wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 13:39:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,166 Commits 12 Branches 184 Tags
afc7e0eb8c2c8ae14f2aaa0384fa170e1f21e83a
Commit Graph

24166 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
afc7e0eb8c Merge pull request #8308 from cconlon/sessTickLenCheck 
Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check
 2024-12-20 16:41:09 -06:00
JacobBarthelmeh
67f3343a5d Merge pull request #8306 from SparkiDev/kyber_no_avx2_fix 
ML-KEM/Kyber: fix kyber_prf() for when no AVX2
 2024-12-20 11:40:46 -07:00
JacobBarthelmeh
7cebe95138 Merge pull request #8304 from SparkiDev/regression_fixes_15 
Regression testing: fixes
 2024-12-20 11:29:15 -07:00
JacobBarthelmeh
3dd9f4631d Merge pull request #8305 from kareem-wolfssl/zd19044 
Fix a couple of missing bounds checks found via code analyzer.
 2024-12-20 11:20:19 -07:00
Chris Conlon
f68f99b000 Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check 2024-12-20 09:48:01 -07:00
Sean Parkinson
e507c466d5 ML-KEM/Kyber: fix kyber_prf() for when no AVX2 
When no AVX2 available, kyber_prf() is called to produce more than one
SHAKE-256 blocks worth of ouput. Otherwise only one block is needed.
Changed function to support an outlen of greater than one block.
 2024-12-20 11:03:58 +10:00
Kareem
8bbe8a7c8a Fix a couple of missing bounds checks found via code analyzer. 2024-12-19 17:01:25 -07:00
Sean Parkinson
b7c1e1cf35 Regression testing: fixes 
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.

wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'

tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'

tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
 2024-12-20 09:25:03 +10:00
Sean Parkinson
00f83facb2 Merge pull request #8302 from cconlon/sessTickLenCheck 
Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side
 2024-12-20 08:44:10 +10:00
JacobBarthelmeh
8fa238e554 Merge pull request #8301 from douzzer/20241219-gating-fixes 
20241219-gating-fixes
 2024-12-19 14:38:55 -07:00
Chris Conlon
1101841b95 Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side 2024-12-19 14:26:22 -07:00
Daniel Pouzzner
994f218fcb src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL. 
configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO.
 2024-12-19 14:29:39 -06:00
Daniel Pouzzner
836ee1cbd5 Merge pull request #8298 from lealem47/zd18920 
Printing the rfc822Mailbox x509 attribute
 2024-12-18 22:19:32 -06:00
Daniel Pouzzner
ed76d8ea10 Merge pull request #8297 from miyazakh/ra_jankins 
Fix RA6M4 jankins failure
 2024-12-18 22:18:43 -06:00
Daniel Pouzzner
be2e779280 Merge pull request #8205 from philljj/fedora_crypto_policy 
fedora crypto-policies: initial support.
 2024-12-18 20:54:36 -06:00
JacobBarthelmeh
a5f9ec67c9 Merge pull request #8251 from gojimmypi/pr-post-release-bdd62314-espressif 
Espressif Managed Component wolfSSL 5.7.4 post-release update
 2024-12-18 16:45:33 -07:00
jordan
b5c47d27e0 fedora crypto-policies: initial support. 2024-12-18 16:56:36 -06:00
David Garske
afff48f0d6 Merge pull request #8253 from douzzer/20241204-more-C89-expansion 
20241204-more-C89-expansion
 2024-12-18 10:44:18 -08:00
Daniel Pouzzner
122502e2b1 wolfCrypt -Wconversion expansion: fix numerous warnings, all benign, from -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion. 2024-12-18 11:51:06 -06:00
Sean Parkinson
ba050d6a3f Merge pull request #8296 from douzzer/20241217-FIPS-v6-ENABLED_ARMASM_CRYPTO-fixes 
20241217-FIPS-v6-ENABLED_ARMASM_CRYPTO-fixes
 2024-12-18 15:27:08 +10:00
Lealem Amedie
651dab3dbf Printing the rfc822Mailbox x509 attribute 2024-12-17 15:39:23 -07:00
Hideki Miyazaki
39c11c269f Fix RA6M jankins failure 2024-12-18 07:37:21 +09:00
Daniel Pouzzner
60afdb557d Merge pull request #8273 from dgarske/no_tls 
Enable support for no TLS while allowing certificate manager
 2024-12-17 16:24:57 -06:00
David Garske
356889a528 Add --disable-tls option that can be used with --enable-all to disable TLS features and set NO_TLS. Useful for allowing certificate manager and crypto compatibility API's only. 2024-12-17 13:40:03 -08:00
Daniel Pouzzner
f23a2f2f48 wolfcrypt/src/aes.c: add missing WOLFSSL_ARMASM gate clause around wolfCrypt_FIPS_aes_ro_sanity, necessitated by 514a92d6ee/#8293. 2024-12-17 14:17:52 -06:00
Daniel Pouzzner
7b57ef4912 configure.ac: fix faulty logic in FIPS v6 feature calculation re ENABLED_ARMASM_CRYPTO, originally added in 6e0a90190f. 2024-12-17 12:21:47 -06:00
David Garske
6151160e58 Further fixes with NO_TLS to support use with compatibility layer. 2024-12-17 09:24:38 -08:00
Kaleb Himes
fcbea85ded Merge pull request #8291 from douzzer/20241213-fips-check-refactor-assoc-arrays 
20241213-fips-check-refactor-assoc-arrays
 2024-12-17 10:23:51 -07:00
David Garske
a2b5da8651 Fix nested NO_TLS. 2024-12-17 08:33:33 -08:00
David Garske
16b2884cf1 Fix issues in test_tls13_apis with no filesystem or no RSA/ECC. 2024-12-17 08:33:33 -08:00
David Garske
14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
Daniel Pouzzner
22e95081cd Merge pull request #8181 from gojimmypi/dev-compiler-message 
Initialize vars & change types to appease Windows/VS
 2024-12-16 23:19:05 -06:00
Daniel Pouzzner
058138eb00 Merge pull request #8286 from julek-wolfssl/hostap-action-update 
Use source hostap repo
 2024-12-16 23:07:05 -06:00
Daniel Pouzzner
5aeabbfa3c Merge pull request #8245 from julek-wolfssl/mbed-interop 
Add CID interop with mbedtls
 2024-12-16 23:04:19 -06:00
Daniel Pouzzner
9d7c02589f Merge pull request #8276 from SparkiDev/ed448_muladd_full_reduce 
EdDSA Ed448: sc_muladd now does full reduction
 2024-12-16 20:29:49 -06:00
Daniel Pouzzner
a1035cf8df Merge pull request #8294 from LinuxJedi/test_compile_issue 
Fix compile issue with NO_WOLFSSL_DIR
 2024-12-16 19:26:24 -06:00
Daniel Pouzzner
b5935f38d7 Merge pull request #8282 from SparkiDev/iphone_no_sha3_instrs 
MacOS: allow SHA-3 instructions to be explicitly not used
 2024-12-16 16:55:09 -06:00
Daniel Pouzzner
fd22bfc0b7 Merge pull request #8293 from SparkiDev/aarch64_no_crypto 
Aarch64: make code compile when no hardware crypto avail
 2024-12-16 14:57:53 -06:00
philljj
c5c607bc87 Merge pull request #8295 from douzzer/20241216-linuxkm-export-ns-quotes 
20241216-linuxkm-export-ns-quotes
 2024-12-16 12:37:21 -06:00
Daniel Pouzzner
6fbc18f0dc linuxkm/Kbuild and linuxkm/module_exports.c.template: on kernel >=6.13, add quotes around the namespace arg to EXPORT_SYMBOL_NS_GPL() (upstream change actually made in 6.13-rc2). 2024-12-16 11:43:26 -06:00
Andrew Hutchings
61cb5b479f Fix compile issue with NO_WOLFSSL_DIR 
`test_wolfSSL_CTX_load_system_CA_certs()` would try to use DIR functions
when `NO_WOLFSSL_DIR` was used.
 2024-12-16 17:23:49 +00:00
Sean Parkinson
514a92d6ee Aarch64: make code compile when no hardware crypto avail 
Detects availability of instructions for Aarch64.
 2024-12-16 17:46:08 +10:00
Sean Parkinson
e3876fcab7 Merge pull request #8287 from JacobBarthelmeh/sigfault 
fix for sig fault harden build
 2024-12-16 09:04:29 +10:00
Daniel Pouzzner
7c5451c742 fips-check.sh fixes + enhancements: 
* change default WOLFSSL_REPO to the canonical upstream.
* refactor tag calculation without bash associative arrays, for backward compat.
* add support for fetching FIPS tags/branches into a persistent fips repo if one is found at ../fips.
* use --shared in git clones where applicable.
* always check out the master FIPS branch, for its tooling, and always make sure it's up to date with $FIPS_REPO.
* after each fetch for a previously unknown tag, explicitly associate the tag with the FETCH_HEAD.
 2024-12-13 21:36:40 -06:00
Daniel Pouzzner
4bdccac584 Merge pull request #8290 from wolfSSL/revert-8277-aarch64_no_crypto 
Revert "Aarch64: make code compile when no hardware crypto avail"
 2024-12-13 20:43:01 -06:00
David Garske
71325a2a32 Revert "Aarch64: make code compile when no hardware crypto avail" 2024-12-13 13:52:53 -08:00
JacobBarthelmeh
d7e40e7413 Merge pull request #8264 from dgarske/various_20241206 
Various cleanups and fixes
 2024-12-13 13:48:10 -07:00
JacobBarthelmeh
68e85ef33a Merge pull request #8252 from anhu/use_srtp_retcode 
wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 up…
 2024-12-13 13:35:49 -07:00
JacobBarthelmeh
e76e0e33fd Merge pull request #8283 from rlm2002/enableAlwaysKeepSNI 
WOLFSSL_ALWAYS_KEEP_SNI enabled by default with --enable-jni
 2024-12-13 13:32:47 -07:00
JacobBarthelmeh
a22176af40 fix for sig fault harden build 2024-12-13 10:34:23 -07:00