WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
22,157 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

22157 Commits (c8e51112c37261dfe474b050f024cb7cbe11fcaa)

Author SHA1 Message Date
Daniel Pouzzner 8511b2dc6b ProcessBuffer(): in WOLFSSL_DUAL_ALG_CERTS code path, fall through without disrupting ret, if cert->sapkiOID and cert->sapkiLen are unset. 2024-04-03 13:54:57 -05:00
jordan 79abae8c3d Only require WOLFSSL_W64_WRAPPER if WOLFSSL_XMSS_MAX_HEIGHT greater than 32. 2024-04-03 12:16:03 -05:00
David Garske 57603823e3
Merge pull request #7387 from JacobBarthelmeh/sm2 
fix for oss-fuzz sm2 test build
 2024-04-03 10:08:46 -07:00
JacobBarthelmeh f6a24efe23
Merge pull request #7389 from dgarske/nxp_mmcau_sha256 
Fix the NXP MMCAU HW acceleration for SHA2-256
 2024-04-03 10:39:04 -06:00
Anthony Hu 9bfab33726 Address comments from Jacob. 2024-04-03 09:04:28 -04:00
David Garske d7c6d7af44 Fix the NXP MMCAU HW acceleration for SHA2-256. Broken with LMS SHA2 refactor. 2024-04-02 19:32:41 -07:00
JacobBarthelmeh c768f76d5a
Merge pull request #7315 from fabiankeil/disable-3des-ciphers 
Allow to enable DES3 support without the DES3 ciphers
 2024-04-02 17:48:01 -06:00
JacobBarthelmeh 75da69911c
Merge pull request #7369 from dgarske/infineon_modustoolbox 
Support for Infineon Modus Toolbox with wolfSSL
 2024-04-02 17:34:07 -06:00
JacobBarthelmeh 983616afa0 check for critical policy extension when not supported 2024-04-02 16:46:47 -06:00
JacobBarthelmeh 04ebc966d0
Merge pull request #7385 from philljj/spelling_cleanup 
Used codespell and fixed obvious typos.
 2024-04-02 14:35:51 -06:00
JacobBarthelmeh d4f5825fd2 fix for sp build with ecc_map_ex 2024-04-02 11:40:53 -06:00
JacobBarthelmeh ed4f052215
Merge pull request #7382 from bandi13/reEnableTest 
Revert "Disable broken library"
 2024-04-02 10:51:50 -06:00
JacobBarthelmeh b334750bf2
Merge pull request #7383 from embhorn/zd17763 
Fix build error with RECORD_SIZE defined
 2024-04-02 10:51:11 -06:00
Anthony Hu 598a3bfdcd Make wc_RNG_DRBG_Reseed() a wolfCrypt API. 2024-04-02 12:33:35 -04:00
jordan b65e42bf4d Used codespell and fixed obvious typos. 2024-04-02 10:19:39 -05:00
Eric Blankenhorn e072677379 Fix build error with RECORD_SIZE defined 2024-04-02 10:02:35 -05:00
Fabian Keil 790129ee71 cmake: Add WOLFSSL_DES3_TLS_SUITES option 2024-04-02 16:27:11 +02:00
Daniel Pouzzner 092dba4593 wolfcrypt/src/asn.c: fix for benign identicalInnerCondition in ParseCertRelative(). 2024-04-01 23:50:05 -05:00
Anthony Hu 10d210ce26 Parenthesis 2024-04-01 19:05:59 -04:00
Anthony Hu 2d532dd6b8 Clean up after another round of analyzer execution. 2024-04-01 18:56:44 -04:00
Andras Fekete 6524fbb43f Revert "Disable broken library" 
This reverts commit ce52a68c3d.
 2024-04-01 18:11:42 -04:00
Anthony Hu 3a3a7c2a67 Forgot to clean up the preTBS. 2024-04-01 17:37:04 -04:00
Anthony Hu 6a4d4bf6f1 cks_order is used later; don't let it fall out of scope. 2024-04-01 17:37:03 -04:00
Anthony Hu 8f599defe0 Add check inspired by original implementation of asn. 2024-04-01 17:37:03 -04:00
Daniel Pouzzner 2f3495f286 src/tls13.c: remove unreachable break in DoTls13CertificateVerify(). 
tests/api.c: fix various use-after-frees of file in do_dual_alg_root_certgen() and do_dual_alg_server_certgen().
 2024-04-01 17:37:03 -04:00
Anthony Hu e4b7857e43 If WOLFSSL_TRUST_PEER_CERT is defined, the negative test is no longer negative. 2024-04-01 17:37:03 -04:00
Tobias Frauenschläger 136eaae4f1 Improvements to dual alg certificates 
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
	(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
  file/buffer
* More API support for alternative private keys

