wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 03:42:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,458 Commits 12 Branches 184 Tags
369f9f03396dd68eaab95058bfb3a5bbf8d4b661
Commit Graph

8598 Commits

Author SHA1 Message Date
JacobBarthelmeh
369f9f0339 Merge pull request #8849 from holtrop/reseed-drbg-in-rand-poll 
Reseed DRBG in RAND_poll()
 2025-06-06 11:55:46 -06:00
JacobBarthelmeh
f4821eb0f4 Merge pull request #8827 from SparkiDev/ml_kem_codepoints 
ML_KEM IDs backward compat
 2025-06-06 11:06:15 -06:00
JacobBarthelmeh
570c1fc390 Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
Josh Holtrop
0c12337194 Reseed DRBG in RAND_poll() 2025-06-06 12:20:58 -04:00
JacobBarthelmeh
bfc55d9016 Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
Daniel Pouzzner
efc36655e6 src/internal.c: add pedantic-compatible NO_TLS codepath for cipher_names[] and GetCipherNamesSize(). 2025-06-06 18:02:19 +04:00
Sean Parkinson
7eca4fb331 ML_KEM IDs backward compat 
Allow backward compatibilitly of Hybrid ML_KEM codepoints in TLS with
version before wolfSSL 5.8.0.
When WOLFSSL_ML_KEM_USE_OLD_IDS is defined, it will accept the old
codepoints for P256 with ML-KEM-512, P384 with ML-KEM-768, P521 with
ML-KEM-10124. (Others combinations were not know pre 5.8.0.)
Both old client with new server and new client with new server work with
old codepoints.
 2025-06-06 09:17:40 +10:00
JacobBarthelmeh
3ecc58cc0e Merge pull request #8842 from julek-wolfssl/zd/19966 
ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING
 2025-06-05 17:07:47 -06:00
Juliusz Sosinowicz
736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Juliusz Sosinowicz
edfc5360d4 TLSX_SupportedCurve_Parse: fix commonCurves wouldn't be free'd on error 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz
761f0f1d1f Simplify TLSX_SupportedCurve_Parse 
Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.
 2025-06-05 22:04:49 +02:00
JeremiahM37
888407e40b Updated fix for set_groups 2025-06-05 22:04:49 +02:00
JeremiahM37
3c1c4792da tls fix for set_groups 2025-06-05 22:04:49 +02:00
Juliusz Sosinowicz
f2584fd5fa ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING 2025-06-05 19:17:00 +02:00
JacobBarthelmeh
c207e2d198 Merge pull request #8838 from miyazakh/fsp_fix2 
Fix Renesas SCE on RA6M4
 2025-06-05 09:43:05 -06:00
Brett
89be92f1a8 formatting 2025-06-04 18:29:05 -06:00
Brett
0e2a3fd0b6 add missing error trace macro 2025-06-04 16:56:16 -06:00
Brett
bc8eeea703 prevent apple native cert validation from overriding error codes other than ASN_NO_SIGNER_E 2025-06-04 15:48:15 -06:00
Hideki Miyazaki
6d2a8b3f4c ready-for-use flag fix 2025-06-04 13:41:01 +09:00
Ruby Martin
9864959e41 create policy for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION, domain name 
checking
 2025-06-03 10:08:58 -06:00
Sean Parkinson
8ea01056c3 Merge pull request #8788 from julek-wolfssl/gh/8765 
tls13: handle malformed CCS and CCS before CH
 2025-05-28 09:45:09 +10:00
David Garske
6de7bb74ed Merge pull request #8787 from julek-wolfssl/refactor-GetHandshakeHeader 
Refactor GetHandshakeHeader/GetHandShakeHeader into one
 2025-05-27 15:26:24 -07:00
Juliusz Sosinowicz
2ec6b92b41 tls13: handle malformed CCS and CCS before CH 
- fix incorrect alert type being sent
- error out when we receive a CCS before a CH
- error out when we receive an encrypted CCS
 2025-05-23 15:04:22 +02:00
Sean Parkinson
999641d9b1 Merge pull request #8642 from rizlik/dtls_no_span_records 
DTLS: drop records that span datagrams
 2025-05-23 14:57:24 +10:00
Ruby Martin
5352e100db Add NO_OLD_TLS macroguard, remove dead code 2025-05-22 14:21:38 -06:00
Juliusz Sosinowicz
5e7ef142e8 Refactor GetHandshakeHeader/GetHandShakeHeader into one 2025-05-20 13:23:14 +02:00
Juliusz Sosinowicz
83ce63ac1a TLSX_UseSupportedCurve: Check group correctness outside of TLS 1.3 too 2025-05-19 14:19:59 +02:00
Marco Oliverio
cbe1fb2c62 dtls: drop DTLS messages that span across datagrams 
A new macro "WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS" restores the old
behaviour.
 2025-05-19 10:28:13 +02:00
Marco Oliverio
80bdd1736a internal: refactor out Decryption in DoDecrypt function 
To uniform error handling for the SanityCheckCipherText check.
 2025-05-19 10:25:24 +02:00
Daniel Pouzzner
91af9073b0 Merge pull request #8777 from rizlik/dtls_reject_v11 
Drop DTLS packets with bogus minor version number
 2025-05-16 14:45:25 -05:00
David Garske
a1b644202c Merge pull request #8759 from anhu/index_idx 
Rename variable index to idx to avoid conflicting declaration.
 2025-05-15 11:01:27 -07:00
David Garske
63c3c547b6 Merge pull request #8768 from lealem47/zd19853 
Add sniffer cleanup API's
 2025-05-15 11:01:19 -07:00
Marco Oliverio
22f41a8dbb Drop DTLS packets with bogus minor version number 2025-05-15 19:50:36 +02:00
Anthony Hu
a814683684 Rename variable index to idx to avoid conflicting declaration. 2025-05-14 18:26:37 -04:00
Lealem Amedie
4af0e14e7b Add ssl_RemoveSession API 2025-05-14 12:09:41 -06:00
Daniel Pouzzner
55460a5261 wolfssl/wolfcrypt/logging.h and wolfcrypt/src/logging.c: add 
WOLFSSL_DEBUG_PRINTF() macro adapted from wolfssl_log(), refactor
  wolfssl_log() to use it, and move printf setup includes/prototypes from
  logging.c to logging.h;

