WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
23,172 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

23172 Commits (1c68da282cfd5422ac56fcecb89ee7c8ab02c53f)

Author SHA1 Message Date
Kaleb Himes f660299de0
Merge pull request #7856 from douzzer/20240809-fips-dev-feature-unlock 
20240809-fips-dev-feature-unlock
 2024-08-09 16:00:30 -06:00
JacobBarthelmeh 85bab19090
Merge pull request #7845 from ColtonWilley/pkcs7_digest_absent_params 
Add option for absent hash params in PKCS7
 2024-08-09 15:56:28 -06:00
Hideki Miyazaki debbea3843 put back the RNG 
comment to CUSTOM RAND GENERATE BLOCK
 2024-08-10 06:45:18 +09:00
Daniel Pouzzner 0d84597d78
Merge pull request #7855 from embhorn/zd18433 
Fix example settings
 2024-08-09 15:32:17 -05:00
Daniel Pouzzner 84b91d0e1e
Merge pull request #7841 from mrdeep1/dtls_downgrade_cid 
Support DTLS1.3 downgrade when server supports CID
 2024-08-09 15:30:20 -05:00
Daniel Pouzzner bba3995434
Merge pull request #7834 from oltolm/cmake_fix 
cmake: fix parsing WOLFSSL_DEFINITIONS
 2024-08-09 15:24:15 -05:00
Daniel Pouzzner d351430222
Merge pull request #7840 from mrdeep1/dtls_downgrade 
Support DTLS1.3 downgrade when server sends multiple handshakes in packet
 2024-08-09 15:22:46 -05:00
Daniel Pouzzner 0d952c3343
Merge pull request #7850 from bandi13/dockerfileFixes 
Dockerfile fixes
 2024-08-09 15:19:59 -05:00
Daniel Pouzzner 656ba24de5
Merge pull request #7852 from SparkiDev/sp_no_rng_fix 
SP: no RNG fix
 2024-08-09 15:00:15 -05:00
Daniel Pouzzner e142b16ae2
Merge pull request #7848 from miyazakh/fips_wcPBKDF2ex 
Check klen in byte in wc_PBKDF2_ex
 2024-08-09 14:49:53 -05:00
Daniel Pouzzner 034e13298f
Merge pull request #7847 from SparkiDev/sp_xfree_2 
SP: Remove check of NULL before XFREE
 2024-08-09 14:47:05 -05:00
Daniel Pouzzner 98f8ab085e configure.ac: when FIPS_VERSION==dev, unlock features to allow user-forced enablement/disablement. also, add line breaks for clarity on the similar clauses in the v5* section. 2024-08-09 14:38:22 -05:00
Andras Fekete edb95ae7ae Clear out remnants of old code 2024-08-09 14:22:38 -04:00
Colton Willey 0a5ebaf806 Change SetAlgoIdEx to be local 2024-08-09 11:22:21 -07:00
Eric Blankenhorn 373f5ee9ae Fix example settings 2024-08-09 13:06:29 -05:00
Eric Blankenhorn 9dddd99b3b Update default RSA min to 1024 2024-08-09 10:41:41 -05:00
Sean Parkinson 17a09d9853 SP: no RNG fix 
Don't use RNG API when WC_NO_RNG is defined.
 2024-08-09 10:18:12 +10:00
Sean Parkinson 2a08d3001c
Merge pull request #7846 from douzzer/20240806-debug-trace-errcodes-backtrace 
20240806-debug-trace-errcodes-backtrace
 2024-08-09 09:45:01 +10:00
Daniel Pouzzner c25d86c6c7 support/gen-debug-trace-error-codes.sh: tweak for compatibility with mawk. 2024-08-08 15:57:14 -05:00
Andras Fekete 085b78994d Update buildAndPush script 2024-08-08 16:44:22 -04:00
Andras Fekete 63ec8fe83a Add in 'libbacktrace' 2024-08-08 16:14:03 -04:00
Andras Fekete e1502e7f5b Need a newer version that doesn't complain about libz 2024-08-08 15:39:16 -04:00
Daniel Pouzzner a75d520727 src/pk.c: fix a null deref (nullPointerRedundantCheck) in wolfSSL_RSA_GenAdd() added in d350ba6c41. 2024-08-08 11:40:57 -05:00
Daniel Pouzzner 24e34aa41a wolfcrypt/src/logging.c: in WOLFSSL_BUFFER(), on averted overrun, log a buffer error rather than silently failing; in wc_backtrace_render(), fix !WOLFSSL_MUTEX_INITIALIZER race mitigation code. 2024-08-08 10:49:05 -05:00
Daniel Pouzzner f5e775fe95 wolfcrypt/src/wc_kyber.c: fixes for null derefs (nullPointerRedundantCheck) in wc_KyberKey_MakeKeyWithRandom() and wc_KyberKey_Decapsulate() added in d350ba6c41. 2024-08-08 09:13:56 -05:00
Daniel Pouzzner 763ced668e fixes for defects identified by cppcheck and clang-tidy on --enable-debug builds: null deref in tests/api.c:load_pem_key_file_as_der(), redundant declarations in wolfcrypt/benchmark/benchmark.c, and numerous unchecked XSNPRINTF()s in wolfcrypt/src/logging.c and src/internal.c. 2024-08-08 09:00:42 -05:00
Daniel Pouzzner 5f6067c3e1 add --enable-debug-trace-errcodes=backtrace. 
* uses libbacktrace to enhance existing "ERR TRACE" messages with backtraces, rendered in same format as the sanitizers.
* adds wc_backtrace_render() and some related callbacks to wolfcrypt/src/logging.c.
* adds an overrideable WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE to the WC_ERR_TRACE() mechanism in wolfssl/wolfcrypt/error-crypt.h.
 2024-08-08 09:00:42 -05:00
Hideki Miyazaki 493022b4b4 revert 2b4acf5027 
fix build failure when no using TSIP
 2024-08-08 18:34:36 +09:00
Hideki Miyazaki 180ad206fc check klen in byte 2024-08-08 08:52:08 +09:00
Sean Parkinson abc910c03c SP: Remove check of NULL before XFREE 
Removed more checks of NULL before XFREE.
Formatting fixes as well.
 2024-08-08 09:36:05 +10:00
Daniel Pouzzner 0ab1f1969d
Merge pull request #7828 from miyazakh/zd18141_ocspv2multi 
Sever side checks OCSP even if it uses v2 multi
 2024-08-07 17:40:23 -05:00
Daniel Pouzzner 92952a5538
Merge pull request #7839 from bandi13/noIfXFREE 
No if xfree
 2024-08-07 17:08:12 -05:00
Andras Fekete 38d191c159 More PR comment fixes 2024-08-07 16:56:57 -04:00
Colton Willey 75c3030554 Add option for absent hash params in PKCS7 2024-08-07 11:07:45 -07:00
Andras Fekete a31d8c5ce7 Addressing PR comments 2024-08-07 11:14:15 -04:00
Sean Parkinson 632d9653da
Merge pull request #7842 from embhorn/zd18417 
Fix template DecodeSubjDirAttr to set extSubjDirAttr data
 2024-08-07 18:29:04 +10:00
Sean Parkinson 18aa2b8d78
Merge pull request #7843 from dgarske/fix_sp_small_gcc 
Fix for SP small calling label with GCC
 2024-08-07 09:23:46 +10:00
Daniel Pouzzner 6116d5edb4
Merge pull request #7824 from anhu/maxq10xx_update 
Update to the maxq10xx support
 2024-08-06 18:01:39 -05:00
Sean Parkinson 2cc5ecf117
Merge pull request #7759 from JacobBarthelmeh/poly1305 
w64wrapper for poly1305
 2024-08-07 07:31:25 +10:00
Andras Fekete b6a9c38950 Addressing PR comments 2024-08-06 15:29:32 -04:00
David Garske 91ea7ab206 Fix for SP small calling label with GCC (broken in PR #7753). 2024-08-06 11:05:40 -07:00
David Garske a30d9c9818
Merge pull request #7833 from SparkiDev/riscv-sha512-asm 
RISC-V 64: Add assembly code for SHA-512
 2024-08-06 10:39:10 -07:00
Anthony Hu 29a5cc39f2 Duplicate code removed 2024-08-06 10:19:09 -07:00
Anthony Hu 3cf3f297ba Update to the maxq10xx support 2024-08-06 10:19:09 -07:00
Andras Fekete 101088c390 Fix potential NULL dereference 2024-08-06 12:35:01 -04:00
Eric Blankenhorn 1c2b47d8ad Fix template DecodeSubjDirAttr to set extSubjDirAttr data 2024-08-06 11:34:14 -05:00
Jon Shallow f1c918c261 Support DTLS1.3 downgrade when server supports CID 
With --enable-dtlscid, a client sending a Client Hello to a DLTS1.2
server that supports CID, the server provides the appropriate CID and
assumes that CID has been negotiated.

