Commit Graph

29160 Commits

Author SHA1 Message Date
Sean Parkinson 1ec18949bc TLS 1.3 duplicate KeyShare entry fix
Fix comparison to be greater than or equal in case count is incremented
after maxing out.
2025-11-13 08:23:19 +10:00
David Garske e78752f3b2 Merge pull request #9407 from holtrop/rust-heap-devid-cleanup
Rust wrapper: support optional heap and dev_id parameters
2025-11-12 13:50:45 -08:00
David Garske 7cfffd5bbc Merge pull request #9308 from kareem-wolfssl/zd20603
Add IPv6 support to wolfSSL_BIO_new_accept and wolfIO_TcpBind.
2025-11-12 11:09:17 -08:00
Josh Holtrop 40c471e20d Rust wrapper: fix cmac documentation 2025-11-12 13:41:08 -05:00
David Garske 92fffa166b Merge pull request #9413 from JacobBarthelmeh/lic
update to GPLv3 exception list, add Fetchmail and OpenVPN
2025-11-12 10:12:29 -08:00
David Garske 3fe534e3a2 Merge pull request #9403 from gojimmypi/pr-lms-unary-fix
Fix LMS C4146 unary minus warning in MSVC, new param check
2025-11-12 08:40:33 -08:00
Juliusz Sosinowicz 32911dc6b8 Add blinding to CI 2025-11-12 17:12:35 +01:00
Juliusz Sosinowicz 4b7c052ee9 test_wolfSSL_inject: don't call accept on completed handshake 2025-11-12 17:12:22 +01:00
Juliusz Sosinowicz d1c321abdc Don't override errors when blinding the priv key 2025-11-12 17:12:22 +01:00
Josh Holtrop df99227dc8 Rust wrapper: use _ex APIs for heap and dev_id variants 2025-11-12 09:50:20 -05:00
gojimmypi ca920edbd0 Fix LMS C4146 unary minus warning in MSVC, new param check 2025-11-11 19:26:52 -08:00
Kareem fbb7ae2257 Add NULL check to wolfSSL_BIO_new_accept. 2025-11-11 16:20:09 -07:00
Kareem 3296e6a1f0 Merge remote-tracking branch 'upstream/master' into zd20603 2025-11-11 16:15:22 -07:00
David Garske 6914f08f5e Merge pull request #9391 from holtrop/check-dup-extensions-fix
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
2025-11-11 14:05:14 -08:00
Josh Holtrop 798b16dcef Address more code review feedback for PR 9391 2025-11-11 15:36:28 -05:00
Josh Holtrop 32b00fd10b Address code review feedback for PR 9391 2025-11-11 14:06:44 -05:00
David Garske 4c273a6f3f Merge pull request #9404 from cconlon/jniNoQuicEch
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
2025-11-11 09:42:38 -08:00
David Garske e323fb9675 Merge pull request #9410 from SparkiDev/multi_arch_opt
Workflow: multiple architectures with different -O levels
2025-11-11 09:42:21 -08:00
David Garske 2db1c7a522 Merge pull request #9395 from SparkiDev/tls12_cv_sig_check
TLS 1.2 CertificateVerify: validate sig alg matches peer key
2025-11-11 09:18:11 -08:00
JacobBarthelmeh 4da365214a Merge pull request #9412 from SparkiDev/regression_fixes_21
Regression testing fixes
2025-11-11 09:32:43 -07:00
Sean Parkinson d84564217c Regression testing fixes
Fix #ifdef protection for AES tests.
2025-11-11 21:46:04 +10:00
Sean Parkinson 702f6ce94f Workflow: multiple architectures with different -O levels
Test configurations with different optimization levels: -O2, -O3, -O1,
-O0, -Os, -Ofast
2025-11-11 17:50:48 +10:00
Sean Parkinson f54ca0d481 TLS 1.2 CertificateVerify: req sig alg to have been in CR
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.

