wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 07:49:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,688 Commits 12 Branches 184 Tags
f031d034df4bdd1bd0c278769fd27c5a0e101ab8
Commit Graph

7630 Commits

Author SHA1 Message Date
Marco Oliverio
e923d4c151 tls13: read_early_data: set outSz to 0 if no early data 
If not data is read, set outSz to 0. This way the
caller can detect if no early data was read.
 2024-02-12 17:20:15 +01:00
gojimmypi
bf29066d70 Add wolfSSL debug messages 2024-02-08 17:22:36 -08:00
Sean Parkinson
5b5f0ff32c Merge pull request #7194 from anhu/CerManUnExtCb 
Adding unknown extension callback to CertManager
 2024-02-08 22:10:32 +10:00
Sean Parkinson
9147a7254b Merge pull request #7214 from julek-wolfssl/zd/17314 
DTLS sequence number and cookie fixes
 2024-02-08 22:08:37 +10:00
David Garske
dec4caa98f Merge pull request #7206 from julek-wolfssl/gh/7196 
Fix write_dup with chacha-poly
 2024-02-07 08:40:30 -08:00
gojimmypi
10b5c375ef introduce MICRO_SESSION_CACHE, update comments 2024-02-06 14:07:50 -08:00
Daniel Pouzzner
5c421d0207 Merge pull request #7178 from anhu/OQS_MEM_LEAKS 
Fixes that prevent memory leaks when using OQS.
 2024-02-05 13:26:43 -05:00
Juliusz Sosinowicz
8bddeb10c7 DTLS sequence number and cookie fixes 
- dtls: check that the cookie secret is not emtpy
- Dtls13DoDowngrade -> Dtls13ClientDoDowngrade
- dtls: generate both 1.2 and 1.3 cookie secrets in case we downgrade
- dtls: setup sequence numbers for downgrade
- add dtls downgrade sequence number check test

Fixes ZD17314
 2024-02-05 16:09:03 +01:00
Daniel Pouzzner
851f059023 Merge pull request #7203 from julek-wolfssl/openssh-9.6 
openssh 9.6p1 fixes
 2024-02-02 19:51:55 -05:00
Juliusz Sosinowicz
5b5d6481de Fix write_dup with chacha-poly 2024-02-02 19:47:25 +01:00
Juliusz Sosinowicz
335c51987e openssh 9.6p1 fixes 
- wolfSSL_DSA_set0_key: allow setting just the public key
- radix16: allow skipping the end of line whitespace
- Add openssh action
 2024-02-01 11:39:56 +01:00
Sean Parkinson
f48eb638da TLS 1.3, HRR Cookie: send cookie back in new ClientHello 
Make it mandatory that the cookie is sent back in new ClientHello when
seen in a HelloRetryRequest.
 2024-02-01 07:49:37 +10:00
Anthony Hu
dfc10741a5 Adding unknown extension callback to CertManager 2024-01-31 16:27:07 -05:00
Sean Parkinson
13591dcae8 Regression testing fixes 
internal.c: NO_CERT, privateKeySz not used.
./configure --disable-shared --disable-asn --disable-rsa --disable-ecc
--enable-psk

