Commit Graph

21913 Commits

Author SHA1 Message Date
David Garske 8970ff4c34 Merge pull request #7355 from JacobBarthelmeh/release
prepare for release 5.7.0
v5.7.0-stable
2024-03-20 14:39:57 -07:00
JacobBarthelmeh 85601311a2 rework library versioning 2024-03-21 04:02:28 +07:00
JacobBarthelmeh e20ddc35b0 update version for CMake 2024-03-21 03:05:34 +07:00
JacobBarthelmeh e80deece82 adjust ChangeLog text 2024-03-21 00:18:44 +07:00
JacobBarthelmeh e5914effab prepare for release 5.7.0 2024-03-20 19:32:22 +07:00
JacobBarthelmeh 3129e29a19 Merge pull request #7353 from ejohnstown/ocsp-ext
OCSP Extension Encoding Fix
2024-03-20 03:00:27 +07:00
John Safranek 6462986bf2 OCSP Extension Encoding Fix
1. Removed redundant check for the output being NULL in
   `EncodeOcspRequestExtensions()`. The chuck of code being protected
   only cared about the value of ret, not the pointer. The code was
   supposed to calculate the size of the data without writing it.
2024-03-19 09:13:28 -07:00
JacobBarthelmeh 1926e045f3 Merge pull request #7351 from douzzer/20240318-linuxkm-lkcapi-register-yes
20240318-linuxkm-lkcapi-register-yes
2024-03-19 02:33:12 +07:00
David Garske 790e39ec03 Merge pull request #7350 from JacobBarthelmeh/scan_build_fix
scan-build fixes for pkcs7
2024-03-18 12:31:00 -07:00
Daniel Pouzzner a14edf3614 configure.ac: for --enable-linuxkm-lkcapi-register, remap "yes" to "all"; in output config summary, add ENABLED_LINUXKM_LKCAPI_REGISTER, and move ENABLED_EXPERIMENTAL and ENABLED_LINUXKM_BENCHMARKS to the "Features" section. 2024-03-18 13:52:06 -05:00
JacobBarthelmeh d51bef3d43 fix for memory leak on error 2024-03-19 00:58:32 +07:00
JacobBarthelmeh b9619c3f0b Merge pull request #7343 from douzzer/20240315-pq-experimental
20240315-pq-experimental
2024-03-19 00:54:56 +07:00
David Garske 50b1044c2f Merge pull request #7347 from JacobBarthelmeh/coverity2
Coverity Fixes QUIC
2024-03-18 09:04:09 -07:00
JacobBarthelmeh 4751af9b89 scan-build fixes for pkcs7 2024-03-18 22:55:51 +07:00
David Garske ffb43d0150 Merge pull request #7348 from JacobBarthelmeh/coverity3
Coverity fixes
2024-03-18 08:20:31 -07:00
David Garske 69bc5c1c19 Merge pull request #7345 from JacobBarthelmeh/coverity
Coverity fixes
2024-03-18 08:15:59 -07:00
JacobBarthelmeh dd6db025e3 add parenthesis around define value 2024-03-18 21:13:42 +07:00
JacobBarthelmeh 36e67af0f8 Merge pull request #7331 from SparkiDev/asn1_templ_issuer_cn
ASN.1 template: store issuer common name
2024-03-18 20:27:04 +07:00
JacobBarthelmeh d6b4b27cd1 CID 299893 out of bounds read with XMEMCMP 2024-03-18 16:42:15 +07:00
JacobBarthelmeh 44f3e4a3b7 CID 337219 allocation using untrusted size 2024-03-18 16:04:37 +07:00
JacobBarthelmeh 635d326812 CID 337232 sanity check on tainted scalar 2024-03-18 15:03:04 +07:00
JacobBarthelmeh be233fc805 Merge pull request #7346 from SparkiDev/regression_fixes_11
Regression test fixes
2024-03-18 14:29:44 +07:00
Sean Parkinson 638d0b1a9f Regression test fixes
pkcs7.c: pkcs7->stream must be restored or there will be a leak.
test.c: when compiled for compression, compiler warning about const
2024-03-18 09:57:22 +10:00
Sean Parkinson 84c42f4a4e ASN.1 template: store issuer common name
Under certain configurations the certificate issuer's common name is
kept in a DecodedCert. Wasn't implemented in ASN.1 template code.
2024-03-18 07:06:32 +10:00
JacobBarthelmeh 763c4a074c CID 315823 truncate on cast 2024-03-17 23:54:56 +07:00
JacobBarthelmeh d71776aced coverity CID 352930, fix for out of bounds write 2024-03-17 23:31:37 +07:00
David Garske abd7449f27 Merge pull request #7340 from JacobBarthelmeh/github_tests
workaround for Ubuntu runner, high entropy + ASLR
2024-03-17 08:56:50 -07:00
JacobBarthelmeh 5106cb16e2 workaround for llvm version and ASLR issue 2024-03-17 22:22:16 +07:00
David Garske 99dd8a333d Merge pull request #7342 from JacobBarthelmeh/testing1
revert null check in wc_Sha256Update
2024-03-15 14:24:45 -07:00
Daniel Pouzzner 924887b468 configure.ac and wolfssl/wolfcrypt/settings.h: implement --enable-experimental and add a WOLFSSL_EXPERIMENTAL_SETTINGS gate, and refactor "EXPERIMENTAL" features (all pq) to note and enforce requirement for --enable-experimental and WOLFSSL_EXPERIMENTAL_SETTINGS. 2024-03-15 16:15:26 -05:00
Daniel Pouzzner 3728cd3dc5 Kyber fixes:
wolfssl/wolfcrypt/wc_kyber.h: in definition of struct KyberKey, use correct type for devId;

