Sean Parkinson
1ec18949bc
TLS 1.3 duplicate KeyShare entry fix
...
Fix comparison to be greater than or equal in case count is incremented
after maxing out.
2025-11-13 08:23:19 +10:00
David Garske
e78752f3b2
Merge pull request #9407 from holtrop/rust-heap-devid-cleanup
...
Rust wrapper: support optional heap and dev_id parameters
2025-11-12 13:50:45 -08:00
David Garske
7cfffd5bbc
Merge pull request #9308 from kareem-wolfssl/zd20603
...
Add IPv6 support to wolfSSL_BIO_new_accept and wolfIO_TcpBind.
2025-11-12 11:09:17 -08:00
Josh Holtrop
40c471e20d
Rust wrapper: fix cmac documentation
2025-11-12 13:41:08 -05:00
David Garske
92fffa166b
Merge pull request #9413 from JacobBarthelmeh/lic
...
update to GPLv3 exception list, add Fetchmail and OpenVPN
2025-11-12 10:12:29 -08:00
David Garske
3fe534e3a2
Merge pull request #9403 from gojimmypi/pr-lms-unary-fix
...
Fix LMS C4146 unary minus warning in MSVC, new param check
2025-11-12 08:40:33 -08:00
Juliusz Sosinowicz
32911dc6b8
Add blinding to CI
2025-11-12 17:12:35 +01:00
Juliusz Sosinowicz
4b7c052ee9
test_wolfSSL_inject: don't call accept on completed handshake
2025-11-12 17:12:22 +01:00
Juliusz Sosinowicz
d1c321abdc
Don't override errors when blinding the priv key
2025-11-12 17:12:22 +01:00
Josh Holtrop
df99227dc8
Rust wrapper: use _ex APIs for heap and dev_id variants
2025-11-12 09:50:20 -05:00
gojimmypi
ca920edbd0
Fix LMS C4146 unary minus warning in MSVC, new param check
2025-11-11 19:26:52 -08:00
Kareem
fbb7ae2257
Add NULL check to wolfSSL_BIO_new_accept.
2025-11-11 16:20:09 -07:00
Kareem
3296e6a1f0
Merge remote-tracking branch 'upstream/master' into zd20603
2025-11-11 16:15:22 -07:00
David Garske
6914f08f5e
Merge pull request #9391 from holtrop/check-dup-extensions-fix
...
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
2025-11-11 14:05:14 -08:00
Josh Holtrop
798b16dcef
Address more code review feedback for PR 9391
2025-11-11 15:36:28 -05:00
Josh Holtrop
32b00fd10b
Address code review feedback for PR 9391
2025-11-11 14:06:44 -05:00
David Garske
4c273a6f3f
Merge pull request #9404 from cconlon/jniNoQuicEch
...
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
2025-11-11 09:42:38 -08:00
David Garske
e323fb9675
Merge pull request #9410 from SparkiDev/multi_arch_opt
...
Workflow: multiple architectures with different -O levels
2025-11-11 09:42:21 -08:00
David Garske
2db1c7a522
Merge pull request #9395 from SparkiDev/tls12_cv_sig_check
...
TLS 1.2 CertificateVerify: validate sig alg matches peer key
2025-11-11 09:18:11 -08:00
JacobBarthelmeh
4da365214a
Merge pull request #9412 from SparkiDev/regression_fixes_21
...
Regression testing fixes
2025-11-11 09:32:43 -07:00
Sean Parkinson
d84564217c
Regression testing fixes
...
Fix #ifdef protection for AES tests.
2025-11-11 21:46:04 +10:00
Sean Parkinson
702f6ce94f
Workflow: multiple architectures with different -O levels
...
Test configurations with different optimization levels: -O2, -O3, -O1,
-O0, -Os, -Ofast
2025-11-11 17:50:48 +10:00
Sean Parkinson
f54ca0d481
TLS 1.2 CertificateVerify: req sig alg to have been in CR
...
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.
The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
2025-11-11 13:20:46 +10:00
David Garske
967f520c28
Merge pull request #9408 from anhu/stateful_integ_deprecate
...
Deprecate LMS and XMSS integrations.
2025-11-10 15:17:51 -08:00
JacobBarthelmeh
0fa2274a16
Merge pull request #9406 from SparkiDev/sp_label_noinline
...
SP label noinline: function inlined even when asked not to
2025-11-10 14:52:14 -07:00
Anthony Hu
0771bc42d6
Deprecate LMS and XMSS integrations.
