mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,052 Commits 5 Branches 162 Tags
Commit Graph

15052 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sean Parkinson
a1e26e7bc7
Merge pull request #4308 from dgarske/sess_row_cache 
Improvements to session locking to allow per-row
 2021-08-24 09:07:03 +10:00
John Safranek
9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only 
SP RSA verify only: fix to compile
 2021-08-23 14:42:56 -07:00
David Garske
fe83d2d941 Fix for sniffer TCP sequence rollover. The math to detect and compute the rollover was off by one. ZD 12801. 2021-08-23 13:54:28 -07:00
Jacob Barthelmeh
da6e8d394f shift instead of multiply and add comment 2021-08-23 13:24:27 -06:00
David Garske
a13c2e2304 Fix for macro arg paren and double ampersand. Fixes building with ENABLE_SESSION_CACHE_ROW_LOCK. 2021-08-23 09:56:07 -07:00
David Garske
6ec28f508e
Merge pull request #4325 from SparkiDev/jenkins_fixes_3 
OpenSSL Extra builds: fixes from nightly builds failing
 2021-08-23 09:30:15 -07:00
David Garske
206b4641e8
Merge pull request #4326 from danielinux/iotsafe-fix-warning 
Fix compiler warnings
 2021-08-23 08:35:29 -07:00
Daniele Lacamera
b56c89bb84 Fix compiler warnings (ZD12802 and others) 2021-08-23 08:12:24 +02:00
Sean Parkinson
4bfd0443a7 OpenSSL Extra builds: fixes from nightly builds failing 
Prototype is required when internal.h is not included and GetCA is not
defined.

wolfSSL_EVP_CIPHER_CTX_set_iv_length() is called with CBC cipher in
api.c. Function is not specificly for GCM, though not strictly needed
for CBC.
 2021-08-23 12:55:27 +10:00
Hideki Miyazaki
8808e6a3ac
implement set_tlsext_max_fragment_length 2021-08-23 09:08:14 +09:00
David Garske
26cf17e602
Merge pull request #4317 from SparkiDev/math_x86_asm_fix 
Maths x86 asm: change asm snippets to get compiling
 2021-08-20 13:42:15 -07:00
David Garske
c8926a45ab Improvements to session locking to allow per-row. Can manually be enabled with ENABLE_SESSION_CACHE_ROW_LOCK or forcefully disabled using NO_SESSION_CACHE_ROW_LOCK. Enabled by default for Titan cache. ZD 12715. 2021-08-20 13:03:50 -07:00
Takashi Kojo
10c5e33027 arg type compatibility 2021-08-20 15:21:06 +09:00
Sean Parkinson
dbb03cb5a3 SP RSA verify only: fix to compile 
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
 2021-08-20 13:16:58 +10:00
Sean Parkinson
fa8f23284d Maths x86 asm: change asm snippets to get compiling 
TFM:
  Use register or memory for c0, c1, c2 in SQRADD and SQRADD2.
SP:
  Use register or memory for vl, vh, vo in SP_ASM_MUL_ADD,
SP_ASM_MUL_ADD2 and SP_ASM_SQR_ADD.
 2021-08-20 10:35:49 +10:00
John Safranek
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template 
ASN1 Template: stricter and simpler DER/BER parsing/construction
 2021-08-19 12:47:04 -07:00
Daniel Pouzzner
3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) (#4276) 
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
 2021-08-19 09:15:52 -07:00
John Safranek
16ad5cf3c5
Merge pull request #4315 from SparkiDev/g++_fix_3 
SRP test: use proper SRP hash type for g++
 2021-08-19 08:56:43 -07:00
Sean Parkinson
17a569d4dd SRP test: use proper SRP hash type for g++ 2021-08-19 11:40:43 +10:00
Sean Parkinson
d486b89c61 ASN1 Template: stricter and simpler DER/BER parsing/construction 
Reduce debug output noise
 2021-08-19 11:32:41 +10:00
John Safranek
63fde01e32
Merge pull request #4311 from haydenroche5/rsyslog 
Make improvements for rsyslog port.
 2021-08-18 16:55:32 -07:00
John Safranek
9a1233c04d
Merge pull request #4312 from julek-wolfssl/DH_set_length 
Implement `DH_set_length`.
 2021-08-18 16:42:38 -07:00
John Safranek
eaded189ff
Merge pull request #4310 from haydenroche5/dsa_fips 
Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined.
 2021-08-18 16:33:26 -07:00
John Safranek
18314e5a4f
Merge pull request #4309 from dgarske/sniff_cleanups 
Improved sniffer statistics and documentation
 2021-08-18 16:03:38 -07:00
John Safranek
c2b88a1fca
Merge pull request #4306 from dgarske/pk_tls13 
Fixes for PK callbacks with TLS v1.3
 2021-08-18 15:42:19 -07:00
Sean Parkinson
8df65c3fa7
Merge pull request #4270 from dgarske/zd12586 
Fixes for various PKCS7 and SRP build issues
 2021-08-19 08:12:15 +10:00
John Safranek
ef77cd05d4
Merge pull request #4302 from haydenroche5/libssh2 
Add missing ECDSA_SIG getter/settter for libssh2.
