wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-01 12:49:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,582 Commits 12 Branches 184 Tags
268326d875c0020bfb626f23c3f323ecfcffe104
Commit Graph

8421 Commits

Author SHA1 Message Date
Marco Oliverio
7db3c34e2b ocsp: enable OPENSSL tlsext status cb for NGINX and HAPROXY 2025-02-17 14:53:49 +00:00
Marco Oliverio
a1d1f0ddf1 ocsp: enable SSL_CTX_set_tlsext_status_cb only in OPENSSL_ALL 2025-02-17 11:29:09 +00:00
Marco Oliverio
0945101948 ocsp: fix: remove duplicated code 2025-02-17 11:25:24 +00:00
Marco Oliverio
1eecf326fd ocsp: use ocspReponse->heap in OcspFindSigner + minors 2025-02-17 08:59:29 +00:00
Marco Oliverio
c1c9af5cb6 minor: improve indentation of guards 2025-02-17 08:59:29 +00:00
Marco Oliverio
851d74fd69 ocsp-resp-refactor: address reviewer's comments 2025-02-17 08:59:29 +00:00
Marco Oliverio
3a3238eb9f ocsp: refactor wolfSSL_OCSP_response_get1_basic 
The internal fields of OcspResponse refer to the resp->source buffer.
Copying these fields is complex, so it's better to decode the response again.
 2025-02-17 08:58:03 +00:00
Marco Oliverio
f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify 
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
 2025-02-17 08:58:03 +00:00
Marco Oliverio
d7711f04ab openssl compat: skip OCSP response verification in statusCb 
This aligns with OpenSSL behavior
 2025-02-17 08:58:02 +00:00
Marco Oliverio
dedbb2526c ocsp: fix memory leaks in OpenSSL compat layer 2025-02-17 08:58:02 +00:00
David Garske
842b9a3709 Merge pull request #8433 from julek-wolfssl/dtls-cid-negative-tests 
Update DTLS CID Tests and Reorganize Test Utilities
 2025-02-14 11:26:57 -08:00
David Garske
29f2767b88 Merge pull request #8441 from philljj/wolfio_comments 
wolfio: comment ifdef endif blocks.
 2025-02-14 08:55:31 -08:00
David Garske
3075e57207 Whitespace and filename comment. 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz
7380ec68bb cmake.yml: fix error and run tests with ctest 2025-02-14 09:51:29 -06:00
jordan
f2bb063ca4 wolfio: peer review comment cleanup. 2025-02-14 08:36:26 -05:00
Daniel Pouzzner
60c1558142 Merge pull request #8447 from dgarske/memleak 
Fixed possible memory leaks
 2025-02-14 00:26:09 -06:00
Colton Willey
e197cdfb36 Fix memory leak in X509 STORE 2025-02-13 14:49:18 -08:00
David Garske
f943f6ff5c Fixed possible memory leaks reported by nielsdos in PR 8415 and 8414. 2025-02-13 08:20:37 -08:00
David Garske
846ba43a29 Merge pull request #8392 from SparkiDev/curve25519_blinding 
Curve25519: add blinding when using private key
 2025-02-12 16:20:51 -08:00
Sean Parkinson
365aac0306 Merge pull request #8393 from anhu/draft-tls-westerbaan-mldsa 
New codepoint for MLDSA
 2025-02-13 10:20:30 +10:00
Sean Parkinson
bb84ebfd7a Curve25519: add blinding when using private key 
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
 2025-02-13 08:52:35 +10:00
Anthony Hu
aa59eab732 More minor mods. Now interops with oqs-provider. 2025-02-12 17:17:22 -05:00
jordan
9dfcc6a477 wolfio: comment ifdef endif blocks. 2025-02-12 09:51:51 -05:00
Sean Parkinson
bcd89b0592 Merge pull request #8388 from julek-wolfssl/BN_CTX_get 
Implement BN_CTX_get
 2025-02-12 08:08:58 +10:00
David Garske
be5f203274 Merge pull request #8425 from philljj/ecdsa_mldsa_test_api 
dual alg: add ML-DSA test, and misc cleanup.
 2025-02-10 15:05:44 -08:00
jordan
557e43bcd7 dual alg: peer review cleanup, and more function comments. 2025-02-10 10:08:35 -05:00
jordan
937d6d404a dual alg: clean up comments and line lengths. 2025-02-07 09:22:16 -05:00
Daniel Pouzzner
