Commit Graph

22165 Commits

Author SHA1 Message Date
gojimmypi eeb024a30d fix missing closing comment on example user_settings.h 2023-12-13 09:19:39 -08:00
Chris Conlon 269542ed96 add wolfSSL_set_alpn_select_cb() for WOLFSSL-level ALPN select callbacks 2023-12-13 09:16:44 -07:00
Sean Parkinson b7b20ededd Merge pull request #7058 from lealem47/zd17174
Check buffer length before XMEMCMP in GetOID
2023-12-13 14:36:23 +10:00
Sean Parkinson cbd5341332 Merge pull request #7056 from douzzer/20231212-QUIC-WOLFSSL_CALLBACKS-error
20231212-QUIC-WOLFSSL_CALLBACKS-error
2023-12-13 14:34:19 +10:00
Sean Parkinson d455196955 Merge pull request #7055 from dgarske/fix_rpmspec
Fixes for RPM Spec: Move the .so to devel files
2023-12-13 14:33:09 +10:00
Sean Parkinson f12b61183b Merge pull request #7029 from julek-wolfssl/zd/17108-fix
Additional TLS checks
2023-12-13 14:31:11 +10:00
David Garske 3b75a41006 Merge pull request #7057 from kaleb-himes/fix-fips-140-3-pr-failure
Address fips 140-3 failures with wolfEngine support enabled
2023-12-12 16:15:40 -08:00
kaleb-himes ca5adfaecb Add comments per peer review 2023-12-12 15:21:28 -07:00
kaleb-himes db7f08e12f Address fips 140-3 failures with wolfEngine support enabled 2023-12-12 15:14:51 -07:00
Lealem Amedie 2724edc257 Check buffer length before XMEMCMP in GetOID 2023-12-12 15:13:42 -07:00
Sean Parkinson ce74a34154 Merge pull request #7019 from dgarske/armasm_mmcau
Patch to support NXP Kinetis MMCAU SHA2-256 with ARM ASM
2023-12-13 07:26:11 +10:00
Sean Parkinson 6e953e4d53 Merge pull request #7044 from julek-wolfssl/zd/17137
ocsp: don't error out if we can't verify our certificate
2023-12-13 07:23:46 +10:00
David Garske 3750ff5205 Fix for benchmark without filesystem and unused hash_input and cipher_input. 2023-12-12 13:22:17 -08:00
Daniel Pouzzner 1cc45b57d7 wolfssl/wolfcrypt/settings.h: add #if defined(WOLFSSL_QUIC) && defined(WOLFSSL_CALLBACKS) #error ("ERROR - tests/quic.c line 1027 failed"). 2023-12-12 14:26:25 -06:00
Juliusz Sosinowicz 493bb1760d Add option to remove early sanity checks 2023-12-12 17:31:48 +01:00
David Garske 573093ddf3 Move the .so to devel files. The pure *.so file is considered a dev file. 2023-12-12 08:15:05 -08:00
Juliusz Sosinowicz 51ba745214 ocsp: don't error out if we can't verify our certificate
We can omit either the CeritificateStatus message or the appropriate extension when we can not provide the OCSP staple that the peer is asking for. Let peer decide if it requires stapling and error out if we don't send it.
2023-12-12 14:49:52 +01:00
Juliusz Sosinowicz 627310d26a Additional TLS checks
- double check which messages need to be encrypted
- check msgs that have to be last in a record

