JacobBarthelmeh
9cdbc03a23
Merge pull request #9111 from douzzer/20250818-configure-linuxkm-fips-v5
...
20250818-configure-linuxkm-fips-v5
2025-08-19 14:31:08 -06:00
Josh Holtrop
98b6b92a76
Error from GetShortInt with negative INTEGER values
2025-08-19 12:40:48 -04:00
Sean Parkinson
2810656242
TLS 1.3: CertificateVerify - check sig alg was sent
...
Check that the signature algorithm used in the CertificateVerify message
was one that was sent in the SignatureAlgorithm extension.
2025-08-19 16:27:19 +10:00
Sean Parkinson
cd55fe6135
TLS 1.3: Fix for onlyDhePskKe
...
Make client enforce onlyDhPskKe flag.
2025-08-19 14:29:30 +10:00
Daniel Pouzzner
b9cc060340
configure.ac: tweaks for ENABLED_LINUXKM_DEFAULTS and FIPS v5.
2025-08-18 18:21:57 -05:00
JacobBarthelmeh
c089abe92f
add macro to list
2025-08-18 16:47:30 -06:00
Ruby Martin
27d03fce7a
additional check for ARM ASM Inline option
...
append thumb2 files, append inline c files with BUILD_ARMASM_INLINE
add all asm files. move curve25519 files under BUILD_CURVE25519
include remaining files
2025-08-18 15:41:43 -06:00
David Garske
f114f2cde2
Merge pull request #9093 from kareem-wolfssl/zd20372
...
Multiple fixes to wolfSSL_CIPHER_description to match documentation.
2025-08-18 13:43:53 -07:00
JacobBarthelmeh
fb6375551b
updating unwrap/wrap with use of DHUK
2025-08-18 13:38:26 -06:00
Kareem
aa6f1b231a
Fix memory leak in X509StoreRemoveCa.
2025-08-18 10:21:54 -07:00
Kareem
19b778dda0
Protect against exceeding original depth, fix overlong lines.
2025-08-18 10:21:54 -07:00
Kareem
cb985dcfa8
ECC required for newly added unit test.
2025-08-18 10:21:54 -07:00
Kareem
60c84744c8
Fix memory leak in x509_verify_cert itself, the failed certs need a pop_free call so the reference is properly decremented, as they are no longer in the X509_STORE.
2025-08-18 10:21:53 -07:00
Kareem
1e367597b6
Fix memory leak in newly added unit test.
2025-08-18 10:21:53 -07:00
Kareem
6b01053d98
Add test case for new x509_verify_cert retry functionality.
...
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
2025-08-18 10:21:53 -07:00
Kareem
027f0891f4
Don't fail out if X509StoreRemoveCa fails, since adding the temp CA was optional, it is possible there is no temp CA to remove.
2025-08-18 10:21:53 -07:00
Kareem
aaadb7971d
Fix narrowing conversion of type in RemoveCa.
2025-08-18 10:21:53 -07:00
Kareem
7b4a50b701
Add missing XFREE for dCert.
2025-08-18 10:21:53 -07:00
Kareem
d6f603b661
Add X509StoreRemoveCa wrapper around RemoveCa
...
WOLFSSL_X509's calculated subject key hash is not guaranteed to match the cert's,
ie. in the case that NO_SHA is defined. Use the same logic as AddCa,
parsing the DER cert and using the decoded cert's subject key hash.
2025-08-18 10:21:53 -07:00
Kareem
15a147d957
Remove incorrectly added NULL check, add debug logging to RemoveCA.
2025-08-18 10:21:53 -07:00
Kareem
f9eda18445
Fix missing cast and correct freeing of certs.
2025-08-18 10:21:53 -07:00
Kareem
946f20ccc7
Add type parameter to RemoveCA to avoid removing CAs of the wrong type.
2025-08-18 10:21:53 -07:00
Kareem
025dbc3454
Retry all certificates passed into wolfSSL_X509_verify_cert until a valid chain is found, rather than failing out on the first invalid chain. This allows for registering multiple certs with the same subject key, ie. alt cert chains.
2025-08-18 10:21:52 -07:00
Sean Parkinson
43f94a5d7d
Merge pull request #9107 from douzzer/20250816-cpuid_get_flags_ex-optimize
...
20250816-cpuid_get_flags_ex-optimize
2025-08-18 22:13:44 +10:00
Sean Parkinson
0ba16a9c5b
Merge pull request #9104 from kojiws/export_long_key_orig_asn
...
Improve original implementation on SetAsymKeyDer() and the test
2025-08-18 22:11:25 +10:00
Daniel Pouzzner
39c6c5af6f
wolfcrypt/src/cpuid.c, wolfssl/wolfcrypt/cpuid.h: change cpuid_flags_t to a
...
regular word32, and use non-atomics for general flag checking, with a new
implementation of cpuid_get_flags_ex() that is threadsafe by idempotency;
rename strictly-threadsafe cpuid_get_flags_ex() as cpuid_get_flags_atomic()
(strictly accurate return value), and add cpuid_flags_atomic_t and
WC_CPUID_ATOMIC_INITIALIZER, used only for internal manipulation of flags in
cpuid.c where atomicity matters.
2025-08-16 13:04:28 -05:00
lealem47
b096d9b250
Merge pull request #9106 from dgarske/zd20399
...
Fix sniffer issue handling TLS records with multiple handshake messages to be skipped
2025-08-15 15:57:00 -06:00
David Garske
32b0bd963b
Fix issue introduced in PR #9051 causing TLS records with multiple handshake messages to be skipped (ZD 20399)
2025-08-15 10:08:28 -07:00
David Garske
a98006eca9
Merge pull request #9105 from douzzer/20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
...