However, in the case of MbedTLS, it then rejects packets that do not
match its expected CID from the client - as wolfSSL no longer sends
the CID as it is not DTLS1.2.

https://datatracker.ietf.org/doc/html/rfc9147#section-4

If a Connection ID is negotiated, then it MUST be contained in all datagrams.

This fix drops the CID if a Hello Verify Request is received, so the
second Client Hello does not include the CID.

https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1

When responding to a HelloVerifyRequest, the client MUST use the same
parameter values (version, random, session_id, cipher_suites,
compression_method) as it did in the original ClientHello.

Dropping the CID extension does not violate this.
 2024-08-06 16:48:04 +01:00
Andras Fekete 3a83c33499 Fix compilation error 2024-08-06 11:44:32 -04:00
Daniel Pouzzner 6fea4f1266
Merge pull request #7803 from SparkiDev/dilithium_hint_check_fix 
Dilithium: fix check hint
 2024-08-06 10:25:35 -05:00
Jon Shallow bcbd701155 Support DTLS1.3 downgrade when server sends multiple handshakes in packet 
If the server sends Server Hello, Server Key Exchange and Server Hello Done
in a single DTLS packet, but for DTLS1.2 in response to a client DTLS1.3
request, then FIRST_REPLAY state does not occur until the server re-sends
the packet.  At this point wolfSSLconnect() gets used and all bursts into
life.

When processing handshakes in wolfSSL_connect_TLSv13() for case
HELLO_AGAIN_REPLY, downgrade to using  wolfSSLconnect() to continue
processing the remaining handshakes in the packet.

Found when using Mbed TLS for the server.
 2024-08-06 16:17:48 +01:00