Commit Graph

28332 Commits

Author SHA1 Message Date
Josh Holtrop c61ac22e89 Rust wrapper: enable conditional compilation based on C library build options 2025-11-14 10:44:25 -05:00
Josh Holtrop dd3b9260f9 Rust wrapper: merge wolfssl-sys crate into wolfssl crate 2025-11-14 10:44:06 -05:00
philljj 50c5028c5a Merge pull request #9432 from douzzer/20251114-atomic-default-c
20251114-atomic-default-c
2025-11-14 10:34:24 -05:00
Daniel Pouzzner 135bb66352 wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: use stdatomic.h implementation as C default when available, as before, for proper type annotation in objects. 2025-11-14 07:54:14 -06:00
Sean Parkinson 10a60fc41b Merge pull request #9427 from douzzer/20251113-ZD20815
20251113-ZD20815
2025-11-14 11:50:16 +10:00
jackctj117 5e2fd78113 Suppress unused parameter warning 2025-11-13 18:32:00 -07:00
Daniel Pouzzner 7916db78e8 wolfcrypt/src/wc_port.c and wolfssl/wolfcrypt/wc_port.h: change precedence of atomic implementations, and don't use the stdatomic.h in C++ builds (not compatible);
fix the name of the wolfSSL_Atomic_Ptr_CompareExchange() implementation in the _MSC_VER code path.
2025-11-13 17:28:19 -06:00
Daniel Pouzzner c430cc75ea src/ssl.c and wolfssl/ssl.h: fix signature on wolfSSL_CTX_get0_privatekey() -- ctx is not const;
wolfcrypt/src/wc_port.c and wolfssl/wolfcrypt/wc_port.h: tweak gates on atomic implementations to maximize availability within currently supported targets;