src/ssl_load.c: add source_name arg and WOLFSSL_DEBUG_CERTIFICATE_LOADS clauses
  to ProcessBuffer() and ProcessChainBuffer(), and pass reasonable values from
  callers;

remove expired "Baltimore CyberTrust Root" from certs/external/ca_collection.pem
  and certs/external/baltimore-cybertrust-root.pem.
 2025-05-13 20:30:48 -05:00
Lealem Amedie
5a4c1d99a3 Expose RemoveStaleSessions sniffer API 2025-05-13 15:16:02 -06:00
David Garske
e09e3f6098 Fix for Curve25519 and static ephemeral issue with curve25519 blinding. Added new test case (used by wolfKeyMgr). 2025-05-12 10:26:31 -07:00
David Garske
407efd3c5d Merge pull request #8710 from JacobBarthelmeh/codesonar 
ech get length fix and x509 extension print temporary buffer size
 2025-05-09 11:41:24 -07:00
David Garske
7cd080b421 Merge pull request #8713 from JacobBarthelmeh/scan 
use proper heap hint when free'ing CRL in error case
 2025-05-09 11:23:20 -07:00
David Garske
0adb6eb788 Merge pull request #8748 from ColtonWilley/pkcs7_x509_store_update 
Update PKCS7 to use X509 STORE for internal verification
 2025-05-09 11:22:53 -07:00
JacobBarthelmeh
77c0f79cbe adjust ech get length only case 2025-05-08 13:50:42 -06:00
JacobBarthelmeh
9fb34d76c2 adjust size of temporary buffer 2025-05-08 13:50:42 -06:00
Anthony Hu
42fb041890 Add missing call to wolfSSL_RefFree in FreeCRL 2025-05-08 13:11:37 -04:00
Colton Willey
9e7a4f6518 Update PKCS7 to use X509 STORE for internal verification instead of underlying CM 2025-05-08 09:45:58 -07:00
David Garske
1e3718ea7b Merge pull request #8655 from SparkiDev/asn1_oid_update 
ASN.1 OIDs and sum: Change algorithm for sum
 2025-05-07 11:43:54 -07:00
Sean Parkinson
5e5f486a4c Merge pull request #8732 from dgarske/stm32_hash_status 
Fix for STM32 hash status check logic (also fix NO_AES_192 and NO_AES_256)
 2025-05-07 20:56:18 +10:00
Sean Parkinson
4b73e70515 Merge pull request #8706 from dgarske/win_crypt_rng 
New build option to allow reuse of the windows crypt provider handle …
 2025-05-07 20:55:07 +10:00
Sean Parkinson
112351667a ASN.1 OIDs and sum: Change algorithm for sum 
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.

Added bunch of OID names into asn1 example.
 2025-05-07 08:32:08 +10:00
David Garske
213c43b0fc Merge pull request #8715 from padelsbach/ssl-certman-codesonar 
Speculative fix for CodeSonar overflow issue in ssl_certman.c
 2025-05-06 14:49:57 -07:00