mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18,750 Commits 5 Branches 162 Tags
Commit Graph

18750 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anthony Hu
364835dc9e Allow session tickets to properly resume when using PQ KEMs. 
Found with:

```
./configure --with-liboqs --enable-session-ticket
./examples/server/server -v 4 -r --pqc P521_KYBER_LEVEL5
./examples/client/client -v 4 -r --pqc P521_KYBER_LEVEL5
```
 2022-12-13 11:36:00 -05:00
Daniel Pouzzner
64ef6aedd6
Merge pull request #5882 from SparkiDev/sp_aarch64_be 
SP: support aarch64 big endian
 2022-12-12 22:06:38 -06:00
Sean Parkinson
a7a6d5b297
Merge pull request #5874 from JacobBarthelmeh/tls13 
adjust post auth support with TLS 1.3
 2022-12-13 09:39:31 +10:00
Sean Parkinson
bc3b723609 SP: support aarch64 big endian 2022-12-13 09:33:16 +10:00
David Garske
d0c9ec6681
Merge pull request #5854 from JacobBarthelmeh/Certs 
fix other name san parsing and add RID cert to test parsing
 2022-12-12 14:44:07 -08:00
David Garske
a1e883b43d
Merge pull request #5875 from JacobBarthelmeh/Compatibility-Layer 
fix for handling DEFAULT:... cipher suite list
 2022-12-12 14:43:50 -08:00
David Garske
334042d7f5
Merge pull request #5881 from anhu/warn_session_ticket 
Warn that renegotiation in TLS 1.3 requires session ticket.
 2022-12-12 13:51:28 -08:00
David Garske
36413a2c11
Merge pull request #5879 from SparkiDev/api_test_timing 
API test: Report time taken to perform test
 2022-12-12 12:31:06 -08:00
David Garske
f87859a00e Whitespace cleanups. Use const for test_tls_ext_duplicate. 2022-12-12 08:59:53 -08:00
David Garske
78f495cdae
Merge pull request #5877 from SparkiDev/x509v3_d2i_aia 
X509v3 EXT d2i: fix freeing of aia
 2022-12-12 08:59:15 -08:00
David Garske
2a97862d26
Merge pull request #5878 from SparkiDev/benchmark_aesofb_fix 
Benchmark AES-OFB: initialize and free AES object
 2022-12-12 08:57:44 -08:00
Anthony Hu
b017795413 Remove changes around wolfSSL_set_session() as it breaks tests. 2022-12-12 11:44:27 -05:00
Anthony Hu
fffd3adc30 Warn that renegotiation in TLS 1.3 requires session ticket. 2022-12-12 11:30:01 -05:00
David Garske
b871829833
Merge pull request #5811 from lealem47/zd15184 
Async Sniffer: Fix for decryption after second handshake
 2022-12-12 08:21:35 -08:00
Sean Parkinson
b4b1739783 API test: Report time taken to perform test 
API test now displays timing taken to perform a test case to help
identify ones that are doing too much work.
 2022-12-12 12:24:38 +10:00
David Garske
50c5d61998
Merge pull request #5872 from SparkiDev/tls_ext_no_dup 
TLS: detect duplicate known extensions
 2022-12-11 16:53:38 -08:00
Sean Parkinson
819d40a76f Benchmark AES-OFB: initialize and free AES object 
Device ID is not initialized unless wc_AesInit() is called.
Call wc_AesFree() for possible hardware implementations.
 2022-12-12 10:45:21 +10:00
Sean Parkinson
7f3de91e25 X509v3 EXT d2i: fix freeing of aia 
aia is a stack and must be pop freed rather than freed with XFREE.
Extract function that creates Authority Info Access stack.

