wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 23:09:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,165 Commits 12 Branches 184 Tags
e1bd4dd1ec287bb29f533df0794de3c7e605696f
Commit Graph

22165 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juliusz Sosinowicz
21381b939b Retry memcached tests 3 times on error 2023-12-08 13:53:08 +01:00
gojimmypi
17c663b257 Espressif README files 2023-12-07 16:21:50 -08:00
David Garske
434526c345 Expand WOLFSSL_NO_CRL_DATE_CHECK to the process cert CRL next date check. Fix typo for DEBUG_CRYPTOCB. Add comments for wc_ValidateDate arguments. Improve linker script example for FIPS to put stdlib before FIPS and not force KEEP. 2023-12-07 14:45:16 -08:00
JacobBarthelmeh
c4b77adf48 Merge pull request #7007 from night1rider/ardunio-wolfssl 
Ardunio Fixes relating to internal Intel Galileo Tests
 2023-12-07 14:48:58 -07:00
Sean Parkinson
6c8bf7be55 Merge pull request #6963 from julek-wolfssl/dynamic-certs-n-ciphers 
Add API to choose dynamic certs based on client ciphers/sigalgs
 2023-12-08 07:45:36 +10:00
Sean Parkinson
61b0efce4f Merge pull request #7039 from embhorn/zd17127 
Check for neg size in fp_read_unsigned_bin
 2023-12-08 07:44:09 +10:00
gojimmypi
5e5286d30d Merge branch 'master' of https://github.com/wolfSSL/wolfssl into PR-Expressif-Benchmark 2023-12-07 13:26:20 -08:00
Eric Blankenhorn
27e93276de Check for neg size in fp_read_unsigned_bin 2023-12-07 14:26:12 -06:00
Anthony Hu
9fda21748a for clients only 2023-12-07 14:05:33 -05:00
JacobBarthelmeh
5caa71ec6a Merge pull request #7038 from SparkiDev/heapmath_mp_add_d 
Heapmath mp_add_d: fix for when a and c same pointer
 2023-12-07 10:04:13 -07:00
JacobBarthelmeh
9d0bb4c2bf Merge pull request #7040 from dgarske/win_vs 
Fixes for building wolfSSL in Visual Studio
 2023-12-07 10:02:33 -07:00
Anthony Hu
3c5b402740 Make sure to send SCSV when application sets ciphersuites 2023-12-07 11:53:55 -05:00
Juliusz Sosinowicz
fbe79d7317 Code review 2023-12-07 11:13:16 +01:00
Daniel Pouzzner
803b17a8b3 src/ssl_crypto.c: in wolfSSL_CMAC_CTX_free(), gate wc_CmacFree() on !FIPS || FIPS>=5.3. 2023-12-06 23:04:52 -06:00
Daniel Pouzzner
106e39bd76 tests/api.c: in test_wc_CmacFinal(), don't use wc_CmacFinalNoFree() if FIPS <5.3. 2023-12-06 21:58:55 -06:00
Daniel Pouzzner
931ac4e568 add documentation for wc_AesXtsInit(), wc_AesXtsSetKeyNoInit(), wc_CmacFinalNoFree(), and wc_CmacFree(); 
rename wc_AesXtsSetKey_NoInit() to wc_AesXtsSetKeyNoInit() for morphological consistency;

refactor wc_AesXtsSetKey() to call wc_AesXtsSetKeyNoInit() and clean up on failure;

readability tweak in wolfSSL_EVP_CipherFinal().
 2023-12-06 19:26:46 -06:00
Daniel Pouzzner
b14aba48af wolfcrypt/src/cmac.c: add wc_CmacFree(), revert wc_CmacFinal(), rename wc_CmacFinal() as wc_CmacFinalNoFree() removing its deallocation clauses, and add new wc_CmacFinal() that calls wc_CmacFinalNoFree() then calls wc_CmacFree() unconditionally, for compatibility with legacy client code (some of which may have previously leaked). 
tests/api.c: modify test_wc_CmacFinal() to use wc_CmacFinalNoFree() except for the final call.

