WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
22,128 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

22128 Commits (15a0ae4244602f6fcc44c54a2ad4ed58c5b47178)

Author SHA1 Message Date
John Safranek 15a0ae4244 Generic Memory Pools 
1. Add generic function wolfSSL_StaticBufferSz_ex() where one specifies
   the memory bucket list sizes and distribution.
2. Rewrote wolfSSL_StaticBufferSz() in terms of the new function.
3. Changed the list pointers on wc_LoadStaticMemory_ex() and
   wc_init_memory_heap() to be pointers to const.
 2024-04-22 08:54:40 -07:00
John Safranek 7481644842 Generic Memory Pools 
1. Add the function wc_LoadStaticMemory_ex(), which is a generic version
   of wc_LoadStaticMemory().
2. Modify wc_LoadStaticMemory() to call wc_LoadStaticMemory_ex() with
   the bucket lists.
3. Rename the function wolfSSL_load_static_memory() as
   wc_partition_static_memory(), make it static, move it higher in the file.
 2024-04-22 08:54:40 -07:00
John Safranek 2168b154b6 Generic Memory Pools 
1. Modify wolfSSL_CTX_load_static_memory() to use wc_LoadStaticMemory()
   instead of reimplementing it.
2. Initialize the pointers in wc_LoadStaticMemory() to null.
3. Whitespace changes.
 2024-04-22 08:54:37 -07:00
Sean Parkinson b17ad46b30
Merge pull request #7458 from douzzer/20240422-wc_SRTCP_KDF_ex-Wconversion 
20240422-wc_SRTCP_KDF_ex-Wconversion
 2024-04-22 21:30:14 +10:00
Daniel Pouzzner 44e8f392ae wolfcrypt/src/kdf.c: fix -Wconversions in wc_SRTCP_KDF_ex(). 2024-04-22 01:11:46 -05:00
Sean Parkinson 5bb22d8343
Merge pull request #7439 from JacobBarthelmeh/build_test 
fix for WOLFSSL_NO_PEM build
 2024-04-22 10:48:57 +10:00
Sean Parkinson e1b66ca62d
Merge pull request #7407 from mrdeep1/key_share 
Handle PSK-Only negotiation with key_share not being sent in Server Hello
 2024-04-22 10:45:56 +10:00
Sean Parkinson cfe645ca70
Merge pull request #7455 from kaleb-himes/SRTCP-48bit-indices 
Srtcp 48bit indices
 2024-04-22 10:43:07 +10:00
Sean Parkinson eeadb2a7f3
Merge pull request #7457 from douzzer/20240420-wc_linuxkm_fpu_state_assoc-fixups 
20240420-wc_linuxkm_fpu_state_assoc-fixups
 2024-04-22 10:39:55 +10:00
Daniel Pouzzner 0a4eb1fbc7 linuxkm/linuxkm_memory.c: require kernel 5.4+ for AESNI/AVX, and add fixup code in wc_linuxkm_fpu_state_assoc_unlikely() to cope with migrations. in save_vector_registers_x86(), on kernel < 5.17, check test_thread_flag(TIF_NEED_FPU_LOAD) as a workaround for irq_fpu_usable() missing check for in_kernel_fpu. 2024-04-20 13:55:37 -05:00
JacobBarthelmeh 78670f5098
Merge pull request #7453 from douzzer/20240419-wolfSSL_CTX_SetTmpDH-double-free 
20240419-wolfSSL_CTX_SetTmpDH-double-free
 2024-04-19 13:48:37 -06:00
kaleb-himes 4b1edc78bb Add test case 2024-04-19 13:16:19 -06:00
kaleb-himes e835517633 SRTCP 32-bit indices default plus errata 48-bit indices 2024-04-19 12:31:08 -06:00
JacobBarthelmeh 69be7a7c54
Merge pull request #7431 from lealem47/aes_cfb 
Fix for AES-CFB1 encrypt/decrypt on size (8*x-1) bits
 2024-04-19 10:55:27 -06:00
JacobBarthelmeh a63ff277ed
Merge pull request #7452 from douzzer/20240419-linuxkm-intelasm-expansion 
20240419-linuxkm-intelasm-expansion
 2024-04-19 10:46:11 -06:00
Daniel Pouzzner 39e2405e2f src/ssl_load.c: fix double-free in wolfSSL_CTX_SetTmpDH(). 2024-04-19 11:43:32 -05:00
JacobBarthelmeh 5f9ed54aaa
Merge pull request #7451 from SparkiDev/test_fixes_1 
Fixes from configuration testing
 2024-04-19 10:43:31 -06:00
JacobBarthelmeh c7f852fbbd
Merge pull request #7450 from anhu/reneg_indic 
check for conflicting secure renegotiation macros (settings.h)
 2024-04-19 10:41:26 -06:00
JacobBarthelmeh 9242f611b2
Merge pull request #7449 from lealem47/nginx_stubs 
Adding stubs required for latest nginx
 2024-04-19 10:38:17 -06:00
Jon Shallow 7b22681287 Handle PSK-Only negotiation with key_share not being sent in Server Hello 
The wrong cipher suite is potentially chosen if key_share is not seen by the client.

