wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 11:52:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,397 Commits 12 Branches 184 Tags
100d765b0c333ec00a111ce7c19be6f1bf4070a5
Commit Graph

27397 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
6914f08f5e Merge pull request #9391 from holtrop/check-dup-extensions-fix 
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
 2025-11-11 14:05:14 -08:00
Josh Holtrop
798b16dcef Address more code review feedback for PR 9391 2025-11-11 15:36:28 -05:00
Josh Holtrop
32b00fd10b Address code review feedback for PR 9391 2025-11-11 14:06:44 -05:00
David Garske
4c273a6f3f Merge pull request #9404 from cconlon/jniNoQuicEch 
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
 2025-11-11 09:42:38 -08:00
David Garske
e323fb9675 Merge pull request #9410 from SparkiDev/multi_arch_opt 
Workflow: multiple architectures with different -O levels
 2025-11-11 09:42:21 -08:00
David Garske
2db1c7a522 Merge pull request #9395 from SparkiDev/tls12_cv_sig_check 
TLS 1.2 CertificateVerify: validate sig alg matches peer key
 2025-11-11 09:18:11 -08:00
JacobBarthelmeh
4da365214a Merge pull request #9412 from SparkiDev/regression_fixes_21 
Regression testing fixes
 2025-11-11 09:32:43 -07:00
Sean Parkinson
d84564217c Regression testing fixes 
Fix #ifdef protection for AES tests.
 2025-11-11 21:46:04 +10:00
Sean Parkinson
702f6ce94f Workflow: multiple architectures with different -O levels 
Test configurations with different optimization levels: -O2, -O3, -O1,
-O0, -Os, -Ofast
 2025-11-11 17:50:48 +10:00
Sean Parkinson
f54ca0d481 TLS 1.2 CertificateVerify: req sig alg to have been in CR 
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.

The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
 2025-11-11 13:20:46 +10:00
David Garske
967f520c28 Merge pull request #9408 from anhu/stateful_integ_deprecate 
Deprecate LMS and XMSS integrations.
 2025-11-10 15:17:51 -08:00
JacobBarthelmeh
0fa2274a16 Merge pull request #9406 from SparkiDev/sp_label_noinline 
SP label noinline: function inlined even when asked not to
 2025-11-10 14:52:14 -07:00
Anthony Hu
0771bc42d6 Deprecate LMS and XMSS integrations. 2025-11-10 15:13:06 -05:00
Josh Holtrop
4102f8272e Rust wrapper: support optional heap and dev_id parameters 2025-11-10 13:53:51 -05:00
David Garske
2c47675194 Merge pull request #9333 from gojimmypi/pr-msvc-random 
Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC
 2025-11-10 08:33:54 -08:00
Josh Holtrop
3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00
Sean Parkinson
b7ade58c52 SP label noinline: function inlined even when asked not to 
The label L_521_mont_reduce_9_nomask is therefore appearing more than
once in the compiled code.
Adding '%=' to the end of the label ensure it has a unique number
appended to it even when inlined.
 2025-11-10 20:05:41 +10:00
Daniel Pouzzner
9c1526c90d Merge pull request #9401 from cconlon/jniPublicMp 
Add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support
 2025-11-08 11:07:54 -06:00
Daniel Pouzzner
f977004dca Merge pull request #9400 from cconlon/ocspStaplingTls13MultiMktemp 
Use portable mktemp syntax in ocsp-stapling_tls13multi.test
 2025-11-08 11:07:28 -06:00
Daniel Pouzzner
9e9a7392d4 Merge pull request #9373 from julek-wolfssl/WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY 
Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards
 2025-11-08 11:04:43 -06:00
Daniel Pouzzner
ea4311666e Merge pull request #9367 from julek-wolfssl/wolfDTLS_accept_stateless-early-data 
wolfDTLS_accept_stateless: Fix handling for early data
 2025-11-08 11:04:19 -06:00
Daniel Pouzzner
8b3eaa0eff Merge pull request #9370 from gojimmypi/pr-watcom-update 
Update and pin Watcom to 2025-11-03-Build release
 2025-11-08 09:31:22 -06:00
Chris Conlon
fdec53c4c9 skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined 2025-11-07 17:09:30 -07:00
Chris Conlon
0cf3728ca0 update "--enable-jni --enable-all" combo to exclude QUIC and ECH, not compatible with WOLFSSL_TLS13_MIDDLEBOX_COMPAT 2025-11-07 16:50:41 -07:00
David Garske
b45217db00 Merge pull request #9402 from anhu/stsafe_doc 
Correction about how to get interface files.
