WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
16,578 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

16578 Commits (9c29102c43d680388d89d08b57b25edb73b43342)

Author SHA1 Message Date
David Garske 9c29102c43
Merge pull request #4948 from SparkiDev/tls12_pa_failsafe 
TLS: add peer authentication failsafe for TLS 1.2 and below
 2022-03-15 09:42:56 -07:00
David Garske 2febed01a5
Merge pull request #4949 from SparkiDev/ssl_move_conf 
ssl.c: move TXT and CONF APIs out into conf.c
 2022-03-15 09:02:42 -07:00
Sean Parkinson 343e8bccdd ssl.c: move TXT and CONF APIs out into conf.c 2022-03-15 12:09:24 +10:00
David Garske 4ec49d2189
Merge pull request #4943 from SparkiDev/sp_arm64_perf_1 
SP ASM performance improvements
 2022-03-14 18:40:51 -07:00
David Garske e3276ca683
Merge pull request #4939 from SparkiDev/aes_gcm_align 
AES-GCM: stack alignment issues
 2022-03-14 18:37:11 -07:00
Sean Parkinson 9ed061cc96 TLS: add peer authentication failsafe for TLS 1.2 and below 
Tightened the TLS 1.3 failsafe checks too.
 2022-03-15 08:51:44 +10:00
Sean Parkinson eeb7f72a07 AES-GCM: stack alignment issues 
Don't expect stack to be aligned.
vmovdqu is no longer slower than vmovdqa.
 2022-03-15 08:49:43 +10:00
David Garske 34e491f39f
Merge pull request #4950 from SparkiDev/regression_fixes_3 
TLS 1.3 script test: wait for server to write file
 2022-03-14 13:24:06 -07:00
Sean Parkinson 2c1ecacbfc TLS 1.3 script test: wait for server to write file 
Also fixes for:
./configure --enable-psk --disable-rsa --disable-ecc --disable-dh
C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-shared --enable-curve448 --enable-ed448
--disable-rsa --disable-dh --enable-tls13 --disable-ecc --enable-certgen
--enable-keygen
 2022-03-14 14:42:47 +10:00
Daniel Pouzzner 4966eb7897
Merge pull request #4944 from douzzer/20220310-asn-template-EncodeExtensions-overrun 
wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions() and leak in ParseCRL_Extensions()
 2022-03-13 21:21:07 -05:00
Sean Parkinson cdb45b12c5
Merge pull request #4884 from haydenroche5/i2d_x509_name_fix 
Improve wolfSSL_i2d_X509_name.
 2022-03-14 11:57:07 +10:00
Sean Parkinson 20562b3f78 DecodeNameConstraints (ASN Template): free ASNGetData 2022-03-14 09:14:19 +10:00
David Garske a816f329cc
Merge pull request #4856 from anhu/stm32u5 
Enable support for STM32U585 and PQC for STM32
 2022-03-11 14:49:46 -08:00
Daniel Pouzzner fb0c9b2a66 ssl.c: use InitHandshakeHashes(), not FreeHandshakeHashes(), to reset ssl->hsHashes. 2022-03-11 16:26:24 -06:00
Daniel Pouzzner 830431ccdf scripts/tls13.test: fix whitespace. 2022-03-11 13:54:50 -06:00
Daniel Pouzzner 82ab7bf32c ssl.c: fix hash state memory leaks in wolfSSL_clear() and wolfSSL_TicketKeyCb(). 2022-03-11 13:40:01 -06:00
Anthony Hu 8cba961bac Comment fixups, bad braces, and stray &. 2022-03-11 12:14:02 -05:00
Daniel Pouzzner 385ece92d8 ECCSI and SAKKE: fix smallstackcache memory leaks in library, and blue-moon undefined behavior bugs in test.c eccsi_test(() and sakke_test(). 2022-03-11 10:06:18 -06:00
Daniel Pouzzner 64953299cf scripts/tls13.test: retries (up to 10) for early data scenarios, to mitigate race noted in #4918 . 2022-03-11 08:18:14 -06:00
Daniel Pouzzner 7602eef98f src/ssl.c: use strlcpy(), not strncpy(), to make string_fortified happy (else "error: ‘__builtin_strncpy’ specified bound 46 equals destination size"). 2022-03-11 08:15:44 -06:00
Daniel Pouzzner b2ae7f4230 wolfssl/openssl/asn1.h: in ASN1_SIMPLE(), use OFFSETOF() macro. 2022-03-11 07:59:08 -06:00
Sean Parkinson c3eab0dcdd Fixes from sanitizer build 
Fix OID index in SetNameRdnItems for multi attributes.
Stop warning about strncpy to small.
Fix casting in ASN1_SIMPLE to use consistent type.
 2022-03-11 14:27:50 +10:00
David Garske cf030de48a
Merge pull request #4930 from SparkiDev/tfm_alloc_fails 
TFM: handle more alloc failure cases gracefully
 2022-03-10 15:42:21 -08:00
Sean Parkinson 3ea5e56c26 SP ASM performance improvements 
Mostly improving Aarch64 assembly.
Change Karatsuba implementations.
Specialised code for exponentiating to 0x10001 for RSA.
