WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
22,994 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

2720 Commits (a18d0161efb0cd4615223da89866945ae9d05e7b)

Author SHA1 Message Date
Sean Parkinson 3e3a00dafd Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 
Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard.
Implementation include making a key, signing and verification.
Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.
 2024-06-19 21:27:01 +10:00
Takashi Kojo 2f379ed322 alloc a buff for NULL pointer 2024-06-18 09:41:11 +09:00
kaleb-himes 20911f254b ECC, DH, GCM, GMAC, CCM and AES updated services 2024-06-12 18:16:33 -04:00
Daniel Pouzzner 202b0a15b4
Merge pull request #7629 from julek-wolfssl/test_wrong_cs_downgrade-clamp 
test_wrong_cs_downgrade: clamp error to exact value
 2024-06-10 18:26:54 -04:00
JacobBarthelmeh b9e5c0252d remove extra asign and use ExpectIntEQ test directly 2024-06-10 16:19:27 -06:00
David Garske e960a00650
Merge pull request #7625 from JacobBarthelmeh/x509 
sanity check on non conforming serial number of 0
 2024-06-07 08:33:38 -07:00
Juliusz Sosinowicz 8c47e8d6f2 test_wrong_cs_downgrade: clamp error to exact value 2024-06-07 11:33:38 +02:00
Sean Parkinson d7d8d14e95 TLS: wrong TLS version in alert after ClientHello 
Ignore protocol version being less than expected when received directly
after ClientHello.
Protocol version negotiation hasn't taken place and a lower version can
be sent to cover minimum supported protocol version.
 2024-06-07 10:42:12 +10:00
JacobBarthelmeh d09f955e6c
Merge pull request #7626 from lealem47/parseServerHello 
Improved fix for TLS1.3 to TLS1.2 client downgrade
 2024-06-06 17:16:30 -06:00
Sean Parkinson c82230324e
Merge pull request #7546 from oltolm/cmake 
cmake: fix generation of options.h
 2024-06-07 08:51:12 +10:00
JacobBarthelmeh 467b3cb561 add parsing 0 serial numbers for certs with python 2024-06-06 16:24:48 -06:00
JacobBarthelmeh 68f52cb49a add test case 2024-06-06 15:06:15 -06:00
Lealem Amedie 7cc0ac14c4 Adding test case 2024-06-06 13:24:07 -06:00
David Garske 60ccaf379d Remove uses of stdint in api.c. 2024-06-06 10:57:46 -07:00
Juliusz Sosinowicz ede8cde8a7 dtls: Increment sequence number in SendAlert 2024-06-04 17:13:04 +02:00
Juliusz Sosinowicz e428c2833b Allow user to send a user_canceled alert 2024-06-04 17:13:04 +02:00
David Garske 1f684e62d6
Merge pull request #7604 from ColtonWilley/explicit_len_pattern_match 
Rewrite pattern matching to use explicit length
 2024-06-03 12:04:12 -07:00
David Garske 43f4ba91da
Merge pull request #7608 from ejohnstown/rsa-add 
Import Raw RSA Private Key
 2024-06-03 09:33:38 -07:00
John Safranek e8e6eaeb4d Import Raw Rsa Key 
1. Add API for importing an RSA private key, `wc_RsaPrivateKeyDecodeRaw()`,
   when all you have are the components of the key in raw arrays. Also
   recalculates dP and dQ if missing.
2. Add API test for `wc_RsaPrivateKeyDecodeRaw()`.
 2024-06-03 09:03:29 -07:00
David Garske 3975af88cf
Merge pull request #7191 from kojo1/ecpoint-h2p 
Add EC_POINT_hex2point
 2024-06-01 07:13:31 -07:00
JacobBarthelmeh 2445fe844a rework get max fragment length 2024-05-31 16:45:50 -06:00
JacobBarthelmeh 2caee1c7c5 add support for spaces around '=' with x509 name print 2024-05-31 15:04:01 -06:00
JacobBarthelmeh ff7626419e add some simple test cases 2024-05-31 15:02:58 -06:00
JacobBarthelmeh 40562a0cb3
Merge pull request #7599 from dgarske/asn_checkcertsig 
Expose `wc_CheckCertSigPubKey` with `WOLFSSL_SMALL_CERT_VERIFY`
 2024-05-31 09:20:35 -06:00
David Garske 0789ecb808 Fix the `CheckCertSignature` API mess. 2024-05-31 06:58:35 -07:00
