mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,109 Commits 5 Branches 162 Tags
Commit Graph

17109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sean Parkinson
fab9e29513 benchmark.c: fix Jenkins failure where byte, word32 not defined 2022-05-24 12:10:01 +10:00
kareem-wolfssl
465a6ceb64
Merge pull request #4920 from SparkiDev/old_timing_pad_verify 
Make old less secure TimingPadVerify implementation available
 2022-05-23 13:43:59 -07:00
David Garske
6424af120c
Merge pull request #5161 from SparkiDev/sp_armv7a 
SP ARM 32: Fixes to get building for armv7-a
 2022-05-23 10:01:49 -07:00
David Garske
b5d65b9579
Merge pull request #5159 from kareem-wolfssl/fipsv3HmacMd5 
Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary.
 2022-05-20 18:40:29 -07:00
David Garske
9a74745246
Merge pull request #5163 from haydenroche5/evp_pkey_derive_guard 
Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive.
 2022-05-20 17:12:24 -07:00
Chris Conlon
ec39ee2cb6
Merge pull request #5070 from miyazakh/crypto_only_flwup 2022-05-20 17:08:29 -06:00
David Garske
d80b282fdd
Merge pull request #5156 from anhu/HAVE_AES_GCM 
Rename HAVE_AES_GCM guard to HAVE_AESGCM in the tests.
 2022-05-20 15:03:57 -07:00
David Garske
04ddd0abe4
Merge pull request #5095 from haydenroche5/decoded_cert_crit_fields 
Make the critical extension flags in DecodedCert always available.
 2022-05-20 15:03:39 -07:00
David Garske
2fc129e236
Merge pull request #5162 from rliebscher/master 
Remove unused warning in ecc.c
 2022-05-20 11:42:39 -07:00
Hayden Roche
a6b948ae59 Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive. 2022-05-20 11:29:01 -07:00
René Liebscher
a8024a32c5 Remove unused warning in ecc.c 
When WOLFSSL_ECIES_OLD is defined you get an unused warning
in ecc.c / wc_ecc_encrypt_ex().
Just suppress it by "using" the parameter.
 2022-05-20 16:05:10 +02:00
David Garske
9427ebc5be
Merge pull request #5160 from haydenroche5/tls_unique 
Provide access to "Finished" messages outside the compat layer.
 2022-05-19 21:30:30 -07:00
Sean Parkinson
b6290f1590
Merge pull request #5157 from douzzer/20220519-multi-test-fixes 
20220519-multi-test-fixes
 2022-05-20 13:47:09 +10:00
Sean Parkinson
bc5262a5d0 SP ARM 32: Fixes to get building for armv7-a 
Change ldrd to either have even first register or change over to ldm
with even first register.
Ensure shift value in ORR instruction has a hash before it.
Don't index loads and stores by 256 or more - make them post-index.
div2 for P521 simplified.
 2022-05-20 12:15:58 +10:00
Hayden Roche
6d9fbf7ab3 Provide access to "Finished" messages outside the compat layer. 
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
 2022-05-19 16:34:13 -07:00
Daniel Pouzzner
efc8d36aa5 configure.ac: add whitespace separators to "((" groupings to mollify shellcheck SC1105 "Shells disambiguate (( differently or not at all. For subshell, add spaces around ( . For ((, fix parsing errors." 2022-05-19 18:19:11 -05:00
Daniel Pouzzner
6984cf83b2 scripts/ocsp-stapling.test: fix whitespace. 2022-05-19 16:45:50 -05:00
Kareem
832a7a40a6 Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary. 2022-05-19 12:06:20 -07:00
Daniel Pouzzner
5988f35593 src/wolfio.c: in EmbedReceiveFrom((), clear peer before recvfrom() to fix clang-analyzer-core.UndefinedBinaryOperatorResult; add DTLS_ prefix to macros SENDTO_FUNCTION and RECVFROM_FUNCTION, and gate their definitions on their being undefined to allow overrides. 2022-05-19 11:31:24 -05:00
Daniel Pouzzner
f2e9f5349f wolfcrypt/src/asn.c: refactor DecodeBasicOcspResponse() to keep DecodedCert off the stack in WOLFSSL_SMALL_STACK builds. 2022-05-19 11:28:34 -05:00
Daniel Pouzzner
368854b243 scripts/: refactor TLS version support tests to use -V, rather than -v (which makes frivolous connection attempts). 2022-05-19 11:18:34 -05:00
Anthony Hu
cf81ae79e4 HAVE_AESGCM 2022-05-19 11:30:58 -04:00
Anthony Hu
9c2903c176 Remove HAVE_AES_GCM guard as it is never defined. 2022-05-19 01:20:55 -04:00
David Garske
4a3ff40eb3
Merge pull request #5138 from haydenroche5/issuer_names 
Add ability to store issuer name components when parsing a certificate.
