wolfssl/wolfcrypt/wc_kyber.h: in definition of struct KyberKey, use correct type for devId;
wolfcrypt/src/wc_kyber_poly.c: numerous fixes for bugprone-macro-parentheses and readability-inconsistent-declaration-parameter-name;
tests/api.c: in test_tls13_apis(), add missing defined(HAVE_LIBOQS) gate on inclusion of ":P256_KYBER_LEVEL1" in groupList.
api.c: z and ret no longer only when !NO_ASN_TIME.
benchmark.c: rsaKey array type has changed and unusual code path needsed
updating.
cmac.c: Zeroization test failed when checkSz was zero as called function
didn't zero out cmac. checkSz is invalid.
test.c: rsaCaCertDerFile used even when NO_ASN_TIME.
test.h: --enable-sp-math only supports DH of 2048 bits and above. Change
default DH parameters to be 2048 bits.
wolfcrypt/test/test.c: fix gating for verify4 in scrypt_test(), and fix WOLFSSL_SMALL_STACK -Wframe-larger-than=2048 warnings in sha256_test() and sha512_test().
src/ssl.c: fix for true-but-benign nullPointerRedundantCheck in ProcessBufferTryDecodeEd25519().
tests/api.c: fix for -Wmaybe-uninitialized in test_wc_PKCS7_VerifySignedData_RSA() identified via cross-m68k-all-asm.
* fix overallocation in WC_DECLARE_ARRAY() macro in the !WOLFSSL_SMALL_STACK path.
* rename WC_INIT_ARRAY() to WC_ALLOC_ARRAY() for clarity (it doesn't initialize any memory).
* rename WC_DECLARE_ARRAY_DYNAMIC_DEC(), WC_DECLARE_ARRAY_DYNAMIC_EXE(), and WC_FREE_ARRAY_DYNAMIC() to WC_DECLARE_HEAP_ARRAY(), WC_ALLOC_HEAP_ARRAY(), and WC_FREE_HEAP_ARRAY(), respectively, also for clarity, and refactor out the duplicate definitions.
* add WC_ALLOC_VAR(), and move the XMALLOC() in smallstack WC_DECLARE_VAR() into it. smallstack WC_DECLARE_VAR() now initializes the pointer to NULL, like smallstack WC_DECLARE_ARRAY(), assuring all pointers are valid upon shortcircuit to cleanup for a failed allocation (see WC_ALLOC_DO_ON_FAILURE below).
* add a new hook "WC_ALLOC_DO_ON_FAILURE" in WC_ALLOC_VAR(), WC_ALLOC_ARRAY(), and WC_DECLARE_ARRAY_DYNAMIC_EXE(), which is invoked when an allocation fails. by default the hook is defined to WC_DO_NOTHING.
* add basic safety to WC_*_HEAP_ARRAY() by recording/detecting allocation state via idx##VAR_NAME.
* add macros WC_ARRAY_OK() and WC_HEAP_ARRAY_OK() to test if allocation succeeded.
* add macros WC_CALLOC_ARRAY() and WC_CALLOC_HEAP_ARRAY() which zero the objects.
* add macro WC_CALLOC_VAR() which zeros the object.
ED448: smallstack refactor of ge448_scalarmult_base().
src/tls.c tests/api.c wolfcrypt/test/test.c: update WC_DECLARE_VAR()s with now-required matching WC_ALLOC_VAR()s.
wolfcrypt/benchmark/benchmark.c:
* no functional changes in default error-free behavior.
* add definition of WC_ALLOC_DO_ON_FAILURE() that prints error message, sets ret, and does goto exit.
* add BENCH_NTIMES and BENCH_AGREETIMES overrideeable macros, to allow fast sanitizer runs and slow high-precision runs.
* smallstack refactor of all declarations of stack arrays of the form foo[BENCH_MAX_PENDING], using WC_DECLARE_ARRAY() (35 in all).
* additional smallstack refactors, using WC_DECLARE_VAR(), for bench_aesxts(), bench_ed448KeyGen(), bench_eccsi*(), and bench_sakke*().
* fixes for various unhandled error conditions around malloc failures.
wolfcrypt/test/test.c: opportunistically constify several (42) static constants, moving them to the readonly data segment.
linuxkm/Makefile: if ENABLED_LINUXKM_BENCHMARKS, add wolfcrypt/benchmark/benchmark.o to WOLFSSL_OBJ_FILES.
linuxkm/Kbuild: enable FPU for benchmark.o, and remove enablement for module_hooks.o.
linuxkm/module_hooks.c: remove inline include of benchmark.c.
- wc_ecc_shared_secret_ssh should either be declared or not. Having two different signatures for the same function is error prone.
- Don't use wc_ecc_shared_secret_ssh in our code. Use wc_ecc_shared_secret directly.
* tls: negotiate until hs is complete in wolfSSL_read/wolfSSL_write
Don't rely on ssl->options.handShakeSate == HANDSHAKE_DONE to check if
negotiation is needed. wolfSSL_Connect() or wolfSSL_Accept() job may not yet be
completed and/or some messages may be waiting in the buffer because of
non-blocking I/O.