wolfcrypt/src/aes.c:
* fix wc_AesEaxEncryptAuth() and wc_AesEaxDecryptAuth() to call wc_AesEaxFree() only if wc_AesEaxInit() succeeded.
* fix wc_AesEaxInit() to free all resources on failure.
* revert wc_AesEaxEncryptFinal() and wc_AesEaxDecryptFinal() changes, then change wc_CmacFinal() calls in them to wc_CmacFinalNoFree() calls.
* wc_AesEaxFree(): add wc_CmacFree() calls.
 2023-12-06 16:55:57 -06:00
Sean Parkinson
c6d6100136 Merge pull request #7010 from julek-wolfssl/dtls13-0.5-rtt 
dtls13: Add support for 0.5-RTT data
 2023-12-07 08:41:42 +10:00
JacobBarthelmeh
0ffb586030 Merge pull request #7032 from SparkiDev/sp_int_neg_mont_red 
SP int neg sp_mont_red_ex: disallow negative numbers
 2023-12-06 15:04:46 -07:00
Sean Parkinson
226c631feb Heapmath mp_add_d: fix for when a and c same pointer 
When parameters a and c to mp_add_d are the same pointer, c->sign was
being set to zero/positive and then a->sign was being checked.
Set the c->sign at end as it will always be zero/positive through the
code and the sign of the result isn't otherwise used.
 2023-12-07 07:51:43 +10:00
msi-debian
0ff02e59ba Fixes relating to issues with internal testing with the Intel Galileo, 
along with updating the file structure construction for the library.
 2023-12-06 14:38:32 -07:00
gojimmypi
f3a9d4a56e Espressif Benchmark ESP-IDF 4.4 fixes 2023-12-06 13:23:14 -08:00
David Garske
db14914951 Fixes for building wolfSSL in Visual Studio. Adds missing files. Fix for type cast warnings. 2023-12-06 13:20:27 -08:00
gojimmypi
4bd78e5e31 Espressif benchmark update 2023-12-06 12:43:42 -08:00
gojimmypi
7de5710a75 Espressif error not warning for legacy macros 2023-12-06 11:01:51 -08:00
gojimmypi
ca1eba0919 Espressif wolfcrypt updates 2023-12-06 10:05:31 -08:00
JacobBarthelmeh
2c9208b0c6 Merge pull request #6765 from kojo1/zd16462 
Eliminate bad record mac alert
 2023-12-06 09:15:41 -07:00
Sean Parkinson
cf8a6efaa5 SP int neg sp_mont_red_ex: disallow negative numbers 
Don't support negative a or m with sp_mont_red_ex().
 2023-12-06 08:59:54 +10:00
Daniel Pouzzner
689a82a622 fix AES-related code, in both crypto and TLS layers, for various uninitialized data and resource leak defects around wc_AesInit() and wc_AesFree(): 
* followup to https://github.com/wolfSSL/wolfssl/pull/7009 "20231128-misc-fixes" and  https://github.com/wolfSSL/wolfssl/pull/7011 "Add missing wc_AesInit calls."

* adds WC_DEBUG_CIPHER_LIFECYCLE, which embeds asserts in low-level AES implementations for proper usage of wc_AesInit() and wc_AesFree().

* fixes native CMAC, AES-EAX, and AES-XTS implementations to assure resource release.

* adds missing wc_AesXtsInit() API, and adds a new wc_AesXtsSetKey_NoInit().

* fixes misspellings in EVP that unconditionally gated out AES-OFB and AES-XTS.

* fixes misspellings in EVP that unconditionally gated out AES-CBC and AES-CFB code in wolfSSL_EVP_CIPHER_CTX_cleanup_cipher().

* openssl compat AES low level cipher API has no counterpart to wc_AesFree(), so these compat APIs will now be gated out in configurations where they would otherwise leak memory or file descriptors (WOLFSSL_AFALG, WOLFSSL_DEVCRYPTO, WOLF_CRYPTO_CB, etc.).  A new macro, WC_AESFREE_IS_MANDATORY, is defined in wolfcrypt/aes.h to streamline this dependency.