Colton Willey 447f73c25e Merge branch 'master' of github.com:ColtonWilley/wolfssl into explicit_len_pattern_match 2024-05-30 20:12:16 -07:00
Sean Parkinson fc8a509b06
Merge pull request #7597 from ColtonWilley/max_altnames_and_name_constraints 
Max limits on number of alternative names and name constraints
 2024-05-31 11:24:30 +10:00
Colton Willey f646cbcecb Address review comments, fix handling of . in name matching and add more tests for . handling 2024-05-30 18:03:38 -07:00
Colton Willey af3828b2b7 Rewrite pattern matching to always use explicit lengths instead of expecting NULL terminated strings, thus replicating the behavior of openssl X509_check_host() 2024-05-30 15:33:17 -07:00
JacobBarthelmeh ebdc8b9a32 rename of macros, add descriptions, minor fixes 2024-05-30 14:48:52 -06:00
Colton Willey f13a82610c Add flag guard for IGNORE_NAME_CONSTRAINTS 2024-05-29 22:41:36 -07:00
Colton Willey 473de5796c Free ctx before return 2024-05-29 20:52:09 -07:00
Colton Willey 284dea43fe Unify max name testing to use cert files for both cases. 2024-05-29 19:00:15 -07:00
Colton Willey a4544ce2eb Updates to address review comments 2024-05-29 17:54:52 -07:00
Colton Willey b00ae2ac69 Initial implementation of max limits on number of alternative names and name constraints 2024-05-29 15:55:17 -07:00
JacobBarthelmeh 288fe430f5 tying in lean staticmemory build with --enable-staticmemory=small 2024-05-29 15:50:11 -06:00
oltolm 5f46809988 fix compilation of tests with GCC 2024-05-16 18:55:27 +02:00
Juliusz Sosinowicz 12b9367598 test_wolfSSL_check_domain: doesn't work with WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY 2024-05-16 18:20:53 +02:00
Juliusz Sosinowicz d9f7629296 Add grpc support 
- Fix BIO_BIO type
  - Set retry flags correctly
- Add CRL callback
- Copy the alt names instead of trying to share a pointer
- Allow calling wolfSSL_get_servername on client side (to get the requested name)
- Return the chain in wolfSSL_X509_STORE_CTX_get_chain in the correct order
  - Peer first, top CA last
- Fix leak in RebuildFullName
- Add CopyString helper function
- Implement
  - X509_CRL_dup
  - ASN1_UTCTIME_set
  - X509_STORE_CTX_get0_param
  - X509_STORE_get0_param
  - X509_STORE_set_verify_cb
  - X509_STORE_set_get_crl
  - X509_set1_notAfter
  - X509_set1_notBefore
 2024-05-16 18:20:53 +02:00
Sean Parkinson abd1e367a5
Merge pull request #7420 from anhu/cmp_name_case 
When comparing subject names, do not worry about case.
 2024-05-16 09:10:56 +10:00
David Garske 287323ab4c
Merge pull request #6933 from kareem-wolfssl/zd16927 
Add stub for wolfSSL_set_ecdh_auto.
 2024-05-15 13:04:06 -07:00
Kareem 4481f9b626 Add stub for wolfSSL_set_ecdh_auto. 2024-05-15 10:19:47 -07:00
Colton Willey b156a51e82 Code cleanup per review comments 2024-05-15 09:51:00 -07:00
Colton Willey de0a492499 Remove trailing whitespace 2024-05-15 09:12:00 -07:00
Colton Willey d522feb1cd Free X509 object 2024-05-15 08:37:39 -07:00
Colton Willey 958b5ac465 Clean up cast warning 2024-05-15 08:30:38 -07:00
Colton Willey eb24bce93f Add test case for bad alternative name 2024-05-15 08:22:11 -07:00
Andras Fekete a59a3d109f Explicit cast 2024-05-14 11:03:20 -04:00
Daniel Pouzzner 8ee7c36bb1 tests/api.c: add suppression for clang-analyzer-optin.core.EnumCastOutOfRange in "Bad hash type" subtest in test_wc_ecc_sm2_create_digest(). 2024-05-13 19:06:54 -05:00
David Garske 29f7578a61
Merge pull request #7446 from julek-wolfssl/hostap 
hostap update
 2024-05-13 10:35:01 -07:00
David Garske d39ab765f6
Merge pull request #7519 from julek-wolfssl/gh/7516 
Return length in wc_Curve448PublicKeyToDer with NULL output param
 2024-05-13 09:00:33 -07:00
Daniel Pouzzner 9ac6bdd438 fixes and suppressions for defects reported by clang-analyzer-unix.Stream (new in llvm-19.0.0_pre20240504): 
