wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 17:52:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,179 Commits 12 Branches 184 Tags
b07f2cb461e2de9e5fc7d79cc64eeef2464f2765
Commit Graph

24179 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
b07f2cb461 wolfcrypt/src/coding.c: fix incorrect array bounds check in CEscape(), introduced in 8bbe8a7c8a (before which there was no bounds check at all). 2024-12-21 09:47:07 -06:00
Daniel Pouzzner
5ef4732745 Merge pull request #8299 from JacobBarthelmeh/cert_regen 
end of year test certificate renewal
 2024-12-20 17:41:33 -06:00
Daniel Pouzzner
afc7e0eb8c Merge pull request #8308 from cconlon/sessTickLenCheck 
Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check
 2024-12-20 16:41:09 -06:00
JacobBarthelmeh
b273bff4e9 regenerate certs_test.h with raw dilithium keys 2024-12-20 11:50:11 -07:00
JacobBarthelmeh
67f3343a5d Merge pull request #8306 from SparkiDev/kyber_no_avx2_fix 
ML-KEM/Kyber: fix kyber_prf() for when no AVX2
 2024-12-20 11:40:46 -07:00
JacobBarthelmeh
7cebe95138 Merge pull request #8304 from SparkiDev/regression_fixes_15 
Regression testing: fixes
 2024-12-20 11:29:15 -07:00
JacobBarthelmeh
3dd9f4631d Merge pull request #8305 from kareem-wolfssl/zd19044 
Fix a couple of missing bounds checks found via code analyzer.
 2024-12-20 11:20:19 -07:00
JacobBarthelmeh
19e68ea71a add a faketime test and update cert buffers 2024-12-20 10:35:58 -07:00
Chris Conlon
f68f99b000 Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check 2024-12-20 09:48:01 -07:00
Sean Parkinson
e507c466d5 ML-KEM/Kyber: fix kyber_prf() for when no AVX2 
When no AVX2 available, kyber_prf() is called to produce more than one
SHAKE-256 blocks worth of ouput. Otherwise only one block is needed.
Changed function to support an outlen of greater than one block.
 2024-12-20 11:03:58 +10:00
Kareem
8bbe8a7c8a Fix a couple of missing bounds checks found via code analyzer. 2024-12-19 17:01:25 -07:00
Sean Parkinson
b7c1e1cf35 Regression testing: fixes 
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.

wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'

tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'

tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
 2024-12-20 09:25:03 +10:00
Sean Parkinson
00f83facb2 Merge pull request #8302 from cconlon/sessTickLenCheck 
Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side
 2024-12-20 08:44:10 +10:00
JacobBarthelmeh
8ca790218c certs_test.h is using raw dilithium keys 2024-12-19 15:23:37 -07:00
JacobBarthelmeh
8fa238e554 Merge pull request #8301 from douzzer/20241219-gating-fixes 
20241219-gating-fixes
 2024-12-19 14:38:55 -07:00
JacobBarthelmeh
5b6ffe0795 add *.revoked to codespell skip 2024-12-19 14:35:43 -07:00
JacobBarthelmeh
abc87f9c6f add regression test for gencertbuf.pl 2024-12-19 14:32:46 -07:00
Chris Conlon
1101841b95 Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side 2024-12-19 14:26:22 -07:00
JacobBarthelmeh
e66905aaf6 fix for gencertbuf script and add dilithium public key 2024-12-19 14:25:12 -07:00
Daniel Pouzzner
994f218fcb src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL. 
configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO.
 2024-12-19 14:29:39 -06:00
Daniel Pouzzner
836ee1cbd5 Merge pull request #8298 from lealem47/zd18920 
Printing the rfc822Mailbox x509 attribute
 2024-12-18 22:19:32 -06:00
Daniel Pouzzner
ed76d8ea10 Merge pull request #8297 from miyazakh/ra_jankins 
Fix RA6M4 jankins failure
 2024-12-18 22:18:43 -06:00
Daniel Pouzzner
be2e779280 Merge pull request #8205 from philljj/fedora_crypto_policy 
fedora crypto-policies: initial support.
 2024-12-18 20:54:36 -06:00
JacobBarthelmeh
a5f9ec67c9 Merge pull request #8251 from gojimmypi/pr-post-release-bdd62314-espressif 
Espressif Managed Component wolfSSL 5.7.4 post-release update
 2024-12-18 16:45:33 -07:00
JacobBarthelmeh
df3897d39f adjust tests after cert renewal 2024-12-18 16:19:51 -07:00
JacobBarthelmeh
e998dda1db update test certs to have v3 2024-12-18 16:12:08 -07:00
JacobBarthelmeh
4ed14af331 if no extensions are present a v1 certificate was generated, add a SKID extension to avoid that 2024-12-18 16:11:18 -07:00
jordan
b5c47d27e0 fedora crypto-policies: initial support. 2024-12-18 16:56:36 -06:00
JacobBarthelmeh
bf6ef15be4 update test certificates in header file 2024-12-18 14:27:26 -07:00
JacobBarthelmeh
28184dd8cc update certificates in certs directory 2024-12-18 14:26:15 -07:00
David Garske
afff48f0d6 Merge pull request #8253 from douzzer/20241204-more-C89-expansion 
20241204-more-C89-expansion
 2024-12-18 10:44:18 -08:00
Daniel Pouzzner
122502e2b1 wolfCrypt -Wconversion expansion: fix numerous warnings, all benign, from -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion. 2024-12-18 11:51:06 -06:00
Sean Parkinson
ba050d6a3f Merge pull request #8296 from douzzer/20241217-FIPS-v6-ENABLED_ARMASM_CRYPTO-fixes 
20241217-FIPS-v6-ENABLED_ARMASM_CRYPTO-fixes
 2024-12-18 15:27:08 +10:00
Lealem Amedie
651dab3dbf Printing the rfc822Mailbox x509 attribute 2024-12-17 15:39:23 -07:00
Hideki Miyazaki
39c11c269f Fix RA6M jankins failure 2024-12-18 07:37:21 +09:00
Daniel Pouzzner
60afdb557d Merge pull request #8273 from dgarske/no_tls 
Enable support for no TLS while allowing certificate manager
 2024-12-17 16:24:57 -06:00
David Garske
356889a528 Add --disable-tls option that can be used with --enable-all to disable TLS features and set NO_TLS. Useful for allowing certificate manager and crypto compatibility API's only. 2024-12-17 13:40:03 -08:00
Daniel Pouzzner
f23a2f2f48 wolfcrypt/src/aes.c: add missing WOLFSSL_ARMASM gate clause around wolfCrypt_FIPS_aes_ro_sanity, necessitated by 514a92d6ee/#8293. 2024-12-17 14:17:52 -06:00
Daniel Pouzzner
7b57ef4912 configure.ac: fix faulty logic in FIPS v6 feature calculation re ENABLED_ARMASM_CRYPTO, originally added in 6e0a90190f. 2024-12-17 12:21:47 -06:00
David Garske
6151160e58 Further fixes with NO_TLS to support use with compatibility layer. 2024-12-17 09:24:38 -08:00
Kaleb Himes
fcbea85ded Merge pull request #8291 from douzzer/20241213-fips-check-refactor-assoc-arrays 
20241213-fips-check-refactor-assoc-arrays
 2024-12-17 10:23:51 -07:00
David Garske
a2b5da8651 Fix nested NO_TLS. 2024-12-17 08:33:33 -08:00
David Garske
16b2884cf1 Fix issues in test_tls13_apis with no filesystem or no RSA/ECC. 2024-12-17 08:33:33 -08:00
David Garske
14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
Daniel Pouzzner
22e95081cd Merge pull request #8181 from gojimmypi/dev-compiler-message 
Initialize vars & change types to appease Windows/VS
 2024-12-16 23:19:05 -06:00
Daniel Pouzzner
058138eb00 Merge pull request #8286 from julek-wolfssl/hostap-action-update 
Use source hostap repo
 2024-12-16 23:07:05 -06:00
Daniel Pouzzner
5aeabbfa3c Merge pull request #8245 from julek-wolfssl/mbed-interop 
Add CID interop with mbedtls
 2024-12-16 23:04:19 -06:00
Daniel Pouzzner
9d7c02589f Merge pull request #8276 from SparkiDev/ed448_muladd_full_reduce 
EdDSA Ed448: sc_muladd now does full reduction
 2024-12-16 20:29:49 -06:00
Daniel Pouzzner
a1035cf8df Merge pull request #8294 from LinuxJedi/test_compile_issue 
Fix compile issue with NO_WOLFSSL_DIR
 2024-12-16 19:26:24 -06:00
Daniel Pouzzner
b5935f38d7 Merge pull request #8282 from SparkiDev/iphone_no_sha3_instrs 
MacOS: allow SHA-3 instructions to be explicitly not used
 2024-12-16 16:55:09 -06:00