wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-31 00:39:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,590 Commits 12 Branches 184 Tags
ee0e25de5f6d222d4c67bd60562e0803dc9ebbea
Commit Graph

7616 Commits

Author SHA1 Message Date
Sean Parkinson
13591dcae8 Regression testing fixes 
internal.c: NO_CERT, privateKeySz not used.
./configure --disable-shared --disable-asn --disable-rsa --disable-ecc
--enable-psk

sp_int.c: fix when sp_gcm is available
./configure --disable-shared  --disable-shared --disable-ecc
--disable-dh --disable-aes --disable-aesgcm --disable-sha512
--disable-sha384 --disable-sha --disable-poly1305 --disable-chacha
--disable-md5 --disable-sha3 --enable-cryptonly --disable-inline
--enable-rsavfy --disable-asn --disable-oaep --disable-rng
--disable-filesystem --enable-sp=rsa2048 --disable-sp-asm
--enable-sp-math
 2024-01-29 23:05:46 +10:00
JacobBarthelmeh
db3873ff40 Merge pull request #7172 from bandi13/fixUninitVar 
Fix compilation errors about uninitialized variables
 2024-01-26 08:32:41 -07:00
JacobBarthelmeh
578735e06c Merge pull request #7169 from julek-wolfssl/gh/7160 
BIO_BIO: BIO_{write|read} on a BIO pair should wrap around ring buffer
 2024-01-25 12:08:10 -08:00
JacobBarthelmeh
4c7f038149 Merge pull request #7161 from SparkiDev/xmss 
XMSS implementation
 2024-01-25 08:41:13 -08:00
Andras Fekete
4971b9a567 Fix compilation errors about uninitialized variables 
When compiling with '--enable-all CFLAGS=-Og' there were a ton of errors that needed fixing.
 2024-01-25 09:49:30 -05:00
Juliusz Sosinowicz
4f1d777090 BIO_BIO: BIO_{write|read} on a BIO pair should wrap around ring buffer 
- BIO_nread0 should return 0 when no data to read and -2 when not initialized
 2024-01-25 13:46:45 +01:00
Sean Parkinson
a5961907b0 XMSS implementation 
Supporting code for wolfSSL C implementation of XMSS.
 2024-01-25 11:21:39 +10:00
Per Allansson
92d7815b5c Fix missing return in DTLS1.3 / FIPS code 2024-01-23 08:35:07 +01:00
JacobBarthelmeh
eb1fff3ad3 Merge pull request #7141 from julek-wolfssl/zd/17249 
EarlySanityCheckMsgReceived: version_negotiated should always be checked
 2024-01-22 12:18:57 -08:00
JacobBarthelmeh
0c150d2391 Merge pull request #7150 from dgarske/getenv 
Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV`
 2024-01-22 08:33:24 -08:00
JacobBarthelmeh
2617669302 Merge pull request #7152 from douzzer/20240120-multi-test-fixes 
20240120-multi-test-fixes
 2024-01-22 08:19:23 -08:00
Sean Parkinson
d2d653cfdc Merge pull request #7145 from douzzer/20240119-DoTls13CertificateVerify-CreateSigData-error-handling 
20240119-DoTls13CertificateVerify-CreateSigData-error-handling
 2024-01-22 07:36:49 +10:00
Sean Parkinson
b0d64b419d Merge pull request #7084 from julek-wolfssl/set-cipher-ssl 
Allow SetCipherList to operate on SSL without modifying on SSL_CTX
 2024-01-22 07:31:22 +10:00
Daniel Pouzzner
2edd18c49d src/x509.c: fix nullPointerRedundantCheck in wolfSSL_X509V3_set_ctx(). also adds thorough WOLFSSL_MSG() coverage for failures. 2024-01-20 13:08:21 -06:00
David Garske
76550465bd Fixes build with NO_STDIO_FILESYSTEM defined. 2024-01-19 12:49:53 -08:00
David Garske
a4affd9431 Improve use of XGETENV in wolfSSL_RAND_file_name to check for macro. 2024-01-19 12:13:19 -08:00
David Garske
a3a7012c81 Merge pull request #7136 from jpbland1/x509-new-ex 
add heap hint support for a few of the x509 functions
 2024-01-19 09:29:47 -08:00
Daniel Pouzzner
9aa99c0c9a src/tls13.c: in DoTls13CertificateVerify(), add missing error handling in several calls to CreateSigData(). 2024-01-19 11:12:23 -06:00
John Bland
66f04958e3 use wolfSSL_CTX_new_ex for heap hint support 2024-01-19 11:20:50 -05:00
Juliusz Sosinowicz
1288d71132 Address code review 2024-01-19 15:59:22 +01:00
Juliusz Sosinowicz
f6ef146149 EarlySanityCheckMsgReceived: version_negotiated should always be checked 
Multiple handshake messages in one record will fail the MsgCheckBoundary() check on the client side when the client is set to TLS 1.3 but allows downgrading.
  --> ClientHello
  <-- ServerHello + rest of TLS 1.2 flight
  Client returns OUT_OF_ORDER_E because in TLS 1.3 the ServerHello has to be the last message in a record. In TLS 1.2 the ServerHello can be in the same record as the rest of the server's first flight.
 2024-01-19 14:57:35 +01:00
Juliusz Sosinowicz
afd0e5af4e Refactor haveAnon into useAnon 
(ctx->|ssl->options.)useAnon means that the user has signalled that they want anonymous ciphersuites
