Commit Graph

29160 Commits

Author SHA1 Message Date
Maxim Kostin 375af753aa Changes for the PR https://github.com/wolfSSL/wolfssl/pull/8812 2025-06-16 20:27:15 +02:00
Maxim Kostin 2f210b3907 Refactor TROPIC01 integration: update README, enhance pairing key handling, and improve error messages 2025-06-16 20:27:15 +02:00
Maxim Kostin 296bfd258c README.md added 2025-06-16 20:27:15 +02:00
Maxim Kostin 0eecfbfb35 ed25519 fixes 2025-06-16 20:27:15 +02:00
Maxim Kostin cd76615e49 added support of ED25519 2025-06-16 20:27:15 +02:00
kosmax871 7c1980fe01 some fixes and updates 2025-06-16 20:27:15 +02:00
kosmax871 b13fdaa05e Draft of readme.md 2025-06-16 20:27:15 +02:00
kosmax871 5664507e65 Support for static libraries 2025-06-16 20:27:15 +02:00
Maxim Kostin 385be1c08a added support for Tropic01 crypto callbacks 2025-06-16 20:27:15 +02:00
kosmax871 3da72fb9b6 Merge branch 'wolfSSL:master' into tropic01-dev 2025-06-16 19:30:32 +02:00
Juliusz Sosinowicz 9a576d9e2e Fix CI failures 2025-06-16 19:07:58 +02:00
Marco Oliverio e82c099bec fix indentation 2025-06-16 18:42:17 +02:00
Juliusz Sosinowicz 72db5e5108 Remove NO_FILESYSTEM for CI 2025-06-16 18:06:19 +02:00
Juliusz Sosinowicz aca6da66f6 Set default seedCb when not FIPS 2025-06-16 17:39:22 +02:00
Josh Holtrop 3bd9b2e0bc Add generation instructions for empty issuer cert and change expiry to 100 years 2025-06-16 11:39:01 -04:00
JacobBarthelmeh ce61f0d517 account for Intel RDRAND build without HAVE_HASHDRBG 2025-06-16 09:04:50 -06:00
Marco Oliverio b1b49c9ffb dtls13: always send ACKs on detected retransmission
Otherwise the connection can stall due the indefinite delay of an explicit ACK,
for exapmle:

 -> client sends the last Finished message
<- server sends the ACK, but the ACK is lost
 -> client rentrasmit the Finished message
 - server delay sending of the ACK until a fast timeout
 -> client rentrasmit the Finished message quicker than the server timeout
 - server resets the timeout, delaying sending the ACK
 -> client rentrasmit the Finished...
2025-06-16 14:19:32 +02:00
Marco Oliverio 509491f554 dtls13: wolfSSL_is_init_finished true after last server ACK
Do not consider the handshake finished until the last server ACK.
This way the application knows where to switch from
wolfSSL_negotiate/wolfSSL_connect to wolfSSL_read/wolfSSL_write.
2025-06-16 14:19:31 +02:00
Daniel Pouzzner d5ce9744a4 linuxkm/lkcapi_sha_glue.c: explicitly free hash state in wrappers. 2025-06-15 14:40:42 -05:00
Daniel Pouzzner 89e51025ab .wolfssl_known_macro_extras: snip out unneeded entries. 2025-06-15 12:46:44 -05:00
Daniel Pouzzner e852c090c0 wolfssl/wolfcrypt/integer.h: for heapmath FREE_MP_INT_SIZE(), rather than WC_DO_NOTHING(), conditionally mp_free(), for functional isomorphism with sp_int and tfm MPI lifecycles. 2025-06-15 07:56:25 -05:00
David Garske 05ff12969e Merge pull request #8864 from kojiws/improve_pkcs12_export_params
Apply 16 bytes salt length for PBES2 key encryption on wc_PKCS12_create()
2025-06-13 14:12:37 -07:00
Juliusz Sosinowicz 37554a13db Updates for OpenSSH 10.0p2
- random.c: use getrandom when available and fall back to direct file access
- openssh.yml: run more tests
- openssh.yml: add 10.0p2 and 9.9p2
- configure.ac: detect if `getrandom` is available on the system
- configure.ac: openssh requires WC_RNG_SEED_CB to always use `getrandom` so that the RNG doesn't get killed by SECCOMP
2025-06-13 18:06:19 +02:00
Koji Takeda ff1baf0ae7 Apply stronger salt length for PBES2 2025-06-14 00:45:03 +09:00
Josh Holtrop 8bde5e6982 Fix printing empty names in certificates
The empty-issuer-cert.pem certificate was created with:

    wolfssl genkey rsa -size 2048 -out mykey -outform pem -output KEY
    wolfssl req -new -days 3650 -key mykey.priv -out empty-issuer-cert.pem -x509