wolfcrypt/src/wc_kyber_poly.c: numerous fixes for bugprone-macro-parentheses and readability-inconsistent-declaration-parameter-name;

tests/api.c: in test_tls13_apis(), add missing defined(HAVE_LIBOQS) gate on inclusion of ":P256_KYBER_LEVEL1" in groupList.
2024-03-15 16:06:32 -05:00
JacobBarthelmeh 5a5648a6ac Merge pull request #7341 from dgarske/psk_openssl
Fix for PSK callback with OPENSSL_EXTRA to correctly handle the 0 length
2024-03-16 02:22:24 +07:00
JacobBarthelmeh ab8f5f71a0 revert null check in wc_Sha256Update 2024-03-16 02:03:07 +07:00
JacobBarthelmeh 2f43cc1c7b Merge pull request #7332 from SparkiDev/asn_templ_neg_int_check
ASN.1 parsing: check for badly encode negative INTEGER
2024-03-15 22:40:55 +07:00
David Garske 8d1714a307 Fix for PSK callback with OPENSSL_EXTRA to correctly handle the 0 length case. Thank you @miyazakh. Broken in #7302 2024-03-15 08:09:59 -07:00
JacobBarthelmeh 81c5cf794c Merge pull request #7339 from SparkiDev/regression_fixes_10
Regression testing fixes
2024-03-15 19:29:26 +07:00
Sean Parkinson d1b16f2c7b Regression testing fixes
api.c: z and ret no longer only when !NO_ASN_TIME.
benchmark.c: rsaKey array type has changed and unusual code path needsed
updating.
cmac.c: Zeroization test failed when checkSz was zero as called function
didn't zero out cmac. checkSz is invalid.
test.c: rsaCaCertDerFile used even when NO_ASN_TIME.
test.h: --enable-sp-math only supports DH of 2048 bits and above. Change
default DH parameters to be 2048 bits.
2024-03-15 13:24:40 +10:00
Sean Parkinson 8684caa304 Merge pull request #7336 from douzzer/20240314-fix-armasm-sha256
20240314 -- fix -Wconversions in asn.c
2024-03-15 10:37:14 +10:00
Daniel Pouzzner e3fc43c3d6 Merge pull request #7338 from SparkiDev/sha256_armv8_transform
SHA256 ARMv8: fix wc_Sha256Transform
2024-03-14 19:48:38 -04:00
Daniel Pouzzner 25efe6b66a wolfcrypt/src/asn.c: fix -Wconversions in GetASN_BitString(), GetASN_UTF8String(), and GetASN_ObjectId(). 2024-03-14 18:42:50 -05:00
Sean Parkinson a0befd396f SHA256 ARMv8: fix wc_Sha256Transform
wc_Sha256Transform() was passing in data to underlying transform
function even though byte reversed data was in sha256->buffer.
2024-03-15 09:27:15 +10:00
David Garske b7b6752e2e Merge pull request #7333 from gojimmypi/PR-tfm-mp_sqr
Enable TFM mp_sqr even when HAVE_ECC disabled
2024-03-14 12:45:09 -07:00
David Garske 5dff8aa417 Merge pull request #7334 from SparkiDev/macosx_clang_15_asm_fix
MacOS X Intel ASM clang 15: fix asm to compile without warning
2024-03-14 10:10:42 -07:00
David Garske 8fd8548142 Merge pull request #7318 from SparkiDev/kyber_1
Kyber: Implementation in wolfSSL
2024-03-14 09:57:52 -07:00
JacobBarthelmeh 88370d8c3e Merge pull request #7277 from embhorn/readme_folders
Add directory layout to readme.
2024-03-14 19:09:12 +07:00
Daniel Pouzzner 3fd6af0cd2 Merge pull request #7283 from SparkiDev/lms
LMS: initial implementation
2024-03-14 01:48:57 -04:00
Sean Parkinson 3ba5dd3e6d MacOS X Intel ASM clang 15: fix asm to compile without warning
Don't use align when __APPLE__ is defined.
Make minimum alignment on variables in ASM 8 bytes (.p2align 3).

Fix x86 builds with ASM.
2024-03-14 11:42:12 +10:00
gojimmypi bebfb120d7 Enable TFM mp_sqr even when HAVE_ECC disabled 2024-03-13 16:36:30 -07:00
Sean Parkinson 25b2c664f4 Kyber: Implementation in wolfSSL
Put Kyber implementation into wolfSSL.
2024-03-14 09:14:50 +10:00
Sean Parkinson 40681226aa ASN.1 parsing: check for badly encode negative INTEGER
When encoding a negative number, when the first byte is 0xff then the
next byte can't have top bit set.
2024-03-14 09:01:22 +10:00