 2024-01-19 14:53:33 +01:00
Juliusz Sosinowicz
b8b847bbcf Allow SetCipherList to operate on SSL without modifying on SSL_CTX 2024-01-19 14:53:28 +01:00
David Garske
ac81d9d29c Merge pull request #7110 from Frauschi/pq_secure_element 
PQC: add CryptoCb support for PQC algorithms
 2024-01-18 13:29:28 -08:00
Anthony Hu
9be390250d Adding support for dual key/signature certificates. (#7112) 
Adding support for dual key/signature certificates with X9.146. Enabled with `--enable-dual-alg-certs` or `WOLFSSL_DUAL_ALG_CERTS`.
 2024-01-18 13:20:57 -08:00
Tobias Frauenschläger
4d259da60a PQC: CryptoCb support for KEM algorithm Kyber 
Add support for crypto callback and device id for all three Kyber PQC KEM
function calls.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-01-18 17:02:49 +01:00
Tobias Frauenschläger
8e6d151403 PQC: CryptoCb support for signature algorithms 
Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-01-18 17:02:38 +01:00
John Bland
41ea1109ec update uses of wolfSSL_X509_new and wolfSSL_X509_d2i 
where heap doesn't require a new ex function or struct field to avoid size increase
 2024-01-17 18:46:24 -05:00
Daniel Pouzzner
64667a5595 src/crl.c: fix "null pointer passed as argument 2" in new XMEMCPY() call in WC_RSA_PSS path of DupCRL_Entry(), added in b140f93b17, detected by gcc 14.0.0_pre20240107 p15 with sanitizers. 2024-01-17 13:38:05 -06:00
John Bland
03f32b623f update based on PR comments 2024-01-17 13:22:58 -05:00
John Bland
d1a3646d5c add heap hint support for a few of the x509 functions 2024-01-17 11:26:52 -05:00
David Garske
089468fbf1 Merge pull request #7132 from ejohnstown/x25519-ecdhe-psk 
ECDHE-PSK with x25519
 2024-01-16 20:16:01 -08:00
David Garske
11029127df Merge pull request #7119 from JacobBarthelmeh/crl 
support for RSA-PSS signatures with CRL
 2024-01-16 15:23:16 -08:00
John Safranek
746ffac84a ECDHE-PSK with x25519 
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
   is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
 2024-01-16 15:18:05 -08:00
JacobBarthelmeh
b140f93b17 refactor sigParams allocation and adjust test file name 2024-01-16 14:41:24 -07:00
JacobBarthelmeh
114d11a8d8 adding RSA-PSS macro guard around CRL use 2024-01-15 15:33:01 -07:00
Stanislav Klima
909b437571 cleared ticket and ticketNonce 2024-01-11 19:59:12 +01:00
Stanislav Klima
e63c50b1f3 fixed double free happening during EvictSessionFromCache 2024-01-11 19:52:03 +01:00
Sean Parkinson
8c6de41eb9 Merge pull request #7051 from JacobBarthelmeh/mb 
fix and enhancement for AES-GCM use with Xilsecure
 2024-01-12 03:44:43 +10:00
David Garske
06a32d3437 Merge pull request #7097 from lealem47/removeUserCrypto 
Remove user-crypto functionality and Intel IPP support
 2024-01-09 17:33:28 -08:00
JacobBarthelmeh
cd07e32b13 update crl files and add in compat support for RSA-PSS 2024-01-08 16:38:11 -08:00
JacobBarthelmeh
74f0625c89 add native asn template RSA-PSS support with CRL 2024-01-05 14:25:12 -08:00
Daniel Pouzzner
d5d476a3a1 Merge pull request #7113 from bandi13/codeSonarFixes 
Leak
 2024-01-05 12:38:17 -05:00
Andras Fekete
f84fa8dd8d Uninitialized variable 
Warning 581199.5810097
 2024-01-04 17:13:28 -05:00
Daniel Pouzzner
7f53bcc4d0 fixes for clang-tidy reported defects and misstylings --with-liboqs: 
* readability-named-parameter (style)
* bugprone-sizeof-expression (true bugs)
* clang-analyzer-deadcode.DeadStores (true bugs)
* clang-analyzer-core.NonNullParamChecker (true bug)
* clang-diagnostic-newline-eof (style)
* clang-diagnostic-shorten-64-to-32 (true but benign in practice)

fixes for sanitizer reported defects --with-liboqs: null pointer memcpy()s in TLSX_KeyShare_GenPqcKey() and server_generate_pqc_ciphertext().

fixes for silent crypto-critical failure in wolfSSL_liboqsGetRandomData(): refactor to accommodate oversize numOfBytes, and abort() if wc_RNG_GenerateBlock() returns failure.
 2024-01-04 15:57:09 -06:00
Sean Parkinson
9e468a900b Merge pull request #7096 from julek-wolfssl/zd/17219 
Add fencing to ClientSessionToSession()
 2024-01-05 07:24:00 +10:00
Juliusz Sosinowicz
14c812cdb7 Code review 
Add server side check
 2024-01-04 13:19:44 +01:00
Juliusz Sosinowicz
5bdcfaa5d0 server: allow reading 0-RTT data after writing 0.5-RTT data 2024-01-04 13:19:44 +01:00
Daniel Pouzzner
9db20774d8 Merge pull request #7099 from jpbland1/tls13-bounds-check 
TLS13 padding bounds check
 2024-01-04 01:09:36 -05:00
John Bland
b37716f5ce refactor and remove word16 index 2024-01-03 19:19:13 -05:00