* added POSIX definitions for XFEOF(), XFERROR(), and XCLEARERR(), currently with no-op fallbacks for !POSIX.
* added missing file handle checks in testsuite/testsuite.c:file_test() and tests/utils.h:copy_file().
* added fixes and suppression around tests/api.c:test_wolfSSL_SMIME_read_PKCS7().
* added various fixes in examples/asn1/asn1.c and examples/pem/pem.c.
 2024-05-11 15:24:54 -05:00
Juliusz Sosinowicz 239706615c Return length in wc_Curve448PublicKeyToDer with NULL output param 2024-05-10 20:10:23 +02:00
Daniel Pouzzner cb689104d1
Merge pull request #7466 from julek-wolfssl/gh/7273 
Mark all record sequence numbers before stateful parsing as read
 2024-05-09 13:57:13 -04:00
Juliusz Sosinowicz df425b306f Fix https://github.com/wolfSSL/wolfssl/issues/7391 2024-05-08 10:35:42 +02:00
Juliusz Sosinowicz 16ec3e52b7 Jenkins fixes 2024-05-08 10:35:42 +02:00
Juliusz Sosinowicz a987e76677 Use uml for hostap tests 
Remove tests that fail with openssl
 2024-05-08 10:33:30 +02:00
Juliusz Sosinowicz 6b47ebd66a Expose *_set_groups for TLS < 1.3 
- Add test to make sure we fail on curve mismatch
 2024-05-08 10:33:20 +02:00
Juliusz Sosinowicz 66f72a258f Remove unused internal API 2024-05-08 10:33:20 +02:00
Daniel Pouzzner 97110700b2
Merge pull request #7430 from jpbland1/check-session-setup 
Add `wolfSSL_SessionIsSetup`
 2024-05-07 13:51:33 -04:00
John Safranek 195bbcc315 Generic Memory Pools Fix 
1. Add some expository comments describing the purpose of:
   * WOLFMEM_MAX_BUCKETS
   * WOLFMEM_DEF_BUCKETS
   * WOLFMEM_BUCKETS
   * WOLFMEM_DIST
2. Switch the API test for LoadStaticMemory() to named constants.
3. Delete redundant test case. Add a new test case.
4. In the wolfCrypt test for the memory constants, check the sizes of
   the WOLFMEM_BUCKETS and WOLFMEM_DIST lists against
   WOLFMEM_DEF_BUCKETS which should be their length. Check that
   WOLFMEM_DEF_BUCKETS is not greater than WOLFMEM_MAX_BUCKETS.
5. Default for WOLFMEM_MAX_BUCKETS should be WOLFMEM_DEF_BUCKETS, set it
   to what is specified. Add a warning if MAX is less than DEF.
6. Separate the definition of the constant LARGEST_MEM_BUCKET so it is
   dependent on config and not if WOLFMEM_BUCKETS isn't set.
 2024-05-03 16:15:38 -07:00
Anthony Hu 4ddba7ac8a When comparing subject names, do not worry about case. 2024-05-03 15:03:07 -04:00
Daniel Pouzzner 0c1d583ab4 tests/api.c: fix double close in test_server_loop(). 2024-05-02 19:07:36 -05:00
Sean Parkinson 4594151588
Merge pull request #7418 from ejohnstown/generic-pool 
Generic Memory Pools
 2024-05-01 08:53:56 +10:00
Sean Parkinson 72d49964b9
Merge pull request #7379 from mrdeep1/enable-rpk 
configure.ac: Add in --enable-rpk option
 2024-05-01 08:44:08 +10:00
John Safranek 6be55269db
Generic Memory Pools 
1. Add API for function `wc_UnloadStaticMemory()` which frees the mutex
   used by the static memory pool.
2. Update the `wc_LoadStaticMemory_ex()` test to free the static memory
   pool's mutex on each successful test case.
 2024-04-30 09:34:48 -07:00
John Safranek f6ae432be1
Generic Memory Pools 
1. Add API test for function `wc_LoadStaticMemory_ex()`.
 2024-04-30 09:29:20 -07:00
Sean Parkinson 068a3b5e99
Merge pull request #7481 from douzzer/20240424-sha-C-dynamic-fallback 
20240424-sha-C-dynamic-fallback
 2024-04-30 09:00:57 +10:00
Sean Parkinson bd9a27a39b
Merge pull request #7472 from ColtonWilley/remove-des3-guard-from-pkcs12-tests 
Remove DES3 flag guard from pkcs12 tests
 2024-04-29 10:54:39 +10:00
Daniel Pouzzner 885497ba5a add missing gate around Sha256_SetTransform() declaration in wolfcrypt/src/sha256.c; 
remove stray definitions of XTRANSFORM*() in wolfcrypt/src/sha512.c;