 2025-11-07 13:59:45 -08:00
Anthony Hu
22ab16df97 Correction about how to get interface files. 2025-11-07 16:53:30 -05:00
Chris Conlon
88373d8cb5 add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support 2025-11-07 14:14:51 -07:00
JacobBarthelmeh
4f4826ae92 Merge pull request #9385 from anhu/not_len 
Use suites->hashSigAlgoSz when calling TLSX_SignatureAlgorithms_MapPss
 2025-11-07 13:49:30 -07:00
gojimmypi
8654599e61 Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC 2025-11-07 11:08:44 -08:00
JacobBarthelmeh
0d49df7735 update to GPLv3 exception list, add Fetchmail and OpenVPN 2025-11-07 12:06:29 -07:00
JacobBarthelmeh
4c5bc5f8fe Merge pull request #9387 from SparkiDev/tls12_cr_order 
TLS 1.2: client message order check
 2025-11-07 10:00:39 -07:00
JacobBarthelmeh
222f6084f8 Merge pull request #9399 from douzzer/20251106-linuxkm-PIE-inline-thunks 
20251106-linuxkm-PIE-inline-thunks
 2025-11-07 08:33:53 -07:00
Sean Parkinson
58bd6a8d94 TLS 1.2 CertificateVerify: validate sig alg matches peer key 
Don't proceed with parsing CertificateVerify message in TLS 1.2 if the
signature algorithm doesn't match the peer's key (key from client
certificate).
 2025-11-07 13:26:26 +10:00
JacobBarthelmeh
a96b35c0ff Merge pull request #9398 from toddouska/master 
Add GPLv2 exception list to LICENSING
 2025-11-06 17:19:59 -07:00
Chris Conlon
f208716b80 use portable mktemp syntax in scripts/ocsp-stapling_tls13multi.test for macOS compatibility 2025-11-06 16:54:23 -07:00
Daniel Pouzzner
53a20f4928 linuxkm/Kbuild: when ENABLED_LINUXKM_PIE, use inline thunks on all objects, not just PIE objects, to resolve false-positive "unpatched thunk" warnings on some kernels/configs. also cleans up flag setup more generally. 2025-11-06 17:37:07 -06:00
Sean Parkinson
f376c8d910 Merge pull request #9388 from lealem47/scan_build 
Various fixes for nightly tests
 2025-11-07 09:30:08 +10:00
Sean Parkinson
3416a0f70e Merge pull request #9393 from rlm2002/zd20756 
Integer overflow and dead code removal
 2025-11-07 09:27:05 +10:00
Todd Ouska
e02de78507 Add GPLv2 exception list to LICENSING 2025-11-06 15:18:57 -08:00
Sean Parkinson
98d84eb435 Merge pull request #9396 from julek-wolfssl/fil-c-674 
Updates the Fil-C version to 0.674
 2025-11-07 08:39:38 +10:00
JacobBarthelmeh
ca51fda3bb Merge pull request #9372 from SparkiDev/curve25519_no_lshift_neg_val 
Curve25519: lshift of a negative value is undefined in C
 2025-11-06 15:22:38 -07:00
Lealem Amedie
15ecc2e4da Update Rowley settings to define WOLFSSL_NO_SOCK 2025-11-06 15:11:49 -07:00
Ruby Martin
ec60d88f82 remove deadcode else statement when computing kid_type 2025-11-06 15:04:37 -07:00
Ruby Martin
9b2f7a371f remove duplicate keylen check (deadcode) 
wrap if statement in macro guard
 2025-11-06 15:04:37 -07:00
Ruby Martin
78f2e65da6 add cast to int64_t 2025-11-06 14:58:37 -07:00
Lealem Amedie
2b8f83fd8d Fixes for getrandom detection 2025-11-06 14:16:38 -07:00
Lealem Amedie
d3de6305e8 Exit wolfcrypt test if wolfCrypt_Init fails 2025-11-06 10:24:44 -07:00
Lealem Amedie
eecf82362e Check for getrandom declaration 2025-11-06 10:24:20 -07:00
Juliusz Sosinowicz
bd2cc5ba5c fixup! DTLS: Introduce custom I/O callbacks API and structure 2025-11-06 18:07:18 +01:00
Juliusz Sosinowicz
c2377fd266 DTLS: Clear userSet when peer is set in EmbedReceiveFrom 
This allows us to differentiate between the user explicitly setting a peer and wolfio setting it. When wolfio sets the peer, we want to be able to update the peer address while in stateless parsing (governed by the `newPeer` variable).
 2025-11-06 17:13:45 +01:00