Commit Graph

28332 Commits

Author SHA1 Message Date
Josh Holtrop 3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00
Sean Parkinson b7ade58c52 SP label noinline: function inlined even when asked not to
The label L_521_mont_reduce_9_nomask is therefore appearing more than
once in the compiled code.
Adding '%=' to the end of the label ensure it has a unique number
appended to it even when inlined.
2025-11-10 20:05:41 +10:00
Daniel Pouzzner 9c1526c90d Merge pull request #9401 from cconlon/jniPublicMp
Add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support
2025-11-08 11:07:54 -06:00
Daniel Pouzzner f977004dca Merge pull request #9400 from cconlon/ocspStaplingTls13MultiMktemp
Use portable mktemp syntax in ocsp-stapling_tls13multi.test
2025-11-08 11:07:28 -06:00
Daniel Pouzzner 9e9a7392d4 Merge pull request #9373 from julek-wolfssl/WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards
2025-11-08 11:04:43 -06:00
Daniel Pouzzner ea4311666e Merge pull request #9367 from julek-wolfssl/wolfDTLS_accept_stateless-early-data
wolfDTLS_accept_stateless: Fix handling for early data
2025-11-08 11:04:19 -06:00
Daniel Pouzzner 8b3eaa0eff Merge pull request #9370 from gojimmypi/pr-watcom-update
Update and pin Watcom to 2025-11-03-Build release
2025-11-08 09:31:22 -06:00
Chris Conlon fdec53c4c9 skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined 2025-11-07 17:09:30 -07:00
Chris Conlon 0cf3728ca0 update "--enable-jni --enable-all" combo to exclude QUIC and ECH, not compatible with WOLFSSL_TLS13_MIDDLEBOX_COMPAT 2025-11-07 16:50:41 -07:00
David Garske b45217db00 Merge pull request #9402 from anhu/stsafe_doc
Correction about how to get interface files.
2025-11-07 13:59:45 -08:00
Anthony Hu 22ab16df97 Correction about how to get interface files. 2025-11-07 16:53:30 -05:00
Chris Conlon 88373d8cb5 add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support 2025-11-07 14:14:51 -07:00
JacobBarthelmeh 4f4826ae92 Merge pull request #9385 from anhu/not_len
Use suites->hashSigAlgoSz when calling TLSX_SignatureAlgorithms_MapPss
2025-11-07 13:49:30 -07:00
gojimmypi 8654599e61 Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC 2025-11-07 11:08:44 -08:00
JacobBarthelmeh 0d49df7735 update to GPLv3 exception list, add Fetchmail and OpenVPN 2025-11-07 12:06:29 -07:00
JacobBarthelmeh 4c5bc5f8fe Merge pull request #9387 from SparkiDev/tls12_cr_order
TLS 1.2: client message order check
2025-11-07 10:00:39 -07:00
JacobBarthelmeh 222f6084f8 Merge pull request #9399 from douzzer/20251106-linuxkm-PIE-inline-thunks
20251106-linuxkm-PIE-inline-thunks
2025-11-07 08:33:53 -07:00
Sean Parkinson 58bd6a8d94 TLS 1.2 CertificateVerify: validate sig alg matches peer key
Don't proceed with parsing CertificateVerify message in TLS 1.2 if the
signature algorithm doesn't match the peer's key (key from client
certificate).
