Commit Graph

29160 Commits

Author SHA1 Message Date
JacobBarthelmeh fca3028395 advance index past recipent set in non stream case too 2025-10-03 15:55:35 -06:00
Daniel Pouzzner 781c9bb990 Merge pull request #9268 from dgarske/cryptocb_only
Remove the `NO_WRITE_TEMP_FILES` test.c logic added in #9194
2025-10-03 16:39:59 -05:00
Daniel Pouzzner 46fd3d60f9 linuxkm/Kbuild: activate linker script with backward-compatible construct (tests good on 4.4);
linuxkm/linuxkm_wc_port.h: completely inhibit CONFIG_FORTIFY_SOURCE across the module when HAVE_LINUXKM_PIE_SUPPORT, for fidget-free backward compat;

linuxkm/module_hooks.c:
* add startup-time sanity check on fenceposts,
* enhance DEBUG_LINUXKM_PIE_SUPPORT with coverage for WOLFSSL_TEXT_SEGMENT_CANONICALIZER on the entire text segment,
* compute and report a hash on the stabilized text segment,
* fix wc_linuxkm_normalize_relocations() to allow span end == __wc_text_end, and
* add numerous verbose pr_err()s when DEBUG_LINUXKM_PIE_SUPPORT.
2025-10-03 15:07:56 -05:00
JacobBarthelmeh 4e92920a7f cast variable to word32 for compare 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 12cfca4060 account for no AES build and add err trace macro 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 7a5e97e30e adjustment for recipient index advancement 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 6987304f42 Fix to advance past multiple recipients 2025-10-03 13:51:15 -06:00
David Garske d2be867b51 Remove the NO_WRITE_TEMP_FILES test.c logic added in #9194 2025-10-03 10:40:11 -07:00
David Garske ac23b48283 Merge pull request #9144 from julek-wolfssl/ocsp-callbacks
tls ocsp: support lazy cert loading with ocsp stapling
2025-10-03 09:47:55 -07:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
effbiae 2adae90a5d refactor to BuildMsgOrHashOutput 2025-10-03 11:41:57 +10:00
Sean Parkinson ea4554c941 Merge pull request #9234 from effbiae/TLSX_WriteWithEch
restore inner server name in TLSX_WriteWithEch
2025-10-03 09:20:40 +10:00
Sean Parkinson d8d3a7a22d Merge pull request #9190 from colmenero/hmacCopy-sm3-issue-9187
Add SM3 in wolfSSL_HmacCopy
2025-10-03 09:10:03 +10:00
Sean Parkinson e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
2025-10-03 08:28:02 +10:00
Daniel Pouzzner 5804ba759a Merge pull request #9194 from dgarske/cryptocb_only_test
Fixes for crypto callback only (no filesystem and keygen)
2025-10-02 16:52:31 -05:00
David Garske 5501111e77 Merge pull request #9265 from douzzer/20251002-misc-clang-tidy-and-fips-fixes
20251002-misc-clang-tidy-and-fips-fixes
2025-10-02 14:38:14 -07:00
Daniel Pouzzner 408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero();
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
2025-10-02 14:38:05 -05:00
Josh Holtrop c36c39af0a RSA API: use const pointers and clean up some comments 2025-10-02 15:28:43 -04:00
David Garske db6a4dfedb Merge pull request #9238 from effbiae/X509PrintSubjAltName
refactor X509PrintSubjAltName
2025-10-02 11:53:22 -07:00
David Garske 6de0b93a08 Merge pull request #9262 from julek-wolfssl/ascon-h-comment
ascon.h: Correct the placement of the AsconAEAD API comment
2025-10-02 11:11:01 -07:00
David Garske 6430a123fd Merge pull request #9264 from gojimmypi/pr-espressif-workflow
Update Espressif workflow to pin latest to ESP-IDF v5.5
2025-10-02 11:05:15 -07:00
gojimmypi b4b9bee950 Update workflow to pin latest to ESP-IDF v5.5 2025-10-02 10:25:25 -07:00
David Garske 36ce93d409 Merge pull request #9225 from gojimmypi/pr-espidf-v6-sha-fix
Add fix for SHA HW on ESP-IDF v6
2025-10-02 09:50:46 -07:00
Juliusz Sosinowicz 31db2b9e08 ascon.h: Correct the placement of the AsconAEAD API comment 2025-10-02 10:22:16 +02:00
