wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 00:22:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,471 Commits 12 Branches 184 Tags
b98e4e0093e9fbab6156741d3852841cdfee44d4
Commit Graph

7483 Commits

Author SHA1 Message Date
Anthony Hu
b98e4e0093 Merge pull request #7576 from Frauschi/pqc_private_key_fix 
Fix PQC and hybrid certificate regressions
 2024-05-23 15:03:16 -04:00
David Garske
40db521f8b Merge pull request #7575 from josepho0918/cmac 
Simplify CMAC verification logic
 2024-05-23 10:37:57 -07:00
Tobias Frauenschläger
9a58301ab1 Fix PQC and hybrid certificate regressions 
Due to recent changes in the logic to decode private keys and to parse
the TLS1.3 CertificateVerify message, some regressions regarding PQC
private keys and hybrid certificates have been introduced:
* Decoding PQC private keys fails as the PKCS8 header of a decoded DER
  file is now already removed before parsing the key.
* The key size wasn't properly stored in the context for PQC keys after
  decoding a certificate (always the maximum size)
* The two 16-bit size values in case of a hybrid signature in the
  CertificateVerify message have been incorrectly decoded as 32-bit
  values instead of 16-bit values. This resulted in wrong values,
  leading to segmentation faults.

All three regressions are fixed with the changes in this commit.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-05-23 16:01:28 +02:00
Joseph Chen
8a7e3ba52e Simplify CMAC verification logic 2024-05-23 15:12:10 +08:00
Daniel Pouzzner
110f4ec737 wolfcrypt/src/sha256.c: in WC_NO_INTERNAL_FUNCTION_POINTERS code path (linuxkm), fix oversight whereby Transform_Sha256_AVX1_Sha() was used on targets with false IS_INTEL_SHA(intel_flags). the former SHA256_AVX1 method id is now split into SHA256_AVX1_SHA and SHA256_AVX1_NOSHA, with corresponding fixes in Sha256_SetTransform(), inline_XTRANSFORM() and inline_XTRANSFORM_LEN(). 2024-05-22 15:39:46 -05:00
Daniel Pouzzner
c5ce984966 wolfcrypt/src/wc_xmss_impl.c:wc_xmssmt_sign_next_idx(): use (XmssIdx)1, not (word32)1, for a shift-by-height operand; 
src/ssl.c:set_curves_list(): don't attempt to enable curves that are out-of-range for word32 disabled.
 2024-05-21 13:57:40 -05:00
Sean Parkinson
43b2c80862 Merge pull request #7552 from dgarske/ecies_own_salt 
Add option for using a custom salt for ourselves
 2024-05-21 09:19:12 +10:00
David Garske
5a0594d257 Match wc_ecc_ctx_set_kdf_salt argument names between header and implementation. 2024-05-20 08:38:23 -07:00
Daniel Pouzzner
d0e73783f1 wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: add FIPS_AES_XTS_MAX_BYTES_PER_TWEAK and struct XtsAesStreamData, with improved error checking on streaming AES-XTS APIs; 
wolfcrypt/test/test.c and linuxkm/lkcapi_glue.c: update AES-XTS streaming calls to use struct XtsAesStreamData;