$ cat /tmp/test
Client_identitySHA256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

Server:
$ gnutls-serv --http --priority NORMAL:+ECDHE-PSK:+PSK:+ECDHE-ECDSA:+AES-128-CCM-8:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL:+SHA256 --pskpasswd=/tmp/test

Client:
$ examples/client/client -vd -g -s -p 5556 2>&1| grep HTTP
 2024-04-19 17:14:28 +01:00
Daniel Pouzzner 0264a518e1 wolfcrypt/src/ed25519.c: in ed25519_pairwise_consistency_test(), add casts to mollify -Wconversion. 2024-04-19 01:41:35 -05:00
Daniel Pouzzner 28480ec0ea linuxkm/Kbuild: add SHA-2, SHA-3, ChaCha20, and poly1305, to kernel-safe vectorized-asm list. 2024-04-19 01:35:45 -05:00
Daniel Pouzzner 85f3fb9d07
Merge pull request #7409 from SparkiDev/asm_x64_rip_fix 
SHA-256 x64 ASM - fix use of %rip
 2024-04-19 02:33:47 -04:00
Sean Parkinson d2b9a365f2 ChaCha20 and Poly1305 x64 ASM - fixu use of %rip 
Get the address of the constants into a register at start instead of
calculating the address relative to the instruction pointer each time.
 2024-04-19 09:59:54 +10:00
Sean Parkinson 97d560d9af Fixes from configuration testing 
asn1.c: Allow sample to build without coding (base64 decoding).

set_curves_list(): function for ECC, Ed25519, Ed448 but this block of
code is ECC only. Fixed #ifdef protection.

