WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
22,336 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

22336 Commits (b83d8f0cf609fb52b786b258e68e768358be6dd8)

Author SHA1 Message Date
Anthony Hu 6a4d4bf6f1 cks_order is used later; don't let it fall out of scope. 2024-04-01 17:37:03 -04:00
Anthony Hu 8f599defe0 Add check inspired by original implementation of asn. 2024-04-01 17:37:03 -04:00
Daniel Pouzzner 2f3495f286 src/tls13.c: remove unreachable break in DoTls13CertificateVerify(). 
tests/api.c: fix various use-after-frees of file in do_dual_alg_root_certgen() and do_dual_alg_server_certgen().
 2024-04-01 17:37:03 -04:00
Anthony Hu e4b7857e43 If WOLFSSL_TRUST_PEER_CERT is defined, the negative test is no longer negative. 2024-04-01 17:37:03 -04:00
Tobias Frauenschläger 136eaae4f1 Improvements to dual alg certificates 
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
	(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
  file/buffer
* More API support for alternative private keys

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-04-01 17:37:03 -04:00
David Garske da6a11d1d1 Restore `HAVE_NETDB_H` and `HAVE_SYS_IOCTL_H` checks in the wolfio.c. 2024-04-01 09:49:22 -07:00
Daniel Pouzzner d930825a92
Merge pull request #7362 from jpbland1/rsa-make-key-no-malloc 
fix wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC
 2024-03-30 03:19:27 -04:00
John Bland d8e9e90f9d refactor rawLen to avoid unused warning 2024-03-30 02:12:32 -04:00
Daniel Pouzzner 03d7eac9c4
Merge pull request #7337 from gojimmypi/PR-test-certbuf-256 
wolfcrypt tests: improve file system gating for USE_CERT_BUFFERS
 2024-03-30 00:43:20 -04:00
David Garske 5c486cb7a6
Merge pull request #7371 from douzzer/20240327-tls-int-overflows 
20240327-tls-int-overflows
 2024-03-29 11:37:08 -07:00
Jon Shallow a0f3933881 Support (D)TLS1.3 downgrade when using PSK 
DTLS Server:
examples/server/server -v3 -u -s

DTLS Client:
examples/client/client -vd -g -u -s

TLS Server:
examples/server/server -v3 -s

TLS Client:
examples/client/client -vd -g -s

Support checking for DTLS1.2 Hello Verify Request when using PSK.

Unset options.tls1_3 when handling a DTLS1.2 Hello Verify Request.

Unset options.tls1_3 when handling a (D)TLS1.2 Server Hello to stop
checking of Encrypted Client Hello

Requires ./configure --enable-all --enable-dtls13

Add in tests for DTLS1.3 and TLS1.3 downgrade when using PSK.
 2024-03-29 18:04:30 +00:00
Daniel Pouzzner 038be95a4a wolfssl/wolfcrypt/types.h: add WC_SAFE_SUM_WORD32(). 
src/internal.c: mitigations for potential integer overflows in figuring allocation sizes.
 2024-03-29 11:45:11 -05:00
Daniel Pouzzner 3f3dd4743a
Merge pull request #7365 from rizlik/ecc_cmp_param_cleanup 
wc_ecc_cmp_param cleanup
 2024-03-29 01:48:46 -04:00
Daniel Pouzzner 1caed2139b
Merge pull request #7374 from gojimmypi/PR-Kyber-Init 
Initialize some Kyber client variables
 2024-03-29 01:44:56 -04:00
Daniel Pouzzner 7e8c0156fe
Merge pull request #7325 from dgarske/zephyr 
Improve Zephyr support
 2024-03-29 00:57:55 -04:00
András Fekete 5b3772c5d2
Merge pull request #7377 from douzzer/20240328-multi-test-fixes 
20240328-multi-test-fixes
 2024-03-28 16:58:30 -04:00
David Garske 83dc3dfac1 Add support for the Infineon/Cypress HAL TRNG. 2024-03-28 13:57:26 -07:00
Daniel Pouzzner 58462840c1 src/ssl.c: add missing cast in wolfSSL_GetSessionFromCache(). 2024-03-28 15:14:19 -05:00
Jon Shallow f2e6f49721 RPK: Define Certificates correctly for (D)TLS1.2 
As per https://datatracker.ietf.org/doc/html/rfc7250#section-3 Figure 1,
the RPK is a single ASN.1_subjectPublicKeyInfo, whereas X509 certificates
etc. are transmitted as a certificate list (even if there is only 1).

This is for (D)TLS1.2 transfers, and this PR fixes this.

As per https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2 all
certificates (both RPK and Z509) are transferred using a certificate list.

Update examples client to support RPK certificates.