2025-11-10 15:13:06 -05:00
Josh Holtrop
4102f8272e
Rust wrapper: support optional heap and dev_id parameters
2025-11-10 13:53:51 -05:00
David Garske
2c47675194
Merge pull request #9333 from gojimmypi/pr-msvc-random
...
Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC
2025-11-10 08:33:54 -08:00
Josh Holtrop
3af60ff85d
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
2025-11-10 10:06:07 -05:00
Sean Parkinson
b7ade58c52
SP label noinline: function inlined even when asked not to
...
The label L_521_mont_reduce_9_nomask is therefore appearing more than
once in the compiled code.
Adding '%=' to the end of the label ensure it has a unique number
appended to it even when inlined.
2025-11-10 20:05:41 +10:00
Daniel Pouzzner
9c1526c90d
Merge pull request #9401 from cconlon/jniPublicMp
...
Add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support
2025-11-08 11:07:54 -06:00
Daniel Pouzzner
f977004dca
Merge pull request #9400 from cconlon/ocspStaplingTls13MultiMktemp
...
Use portable mktemp syntax in ocsp-stapling_tls13multi.test
2025-11-08 11:07:28 -06:00
Daniel Pouzzner
9e9a7392d4
Merge pull request #9373 from julek-wolfssl/WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
...
Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards
2025-11-08 11:04:43 -06:00
Daniel Pouzzner
ea4311666e
Merge pull request #9367 from julek-wolfssl/wolfDTLS_accept_stateless-early-data
...
wolfDTLS_accept_stateless: Fix handling for early data
2025-11-08 11:04:19 -06:00
Daniel Pouzzner
8b3eaa0eff
Merge pull request #9370 from gojimmypi/pr-watcom-update
...
Update and pin Watcom to 2025-11-03-Build release
2025-11-08 09:31:22 -06:00
Chris Conlon
fdec53c4c9
skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined
2025-11-07 17:09:30 -07:00
Chris Conlon
0cf3728ca0
update "--enable-jni --enable-all" combo to exclude QUIC and ECH, not compatible with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
2025-11-07 16:50:41 -07:00
David Garske
b45217db00
Merge pull request #9402 from anhu/stsafe_doc
...
Correction about how to get interface files.
2025-11-07 13:59:45 -08:00
Anthony Hu
22ab16df97
Correction about how to get interface files.
2025-11-07 16:53:30 -05:00
Chris Conlon
88373d8cb5
add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support
2025-11-07 14:14:51 -07:00
JacobBarthelmeh
4f4826ae92
Merge pull request #9385 from anhu/not_len
...
Use suites->hashSigAlgoSz when calling TLSX_SignatureAlgorithms_MapPss
2025-11-07 13:49:30 -07:00
gojimmypi
8654599e61
Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC
2025-11-07 11:08:44 -08:00
JacobBarthelmeh
0d49df7735
update to GPLv3 exception list, add Fetchmail and OpenVPN
2025-11-07 12:06:29 -07:00
JacobBarthelmeh
4c5bc5f8fe
Merge pull request #9387 from SparkiDev/tls12_cr_order
...
TLS 1.2: client message order check
2025-11-07 10:00:39 -07:00
JacobBarthelmeh
222f6084f8
Merge pull request #9399 from douzzer/20251106-linuxkm-PIE-inline-thunks
...
20251106-linuxkm-PIE-inline-thunks
2025-11-07 08:33:53 -07:00
Sean Parkinson
58bd6a8d94
TLS 1.2 CertificateVerify: validate sig alg matches peer key
...
Don't proceed with parsing CertificateVerify message in TLS 1.2 if the
signature algorithm doesn't match the peer's key (key from client
certificate).
2025-11-07 13:26:26 +10:00
JacobBarthelmeh
a96b35c0ff
Merge pull request #9398 from toddouska/master
...
Add GPLv2 exception list to LICENSING
2025-11-06 17:19:59 -07:00
Chris Conlon
f208716b80
use portable mktemp syntax in scripts/ocsp-stapling_tls13multi.test for macOS compatibility
2025-11-06 16:54:23 -07:00
Daniel Pouzzner
53a20f4928
linuxkm/Kbuild: when ENABLED_LINUXKM_PIE, use inline thunks on all objects, not just PIE objects, to resolve false-positive "unpatched thunk" warnings on some kernels/configs. also cleans up flag setup more generally.
2025-11-06 17:37:07 -06:00
Sean Parkinson
f376c8d910
Merge pull request #9388 from lealem47/scan_build
...
Various fixes for nightly tests
2025-11-07 09:30:08 +10:00