Commit Graph

21335 Commits

Author SHA1 Message Date
Daniel Pouzzner ef14176b7f SRTP fixes:
* in wolfssl/ssl.h, add missing arg names to wolfSSL_CTX_set_tlsext_use_srtp(), wolfSSL_set_tlsext_use_srtp(), and wolfSSL_export_dtls_srtp_keying_material();
* in wolfcrypt/src/kdf.c, call wc_AesFree if and only if wc_AesInit() succeeded;
* in src/ssl.c:DtlsSrtpSelProfiles(), fix bugprone-inc-dec-in-conditions;
* in tests/suites.c:execute_test_case(), fix several -Wdeclaration-after-statement and -Wmissing-field-initializers;
* in wolfcrypt/test/test.c, fix a shiftTooManyBitsSigned warning in srtpkdf_test(), and fix a typo (kaSz/ksSz).
2023-12-15 14:06:36 -06:00
Daniel Pouzzner 8f2a48c676 Merge pull request #7073 from julek-wolfssl/move-mutex-init
Move the mutex initializer into the appropriate existing section
2023-12-15 12:17:37 -05:00
Chris Conlon 62b3ca5fb5 Merge pull request #7071 from douzzer/20231214-WOLF_CRYPTO_CB-not-WC_AESFREE_IS_MANDATORY
20231214-WOLF_CRYPTO_CB-not-WC_AESFREE_IS_MANDATORY
2023-12-15 09:25:48 -07:00
Juliusz Sosinowicz 57355f357e Move the mutex initializer into the appropriate existing section 2023-12-15 10:03:06 +01:00
Daniel Pouzzner 7ebbb927f3 wolfssl/wolfcrypt/aes.h: don't set WC_AESFREE_IS_MANDATORY for WOLF_CRYPTO_CB -- free is only needed when callbacks are both installed and used. 2023-12-14 18:09:39 -06:00
Chris Conlon 2ffc818c28 Merge pull request #7069 from douzzer/20231213-misc-fixes
20231213-misc-fixes
2023-12-14 15:18:12 -07:00
Chris Conlon 27c6ee4d05 Merge pull request #7068 from SparkiDev/srtp_kdf_label
SRTP/SRTCP KDF: add APIs that derives one key from a label
2023-12-14 14:54:58 -07:00
Chris Conlon fb6b022f42 Merge pull request #7020 from SparkiDev/ecc_gen_k_by_reject
ECC: generate values in range of order by rejection
2023-12-14 14:54:39 -07:00
David Garske f2e4360f8d Spelling fixes. 2023-12-14 12:15:32 -08:00
David Garske 1cf87ce0c9 Spelling fix. 2023-12-14 12:14:30 -08:00
Chris Conlon f6ef58dbc2 Merge pull request #7064 from philljj/fix_infer_issues
Fix issues from infer diff report.
2023-12-14 12:27:34 -07:00
Daniel Pouzzner 64e4796ed6 wolfssl/wolfcrypt/wc_port.h: add definition for WOLFSSL_MUTEX_INITIALIZER, currently only #ifdef WOLFSSL_PTHREADS.
src/ssl.c: refactor dynamics of count_mutex, count_mutex_valid, and initRefCount, to be intrinsically race-free on pthreads builds, and to be always race-free for callers that call wolfSSL_Init() first, then wait for return before any other wolfSSL calls, and call wolfSSL_Cleanup() at most as many times as wolfSSL_Init().

