wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 23:42:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,679 Commits 12 Branches 184 Tags
5b8115ed8f6969032c06dfd154682d1239eff4be
Commit Graph

8888 Commits

Author SHA1 Message Date
JacobBarthelmeh
985a090adc Merge pull request #9334 from julek-wolfssl/wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio-len 
x509: make sure pem buffer will be large enough to hold pem header
 2025-10-23 09:36:46 -06:00
Juliusz Sosinowicz
36b64fb5ae x509: make sure pem buffer will be large enough to hold pem header 
Found with Fil-C compiler
 2025-10-23 13:28:07 +02:00
Daniel Pouzzner
be301f93da fixes for autotools config around armasm AES/SHA refactor in #9284: in configure.ac, add BUILD_FIPS_V5_PLUS and BUILD_FIPS_V6_PLUS conditionals, and fix BUILD_FIPS_V6 conditional to match v6 only; 
in src/include.am, add LEGACY_ARMASM_foo and NEW_ARMASM_foo helper variables, restore pre-PR9284 armasm clauses, and add or update several FIPS gates as needed;

add empty wolfcrypt/src/port/arm/{armv8-aes.c,armv8-sha256.c,armv8-sha512.c} to mollify autotools, and in wolfcrypt/src/include.am, restore them to EXTRA_DIST if FIPS v5 or v6.
 2025-10-22 22:52:24 -05:00
JacobBarthelmeh
4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen 
Aarch64 asm: convert to generated
 2025-10-22 11:10:27 -06:00
David Garske
9c3a0e3a67 Merge pull request #9324 from douzzer/20251020-coverity-WC_SAFE_foo 
20251020-coverity-WC_SAFE_foo
 2025-10-21 09:41:25 -07:00
JacobBarthelmeh
936e350c63 Merge pull request #9325 from LinuxJedi/zp-fixes 
Fix things found with ZeroPath
 2025-10-21 10:19:01 -06:00
JacobBarthelmeh
818d1e37eb Merge pull request #9321 from anhu/no_conv_ems 
Prevent a conversion warning
 2025-10-21 09:38:00 -06:00
Andrew Hutchings
90e0857d2d Validate LinuxKM I/O lengths 
Reject negative lengths and normalize to size_t before calling kernel_sendmsg/kernel_recvmsg so the kernel transport can’t be tricked into huge or wrapped iov_len values.
 2025-10-21 14:40:36 +01:00
Andrew Hutchings
259670055a Bound buffered HTTP body size 
Clamp per-chunk and aggregated HTTP response sizes before allocating in wolfIO_HttpProcessResponseBuf so untrusted Content-Length or chunk headers can’t overflow the arithmetic or force giant buffers.
 2025-10-21 14:13:41 +01:00
Andrew Hutchings
11d2f4894e Guard ProcessKeyShare against truncated key shares 
Add bounds check before reading named_group so malformed TLS 1.3 key share data cannot read past the supplied buffer.
 2025-10-21 13:40:00 +01:00
Andrew Hutchings
8b4f816ae7 BioReceiveInternal: allow NULL write BIO 
Some callers, such as the OCSP request context, only supply a read BIO. Guard the write-BIO pending check so a read error or EOF does not dereference NULL.
 2025-10-21 13:12:52 +01:00
Andrew Hutchings
e6ca4d15e2 MicriumReceiveFrom: tighten peer validation 
Reject DTLS datagrams when the stored peer is missing, the address length changes, or the address bytes differ. The old check required both the length and byte comparisons to fail, letting spoofed peers through when only one mismatch occurred.
 2025-10-21 13:10:04 +01:00
Sean Parkinson
9c1462a9ec Aarch64 asm: convert to generated 
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
 2025-10-21 17:03:39 +10:00
Daniel Pouzzner
ca552cc345 src/internal.c: work around false positive "C4701: potentially uninitialized local variable" in GrowOutputBuffer(). 2025-10-20 23:54:15 -05:00
Anthony Hu
26ba17b48e Prevent a conversion warning 2025-10-20 12:20:59 -04:00
effbiae
8969e5f36a refactor to TLSX_EchChangeSNI 2025-10-17 13:51:42 +11:00
Daniel Pouzzner
d6aa157187 fixes for OPENSSL_COEXIST covering OPENSSL_COMPATIBLE_DEFAULTS and WOLFSSL_WPAS: 
* src/ssl.c:wolfSSL_CTX_new_ex()
* src/x509.c:wolfSSL_X509_PUBKEY_set()
 2025-10-16 15:10:16 -05:00
Daniel Pouzzner
6ee660841b fixes/workarounds for -Wnull-dereferences, some true positive, some false 
positive:
* src/pk.c:wolfSSL_RSA_meth_new()
* tests/api.c:test_wolfSSL_PKCS7_certs()
* tests/api.c:test_wolfSSL_X509V3_EXT_get()
* wolfcrypt/src/asn.c:EncodeName()
* wolfcrypt/src/pkcs12.c:wc_i2d_PKCS12()
* wolfcrypt/src/port/af_alg/afalg_aes.c
 2025-10-16 15:10:16 -05:00
David Garske
a22d239bfd Merge pull request #9301 from effbiae/set_srp_username 
refactor wolfSSL_CTX_set_srp_username
 2025-10-16 11:32:24 -07:00
Sean Parkinson
c111c5bacc Regression testing 
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.

tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.

aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.