linuxkm/lkcapi_glue.c: add handling for CONFIG_CRYPTO_MANAGER*.
 2024-05-18 22:00:00 -05:00
Daniel Pouzzner
5c6218696b wolfcrypt/src/misc.c: fix -Wconversions in CopyString(); 
src/ssl.c: fix missing semicolon in wolfSSL_CTX_check_private_key().
 2024-05-18 02:31:58 -05:00
David Garske
391431c7d8 Merge pull request #7539 from bandi13/fixConversionPart2 
Fix conversion part2
 2024-05-17 12:29:46 -07:00
David Garske
95095f5bc4 Add option for using a custom salt for ourselves. ZD 17988 2024-05-17 08:16:04 -07:00
Sean Parkinson
c0015cbda6 Merge pull request #7549 from douzzer/20240516-wc_AesXtsEnDecryptFinal 
20240516-wc_AesXtsEnDecryptFinal
 2024-05-17 09:43:26 +10:00
David Garske
219a338107 Merge pull request #7547 from philljj/spelling_cleanup 
Used codespell and fixed some obvious typos.
 2024-05-16 14:10:19 -07:00
Daniel Pouzzner
6d0f611ab5 AES-XTS: add wc_AesXtsEncryptFinal() and wc_AesXtsDecryptFinal() for API consistency, and add error-checking (block alignment check) to wc_AesXtsEncryptUpdate() and wc_AesXtsDecryptUpdate(). 2024-05-16 15:20:37 -05:00
jordan
040e0c956a Used codespell and fixed obvious typos. 2024-05-16 13:53:26 -05:00
Juliusz Sosinowicz
d9f7629296 Add grpc support 
- Fix BIO_BIO type
  - Set retry flags correctly
- Add CRL callback
- Copy the alt names instead of trying to share a pointer
- Allow calling wolfSSL_get_servername on client side (to get the requested name)
- Return the chain in wolfSSL_X509_STORE_CTX_get_chain in the correct order
  - Peer first, top CA last
- Fix leak in RebuildFullName
- Add CopyString helper function
- Implement
  - X509_CRL_dup
  - ASN1_UTCTIME_set
  - X509_STORE_CTX_get0_param
  - X509_STORE_get0_param
  - X509_STORE_set_verify_cb
  - X509_STORE_set_get_crl
  - X509_set1_notAfter
  - X509_set1_notBefore
 2024-05-16 18:20:53 +02:00
JacobBarthelmeh
21204244c5 Merge pull request #7394 from embhorn/zd17779 
Add null check to wolfSSL_Free
 2024-05-16 09:31:37 -06:00
gojimmypi
7f1af2feb3 Fix PlatformIO freertos semphr.h include 2024-05-15 18:24:00 -07:00
kaleb-himes
76527c3eaa Address a report from multi-test about 8-bit chars 2024-05-15 15:21:41 -04:00
Eric Blankenhorn
4e5a98e65d Fix from rebase 2024-05-15 14:03:12 -05:00
kaleb-himes
6719909f4e Add logging.h header in pwdbased.c when DEBUG_WOLFSSL 2024-05-15 14:02:44 -04:00
kaleb-himes
7047991cda Log when iterations LT 1000 but take no action 2024-05-15 14:02:44 -04:00
kaleb-himes
a9511e118a Add SP800-132 112 bit minimum applicable after stretch/strengthen 2024-05-15 14:02:44 -04:00
kaleb-himes
82d9a7bbae Initialize scratch buffer 2024-05-15 14:02:43 -04:00
kaleb-himes
766c3b5ad8 Comments and further relaxing of some other hmac restrictions 2024-05-15 14:02:43 -04:00
David Garske
ac7aea9674 Merge pull request #7478 from JacobBarthelmeh/staticmemory 
add global heap hint setter function
 2024-05-15 10:43:15 -07:00
JacobBarthelmeh
9aeef1d857 add void and remove rebase issue 2024-05-15 10:28:39 -06:00
David Garske
c73e4333bf Merge pull request #7535 from gojimmypi/PR-fix-sha512-endianness 
Fix Espressif SHA512 SW fallback endianness
 2024-05-15 09:04:07 -07:00
David Garske
9c4c9234b1 Merge pull request #7532 from SparkiDev/wc_ecc_mulmod_zero 
ECC: handle zero in wc_ecc_mulmod()
 2024-05-15 09:02:02 -07:00
gojimmypi
b25a4f1082 Use zero, not Espressif macro for return code 2024-05-15 08:06:06 -07:00
gojimmypi
1024d7a809 Fix Espressif SHA512 SW fallback endianness 2024-05-15 07:36:10 -07:00
Daniel Pouzzner
2fe366cc74 wolfcrypt/test/test.c: add test coverage for WOLFSSL_AESXTS_STREAM. 
linuxkm/lkcapi_glue.c: typographic cleanups, and failsafe error return constructs when skcipher_walk_virt() returns zero walk.nbytes.

wolfcrypt/src/aes.c: additional comments and inline documentation.