ZD17108
2023-12-12 13:57:12 +01:00
Sean Parkinson 21f53f37a1 ECC: generate values in range of order by rejection
When generating private key and nonce for ECDSA, use rejection sampling.
Note: SP uses this algorithm
2023-12-12 14:55:56 +10:00
Sean Parkinson 1aed438a21 Merge pull request #7053 from douzzer/20231208-asn-big-short-ints
20231208-asn-big-short-ints
2023-12-12 13:53:37 +10:00
Sean Parkinson 043dde18be Merge pull request #7048 from anhu/PQ_uninit_key_free
Prevent freeing uninitialized keys
2023-12-12 13:47:30 +10:00
David Garske 058ffad657 Fix cast warnings on test with -1. 2023-12-11 16:25:47 -08:00
David Garske 8e44018baa Fix TI AES return codes. 2023-12-11 16:10:48 -08:00
David Garske 68cfaa76fc Fix for TI-RTOS time. Cleanup forced settings.h for WOLFSSL_TIRTOS. Compiler warning cleanups. 2023-12-11 15:57:26 -08:00
Kaleb Himes 00a1c68f97 Merge pull request #7052 from dgarske/stm32_fips
Fix to resolve collision between FIPS `RNG` in settings.h and STM32 HAL header
2023-12-11 16:12:07 -07:00
Daniel Pouzzner c1b5135918 wolfcrypt/src/evp.c and wolfcrypt/test/test.c: in FIPS builds <5.3, gate out AES-XTS functionality that depends on new APIs added in #7031 (b14aba48af and 931ac4e568) (AES-XTS is non-FIPS in FIPS <5.3). 2023-12-11 12:14:29 -06:00
Daniel Pouzzner 9c17d5d2fa support ASN ShortInts up to 4 bytes (2^32-1):
* parameterize MAX_LENGTH_SZ using overrideable WOLFSSL_ASN_MAX_LENGTH_SZ, default value 5 (raised from 4).
* refactor other Misc_ASN constants to refer to MAX_LENGTH_SZ as appropriate.
* tweak BytePrecision() appropriately.
* refactor SetShortInt() to use BytePrecision() and include a length assert against MAX_SHORT_SZ to assure no buffer overruns with reduced WOLFSSL_ASN_MAX_LENGTH_SZ.
2023-12-11 12:14:29 -06:00
David Garske f068bebb94 Fix to resolve collision between RNG in settings.h and the STM32 Cube HAL (ex: stm32h7xx.h). In STM32 platforms we use NO_OLD_RNGNAME (see https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_stm32.h#L616) 2023-12-11 10:01:21 -08:00
David Garske 540012844b Merge pull request #7049 from lealem47/ghIssue6983
Enable cURL and QUIC from CMake
2023-12-11 09:40:31 -08:00
David Garske cb6676fa27 Merge pull request #7030 from julek-wolfssl/gh/7000
Store ssl->options.dtlsStateful when exporting DTLS session
2023-12-11 09:39:54 -08:00
David Garske b5eb8995c9 Fix possible unused variable warning. 2023-12-11 09:22:47 -08:00
Juliusz Sosinowicz 4ce4dd7479 Use correct size for memset 2023-12-11 14:30:54 +01:00
Sean Parkinson 03a82711aa Merge pull request #7036 from anhu/SCSV
Make sure to send SCSV when application sets ciphersuites
2023-12-11 07:15:23 +10:00
JacobBarthelmeh ac447d1afb Merge pull request #7031 from douzzer/20231201-openssl-compat-fixes
20231201-openssl-compat-fixes
2023-12-08 17:25:53 -07:00
JacobBarthelmeh f708d42ef7 Merge pull request #7046 from dgarske/crl_cleanups
Various cleanups - CRL and comments - 20231207
2023-12-08 17:15:01 -07:00
JacobBarthelmeh 38eddd7f89 Merge pull request #7043 from gojimmypi/PR-Espressif-README
Espressif README files
2023-12-08 17:11:59 -07:00
David Garske 8a5a467543 Patch to support NXP Kinetis MMCAU SHA2-256 (FREESCALE_MMCAU_CLASSIC_SHA) with --enable-armasm. 2023-12-08 15:56:20 -08:00
Lealem Amedie de4bd42de0 Enable cURL and QUIC from CMake 2023-12-08 15:57:29 -07:00
David Garske b002c330c0 Fixes for TI AES and SHA. 2023-12-08 14:17:09 -08:00
David Garske df954568be Fix typos 2. 2023-12-08 14:17:09 -08:00
David Garske 842a60465a Fix compiler error for missing Task_Handle. Fix typo. 2023-12-08 14:17:08 -08:00
David Garske d17955f2d0 Cleanups for the ti-aes.c code to conform with coding standards. 2023-12-08 14:17:08 -08:00
kareem-wolfssl 0c9555b29e Merge pull request #7045 from julek-wolfssl/memcached-retry
Retry memcached tests 3 times on error
2023-12-08 14:03:54 -07:00
JacobBarthelmeh 0ba3646f32 Merge pull request #7037 from gojimmypi/PR-Expressif-Benchmark
Espressif benchmark update
2023-12-08 13:51:44 -07:00
Juliusz Sosinowicz 1bf0d8c896 Use SIGKILL to actually kill the runner 2023-12-08 20:23:00 +01:00
Anthony Hu 40015a06c4 Prevent freeing uninitialized keys 2023-12-08 13:52:24 -05:00
gojimmypi 62c0910e15 sync w/upstream; resolve merge conflict 2023-12-08 09:06:10 -08:00
JacobBarthelmeh 448b83697a Merge pull request #7035 from gojimmypi/PR-Espressif-wolfcrypt
Espressif wolfcrypt updates
2023-12-08 09:07:46 -07:00
JacobBarthelmeh ae9632b14a Merge pull request #7025 from bandi13/universalScriptSimplify
Massively simplify apple-universal script
2023-12-08 09:03:30 -07:00
Juliusz Sosinowicz 6c7b47e003 Store ssl->options.dtlsStateful when exporting DTLS session 2023-12-08 15:35:34 +01:00