 2022-05-18 16:56:55 -07:00
Sean Parkinson
cd41c8beaf
Merge pull request #5147 from rizlik/do_alert_reset 
internal.c:reset input/processReply state if exiting after DoAlert()
 2022-05-19 09:36:44 +10:00
Daniel Pouzzner
b53484be10
Merge pull request #5155 from cconlon/configFix 
Fix --enable-openssh FIPS detection syntax in configure.ac
 2022-05-18 17:34:43 -05:00
Chris Conlon
628a34a43d fix --enable-openssh FIPS detection syntax in configure.ac 2022-05-18 12:52:07 -06:00
Chris Conlon
1026c7141e
Merge pull request #5148 from JacobBarthelmeh/PKCS7 2022-05-18 11:44:20 -06:00
Marco Oliverio
be172af3cd internal.c: check that we have data before processing messages 
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
 2022-05-18 18:49:33 +02:00
Marco Oliverio
6940a5eaae internal.c:reset input/processReply state if exiting after DoAlert() 2022-05-18 18:35:29 +02:00
John Safranek
40063f7487
Merge pull request #5109 from rizlik/dtls_peer_matching_fix 
wolfio: dtls: fix incorrect peer matching check
 2022-05-18 09:12:26 -07:00
Hideki Miyazaki
5de9c45161
resolve merge and conflict 2022-05-18 11:37:22 +09:00
David Garske
ac3fc89df9
Merge pull request #5151 from SparkiDev/tls13_premaster 
TLS 1.3:  pre-master secret zeroizing
 2022-05-17 19:18:43 -07:00
Hideki Miyazaki
54a96cef06
add test case 2022-05-18 11:16:10 +09:00
Hideki Miyazaki
88abc9f3c1
addressed review comments 
add to call wc_ecc_rs_to_sig and wc_ecc_verify_has
 2022-05-18 11:16:07 +09:00
Hideki Miyazaki
c1f117413f
get crypto only compiled with openssl extra 2022-05-18 11:16:03 +09:00
Sean Parkinson
1765e2c482
Merge pull request #5150 from haydenroche5/benchmark_main_void 
Fix main signature in benchmark.c.
 2022-05-18 10:10:07 +10:00
Hayden Roche
04ff6afbad Add ability to store issuer name components when parsing a certificate. 
This is turned on when `WOLFSSL_HAVE_ISSUER_NAMES` is defined. This allows the
user to inspect various issuer name components (e.g. locality, organization,
etc.) by using these new fields in a `DecodedCert`.
 2022-05-17 16:29:52 -07:00
Sean Parkinson
2f91028f2d TLS 1.3: pre-master secret zeroizing 2022-05-18 08:52:38 +10:00
Hayden Roche
fd535242a0 Fix main signature in benchmark.c. 
If `NO_CRYPT_BENCHMARK` is defined, the main function is `int main()`, but it
should be `int main(void)`.
 2022-05-17 14:28:43 -07:00
Jacob Barthelmeh
8b46c95f06 macro guard for build with disable ecc 2022-05-17 11:36:09 -06:00
David Garske
c9ae021427
Merge pull request #5143 from julek-wolfssl/x509-ret-empty-name 
Return subject and issuer X509_NAME obj even when not set
 2022-05-17 09:16:54 -07:00
David Garske
50cc6d0422
Merge pull request #5139 from cconlon/opensshfips 
Modify --enable-openssh to not enable non-FIPS algos for FIPS builds
 2022-05-17 09:16:21 -07:00
Marco Oliverio
6df65c0162 wolfio: dtls: fix incorrect peer matching check 
Ignore packet if coming from a peer of a different size *or* from a different
peer. Avoid whole memcmp of sockaddr_in[6] struct because is not portable (there
are optional fields in struct sockaddr_in).
 2022-05-17 11:01:55 +02:00
Sean Parkinson
fc12c68601
Merge pull request #5146 from dgarske/kcapi_keywrap 
Fix to allow enabling AES key wrap (direct) with KCAPI
 2022-05-17 08:16:00 +10:00
Jacob Barthelmeh
1dc5e4cee5 add padding for variable ecc signature size 2022-05-16 15:26:29 -06:00
David Garske
ec619e3f35
Merge pull request #5107 from julek-wolfssl/wpas-ex-data-leak 
Call ctx->rem_sess_cb when a session is about to be invalid
 2022-05-16 13:27:08 -07:00
David Garske
579a37bdf0
Merge pull request #5117 from cconlon/getrandom 
add support for Linux getrandom() with WOLFSSL_GETRANDOM
 2022-05-16 12:36:30 -07:00
Chris Conlon
0ef4707859
Merge pull request #5137 from JacobBarthelmeh/docs 2022-05-16 12:18:14 -06:00
Juliusz Sosinowicz
7f8f0dcffe Refactor cache ex_data update/retrieve into one function 
- Add explicit pointer cast
 2022-05-16 13:01:05 +02:00