20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
2025-08-15 09:07:38 -07:00
Daniel Pouzzner
10a05ad839
wolfcrypt/src/dilithium.c: fix dilithium_expand_s() to fall through to dilithium_expand_s_c() for s1Len not implemented for USE_INTEL_SPEEDUP.
2025-08-15 09:48:55 -05:00
Juliusz Sosinowicz
ffe3d80f8d
Merge pull request #9097 from douzzer/20250812-atomic-cmpxchg
...
20250812-atomic-cmpxchg
2025-08-15 01:14:45 +02:00
Sean Parkinson
5b1302e4df
Merge pull request #9094 from dgarske/zd20369
...
Fix to better detect sniffer invalid spurious re-transmissions
2025-08-15 09:01:02 +10:00
Sean Parkinson
228ede7495
Merge pull request #9102 from rlm2002/zd20212
...
Remove dead code and check return values.
2025-08-15 08:21:38 +10:00
Daniel Pouzzner
c5bbf4c7e0
Merge pull request #9085 from effbiae/while-pending
...
`wolfSSL_AsyncPoll` calls refactor
2025-08-14 14:51:05 -05:00
David Garske
e00fd2fd70
Fix to better detect invalid spurious retransmission.
2025-08-14 12:19:39 -07:00
Kareem
c535e281c6
Skip unit test when using Apple native cert validation.
2025-08-14 11:34:15 -07:00
Kareem
cb3f7de3f7
Fix issues found by CI/CD tests.
2025-08-14 11:34:15 -07:00
Kareem
3bcbbd2924
Fix issue with loading PEM certs. Address code review feedback.
...
Add tests.
2025-08-14 11:34:15 -07:00
Kareem
a652b733e4
Fix conversion warning.
2025-08-14 11:34:15 -07:00
Kareem
ab342978d7
Fix implicit conversion warning.
2025-08-14 11:34:14 -07:00
Kareem
61ccea55ac
Allow setting the CA type when loading into cert manager
...
and unloading specific CA types from the cert manager.
2025-08-14 11:34:14 -07:00
Kareem
cb623dc9ea
Multiple fixes to wolfSSL_CIPHER_description to match documentation.
...
Add "any" value for TLS 1.3 cipher suites.
Fix key size comparison for enc bits.
Output AEAD as MAC if cipher suite is using it, otherwise output hash MAC.
2025-08-14 11:27:10 -07:00
Koji Takeda
0a9356e645
Improve original implementation on SetAsymKeyDer() and the test
2025-08-15 00:04:01 +09:00
Daniel Pouzzner
cefeb4cd7e
atomics/cpuid_flags fixes from peer review:
...
wolfcrypt/src/cpuid.c: cpuid_set_flag() and cpuid_clear_flag() thread safety;
wolfcrypt/src/wc_port.c: comments re __ATOMIC_SEQ_CST and __ATOMIC_ACQUIRE;
wolfssl/wolfcrypt/wc_port.h: single overrideable definitions for WOLFSSL_ATOMIC_COERCE_[U]INT(), and comment cleanup.
also added WOLFSSL_USER_DEFINED_ATOMICS.
2025-08-14 09:33:14 -05:00
Daniel Pouzzner
bd4e723f9d
add cpuid_flags_t, WC_CPUID_INITIALIZER, and cpuid_get_flags_ex();
...
refactor all static flag initializations to use cpuid_get_flags_ex() for race-free dynamics;
refactor cpuid_set_flags() to be race-free;
wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: add
* WOLFSSL_ATOMIC_COERCE_INT()
* WOLFSSL_ATOMIC_COERCE_UINT()
* wolfSSL_Atomic_Uint
* wolfSSL_Atomic_Uint_Init()
* wolfSSL_Atomic_Int_AddFetch()
* wolfSSL_Atomic_Int_SubFetch()
* wolfSSL_Atomic_Int_CompareExchange()
* wolfSSL_Atomic_Uint_FetchAdd()
* wolfSSL_Atomic_Uint_FetchSub()
* wolfSSL_Atomic_Uint_AddFetch()
* wolfSSL_Atomic_Uint_SubFetch()
* wolfSSL_Atomic_Uint_CompareExchange()
wolfcrypt/test/test.c: add to memory_test() tests for all atomic macros and APIs;
.github/workflows/pq-all.yml: don't use -Wpedantic for CC=c++ scenario.
2025-08-14 08:44:28 -05:00
Sean Parkinson
a1dd7dae6f
Merge pull request #9095 from miyazakh/add_sha512_typeproperty
...
Add hashtype property to wc_Sha512 structure
2025-08-14 21:43:06 +10:00
Sean Parkinson
102525c9c9
Merge pull request #9100 from dgarske/cryptocb_only
...
Improve some of the build cases around crypto callback only
2025-08-14 21:41:26 +10:00
Sean Parkinson
034df3d28f
Merge pull request #9101 from dgarske/asm_introspection
...
Add assembly introspection for RISC-V and PPC32
2025-08-14 21:38:42 +10:00
Daniel Pouzzner
a64c719fd2
Merge pull request #9092 from douzzer/20250812-Base64_Decode-outLen-bounds-fix
...
20250812-Base64_Decode-outLen-bounds-fix
reviewed+approved by @dgarske and @SparkiDev
2025-08-13 23:15:04 -05:00
effbiae
0e3f877326
WOLFSSL_ASYNC_WHILE_PENDING refactor
2025-08-14 12:03:13 +10:00