mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,552 Commits 5 Branches 162 Tags
Commit Graph

17552 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
58cb91602d
Merge pull request #5337 from douzzer/20220707-DtlsUpdateWindowGTSeq-overshift 
20220707-DtlsUpdateWindowGTSeq-overshift
 2022-07-07 21:53:26 -07:00
David Garske
c9e9a421e9
Merge pull request #5336 from SparkiDev/aes_ctr_opt 
AES-CTR: improve performance when multiple blocks
 2022-07-07 21:51:08 -07:00
Daniel Pouzzner
91438c1087 wolfssl/wolfcrypt/settings.h: refactor Math Library Selection for clarity, and to include WOLFSSL_SP_MATH as an available math back end. 2022-07-07 21:02:16 -05:00
David Garske
49d292ec4f
Merge pull request #5335 from SparkiDev/ecc_imp_exp_fix 
ECC import and export fixes
 2022-07-07 17:52:20 -07:00
Daniel Pouzzner
b952c2f777 src/internal.c: add codepath in _DtlsUpdateWindowGTSeq() to avoid a word32 overshift. 2022-07-07 19:36:20 -05:00
Sean Parkinson
2bfac42d65 AES-CTR: improve performance when multiple blocks 
When in and out aren't the same pointer, for multiples of block size
input:
  - generate the counters into the output buffer
  - encrypt output buffer
  - XOR in the input
Faster than encrypting a block at a time.
 2022-07-08 09:56:20 +10:00
Sean Parkinson
70b9833e98 ECC import and export fixes 
On raw import, don't import ordinates that are larger than the curve
size.
On export of compressed point, don't export ordinate if it is larger
than the curve size.
 2022-07-08 08:54:53 +10:00
David Garske
4e1e1e922a
Merge pull request #5278 from ejohnstown/dtls-seq 
Refactor DTLS Window Update (Fix #5211)
 2022-07-07 10:22:21 -07:00
Chris Conlon
5e453ad932
Merge pull request #5323 from SparkiDev/sha512_arm32_asm_align 2022-07-07 09:47:37 -06:00
Juliusz Sosinowicz
e295328436 Fix window handling around word32 boundary 2022-07-07 17:37:10 +02:00
David Garske
a771baf551
Merge pull request #5332 from SparkiDev/memusage_fix_2 
SP math: fix configure.ac to allow its use
 2022-07-07 07:40:13 -07:00
David Garske
738d79c5d5
Merge pull request #5330 from SparkiDev/aesni_no_sse4 
AESNI: fix configure to use minimal compiler flags
 2022-07-06 20:44:40 -07:00
Daniel Pouzzner
2111d6b179
Merge pull request #5322 from SparkiDev/sp_math_all_arm32_div_word_fix 
SP math all: fix div word for ARM32
 2022-07-06 22:18:07 -05:00
Sean Parkinson
74baa0dafa SP math: fix configure.ac to allow its use 
Choosing SP and SP math was resulting in only integer.c being used.
Fixed now.
Reorder realloc calls for memory logging to ensure scripts can match
allocate and free calls.
 2022-07-07 12:16:12 +10:00
David Garske
644050a736
Merge pull request #5329 from douzzer/20220706-fips-and-aarch64-fixes 
20220706-fips-and-aarch64-fixes
 2022-07-06 18:39:38 -07:00
David Garske
cb6fa921a4
Merge pull request #5328 from haydenroche5/cmake_sp_math_all_default 
Make changes to CMake to support SP math default.
 2022-07-06 18:39:30 -07:00
John Safranek
8f3449ffea
Refactor DTLS Window Update (Fix #5211) 
1. Rename _DtlsUpdateWindow() as wolfSSL_Dtls_UpdateWindow() and make
   it public so it may be tested.
2. Rename the internal functions DtlsWindowUpdate(), DtlsWindowCheck(),
   and DtlsUpdateWindowGTSeq() as _DtlsWindowUpdate() and
   _DtlsWindowCheck(), and _DtlsUpdateWindowGTSeq().
3. When updating the DTLS sequence window, and the next sequence
   number (lo) wraps to zero, increment the next sequence number (hi)
   by 1.
4. Fix an off-by-one error that wrapped around when saving the
   packet sequence number in the bit-field window.
5. Adding a test for wolfSSL_DtlsUpdateWindow() function. With many test
   cases. It is set up in a table format with running check values.
6. Change location of incrementing the difference when calculating the
   location for setting the bit.
7. Updated the check of the sequence difference in the GT scenario.
8. In the DTLS window update functions remove newDiff and just use diff.
9. Handle the cases where the DTLS window crosses the high order word
   sequence number change.
10. Add a debug option to print out the state of the DTLS sequence number
   window.
 2022-07-06 18:20:06 -07:00
David Garske
90c2f4ad00
Merge pull request #5327 from kareem-wolfssl/connectRetFix 
Fix storage of SendBuffered's return code in wolfSSL_Connect.
 2022-07-06 17:53:04 -07:00
Sean Parkinson
9ba77300f9 AESNI: fix configure to use minimal compiler flags 2022-07-07 09:30:48 +10:00
Sean Parkinson
992c7b3b6f SP math all: fix div word for ARM32 
Fixup sp_mulmod NULL access.