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
 2024-04-01 17:37:03 -04:00
David Garske da6a11d1d1 Restore `HAVE_NETDB_H` and `HAVE_SYS_IOCTL_H` checks in the wolfio.c. 2024-04-01 09:49:22 -07:00
Daniel Pouzzner d930825a92
Merge pull request #7362 from jpbland1/rsa-make-key-no-malloc 
fix wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC
 2024-03-30 03:19:27 -04:00
John Bland d8e9e90f9d refactor rawLen to avoid unused warning 2024-03-30 02:12:32 -04:00
Daniel Pouzzner 03d7eac9c4
Merge pull request #7337 from gojimmypi/PR-test-certbuf-256 
wolfcrypt tests: improve file system gating for USE_CERT_BUFFERS
 2024-03-30 00:43:20 -04:00
David Garske 5c486cb7a6
Merge pull request #7371 from douzzer/20240327-tls-int-overflows 
20240327-tls-int-overflows
 2024-03-29 11:37:08 -07:00
Jon Shallow a0f3933881 Support (D)TLS1.3 downgrade when using PSK 
DTLS Server:
examples/server/server -v3 -u -s

DTLS Client:
examples/client/client -vd -g -u -s

TLS Server:
examples/server/server -v3 -s

TLS Client:
examples/client/client -vd -g -s

Support checking for DTLS1.2 Hello Verify Request when using PSK.

Unset options.tls1_3 when handling a DTLS1.2 Hello Verify Request.

Unset options.tls1_3 when handling a (D)TLS1.2 Server Hello to stop
checking of Encrypted Client Hello

Requires ./configure --enable-all --enable-dtls13

Add in tests for DTLS1.3 and TLS1.3 downgrade when using PSK.
 2024-03-29 18:04:30 +00:00
Daniel Pouzzner 038be95a4a wolfssl/wolfcrypt/types.h: add WC_SAFE_SUM_WORD32(). 
src/internal.c: mitigations for potential integer overflows in figuring allocation sizes.
 2024-03-29 11:45:11 -05:00
Daniel Pouzzner 3f3dd4743a
Merge pull request #7365 from rizlik/ecc_cmp_param_cleanup 
wc_ecc_cmp_param cleanup
 2024-03-29 01:48:46 -04:00
Daniel Pouzzner 1caed2139b
Merge pull request #7374 from gojimmypi/PR-Kyber-Init 
Initialize some Kyber client variables
 2024-03-29 01:44:56 -04:00
Daniel Pouzzner 7e8c0156fe
Merge pull request #7325 from dgarske/zephyr 
Improve Zephyr support
 2024-03-29 00:57:55 -04:00
András Fekete 5b3772c5d2
Merge pull request #7377 from douzzer/20240328-multi-test-fixes 
20240328-multi-test-fixes
 2024-03-28 16:58:30 -04:00
David Garske 83dc3dfac1 Add support for the Infineon/Cypress HAL TRNG. 2024-03-28 13:57:26 -07:00
Daniel Pouzzner 58462840c1 src/ssl.c: add missing cast in wolfSSL_GetSessionFromCache(). 2024-03-28 15:14:19 -05:00
Jon Shallow f2e6f49721 RPK: Define Certificates correctly for (D)TLS1.2 
As per https://datatracker.ietf.org/doc/html/rfc7250#section-3 Figure 1,
the RPK is a single ASN.1_subjectPublicKeyInfo, whereas X509 certificates
etc. are transmitted as a certificate list (even if there is only 1).

This is for (D)TLS1.2 transfers, and this PR fixes this.

As per https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2 all
certificates (both RPK and Z509) are transferred using a certificate list.

Update examples client to support RPK certificates.

For testing:-
Server:
$ gnutls-serv --http --x509fmtder --priority NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK --rawpkfile certs/server-keyPub.der --rawpkkeyfile certs/server-key.der

Client:
$ examples/client/client -g -p 5556 -c certs/client-keyPub.der -k certs/client-key.der --rpk --files-are-der
 2024-03-28 17:58:02 +00:00
John Bland 7c0423eb65 reduce der buffer size 2024-03-28 12:56:26 -04:00
Daniel Pouzzner 7a283edd68
Merge pull request #7373 from bandi13/FixMultiTestWarning 
Fix sanitizer complaint in multi-test script
 2024-03-28 12:35:45 -04:00
gojimmypi 5bffbdb20c Initialize some Kyber client variables 2024-03-28 09:14:53 -07:00
Andras Fekete 4cb176ffff Fix sanitizer complaint 2024-03-28 11:44:12 -04:00
John Bland 6cc32e90b0 trim down buffer size 2024-03-28 03:01:46 -04:00
John Bland 254eb23443 add missing make call 2024-03-28 02:56:08 -04:00
John Bland 04db5baaa1 test wolfcrypt only 2024-03-28 02:56:08 -04:00
John Bland 6272465c44 use only one matrix index 2024-03-28 02:56:08 -04:00
John Bland f63501f035 fix bad CFLAGS 2024-03-28 02:56:08 -04:00