wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 16:02:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,249 Commits 12 Branches 184 Tags
b6ce89c4291ac63ea91d7fd0d6b3b4e33d82e089
Commit Graph

24249 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
b6ce89c429 wolfcrypt/src/pkcs7.c: in wc_PKCS7_BuildSignedAttributes(), clear cannedAttribs[idx] before it's conditionally populated, to prevent possible uninited data read in subsequent EncodeAttributes(). 2025-01-07 15:03:18 -06:00
Daniel Pouzzner
8c32238733 wolfcrypt/src/wc_xmss_impl.c: guided by clang-tidy 20.0.0_pre20250104, add some error-checking to wc_xmss_bds_state_load() and wc_xmss_bds_state_store(), but ultimately, suppress a pair of stubborn apparently-false "function call argument is an uninitialized value" warnings, one in wc_xmss_bds_state_store() and one in wc_xmss_sign(). 2025-01-07 14:04:01 -06:00
Daniel Pouzzner
78c4a04cac Merge pull request #8330 from dgarske/compat 
Fix for SSL_set_mtu compat function return code
 2025-01-07 10:52:59 -06:00
David Garske
a3d879f1c6 Merge pull request #8336 from douzzer/20250107-clang-tidy-null-derefs 
20250107-clang-tidy-null-derefs
 2025-01-07 08:07:06 -08:00
David Garske
4a12351a82 Merge pull request #8335 from douzzer/20250106-_DhSetKey-FFDHE-short-circuit 
20250106-_DhSetKey-FFDHE-short-circuit
 2025-01-07 08:06:37 -08:00
David Garske
d2ea3c67c5 Merge pull request #8329 from douzzer/20250103-Sha512Final-no-scratch-digest 
20250103-Sha512Final-no-scratch-digest
 2025-01-07 08:05:31 -08:00
Daniel Pouzzner
d6ead1b3e5 src/tls.c: fix possible null deref in TLSX_UseCertificateStatusRequestV2(). 
wolfcrypt/src/pkcs12.c: fix possible null deref in PKCS12_CoalesceOctetStrings(), and fix spelling of PKCS12_ConcatenateContent().
 2025-01-07 00:00:48 -06:00
Daniel Pouzzner
fffafe661a wolfcrypt/src/dh.c: in _DhSetKey(), add short-circuit comparisons to RFC 7919 known-good moduli, preempting overhead from mp_prime_is_prime(). 
wolfcrypt/test/test.c: in dh_ffdhe_test(), when defined(HAVE_PUBLIC_FFDHE), use wc_DhSetKey_ex() rather than wc_DhSetKey() to exercise the primality check in _DhSetKey().
 2025-01-06 14:52:42 -06:00
David Garske
1679218a88 Merge pull request #8333 from SparkiDev/sp_int_rshb_codesonar 
SP int: stop CodeSonar complaining about i being negatve
 2025-01-06 11:44:32 -08:00
Daniel Pouzzner
5172ff7ee3 wolfcrypt/src/sha512.c: in Sha512FinalRaw() and wc_Sha384FinalRaw(), refactor out the scratch digest -- ByteReverseWords64() is safe in-place, and the scratch digest caused a SEGV in the XMEMCPY() on AVX512-capable targets built with gcc -march=native unless XALIGN(64), due to gcc bug(s). 2025-01-06 11:06:56 -06:00
Sean Parkinson
13ce92cc1f SP int: stop CodeSonar complaining about i being negatve 
n is checked for negative and fail out in that case.
i is n devided by a positive constant and can never be negative.
 2025-01-06 10:04:14 +10:00
David Garske
d6440be4a9 Fix for SSL_set_mtu -> wolfSSL_set_mtu_compat return code. Update comment for wolfSSL_is_init_finished indicating it works for TLS and DTLS. 2025-01-03 10:10:37 -08:00
David Garske
71b7d0c9de Merge pull request #8328 from douzzer/20250102-fips-v6-update-to-5v7v6 
20250102-fips-v6-update-to-5v7v6
 2025-01-02 16:01:05 -08:00
David Garske
5a6e92c793 Merge pull request #8325 from SparkiDev/aarch64_cpuid_aesgcm_kyber 
Aarch64 ASM: Use CPU features for more
 2025-01-02 14:51:35 -08:00
kaleb-himes
bb482d1881 Order into respective groups 2025-01-02 15:41:47 -07:00
Daniel Pouzzner
7d856aebd0 update FIPS v6 to point to wolfcrypt WCv6.0.0-RC3 (aka v5.7.6-stable) and fips WCv6.0.0-RC3. 2025-01-02 15:42:19 -06:00
Sean Parkinson
7d3ee74a71 Aarch64 ASM: Use CPU features for more 
AES GCM streaming - fix GHASH_ONE_BLOCK to use CPU feature information.
AES-GCM uses EOR3 (SHA-3 instruction) - split assembly code.
Kyber uses SQRDMLSH - split assembly code.