For testing:-
Server:
$ gnutls-serv --http --x509fmtder --priority NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK --rawpkfile certs/server-keyPub.der --rawpkkeyfile certs/server-key.der

Client:
$ examples/client/client -g -p 5556 -c certs/client-keyPub.der -k certs/client-key.der --rpk --files-are-der
 2024-03-28 17:58:02 +00:00
John Bland 7c0423eb65 reduce der buffer size 2024-03-28 12:56:26 -04:00
Daniel Pouzzner 7a283edd68
Merge pull request #7373 from bandi13/FixMultiTestWarning 
Fix sanitizer complaint in multi-test script
 2024-03-28 12:35:45 -04:00
gojimmypi 5bffbdb20c Initialize some Kyber client variables 2024-03-28 09:14:53 -07:00
Andras Fekete 4cb176ffff Fix sanitizer complaint 2024-03-28 11:44:12 -04:00
John Bland 6cc32e90b0 trim down buffer size 2024-03-28 03:01:46 -04:00
John Bland 254eb23443 add missing make call 2024-03-28 02:56:08 -04:00
John Bland 04db5baaa1 test wolfcrypt only 2024-03-28 02:56:08 -04:00
John Bland 6272465c44 use only one matrix index 2024-03-28 02:56:08 -04:00
John Bland f63501f035 fix bad CFLAGS 2024-03-28 02:56:08 -04:00
John Bland 30189e5766 add autogen.sh to workflow 2024-03-28 02:56:08 -04:00
John Bland 71e52487bf add no malloc to main workflows file 2024-03-28 02:55:31 -04:00
John Bland 76ac4fa7e3 add github workflow to test no malloc 2024-03-28 02:54:49 -04:00
John Bland 9cd614fcac update rsa test to support no malloc 2024-03-28 02:54:49 -04:00
John Bland 4f51183b45 fix bad indenting 2024-03-28 02:54:49 -04:00
John Bland 305f87561d break out of loop on failure instead of return 2024-03-28 02:54:49 -04:00
John Bland fb784a2ac9 more changes from PR comments 2024-03-28 02:54:49 -04:00
John Bland 0bd8775eae update based on PR comments 2024-03-28 02:54:49 -04:00
John Bland d9d3f9a4f4 fix wc_MakeRsaKey and wc_RsaKeyToDer to work with 
WOLFSSL_NO_MALLOC
 2024-03-28 02:54:49 -04:00
Daniel Pouzzner 716870cbc2
Merge pull request #7370 from anhu/quickie 
sizeof(oriType) ---> sizeof(asnDataOid)
 2024-03-28 01:58:01 -04:00
Daniel Pouzzner 42a0cb23ac
Merge pull request #7364 from gojimmypi/PR-Kyber-Init 
Initialize some Kyber variables
 2024-03-28 00:13:43 -04:00
Daniel Pouzzner 2f17b756b2
Merge pull request #7360 from rizlik/curl-ticket-nonce-malloc 
configure.ac: enable ticket_nonce_malloc when using enable-curl
 2024-03-27 23:58:21 -04:00
Daniel Pouzzner 98c912c3a0
Merge pull request #7359 from SparkiDev/asn1_test_bad_certs 
ASN.1 testing: add tests of bad DER encodings
 2024-03-27 23:55:57 -04:00
Daniel Pouzzner 0f6670a437
Merge pull request #7357 from kareem-wolfssl/gh7349 
Fix potential division by zero in example server.
 2024-03-27 23:52:55 -04:00
Daniel Pouzzner ad74fb79ac
Merge pull request #7354 from JacobBarthelmeh/ocsp-test 
add ocsp test
 2024-03-27 23:50:49 -04:00
Daniel Pouzzner e8e3e9db43
Merge pull request #7285 from anhu/noMagic274 
Get rid of magic number to size structs.
 2024-03-27 23:43:28 -04:00
Daniel Pouzzner f9b26d8c06
Merge pull request #7358 from bandi13/buildNewYoctoContainer 
Build new yocto container
 2024-03-27 23:41:46 -04:00
Daniel Pouzzner 708fd6003f
Merge pull request #7320 from bandi13/addExtraToolsToDocker 
More application dependencies
 2024-03-27 23:39:41 -04:00
David Garske 2d7f9d1874 Support for Infineon Modus Toolbox with wolfSSL. 2024-03-27 15:37:50 -07:00
Anthony Hu 28a88d1c7c sizeof(oriType) ---> sizeof(asnDataOid) 2024-03-27 17:05:25 -04:00
Marco Oliverio 0a03940f5a wolfcrypt: wc_ecc_cmp_param: check string len before strncmp 
also return -1 on param mismatch.
 2024-03-26 14:59:41 +01:00
gojimmypi 01ae240fe8 Initialize some Kyber variables 2024-03-25 14:08:47 -07:00