen are unset. 2024-04-03 13:54:57 -05:00
David Garske
57603823e3 Merge pull request #7387 from JacobBarthelmeh/sm2 
fix for oss-fuzz sm2 test build
 2024-04-03 10:08:46 -07:00
JacobBarthelmeh
f6a24efe23 Merge pull request #7389 from dgarske/nxp_mmcau_sha256 
Fix the NXP MMCAU HW acceleration for SHA2-256
 2024-04-03 10:39:04 -06:00
Anthony Hu
9bfab33726 Address comments from Jacob. 2024-04-03 09:04:28 -04:00
David Garske
d7c6d7af44 Fix the NXP MMCAU HW acceleration for SHA2-256. Broken with LMS SHA2 refactor. 2024-04-02 19:32:41 -07:00
JacobBarthelmeh
c768f76d5a Merge pull request #7315 from fabiankeil/disable-3des-ciphers 
Allow to enable DES3 support without the DES3 ciphers
 2024-04-02 17:48:01 -06:00
JacobBarthelmeh
75da69911c Merge pull request #7369 from dgarske/infineon_modustoolbox 
Support for Infineon Modus Toolbox with wolfSSL
 2024-04-02 17:34:07 -06:00
JacobBarthelmeh
983616afa0 check for critical policy extension when not supported 2024-04-02 16:46:47 -06:00
JacobBarthelmeh
04ebc966d0 Merge pull request #7385 from philljj/spelling_cleanup 
Used codespell and fixed obvious typos.
 2024-04-02 14:35:51 -06:00
JacobBarthelmeh
d4f5825fd2 fix for sp build with ecc_map_ex 2024-04-02 11:40:53 -06:00
JacobBarthelmeh
ed4f052215 Merge pull request #7382 from bandi13/reEnableTest 
Revert "Disable broken library"
 2024-04-02 10:51:50 -06:00
JacobBarthelmeh
b334750bf2 Merge pull request #7383 from embhorn/zd17763 
Fix build error with RECORD_SIZE defined
 2024-04-02 10:51:11 -06:00
Anthony Hu
598a3bfdcd Make wc_RNG_DRBG_Reseed() a wolfCrypt API. 2024-04-02 12:33:35 -04:00
jordan
b65e42bf4d Used codespell and fixed obvious typos. 2024-04-02 10:19:39 -05:00
Eric Blankenhorn
e072677379 Fix build error with RECORD_SIZE defined 2024-04-02 10:02:35 -05:00
Fabian Keil
790129ee71 cmake: Add WOLFSSL_DES3_TLS_SUITES option 2024-04-02 16:27:11 +02:00
Daniel Pouzzner
092dba4593 wolfcrypt/src/asn.c: fix for benign identicalInnerCondition in ParseCertRelative(). 2024-04-01 23:50:05 -05:00
Anthony Hu
10d210ce26 Parenthesis 2024-04-01 19:05:59 -04:00
Anthony Hu
2d532dd6b8 Clean up after another round of analyzer execution. 2024-04-01 18:56:44 -04:00
Andras Fekete
6524fbb43f Revert "Disable broken library" 
This reverts commit ce52a68c3d.
 2024-04-01 18:11:42 -04:00
Anthony Hu
3a3a7c2a67 Forgot to clean up the preTBS. 2024-04-01 17:37:04 -04:00
Anthony Hu
6a4d4bf6f1 cks_order is used later; don't let it fall out of scope. 2024-04-01 17:37:03 -04:00
Anthony Hu
8f599defe0 Add check inspired by original implementation of asn. 2024-04-01 17:37:03 -04:00
Daniel Pouzzner
2f3495f286 src/tls13.c: remove unreachable break in DoTls13CertificateVerify(). 
tests/api.c: fix various use-after-frees of file in do_dual_alg_root_certgen() and do_dual_alg_server_certgen().
 2024-04-01 17:37:03 -04:00
Anthony Hu
e4b7857e43 If WOLFSSL_TRUST_PEER_CERT is defined, the negative test is no longer negative. 2024-04-01 17:37:03 -04:00
Tobias Frauenschläger
136eaae4f1 Improvements to dual alg certificates 
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
	(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
  file/buffer
* More API support for alternative private keys

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-04-01 17:37:03 -04:00
David Garske
da6a11d1d1 Restore HAVE_NETDB_H and HAVE_SYS_IOCTL_H checks in the wolfio.c. 2024-04-01 09:49:22 -07:00
Daniel Pouzzner
d930825a92 Merge pull request #7362 from jpbland1/rsa-make-key-no-malloc 
fix wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC
 2024-03-30 03:19:27 -04:00
John Bland
d8e9e90f9d refactor rawLen to avoid unused warning 2024-03-30 02:12:32 -04:00
Daniel Pouzzner
03d7eac9c4 Merge pull request #7337 from gojimmypi/PR-test-certbuf-256 
wolfcrypt tests: improve file system gating for USE_CERT_BUFFERS
 2024-03-30 00:43:20 -04:00
David Garske
5c486cb7a6 Merge pull request #7371 from douzzer/20240327-tls-int-overflows 
20240327-tls-int-overflows
 2024-03-29 11:37:08 -07:00
Jon Shallow
a0f3933881 Support (D)TLS1.3 downgrade when using PSK 
DTLS Server:
examples/server/server -v3 -u -s

DTLS Client:
examples/client/client -vd -g -u -s

TLS Server:
examples/server/server -v3 -s

TLS Client:
examples/client/client -vd -g -s

Support checking for DTLS1.2 Hello Verify Request when using PSK.

Unset options.tls1_3 when handling a DTLS1.2 Hello Verify Request.

Unset options.tls1_3 when handling a (D)TLS1.2 Server Hello to stop
checking of Encrypted Client Hello

Requires ./configure --enable-all --enable-dtls13

Add in tests for DTLS1.3 and TLS1.3 downgrade when using PSK.
 2024-03-29 18:04:30 +00:00