Commit Graph

28332 Commits

Author SHA1 Message Date
Kareem 4a067fa1bc Don't enforce test_wolfSSL_X509_STORE_CTX_ex12 return code as it
may be skipped, modifying the return code.
2025-08-22 11:29:21 -07:00
Juliusz Sosinowicz 4043dc2dd0 Fix hostap cert update
Update the `rsa3072-*` certs to get `suite_b_192_*` tests passing
2025-08-22 17:24:49 +02:00
Daniel Pouzzner af4e2d127f linuxkm/: implement wc_linuxkm_pie_reloc_tab and wc_linuxkm_normalize_relocations(), and integrate with updateFipsHash(). 2025-08-22 00:38:06 -05:00
Kareem 077beaecd8 Fix memory leak in unit test, fix for loop syntax. 2025-08-21 16:33:57 -07:00
Kareem b53db94f1e x509_verify_cert: Code review feedback. 2025-08-21 15:35:29 -07:00
David Garske 7ab4c6fa14 Merge pull request #9087 from JacobBarthelmeh/dhuk
initial SAES and DHUK support
2025-08-21 14:32:20 -07:00
David Garske da8ffd5762 Merge pull request #8463 from JacobBarthelmeh/sgx
updating the build with SGX
2025-08-21 11:06:35 -07:00
JacobBarthelmeh 42c5324962 SAES does not have GCM support, added IV option for CBC wrapping of key 2025-08-21 09:26:40 -06:00
Sean Parkinson d66c69eaec Merge pull request #9079 from holtrop/error-getshortint-on-negative-values
Error from GetShortInt with negative INTEGER values
2025-08-21 08:35:17 +10:00
Sean Parkinson b3366acdaf Merge pull request #9103 from rlm2002/zd20314-reduce-binary-footprint
Exclude assembly files when WOLFSSL_ARMASM_INLINE is defined
2025-08-21 08:33:39 +10:00
Sean Parkinson b1cdf0b214 TLS 1.3 KeyShare: error on duplicate group
Don't allow a KeyShare extension from the client to have more
than one entry for any group.
2025-08-21 08:23:31 +10:00
JacobBarthelmeh 658c3d69fb use memset, fix unlock, adjust return value checks 2025-08-20 13:53:27 -06:00
JacobBarthelmeh 993099e47e Merge pull request #9114 from douzzer/20250819-debug-trace-errcodes-dist-artifacts
20250819-debug-trace-errcodes-dist-artifacts
2025-08-20 10:48:38 -06:00
David Garske 79fe6e467b Merge pull request #9112 from SparkiDev/tls13_onlyDhePskKe_fix
TLS 1.3: Fix for onlyDhePskKe
2025-08-20 06:44:08 -07:00
David Garske 596e211a97 Merge pull request #9113 from SparkiDev/tls13_certvfy_sigalg_check
TLS 1.3: CertificateVerify - check sig alg was sent
2025-08-20 06:44:03 -07:00
Josh Holtrop d2f139c9b0 Error from GetShortInt with negative INTEGER values - Add WORD8 case 2025-08-20 09:34:19 -04:00
Ruby Martin 0e6e040039 formatting remove whitespace
format whitespace so tabs are 4 spaces

format character count to be 80 characters or less per line

remove bracket
2025-08-19 17:08:53 -06:00
Daniel Pouzzner 5f7e2389d9 wolfssl/include.am: include wolfssl/debug-trace-error-codes.h and wolfssl/debug-untrace-error-codes.h in dist archives. 2025-08-19 17:09:58 -05:00
JacobBarthelmeh 8119034555 work around for shellcheck warning 2025-08-19 14:32:34 -06:00
JacobBarthelmeh 23498c293e cpuid dummy call with sgx and fix assembly SP + SGX build 2025-08-19 14:32:33 -06:00
JacobBarthelmeh 44784729c0 touch up clean script and comment out sp-asm for now 2025-08-19 14:32:33 -06:00
JacobBarthelmeh 59ac260ae8 add option for building sgx with assembly optimizations 2025-08-19 14:32:33 -06:00
JacobBarthelmeh 9cdbc03a23 Merge pull request #9111 from douzzer/20250818-configure-linuxkm-fips-v5
20250818-configure-linuxkm-fips-v5
2025-08-19 14:31:08 -06:00
Josh Holtrop 98b6b92a76 Error from GetShortInt with negative INTEGER values 2025-08-19 12:40:48 -04:00
Sean Parkinson 2810656242 TLS 1.3: CertificateVerify - check sig alg was sent
Check that the signature algorithm used in the CertificateVerify message
was one that was sent in the SignatureAlgorithm extension.
2025-08-19 16:27:19 +10:00
Sean Parkinson cd55fe6135 TLS 1.3: Fix for onlyDhePskKe
Make client enforce onlyDhPskKe flag.
2025-08-19 14:29:30 +10:00
Daniel Pouzzner b9cc060340 configure.ac: tweaks for ENABLED_LINUXKM_DEFAULTS and FIPS v5. 2025-08-18 18:21:57 -05:00
JacobBarthelmeh c089abe92f add macro to list 2025-08-18 16:47:30 -06:00
Ruby Martin 27d03fce7a additional check for ARM ASM Inline option
append thumb2 files, append inline c files with BUILD_ARMASM_INLINE