 2021-08-18 15:08:06 -07:00
David Garske
c5f9e55567 Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled. 2021-08-18 11:30:18 -07:00
Chris Conlon
6237a7a00d
Merge pull request #4305 from TakayukiMatsuo/i2t 
Add support for wolfSSL_i2t_ASN1_OBJECT
 2021-08-18 10:37:08 -06:00
Juliusz Sosinowicz
162f14aaf9 Implement DH_set_length. 2021-08-18 13:24:51 +02:00
Sean Parkinson
3c06dd6fa8 SP ECC: calc vfy point not check mod_inv return 
Not all implementations return an error though.
 2021-08-18 10:05:29 +10:00
Sean Parkinson
8f7e09d9b5
Merge pull request #4294 from dgarske/tls13_earlydata 
Fix early data max size handling in TLS v1.3
 2021-08-18 08:48:42 +10:00
David Garske
d1e027b6fa Fix for pedantic warning with pre-processor in macro. 2021-08-17 14:55:42 -07:00
David Garske
f5076cad1b Added new files to include.am. 2021-08-17 13:20:34 -07:00
David Garske
d6f5f815e1 Fix for srp_test_digest return code checking. Added GCC-ARM TLS server example. 2021-08-17 11:12:40 -07:00
David Garske
95178e3bdc Use void* on heap hint test. Also previously fixed in hmac.c. 2021-08-17 10:52:50 -07:00
David Garske
89904ce82e Fixes for building without AES CBC and support for PKCS7 without AES CBC. 2021-08-17 10:47:19 -07:00
David Garske
a9b8b6d3de Fix for PKCS7 heap hint in API unit test. 2021-08-17 10:46:53 -07:00
David Garske
e1f603301b Fixes for SRP with heap hint. 2021-08-17 10:45:50 -07:00
David Garske
c598688f89 Fix for static memory with bucket size matching. 2021-08-17 10:38:27 -07:00
David Garske
69d01afd3a
Merge pull request #4250 from danielinux/iotsafe 
IoT-Safe with TLS demo
 2021-08-17 08:26:19 -07:00
David Garske
5209e235a7
Merge pull request #4307 from SparkiDev/srp_test_digests 
SRP test: increase size of N to support larger digests
 2021-08-17 08:24:47 -07:00
Hayden Roche
c16127d9ab Make improvements for rsyslog port. 
- Remove FP_MAX_BITS and RSA_MAX_BITS definitions from rsyslog config. A user
configuring wolfSSL for rsyslog support should set them as they see fit (i.e.
based on the key sizes they need to support).
- After testing with wolfSSL FIPS, I discovered that some functions were missing
from the compatibility layer that rsyslog needs. Notably wolfSSL_DH_generate_key
and wolfSSL_DH_set0_pqg. These were gated out of compilation based on HAVE_FIPS.
However, they only need to be compiled out if WOLFSSL_DH_EXTRA is defined. This
is because these functions call SetDhInternal, which calls wc_DhImportKeyPair
if WOLFSSL_DH_EXTRA is defined. wc_DhImportKeyPair isn't available in the FIPS
module's dh.c. So, these functions can exist in the FIPS build provided
WOLFSSL_DH_EXTRA isn't defined. This commit accounts for this scenario.
 2021-08-17 08:19:43 -07:00
TakayukiMatsuo
421be50cb8 Add support for wolfSSL_i2t_ASN1_OBJECT 2021-08-17 10:52:20 +09:00
Hayden Roche
95ab6ce4b8 Don't run test_wolfSSL_DSA_SIG if HAVE_FIPS is defined. 
This test calls `wolfSSL_DSA_do_sign_ex` and `wolfSSL_DSA_do_verify_ex`, both
of which don't exist if `HAVE_FIPS` is defined.
 2021-08-16 17:42:00 -07:00
David Garske
5c00951f09 Do not add DH padding on failure. 2021-08-16 16:31:18 -07:00
David Garske
9898b5d82b Various spelling fixes. 2021-08-16 16:31:18 -07:00
David Garske
0ea5046b39 Improved documentation for sniffer statistics (ZD 12731). 2021-08-16 16:31:18 -07:00
Sean Parkinson
9066ab6051 SRP test: increase size of N to support larger digests 
Test all digests supported by SRP.
 2021-08-17 09:15:07 +10:00
David Garske
6ac03d41ef
Merge pull request #4203 from SparkiDev/tls13_peek_fix_off 
TLS 1.3: ability to turn peek change off
 2021-08-16 15:25:58 -07:00