wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 21:12:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,565 Commits 12 Branches 184 Tags
master
Commit Graph

3917 Commits

Author SHA1 Message Date
David Garske
eeaa3a7160 Merge pull request #9596 from kareem-wolfssl/zd19378 
Add a runtime option to enable or disable the secure renegotiation check.
 2026-01-26 08:34:57 -08:00
Sean Parkinson
27df554e99 Merge pull request #9701 from Frauschi/brainpool-tls13 
Add support for TLS 1.3 Brainpool curves
 2026-01-23 10:42:32 +10:00
Sean Parkinson
baaa368a61 Merge pull request #9668 from kaleb-himes/PQ-FS-2026-Part1 
PQ FS 2026 part1
 2026-01-23 10:30:47 +10:00
Kareem
d60dd53165 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19378 2026-01-22 15:37:30 -07:00
kaleb-himes
20b2fd200f Address failure rates from FIPS CRNGT test by implementing alternate RCT/ADP tests 
Update ret code to match docs and update docs

Replace magic numbers with appropriate define

Define MAX_ENTROPY_BITS when MEMUSE not enabled

Fix type cast windows detection

Older FIPS modules still need the old check

CodeSpell you're wrong, that is what I want to name my variable

Turn the hostap into a manual dispatch until it gets fixed

Upon closer review we can not skip the test when memuse enabled

Fix whitespace stuff found by multitest

More syntax things

Correct comments based on latest findings
 2026-01-22 09:06:17 -07:00
Tobias Frauenschläger
eb8ba6124e Support TLS 1.3 ECC Brainpool authentication 
This also fixes TLS 1.2 authentication to only succeed in case the
brainpool curve was present in the supported_groups extension.
 2026-01-22 14:14:09 +01:00
Tobias Frauenschläger
a462398387 Support Brainpool ECC curve TLS 1.3 key exchange 
When both TLS 1.3 and Brainpool curves are enabled, three new groups can
be used for the ECDHE key exchange according to RFC 8734:
* WOLFSSL_ECC_BRAINPOOLP256R1TLS13 (31)
* WOLFSSL_ECC_BRAINPOOLP384R1TLS13 (32)
* WOLFSSL_ECC_BRAINPOOLP512R1TLS13 (33)

Also ensure that the existing TLS 1.2 curves are sent properly.

The TLS client application is updated to support handshakes via
Brainpool curves using the new argument "--bpKs".
 2026-01-22 14:14:09 +01:00
Kareem
832bcd7f4b Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20850 2026-01-20 15:59:05 -07:00
Chris Conlon
0f395a5f9d Fix memory management in wolfssl_dns_entry_othername_to_gn() and 
wolfSSL_X509_get_ext_d2i() for otherName SAN handling, add ASN_RID_TYPE case to wolfSSL_X509_get_ext_d2i()
 2026-01-19 16:39:33 -07:00
Daniel Pouzzner
4ce6c4c262 Merge pull request #9623 from julek-wolfssl/dtls-1.3-ms-interval 
dtls 1.3: allow rtx interval to be less than a second
 2026-01-19 17:01:23 -06:00
Daniel Pouzzner
c2cf8b1545 Merge pull request #9659 from holtrop-wolfssl/improve-error-for-invalid-helloretryrequest 
Improve log message and error code for invalid HelloRetryRequest - fix #9653
 2026-01-19 16:23:59 -06:00
Juliusz Sosinowicz
429b690370 Address code review 2026-01-19 09:38:17 +01:00
Juliusz Sosinowicz
48067f1fa7 dtls 1.3: allow rtx interval to be less than a second 2026-01-19 09:32:09 +01:00
Daniel Pouzzner
467d6dd338 tests/api/test_evp_digest.c: fix for copy-paste error in test_wolfSSL_EVP_sm3(), introduced in 43d831ff06. 2026-01-17 09:58:21 -06:00
Daniel Pouzzner
5c7f986925 Merge pull request #9670 from miyazakh/fix_selftest 
Fix compilation, crypt test and unit test failures when selftest is enabled
 2026-01-16 23:57:27 -06:00
Daniel Pouzzner
9aabef04ba Merge pull request #9641 from SparkiDev/api_c_split_evp 
API testing: split out more test cases
 2026-01-16 14:58:15 -06:00
Hideki Miyazaki
8ad73d8ac1 Fix compile and crypt test failures when selftest is enabled 2026-01-16 08:55:06 +09:00
Josh Holtrop
e7612ff36f Improve log message and error code for invalid HelloRetryRequest - fix #9653 2026-01-15 12:55:17 -05:00
Sean Parkinson
43d831ff06 API testing: split out more test cases 
EVP into test_evp_cipher, test_evp_digest, test_evp_pkey and test_evp.
OBJ into test_ossl_obj.
OpenSSL RAND into test_ossl_rand.
OpenSSL PKCS7 and PKCS12 tests into test_ossl_p7p12.
CertificateManager into test_certman.

Move some BIO tests from api.c into test_evp_bio.c.