1e17d737c8 "#undef _WINSOCKAPI_" after defining it to "block inclusion of winsock.h header file", to fix #warning in /usr/x86_64-w64-mingw32/usr/include/winsock2.h. 2025-02-06 18:41:20 -06:00
Sean Parkinson
ae8b8c4164 Read DER BIO: fix for when BIO data is less than seq buffer size 
wolfssl_read_der_bio did not not handle the length to be read from the
BIO being less than the size of the sequence buffer.
 2025-02-07 08:46:49 +10:00
jordan
035d4022fb dual alg: add ML-DSA test, and misc cleanup. 2025-02-06 15:50:37 -05:00
David Garske
60c5a0ac7f Peer review feedback. Thank you @jmalak 2025-02-04 14:32:24 -08:00
David Garske
345c969164 Fixes for Watcom compiler and new CI test 
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
 2025-02-04 12:38:52 -08:00
Daniel Pouzzner
b466bde5d0 src/internal.c and src/ssl.c: in CheckcipherList() and ParseCipherList(), refactor "while (next++)" to "while (next)" to avoid clang21 UndefinedBehaviorSanitizer "applying non-zero offset 1 to null pointer". 2025-02-04 12:07:29 -06:00
Juliusz Sosinowicz
8b7b9636aa Remove BN_CTX_init as its no longer in OpenSSL for a long time 2025-02-04 16:37:21 +01:00
Juliusz Sosinowicz
91bffeead3 wolfSSL_BN_CTX_get: prepend to list skipping need to traverse the list 2025-02-04 16:37:21 +01:00
Juliusz Sosinowicz
841d13e81c Implement BN_CTX_get 2025-02-04 16:37:21 +01:00
Sean Parkinson
92491e6368 TLS 1.3 HRR KeyShare: Improve comments 
HelloRetryRequest has the key exchange group it wants to use.
A KeyShare for that group must not have been in the ClientHello.
 2025-02-04 10:16:27 +10:00
Sean Parkinson
eb15a1213c Merge pull request #8416 from embhorn/zd19323 
Clear old ssl->error after retry
 2025-02-04 08:54:10 +10:00
Eric Blankenhorn
e9892c22a2 Clear old ssl->error after retry 2025-02-03 14:18:09 -06:00
Eric Blankenhorn
b488af1d34 Fix compat layer ASN1_TIME_diff to accept NULL output params 2025-01-31 15:55:35 -06:00
Sean Parkinson
3f47963802 Merge pull request #8396 from douzzer/20250129-CT-tweaks 
20250129-CT-tweaks
 2025-01-31 09:10:22 +10:00
Juliusz Sosinowicz
c36d23029f dtls: malloc needs to allocate the size of the dereferenced object 2025-01-30 18:32:22 +01:00
Juliusz Sosinowicz
9a8bc248de dtls: remove dead code 2025-01-30 18:32:22 +01:00
Juliusz Sosinowicz
3cd64581eb dtls: better sanitize incoming messages in stateless handling 2025-01-30 18:32:22 +01:00
Juliusz Sosinowicz
2590aebfd9 dtls13: don't overrun hdr->epoch 2025-01-30 17:59:48 +01:00
Daniel Pouzzner
0de38040f4 CT tweaks: 
in wolfcrypt/src/coding.c, add ALIGN64 to hexDecode[], and add hexEncode[] for use by Base16_Encode();

in wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h:

move ctMask*() up so that min() and max() can use them, and add ctMaskWord32GTE();

add ALIGN64 to kHexChar[];

add CT implementation of CharIsWhiteSpace();

remove min_size_t() and max_size_t() recently added, but only one user (refactored).
 2025-01-30 01:24:40 -06:00
Juliusz Sosinowicz
e3a612300b Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 ipd 
Implemented based on the NIST Initial Public Draft "NIST SP 800-232 ipd". Testing based on KAT's available at https://github.com/ascon/ascon-c. Added configuration for testing in github action.
 2025-01-29 11:02:47 +01:00
David Garske
ed390e472d Merge pull request #8373 from julek-wolfssl/libimobiledevice-1.3.0 
Changes for libimobiledevice 860ffb
 2025-01-27 07:52:06 -08:00
Juliusz Sosinowicz
89aba661fc Changes for libimobiledevice 860ffb 2025-01-27 12:56:49 +01:00
Daniel Pouzzner
b41d46a158 src/ssl.c and src/ssl_load.c: fix syntax flubs in WOLFSSL_DILITHIUM_FIPS204_DRAFT paths. 2025-01-25 10:11:25 -06:00