wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 12:22:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,532 Commits 12 Branches 184 Tags
610d530e45ef1a8070fc4d452d69137e20130976
Commit Graph

9104 Commits

Author SHA1 Message Date
Chris Conlon
610d530e45 Add Name Constraints extension support with wolfSSL_X509_get_ext_d2i() and wolfSSL_NAME_CONSTRAINTS_check_name() 2026-01-26 10:36:05 -07:00
David Garske
e4e79dd8a3 Merge pull request #9694 from SparkiDev/tls_msg_sanity_fix 
TLS: more sanity checks on message order
 2026-01-21 15:11:11 -08:00
David Garske
f52930b844 More fixes for NO RNG and NO check key (broken in #9606 and #9576) 2026-01-21 10:31:57 -08:00
Sean Parkinson
8902afdcea TLS: more sanity checks on message order 
Add more checks on message ordering for TLS 1.2 and below.
Reformat code.
 2026-01-21 10:00:38 +10:00
David Garske
17401da6ae Merge pull request #9678 from cconlon/otherNameSan 
Fix GENERAL_NAME memory management for otherName and RID SANs
 2026-01-20 10:56:37 -08:00
David Garske
6bdc6a7550 Merge pull request #9618 from SparkiDev/volatile_multi_statement 
Multiple volatile variables in a C statement undefined
 2026-01-20 10:42:49 -08:00
Sean Parkinson
c71a4dd66f Merge pull request #9662 from AlexLanzano/tls1.2-empty-cert-fix 
[TLS 1.2, TLS 1.3] Fail immediately if server sends empty certificate message for TLS 1.2 and beyond
 2026-01-20 09:45:29 +10:00
Chris Conlon
0f395a5f9d Fix memory management in wolfssl_dns_entry_othername_to_gn() and 
wolfSSL_X509_get_ext_d2i() for otherName SAN handling, add ASN_RID_TYPE case to wolfSSL_X509_get_ext_d2i()
 2026-01-19 16:39:33 -07:00
Daniel Pouzzner
4ce6c4c262 Merge pull request #9623 from julek-wolfssl/dtls-1.3-ms-interval 
dtls 1.3: allow rtx interval to be less than a second
 2026-01-19 17:01:23 -06:00
Daniel Pouzzner
c2cf8b1545 Merge pull request #9659 from holtrop-wolfssl/improve-error-for-invalid-helloretryrequest 
Improve log message and error code for invalid HelloRetryRequest - fix #9653
 2026-01-19 16:23:59 -06:00
Juliusz Sosinowicz
bba4671042 wolfSSL_dtls13_use_quick_timeout: check for NULL input 2026-01-19 10:13:23 +01:00
Juliusz Sosinowicz
429b690370 Address code review 2026-01-19 09:38:17 +01:00
Juliusz Sosinowicz
48067f1fa7 dtls 1.3: allow rtx interval to be less than a second 2026-01-19 09:32:09 +01:00
Daniel Pouzzner
84bca62ace Merge pull request #9667 from bigbrett/ancv-verify-callback-fix 
Apple Cert Fix: Prevent verify callback from blocking ANCV invocation
 2026-01-17 00:02:42 -06:00
Daniel Pouzzner
9ae87e2a48 Merge pull request #9657 from embhorn/gh9655 
Fix TLSX_Parse to correctly handle client and server cert type ext with TLS1.3
 2026-01-16 23:59:31 -06:00
Daniel Pouzzner
0ceed2d832 Merge pull request #9664 from padelsbach/hmac-update-len-check 
Add length check to Hmac_UpdateFinal_CT to prevent build error
 2026-01-16 15:35:58 -06:00
Sean Parkinson
fabe0c090a Merge pull request #9646 from rlm2002/coverity 
20260112 Coverity: update macros and add length checks
 2026-01-16 09:20:01 +10:00
Brett
65a2b06d89 ANCV: support server-side policy creation 2026-01-15 11:59:59 -07:00
Brett
22a9665e6d Prevent verify callback from blocking ANCV invocation when verify 
callback is registered. Reverts behavior to pre-PR#9144
 2026-01-15 11:59:59 -07:00
Ruby Martin
2596d56802 verify length limit for supported version ext 
add length check to tls extensions
 2026-01-15 10:58:26 -07:00
Josh Holtrop
e7612ff36f Improve log message and error code for invalid HelloRetryRequest - fix #9653 2026-01-15 12:55:17 -05:00
Eric Blankenhorn
