wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 10:12:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,087 Commits 12 Branches 184 Tags
36eda9fb75d223e8907ad7fdfec67ded88dd3e40
Commit Graph

8987 Commits

Author SHA1 Message Date
Sean Parkinson
44be44a509 TLS 1.3 missing extension: return correct alert code 
Change TLS 1.3 handling to return missing_extension alert code when
 - KeyShare is present but SupportedGroups is missing and
 - SupportedGroups is present but KeyShare is missing

Added tests for this.
 2025-12-15 09:07:13 +10:00
Lealem Amedie
61e58f0f04 Fix for analyzer null dereference 2025-12-12 12:31:07 -07:00
Daniel Pouzzner
093f15ca4f Merge pull request #9496 from embhorn/zd20913 
Enable wolfSSL_i2d_X509_NAME_canon to handle blank optional fields
 2025-12-11 12:43:32 -06:00
Daniel Pouzzner
8c839b1ffc Merge pull request #9502 from rlm2002/x509_addressIsIP 
Run check for IP address in wolfSSL_X509_check_host()
 2025-12-11 12:41:54 -06:00
Sean Parkinson
569a5e0388 Merge pull request #9509 from rizlik/comment_fix 
internal.c: fix comment to be more precise
 2025-12-11 10:26:52 +10:00
Marco Oliverio
33a518958c internal.c: fix comment to be more precise 2025-12-10 14:11:07 +01:00
Ruby Martin
36e66eb763 check if ctx and ssl are null when checking public key in certificate 2025-12-09 17:04:05 -07:00
Ruby Martin
edbca503be Run check for IP address in wolfSSL_X509_check_host() 2025-12-08 11:04:45 -07:00
Eric Blankenhorn
83f6fe1a1a Enable wolfSSL_i2d_X509_NAME_canon to handle blank optional fields 2025-12-05 15:12:29 -06:00
Sean Parkinson
2b726ebf0b Merge pull request #9386 from sebastian-carpenter/oss-fuzz-fix-442261624 
fixed oss-fuzz warnings
 2025-12-04 15:28:18 +10:00
David Garske
45b7fb9e39 Merge pull request #9489 from julek-wolfssl/zd/20860 
Fix AKID CA lookup
 2025-12-03 08:16:51 -08:00
Juliusz Sosinowicz
995e63f6e1 Fix AKID CA lookup 
The `authorityCertIssuer` field refers to the Issuer field of the CA being looked up and not its Subject field.
 2025-12-03 10:47:40 +01:00
David Garske
6d55b42cf6 Merge pull request #9483 from josepho0918/mqx 
Enhance MQX platform support and integration
 2025-12-02 07:58:49 -08:00
David Garske
8741805e9d Merge pull request #9476 from embhorn/zd20515 
Fix Coverity dead code report
 2025-12-01 13:59:21 -08:00
Joseph Chen
10efcd9787 Enhance MQX platform support and integration 2025-11-27 10:03:04 +08:00
Sean Parkinson
93944d289f Merge pull request #9482 from anhu/move_the_sigalg_check 
Need to move sigalg check down because it does not consider hybrids.
 2025-11-27 09:42:18 +10:00
Sean Parkinson
6c8b9054a0 Merge pull request #9443 from holtrop/report-rsa_pss_pss-sig-algo 
TLSv1.3 certificate verify: report rsa_pss_pss_* signature algorithm when supported
 2025-11-27 09:12:58 +10:00
Anthony Hu
a765bbdb79 Need to move sigalg check down because it does not consider hybrids. 2025-11-26 13:31:21 -05:00
Josh Holtrop
36418aca76 Set useRsaPss flag in both SSL and CTX structures 2025-11-26 10:30:38 -05:00
David Garske
0aaa31c438 Merge pull request #9459 from JacobBarthelmeh/async 
fix small stack define and warnings for g++ build with async
 2025-11-25 14:22:24 -08:00
Eric Blankenhorn
6de31e95fc Fix Coverity dead code report 2025-11-25 13:53:36 -06:00
Sean Parkinson
0afbc1ef08 Merge pull request #9471 from douzzer/20251124-memory_test-wolfSSL_Atomic_Ptr_CompareExchange 
20251124-memory_test-wolfSSL_Atomic_Ptr_CompareExchange
 2025-11-25 19:22:22 +10:00
Daniel Pouzzner
e459b21744 wolfcrypt/src/wc_port.c and wolfssl/wolfcrypt/wc_port.h: add volatile attribute to wolfSSL_Atomic_Uint_CompareExchange() first arg, for pedantic accuracy; 
wolfssl/internal.h and src/ssl.c: add volatile attribute to WOLFSSL_CTX.privateKeyPKey pointer, for pedantic accuracy;