Fix spelling issue raised by codespell.
 2022-12-12 10:13:13 +10:00
Sean Parkinson
9ab8867b42 TLS: detect duplicate known extensions 
TLS specification requires that there not be more than one extension of
the same type in a given extension block. E.g. ClientHello
 2022-12-12 08:35:04 +10:00
JacobBarthelmeh
f974bd4ad6 move test function call into macro guard 2022-12-10 15:45:14 -08:00
JacobBarthelmeh
8b296877ab fix for handling DEFAULT:... cipher suite list 2022-12-10 14:53:43 -08:00
JacobBarthelmeh
389cf6ed0a adjust post auth support with TLS 1.3 2022-12-10 06:49:51 -08:00
Daniel Pouzzner
11c4a0e228
Merge pull request #5866 from dgarske/ecc_pub_import 
Fix API test `test_wc_ecc_import_raw` with SP math
 2022-12-09 14:00:57 -06:00
David Garske
793bd6620b Fix unicode char in logging.c. 2022-12-09 10:36:35 -08:00
David Garske
52c6710783 Fix test_wc_ecc_import_raw to handle ECC_INF_E or MP_VAL on point failures. SP math returns MP_VAL in sp_256_ecc_is_point_4. 2022-12-09 10:32:46 -08:00
Tesfa Mael
85dc7a61c5 Detect SIZEOF_LONG in armclang and diab 2022-12-09 09:29:25 +01:00
Sean Parkinson
c959d22b98
Merge pull request #5868 from dgarske/ecc_pub_math 
Expose more ECC math functions and improve async shared secret
 2022-12-09 08:37:26 +10:00
David Garske
f8484fb5f3
Merge pull request #5869 from anhu/NO_SERVER_fix 
Add proper gating on !NO_WOLFSSL_SERVER
 2022-12-08 14:30:23 -08:00
Sean Parkinson
5d9532b0ee
Merge pull request #5865 from dgarske/fix_-5864 
Fix for implicit conversion with 32-bit in SP math
 2022-12-09 08:24:04 +10:00
JacobBarthelmeh
ab6233a01b
Merge pull request #5870 from anhu/fix_sgx_stdout 
stdout is undeclared
 2022-12-08 15:22:30 -07:00
Anthony Hu
3aa74e3c8c stdout is undeclared 2022-12-08 15:29:48 -05:00
Anthony Hu
cdaa4d8aa0 Add proper gating on !NO_WOLFSSL_SERVER 
Found with the following configuration:

--enable-dtls --enable-dtls13 --enable-dtls-mtu CFLAGS="-DNO_WOLFSSL_SERVER"
 2022-12-08 14:20:17 -05:00
David Garske
9cb19e36fe
Merge pull request #5867 from anhu/dont_make_broken_key 
For compatibility `EC_KEY_new_by_curve_name` check that we found curve
 2022-12-08 11:09:56 -08:00
David Garske
9ad4e3f9ba Expose the safe version of point double/add and mulmod_ex with WOLFSSL_PUBLIC_ECC_ADD_DBL. Eliminate int wc_ecc_shared_secret_gen used by async/nb and improve async use of curve spec allocations. 2022-12-08 10:43:03 -08:00
Anthony Hu
937d247c7d Don't create a key if we don't support the curve. 
Found with the following configuration:

./configure --enable-tls13 --disable-oldtls --enable-static --enable-singlethreaded --enable-dtls --enable-dtls13 --enable-dtls-mtu --enable-sp=yes,4096 --disable-shared --disable-sha3 --disable-dh --enable-curve25519 --enable-secure-renegotiation --enable-debug --enable-opensslextra 'CFLAGS=-DWOLFSSL_DTLS_ALLOW_FUTURE -DWOLFSSL_MIN_RSA_BITS=2048 -DWOLFSSL_MIN_ECC_BITS=256 -DFP_MAX_BITS=8192 -fomit-frame-pointer'
 2022-12-08 12:13:12 -05:00
David Garske
d264cbc899 Fix for implicit conversion with 32-bit in SP math. 
Fixes `error: implicit conversion loses integer precision: sp_int64' (aka long long) to sp_digit (aka int)` building with `./configure CC="clang -m32" --enable-sp && make`
 2022-12-08 08:31:02 -08:00
JacobBarthelmeh
eb69ccb22c
Merge pull request #5856 from icing/errq-improvements 
Improvements in OpenSSL Compat ERR Queue handling.
 2022-12-08 09:28:05 -07:00
Stefan Eissing
02094ebb2e Updates after review by JacobBarthelmeh. 
- fix err/ret rename leftover for python builds
- add documenetation to thread-local functions
- move generic queue functions up
 2022-12-08 09:53:05 +01:00
David Garske
bdadbefb4c
Merge pull request #5862 from JacobBarthelmeh/Compatibility-Layer 
map SSL_CTX_get_session_cache_mode compat API
 2022-12-07 14:50:31 -08:00
Sean Parkinson
1f607ee560
Merge pull request #5860 from tmael/entropy_memuse 
Increase RNG_SECURITY_STRENGTH for FIPS
 2022-12-08 08:26:07 +10:00
David Garske
099135b2f9
Merge pull request #5861 from kosmas-valianos/FixTypo 
Fix wrong function name in wolfSSL_X509_get_name_oneline()
 2022-12-07 13:03:54 -08:00
Jacob Barthelmeh
94212e68e5 map SSL_CTX_get_session_cache_mode compat API 2022-12-07 11:35:48 -07:00
Stefan Eissing
45f9ef5dd9 Improvements in OpenSSL Compat ERR Queue handling. 
Configuration
- thread-local storaoge is selected when available
- '--enable-error-queue-per-thread' and '--disable-error-queue-per-thread' can
  be used as before to explicitly en-/disable the feature.

Implementation:
- with thread-local-storage, error queue is realized in one struct without
  allocations. Queue size is restricted to 16 entries (per thread), which
  is the same limit in OpenSSL 1.1.x.
- without thread-local-storage, all error queue operations are mutex locked
- wc_PeekErrorNodeLineData() and wc_GetErrorNodeErr() added for use by SSL
  functions to allow locked queue iterations/manipulations.
 2022-12-07 18:14:45 +01:00
Kosmas Valianos
11f9bd85ee
Fix wrong function name in wolfSSL_X509_get_name_oneline() 2022-12-07 16:00:05 +01:00
Tesfa Mael
1e0886180b Adjust ENTROPY_SCALE_FACTOR for FIPS 2022-12-06 23:01:13 -08:00
David Garske
f6cb13b11b
Merge pull request #5851 from SparkiDev/sp_enable_asm_fix 
SP: --enable-sp-asm now enables SP if not set
 2022-12-06 17:37:15 -08:00
Sean Parkinson
1de30c6b67 SP: --enable-sp-asm now enables SP if not set 
Enabling SP with ASM didn't enable SP or error out when SP wasn't
configured. Now enables SP when '' and errors when 'no'.

SAKKE modinv used large amounts of stack. Change to have more temporary
memory allocated increased to cover the usage.
ECC, SAKKE: sp_<bits>_ecc_mulmod_<cpu><words>() used large amounts of
stack. Allocate when WOLFSSL_SMALL_STACK.

wc_DhCheckKeyPair() not available when HAVE_SELFTEST.
Wasn't compiled in before as WOLFSSL_HAVE_SP_DH wasn't defined.
 2022-12-07 09:01:53 +10:00
Sean Parkinson
e5d03cf5ad
Merge pull request #5848 from philljj/fix_mingw64_build 
Fix mingw-w64 build issues on windows.
 2022-12-07 08:57:07 +10:00
Tesfa Mael
5c020c6ad4 Increase RNG_SECURITY_STRENGTH for FIPS 2022-12-06 14:16:29 -08:00
David Garske
ec11c22fb7
Merge pull request #5859 from anhu/ws 
whitespace
 2022-12-06 14:08:10 -08:00