Changed define from WOLFSSL_AARCH64_NO_SQRMLSH to
WOLFSSL_AARCH64_NO_SQRDMLSH to match instruction.

Improved array data format for inline assembly code.
 2025-01-02 19:56:04 +10:00
Daniel Pouzzner
239b85c804 Merge pull request #8323 from JacobBarthelmeh/release 
prepare for release 5.7.6
v5.7.6-stable 		2024-12-31 11:58:22 -06:00
JacobBarthelmeh
70e41d1ed1 prepare for release 5.7.6 2024-12-31 08:27:53 -07:00
Daniel Pouzzner
d40698a103 Merge pull request #8322 from JacobBarthelmeh/coverity 
fix for dead code warning CID444417
 2024-12-30 17:56:28 -06:00
JacobBarthelmeh
c9bcbd8c52 fix for dead code warning CID444417 2024-12-30 16:14:28 -07:00
David Garske
8d7c60017c Merge pull request #8263 from JacobBarthelmeh/rsa_pss 
account for rsa_pss_rsae vs rsa_pss_pss type
 2024-12-28 13:47:30 -08:00
JacobBarthelmeh
af4b5c2097 only run RSA-PSS interop test if cipher suites with ephemeral keys are available 2024-12-28 11:34:17 -08:00
JacobBarthelmeh
1ae0f7c66f do not do resume with new test case 
add wolfssl_no_resume flag to openssl.test

check for version of openssl testing against

check if RSA is supported for test case

guard on test case for TLS versions supported
 2024-12-28 02:09:49 -08:00
David Garske
2e8f0176c9 Merge pull request #8316 from JacobBarthelmeh/x509ref 
Up X509 refrence count and add test case
 2024-12-27 10:37:28 -08:00
JacobBarthelmeh
3ee08d81db fix for check on number of objects when free'ing and add test case 2024-12-27 08:09:03 -08:00
David Garske
5c6fdb52f1 Merge pull request #8319 from philljj/fix_coverity 
coverity: correct lock message, check fd value.
 2024-12-26 12:53:36 -08:00
JacobBarthelmeh
f57f044b39 Merge pull request #8318 from dgarske/CID444418 
Fix for finishedSz checking with TLSv1.3 and `WOLFSSL_HAVE_TLS_UNIQUE` (CID444418)
 2024-12-24 15:41:25 -07:00
jordan
c71392bb7e coverity: correct lock message, check fd value. 2024-12-24 16:31:16 -06:00
David Garske
e1baf27831 CID444418. Fix for finishSz checking with TLSv1.3 and WOLFSSL_HAVE_TLS_UNIQUE. 2024-12-24 13:38:57 -08:00
JacobBarthelmeh
17c17cde13 Merge pull request #8317 from night1rider/CID_444416 
Free Val and Oid before returning error
 2024-12-24 10:38:26 -07:00
JacobBarthelmeh
838fe22e61 Merge pull request #8314 from SparkiDev/aarch64_no_crypto_fallback 
Aarch64 ASM: check CPU features before hw crypto instr use
 2024-12-24 10:15:23 -07:00
JacobBarthelmeh
98d212d60b Merge pull request #8315 from SparkiDev/regression_fixes_16 
Regression testing fixes
 2024-12-24 09:56:20 -07:00
msi-debian
545257e498 CID 444416 2024-12-24 09:35:40 -07:00
JacobBarthelmeh
3aa2881cd4 account for rsa_pss_rsae vs rsa_pss_pss type 2024-12-23 23:45:33 -07:00
Sean Parkinson
cad2ebde04 Regression testing fixes 
test.c: Dilithium private key not available in cert_test.h unless
signing is enabled.
./configure --disable-shared --enable-dilithium=make,44,65,87
./configure --disable-shared --enable-dilithium=make,sign,44,65,87
./configure --disable-shared --enable-dilithium=make,verify,44,65,87
test.c: Dilithium doesn't have decode/encode when
WOLFSSL_DILITHIUM_NO_ASN1 is defined.
./configure --disable-shared --enable-dilithium=yes
CFLAGS=-DWOLFSSL_DILITHIUM_NO_ASN1
 2024-12-24 13:55:21 +10:00
Sean Parkinson
e1851cd482 Aarch64 ASM: check CPU features before hw crypto instr use 
For SHA-256, SHA-512 and SHA3, get the CPU features to see if hardware
crypto is available. If not then fallback to an alternate
implementation.
 2024-12-24 12:08:12 +10:00
Sean Parkinson
93812e4286 Merge pull request #8289 from JacobBarthelmeh/harden 
add option for additional sanity checks
 2024-12-24 09:17:08 +10:00
JacobBarthelmeh
ee9b88541f change default to no for --enable-faultharden 2024-12-23 13:51:30 -07:00
Daniel Pouzzner
a13d0fdd86 Merge pull request #8311 from SparkiDev/aarch64_cpuid_fix 
Aarch64 CPU id: fix for privilege instruction detection
 2024-12-23 11:52:14 -06:00
JacobBarthelmeh
2409971b14 Merge pull request #8224 from julek-wolfssl/dtls-server-demux 
DTLS: Add server side stateless and CID QoL API
 2024-12-23 10:01:01 -07:00
JacobBarthelmeh
36d5342f6b Merge pull request #8310 from douzzer/20241221-wolfCrypt-more-AES_BLOCK_SIZE 
20241221-wolfCrypt-more-AES_BLOCK_SIZE
 2024-12-23 09:26:05 -07:00
Sean Parkinson
e7d7e47e07 Aarch64 CPU id: fix for privilege instruction detection 
AES/PMULL is in four bits 4-7.
When value is 0b0010, this indicates both AES and PMULL. Fix code to set
both.
 2024-12-23 11:23:14 +10:00
David Garske
2bcad989da Merge pull request #8309 from douzzer/20241221-fix-CEscape-bounds-check 
20241221-fix-CEscape-bounds-check
 2024-12-21 14:51:46 -08:00
Daniel Pouzzner
50a0773c09 Merge pull request #8285 from LinuxJedi/gaisler 
Add initial support for Gaisler-BCC with Sparc
 2024-12-21 11:03:39 -06:00
Daniel Pouzzner
ed18bf3deb In wolfcrypt/src/port/ and IDE/, replace remaining uses of AES_BLOCK_SIZE with WC_AES_BLOCKSIZE for compatibility with OPENSSL_COEXIST. 
Automated replacement with
```
git ls-files -z wolfcrypt/src/port/ IDE/ | xargs -0 pcre2grep -l '[^_]AES_BLOCK_SIZE' | xargs sed --regexp-extended --in-place 's/([^_])AES_BLOCK_SIZE/\1WC_AES_BLOCK_SIZE/g'
```