wolfSSL_CTX_set1_curves_list and wolfSSL_set1_curves_list also available
when Curve25519/Curve448 compiled in but not ECC.
 2024-04-19 08:40:19 +10:00
Lealem Amedie 7a7af18887 Guard with OPENSSL_EXTRA instead of WOLFSSL_NGINX 2024-04-18 16:33:37 -06:00
Anthony Hu 85326da7fc check for conflicting HAVE_RENEGOTIATION_INDICATION and HAVE_SECURE_RENEGOTIATION in settings.h 2024-04-18 17:51:33 -04:00
JacobBarthelmeh fe671f72e1
Merge pull request #7435 from SparkiDev/ssl_misc_fixup 
ssl_misc.c: wolfssl_file_len() protection
 2024-04-18 14:36:38 -06:00
JacobBarthelmeh ef153101b7
Merge pull request #7433 from SparkiDev/eddsa_fips_checks 
EdDSA FIPS checks on public key
 2024-04-18 14:34:31 -06:00
JacobBarthelmeh 9666e4d7e4
Merge pull request #7448 from douzzer/20240418-pq-hybrid-fixes 
20240418-pq-hybrid-fixes
 2024-04-18 14:31:27 -06:00
Daniel Pouzzner e48f06bd53 fixes for WOLFSSL_DUAL_ALG_CERTS: "cannot take address of bit-field ‘altKeyType’" and "‘altPrivateKeyType’" in ProcessBufferTryDecode(), "‘heap’ undeclared" in ProcessBufferCertAltPublicKey(), "‘consumed’ undeclared" in ProcessFile(), "‘keySz’ undeclared" in wolfSSL_CTX_use_PrivateKey_Id(). 2024-04-18 13:49:44 -05:00
Lealem Amedie a1cf316630 Adding stubs required for latest nginx 2024-04-18 12:28:31 -06:00
Lealem Amedie 295033441c Fix for AES-CFB1 encrypt/decrypt on size (8*x-1) bits 2024-04-18 11:31:28 -06:00
kaleb-himes 0bd5967093 Adjust FIPS version and default configuration 2024-04-18 08:41:05 -06:00
Sean Parkinson 08b42b7c93
Merge pull request #7443 from douzzer/20240418-fix-aes_xts_128_test-DEBUG_VECTOR_REGISTER_ACCESS 
20240418-fix-aes_xts_128_test-DEBUG_VECTOR_REGISTER_ACCESS
 2024-04-18 21:10:40 +10:00
Daniel Pouzzner 436efb0078 wolfcrypt/test/test.c: in aes_xts_128_test(), change DEBUG_VECTOR_REGISTER_ACCESS gates to DEBUG_VECTOR_REGISTER_ACCESS_AESXTS (currently unused), after refactor of AES-XTS C fallback in 9f55dba2f2. (per-call fallback is no longer supported for AES-XTS.) 2024-04-18 00:59:03 -05:00
JacobBarthelmeh 41f31f4635
Merge pull request #7440 from douzzer/20240417-fix-LoadSystemCaCertsWindows 
20240417-fix-LoadSystemCaCertsWindows
 2024-04-17 15:47:48 -06:00
JacobBarthelmeh 58167a2ebb
Merge pull request #7434 from douzzer/20240416-fips-v6-fixes 
20240416-fips-v6-fixes
 2024-04-17 13:52:35 -06:00
Daniel Pouzzner 6e3a9d5447 src/ssl_load.c: in LoadSystemCaCertsWindows(), fix flub introduced in 8e9810e87e. 2024-04-17 13:24:26 -05:00
JacobBarthelmeh c2e60d523f fix for WOLFSSL_NO_PEM build 2024-04-17 11:16:18 -06:00
Sean Parkinson 593cb77e51 ssl_misc.c: wolfssl_file_len() protection 
wolfssl_file_len is now used by wolfssl_read_file_static() which is
compiled in with less restrictions.
Fix #ifdef protection.
 2024-04-17 22:44:13 +10:00
Sean Parkinson c590fe514f EdDSA FIPS checks on public key 
Check that the Ed25519 and Ed448 public key is valid even without
private key.
Perform pairwise consistency test, only in FIPS, when making a key i
Ed25519 and Ed448.
 2024-04-17 17:50:33 +10:00
Daniel Pouzzner 3df11e7eab fixes for cppcheck uninitvar src/pk.c (false positives) and nullPointerRedundantCheck in src/ssl_load.c (true positive). 2024-04-17 01:00:41 -05:00
Daniel Pouzzner fac834c80a configure.ac: in setup for enable-all and enable-all-crypto with enable-32bit, fix inconsistency whereby SHAKE was enabled but SHA512 and SHA3 weren't; remove unneeded+unwanted ENABLED_32BIT conditional force-off of SHA512, SHA384, SHA3, ED25519 (harmonizes with FIPS v6). 2024-04-17 00:43:41 -05:00
Daniel Pouzzner d0edb3d0a9 scripts/aria-cmake-build-test.sh: fix masked exit value. 2024-04-17 00:43:41 -05:00
Daniel Pouzzner 855175da47 wolfcrypt/src/fe_448.c: fix several out-of-order declarations in fe448_mul_8(). 2024-04-17 00:43:41 -05:00
Daniel Pouzzner 9f55dba2f2 wolfcrypt/src/aes.c: in AES-XTS AESNI, use cautious strategy as in AESGCM_STREAM for SAVE_VECTOR_REGISTERS, due to random failures seen with DEBUG_VECTOR_REGISTER_ACCESS_FUZZING using the old per-call fallback strategy. 2024-04-17 00:43:41 -05:00
Daniel Pouzzner b2f594e84b fixes for --enable-32bit CFLAGS=-m32 --enable-fips=v6 (fixes "#error ED448 requires SHAKE256"). 2024-04-17 00:43:41 -05:00
JacobBarthelmeh 03ed52bd81
Merge pull request #7297 from SparkiDev/ssl_move_5 
ssl.c: Move functions out to separate files
 2024-04-16 17:56:55 -06:00
JacobBarthelmeh 1f61ed3536
Merge pull request #7397 from dalybrown/expose-dtsl-in-ada 
Expose DTLS in Ada wrapper and update examples
 2024-04-16 13:37:23 -06:00