Kareem
4a067fa1bc
Don't enforce test_wolfSSL_X509_STORE_CTX_ex12 return code as it
...
may be skipped, modifying the return code.
2025-08-22 11:29:21 -07:00
Juliusz Sosinowicz
4043dc2dd0
Fix hostap cert update
...
Update the `rsa3072-*` certs to get `suite_b_192_*` tests passing
2025-08-22 17:24:49 +02:00
Daniel Pouzzner
af4e2d127f
linuxkm/: implement wc_linuxkm_pie_reloc_tab and wc_linuxkm_normalize_relocations(), and integrate with updateFipsHash().
2025-08-22 00:38:06 -05:00
Kareem
077beaecd8
Fix memory leak in unit test, fix for loop syntax.
2025-08-21 16:33:57 -07:00
Kareem
b53db94f1e
x509_verify_cert: Code review feedback.
2025-08-21 15:35:29 -07:00
David Garske
7ab4c6fa14
Merge pull request #9087 from JacobBarthelmeh/dhuk
...
initial SAES and DHUK support
2025-08-21 14:32:20 -07:00
David Garske
da8ffd5762
Merge pull request #8463 from JacobBarthelmeh/sgx
...
updating the build with SGX
2025-08-21 11:06:35 -07:00
JacobBarthelmeh
42c5324962
SAES does not have GCM support, added IV option for CBC wrapping of key
2025-08-21 09:26:40 -06:00
Sean Parkinson
d66c69eaec
Merge pull request #9079 from holtrop/error-getshortint-on-negative-values
...
Error from GetShortInt with negative INTEGER values
2025-08-21 08:35:17 +10:00
Sean Parkinson
b3366acdaf
Merge pull request #9103 from rlm2002/zd20314-reduce-binary-footprint
...
Exclude assembly files when WOLFSSL_ARMASM_INLINE is defined
2025-08-21 08:33:39 +10:00
Sean Parkinson
b1cdf0b214
TLS 1.3 KeyShare: error on duplicate group
...
Don't allow a KeyShare extension from the client to have more
than one entry for any group.
2025-08-21 08:23:31 +10:00
JacobBarthelmeh
658c3d69fb
use memset, fix unlock, adjust return value checks
2025-08-20 13:53:27 -06:00
JacobBarthelmeh
993099e47e
Merge pull request #9114 from douzzer/20250819-debug-trace-errcodes-dist-artifacts
...
20250819-debug-trace-errcodes-dist-artifacts
2025-08-20 10:48:38 -06:00
David Garske
79fe6e467b
Merge pull request #9112 from SparkiDev/tls13_onlyDhePskKe_fix
...
TLS 1.3: Fix for onlyDhePskKe
2025-08-20 06:44:08 -07:00
David Garske
596e211a97
Merge pull request #9113 from SparkiDev/tls13_certvfy_sigalg_check
...
TLS 1.3: CertificateVerify - check sig alg was sent
2025-08-20 06:44:03 -07:00
Josh Holtrop
d2f139c9b0
Error from GetShortInt with negative INTEGER values - Add WORD8 case
2025-08-20 09:34:19 -04:00
Ruby Martin
0e6e040039
formatting remove whitespace
...
format whitespace so tabs are 4 spaces
format character count to be 80 characters or less per line
remove bracket
2025-08-19 17:08:53 -06:00
Daniel Pouzzner
5f7e2389d9
wolfssl/include.am: include wolfssl/debug-trace-error-codes.h and wolfssl/debug-untrace-error-codes.h in dist archives.
2025-08-19 17:09:58 -05:00
JacobBarthelmeh
8119034555
work around for shellcheck warning
2025-08-19 14:32:34 -06:00
JacobBarthelmeh
23498c293e
cpuid dummy call with sgx and fix assembly SP + SGX build
2025-08-19 14:32:33 -06:00
JacobBarthelmeh
44784729c0
touch up clean script and comment out sp-asm for now
2025-08-19 14:32:33 -06:00
JacobBarthelmeh
59ac260ae8
add option for building sgx with assembly optimizations
2025-08-19 14:32:33 -06:00
JacobBarthelmeh
9cdbc03a23
Merge pull request #9111 from douzzer/20250818-configure-linuxkm-fips-v5
...
20250818-configure-linuxkm-fips-v5
2025-08-19 14:31:08 -06:00
Josh Holtrop
98b6b92a76
Error from GetShortInt with negative INTEGER values
2025-08-19 12:40:48 -04:00
Sean Parkinson
2810656242
TLS 1.3: CertificateVerify - check sig alg was sent
...
Check that the signature algorithm used in the CertificateVerify message
was one that was sent in the SignatureAlgorithm extension.
2025-08-19 16:27:19 +10:00
Sean Parkinson
cd55fe6135
TLS 1.3: Fix for onlyDhePskKe
...
Make client enforce onlyDhPskKe flag.