 2022-07-07 08:56:31 +10:00
Daniel Pouzzner
82b1dc0cd0 wolfcrypt/src/asn.c: move final return in DecodeECC_DSA_Sig() outside the NO_STRICT_ECDSA_LEN gate, to avoid no-return-from-non-void. 2022-07-06 17:39:59 -05:00
Daniel Pouzzner
eff4fe398b src/include.am: fix gating around sha* and BUILD_ARMASM, to avoid empty-translation-unit warnings for sha{256,512}.c on armasm builds. 2022-07-06 17:37:43 -05:00
Daniel Pouzzner
7c49449a79 wolfcrypt/src/port/arm/armv8-sha512.c: gate out Sha512_Family_GetHash() in builds that have 224 and 256 bit hashes gated out, to fix unused function warning. 2022-07-06 17:35:15 -05:00
Daniel Pouzzner
6b6abfac54 examples/client/client.c: remove break after err_sys() to mollify clang-tidy unreachable-break sensor. 2022-07-06 17:32:26 -05:00
Daniel Pouzzner
19106a9510 configure.ac and tests/api.c: lock out compkey on FIPS 140-3 RC12 and ready, and add backward-compat code in test_wc_ecc_export_x963_ex() to allow RC12 compkey builds to pass unit.test. 2022-07-06 17:31:56 -05:00
Hayden Roche
d9bf39ffaa Make changes to CMake to support SP math default. 
We recently made SP math the default big integer math library. Some changes to
the CMake code are needed for this to work.
 2022-07-06 14:14:12 -07:00
Kareem
44a49aeefa Fix potentially uninitialized variables in Dtls13SetRecordNumberKeys. 2022-07-06 13:45:15 -07:00
Kareem
c8f5bd3d61 Fix storage of SendBuffered's return code in wolfSSL_Connect. Store in ret initially, only store in ssl->error if there's an error. This matches the logic in wolfSSL_accept. 2022-07-06 12:09:47 -07:00
David Garske
b2d1bf96ed
Merge pull request #5276 from rizlik/dtls13_client_downgrade 
Dtls: improve version negotiation
 2022-07-06 11:57:53 -07:00
David Garske
a7fa7875e4
Merge pull request #5244 from julek-wolfssl/wpas-dpp 
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
 2022-07-06 11:35:52 -07:00
David Garske
e92034cf6f
Merge pull request #5274 from JacobBarthelmeh/Certs 
remove subject/issuer email from altEmailNames list
 2022-07-06 10:48:21 -07:00
Jacob Barthelmeh
711b2bb17a add a test case 2022-07-06 09:39:03 -06:00
David Garske
a171bebba4 Fix the wc_EccPublicKeyToDer_ex doxy. 2022-07-06 07:58:18 -07:00
Marco Oliverio
3abffc3a3c doc: add documentation for wolfDTLS[v1_3]_*_method() 2022-07-06 16:18:44 +02:00
Marco Oliverio
683adb5917 tests: add dtls downgrade tests 2022-07-06 16:18:44 +02:00
Marco Oliverio
fd4836772b examples: support DTLS version downgrading 2022-07-06 16:18:44 +02:00
Marco Oliverio
df7e81d187 dtls: support version negotiation 2022-07-06 16:18:44 +02:00
Marco Oliverio
8fe3f51ecb dtls13: client: recompute transcript hash on downgrade 
If a lower version is negotiated, the transcript hash must be recomputed using
the <= v1.2 rules.
 2022-07-06 16:18:44 +02:00
Marco Oliverio
5d74c49ecb dtls13: allow processing of HelloVerifyRequest to support downgrade 
HelloVerifyRequest is used in DTLSv1.2 to perform a return routability check, so
it can be the legitim reply from a DTLSv1.2 server to a ClientHello.
 2022-07-06 16:18:44 +02:00
David Garske
ec8149cd69
Merge pull request #5324 from julek-wolfssl/dtls13-hrr-fix 
TLSX_COOKIE is only defined with WOLFSSL_SEND_HRR_COOKIE
 2022-07-06 06:56:25 -07:00
Juliusz Sosinowicz
9b085a44be sessionSecretCb should only be called when a ticket is present 2022-07-06 15:08:57 +02:00
Juliusz Sosinowicz
63b4c475d4 wolfSSL_set_session_secret_cb: fix for NULL input 2022-07-06 14:23:08 +02:00
Juliusz Sosinowicz
39e53c2b7c Add wc_EccPublicKeyToDer_ex doxygen entry 2022-07-06 11:59:29 +02:00
Juliusz Sosinowicz
ef73409fd4 TLSX_COOKIE is only defined with WOLFSSL_SEND_HRR_COOKIE 2022-07-06 10:04:15 +02:00
Sean Parkinson
8b73feb8ef SHA-512 ARM NEON: ensure data being hashed is 64-bit aligned 2022-07-06 16:18:18 +10:00
Jacob Barthelmeh
ff6edbff94 refactor name constraint checks 2022-07-05 17:20:50 -06:00
David Garske
9a256ca002
Merge pull request #5288 from haydenroche5/openldap 
Add --enable-openldap option to configure.ac.
 2022-07-05 16:04:51 -07:00
David Garske
4376ade9c8
Merge pull request #5123 from fabiankeil/configure-amd64-support 
configure: Improve defaults for 64-bit BSDs
 2022-07-05 13:52:02 -07:00
David Garske
08488b0fae
Merge pull request #5318 from embhorn/gh5314 
Fix typos and bad macro names
 2022-07-05 12:34:35 -07:00
Hayden Roche
f5a5d4ada5 Enhance OpenLDAP support. 
- Add --enable-openldap to configure.ac
- Fix some issues around subject alt names and the WOLFSSL_GENERAL_NAME struct.
 2022-07-05 10:40:07 -07:00