* tests: test case for handshake with wolfSSL_read()/wolfSSL_write()
* doc: clarify wolfSSL_write()
* internal.c: rename: need_negotiate -> ssl_in_handshake
- dtls: check that the cookie secret is not emtpy
- Dtls13DoDowngrade -> Dtls13ClientDoDowngrade
- dtls: generate both 1.2 and 1.3 cookie secrets in case we downgrade
- dtls: setup sequence numbers for downgrade
- add dtls downgrade sequence number check test
Fixes ZD17314
Multiple handshake messages in one record will fail the MsgCheckBoundary() check on the client side when the client is set to TLS 1.3 but allows downgrading.
--> ClientHello
<-- ServerHello + rest of TLS 1.2 flight
Client returns OUT_OF_ORDER_E because in TLS 1.3 the ServerHello has to be the last message in a record. In TLS 1.2 the ServerHello can be in the same record as the rest of the server's first flight.
We can omit either the CeritificateStatus message or the appropriate extension when we can not provide the OCSP staple that the peer is asking for. Let peer decide if it requires stapling and error out if we don't send it.
tests/api.c: modify test_wc_CmacFinal() to use wc_CmacFinalNoFree() except for the final call.
wolfcrypt/src/aes.c:
* fix wc_AesEaxEncryptAuth() and wc_AesEaxDecryptAuth() to call wc_AesEaxFree() only if wc_AesEaxInit() succeeded.
* fix wc_AesEaxInit() to free all resources on failure.
* revert wc_AesEaxEncryptFinal() and wc_AesEaxDecryptFinal() changes, then change wc_CmacFinal() calls in them to wc_CmacFinalNoFree() calls.
* wc_AesEaxFree(): add wc_CmacFree() calls.
* followup to https://github.com/wolfSSL/wolfssl/pull/7009 "20231128-misc-fixes" and https://github.com/wolfSSL/wolfssl/pull/7011 "Add missing wc_AesInit calls."
* adds WC_DEBUG_CIPHER_LIFECYCLE, which embeds asserts in low-level AES implementations for proper usage of wc_AesInit() and wc_AesFree().
* fixes native CMAC, AES-EAX, and AES-XTS implementations to assure resource release.
* adds missing wc_AesXtsInit() API, and adds a new wc_AesXtsSetKey_NoInit().
* fixes misspellings in EVP that unconditionally gated out AES-OFB and AES-XTS.
* fixes misspellings in EVP that unconditionally gated out AES-CBC and AES-CFB code in wolfSSL_EVP_CIPHER_CTX_cleanup_cipher().
* openssl compat AES low level cipher API has no counterpart to wc_AesFree(), so these compat APIs will now be gated out in configurations where they would otherwise leak memory or file descriptors (WOLFSSL_AFALG, WOLFSSL_DEVCRYPTO, WOLF_CRYPTO_CB, etc.). A new macro, WC_AESFREE_IS_MANDATORY, is defined in wolfcrypt/aes.h to streamline this dependency.
* fixes 40 missing EVP_CIPHER_CTX_cleanup()s and 11 wc_AesFree()s in src/ssl.c, src/ssl_crypto.c, tests/api.c, and wolfcrypt/test/test.c.
memcached support: add required functions/defines.
Fix running unit test when defining DEBUG_WOLFSSL_VERBOSE without OPENSSL_EXTRA.
Break out session_id_context APIs into separate option WOLFSSL_SESSION_ID_CTX, so they can be used without OPENSSL_EXTRA.
Make wolfSSL_ERR_get_error and wolfSSL_CTX_set_mode available for memcached.
Add --enable-memcached.
Include required defines for memcached.
Revert unit test fix, no longer needed.
Add Github actions test for memcached. Stop defining DEBUG_WOLFSSL_VERBOSE for memcached.
Add auto retry to writes.
Memcached CI: correct libevent package name.
Memcached CI: Add pkgconfig path for Github CI wolfSSL prefix.
memcached: Fix WOLFSSL_OP_NO_RENEGOTIATION going outside of int bounds, add LD_LIBRARY_PATH for memcached CI test.
memcached CI: Use correct path for wolfSSL
memcached: Add required perl dependency for SSL tests
memcached: Update to 1.6.22
memcached: actually test tls
memcached: Update wolfSSL_SSL_in_before to be side agnostic.
tests/api.c: when NO_SHA, omit test_wolfSSL_CertManagerCheckOCSPResponse() and test_wolfSSL_CheckOCSPResponse() (both use static artifacts with SHA1 name and key hashes).
This exercises the fragmenting of ClientHello via large post-quantum key share.
./configure --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtls \
--enable-dtls13 --with-liboqs
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
- Regen CRL's as most of them are expired
- certs/crl/extra-crls/ca-int-cert-revoked.pem: CRL that revokes certs/intermediate/ca-int-cert.pem signed by certs/ca-cert.pem
- Add CheckCertCRL_ex API to not depend on DecodedCert
- CheckCertCRLList: accept raw serial or hashed version to work with Signers
- Add XELEM_CNT to simplify pre-proc element counting
JacobBarthelmeh
Daniel Pouzzner
Sean Parkinson
TakayukiMatsuo
Juliusz Sosinowicz
Marco Oliverio
Lealem Amedie
Marco Oliverio
Anthony Hu
David Garske
Takashi Kojo
Andras Fekete
Hideki Miyazaki
Anthony Hu
John Bland
jordan
Chris Conlon
Eric Blankenhorn
Kareem
Stanislav Klima
Brett
Dimitri Papadopoulos
gojimmypi