wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 06:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,855 Commits 12 Branches 184 Tags
TLS13-cipher-suite-fix
Commit Graph

26855 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jackctj117
0767cb84bf Removed trailing white space 2025-11-14 09:03:51 -07:00
jackctj117
5e2fd78113 Suppress unused parameter warning 2025-11-13 18:32:00 -07:00
jackctj117
29c2f15a8f Add #ifdef guards to cipher suite checks 2025-11-13 10:06:07 -07:00
jackctj117
c56ea55f89 Fix TLS 1.3 cipher suite selection when TLS 1.2 ciphers precede TLS 1.3 ciphers 2025-11-12 17:03:06 -07:00
David Garske
7cfffd5bbc Merge pull request #9308 from kareem-wolfssl/zd20603 
Add IPv6 support to wolfSSL_BIO_new_accept and wolfIO_TcpBind.
 2025-11-12 11:09:17 -08:00
David Garske
92fffa166b Merge pull request #9413 from JacobBarthelmeh/lic 
update to GPLv3 exception list, add Fetchmail and OpenVPN
 2025-11-12 10:12:29 -08:00
David Garske
3fe534e3a2 Merge pull request #9403 from gojimmypi/pr-lms-unary-fix 
Fix LMS C4146 unary minus warning in MSVC, new param check
 2025-11-12 08:40:33 -08:00
gojimmypi
ca920edbd0 Fix LMS C4146 unary minus warning in MSVC, new param check 2025-11-11 19:26:52 -08:00
Kareem
fbb7ae2257 Add NULL check to wolfSSL_BIO_new_accept. 2025-11-11 16:20:09 -07:00
Kareem
3296e6a1f0 Merge remote-tracking branch 'upstream/master' into zd20603 2025-11-11 16:15:22 -07:00
David Garske
6914f08f5e Merge pull request #9391 from holtrop/check-dup-extensions-fix 
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
 2025-11-11 14:05:14 -08:00
Josh Holtrop
798b16dcef Address more code review feedback for PR 9391 2025-11-11 15:36:28 -05:00
Josh Holtrop
32b00fd10b Address code review feedback for PR 9391 2025-11-11 14:06:44 -05:00
David Garske
4c273a6f3f Merge pull request #9404 from cconlon/jniNoQuicEch 
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
 2025-11-11 09:42:38 -08:00
David Garske
e323fb9675 Merge pull request #9410 from SparkiDev/multi_arch_opt 
Workflow: multiple architectures with different -O levels
 2025-11-11 09:42:21 -08:00
David Garske
2db1c7a522 Merge pull request #9395 from SparkiDev/tls12_cv_sig_check 
TLS 1.2 CertificateVerify: validate sig alg matches peer key
 2025-11-11 09:18:11 -08:00
JacobBarthelmeh
4da365214a Merge pull request #9412 from SparkiDev/regression_fixes_21 
Regression testing fixes
 2025-11-11 09:32:43 -07:00
Sean Parkinson
d84564217c Regression testing fixes 
Fix #ifdef protection for AES tests.
 2025-11-11 21:46:04 +10:00
Sean Parkinson
702f6ce94f Workflow: multiple architectures with different -O levels 
Test configurations with different optimization levels: -O2, -O3, -O1,
-O0, -Os, -Ofast
 2025-11-11 17:50:48 +10:00
Sean Parkinson
f54ca0d481 TLS 1.2 CertificateVerify: req sig alg to have been in CR 
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.

The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
 2025-11-11 13:20:46 +10:00
David Garske
967f520c28 Merge pull request #9408 from anhu/stateful_integ_deprecate 
Deprecate LMS and XMSS integrations.
 2025-11-10 15:17:51 -08:00
JacobBarthelmeh
0fa2274a16 Merge pull request #9406 from SparkiDev/sp_label_noinline 
SP label noinline: function inlined even when asked not to
 2025-11-10 14:52:14 -07:00
Anthony Hu
0771bc42d6 Deprecate LMS and XMSS integrations. 2025-11-10 15:13:06 -05:00
David Garske
2c47675194 Merge pull request #9333 from gojimmypi/pr-msvc-random 
Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC
 2025-11-10 08:33:54 -08:00
Josh Holtrop
3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00
Sean Parkinson
b7ade58c52 SP label noinline: function inlined even when asked not to 
The label L_521_mont_reduce_9_nomask is therefore appearing more than
once in the compiled code.
Adding '%=' to the end of the label ensure it has a unique number
appended to it even when inlined.