fix some whitespace.
2025-11-13 17:11:52 -06:00
Daniel Pouzzner 26ba6344f2 add wolfSSL_Atomic_Ptr_CompareExchange(); mitigate race on ctx->privateKeyPKey in wolfSSL_CTX_get0_privatekey(). 2025-11-13 16:25:49 -06:00
JacobBarthelmeh c63ca04228 convert to type int for return value 2025-11-13 12:17:04 -07:00
JacobBarthelmeh d06221c16e with decode enveloped data track total encrypted content size 2025-11-13 12:08:46 -07:00
jackctj117 29c2f15a8f Add #ifdef guards to cipher suite checks 2025-11-13 10:06:07 -07:00
David Garske 6ff57b8045 Merge pull request #9419 from rlm2002/coverity
Uninitialized variable fix
2025-11-13 08:58:00 -08:00
David Garske 4f3586fe58 Merge pull request #9421 from SparkiDev/mlkem_to_bytes_fix
ML-KEM to bytes C: not reducing all values
2025-11-13 08:57:31 -08:00
David Garske 082943649b Merge pull request #9422 from SparkiDev/ecc_sign_hash_inlen_check
ECC sign hash: only allow up to max digest size
2025-11-13 08:55:53 -08:00
effbiae de0d3e610d refactor to ExportEccTempKey, DhSetKey and others 2025-11-13 14:49:26 +11:00
Sean Parkinson 6c30186168 ECC sign hash: only allow up to max digest size
Validate that the hash passed in is of an appropriate length - not
greater than the maximum digest size.
2025-11-13 11:53:51 +10:00
Sean Parkinson b272f784ec ML-KEM to bytes C: not reducing all values
Call to mlkem_csubq_c was only called on first array.
Fixed to do it for all.
2025-11-13 10:42:07 +10:00
David Garske 5a8411a1ad Merge pull request #9418 from SparkiDev/tls13_ks_dup_check_fix
TLS 1.3 duplicate KeyShare entry fix
2025-11-12 16:09:11 -08:00
David Garske f53191bae2 Merge pull request #9416 from julek-wolfssl/priv-key-blinding
Fix errors when blinding private keys
2025-11-12 16:09:03 -08:00
jackctj117 c56ea55f89 Fix TLS 1.3 cipher suite selection when TLS 1.2 ciphers precede TLS 1.3 ciphers 2025-11-12 17:03:06 -07:00
Ruby Martin b2336c57ce initialize ctype variable 2025-11-12 16:48:52 -07:00
Sean Parkinson 1ec18949bc TLS 1.3 duplicate KeyShare entry fix
Fix comparison to be greater than or equal in case count is incremented
after maxing out.
2025-11-13 08:23:19 +10:00
David Garske e78752f3b2 Merge pull request #9407 from holtrop/rust-heap-devid-cleanup
Rust wrapper: support optional heap and dev_id parameters
2025-11-12 13:50:45 -08:00
David Garske 7cfffd5bbc Merge pull request #9308 from kareem-wolfssl/zd20603
Add IPv6 support to wolfSSL_BIO_new_accept and wolfIO_TcpBind.
2025-11-12 11:09:17 -08:00
Josh Holtrop 40c471e20d Rust wrapper: fix cmac documentation 2025-11-12 13:41:08 -05:00
David Garske 92fffa166b Merge pull request #9413 from JacobBarthelmeh/lic
update to GPLv3 exception list, add Fetchmail and OpenVPN
2025-11-12 10:12:29 -08:00
David Garske 3fe534e3a2 Merge pull request #9403 from gojimmypi/pr-lms-unary-fix
Fix LMS C4146 unary minus warning in MSVC, new param check
2025-11-12 08:40:33 -08:00
Juliusz Sosinowicz 32911dc6b8 Add blinding to CI 2025-11-12 17:12:35 +01:00
Juliusz Sosinowicz 4b7c052ee9 test_wolfSSL_inject: don't call accept on completed handshake 2025-11-12 17:12:22 +01:00
Juliusz Sosinowicz d1c321abdc Don't override errors when blinding the priv key 2025-11-12 17:12:22 +01:00
Josh Holtrop df99227dc8 Rust wrapper: use _ex APIs for heap and dev_id variants 2025-11-12 09:50:20 -05:00
gojimmypi ca920edbd0 Fix LMS C4146 unary minus warning in MSVC, new param check 2025-11-11 19:26:52 -08:00
Kareem fbb7ae2257 Add NULL check to wolfSSL_BIO_new_accept. 2025-11-11 16:20:09 -07:00
Kareem 3296e6a1f0 Merge remote-tracking branch 'upstream/master' into zd20603 2025-11-11 16:15:22 -07:00
David Garske 6914f08f5e Merge pull request #9391 from holtrop/check-dup-extensions-fix
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
2025-11-11 14:05:14 -08:00
Josh Holtrop 798b16dcef Address more code review feedback for PR 9391 2025-11-11 15:36:28 -05:00
Josh Holtrop 32b00fd10b Address code review feedback for PR 9391 2025-11-11 14:06:44 -05:00
David Garske 4c273a6f3f Merge pull request #9404 from cconlon/jniNoQuicEch
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
2025-11-11 09:42:38 -08:00
David Garske e323fb9675 Merge pull request #9410 from SparkiDev/multi_arch_opt
Workflow: multiple architectures with different -O levels
2025-11-11 09:42:21 -08:00
David Garske 2db1c7a522 Merge pull request #9395 from SparkiDev/tls12_cv_sig_check
TLS 1.2 CertificateVerify: validate sig alg matches peer key
2025-11-11 09:18:11 -08:00
JacobBarthelmeh 4da365214a Merge pull request #9412 from SparkiDev/regression_fixes_21
Regression testing fixes
2025-11-11 09:32:43 -07:00
Sean Parkinson d84564217c Regression testing fixes
Fix #ifdef protection for AES tests.
2025-11-11 21:46:04 +10:00
Sean Parkinson 702f6ce94f Workflow: multiple architectures with different -O levels
Test configurations with different optimization levels: -O2, -O3, -O1,
-O0, -Os, -Ofast
2025-11-11 17:50:48 +10:00
Sean Parkinson f54ca0d481 TLS 1.2 CertificateVerify: req sig alg to have been in CR
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.

The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
2025-11-11 13:20:46 +10:00
David Garske 967f520c28 Merge pull request #9408 from anhu/stateful_integ_deprecate
Deprecate LMS and XMSS integrations.
2025-11-10 15:17:51 -08:00
JacobBarthelmeh 0fa2274a16 Merge pull request #9406 from SparkiDev/sp_label_noinline
SP label noinline: function inlined even when asked not to
2025-11-10 14:52:14 -07:00
Anthony Hu 0771bc42d6 Deprecate LMS and XMSS integrations. 2025-11-10 15:13:06 -05:00
Josh Holtrop 4102f8272e Rust wrapper: support optional heap and dev_id parameters 2025-11-10 13:53:51 -05:00
David Garske 2c47675194 Merge pull request #9333 from gojimmypi/pr-msvc-random
Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC
2025-11-10 08:33:54 -08:00