Commit Graph

2867 Commits

Author SHA1 Message Date
David Garske 18f52b2573 Merge pull request #8177 from bigbrett/dilithium-get-algo-from-der
ML-DSA/Dilithium: obtain security level from DER when decoding
2024-11-19 07:32:39 -08:00
David Garske 261ddc13ad Merge pull request #8006 from ColtonWilley/crl_update_cb
CRL improvements and update callback
2024-11-18 20:11:37 -08:00
Colton Willey d65c17b7ad Update variable name from new to avoid g++ name clash 2024-11-18 11:16:39 -08:00
Colton Willey 55be5035a0 Merge branch 'master' of github.com:ColtonWilley/wolfssl into crl_update_cb 2024-11-18 09:52:51 -08:00
Daniel Pouzzner ff680994ba Merge pull request #8146 from julek-wolfssl/dtls13-ooo-app-data
DTLS 1.3: Don't error out on app data before finishing handshake
2024-11-16 14:56:21 -06:00
Daniel Pouzzner 49393eca3c Merge pull request #8060 from miyazakh/qt_jenkins_failure
Not add a cert to CA cache if it doesn't set "CA:TRUE" as basic constraints
2024-11-16 13:38:41 -06:00
David Garske ada922be00 Merge pull request #8166 from philljj/fix_holder_entityname
acert: fix holder entityName parsing.
2024-11-15 14:49:00 -08:00
Brett Nicholas 07e2715f0c update test in api.c to handle new dilithium security level DER parsing 2024-11-15 11:59:17 -07:00
Daniel Pouzzner a95b759ffa peer review for #8187 and unrelated bug fixes:
return error code from wolfSSL_RefWithMutexUnlock() to expose result to caller;

fix endianness bug in src/x509.c:wolfSSL_X509_add_ext() (fixes failing test_wolfSSL_X509_add_ext on BE targets);

fix possible file handle leak in tests/api.c:test_wolfSSL_d2i_X509_REQ() (reported by clang-tidy);

in wolfssl/ssl.h, define CONST_NUM_ERR_WOLFSSL_SUCCESS, so that WOLFSSL_SUCCESS can be benignly miswrapped in WC_NO_ERR_TRACE().
2024-11-15 12:52:50 -06:00
jordan 622fc70d1e acert: fix holder entityName parsing, light cleanup, better testing. 2024-11-15 11:38:19 -06:00
Andras Fekete ca8b465dbf Fix missing cast
Introduced in PR#8176.
2024-11-15 09:17:41 -05:00
David Garske c06b5fadc1 Merge pull request #8180 from JacobBarthelmeh/staticmemory
wc_UnloadStaticMemory should be used to free mutex
2024-11-14 17:54:56 -08:00
David Garske 54bdb39454 Merge pull request #8176 from SparkiDev/x509_coverage
X509: improve testing coverage
2024-11-14 17:49:33 -08:00
Daniel Pouzzner 6af54d3de2 Merge pull request #8183 from SparkiDev/kyber_fixes_3
Kyber: fixes to configure and wolfSSL_get_curve_name
2024-11-14 12:47:09 -06:00
Sean Parkinson 886f5b0a5b Kyber: fixes to configure and wolfSSL_get_curve_name
Remote original-only option for kyber in configure.ac.
Default is ML-KEM only.
original is Kyber only.
ml-lem is ML-KEM.
to have both: all,original,ml-kem.

Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the
inclusion of kyber headers.
2024-11-14 16:25:41 +10:00
Daniel Pouzzner 0ebd86d668 add second wolfCrypt error code span, and add DEADLOCK_AVERTED_E. 2024-11-13 13:01:00 -06:00
JacobBarthelmeh f74e73e8ce wc_UnloadStaticMemory should be used to free mutex 2024-11-13 11:51:53 -07:00
Hideki Miyazaki fdb889303a fix qt unit test qsslcertificate
fix trusted peer cert cache
2024-11-13 08:38:51 +09:00
Sean Parkinson 86ad96ca29 X509: improve testing coverage 2024-11-13 09:10:22 +10:00
Juliusz Sosinowicz cf80eb8788 DTLS 1.3: Don't error out on app data before finishing handshake
Check epoch for early data
2024-11-12 12:19:02 +01:00
Daniel Pouzzner 878cf3afaa Merge pull request #8155 from JacobBarthelmeh/x509_req
fix for memory leak due to missed WOLFSSL_GENERAL_NAME capability cha…
2024-11-11 23:03:52 -06:00
Daniel Pouzzner 165b4afbeb Merge pull request #8143 from SparkiDev/kyber_plus_mlkem
Kyber/ML-KEM: make both available
2024-11-09 00:09:51 -06:00
JacobBarthelmeh a896c16ebd fix for memory leak due to missed WOLFSSL_GENERAL_NAME capability changes 2024-11-06 17:10:54 -07:00
Daniel Pouzzner c577ad78df Merge pull request #8154 from bandi13/fipsCheckAddFlag
Ability to bypass './configure' as some tests/scripts run it anyway
2024-11-06 15:07:17 -06:00
Andras Fekete cbf4f014cd Fix false positive error on gcc 9.4.0
"error: ‘nameSz’ may be used uninitialized in this function", but it's not actually going to be used uninitialized.
2024-11-06 14:54:02 -05:00
Daniel Pouzzner a540c6ade5 configure.ac: activate opensslextra for --enable-curl even if ENABLED_OPENSSLCOEXIST; tests/api.c: in test_wolfSSL_SESSION(), use WOLFSSL_SUCCESS, not SSL_SUCCESS, in HAVE_SESSION_TICKET span reachable in non-OPENSSL_EXTRA builds. 2024-11-05 00:15:18 -06:00
Sean Parkinson 7d42ddae48 Kyber/ML-KEM: make both available
Make Kyber and ML-KEM individually available as well as at the same
time.
Modified TLS layer to support both Kyber and ML-KEM.
Added new identifiers in TLS layer for ML-KEM.
2024-11-04 23:51:51 +10:00
Daniel Pouzzner 6119c52802 Merge pull request #8043 from bandi13/addCodespell
Add Codespell test to PRs
2024-11-01 21:20:29 -05:00
Andras Fekete 0915012b72 Fix new spelling errors 2024-11-01 13:00:59 -04:00
Andras Fekete b8253ac4c5 Final set of spelling fixes 2024-11-01 12:59:01 -04:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
jordan 90648b1e79 tests api: fix inconsistent do_acert_verify_test guards. 2024-10-30 11:06:54 -05:00
Colton Willey 96138e70f8 Restore proper error code handling for self signed CA in non-trusted intermediates 2024-10-23 16:55:34 -05:00
Colton Willey 4c63668295 Small changes per review comments 2024-10-23 16:55:34 -05:00
Colton Willey 1ddb2ce435 Properly implement set flags for X509_V_FLAG_PARTIAL_CHAIN 2024-10-23 16:55:34 -05:00
Colton Willey 6607314dc6 Address code comments, rewrite get issuer internals, use better internal names, get rid of all lines over 80 chars 2024-10-23 16:55:34 -05:00
Colton Willey 17c9e92b7f Initial rewrite of X509 STORE to replicate openssl behavior 2024-10-23 16:55:34 -05:00
Daniel Pouzzner ea491b80ef tests/api.c: gate test_GENERAL_NAME_set0_othername() on OPENSSL_ALL, not OPENSSL_EXTRA, as it fails with --enable-all-crypto --enable-opensslextra, and is commented to require --enable-opensslall. 2024-10-23 00:02:29 -05:00
Juliusz Sosinowicz 901384e704 Init SoftHSMv2 support
- wolfSSL_EVP_PKEY_set1_DH: If both private and public present, output private key
- ToTraditionalInline_ex2: Add DH checking
- wc_ecc_get_curve_id: check index is not negative
- Fix i2d_PKCS8_PRIV_KEY_INFO to actually output pkcs8 instead of just der
- wolfSSL_EVP_PKEY2PKCS8: Create duplicate to avoid double free
- wolfSSL_DH_generate_key: Fix case where not enough buffer was allocated for 128 bit case
- pkcs8_encode: Add DSA and DH support
- wolfSSL_d2i_PKCS8_PKEY: Correctly advance buffer
- RSA_LOW_MEM: export all integers in compat layer
- Add softhsm action
- Define
  - OPENSSL_DH_MAX_MODULUS_BITS
  - OPENSSL_DSA_MAX_MODULUS_BITS
  - OPENSSL_RSA_MAX_MODULUS_BITS
- Implement
  - BN_mul_word
  - i2d_ECPKParameters
  - PEM_write_bio_PKCS8_PRIV_KEY_INFO
  - PEM_read_bio_PKCS8_PRIV_KEY_INFO
  - i2d_PKCS8_PRIV_KEY_INFO
  - RSA_padding_add_PKCS1_PSS_mgf1
  - RSA_verify_PKCS1_PSS_mgf1
2024-10-21 17:26:42 +02:00
Daniel Pouzzner 06de22e72b api.c:test_wolfSSL_dtls_stateless_maxfrag(): add missing condition (clang-analyzer-core.NullDereference). 2024-10-17 10:57:19 -05:00
Daniel Pouzzner fa65da7bb0 analyzer-driven cleanups of --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch:
Dtls13HashClientHello(): fix wc_HashType handling;