Fix line lengths.
 2026-01-13 06:34:49 +10:00
Sean Parkinson
ce69f1cec0 Merge pull request #9635 from miyazakh/x509errstr_handling 
Fix OpenSSL error code handling in ERR_reason_error_string()
 2026-01-12 08:57:17 +10:00
Sean Parkinson
84ca4a05fa Merge pull request #9628 from miyazakh/fix_crlnumber 
Fix CRL Number hex string buffer overflow in CRL parser
 2026-01-12 08:52:57 +10:00
Hideki Miyazaki
0e8af03f1d OpenSSL error code handling in reason_error_string 2026-01-10 13:50:08 +09:00
Hideki Miyazaki
d052128830 addressed review comments 2026-01-09 09:01:14 +09:00
David Garske
d25f98fd82 Merge pull request #9584 from miyazakh/fix_qtfail 
Fix qt jenkins nightly test failure
 2026-01-08 10:58:20 -08:00
David Garske
133d29dcef Merge pull request #9626 from rizlik/name_contraints_fixes 
asn: MatchBaseName fixes
 2026-01-08 10:56:53 -08:00
David Garske
97d9bfcea6 Merge pull request #9601 from rizlik/early_data_client_side_fixes 
check that we are resuming in write_early_data + minor fixes
 2026-01-08 10:26:48 -08:00
Hideki Miyazaki
08876e278a Fix CRL Number hex string buffer overflow in CRL parser 2026-01-08 17:25:19 +09:00
Sean Parkinson
883ceecf8a ChaCha20 Aarch64 ASM fix: 256-bit case fixed 
Fixed the 256-bits at a time crypt assembly code.

Add a chunking test for ChaCha20.
 2026-01-08 18:01:15 +10:00
Hideki Miyazaki
6392c2b420 undo changes 
fix indentation
 2026-01-08 07:10:25 +09:00
Marco Oliverio
94dc7ae9ad asn: MatchBaseName fixes 2026-01-07 17:53:43 +01:00
Marco Oliverio
50b39c91da fixup! (d)tls13: check if early data is possible in write_early_data 2026-01-07 14:30:16 +01:00
Hideki Miyazaki
c6dd1a745e boundary check 2026-01-07 09:19:43 +09:00
Hideki Miyazaki
30fe079763 Addressed review comments 2026-01-07 06:55:22 +09:00
Hideki Miyazaki
10d3e251fd fix qt jenkins nightly test failure 2026-01-07 06:55:22 +09:00
Sean Parkinson
5343cb386a Merge pull request #9588 from kareem-wolfssl/ghAlerts 
Fix incorrect alerts.
 2026-01-06 20:22:51 +10:00
Fabian Keil
21f35137a1 tests: Unbreak the build on FreeBSD-based systems 
... by using the same additional includes as on Linux.

Fixes:

      CC       tests/api/unit_test-test_rsa.o
    tests/api.c:19554:9: error: call to undeclared function 'waitpid'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration]
     19554 |         waitpid(pid, &waitstatus, 0);
	   |         ^

Tested on ElectroBSD amd64 14.3-STABLE.
 2025-12-31 14:48:06 +01:00
Kareem
ddb2fb628e Add a runtime option to enable or disable the secure renegotation check. 2025-12-30 13:19:04 -07:00
Anthony Hu
48ebe99372 Validate asn date based on position of Z (#8603) 2025-12-29 16:01:22 -06:00
Kareem
7d04a53a6c Update X509_get_default_cert_* stubs to return empty strings. 
According to the documentation, these functions must return static strings, so NULL was not valid.

Fixes #6474.
 2025-12-26 15:26:05 -07:00
Kareem
d09b5ee1f1 Add duplicate entry error to distinguish cases where a duplicate CRL is rejected. 2025-12-26 12:02:35 -07:00
David Garske
2354ea196b Merge pull request #9513 from rizlik/dtls_header_fix 
fix DTLS header headroom accounting
 2025-12-23 17:20:12 -08:00
David Garske
0fae0a7ba6 Merge pull request #9397 from rizlik/earlydata_want_write_fixes 
wolfssl: preserve early-data handling across WANT_WRITE retries
 2025-12-23 17:19:39 -08:00
David Garske
57ef8a7caf Merge pull request #9574 from anhu/dtls_guard 
Guard a bit of DTLS code.
 2025-12-23 15:03:46 -08:00
David Garske
18176392fa Merge pull request #9576 from douzzer/20251222-linuxkm-PK-initrng-optimize 
20251222-linuxkm-PK-initrng-optimize
 2025-12-23 15:02:53 -08:00
Anthony Hu
40327b7fe3 Binary consts to hexidecimal. C2X feature. 2025-12-23 14:45:36 -05:00
Daniel Pouzzner
da4fc4921e tests/api/test_ed25519.c: in test_wc_Ed25519PublicKeyToDer(), on old FIPS, tolerate old error code from wc_Ed25519PublicKeyToDer(). 2025-12-23 12:25:10 -06:00
Sean Parkinson
b766f11e7b TLS 1.3, plaintext alert: ignore when expecting encrypted 
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
 2025-12-23 09:09:06 +10:00
night1rider
afbc65a6c3 Aes Free callback support 2025-12-22 12:39:41 -07:00
Marco Oliverio
540fae80ab test_dtls: test payload split when WOLFSSL_NO_DTLS_SIZE_CHECK 2025-12-22 13:41:33 +01:00
Sean Parkinson
7a326ef43f Merge pull request #9553 from julek-wolfssl/ed25519-export-key-check 
ed25519: validate presence of keys in export functions
 2025-12-22 19:31:14 +10:00