* fixes 40 missing EVP_CIPHER_CTX_cleanup()s and 11 wc_AesFree()s in src/ssl.c, src/ssl_crypto.c, tests/api.c, and wolfcrypt/test/test.c.
 2023-12-05 15:58:09 -06:00
JacobBarthelmeh
7753e3db8a Merge pull request #6844 from gojimmypi/Espressif-client-server-example 
Espressif ESP32 Benchmark, Test, TLS 1.3 Client & Server Updates
 2023-12-05 14:20:02 -07:00
JacobBarthelmeh
223d8c9a10 Merge pull request #7004 from julek-wolfssl/zd/17033 
x509 AIA: store the first OCSP and CA Issuer URI's
 2023-12-05 14:08:43 -07:00
gojimmypi
fb77319758 Espressif examples: polish & misc updates 2023-12-05 10:36:05 -08:00
JacobBarthelmeh
4c85a5a146 Merge pull request #7028 from ejohnstown/ocsp-err-ret 
OCSP Error Return
 2023-12-05 11:00:51 -07:00
David Garske
b92aa59bd8 Merge pull request #6692 from JacobBarthelmeh/tls13 
fix setting ssl error with TLS 1.3 connect socket errors
 2023-12-05 09:15:29 -08:00
gojimmypi
ce2c256544 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into Espressif-client-server-example 2023-12-05 08:02:31 -08:00
JacobBarthelmeh
1857648d7d Merge pull request #6976 from embhorn/gh6974 
Fix build errors with dtls1.3 and no tls1.2
 2023-12-04 14:53:35 -07:00
John Safranek
52658c51a9 OCSP Error Return 
1. In CheckOcspResponse(), remove the existing check for UNKNOWN
   certificate status. Given the values of ret and ocsp->error, unknown
   won't get checked.
2. Separated checks for UKNOWN and REJECTED for logging purposes. Return
   that as an error.
3. Anything else should be a failure.
 2023-12-04 11:31:04 -08:00
Jacob Barthelmeh
ef536f541f fix setting ssh error with TLS 1.3 connect socket errors 2023-12-04 09:09:09 -07:00
Sean Parkinson
195c14ccaf Merge pull request #6919 from JacobBarthelmeh/cert_dates 
add self-sm2-cert.pem to certificate regen script
 2023-12-04 09:05:37 +10:00
JacobBarthelmeh
5297cc74b4 Merge pull request #7016 from anhu/aes_init_docs 
Add missing references to wc_AesInit in the API docs.
 2023-12-01 16:59:49 -07:00
JacobBarthelmeh
adcc21b538 Merge pull request #6997 from cconlon/jniAlwaysVerifyCb 
Update --enable-jni with WOLFSSL_ALWAYS_VERIFY_CB
 2023-12-01 16:58:08 -07:00
JacobBarthelmeh
3ad0e1ef72 Merge pull request #7021 from res0nance/arm64-aes-gcm-clobber 
AES GCM ARM64: Fix clobber lists
 2023-12-01 16:52:14 -07:00
JacobBarthelmeh
c4ab1e6d47 Merge pull request #7017 from SparkiDev/asn_tmpl_ecc_raw_to_sig_fix 
ASN template: StoreECC_DSA_Sig_Bin
 2023-12-01 16:11:15 -07:00
JacobBarthelmeh
fa0362fd2b Merge pull request #7022 from julek-wolfssl/faster-memcached-tests 
Parallelised memcached tests
 2023-12-01 16:05:17 -07:00
JacobBarthelmeh
44d52c599c Merge pull request #7023 from SparkiDev/test_dsa_fix 
Test DSA: fix unused variables
 2023-12-01 15:53:08 -07:00
Chris Conlon
883d1a25be add WOLFSSL_ALWAYS_VERIFY_CB to --enable-jni, used with JSSE X509ExtendedTrustManager hostname verification 2023-12-01 09:23:10 -07:00
Andras Fekete
822405a6d8 Massively simplify apple-universal script 2023-12-01 09:44:43 -05:00
Sean Parkinson
02f8735abf Test DSA: fix unused variables 
test.c: fix #if protection around unused variables
 2023-12-01 11:04:53 +10:00
JacobBarthelmeh
abab390dd4 Merge pull request #7015 from lealem47/zd17088 
Reworking MinGW mutex/threading
 2023-11-30 17:00:19 -07:00
JacobBarthelmeh
a1e74d9974 Merge pull request #7014 from SparkiDev/ssl_free_tlsx_fixup 
SSL_free, TLSX_Remove calls: fix #if protection
 2023-11-30 16:56:46 -07:00