2025-08-19 14:29:30 +10:00
Daniel Pouzzner
b9cc060340
configure.ac: tweaks for ENABLED_LINUXKM_DEFAULTS and FIPS v5.
2025-08-18 18:21:57 -05:00
JacobBarthelmeh
c089abe92f
add macro to list
2025-08-18 16:47:30 -06:00
Ruby Martin
27d03fce7a
additional check for ARM ASM Inline option
...
append thumb2 files, append inline c files with BUILD_ARMASM_INLINE
add all asm files. move curve25519 files under BUILD_CURVE25519
include remaining files
2025-08-18 15:41:43 -06:00
David Garske
f114f2cde2
Merge pull request #9093 from kareem-wolfssl/zd20372
...
Multiple fixes to wolfSSL_CIPHER_description to match documentation.
2025-08-18 13:43:53 -07:00
JacobBarthelmeh
fb6375551b
updating unwrap/wrap with use of DHUK
2025-08-18 13:38:26 -06:00
Kareem
aa6f1b231a
Fix memory leak in X509StoreRemoveCa.
2025-08-18 10:21:54 -07:00
Kareem
19b778dda0
Protect against exceeding original depth, fix overlong lines.
2025-08-18 10:21:54 -07:00
Kareem
cb985dcfa8
ECC required for newly added unit test.
2025-08-18 10:21:54 -07:00
Kareem
60c84744c8
Fix memory leak in x509_verify_cert itself, the failed certs need a pop_free call so the reference is properly decremented, as they are no longer in the X509_STORE.
2025-08-18 10:21:53 -07:00
Kareem
1e367597b6
Fix memory leak in newly added unit test.
2025-08-18 10:21:53 -07:00
Kareem
6b01053d98
Add test case for new x509_verify_cert retry functionality.
...
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
2025-08-18 10:21:53 -07:00
Kareem
027f0891f4
Don't fail out if X509StoreRemoveCa fails, since adding the temp CA was optional, it is possible there is no temp CA to remove.
2025-08-18 10:21:53 -07:00
Kareem
aaadb7971d
Fix narrowing conversion of type in RemoveCa.
2025-08-18 10:21:53 -07:00
Kareem
7b4a50b701
Add missing XFREE for dCert.
2025-08-18 10:21:53 -07:00
Kareem
d6f603b661
Add X509StoreRemoveCa wrapper around RemoveCa
...
WOLFSSL_X509's calculated subject key hash is not guaranteed to match the cert's,
ie. in the case that NO_SHA is defined. Use the same logic as AddCa,
parsing the DER cert and using the decoded cert's subject key hash.
2025-08-18 10:21:53 -07:00
Kareem
15a147d957
Remove incorrectly added NULL check, add debug logging to RemoveCA.
2025-08-18 10:21:53 -07:00
Kareem
f9eda18445
Fix missing cast and correct freeing of certs.
2025-08-18 10:21:53 -07:00
Kareem
946f20ccc7
Add type parameter to RemoveCA to avoid removing CAs of the wrong type.
2025-08-18 10:21:53 -07:00
Kareem
025dbc3454
Retry all certificates passed into wolfSSL_X509_verify_cert until a valid chain is found, rather than failing out on the first invalid chain. This allows for registering multiple certs with the same subject key, ie. alt cert chains.
2025-08-18 10:21:52 -07:00
Sean Parkinson
43f94a5d7d
Merge pull request #9107 from douzzer/20250816-cpuid_get_flags_ex-optimize
...
20250816-cpuid_get_flags_ex-optimize
2025-08-18 22:13:44 +10:00
Sean Parkinson
0ba16a9c5b
Merge pull request #9104 from kojiws/export_long_key_orig_asn
...
Improve original implementation on SetAsymKeyDer() and the test
2025-08-18 22:11:25 +10:00
Daniel Pouzzner
39c6c5af6f
wolfcrypt/src/cpuid.c, wolfssl/wolfcrypt/cpuid.h: change cpuid_flags_t to a
...
regular word32, and use non-atomics for general flag checking, with a new
implementation of cpuid_get_flags_ex() that is threadsafe by idempotency;
rename strictly-threadsafe cpuid_get_flags_ex() as cpuid_get_flags_atomic()
(strictly accurate return value), and add cpuid_flags_atomic_t and
WC_CPUID_ATOMIC_INITIALIZER, used only for internal manipulation of flags in
cpuid.c where atomicity matters.
2025-08-16 13:04:28 -05:00
lealem47
b096d9b250
Merge pull request #9106 from dgarske/zd20399
...
Fix sniffer issue handling TLS records with multiple handshake messages to be skipped
2025-08-15 15:57:00 -06:00
David Garske
32b0bd963b
Fix issue introduced in PR #9051 causing TLS records with multiple handshake messages to be skipped (ZD 20399)
2025-08-15 10:08:28 -07:00