Commit Graph

28332 Commits

Author SHA1 Message Date
Sean Parkinson abfcb7122c KCAPI ECC: initialize mp_ints
Was not initializing mp_ints and it is needed now.
2025-10-07 20:59:27 +10:00
Sean Parkinson 9d546acd03 Merge pull request #9200 from effbiae/build-msg-or-hash-output
refactor to BuildMsgOrHashOutput()
2025-10-07 08:20:20 +10:00
David Garske 92a47829fa Merge pull request #8674 from JacobBarthelmeh/pkcs7_stream
Fix to advance past multiple recipients
2025-10-06 11:27:03 -07:00
Josh Holtrop ab5d9ad1b8 Rust wrapper: add wolfssl::wolfcrypt::rsa module 2025-10-06 14:10:53 -04:00
David Garske d4242fa026 Merge pull request #9272 from julek-wolfssl/cov-20251006
Handle coverity reported errors
2025-10-06 10:57:20 -07:00
JacobBarthelmeh 68eb8b70d1 Merge pull request #9271 from rizlik/cryptocb_sha512_family_fix
cryptocb: sha512_family: try specific digest length hashtype first
2025-10-06 11:38:57 -06:00
Daniel Pouzzner f854795c02 Merge pull request #9263 from holtrop/rsa-const-pointers
RSA API: use const pointers and clean up some comments
2025-10-06 11:55:04 -05:00
JacobBarthelmeh 7128932eff avoid attempt of key decode and free buffer if incorrect recipient found 2025-10-06 10:48:59 -06:00
David Garske dcafe9adf2 Add STM32H5 PKA support. 2025-10-06 18:38:09 +02:00
David Garske fe7b6f1651 Add missing TimeNowInMilliseconds for FreeRTOS 2025-10-06 18:38:09 +02:00
David Garske c349001d94 Move the STM32 hash options into STM32_HASH. Fix for realloc. Improve docs for hcom_uart. Fix issue with detecting RTC and incorrectly setting NO_ASN_TIME. 2025-10-06 18:38:09 +02:00
David Garske ee77094dd6 Fixes to get STM32N6 hash and GMAC working 2025-10-06 18:38:09 +02:00
Juliusz Sosinowicz f6be6c8b6d Add timeout assertions to DTLS test 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
David Garske 874633da38 Merge pull request #9270 from effbiae/sm3-free-x2
double free -- should be o_hash
2025-10-06 08:41:30 -07:00
Juliusz Sosinowicz 32e24e8199 Suppress Coverity deadcode warning in test_ocsp_tls_cert_cb 2025-10-06 16:26:45 +02:00
Juliusz Sosinowicz a9ad5181e6 tls13: remove dead code in SetupOcspResp csr assignment 2025-10-06 16:21:47 +02:00
Juliusz Sosinowicz 303401b047 Refactor certificate status handling to use word32 2025-10-06 16:19:54 +02:00
Marco Oliverio fc348da28f fix: escape error code operands 2025-10-06 14:47:13 +02:00
Marco Oliverio 9cbc3f97e5 cryptocb: sha512_family: try specific digest length hashtype first
If the cryptocb provider supports specific SHA512/224 and SHA512/256
hashtype, this commit allows to:

1. avoid a copy
2. do not touch the output buffer outside of the cryptocb handler

2 might be important for cryptocb provider that needs special handling
of memory buffer (DMA, memory mapping).
2025-10-06 11:42:23 +02:00
effbiae a53f0cd3fa double free -- should be o_hash 2025-10-05 19:13:50 +11:00
Kaleb Himes 99c983d44f Merge pull request #9269 from douzzer/20251002-linuxkm-fencepost-and-fortify-tweaks
20251002-linuxkm-fencepost-and-fortify-tweaks
2025-10-03 17:01:45 -06:00
JacobBarthelmeh fca3028395 advance index past recipent set in non stream case too 2025-10-03 15:55:35 -06:00
Daniel Pouzzner 781c9bb990 Merge pull request #9268 from dgarske/cryptocb_only
Remove the `NO_WRITE_TEMP_FILES` test.c logic added in #9194
2025-10-03 16:39:59 -05:00
Daniel Pouzzner 46fd3d60f9 linuxkm/Kbuild: activate linker script with backward-compatible construct (tests good on 4.4);
linuxkm/linuxkm_wc_port.h: completely inhibit CONFIG_FORTIFY_SOURCE across the module when HAVE_LINUXKM_PIE_SUPPORT, for fidget-free backward compat;