Fix tests to have better pre-processor protection.
 2025-10-16 12:13:32 +10:00
Eric Blankenhorn
f9b666dd8a Merge pull request #9298 from douzzer/20251014-WC_SAFE_SUM 
20251014-WC_SAFE_SUM
 2025-10-15 11:44:04 -05:00
effbiae
1de2ad48bd wc_FreeRng called multiple times in wolfSSL_CTX_set_srp_password 2025-10-15 17:43:53 +11:00
effbiae
cadea76e43 refactor wolfSSL_CTX_set_srp_username 2025-10-15 17:15:07 +11:00
Daniel Pouzzner
1602ed2f3a wolfcrypt/src/asn.c: rearrange check for null cname in EncodeName() to fix false positive -Wnull-dereference. 
src/internal.c: suppress -Wnull-dereference locally in ProcessPeerCertParse() to fix false positive.
 2025-10-14 18:27:02 -05:00
Daniel Pouzzner
7c7040da24 src/internal.c: fix -Wnull-dereference in LoadCertByIssuer(). 2025-10-14 17:38:12 -05:00
Daniel Pouzzner
204eb96d2f src/ssl.c: fix overflow/overrun defect in wolfSSL_writev(). 2025-10-14 16:29:15 -05:00
David Garske
3534fad3ee Merge pull request #9295 from rizlik/shutdown_nonblocking_fix 
wolfSSL_shutdown: handle non-blocking I/O
 2025-10-14 12:50:57 -07:00
Marco Oliverio
4b7a2b677b wolfSSL_shutdown: fix non-blocking retry after WANT_WRITE. 
1. Send buffered message in case SendAlert_ex returned WANT_WRITE.
2. If pending messages are sent successfully return SHUTDOWN_NOT_DONE as
   current API behavior.
3. Propagate WANT_READ error for ProcessReply if waiting for other peer
   shutdown (when invoking wolfSSL_shutdown for the second time)
 2025-10-14 10:05:11 +02:00
Daniel Pouzzner
b2c105d5f7 Merge pull request #9292 from embhorn/zd20626 
Fix GCC warnings
 2025-10-13 23:17:13 -05:00
Eric Blankenhorn
dd22fa3243 Fix from testing 2025-10-13 15:27:01 -05:00
Eric Blankenhorn
e67b85724e Fix from testing 2025-10-13 12:57:47 -05:00
Eric Blankenhorn
adc9146035 Fix from testing 2025-10-13 12:33:40 -05:00
Eric Blankenhorn
83336e3436 Fix from testing 2025-10-13 12:15:39 -05:00
effbiae
f4b8f844b2 indent {.*;} macro args 2025-10-13 14:04:06 +11:00
effbiae
b5c5854064 fix for cppcheck defect in src/ssl.c 2025-10-11 11:40:30 +11:00
effbiae
75a6621c63 hand edits for small stack compress 2025-10-11 11:40:30 +11:00
effbiae
7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Eric Blankenhorn
e47be2163a Fix buffer warnings in x509 2025-10-10 15:33:53 -05:00
Eric Blankenhorn
f713cdb5e0 Fix evp const warning and pk buffer warning 2025-10-10 15:14:56 -05:00
David Garske
8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering 
Add message order sanity checks
 2025-10-10 10:26:34 -07:00
Eric Blankenhorn
aa56c40d30 Fix / suppress GCC warnings 2025-10-10 11:56:03 -05:00
Juliusz Sosinowicz
5efdc6b7b6 Make mutual auth side check more robust 2025-10-09 20:23:56 +02:00
Juliusz Sosinowicz
bd9f7b5b87 Clarify return values in wolfSSL_mutual_auth documentation 2025-10-09 00:57:08 +02:00
David Garske
3f460b40bc Merge pull request #9258 from kareem-wolfssl/zd19563_4 
Fix potential memory leak in wolfSSL_X509_verify_cert.
 2025-10-08 13:59:58 -07:00
Juliusz Sosinowicz
10365d6082 Allow clearing group messages flag 2025-10-08 11:11:03 +02:00
Juliusz Sosinowicz
6fbbdf9324 Add message order sanity checks 
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
 2025-10-08 11:11:03 +02:00
Kareem
b564138490 Merge remote-tracking branch 'upstream/master' into zd19563_4 2025-10-07 14:23:45 -07:00
JacobBarthelmeh
2445af9308 compile both fe_operations.c and low_mem version and rely on macro defines to choose which code gets compiled 2025-10-07 10:42:08 -06:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
David Garske
d9b52d832c Merge pull request #9259 from julek-wolfssl/dtls13-timeout 
Reset DTLS 1.3 timeout
 2025-10-07 07:57:17 -07:00