2025-11-07 13:26:26 +10:00
JacobBarthelmeh a96b35c0ff Merge pull request #9398 from toddouska/master
Add GPLv2 exception list to LICENSING
2025-11-06 17:19:59 -07:00
Chris Conlon f208716b80 use portable mktemp syntax in scripts/ocsp-stapling_tls13multi.test for macOS compatibility 2025-11-06 16:54:23 -07:00
Daniel Pouzzner 53a20f4928 linuxkm/Kbuild: when ENABLED_LINUXKM_PIE, use inline thunks on all objects, not just PIE objects, to resolve false-positive "unpatched thunk" warnings on some kernels/configs. also cleans up flag setup more generally. 2025-11-06 17:37:07 -06:00
Sean Parkinson f376c8d910 Merge pull request #9388 from lealem47/scan_build
Various fixes for nightly tests
2025-11-07 09:30:08 +10:00
Sean Parkinson 3416a0f70e Merge pull request #9393 from rlm2002/zd20756
Integer overflow and dead code removal
2025-11-07 09:27:05 +10:00
Todd Ouska e02de78507 Add GPLv2 exception list to LICENSING 2025-11-06 15:18:57 -08:00
Sean Parkinson 98d84eb435 Merge pull request #9396 from julek-wolfssl/fil-c-674
Updates the Fil-C version to 0.674
2025-11-07 08:39:38 +10:00
JacobBarthelmeh ca51fda3bb Merge pull request #9372 from SparkiDev/curve25519_no_lshift_neg_val
Curve25519: lshift of a negative value is undefined in C
2025-11-06 15:22:38 -07:00
Lealem Amedie 15ecc2e4da Update Rowley settings to define WOLFSSL_NO_SOCK 2025-11-06 15:11:49 -07:00
Ruby Martin ec60d88f82 remove deadcode else statement when computing kid_type 2025-11-06 15:04:37 -07:00
Ruby Martin 9b2f7a371f remove duplicate keylen check (deadcode)
wrap if statement in macro guard
2025-11-06 15:04:37 -07:00
Ruby Martin 78f2e65da6 add cast to int64_t 2025-11-06 14:58:37 -07:00
Lealem Amedie 2b8f83fd8d Fixes for getrandom detection 2025-11-06 14:16:38 -07:00
Lealem Amedie d3de6305e8 Exit wolfcrypt test if wolfCrypt_Init fails 2025-11-06 10:24:44 -07:00
Lealem Amedie eecf82362e Check for getrandom declaration 2025-11-06 10:24:20 -07:00
Juliusz Sosinowicz bd2cc5ba5c fixup! DTLS: Introduce custom I/O callbacks API and structure 2025-11-06 18:07:18 +01:00
Juliusz Sosinowicz c2377fd266 DTLS: Clear userSet when peer is set in EmbedReceiveFrom
This allows us to differentiate between the user explicitly setting a peer and wolfio setting it. When wolfio sets the peer, we want to be able to update the peer address while in stateless parsing (governed by the `newPeer` variable).
2025-11-06 17:13:45 +01:00
Juliusz Sosinowicz 975033c64f DTLS: Introduce returnOnGoodCh option for early ClientHello processing return 2025-11-06 17:13:45 +01:00
Juliusz Sosinowicz 6e826583a3 DTLS: Add tests for custom I/O callbacks and stateless handling with wolfio 2025-11-06 17:13:45 +01:00
Juliusz Sosinowicz 0d7fe2f0a4 DTLS: Introduce custom I/O callbacks API and structure 2025-11-06 17:13:45 +01:00
Juliusz Sosinowicz 3ebc0c5f99 Update logs 2025-11-06 16:39:48 +01:00
Juliusz Sosinowicz ed970e7cd8 Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards 2025-11-06 16:35:11 +01:00
Juliusz Sosinowicz 0355a31192 Updates the Fil-C version to 0.674 2025-11-06 13:48:32 +01:00
Lealem Amedie 08db159c5d Fixes for minor scan-build warnings 2025-11-05 21:27:06 -07:00
lealem47 9780137962 Merge pull request #9394 from JacobBarthelmeh/caam
avoid warning when building without user_settings.h and options.h
2025-11-05 17:24:19 -07:00
Sean Parkinson 3ec882cd66 Merge pull request #9380 from julek-wolfssl/ip-addr-check
Improve domain and IP address matching in certificate verification
2025-11-06 09:49:07 +10:00
Sean Parkinson aba0246550 Merge pull request #9389 from holtrop/rust-wc-pbkdf2
Rust wrapper: add PBKDF2 and PKCS #12 PBKDF wrappers
2025-11-06 09:46:04 +10:00
Sean Parkinson b0a7f5938c Merge pull request #9379 from holtrop/rust-wc-ed448
Rust wrapper: add wolfssl::wolfcrypt::ed448 module
2025-11-06 09:38:32 +10:00
JacobBarthelmeh 8077551ba8 avoid warning when building without user_settings.h and options.h for QNX CAAM 2025-11-05 16:03:09 -07:00
Sean Parkinson aa0b37a7e5 Merge pull request #9384 from night1rider/crypto-callback-return-fix
Reset Return to Success if fallback to software Copy Callbacks Sha
2025-11-06 08:50:00 +10:00
Sean Parkinson fe69a7cf5a Merge pull request #9390 from kaleb-himes/test-code-bug-fix
Addressing a bug in the test logic
2025-11-06 08:49:15 +10:00
Sean Parkinson 97e9fa09bd Merge pull request #9330 from rizlik/dtls13_want_write_fix
Dtls13: Fix handshake hangs on WANT_WRITE I/O error
2025-11-06 08:31:29 +10:00