effbiae c3c7b11cfc refactor X509PrintSubjAltName 2025-10-02 15:36:36 +10:00
Kareem abaf57d049 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20595 2025-10-01 15:53:57 -07:00
Kareem d53beb0f9d Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_4 2025-10-01 15:53:35 -07:00
Kaleb Himes 018af47f49 Merge pull request #9260 from douzzer/20251001-wc_DhGeneratePublic-ungate
20251001-wc_DhGeneratePublic-ungate
2025-10-01 14:38:39 -06:00
Kareem 992dfecc11 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_4 2025-10-01 11:15:46 -07:00
Daniel Pouzzner 2ca9f66579 wolfcrypt/test/test.c: add FIPS gate around wc_DhGeneratePublic() test in dh_ffdhe_test(). 2025-10-01 10:23:49 -05:00
Daniel Pouzzner 477d7fae54 remove WOLFSSL_DH_GEN_PUB, WOLFSSL_NO_DH_GEN_PUB, and WOLFSSL_DH_EXTRA gating re wc_DhGeneratePublic(), consistent with recent FIPS changes. 2025-10-01 09:38:27 -05:00
Daniel Pouzzner 56524a3169 Merge pull request #9226 from philljj/tiny_curl_config
curl: document tiny-curl config a bit more.
2025-09-30 20:45:15 -05:00
Daniel Pouzzner b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188
Prevent replaying ClientHello messages when Finished message are epoch 0
2025-09-30 20:44:09 -05:00
Daniel Pouzzner 88075664dc Merge pull request #9252 from bigbrett/kdf-cryptocb
HKDF cryptocb
2025-09-30 20:37:11 -05:00
Daniel Pouzzner d5750ac7ca Merge pull request #9250 from gasbytes/issue-9247
Added check in TLX_Parse to check if KeyShare extension is present SupportedGroups must be present too (and viceversa)
2025-09-30 20:36:50 -05:00
Daniel Pouzzner c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245
DTLS SRTP should also do a cookie exchange since it uses UDP
2025-09-30 20:36:27 -05:00
Daniel Pouzzner 55a19da4c6 Merge pull request #9178 from SparkiDev/ed448_no_large_code
Ed448: No large code option with fast code
2025-09-30 20:36:10 -05:00
Daniel Pouzzner 234ba7780a Merge pull request #9148 from SparkiDev/ct_volatile
Mark variables as volatile
2025-09-30 20:35:52 -05:00
Daniel Pouzzner b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240
Abort connection if we are about to send the same CH
2025-09-30 20:35:32 -05:00
Daniel Pouzzner 1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3
Fix building and running tests and examples with coding/PEM support disabled.
2025-09-30 20:34:46 -05:00
Daniel Pouzzner 2172a4dea9 Merge pull request #9248 from holtrop/rust-wc-aes
Rust wrapper: Add aes module
2025-09-30 20:34:25 -05:00
Daniel Pouzzner 4a176d175a Merge pull request #9137 from kareem-wolfssl/gh8354
Fix documentation typo for wc_ed25519_export_public.
2025-09-30 20:34:06 -05:00
Daniel Pouzzner c7cd3b6c6d Merge pull request #8543 from JacobBarthelmeh/fsl_caam
handle unsupported fsl algo
2025-09-30 20:33:34 -05:00
Daniel Pouzzner 42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello
Add support for certificate_authorities extension in ClientHello
2025-09-30 20:33:16 -05:00
Daniel Pouzzner f869daafa2 Merge pull request #9037 from night1rider/issue-9009-cmake-options
Updating configure/Cmake to track Apple options for resulting wolfssl.pc file that is generated
2025-09-30 20:32:52 -05:00
Kareem 0efc8118d3 Fix potential memory leak in wolfSSL_X509_verify_cert. 2025-09-30 17:39:33 -07:00
Kareem a3a08e81a9 Fix running tests in FIPS mode with hash DRBG disabled. 2025-09-30 16:15:21 -07:00
Daniel Pouzzner b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
2025-09-30 16:22:41 -05:00
David Garske 50f25c5849 Merge pull request #9254 from douzzer/20250929-WOLFSSL_KERNEL_MODE
20250929-WOLFSSL_KERNEL_MODE
2025-09-30 09:04:13 -07:00