The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
2025-11-11 13:20:46 +10:00
David Garske 967f520c28 Merge pull request #9408 from anhu/stateful_integ_deprecate
Deprecate LMS and XMSS integrations.
2025-11-10 15:17:51 -08:00
JacobBarthelmeh 0fa2274a16 Merge pull request #9406 from SparkiDev/sp_label_noinline
SP label noinline: function inlined even when asked not to
2025-11-10 14:52:14 -07:00
Anthony Hu 0771bc42d6 Deprecate LMS and XMSS integrations. 2025-11-10 15:13:06 -05:00
Josh Holtrop 4102f8272e Rust wrapper: support optional heap and dev_id parameters 2025-11-10 13:53:51 -05:00
David Garske 2c47675194 Merge pull request #9333 from gojimmypi/pr-msvc-random
Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC
2025-11-10 08:33:54 -08:00
Josh Holtrop 3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00
Sean Parkinson b7ade58c52 SP label noinline: function inlined even when asked not to
The label L_521_mont_reduce_9_nomask is therefore appearing more than
once in the compiled code.
Adding '%=' to the end of the label ensure it has a unique number
appended to it even when inlined.
2025-11-10 20:05:41 +10:00
Daniel Pouzzner 9c1526c90d Merge pull request #9401 from cconlon/jniPublicMp
Add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support
2025-11-08 11:07:54 -06:00
Daniel Pouzzner f977004dca Merge pull request #9400 from cconlon/ocspStaplingTls13MultiMktemp
Use portable mktemp syntax in ocsp-stapling_tls13multi.test
2025-11-08 11:07:28 -06:00
Daniel Pouzzner 9e9a7392d4 Merge pull request #9373 from julek-wolfssl/WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards
2025-11-08 11:04:43 -06:00
Daniel Pouzzner ea4311666e Merge pull request #9367 from julek-wolfssl/wolfDTLS_accept_stateless-early-data
wolfDTLS_accept_stateless: Fix handling for early data
2025-11-08 11:04:19 -06:00
Daniel Pouzzner 8b3eaa0eff Merge pull request #9370 from gojimmypi/pr-watcom-update
Update and pin Watcom to 2025-11-03-Build release
2025-11-08 09:31:22 -06:00
Chris Conlon fdec53c4c9 skip test_tls13_hrr_different_cs() test when WOLFSSL_TLS13_MIDDLEBOX_COMPAT is defined 2025-11-07 17:09:30 -07:00
Chris Conlon 0cf3728ca0 update "--enable-jni --enable-all" combo to exclude QUIC and ECH, not compatible with WOLFSSL_TLS13_MIDDLEBOX_COMPAT 2025-11-07 16:50:41 -07:00
David Garske b45217db00 Merge pull request #9402 from anhu/stsafe_doc
Correction about how to get interface files.
2025-11-07 13:59:45 -08:00
Anthony Hu 22ab16df97 Correction about how to get interface files. 2025-11-07 16:53:30 -05:00
Chris Conlon 88373d8cb5 add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support 2025-11-07 14:14:51 -07:00
JacobBarthelmeh 4f4826ae92 Merge pull request #9385 from anhu/not_len
Use suites->hashSigAlgoSz when calling TLSX_SignatureAlgorithms_MapPss
2025-11-07 13:49:30 -07:00
gojimmypi 8654599e61 Conditional wolfcrypt-only wc_RNG_GenerateBlock for MSVC 2025-11-07 11:08:44 -08:00
JacobBarthelmeh 0d49df7735 update to GPLv3 exception list, add Fetchmail and OpenVPN 2025-11-07 12:06:29 -07:00
JacobBarthelmeh 4c5bc5f8fe Merge pull request #9387 from SparkiDev/tls12_cr_order
TLS 1.2: client message order check
2025-11-07 10:00:39 -07:00
JacobBarthelmeh 222f6084f8 Merge pull request #9399 from douzzer/20251106-linuxkm-PIE-inline-thunks
20251106-linuxkm-PIE-inline-thunks
2025-11-07 08:33:53 -07:00
Sean Parkinson 58bd6a8d94 TLS 1.2 CertificateVerify: validate sig alg matches peer key
Don't proceed with parsing CertificateVerify message in TLS 1.2 if the
signature algorithm doesn't match the peer's key (key from client
certificate).
2025-11-07 13:26:26 +10:00
JacobBarthelmeh a96b35c0ff Merge pull request #9398 from toddouska/master
Add GPLv2 exception list to LICENSING
2025-11-06 17:19:59 -07:00
Chris Conlon f208716b80 use portable mktemp syntax in scripts/ocsp-stapling_tls13multi.test for macOS compatibility 2025-11-06 16:54:23 -07:00
Daniel Pouzzner 53a20f4928 linuxkm/Kbuild: when ENABLED_LINUXKM_PIE, use inline thunks on all objects, not just PIE objects, to resolve false-positive "unpatched thunk" warnings on some kernels/configs. also cleans up flag setup more generally. 2025-11-06 17:37:07 -06:00
Sean Parkinson f376c8d910 Merge pull request #9388 from lealem47/scan_build
Various fixes for nightly tests
2025-11-07 09:30:08 +10:00