3c5b8f900e Fix TLSX_Parse to correctly handle client and server cert type ext with TLS1.3 2026-01-15 07:36:52 -06:00
David Garske
f0d3957aa9 Merge pull request #9643 from mattia-moffa/20260112-sniffer-fixes 
More sniffer length checks
 2026-01-14 17:00:12 -08:00
Paul Adelsbach
f3fb63aea7 Add length check to Hmac_UpdateFinal_CT to prevent build error 2026-01-14 09:31:35 -08:00
Alex Lanzano
bdc525dd6d [TLS 1.2, TLS 1.3] Fail immediately if server sends empty certificate message for TLS 1.2 and beyond 2026-01-14 11:30:13 -05:00
Daniel Pouzzner
366f5fe411 src/ssl.c: refactor initRefCount increment/decrement to avoid -Wvolatile. 2026-01-13 11:21:40 -06:00
Sean Parkinson
1aa79af41e Multiple volatile variables in a C statement undefined 
Undefined behaviour when there are multiple volatile variables accessed
in the one C statement.
Changes to introduce non-volatile temporaries, split statement or make
variable non-volatile.
 2026-01-13 15:08:50 +10:00
Mattia Moffa
100d765b0c More sniffer length checks 2026-01-12 18:25:27 +01:00
Sean Parkinson
3f8efdc802 Merge pull request #9600 from padelsbach/addcrl-cleanup 
Cleanup AddCRL mutex and alloc/free
 2026-01-12 09:11:20 +10:00
Sean Parkinson
ce69f1cec0 Merge pull request #9635 from miyazakh/x509errstr_handling 
Fix OpenSSL error code handling in ERR_reason_error_string()
 2026-01-12 08:57:17 +10:00
Sean Parkinson
84ca4a05fa Merge pull request #9628 from miyazakh/fix_crlnumber 
Fix CRL Number hex string buffer overflow in CRL parser
 2026-01-12 08:52:57 +10:00
Hideki Miyazaki
8571a67f13 fix PR test 2026-01-10 14:53:23 +09:00
Hideki Miyazaki
0e8af03f1d OpenSSL error code handling in reason_error_string 2026-01-10 13:50:08 +09:00
Paul Adelsbach
e62c94d5e3 Cleanup AddCRL mutex and alloc/free 2026-01-09 10:44:06 -08:00
Sean Parkinson
819eab8b46 Merge pull request #9609 from Frauschi/memory_leak_fix 
Fix memory leak in case of handshake error
 2026-01-09 10:10:31 +10:00
Hideki Miyazaki
d052128830 addressed review comments 2026-01-09 09:01:14 +09:00
David Garske
4f1d578212 Merge pull request #9610 from Frauschi/pre_master_secret_size 
Remove PQC-based buffer size increase for PreMasterSecret
 2026-01-08 11:18:19 -08:00
David Garske
198eac24d3 Merge pull request #9606 from Frauschi/cleanup_decode_private_key 
Cleanup for DecodePrivateKey() functionality
 2026-01-08 11:09:44 -08:00
David Garske
d25f98fd82 Merge pull request #9584 from miyazakh/fix_qtfail 
Fix qt jenkins nightly test failure
 2026-01-08 10:58:20 -08:00
David Garske
f57484d1b3 Merge pull request #9616 from douzzer/20251230-persistent-drbg 
20251230-persistent-drbg
 2026-01-08 10:54:45 -08:00
David Garske
b609fe28ca Merge pull request #9611 from Frauschi/psk_compile_fix 
Fix for PSK compile option
 2026-01-08 10:52:57 -08:00
David Garske
97d9bfcea6 Merge pull request #9601 from rizlik/early_data_client_side_fixes 
check that we are resuming in write_early_data + minor fixes
 2026-01-08 10:26:48 -08:00
David Garske
d290caa848 Merge pull request #9608 from Frauschi/typo_fix 
Fix for WOLFSSL_BLIND_PRIVATE_KEY and WOLFSSL_DUAL_ALG_CERTS
 2026-01-08 10:23:30 -08:00
Tobias Frauenschläger
05dc9f0449 Fix memory leak in case of handshake error 
Make sure peer dilithium key is properly freed in case the handshakes fails.
 2026-01-08 16:50:28 +01:00
Hideki Miyazaki
08876e278a Fix CRL Number hex string buffer overflow in CRL parser 2026-01-08 17:25:19 +09:00
Daniel Pouzzner
0059f1647e move WC_RNG_BANK_SUPPORT implementation from wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h to new files wolfcrypt/src/rng_bank.c and wolfssl/wolfcrypt/rng_bank.h; 
wolfcrypt/src/rng_bank.c:

  * add wc_local_rng_bank_checkout_for_bankref, wc_BankRef_Release(), wc_rng_bank_new(), and wc_rng_bank_free();

  * in wc_rng_bank_checkin(), take a struct wc_rng_bank_inst **rng_inst and NULL it before return;

  * in wc_rng_bank_init(), add a devId arg, and handle devId in wc_rng_bank_inst_reinit();

  * add WC_RNG_BANK_INST_LOCK_* and use them in wc_rng_bank_checkout() and wc_rng_bank_checkin();

  * fix order of operations in wc_rng_bank_checkout() re DISABLE_VECTOR_REGISTERS();

wolfcrypt/src/random.c:

  * refactor per-instance salting for wc_rng_bank_inst: remove changes in Hash_df(), Hash_DRBG_Instantiate(), and _InitRng(), and in wc_rng_bank_init() and wc_rng_bank_inst_reinit(), use wc_InitRngNonce_ex() and pass the wc_rng_bank_inst pointer as the nonce;

  * simplify the WC_RNG_BANK_SUPPORT variant of wc_RNG_GenerateBlock() -- delegate to wc_local_rng_bank_checkout_for_bankref() and remove supplementary error checking;

  * in wc_FreeRng(), call wc_BankRef_Release() when WC_DRBG_BANKREF, and in wc_BankRef_Release(), fix refcount flub (not wolfSSL_RefFree, rather wolfSSL_RefDec);

  * streamline the WOLFSSL_LINUXKM wc_GenerateSeed();

wolfcrypt/test/test.c: add random_bank_test();

linuxkm/lkcapi_sha_glue.c: use WC_RNG_BANK_INST_TO_RNG() opportunistically;

configure.ac: add --enable-amdrdseed as a synonym for --enable-amdrand;

linuxkm/linuxkm_wc_port.h: when LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT, don't include get_random_bytes() in struct wolfssl_linuxkm_pie_redirect_table;

add various comments for clarity.
 2026-01-07 22:54:07 -06:00
Hideki Miyazaki
cdd75ff5ef fix indent 2026-01-08 08:46:22 +09:00
Hideki Miyazaki
6392c2b420 undo changes 
fix indentation
 2026-01-08 07:10:25 +09:00
David Garske
b5d3c87876 Merge pull request #9603 from SparkiDev/ppc32_sha256_asm_reg 
PPC32 ASM: alternative C code with registers prepended
 2026-01-07 08:23:55 -08:00
Tobias Frauenschläger
87182992b8 Fix for PSK compile option 
The derivation of the ResumptionSecret is only necessary in case SessionTickets are enabled.
 2026-01-07 16:58:52 +01:00