add all asm files. move curve25519 files under BUILD_CURVE25519

include remaining files
2025-08-18 15:41:43 -06:00
David Garske f114f2cde2 Merge pull request #9093 from kareem-wolfssl/zd20372
Multiple fixes to wolfSSL_CIPHER_description to match documentation.
2025-08-18 13:43:53 -07:00
JacobBarthelmeh fb6375551b updating unwrap/wrap with use of DHUK 2025-08-18 13:38:26 -06:00
Kareem aa6f1b231a Fix memory leak in X509StoreRemoveCa. 2025-08-18 10:21:54 -07:00
Kareem 19b778dda0 Protect against exceeding original depth, fix overlong lines. 2025-08-18 10:21:54 -07:00
Kareem cb985dcfa8 ECC required for newly added unit test. 2025-08-18 10:21:54 -07:00
Kareem 60c84744c8 Fix memory leak in x509_verify_cert itself, the failed certs need a pop_free call so the reference is properly decremented, as they are no longer in the X509_STORE. 2025-08-18 10:21:53 -07:00
Kareem 1e367597b6 Fix memory leak in newly added unit test. 2025-08-18 10:21:53 -07:00
Kareem 6b01053d98 Add test case for new x509_verify_cert retry functionality.
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
2025-08-18 10:21:53 -07:00
Kareem 027f0891f4 Don't fail out if X509StoreRemoveCa fails, since adding the temp CA was optional, it is possible there is no temp CA to remove. 2025-08-18 10:21:53 -07:00
Kareem aaadb7971d Fix narrowing conversion of type in RemoveCa. 2025-08-18 10:21:53 -07:00
Kareem 7b4a50b701 Add missing XFREE for dCert. 2025-08-18 10:21:53 -07:00
Kareem d6f603b661 Add X509StoreRemoveCa wrapper around RemoveCa
WOLFSSL_X509's calculated subject key hash is not guaranteed to match the cert's,
ie. in the case that NO_SHA is defined.  Use the same logic as AddCa,
parsing the DER cert and using the decoded cert's subject key hash.
2025-08-18 10:21:53 -07:00
Kareem 15a147d957 Remove incorrectly added NULL check, add debug logging to RemoveCA. 2025-08-18 10:21:53 -07:00
Kareem f9eda18445 Fix missing cast and correct freeing of certs. 2025-08-18 10:21:53 -07:00
Kareem 946f20ccc7 Add type parameter to RemoveCA to avoid removing CAs of the wrong type. 2025-08-18 10:21:53 -07:00
Kareem 025dbc3454 Retry all certificates passed into wolfSSL_X509_verify_cert until a valid chain is found, rather than failing out on the first invalid chain. This allows for registering multiple certs with the same subject key, ie. alt cert chains. 2025-08-18 10:21:52 -07:00
Sean Parkinson 43f94a5d7d Merge pull request #9107 from douzzer/20250816-cpuid_get_flags_ex-optimize
20250816-cpuid_get_flags_ex-optimize
2025-08-18 22:13:44 +10:00
Sean Parkinson 0ba16a9c5b Merge pull request #9104 from kojiws/export_long_key_orig_asn
Improve original implementation on SetAsymKeyDer() and the test
2025-08-18 22:11:25 +10:00
Daniel Pouzzner 39c6c5af6f wolfcrypt/src/cpuid.c, wolfssl/wolfcrypt/cpuid.h: change cpuid_flags_t to a
regular word32, and use non-atomics for general flag checking, with a new
  implementation of cpuid_get_flags_ex() that is threadsafe by idempotency;

rename strictly-threadsafe cpuid_get_flags_ex() as cpuid_get_flags_atomic()
  (strictly accurate return value), and add cpuid_flags_atomic_t and
  WC_CPUID_ATOMIC_INITIALIZER, used only for internal manipulation of flags in
  cpuid.c where atomicity matters.
2025-08-16 13:04:28 -05:00
lealem47 b096d9b250 Merge pull request #9106 from dgarske/zd20399
Fix sniffer issue handling TLS records with multiple handshake messages to be skipped
2025-08-15 15:57:00 -06:00
David Garske 32b0bd963b Fix issue introduced in PR #9051 causing TLS records with multiple handshake messages to be skipped (ZD 20399) 2025-08-15 10:08:28 -07:00