also, in AddSessionToClientCache(), move final access to ClientCache inside the lock-protected span, to mollify Coverity.
2023-12-14 13:22:27 -06:00
Daniel Pouzzner 16c6bd6846 examples/client/client.c and tests/api.c: add missing CloseSocket() calls. 2023-12-14 13:22:27 -06:00
Chris Conlon 1b76f6d56b Merge pull request #7065 from miyazakh/fix_ra6m3
fix benchmark compile error
2023-12-14 09:15:32 -07:00
Sean Parkinson 659a245b27 SRTP/SRTCP KDF: add APIs that derives one key from a label
Added more generic APIs that derive a single key with a label.
Added defines for label values and index lengths.
2023-12-14 14:45:35 +10:00
Hideki Miyazaki 3af91c265b remove tab 2023-12-14 11:16:36 +09:00
David Garske c021e3e85d Merge pull request #7066 from cconlon/v5.6.6-fixes
Fixes from release prep testing, example certificate updates
2023-12-13 17:00:45 -08:00
Chris Conlon d0aa80eb37 update example/test certs for end of year release 2023-12-13 16:41:59 -07:00
Chris Conlon a14a1bf467 define WOLFSSL_AES_DIRECT in configure.ac with --enable-aes-bitsliced 2023-12-13 16:41:59 -07:00
Chris Conlon f5d33cedeb add variable name in wolfSSL_BIO_new() prototype 2023-12-13 16:41:59 -07:00
Chris Conlon 255086b7c8 fix API test warning, comparison of unsigned expression < 0 is always false 2023-12-13 16:41:59 -07:00
Chris Conlon d36538c40a Merge pull request #7063 from embhorn/13dec2023_cov_fixes
Fixes for release
2023-12-13 16:19:13 -07:00
jordan a1b44b6214 Fix issues from infer diff report: init mp_digit to 0. 2023-12-13 17:17:49 -06:00
Hideki Miyazaki f209120218 fix benchmark compile error 2023-12-14 07:35:32 +09:00
jordan f222adf4c2 Fix issues from infer diff report. 2023-12-13 15:59:03 -06:00
Chris Conlon a66137d2fe Merge pull request #7062 from lealem47/leaks
Cleanup leaks in api.c and benchmark.c
2023-12-13 14:09:23 -07:00
Eric Blankenhorn 1d7fd42aa8 Fixes for release 2023-12-13 14:47:02 -06:00
Lealem Amedie 5fd0470f76 Cleanup leaks in api.c and benchmark.c 2023-12-13 13:00:52 -07:00
David Garske 8acee813cb Merge pull request #7061 from gojimmypi/PR-Espressif-user_settings-fix
Fix missing closing comment on example Espressif user_settings.h
2023-12-13 10:44:20 -08:00
Chris Conlon 3d959b96c9 Merge pull request #7060 from dgarske/various_20231212
Fix for benchmark without filesystem unused globals
2023-12-13 11:29:28 -07:00
David Garske 56c7e5c675 Merge pull request #7054 from cconlon/sslAlpnSelectCb
Add wolfSSL_set_alpn_select_cb() for setting ALPN select callback on WOLFSSL session
2023-12-13 09:24:07 -08:00
gojimmypi eeb024a30d fix missing closing comment on example user_settings.h 2023-12-13 09:19:39 -08:00
Chris Conlon 269542ed96 add wolfSSL_set_alpn_select_cb() for WOLFSSL-level ALPN select callbacks 2023-12-13 09:16:44 -07:00
Sean Parkinson b7b20ededd Merge pull request #7058 from lealem47/zd17174
Check buffer length before XMEMCMP in GetOID
2023-12-13 14:36:23 +10:00
Sean Parkinson cbd5341332 Merge pull request #7056 from douzzer/20231212-QUIC-WOLFSSL_CALLBACKS-error
20231212-QUIC-WOLFSSL_CALLBACKS-error
2023-12-13 14:34:19 +10:00
Sean Parkinson d455196955 Merge pull request #7055 from dgarske/fix_rpmspec
Fixes for RPM Spec: Move the .so to devel files
2023-12-13 14:33:09 +10:00
Sean Parkinson f12b61183b Merge pull request #7029 from julek-wolfssl/zd/17108-fix
Additional TLS checks
2023-12-13 14:31:11 +10:00
David Garske 3b75a41006 Merge pull request #7057 from kaleb-himes/fix-fips-140-3-pr-failure
Address fips 140-3 failures with wolfEngine support enabled
2023-12-12 16:15:40 -08:00
kaleb-himes ca5adfaecb Add comments per peer review 2023-12-12 15:21:28 -07:00
kaleb-himes db7f08e12f Address fips 140-3 failures with wolfEngine support enabled 2023-12-12 15:14:51 -07:00
Lealem Amedie 2724edc257 Check buffer length before XMEMCMP in GetOID 2023-12-12 15:13:42 -07:00
Sean Parkinson ce74a34154 Merge pull request #7019 from dgarske/armasm_mmcau
Patch to support NXP Kinetis MMCAU SHA2-256 with ARM ASM
2023-12-13 07:26:11 +10:00
Sean Parkinson 6e953e4d53 Merge pull request #7044 from julek-wolfssl/zd/17137
ocsp: don't error out if we can't verify our certificate
2023-12-13 07:23:46 +10:00
David Garske 3750ff5205 Fix for benchmark without filesystem and unused hash_input and cipher_input. 2023-12-12 13:22:17 -08:00
Daniel Pouzzner 1cc45b57d7 wolfssl/wolfcrypt/settings.h: add #if defined(WOLFSSL_QUIC) && defined(WOLFSSL_CALLBACKS) #error ("ERROR - tests/quic.c line 1027 failed"). 2023-12-12 14:26:25 -06:00
Juliusz Sosinowicz 493bb1760d Add option to remove early sanity checks 2023-12-12 17:31:48 +01:00
David Garske 573093ddf3 Move the .so to devel files. The pure *.so file is considered a dev file. 2023-12-12 08:15:05 -08:00
Juliusz Sosinowicz 51ba745214 ocsp: don't error out if we can't verify our certificate
We can omit either the CeritificateStatus message or the appropriate extension when we can not provide the OCSP staple that the peer is asking for. Let peer decide if it requires stapling and error out if we don't send it.
2023-12-12 14:49:52 +01:00
Juliusz Sosinowicz 627310d26a Additional TLS checks
- double check which messages need to be encrypted
- check msgs that have to be last in a record

ZD17108
2023-12-12 13:57:12 +01:00
Sean Parkinson 21f53f37a1 ECC: generate values in range of order by rejection
When generating private key and nonce for ECDSA, use rejection sampling.
Note: SP uses this algorithm
2023-12-12 14:55:56 +10:00