sp_int.c: fix when sp_gcm is available
./configure --disable-shared  --disable-shared --disable-ecc
--disable-dh --disable-aes --disable-aesgcm --disable-sha512
--disable-sha384 --disable-sha --disable-poly1305 --disable-chacha
--disable-md5 --disable-sha3 --enable-cryptonly --disable-inline
--enable-rsavfy --disable-asn --disable-oaep --disable-rng
--disable-filesystem --enable-sp=rsa2048 --disable-sp-asm
--enable-sp-math
 2024-01-29 23:05:46 +10:00
Anthony Hu
fe87f16114 Fixes that prevent memory leaks when using OQS. 
Fixes ZD 17177.
 2024-01-26 14:54:01 -05:00
JacobBarthelmeh
db3873ff40 Merge pull request #7172 from bandi13/fixUninitVar 
Fix compilation errors about uninitialized variables
 2024-01-26 08:32:41 -07:00
JacobBarthelmeh
578735e06c Merge pull request #7169 from julek-wolfssl/gh/7160 
BIO_BIO: BIO_{write|read} on a BIO pair should wrap around ring buffer
 2024-01-25 12:08:10 -08:00
JacobBarthelmeh
4c7f038149 Merge pull request #7161 from SparkiDev/xmss 
XMSS implementation
 2024-01-25 08:41:13 -08:00
Andras Fekete
4971b9a567 Fix compilation errors about uninitialized variables 
When compiling with '--enable-all CFLAGS=-Og' there were a ton of errors that needed fixing.
 2024-01-25 09:49:30 -05:00
Juliusz Sosinowicz
4f1d777090 BIO_BIO: BIO_{write|read} on a BIO pair should wrap around ring buffer 
- BIO_nread0 should return 0 when no data to read and -2 when not initialized
 2024-01-25 13:46:45 +01:00
Sean Parkinson
a5961907b0 XMSS implementation 
Supporting code for wolfSSL C implementation of XMSS.
 2024-01-25 11:21:39 +10:00
Per Allansson
92d7815b5c Fix missing return in DTLS1.3 / FIPS code 2024-01-23 08:35:07 +01:00
JacobBarthelmeh
eb1fff3ad3 Merge pull request #7141 from julek-wolfssl/zd/17249 
EarlySanityCheckMsgReceived: version_negotiated should always be checked
 2024-01-22 12:18:57 -08:00
JacobBarthelmeh
0c150d2391 Merge pull request #7150 from dgarske/getenv 
Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV`
 2024-01-22 08:33:24 -08:00
JacobBarthelmeh
2617669302 Merge pull request #7152 from douzzer/20240120-multi-test-fixes 
20240120-multi-test-fixes
 2024-01-22 08:19:23 -08:00
Sean Parkinson
d2d653cfdc Merge pull request #7145 from douzzer/20240119-DoTls13CertificateVerify-CreateSigData-error-handling 
20240119-DoTls13CertificateVerify-CreateSigData-error-handling
 2024-01-22 07:36:49 +10:00
Sean Parkinson
b0d64b419d Merge pull request #7084 from julek-wolfssl/set-cipher-ssl 
Allow SetCipherList to operate on SSL without modifying on SSL_CTX
 2024-01-22 07:31:22 +10:00
Daniel Pouzzner
2edd18c49d src/x509.c: fix nullPointerRedundantCheck in wolfSSL_X509V3_set_ctx(). also adds thorough WOLFSSL_MSG() coverage for failures. 2024-01-20 13:08:21 -06:00
David Garske
76550465bd Fixes build with NO_STDIO_FILESYSTEM defined. 2024-01-19 12:49:53 -08:00
David Garske
a4affd9431 Improve use of XGETENV in wolfSSL_RAND_file_name to check for macro. 2024-01-19 12:13:19 -08:00
David Garske
a3a7012c81 Merge pull request #7136 from jpbland1/x509-new-ex 
add heap hint support for a few of the x509 functions
 2024-01-19 09:29:47 -08:00
Daniel Pouzzner
9aa99c0c9a src/tls13.c: in DoTls13CertificateVerify(), add missing error handling in several calls to CreateSigData(). 2024-01-19 11:12:23 -06:00
John Bland
66f04958e3 use wolfSSL_CTX_new_ex for heap hint support 2024-01-19 11:20:50 -05:00
Juliusz Sosinowicz
1288d71132 Address code review 2024-01-19 15:59:22 +01:00
Juliusz Sosinowicz
f6ef146149 EarlySanityCheckMsgReceived: version_negotiated should always be checked 
Multiple handshake messages in one record will fail the MsgCheckBoundary() check on the client side when the client is set to TLS 1.3 but allows downgrading.
  --> ClientHello
  <-- ServerHello + rest of TLS 1.2 flight
  Client returns OUT_OF_ORDER_E because in TLS 1.3 the ServerHello has to be the last message in a record. In TLS 1.2 the ServerHello can be in the same record as the rest of the server's first flight.
 2024-01-19 14:57:35 +01:00
Juliusz Sosinowicz
afd0e5af4e Refactor haveAnon into useAnon 
(ctx->|ssl->options.)useAnon means that the user has signalled that they want anonymous ciphersuites
 2024-01-19 14:53:33 +01:00
Juliusz Sosinowicz
b8b847bbcf Allow SetCipherList to operate on SSL without modifying on SSL_CTX 2024-01-19 14:53:28 +01:00
David Garske
ac81d9d29c Merge pull request #7110 from Frauschi/pq_secure_element 
PQC: add CryptoCb support for PQC algorithms
 2024-01-18 13:29:28 -08:00
Anthony Hu
9be390250d Adding support for dual key/signature certificates. (#7112) 
Adding support for dual key/signature certificates with X9.146. Enabled with `--enable-dual-alg-certs` or `WOLFSSL_DUAL_ALG_CERTS`.
 2024-01-18 13:20:57 -08:00
Tobias Frauenschläger
4d259da60a PQC: CryptoCb support for KEM algorithm Kyber 
Add support for crypto callback and device id for all three Kyber PQC KEM
function calls.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-01-18 17:02:49 +01:00
Tobias Frauenschläger
8e6d151403 PQC: CryptoCb support for signature algorithms 
Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-01-18 17:02:38 +01:00
John Bland
41ea1109ec update uses of wolfSSL_X509_new and wolfSSL_X509_d2i 
where heap doesn't require a new ex function or struct field to avoid size increase
 2024-01-17 18:46:24 -05:00
Daniel Pouzzner
64667a5595 src/crl.c: fix "null pointer passed as argument 2" in new XMEMCPY() call in WC_RSA_PSS path of DupCRL_Entry(), added in b140f93b17, detected by gcc 14.0.0_pre20240107 p15 with sanitizers. 2024-01-17 13:38:05 -06:00
John Bland
03f32b623f update based on PR comments 2024-01-17 13:22:58 -05:00
John Bland
d1a3646d5c add heap hint support for a few of the x509 functions 2024-01-17 11:26:52 -05:00
David Garske
089468fbf1 Merge pull request #7132 from ejohnstown/x25519-ecdhe-psk 
ECDHE-PSK with x25519
 2024-01-16 20:16:01 -08:00
David Garske
11029127df Merge pull request #7119 from JacobBarthelmeh/crl 
support for RSA-PSS signatures with CRL
 2024-01-16 15:23:16 -08:00
John Safranek
746ffac84a ECDHE-PSK with x25519 
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
   is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
 2024-01-16 15:18:05 -08:00
JacobBarthelmeh
b140f93b17 refactor sigParams allocation and adjust test file name 2024-01-16 14:41:24 -07:00
JacobBarthelmeh
114d11a8d8 adding RSA-PSS macro guard around CRL use 2024-01-15 15:33:01 -07:00