.github/workflows/openvpn.yml: disable test on master branch.
 2024-05-14 19:11:39 -05:00
Daniel Pouzzner
8392748cda wolfcrypt/src/aes.c: de-deduplicate code, AesXts{En,De}crypt_sw() vs AesXts{En,De}cryptUpdate_sw(). 2024-05-14 19:11:39 -05:00
Daniel Pouzzner
4f1f7b3a4d linuxkm/lkcapi_glue.c: update names of wc_AesXts{En,De}cryptInit(). 
wolfcrypt/src/aes.c: activate _AesXtsHelper() in AesXts{En,De}cryptUpdate_sw().
 2024-05-14 19:11:39 -05:00
Sean Parkinson
643f472cfb AES-XTS ASM x64: Add Intel x64 implementation of streaming 
Changed APIs from wc_AesXts*Start -> wc_AesXts*Init.
Enabled ASM for x64 in aes.c.
AesXtsDecryptStart_sw same as AesXtsEncryptStart_sw so changed them to
AesXtsInit_sw.
 2024-05-14 19:11:39 -05:00
Daniel Pouzzner
f874d8753d AES-XTS-streaming: refactor API to eliminate caller-supplied tweak_block. instead, caller-supplied iv is used as a readwrite buffer. 2024-05-14 19:11:39 -05:00
Daniel Pouzzner
9e06524c6f wolfcrypt/src/aes.c: add prototypes and linkages for AES_XTS_{encrypt,decrypt}_{start,update}_{avx1,aesni}. 2024-05-14 19:11:39 -05:00
Daniel Pouzzner
70d7b6e48b add WOLFSSL_AESXTS_STREAM, --enable-aesxts-stream, wc_AesXtsEncryptStart(), wc_AesXtsDecryptStart(), wc_AesXtsEncryptUpdate(), wc_AesXtsDecryptUpdate(), and implement fixes in linuxkm/lkcapi_glue.c to use the streaming API when needed. also added support for 2*192 bit AES-XTS, needed for Linux kernel. 2024-05-14 19:11:38 -05:00
Sean Parkinson
b63f308812 fixup 2024-05-15 09:07:04 +10:00
Sean Parkinson
36754683d6 ECC: handle zero in wc_ecc_mulmod() 
Public API needs to handle multiplying by zero as the underlying code
doesn't and needn't.
 2024-05-15 09:05:31 +10:00
Andras Fekete
6d1416d006 addressing PR comments 2024-05-14 16:02:56 -04:00
Andras Fekete
a59a3d109f Explicit cast 2024-05-14 11:03:20 -04:00
Andras Fekete
affd0a318e Fix sign conversion errors 2024-05-14 11:02:28 -04:00
David Garske
0e2bb28ff3 Merge pull request #7529 from SparkiDev/aes_decrypt_fixes 
AES: NO_AES_DECRYPT defined
 2024-05-14 06:59:02 -07:00
David Garske
1ee315bbab Merge pull request #7505 from gojimmypi/PR-Apple-Homekit-SRP-fix 
Espressif updates to fix Apple Homekit SHA / SRP
 2024-05-14 06:58:31 -07:00
Sean Parkinson
e1274013d8 AES: NO_AES_DECRYPT defined 
Allow code to compile with NO_AES_DECRYPT with AES modes enabled and
disabled.
 2024-05-14 16:27:36 +10:00
Sean Parkinson
b7eca574bb SSL/TLS: blind private key DER 
When WOLFSSL_BLIND_PRIVATE_KEY is defined, blind the private key DER
encoding so that stored private key data is always changing.
 2024-05-14 09:47:51 +10:00
Sean Parkinson
f24ebdde25 ECC: blind private key after use in signing 
Use a mask to blind the private key after use so that stored private key
is always changing.
 2024-05-14 09:41:06 +10:00
Daniel Pouzzner
009ea6640b Merge pull request #7493 from SparkiDev/sm3_benchmark_fix 
Benchmark, SM3: fix full hash testing
 2024-05-13 19:22:22 -04:00