wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 13:52:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,538 Commits 12 Branches 184 Tags
610d8e53669c2daa1fd934ef3bbf8dc2c7cda133
Commit Graph

8848 Commits

Author SHA1 Message Date
David Garske
8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering 
Add message order sanity checks
 2025-10-10 10:26:34 -07:00
Juliusz Sosinowicz
5efdc6b7b6 Make mutual auth side check more robust 2025-10-09 20:23:56 +02:00
Juliusz Sosinowicz
bd9f7b5b87 Clarify return values in wolfSSL_mutual_auth documentation 2025-10-09 00:57:08 +02:00
David Garske
3f460b40bc Merge pull request #9258 from kareem-wolfssl/zd19563_4 
Fix potential memory leak in wolfSSL_X509_verify_cert.
 2025-10-08 13:59:58 -07:00
Juliusz Sosinowicz
10365d6082 Allow clearing group messages flag 2025-10-08 11:11:03 +02:00
Juliusz Sosinowicz
6fbbdf9324 Add message order sanity checks 
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
 2025-10-08 11:11:03 +02:00
Kareem
b564138490 Merge remote-tracking branch 'upstream/master' into zd19563_4 2025-10-07 14:23:45 -07:00
JacobBarthelmeh
2445af9308 compile both fe_operations.c and low_mem version and rely on macro defines to choose which code gets compiled 2025-10-07 10:42:08 -06:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
David Garske
d9b52d832c Merge pull request #9259 from julek-wolfssl/dtls13-timeout 
Reset DTLS 1.3 timeout
 2025-10-07 07:57:17 -07:00
Sean Parkinson
9d546acd03 Merge pull request #9200 from effbiae/build-msg-or-hash-output 
refactor to BuildMsgOrHashOutput()
 2025-10-07 08:20:20 +10:00
David Garske
d4242fa026 Merge pull request #9272 from julek-wolfssl/cov-20251006 
Handle coverity reported errors
 2025-10-06 10:57:20 -07:00
David Garske
fe7b6f1651 Add missing TimeNowInMilliseconds for FreeRTOS 2025-10-06 18:38:09 +02:00
David Garske
c349001d94 Move the STM32 hash options into STM32_HASH. Fix for realloc. Improve docs for hcom_uart. Fix issue with detecting RTC and incorrectly setting NO_ASN_TIME. 2025-10-06 18:38:09 +02:00
Juliusz Sosinowicz
cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
a9ad5181e6 tls13: remove dead code in SetupOcspResp csr assignment 2025-10-06 16:21:47 +02:00
Juliusz Sosinowicz
303401b047 Refactor certificate status handling to use word32 2025-10-06 16:19:54 +02:00
Juliusz Sosinowicz
f9063c406b Enables dynamic TLS cert loading with OCSP 
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
 2025-10-03 13:08:11 +02:00
effbiae
2adae90a5d refactor to BuildMsgOrHashOutput 2025-10-03 11:41:57 +10:00
Sean Parkinson
ea4554c941 Merge pull request #9234 from effbiae/TLSX_WriteWithEch 
restore inner server name in TLSX_WriteWithEch
 2025-10-03 09:20:40 +10:00
Sean Parkinson
d8d3a7a22d Merge pull request #9190 from colmenero/hmacCopy-sm3-issue-9187 
Add SM3 in wolfSSL_HmacCopy
 2025-10-03 09:10:03 +10:00
Sean Parkinson
e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
 2025-10-03 08:28:02 +10:00
effbiae
c3c7b11cfc refactor X509PrintSubjAltName 2025-10-02 15:36:36 +10:00
Kareem
992dfecc11 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_4 2025-10-01 11:15:46 -07:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Daniel Pouzzner
d5750ac7ca Merge pull request #9250 from gasbytes/issue-9247 
Added check in TLX_Parse to check if KeyShare extension is present SupportedGroups must be present too (and viceversa)
 2025-09-30 20:36:50 -05:00
Daniel Pouzzner
c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245 
DTLS SRTP should also do a cookie exchange since it uses UDP
 2025-09-30 20:36:27 -05:00
Daniel Pouzzner
234ba7780a Merge pull request #9148 from SparkiDev/ct_volatile 
Mark variables as volatile
 2025-09-30 20:35:52 -05:00
Daniel Pouzzner
b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240 
Abort connection if we are about to send the same CH
 2025-09-30 20:35:32 -05:00
Daniel Pouzzner
1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3 
Fix building and running tests and examples with coding/PEM support disabled.
 2025-09-30 20:34:46 -05:00
Daniel Pouzzner
42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello 
Add support for certificate_authorities extension in ClientHello
 2025-09-30 20:33:16 -05:00
Kareem
0efc8118d3 Fix potential memory leak in wolfSSL_X509_verify_cert. 2025-09-30 17:39:33 -07:00
Daniel Pouzzner
b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify 
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
 2025-09-30 16:22:41 -05:00
Daniel Pouzzner
7ea66aeffe refactor WOLFSSL_LINUXKM gates as generic WOLFSSL_KERNEL_MODE gates where appropriate: 
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).

rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.

rename lkm_printf() to wc_km_printf().

replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H

remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
 2025-09-29 16:59:12 -05:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Reda Chouk
be02b1ea72 Added check in TLX_Parse to check if KeyShare extension is present 
SupportedGroups must be present too (and viceversa).
From RFC 8446 Section 9.2.
 2025-09-29 13:10:32 +02:00
David Garske
eda6c184bb Merge pull request #9219 from kareem-wolfssl/zd20538 
Fix building with --enable-keygen --enable-rsavfy.
 2025-09-26 14:08:33 -07:00
Kareem
d2537a883f Always add failed certs back to cert store. 2025-09-26 11:13:19 -07:00
Juliusz Sosinowicz
f798a585d9 Abort connection if we are about to send the same CH 2025-09-26 12:08:53 +02:00
Kareem
af9a06e9bf Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-25 10:39:11 -07:00
Kareem
a3b29ed99f Merge remote-tracking branch 'upstream/master' into zd20038_3 2025-09-25 10:32:13 -07:00
Stanislav Klima
1cfafc2a52 fixes from zd20556 2025-09-24 12:03:39 +02:00
Sean Parkinson
aa87b35964 Mark variables as volatile 
Ensures compiler optimizers don't stop code from being constant time.
 2025-09-24 08:47:20 +10:00
Mattia Moffa
26c9908504 Use string literals in tests, fix add CA functions 2025-09-24 00:11:55 +02:00
effbiae
a8fb94b425 restore inner server name in TLSX_WriteWithEch 2025-09-23 23:30:25 +10:00
Mattia Moffa
4535572428 Use memio in tests, fix ifdef, fix typos 2025-09-23 11:50:21 +02:00
effbiae
b20f3dac57 refactor to set_cert_type 2025-09-23 19:27:22 +10:00
Sean Parkinson
e497d28ae1 Merge pull request #9223 from kareem-wolfssl/zd20543_4 
Fix non constant compare of TLS 1.3 binder, check for negative dst_len in wc_XChaCha20Poly1305_crypt_oneshot.
 2025-09-23 09:09:33 +10:00
Kareem
7afcf20077 Fix non constant compare of TLS 1.3 binder, check for negative dst_len in wc_XChaCha20Poly1305_crypt_oneshot. 2025-09-19 11:39:46 -07:00
Daniel Pouzzner
4174f554be src/internal.c: fix clang-analyzer-deadcode.DeadStores in GetEcDiffieHellmanKea(). 2025-09-19 11:22:19 -05:00