Commit Graph

29775 Commits

Author SHA1 Message Date
Josh Holtrop 492603fbd4 Early-return from TLS 1.2 resumption on SNI/ALPN mismatch 2026-06-01 16:15:43 -04:00
Josh Holtrop e7f491a98a Check SNI/ALPN in TLS 1.3 session resumption 2026-05-28 12:10:16 -04:00
Josh Holtrop 43fabc694f Check SNI/ALPN in TLS 1.2 stateful session ID resumption 2026-05-27 09:16:34 -04:00
Zackery 7cf84dd833 Merge pull request #10523 from dgarske/ci_opt2
CI: cache compiler output in os-check Ubuntu matrix
2026-05-26 19:35:03 -06:00
Sean Parkinson 91f3e7e063 Merge pull request #10332 from jackctj117/SNI
tls.c: send missing_extension alert on TLS 1.3 SNI absence
2026-05-27 08:37:05 +10:00
David Garske 8199fda0a4 Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
David Garske 08022ffebf CI: cache compiler output in os-check Ubuntu matrix
- Add .github/actions/ccache-setup composite (ccache + PATH intercept).
- Wire into os-check.yml make_check_linux; macOS unchanged for now.
- Measured on master --enable-all: cold 11.6s -> warm 1.1s (~10x), 100% hit.
2026-05-26 10:36:49 -07:00
David Garske a3f5260260 Merge pull request #10500 from rizlik/sha224_only
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
David Garske 52620e3204 Merge pull request #10516 from Frauschi/mldsa_rename
Finalize ML-DSA renaming
2026-05-26 08:05:04 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Sean Parkinson 887f242ee8 Merge pull request #10522 from dgarske/retrigger_prb_on_ready
GH Actions: retrigger Jenkins PRB when draft PR is marked ready
2026-05-25 20:55:05 +10:00
David Garske b0d2b10c6b GH Actions: retrigger Jenkins PRB when draft PR is marked ready 2026-05-22 15:14:50 -07:00
Roy Carter eb32554bdb Fix: support adding UE to excluded strings 2026-05-22 19:01:05 +03:00
Roy Carter dc86dc34a8 Fix: change test string to the new format 2026-05-22 19:01:05 +03:00
Roy Carter 8f15bf6d10 fix : bad merge conflics leftovers. 2026-05-22 19:01:05 +03:00
Roy Carter 56e4612e4e Fix : apply Julek pr notes 2026-05-22 19:01:05 +03:00
Roy Carter f15c896551 Build_fix:
When building with --enable-opensslextra=x509small, only OPENSSL_EXTRA_X509_SMALL is defined, not OPENSSL_EXTRA, so these functions are not compiled into the library
2026-05-22 19:01:05 +03:00
Roy Carter 7561911cba fix: Fix build errors for some tests on pipeline 2026-05-22 19:01:05 +03:00
Roy Carter c1a507e175 Feature: allow the usage of
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify

in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson 8597d9da83 Merge pull request #10496 from dgarske/fenrir_20260518
Various Fenrir fixes (F-2626, F-585, F-586, F-2638, F-1960, F-599)
2026-05-23 01:28:42 +10:00
Sean Parkinson fa8940f54f Merge pull request #10510 from miyazakh/testsuite_
Remove testsuite.test for leanTLS builds
2026-05-23 01:22:23 +10:00
Sean Parkinson abe15d260b Merge pull request #10487 from embhorn/zd21842
Add check for ARM to set WOLFSS_USE_ALIGN
2026-05-23 00:11:00 +10:00
Sean Parkinson b1e04464fc Merge pull request #10469 from sebastian-carpenter/tls-ech-server-improvements
Enhancement (ECH): Trial decryption and ECH connection status
2026-05-23 00:07:40 +10:00
Sean Parkinson eeb698dceb Merge pull request #10397 from philljj/support_wolfzfs
zfs: support wolfzfs patch.
2026-05-23 00:01:09 +10:00
kareem-wolfssl 22e505bcfa Merge pull request #10507 from dgarske/ci_opt
CI Optimizations
2026-05-21 17:50:20 -07:00
Sean Parkinson fc2f4fc7cc Merge pull request #10435 from Frauschi/pqc_default_curve
Improved handling for ClientHello default key share group
2026-05-22 08:13:35 +10:00
David Garske 6605060b18 CI: more smoke coverage + header self-sufficiency
- Add AddressSanitizer entry to smoke matrix (--enable-all + -fsanitize=address).
- Add check-headers workflow: 214 public wolfssl/*.h compile standalone.
- Fix quic.h, rng_bank.h, Renesas/renesas-fspsm-crypt.h to be self-sufficient.
- Remove no-tls.yml (its single config is already covered by os-check.yml).
2026-05-21 14:37:11 -07:00
Andrew Hutchings 8574fa995f Merge pull request #10470 from JacobBarthelmeh/tropic
fix for tropic port AES key length used
2026-05-21 13:59:48 -07:00
David Garske 7f80896033 CI optimizations
- Skip CI for draft PRs and redundant master-push re-runs; membrowse nightly.
- Add smoke test (8 configs, CFLAGS=-Werror, post-merge tree, fail-fast on conflicts).
- Add wait-for-smoke composite action for downstream CI gating.
- Add check-source-text + bash -n + shellcheck workflow (script in make dist).
- Cache apt-get update in install-apt-deps composite on cache hit.
2026-05-21 13:19:29 -07:00
Sean Parkinson 7bad79a5b7 Merge pull request #10512 from douzzer/20260520-linuxkm-7v2
20260520-linuxkm-7v2
2026-05-22 04:49:47 +10:00
Daniel Pouzzner 7164d75cb7 linuxkm: add WC_LINUXKM_USE_HEAP_WRAPPERS and implementations wc_linuxkm_malloc(), wc_linuxkm_free(), wc_linuxkm_realloc(), and wc_linuxkm_malloc_usable_size(), to insulate from API drift in kernel heap (required on 7.2+, implicit on 7.1+). 2026-05-21 17:21:12 +00:00
HIDEKI MIYAZAKI 2a35f628af remove testsuite.test for leanTLS builds 2026-05-20 21:18:24 -07:00
JacobBarthelmeh 70288b017f add sanity check on AES key length 2026-05-20 16:02:56 -07:00
David Garske 782787276c Merge pull request #10497 from Frauschi/mldsa_rename
ML-DSA renaming part 2
2026-05-20 11:24:09 -07:00
Daniel Pouzzner 46c6b60be6 Merge pull request #10505 from Frauschi/slhdsa_fix
Fix hashType comparison in SLH-DSA
2026-05-20 13:17:30 -05:00
Tobias Frauenschläger 1dffcffb80 Fix hashType comparison in SLH-DSA 2026-05-20 10:16:37 -07:00
Tobias Frauenschläger 2a30ce3c04 Rename ML-DSA wc_PqcSignatureType entry 2026-05-20 09:06:54 -07:00
Marco Oliverio 408ea84c83 sha256: check no hw accelleartion is enabled with CB_ONLY_SHA256 2026-05-20 11:33:31 +02:00
JacobBarthelmeh 6ac6e5065e fix for tropic port AES key length used 2026-05-20 00:43:36 -07:00
Tobias Frauenschläger 44074fd1df More ML-DSA renaming 2026-05-19 14:09:09 -07:00
David Garske dc56e87522 Merge pull request #10466 from Frauschi/slhdsa_cryptocb
Add CryptoCb support for SLH-DSA
2026-05-19 13:59:40 -07:00
Eric Blankenhorn 40de65785c Address warning in wolfDTLS_SetChGoodCb 2026-05-19 13:05:12 -05:00
Eric Blankenhorn 47db354fad Fix from review 2026-05-19 13:03:35 -05:00
Eric Blankenhorn 7df2ead36d Add check for ARM to set WOLFSS_USE_ALIGN 2026-05-19 13:03:35 -05:00
David Garske 9a5bb8eb23 fix(signature): fenrir 2626 enforce min hash strength 2026-05-19 10:06:56 -07:00
David Garske 2fad30e394 fix(qat): fenrir 585 null-check buffers before memcpy 2026-05-19 10:06:56 -07:00
David Garske 0ea4fa0f97 fix(qat): fenrir 586 guard exit memcpy on error path 2026-05-19 10:06:56 -07:00
David Garske a211f74a8d fix(se050): fenrir 2638 zero ed25519 der buffer 2026-05-19 10:06:56 -07:00
David Garske 583bd6bc4e fix(kcapi): fenrir 1960 zero ecdh secret before free 2026-05-19 10:06:56 -07:00
David Garske 66e5b8fd14 fix(stm32): fenrir 599 capture sign from input mp_int 2026-05-19 10:06:55 -07:00