Prior to this fix this command would error printing the certificate:

    wolfssl x509 -inform pem -in empty-issuer-cert.pem -text
2025-06-13 11:22:52 -04:00
JacobBarthelmeh e74214ded0 Merge pull request #8878 from dgarske/fix_pr8867_oscheck
Fix for syntax error in os-check.yml
2025-06-13 09:09:27 -06:00
David Garske 8181561f0f Fix for syntax error in os-check.yml added in PR #8867. 2025-06-13 07:17:37 -07:00
Daniel Pouzzner 1549425411 Merge pull request #8873 from philljj/fix_fips_enabled
linuxkm: don't toggle fips_enabled.
2025-06-13 05:56:52 -05:00
jordan b6b58a957b linuxkm: add missing WC_NO_ERR_TRACE. 2025-06-13 01:45:47 -05:00
jordan bb5291aa5e linuxkm: don't toggle fips_enabled. 2025-06-13 00:45:12 -05:00
jordan 41965750c8 linuxkm drbg: refactor drbg_ctx clear. 2025-06-12 19:59:19 -05:00
David Garske 6cb0c8513d Merge pull request #8874 from JacobBarthelmeh/nginx-tests
fix for perl module version used with nginx test
2025-06-12 16:09:31 -07:00
JacobBarthelmeh b78f8a4ed6 fix for perl module version used with nginx test 2025-06-12 15:55:56 -06:00
David Garske c5e63b84ca Merge pull request #8840 from douzzer/20250605-linuxkm-DRBG-multithread-round-1
20250605-linuxkm-DRBG-multithread-round-1
2025-06-12 13:17:54 -07:00
David Garske 2fc1110a13 Merge pull request #8587 from lealem47/gh8574
Fix bug in ParseCRL_Extensions
2025-06-12 12:09:52 -07:00
David Garske 701e3ba64e Merge pull request #8808 from rlm2002/coverity
Coverity: api.c fix
2025-06-12 12:03:14 -07:00
David Garske bfdce3a345 Merge pull request #8832 from SparkiDev/aarch64_xfence
Aarch64 XFENCE
2025-06-12 11:53:55 -07:00
David Garske 6571f42cb9 Merge pull request #8867 from JacobBarthelmeh/rng
Improvements to RNG and compatibility layer
2025-06-11 14:31:53 -07:00
Maxim Kostin abdcf4dbc5 improve ED25519 key handling in CryptoCb function 2025-06-11 21:09:22 +02:00
kosmax871 394a25b376 Merge branch 'wolfSSL:master' into tropic01-dev 2025-06-11 21:07:15 +02:00
JacobBarthelmeh 8ee1f8f287 add macro guard on test case 2025-06-11 10:43:47 -06:00
JacobBarthelmeh 675ff71b0b Merge pull request #8863 from rlm2002/AppleNativeCert
Add api unit test for checking domain name
2025-06-11 09:38:08 -06:00
Sean Parkinson 1c85a76ddd Dilithium/ML-DSA: Fixes for casting down and uninit 2025-06-11 11:14:49 +10:00
Sean Parkinson d66863d0ac Aarch64 XFENCE
Use sb instruction instead of isb if available.
2025-06-11 09:29:20 +10:00
JacobBarthelmeh ae87afa677 Merge pull request #8857 from miyazakh/tsip_fix
fix TSIP TLS example program
2025-06-10 16:26:34 -06:00
JacobBarthelmeh 47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh 4207affc72 adding additional RAND test cases 2025-06-10 16:01:52 -06:00
Ruby Martin d0134f2212 coverity: address reuse after free, add NULL checks 2025-06-10 15:33:47 -06:00
Ruby Martin a7a5062c7a add api test for checking domain name
use SNI example.com in client ssl
2025-06-10 15:22:01 -06:00
JacobBarthelmeh fbbb6b7707 add mutex locking and compat layer FIPS case 2025-06-10 14:37:11 -06:00