linuxkm/module_hooks.c:
* add startup-time sanity check on fenceposts,
* enhance DEBUG_LINUXKM_PIE_SUPPORT with coverage for WOLFSSL_TEXT_SEGMENT_CANONICALIZER on the entire text segment,
* compute and report a hash on the stabilized text segment,
* fix wc_linuxkm_normalize_relocations() to allow span end == __wc_text_end, and
* add numerous verbose pr_err()s when DEBUG_LINUXKM_PIE_SUPPORT.
2025-10-03 15:07:56 -05:00
JacobBarthelmeh 4e92920a7f cast variable to word32 for compare 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 12cfca4060 account for no AES build and add err trace macro 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 7a5e97e30e adjustment for recipient index advancement 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 6987304f42 Fix to advance past multiple recipients 2025-10-03 13:51:15 -06:00
David Garske d2be867b51 Remove the NO_WRITE_TEMP_FILES test.c logic added in #9194 2025-10-03 10:40:11 -07:00
David Garske ac23b48283 Merge pull request #9144 from julek-wolfssl/ocsp-callbacks
tls ocsp: support lazy cert loading with ocsp stapling
2025-10-03 09:47:55 -07:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
effbiae 2adae90a5d refactor to BuildMsgOrHashOutput 2025-10-03 11:41:57 +10:00
Sean Parkinson ea4554c941 Merge pull request #9234 from effbiae/TLSX_WriteWithEch
restore inner server name in TLSX_WriteWithEch
2025-10-03 09:20:40 +10:00
Sean Parkinson d8d3a7a22d Merge pull request #9190 from colmenero/hmacCopy-sm3-issue-9187
Add SM3 in wolfSSL_HmacCopy
2025-10-03 09:10:03 +10:00
Sean Parkinson e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
2025-10-03 08:28:02 +10:00
Daniel Pouzzner 5804ba759a Merge pull request #9194 from dgarske/cryptocb_only_test
Fixes for crypto callback only (no filesystem and keygen)
2025-10-02 16:52:31 -05:00
David Garske 5501111e77 Merge pull request #9265 from douzzer/20251002-misc-clang-tidy-and-fips-fixes
20251002-misc-clang-tidy-and-fips-fixes
2025-10-02 14:38:14 -07:00
Daniel Pouzzner 408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero();
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
2025-10-02 14:38:05 -05:00
Josh Holtrop c36c39af0a RSA API: use const pointers and clean up some comments 2025-10-02 15:28:43 -04:00
David Garske db6a4dfedb Merge pull request #9238 from effbiae/X509PrintSubjAltName
refactor X509PrintSubjAltName
2025-10-02 11:53:22 -07:00
David Garske 6de0b93a08 Merge pull request #9262 from julek-wolfssl/ascon-h-comment
ascon.h: Correct the placement of the AsconAEAD API comment
2025-10-02 11:11:01 -07:00
David Garske 6430a123fd Merge pull request #9264 from gojimmypi/pr-espressif-workflow
Update Espressif workflow to pin latest to ESP-IDF v5.5
2025-10-02 11:05:15 -07:00
gojimmypi b4b9bee950 Update workflow to pin latest to ESP-IDF v5.5 2025-10-02 10:25:25 -07:00
David Garske 36ce93d409 Merge pull request #9225 from gojimmypi/pr-espidf-v6-sha-fix
Add fix for SHA HW on ESP-IDF v6
2025-10-02 09:50:46 -07:00
Juliusz Sosinowicz 31db2b9e08 ascon.h: Correct the placement of the AsconAEAD API comment 2025-10-02 10:22:16 +02:00
effbiae c3c7b11cfc refactor X509PrintSubjAltName 2025-10-02 15:36:36 +10:00
Kareem abaf57d049 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20595 2025-10-01 15:53:57 -07:00
Kareem d53beb0f9d Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_4 2025-10-01 15:53:35 -07:00