wolfcrypt/test/test.c: in memory_test(), use compatible pointers for all operands in the wolfSSL_Atomic_Ptr_CompareExchange() test, to avoid undefined behavior.
 2025-11-24 18:21:09 -06:00
Sean Parkinson
7c8d7dff5e Merge pull request #9348 from effbiae/ExportEccTempKey 
Refactor: Extract ExportEccTempKey, DhSetKey, and other helper functions from SendServerKeyExchange
 2025-11-25 09:31:20 +10:00
Josh Holtrop
d766b82bac Remove conditional and just assign boolean result 2025-11-24 15:55:32 -05:00
JacobBarthelmeh
c5fb83f52d fix warnings for g++ build with async 2025-11-21 14:38:40 -07:00
kaleb-himes
dc6fa0ad4e De-couple ESV from DRBG 2025-11-20 09:38:13 -07:00
Josh Holtrop
80d3037332 Use more uppercase U's 2025-11-20 08:34:54 -05:00
Josh Holtrop
bb8673070a Use uppercase U 2025-11-19 23:52:21 -05:00
Josh Holtrop
268b81c29e TLSv1.3 certificate verify: report rsa_pss_pss_* signature algorithm when supported 2025-11-19 09:47:05 -05:00
David Garske
658ea305d1 Fix issue with poorly written macros 2025-11-18 14:15:22 -08:00
sebastian-carpenter
7fdd177233 fixed oss-fuzz warnings 2025-11-18 13:28:51 -07:00
Daniel Pouzzner
c29abccc9f src/internal.c: peer review: refactor wolfssl_priv_der_unblind() and wolfssl_priv_der_unblind_free() to use AllocDer() and FreeDer(). 2025-11-14 18:13:44 -06:00
Daniel Pouzzner
dee0658e8a fix races around WOLFSSL_CTX.{privateKey,privateKeyMask,altPrivateKey,altPrivateKeyMask} in WOLFSSL_BLIND_PRIVATE_KEY code paths: 
* rename wolfssl_priv_der_unblind() to wolfssl_priv_der_blind_toggle(),
* add wolfssl_priv_der_unblind() that allocates a temp copy,
* add wolfssl_priv_der_unblind_free(),
* in wolfssl_priv_der_blind_toggle(), make mask a const arg;

restore const attribute to ctx arg to wolfSSL_CTX_get0_privatekey(), and add explanatory comment.
 2025-11-14 18:13:43 -06:00
JacobBarthelmeh
d18b251f54 Merge pull request #9420 from wolfSSL/TLS13-cipher-suite-fix 
Fix TLS 1.3 cipher suite when TLS 1.2 ciphers precede TLS 1.3 ciphers
 2025-11-14 16:42:05 -05:00
jackctj117
0767cb84bf Removed trailing white space 2025-11-14 09:03:51 -07:00
jackctj117
5e2fd78113 Suppress unused parameter warning 2025-11-13 18:32:00 -07:00
Daniel Pouzzner
c430cc75ea src/ssl.c and wolfssl/ssl.h: fix signature on wolfSSL_CTX_get0_privatekey() -- ctx is not const; 
wolfcrypt/src/wc_port.c and wolfssl/wolfcrypt/wc_port.h: tweak gates on atomic implementations to maximize availability within currently supported targets;

fix some whitespace.
 2025-11-13 17:11:52 -06:00
Daniel Pouzzner
26ba6344f2 add wolfSSL_Atomic_Ptr_CompareExchange(); mitigate race on ctx->privateKeyPKey in wolfSSL_CTX_get0_privatekey(). 2025-11-13 16:25:49 -06:00
jackctj117
29c2f15a8f Add #ifdef guards to cipher suite checks 2025-11-13 10:06:07 -07:00
effbiae
de0d3e610d refactor to ExportEccTempKey, DhSetKey and others 2025-11-13 14:49:26 +11:00
David Garske
5a8411a1ad Merge pull request #9418 from SparkiDev/tls13_ks_dup_check_fix 
TLS 1.3 duplicate KeyShare entry fix
 2025-11-12 16:09:11 -08:00
David Garske
f53191bae2 Merge pull request #9416 from julek-wolfssl/priv-key-blinding 
Fix errors when blinding private keys
 2025-11-12 16:09:03 -08:00
jackctj117
c56ea55f89 Fix TLS 1.3 cipher suite selection when TLS 1.2 ciphers precede TLS 1.3 ciphers 2025-11-12 17:03:06 -07:00
Sean Parkinson
1ec18949bc TLS 1.3 duplicate KeyShare entry fix 
Fix comparison to be greater than or equal in case count is incremented
after maxing out.
 2025-11-13 08:23:19 +10:00
David Garske
7cfffd5bbc Merge pull request #9308 from kareem-wolfssl/zd20603 
Add IPv6 support to wolfSSL_BIO_new_accept and wolfIO_TcpBind.
 2025-11-12 11:09:17 -08:00
Juliusz Sosinowicz
d1c321abdc Don't override errors when blinding the priv key 2025-11-12 17:12:22 +01:00
Kareem
fbb7ae2257 Add NULL check to wolfSSL_BIO_new_accept. 2025-11-11 16:20:09 -07:00
Kareem
3296e6a1f0 Merge remote-tracking branch 'upstream/master' into zd20603 2025-11-11 16:15:22 -07:00
David Garske
6914f08f5e Merge pull request #9391 from holtrop/check-dup-extensions-fix 
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
 2025-11-11 14:05:14 -08:00