Dtls13SendFragment(): fix identicalConditionAfterEarlyExit;

GetDtlsRecordHeader(): fix error handling around GetDtls13RecordHeader() (incorrectLogicOperator);

test_wolfSSL_dtls_stateless_maxfrag(): fix a clang-analyzer-core.NullDereference,
test_dtls_frag_ch(): fix a clang-diagnostic-embedded-directive,
test_AEAD_limit_client(): fix an united-data defect found by valgrind.
2024-10-17 00:06:32 -05:00
Daniel Pouzzner 9665434694 Merge pull request #8080 from SparkiDev/coverity_fix_5
Unit test: fix coverity issue
2024-10-16 16:31:27 -05:00
philljj 2abbab2fd8 Merge pull request #8082 from SparkiDev/bn_bin2bn_fix
BN API: fix BN_bin2bn to handle NULL data properly
2024-10-16 12:00:41 -04:00
Sean Parkinson 64a9e6f7c4 BN API: fix BN_bin2bn to handle NULL data properly
BN_bin2bn was freeing the BN and returning it.
Added test for this.
2024-10-16 14:08:55 +10:00
Sean Parkinson b8d3b990ea Unit test: fix coverity issue
test_wolfSSL_i2d_ASN1_TYPE: don't use str after freeing it.
2024-10-16 12:40:02 +10:00
Daniel Pouzzner cd8d158964 Merge pull request #8073 from philljj/fix_infer_issues
infer: fix dead store, and uninitialized value errors.
2024-10-15 15:42:48 -05:00
Daniel Pouzzner c7146640f9 Merge pull request #8055 from rizlik/ocsp-cb-ret-propagate
ocsp: propagate ocsp cb return error
2024-10-15 15:38:09 -05:00
jordan f5074772da infer: fix more uninitialized value errors. 2024-10-15 12:41:09 -05:00
Daniel Pouzzner 3e1f365e75 Merge pull request #8064 from SparkiDev/regression_fixes_14
Regression test fixes
2024-10-15 11:47:37 -05:00
Marco Oliverio 724fdae7d7 ocsp: propagate ocsp cb return error 2024-10-15 10:03:15 +00:00