restore global intel_flags in the !WC_NO_INTERNAL_FUNCTION_POINTERS paths of sha256.c and sha512.c;

disable test_wolfSSL_dtls_compare_stateless() in tests/api.c when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING (it depends on a stable SHA512 hash of the in-memory struct WOLFSSL image).
 2024-04-27 12:35:23 -05:00
Colton Willey 2fb70b260b Remove DES3 flag guard from pkcs12 tests that do not depend on DES3 code 2024-04-25 12:15:02 -07:00
Juliusz Sosinowicz 7644d792b6 Mark all record sequence numbers before stateful parsing as read 
Fixes https://github.com/wolfSSL/wolfssl/issues/7273
 2024-04-25 16:23:41 +02:00
Anthony Hu 329650fb4c Get rid of some code with NO_OLD_TLS 2024-04-24 16:00:45 -04:00
Jon Shallow 4a1df83b6f configure.ac: Add in --enable-rpk option 
By default RPK (RFC7250) support is not enabled, but is enabled when
--enable-rpk, --enable-all or --enable-dist is used.

Makes use of the HAVE_RPK compile time option.

Fix clang issue reported in tests/api.c during test suites
 2024-04-23 21:30:21 +01:00
JacobBarthelmeh c2e60d523f fix for WOLFSSL_NO_PEM build 2024-04-17 11:16:18 -06:00
John Bland b184cdf7b5 add underscore to make it more consistient and readable 2024-04-17 03:56:07 -04:00
John Bland c1dbbcc81e add wolfSSLSessionIsSetup so the user can check if 
a session ticket has been sent by the server
 2024-04-17 03:54:51 -04:00
Sean Parkinson 8e9810e87e ssl.c: Move functions out to separate files 
Moved E[CD][25519||448] APIs to pk.c
Move public key PEM APIs to pk.c.
Move wolfSSL loading and using of private keys and certificates to
ssl_load.c
Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c.
Move session and session cache APIs to ssl_sess.c.
Other minor fixes.
 2024-04-16 10:30:59 +10:00
JacobBarthelmeh 8b656d5a5f
Merge pull request #7295 from kaleb-himes/SRTP-KDF-FS 
SRTP-KDF FS Preview
 2024-04-11 13:41:05 -06:00
Sean Parkinson 36b47d1374
Merge pull request #7352 from JacobBarthelmeh/coverity4 
Coverity Fixes
 2024-04-10 10:46:54 +10:00
kaleb-himes 2e63ae750d Comments for SP800-38E TODO, wolfEntropy optional setup and remove forced errors api.c 2024-04-09 09:48:33 -06:00
kaleb_himes 81f5ac7f6c SRTP-KDF FS Preview 2024-04-09 09:48:33 -06:00
Sean Parkinson d96e5ec589 No match cipher suite alert type change 
TLS 1.0/1.1/1.2 specifications require the of a return a handshake
failure alert when no cipher suites match.
TLS 1.3 specification requires the return of a "handshake_failure" or
"insufficient_security" fatal alert.