Checked for mis-transformations with
```
git ls-files -z | xargs -0 pcre2grep '[^-[()+*/[:space:]]WC_AES_BLOCK_SIZE' | less
```

Checked for residual hits with
```
git ls-files -z | xargs -0 pcre2grep '[^_]AES_BLOCK_SIZE' | less
```

Deliberately excluded:
* ChangeLog.md -- do not alter history.
* doc/ -- do not confuse documentation with newly prefixed macro, because AES_BLOCK_SIZE is available unless -DOPENSSL_COEXIST.
* tests/api.c -- the unit tests deliberately use compatibility names, and are not compatible with -DOPENSSL_COEXIST.
* wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs -- false positive hits on C# names.
* wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs -- false positive hits on C# names.
* reference in wolfssl/wolfcrypt/aes.h that defines AES_BLOCK_SIZE when -UOPENSSL_COEXIST.
* reference in wolfssl/wolfcrypt/settings.h that defines WC_AES_BLOCK_SIZE for old FIPS when -UWC_AES_BLOCK_SIZE.
 2024-12-21 10:28:18 -06:00
Daniel Pouzzner
4ff73b9024 wolfssl/wolfcrypt/aes.h: fix stray reference to AES_BLOCK_SIZE in def for GHASH_ONE_BLOCK(). 2024-12-21 10:08:17 -06:00
Daniel Pouzzner
33a47c1c04 Merge pull request #8265 from JacobBarthelmeh/armasm 
armasm with opensslcoexist build
 2024-12-21 10:06:27 -06:00
Daniel Pouzzner
b07f2cb461 wolfcrypt/src/coding.c: fix incorrect array bounds check in CEscape(), introduced in 8bbe8a7c8a (before which there was no bounds check at all). 2024-12-21 09:47:07 -06:00
Andrew Hutchings
231cea34ef Add initial support for Gaisler-BCC with Sparc 
Slight modifications and documentation to get wolfSSL working with
Gaisler Sparc CPUs and their cross-compilers.
 2024-12-21 09:19:58 +00:00