Commit Graph

28332 Commits

Author SHA1 Message Date
Daniel Pouzzner 7bbd28d369 wolfcrypt/src/aes.c: fix clang-diagnostic-unreachable-code in AesSetKey_C(). 2025-12-26 18:13:44 -06:00
Daniel Pouzzner 283792c207 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_startup(), deinstall the callbacks and stdrng first before checking refcnt. 2025-12-26 16:41:43 -06:00
Kareem 7d04a53a6c Update X509_get_default_cert_* stubs to return empty strings.
According to the documentation, these functions must return static strings, so NULL was not valid.

Fixes #6474.
2025-12-26 15:26:05 -07:00
Kareem 6145f3aba2 Fix incorrect alert being sent when wolfSSL receives unexpected PSK extension.
Fixes #9503.
2025-12-26 15:24:14 -07:00
Kareem a7b83b06c1 Alert on out of order message with unexpected_message.
Fixes #9531.
2025-12-26 15:23:23 -07:00
Daniel Pouzzner 3b3ddd1fb4 wolfcrypt/src/random.c: in wc_GenerateSeed(), move the gate closures for !FORCE_FAILURE_RDSEED and !ENTROPY_MEMUSE_FORCE_FAILURE to follow the /dev/urandom fallback method. 2025-12-26 14:16:11 -06:00
Kareem 17b6ce7b7b Add parenthesis around XBADFD. 2025-12-26 12:38:54 -07:00
Kareem d09b5ee1f1 Add duplicate entry error to distinguish cases where a duplicate CRL is rejected. 2025-12-26 12:02:35 -07:00
Daniel Pouzzner b487287abf wolfcrypt/benchmark/benchmark.c: smallstack refactor of bench_mlkem_encap() 2025-12-26 12:45:26 -06:00
Josh Holtrop bbac280890 Rust wrapper: add wolfssl_wolfcrypt::blake2 module 2025-12-26 13:02:27 -05:00
David Garske 77d9410aa0 Add missing API documentation for Doxygen:
This PR adds Doxygen documentation for native wolfSSL API functions that were previously undocumented. It includes documentation notes for APIs gated on specific preprocessor macros:

- WOLF_PRIVATE_KEY_ID: _Id and _Label init helpers (wc_AesInit_Id, wc_AesInit_Label, wc_ecc_init_id, wc_ecc_init_label, wc_InitRsaKey_Id, wc_InitRsaKey_Label) require this for PKCS11 support

- WC_NO_CONSTRUCTORS: New/Delete constructor functions (wc_AesNew/Delete, wc_curve25519_new/delete, wc_ed25519_new/delete, wc_NewRsaKey/DeleteRsaKey) are only available when this is not defined. WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is defined.

- WOLFSSL_PUBLIC_ASN: ASN functions marked with WOLFSSL_ASN_API include  notes indicating they are not public by default

- WOLFSSL_DUAL_ALG_CERTS: wc_GeneratePreTBS and wc_MakeSigWithBitStr for Post-Quantum dual algorithm certificate signing

