mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,625 Commits 5 Branches 162 Tags
Commit Graph

14625 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sean Parkinson
dc19ba2aa7 Memory allocation: fixes from memory usage generation 
1. Configuration: If not fast math then don't set ALT_ECC_SIZE when
configuring.
2. ECC KeyShare: Key share entry's key was allocated with type
DYNAMIC_TYPE_PRIVATE_KEY, free with same type.
3. Ed25519: free the SHA-512 temporary object. WOLFSSL_SMALL_STACK_CACHE
builds have dynamicaly allocated data.
4. RSA: Don't keep allocating a new hash object in RsaMGF1 when compiled
with WOLFSSL_SMALL_STACK_CACHE.
 2021-07-21 09:54:11 +10:00
John Safranek
77c9b36b5a
Merge pull request #4181 from dgarske/sniffer_keycb 
Sniffer fixes and new sniffer key callback support
 2021-07-19 13:26:17 -07:00
JacobBarthelmeh
020e23783b
Merge pull request #4180 from kaleb-himes/DEFAULT_CA_BOOL 
Fix basic constraints extension present and CA Boolean not asserted
 2021-07-19 23:08:27 +07:00
David Garske
bbe47a81b7
Merge pull request #4183 from douzzer/ED-streaming-verify 
add streaming API to the ED verify routines
 2021-07-18 14:12:42 -07:00
Daniel Pouzzner
186ff2b365 make -DNO_ED25519_KEY_{IMPORT,EXPORT} buildable, and fix api.c and suites.c so that -DNO_ED*_KEY_{IMPORT,EXPORT} pass make check. 2021-07-16 23:07:28 -05:00
Daniel Pouzzner
ac92204c15 make -DNO_ED448_KEY_{IMPORT,EXPORT} buildable 2021-07-16 18:21:30 -05:00
Daniel Pouzzner
785a8f83ed evp.c: fixes in wolfSSL_EVP_CIPHER_CTX_ctrl() from peer review. 2021-07-16 17:52:28 -05:00
David Garske
070ca6c34d Fixes to properly support sniffer with secure renegotiation. 2021-07-16 14:48:22 -07:00
Daniel Pouzzner
c97eff6e61 evp.c: add missing checks and logic in wolfSSL_EVP_CIPHER_CTX_ctrl(), and fix api.c:test_IncCtr() to exercise wolfSSL_EVP_CIPHER_CTX_ctrl() with EVP_CTRL_GCM_IV_GEN using an AES cipher, with thanks to Juliusz. 2021-07-16 15:30:23 -05:00
Daniel Pouzzner
05128968f6 fixes for null pointer accesses detected by clang sanitizer. also, gate SuiteTest() on !NO_WOLFSSL_CIPHER_SUITE_TEST in tests/unit.c, greatly reducing time to completion when not debugging cipher suites. 2021-07-16 13:49:47 -05:00
Daniel Pouzzner
5e8da2348f ED: add --enable-ed25519-stream and --enable-ed448-stream to configure.ac, disabled by default, and add them to --enable-all and --enable-all-crypto lists, along with --enable-aesgcm-stream; report AES-GCM and ED* streaming API options in feature summary rendered at end; 
refactor ED routines to pivot on WOLFSSL_ED*_PERSISTENT_SHA and WOLFSSL_ED*_STREAMING_VERIFY macros, with sha state in the key struct only when WOLFSSL_ED*_PERSISTENT_SHA, otherwise on the stack as before;

add ed*_hash_init() and ed*_hash_free() local helpers;

ED* peer review: fix line lengths, remove superfluous retval checks, tweaks for efficiency, and add ED448_PREHASH_SIZE to ed448.h.
 2021-07-16 13:49:47 -05:00
Daniel Pouzzner
9b43e57ccf ED: add streaming API to the ED verify routines: wc_ed*_verify_msg_init(), wc_ed*_verify_msg_update(), wc_ed*_verify_msg_final(); 
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;

track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;

add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;

add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.

add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;

add macro asserts near top of ed*.h to assure the required hash functions are available;

fix {NO,HAVE}_ED*_{SIGN,VERIFY};

wolfcrypt/test/test.c: add missing key initializations in ed*_test();

wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
 2021-07-16 13:49:47 -05:00
David Garske
fe77e29ba0 Fix for SNI refactor handling of return codes. Fix for possible use of NULL on client array. 2021-07-16 11:23:20 -07:00
JacobBarthelmeh
b9c707511b
Merge pull request #4211 from SparkiDev/ocsp_no_check 
OCSP: improve handling of OCSP no check extension
 2021-07-16 16:06:41 +07:00
Sean Parkinson
f93083be72 OCSP: improve handling of OCSP no check extension 2021-07-16 12:19:39 +10:00
Sean Parkinson
af98e64b88
Merge pull request #4208 from dgarske/leaks 
Fixes for possible leaks with ECCSI and DH test
 2021-07-16 08:59:11 +10:00
David Garske
6c3c635be7
Merge pull request #4206 from julek-wolfssl/remove-api 2021-07-15 06:41:00 -07:00
JacobBarthelmeh
6a0809b53b
Merge pull request #4185 from guidovranken/fix-gh-issue-4184 
Fix compilation failure with WOLFSSL_PUBLIC_ECC_ADD_DBL
 2021-07-15 16:19:30 +07:00
JacobBarthelmeh
fc6aa19eb8
Merge pull request #4200 from haydenroche5/tcpdump 
Add support for tcpdump with wolfSSL.
 2021-07-15 14:57:47 +07:00
JacobBarthelmeh
6458a8cedd
Merge pull request #4187 from SparkiDev/sp_math_mod_red_fix 
SP math: montgomery reduction edge case
 2021-07-15 14:33:26 +07:00
David Garske
fbbb290d9e Fixes for possible leaks with HAVE_WOLF_BIGINT used by async in ECCSI and DH test. Fixes for GCC -fsanitize=address with --enable-all. 2021-07-14 14:57:32 -07:00
David Garske
3ff21171cb Fix for secure renegotiation, which was not keeping handshake resources. Added NULL checks for case where handshake resources might be free'd to prevent possible use of NULL. Refactor the SNI client hello processing to not assume TLS header is in prior buffer (not there for decrypted handshake packets). 2021-07-14 10:44:33 -07:00
John Safranek
f82fd01283
Merge pull request #4202 from JacobBarthelmeh/BuildOptions 
fix for build with wpas and disable tls13
 2021-07-14 09:07:08 -07:00
JacobBarthelmeh
b5eef78cdb
Merge pull request #4176 from SparkiDev/sp_math_read_bin_max 
SP math all: allow reading of bin up to max digit size
 2021-07-14 16:03:32 +07:00
JacobBarthelmeh
18399091ce
Merge pull request #4012 from julek-wolfssl/haproxy 
HaProxy 2.4-dev18 support
 2021-07-14 15:46:04 +07:00
Daniel Pouzzner
81f3f417e8
Merge pull request #4190 from SparkiDev/bench_sakke_ecdsa 
ECC bench: can't use SAKKE curve with ECDH/ECDSA
 2021-07-13 15:39:25 -05:00
David Garske
10987a69d7
Merge pull request #4201 from JacobBarthelmeh/Release 
bump version for dev
 2021-07-13 11:41:51 -07:00
JacobBarthelmeh
0d55dcaaa0
Merge pull request #4188 from guidovranken/mp_invmod_slow-check 
Add missing return value check in mp_invmod_slow
 2021-07-14 01:27:10 +07:00
Jacob Barthelmeh
3f22721a86 use version from wolfssl/version.h with driver 2021-07-13 22:39:39 +07:00
Jacob Barthelmeh
2592a04d8a fix for build with wpas and disable tls13 2021-07-13 15:49:40 +07:00
Jacob Barthelmeh
3bebcaaf54 bump version for dev 2021-07-13 04:18:52 +07:00
John Safranek
52b8c7b1fa
Merge pull request #4192 from haydenroche5/ocsp_http_header 
Improve wolfIO_HttpProcessResponse HTTP header checking logic.
 2021-07-12 14:13:07 -07:00
Hayden Roche
9f8e728672 Add support for tcpdump with wolfSSL. 2021-07-12 14:06:25 -07:00
David Garske
db32570ab3 Fix for missing sp_radix_size with WC_MP_TO_RADIX. 2021-07-12 13:40:55 -07:00
John Safranek
add4a68465
Merge pull request #4199 from JacobBarthelmeh/Certs 
Lighttpd build fix and gencertbuf on updated ed25519 certs
v4.8.0-stable 		2021-07-12 09:15:50 -07:00
Jacob Barthelmeh
851c1fe1cf fix for lighttpd build 2021-07-12 16:25:50 +07:00
Jacob Barthelmeh
2f9af5f753 gencertbuf on updated ed25519 certs 2021-07-12 14:31:03 +07:00
John Safranek
30baa83a0b
Merge pull request #4198 from douzzer/fix-linuxkm-for-v4.8 2021-07-09 19:15:23 -07:00
John Safranek
50d007ded8
Merge pull request #4196 from JacobBarthelmeh/Release 
Release version 4.8.0
 2021-07-09 14:33:26 -07:00
John Safranek
84539be656
Merge pull request #4197 from JacobBarthelmeh/Jenkins 
Updates found with Jenkins tests
 2021-07-09 14:32:43 -07:00
Daniel Pouzzner
15c890179f Linux kernel module: add an explicit -ffreestanding to CFLAGS in linuxkm/Makefile, and in wc_port.h ifdef WOLFSSL_LINUXKM, ignore -Wtype-limits in Linux kernel header files (needed for kernel v5.13), and suppress inclusion of stdint-gcc.h. 2021-07-09 15:23:07 -05:00
Jacob Barthelmeh
88b70a3906 update google cert that was set to expire in Dec 2021 2021-07-09 23:57:50 +07:00
JacobBarthelmeh
c01a63508a account for testing on big endian system 2021-07-09 08:18:39 -06:00
Jacob Barthelmeh
f4c4cf8afe update changelog for release 4.8.0 2021-07-09 17:02:18 +07:00
David Garske
e1b487ab9f Fix for wc_export_int with WC_TYPE_HEX_STR, which was not returning the correct length. 2021-07-08 14:36:36 -07:00
David Garske
4f055653c7 Restore TLS v1.3 hello_retry behavior with session id. Fix for SNI with default (no name) putting newline due to fgets. 2021-07-08 13:50:08 -07:00
JacobBarthelmeh
500a6c8b27 prepare for release 4.8.0 2021-07-08 12:02:40 -06:00
David Garske
4cb076f22b Cleanup to remove duplicate stat sslResumptionValid. Add print of sslResumptionInserts. 2021-07-08 09:49:13 -07:00
David Garske
ddbe0e6dab Fix for sniffer stats on resume miss. The logic for hello_retry_request will no longer try and do resume, so restore BAD_SESSION_RESUME_STR error. 2021-07-08 09:31:59 -07:00
JacobBarthelmeh
127add4bf7 include stddef for size_t type for ptr 2021-07-08 07:06:20 -06:00