 2025-11-10 20:05:41 +10:00
Daniel Pouzzner
9c1526c90d Merge pull request #9401 from cconlon/jniPublicMp 
Add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support
 2025-11-08 11:07:54 -06:00
Daniel Pouzzner
f977004dca Merge pull request #9400 from cconlon/ocspStaplingTls13MultiMktemp 
Use portable mktemp syntax in ocsp-stapling_tls13multi.test
 2025-11-08 11:07:28 -06:00
Daniel Pouzzner
9e9a7392d4 Merge pull request #9373 from julek-wolfssl/WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY 
Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards
 2025-11-08 11:04:43 -06:00
Daniel Pouzzner
ea4311666e Merge pull request #9367 from julek-wolfssl/wolfDTLS_accept_stateless-early-data 
wolfDTLS_accept_stateless: Fix handling for early data
 2025-11-08 11:04:19 -06:00
Daniel Pouzzner
8b3eaa0eff Merge pull request #9370 from gojimmypi/pr-watcom-update 
Update and pin Watcom to 2025-11-03-Build release
 2025-11-08 09:31:22 -06:00
Chris Conlon
fdec53c4c9 skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined 2025-11-07 17:09:30 -07:00
Chris Conlon
0cf3728ca0 update "--enable-jni --enable-all" combo to exclude QUIC and ECH, not compatible with WOLFSSL_TLS13_MIDDLEBOX_COMPAT 2025-11-07 16:50:41 -07:00
David Garske
b45217db00 Merge pull request #9402 from anhu/stsafe_doc 
Correction about how to get interface files.
 2025-11-07 13:59:45 -08:00
Anthony Hu
22ab16df97 Correction about how to get interface files. 2025-11-07 16:53:30 -05:00
Chris Conlon
88373d8cb5 add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support 2025-11-07 14:14:51 -07:00
JacobBarthelmeh
4f4826ae92 Merge pull request #9385 from anhu/not_len 
Use suites->hashSigAlgoSz when calling TLSX_SignatureAlgorithms_MapPss
 2025-11-07 13:49:30 -07:00
gojimmypi
8654599e61 Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC 2025-11-07 11:08:44 -08:00
JacobBarthelmeh
0d49df7735 update to GPLv3 exception list, add Fetchmail and OpenVPN 2025-11-07 12:06:29 -07:00
JacobBarthelmeh
4c5bc5f8fe Merge pull request #9387 from SparkiDev/tls12_cr_order 
TLS 1.2: client message order check
 2025-11-07 10:00:39 -07:00
JacobBarthelmeh
222f6084f8 Merge pull request #9399 from douzzer/20251106-linuxkm-PIE-inline-thunks 
20251106-linuxkm-PIE-inline-thunks
 2025-11-07 08:33:53 -07:00
Sean Parkinson
58bd6a8d94 TLS 1.2 CertificateVerify: validate sig alg matches peer key 
Don't proceed with parsing CertificateVerify message in TLS 1.2 if the
signature algorithm doesn't match the peer's key (key from client
certificate).
 2025-11-07 13:26:26 +10:00
JacobBarthelmeh
a96b35c0ff Merge pull request #9398 from toddouska/master 
Add GPLv2 exception list to LICENSING
 2025-11-06 17:19:59 -07:00
Chris Conlon
f208716b80 use portable mktemp syntax in scripts/ocsp-stapling_tls13multi.test for macOS compatibility 2025-11-06 16:54:23 -07:00
Daniel Pouzzner
53a20f4928 linuxkm/Kbuild: when ENABLED_LINUXKM_PIE, use inline thunks on all objects, not just PIE objects, to resolve false-positive "unpatched thunk" warnings on some kernels/configs. also cleans up flag setup more generally. 2025-11-06 17:37:07 -06:00
Sean Parkinson
f376c8d910 Merge pull request #9388 from lealem47/scan_build 
Various fixes for nightly tests
 2025-11-07 09:30:08 +10:00
Sean Parkinson
3416a0f70e Merge pull request #9393 from rlm2002/zd20756 
Integer overflow and dead code removal
 2025-11-07 09:27:05 +10:00
Todd Ouska
e02de78507 Add GPLv2 exception list to LICENSING 2025-11-06 15:18:57 -08:00
Sean Parkinson
98d84eb435 Merge pull request #9396 from julek-wolfssl/fil-c-674 
Updates the Fil-C version to 0.674
 2025-11-07 08:39:38 +10:00
JacobBarthelmeh
ca51fda3bb Merge pull request #9372 from SparkiDev/curve25519_no_lshift_neg_val 
Curve25519: lshift of a negative value is undefined in C
 2025-11-06 15:22:38 -07:00