 2022-03-11 08:42:46 +10:00
David Garske 570daa6a7f Enable support for STM32U585 and PQ on M4 2022-03-10 14:19:01 -05:00
Daniel Pouzzner c78bfa4db8 scripts/tls13.test: when $early_data = yes, print the matching line counts. 2022-03-10 11:56:20 -06:00
Daniel Pouzzner 227804f034 wolfcrypt/src/asn.c: in ParseCRL_Extensions(), add missing FREE_ASNGETDATA(). 2022-03-10 11:45:37 -06:00
Daniel Pouzzner 170b125b39 wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions(), due to faulty iteration limit calculation, when smallstack build. 2022-03-10 09:38:19 -06:00
Sean Parkinson 6b7f0d4ee7
Merge pull request #4905 from anhu/custom_ext_parse 
Injection and parsing of custom extensions in X.509 certificates.
 2022-03-10 10:39:05 +10:00
David Garske b30ada1608
Merge pull request #4940 from ejohnstown/wolfrand 
Fix wolfRand Build
 2022-03-09 15:42:19 -08:00
Sean Parkinson 47895fe78d
Merge pull request #4942 from dgarske/sp_math_opensslextra 
Fixes to support building opensslextra with SP math
 2022-03-10 08:53:21 +10:00
Sean Parkinson b4df909df0
Merge pull request #4934 from haydenroche5/x509_v_err_sync 
Sync up X509_V_ERR codes with OpenSSL.
 2022-03-10 08:37:10 +10:00
Anthony Hu 98f733767b Use MAX_OID_SZ 2022-03-09 17:20:50 -05:00
David Garske 141cf822f2
Merge pull request #4941 from douzzer/20220309-script-cleanup 
20220309 script cleanup
 2022-03-09 13:30:50 -08:00
Chris Conlon bcfe8bf2e2
Merge pull request #4933 from haydenroche5/x509_set_ext_ext_key_usage 2022-03-09 13:22:49 -07:00
David Garske 3a62857dbd Fixes to support building opensslextra with SP math. Disables some of the compatibility layer BN and ECC point handling. 2022-03-09 11:53:56 -08:00
Anthony Hu b043225dbd Fixes inspired by review by SparkiDev. 2022-03-09 13:39:53 -05:00
John Safranek d6fb454063
Fix wolfRand Build 
1. Remove the v3 FIPS build from configure and automake. This was for
   the old FIPS Ready build, which is now fixed to the certificate 3389
   configuration.
2. Remove AES-GCM, PKCS12, and SHA-3 from wolfRand build. They were
   getting reenabled later in the configure.
 2022-03-09 10:35:39 -08:00
Daniel Pouzzner abfc788389 script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace. 2022-03-09 12:28:22 -06:00
Daniel Pouzzner 67cc8ed482 tests/api.c: fix test_wolfSSL_BIO_Qt_usecase() "function declaration isn’t a prototype". 2022-03-09 12:27:19 -06:00
David Garske 4ff82e22e6
Merge pull request #4938 from douzzer/20220308-shellcheck-errors 
fixes for shell script errors detected by shellcheck --severity=error.
 2022-03-08 12:51:11 -08:00
Chris Conlon 70857f7b3c
Merge pull request #4923 from miyazakh/set_bio 
Set bio read/write flag obviously
 2022-03-08 13:08:33 -07:00
David Garske c256d8ca92
Merge pull request #4936 from julek-wolfssl/no-force-ecc-ca 
Don't force a ECC CA when a custom CA is passed with `-A`
 2022-03-08 10:58:35 -08:00
Daniel Pouzzner c9a7393923 fixes for shell script errors detected by shellcheck --severity=error. 2022-03-08 12:51:48 -06:00
David Garske a4229c6cf8
Merge pull request #4932 from SparkiDev/tls_hmac_fix 
TLS HMAC: fix number of blocks to not process
 2022-03-08 10:06:11 -08:00
David Garske 4a912f29d1
Merge pull request #4843 from tmael/sp_diab 
Support (no)inline with Wind River Diab compiler
 2022-03-08 10:00:16 -08:00
Juliusz Sosinowicz 3c64731c4f Don't force a ECC CA when a custom CA is passed with `-A` 
The following config would fail `../configure --enable-opensslall CFLAGS="-DOPENSSL_COMPATIBLE_DEFAULTS" && make -j check`. This is because `test-fails.conf` `ECC no signer error` test expects a failure while the ECC CA was being added as a trusted cert due to  `OPENSSL_COMPATIBLE_DEFAULTS`.
 2022-03-08 15:02:43 +01:00
Daniel Pouzzner 031c97f835
Merge pull request #4931 from douzzer/20220307-early-data-and-c99-fixes 
enable-earlydata vs enable-fips/enable-asynccrypt
 2022-03-08 07:34:58 -06:00
Hideki Miyazaki f71be0546c
addressed review comments 2022-03-08 18:20:30 +09:00
Hayden Roche 31736307fd Sync up X509_V_ERR codes with OpenSSL. 
We defined these codes to values that didn't match those in OpenSSL. This is a
problem if a user is porting code from OpenSSL to wolfSSL that uses hardcoded
versions of these values. While the user's code should be fixed to not use
hardcoded values, we can make the port smoother by syncing the values up.
 2022-03-07 15:58:46 -08:00