Change alert sent from "illegal_parameter" to "handshake_failure".
 2024-04-08 11:25:50 +10:00
Daniel Pouzzner 747755b3c4 fixes for analyzer carps around HAVE_RPK: 
fix clang-analyzer-deadcode.DeadStores in src/tls.c TLSX_ClientCertificateType_GetSize();

fix clang-analyzer-deadcode.DeadStores in tests/api.c test_tls13_rpk_handshake();

fix null pointer to XMEMCPY() in src/internal.c CopyDecodedName().
 2024-04-04 00:15:01 -05:00
JacobBarthelmeh 8b587b563c
Merge pull request #7286 from Frauschi/hybrid_signatures 
Improvements to dual algorithm certificates
 2024-04-03 13:37:16 -06:00
jordan b65e42bf4d Used codespell and fixed obvious typos. 2024-04-02 10:19:39 -05:00
Anthony Hu 2d532dd6b8 Clean up after another round of analyzer execution. 2024-04-01 18:56:44 -04:00
Anthony Hu 3a3a7c2a67 Forgot to clean up the preTBS. 2024-04-01 17:37:04 -04:00
Daniel Pouzzner 2f3495f286 src/tls13.c: remove unreachable break in DoTls13CertificateVerify(). 
tests/api.c: fix various use-after-frees of file in do_dual_alg_root_certgen() and do_dual_alg_server_certgen().
 2024-04-01 17:37:03 -04:00
Anthony Hu e4b7857e43 If WOLFSSL_TRUST_PEER_CERT is defined, the negative test is no longer negative. 2024-04-01 17:37:03 -04:00
JacobBarthelmeh 489a79ad8b CID 347893 set test cert manager to null after free 2024-03-19 02:59:06 +07:00
JacobBarthelmeh 228544c31e CID 327280 use after free in test case 2024-03-19 02:44:45 +07:00
Daniel Pouzzner 3728cd3dc5 Kyber fixes: 
wolfssl/wolfcrypt/wc_kyber.h: in definition of struct KyberKey, use correct type for devId;

wolfcrypt/src/wc_kyber_poly.c: numerous fixes for bugprone-macro-parentheses and readability-inconsistent-declaration-parameter-name;

tests/api.c: in test_tls13_apis(), add missing defined(HAVE_LIBOQS) gate on inclusion of ":P256_KYBER_LEVEL1" in groupList.
 2024-03-15 16:06:32 -05:00
Sean Parkinson d1b16f2c7b Regression testing fixes 
api.c: z and ret no longer only when !NO_ASN_TIME.
benchmark.c: rsaKey array type has changed and unusual code path needsed
updating.
cmac.c: Zeroization test failed when checkSz was zero as called function
didn't zero out cmac. checkSz is invalid.
test.c: rsaCaCertDerFile used even when NO_ASN_TIME.
test.h: --enable-sp-math only supports DH of 2048 bits and above. Change
default DH parameters to be 2048 bits.
 2024-03-15 13:24:40 +10:00
Sean Parkinson 5daf5fff86
Merge pull request #7272 from JacobBarthelmeh/pkcs7-enc 
IO callbacks for content and output with PKCS7 bundle sign/encrypt
 2024-03-08 07:18:11 +10:00
Daniel Pouzzner 321a72c906 misc fixes: 
wolfcrypt/test/test.c: fix gating for verify4 in scrypt_test(), and fix WOLFSSL_SMALL_STACK -Wframe-larger-than=2048 warnings in sha256_test() and sha512_test().

src/ssl.c: fix for true-but-benign nullPointerRedundantCheck in ProcessBufferTryDecodeEd25519().

tests/api.c: fix for -Wmaybe-uninitialized in test_wc_PKCS7_VerifySignedData_RSA() identified via cross-m68k-all-asm.
 2024-03-05 17:44:33 -06:00
JacobBarthelmeh 2708062d39 add sanity check for null buffer after malloc in test case 2024-03-04 07:33:21 -07:00
JacobBarthelmeh 66f419bd18 add user ctx to stream IO callbacks 2024-03-04 06:00:07 -07:00
JacobBarthelmeh 90b28b5cef add test case for verify of stream signed PKCS7 bundle 2024-03-01 23:43:46 +07:00
JacobBarthelmeh 95eb17944c
Merge pull request #6961 from TakayukiMatsuo/pkcs7 
Add streaming support for PKCS7_VerifySignedData.
 2024-03-01 22:38:07 +07:00