The New/Delete functions are documented as being exposed to support allocation of structures using dynamic memory to provide better ABI compatibility.
2025-12-26 08:41:56 -08:00
David Garske 73ee89a2fc Improve no-void-functions rule 2025-12-26 08:06:37 -08:00
David Garske e70e7cb144 Merge pull request #9583 from kareem-wolfssl/gh8152_2
Update CMake logic to allow WOLFSSL_SYS_CA_CERTS without filesystem support on Windows/Mac.
2025-12-26 07:48:43 -08:00
David Garske 1744c11686 Merge pull request #9570 from kareem-wolfssl/variousFixes
Add SSL_get_rfd and SSL_get_wfd.  Various documentation updates.
2025-12-26 07:47:17 -08:00
David Garske c3e65153cc Improve the Devin lifeguard coding standard rules 2025-12-26 07:39:37 -08:00
David Garske 48d6811e04 Merge pull request #9582 from douzzer/20251224-wc_GenerateSeed-unreachable-code
20251224-wc_GenerateSeed-unreachable-code
2025-12-26 07:38:07 -08:00
Koji Takeda 51d49658d4 Update Japanese RSA API document 2025-12-26 09:16:33 +09:00
Kareem 0a02f5ef6b Code review feedback 2025-12-24 17:12:40 -07:00
Kareem 496d124736 Merge remote-tracking branch 'upstream/master' into gh7197 2025-12-24 17:05:04 -07:00
Kareem f98229554b Update CMake logic to allow WOLFSSL_SYS_CA_CERTS without filesystem support on Windows/Mac. 2025-12-24 17:02:25 -07:00
Daniel Pouzzner f4f4c7cfae src/ssl.c: fix clang-analyzer-deadcode.DeadStores in check_cert_key(). 2025-12-24 17:49:33 -06:00
Daniel Pouzzner a944575e4b wolfcrypt/src/random.c: fix clang-diagnostic-unreachable-code in wc_GenerateSeed(). 2025-12-24 17:48:37 -06:00
Takashi Kojo ff14797c3a Merge pull request #9552 from tamasan238/pr9458
[JA] Fix issues with the API documentation
2025-12-25 08:28:21 +09:00
Daniel Pouzzner 019a420187 Merge pull request #9568 from kareem-wolfssl/zd20947
Add a flag which allows requesting exactly SEED_SZ and using the full seed to instantiate the DRBG during RNG init.
2025-12-24 17:03:26 -06:00
Takashi Kojo 09ce46e2d5 Merge pull request #9581 from tamasan238/pr9578
[JA] Correct the API docs for wolfSSL_write_early_data()
2025-12-25 07:34:57 +09:00
Masaki I. ee8fcf9d36 [JA] Correct the API docs for wolfSSL_write_early_data() 2025-12-24 14:53:10 +09:00
David Garske 2354ea196b Merge pull request #9513 from rizlik/dtls_header_fix
fix DTLS header headroom accounting
2025-12-23 17:20:12 -08:00
David Garske 0fae0a7ba6 Merge pull request #9397 from rizlik/earlydata_want_write_fixes
wolfssl: preserve early-data handling across WANT_WRITE retries
2025-12-23 17:19:39 -08:00
David Garske d885749c09 Merge pull request #9561 from miyazakh/renesas_ssp_upgrade
add Renesas SK-S7G2 support
2025-12-23 15:15:45 -08:00
David Garske 57ef8a7caf Merge pull request #9574 from anhu/dtls_guard
Guard a bit of DTLS code.
2025-12-23 15:03:46 -08:00
David Garske 18176392fa Merge pull request #9576 from douzzer/20251222-linuxkm-PK-initrng-optimize
20251222-linuxkm-PK-initrng-optimize
2025-12-23 15:02:53 -08:00
Marco Oliverio 149bf19b4c split overlong line 2025-12-23 23:41:52 +01:00
Marco Oliverio 2e63845531 use wolfssl_local as local functions prefix 2025-12-23 23:39:07 +01:00
David Garske 96e2e80108 Add new coding standard for local (internal) function names. 2025-12-23 14:32:08 -08:00
Marco Oliverio bafb8e56d5 use wolfssl_local_ as local functions prefix 2025-12-23 23:32:08 +01:00
Kareem 06d8f69dac Separate new /dev/urandom opening logic into a new section in wc_GenerateSeed. 2025-12-23 14:52:52 -07:00
Kareem cb81cc8ce6 Merge remote-tracking branch 'upstream/master' into gh7197 2025-12-23 14:43:57 -07:00
Hideki Miyazaki ba63d81441 add .gitignore to include.am 2025-12-24 06:36:08 +09:00
Hideki Miyazaki 75fad16f20 addressed code review comments 2025-12-24 05:59:09 +09:00
Anthony Hu 40327b7fe3 Binary consts to hexidecimal. C2X feature. 2025-12-23 14:45:36 -05:00
Daniel Pouzzner b66f1b78a7 peer/Devin review:
* in get_crypto_default_rng() (linuxkm/lkcapi_sha_glue.c), sanity check that crypto_default_rng isn't null;
* in wc_InitRsaKey_ex(), remove frivolous NULL/zero assignments (XMEMSET clears them implicitly);
* in wc_CheckRsaKey(), check ret from wc_InitRng() and short circuit return if failed.
2025-12-23 13:05:40 -06:00
Daniel Pouzzner da4fc4921e tests/api/test_ed25519.c: in test_wc_Ed25519PublicKeyToDer(), on old FIPS, tolerate old error code from wc_Ed25519PublicKeyToDer(). 2025-12-23 12:25:10 -06:00
Daniel Pouzzner cd88a8ae88 peer review -- add !WC_NO_RNG gates around WC_RNG changes in wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h. 2025-12-23 11:41:59 -06:00
David Garske d36bfabe18 Merge pull request #9560 from JacobBarthelmeh/clang
fix for shadows global declaration warning
2025-12-23 08:54:50 -08:00
David Garske 9de98cee73 Merge pull request #9569 from kareem-wolfssl/gh8152
Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
2025-12-23 08:53:51 -08:00
Anthony Hu c03c2dd541 Add tests 2025-12-23 11:48:57 -05:00
David Garske 70165c517b Merge pull request #9571 from mattia-moffa/20251222-sniffer-uint-underflow-vuln
Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM
2025-12-23 08:37:50 -08:00
David Garske 776b31267c Merge pull request #9466 from SparkiDev/tls13_pt_alert_when_enc
TLS 1.3, plaintext alert: ignore when expecting encrypted
2025-12-23 08:37:00 -08:00
David Garske 86808b8a9b Merge pull request #9578 from anhu/early_data_doc
Correct the API docs for wolfSSL_write_early_data()
2025-12-23 08:14:10 -08:00
David Garske 8f089cdcfe Merge pull request #9508 from SparkiDev/ppc32_sha256_asm_pic
PPC32 SHA-256 ASM: support compiling for PIC
2025-12-23 08:12:50 -08:00