wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 13:32:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,302 Commits 12 Branches 184 Tags
62764d08e4ba0759db54bf833d36b77e793d7ab9
Commit Graph

27302 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Frauenschläger
62764d08e4 Remove PQC-based buffer size increase for PreMasterSecret 
The size of the PreMasterSecret buffer is based on the ENCRYPT_LEN
constant, which has been increased to 5kB for PQC support (Dilithium and
Falcon, as their signatures are that large).

However, only in the TLS 1.2 case, the PreMasterSecret buffer is used to
store signatures. In the TLS 1.3 path, only actual symmetric secrets are
stored in that buffer, which are much smaller in size (the "old" size of
the constant without the PQC increase).

As PQC is only allowed in TLS 1.3 and NOT in TLS 1.2, we can revert
that size increase, saving around 4,5kB of dynamic memory during the
handshake.
 2026-01-05 15:58:53 +01:00
David Garske
80c1228a38 Merge pull request #9594 from holtrop-wolfssl/rust-curve25519 
Rust wrapper: add wolfssl_wolfcrypt::curve25519 module
 2025-12-31 12:45:43 -08:00
Daniel Pouzzner
bbd3d4f55d Merge pull request #9579 from dgarske/coding_standard_20251223 
Add new coding standard for local (internal) function names
 2025-12-31 11:55:58 -06:00
philljj
776512846f Merge pull request #9598 from fabiankeil/unbreak-freebsd-build 
tests: Unbreak the build on FreeBSD-based systems
 2025-12-31 10:31:52 -06:00
Fabian Keil
21f35137a1 tests: Unbreak the build on FreeBSD-based systems 
... by using the same additional includes as on Linux.

Fixes:

      CC       tests/api/unit_test-test_rsa.o
    tests/api.c:19554:9: error: call to undeclared function 'waitpid'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration]
     19554 |         waitpid(pid, &waitstatus, 0);
	   |         ^

Tested on ElectroBSD amd64 14.3-STABLE.
 2025-12-31 14:48:06 +01:00
Daniel Pouzzner
cb78341886 Merge pull request #7586 from kareem-wolfssl/gh7197 
Keep RNG seed file descriptor open until the RNG is freed.
 2025-12-30 15:57:25 -06:00
philljj
5fa06818c0 Merge pull request #9595 from douzzer/20251229-linuxkm-rng-wolfentropy 
20251229-linuxkm-rng-wolfentropy
 2025-12-30 14:50:53 -06:00
Daniel Pouzzner
0621615b15 wolfcrypt/src/random.c: remove WC_VERBOSE_RNG messaging from wc_RNG_TestSeed(), which is called by test code with expected failure, and move it to _InitRng() and PollAndReSeed(), where it's always expected to succeed. 2025-12-30 13:27:31 -06:00
Daniel Pouzzner
299ca1cfef fixes from peer review: added comments for clarity, and remove errant condition added in _InitRng(). 2025-12-30 12:13:15 -06:00
JacobBarthelmeh
7a2e1c1dd0 Merge pull request #9585 from dgarske/add-missing-api-docs 
Add missing API documentation
 2025-12-30 09:37:22 -07:00
Josh Holtrop
8c125df85e Rust wrapper: ensure curve25519_key struct will have free called after init 2025-12-30 10:46:44 -05:00
Daniel Pouzzner
d504baaf3a linuxkm/lkcapi_sha_glue.c and .wolfssl_known_macro_extras: fixes from check-source-text. 2025-12-29 20:55:36 -06:00
Daniel Pouzzner
450b0b46c6 wolfcrypt/src/random.c and wolfssl/wolfcrypt/settings.h: add WC_VERBOSE_RNG messages, and activate by default when WOLFSSL_KERNEL_MODE. 2025-12-29 20:55:36 -06:00
Daniel Pouzzner
fecc1cffe7 linuxkm/lkcapi_sha_glue.c: add retry loop around wc_InitRng(), and allow interrupt in preemptible threads, in wc_linuxkm_drbg_init_tfm(). 2025-12-29 20:55:36 -06:00
Daniel Pouzzner
1844b8e3ac linuxkm/Makefile: fix bash cleanup in recipe for libwolfssl.ko -- new trap for an event replaces previous trap rather than adding to it. 2025-12-29 20:55:36 -06:00
David Garske
d39b0e6f82 Fixes from peer review. 2025-12-29 17:30:23 -08:00
David Garske
0d44018627 Merge pull request #9593 from julek-wolfssl/copilot/changes-20251229 
Add AGENTS.md to .gitignore
 2025-12-29 17:22:39 -08:00
Anthony Hu
48ebe99372 Validate asn date based on position of Z (#8603) 2025-12-29 16:01:22 -06:00
Josh Holtrop
e971cb6942 Rust wrapper: avoid warning when neither blake2b nor blake2s is enabled 2025-12-29 14:33:25 -05:00
Josh Holtrop
0a834bed7a Rust wrapper: add wolfssl_wolfcrypt::curve25519 module 2025-12-29 14:33:25 -05:00
Juliusz Sosinowicz
730b0d3e38 Add AGENTS.md to .gitignore 2025-12-29 19:01:50 +01:00
David Garske
5dee8ddfcb Merge pull request #9586 from holtrop-wolfssl/rust-blake2 
Rust wrapper: add wolfssl_wolfcrypt::blake2 module
 2025-12-29 09:55:58 -08:00
David Garske
ea8af7ae71 Merge pull request #9592 from julek-wolfssl/fix/coverity-tls-frag 
Fix Coverity (D)TLS fragmentation size checks
 2025-12-29 09:54:32 -08:00
David Garske
17e992ab3f Merge pull request #9589 from douzzer/20251226-fixes 
20251226-fixes
 2025-12-29 09:20:16 -08:00
David Garske
8bcac03086 Fix duplicated wc_rng_free and wc_rng_new 2025-12-29 08:52:17 -08:00
David Garske
5b5686c53c Peer review improvements. 2025-12-29 08:37:51 -08:00
Juliusz Sosinowicz
f2d24404c8 Fix Coverity (D)TLS fragmentation size checks 
Add MAX_RECORD_SIZE-based bounds checks in SendHandshakeMsg and Dtls13SendFragmentedInternal to prevent negative/overflowed fragment sizes from reaching memcpy/BuildMessage/DtlsMsgPoolSave.
 2025-12-29 17:16:04 +01:00
Daniel Pouzzner
7bbd28d369 wolfcrypt/src/aes.c: fix clang-diagnostic-unreachable-code in AesSetKey_C(). 2025-12-26 18:13:44 -06:00
Daniel Pouzzner
283792c207 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_startup(), deinstall the callbacks and stdrng first before checking refcnt. 2025-12-26 16:41:43 -06:00
Daniel Pouzzner
3b3ddd1fb4 wolfcrypt/src/random.c: in wc_GenerateSeed(), move the gate closures for !FORCE_FAILURE_RDSEED and !ENTROPY_MEMUSE_FORCE_FAILURE to follow the /dev/urandom fallback method. 2025-12-26 14:16:11 -06:00
Kareem
17b6ce7b7b Add parenthesis around XBADFD. 2025-12-26 12:38:54 -07:00
Daniel Pouzzner
b487287abf wolfcrypt/benchmark/benchmark.c: smallstack refactor of bench_mlkem_encap() 2025-12-26 12:45:26 -06:00
Josh Holtrop
bbac280890 Rust wrapper: add wolfssl_wolfcrypt::blake2 module 2025-12-26 13:02:27 -05:00
David Garske
77d9410aa0 Add missing API documentation for Doxygen: 
This PR adds Doxygen documentation for native wolfSSL API functions that were previously undocumented. It includes documentation notes for APIs gated on specific preprocessor macros:

- WOLF_PRIVATE_KEY_ID: _Id and _Label init helpers (wc_AesInit_Id, wc_AesInit_Label, wc_ecc_init_id, wc_ecc_init_label, wc_InitRsaKey_Id, wc_InitRsaKey_Label) require this for PKCS11 support

- WC_NO_CONSTRUCTORS: New/Delete constructor functions (wc_AesNew/Delete, wc_curve25519_new/delete, wc_ed25519_new/delete, wc_NewRsaKey/DeleteRsaKey) are only available when this is not defined. WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is defined.

- WOLFSSL_PUBLIC_ASN: ASN functions marked with WOLFSSL_ASN_API include  notes indicating they are not public by default

- WOLFSSL_DUAL_ALG_CERTS: wc_GeneratePreTBS and wc_MakeSigWithBitStr for Post-Quantum dual algorithm certificate signing

The New/Delete functions are documented as being exposed to support allocation of structures using dynamic memory to provide better ABI compatibility.
 2025-12-26 08:41:56 -08:00
David Garske
73ee89a2fc Improve no-void-functions rule 2025-12-26 08:06:37 -08:00
David Garske
e70e7cb144 Merge pull request #9583 from kareem-wolfssl/gh8152_2 
Update CMake logic to allow WOLFSSL_SYS_CA_CERTS without filesystem support on Windows/Mac.
 2025-12-26 07:48:43 -08:00
David Garske
1744c11686 Merge pull request #9570 from kareem-wolfssl/variousFixes 
Add SSL_get_rfd and SSL_get_wfd.  Various documentation updates.
 2025-12-26 07:47:17 -08:00
David Garske
c3e65153cc Improve the Devin lifeguard coding standard rules 2025-12-26 07:39:37 -08:00
David Garske
48d6811e04 Merge pull request #9582 from douzzer/20251224-wc_GenerateSeed-unreachable-code 
20251224-wc_GenerateSeed-unreachable-code
 2025-12-26 07:38:07 -08:00
Kareem
0a02f5ef6b Code review feedback 2025-12-24 17:12:40 -07:00
Kareem
496d124736 Merge remote-tracking branch 'upstream/master' into gh7197 2025-12-24 17:05:04 -07:00
Kareem
f98229554b Update CMake logic to allow WOLFSSL_SYS_CA_CERTS without filesystem support on Windows/Mac. 2025-12-24 17:02:25 -07:00
Daniel Pouzzner
f4f4c7cfae src/ssl.c: fix clang-analyzer-deadcode.DeadStores in check_cert_key(). 2025-12-24 17:49:33 -06:00
Daniel Pouzzner
a944575e4b wolfcrypt/src/random.c: fix clang-diagnostic-unreachable-code in wc_GenerateSeed(). 2025-12-24 17:48:37 -06:00
Takashi Kojo
ff14797c3a Merge pull request #9552 from tamasan238/pr9458 
[JA] Fix issues with the API documentation
 2025-12-25 08:28:21 +09:00
Daniel Pouzzner
019a420187 Merge pull request #9568 from kareem-wolfssl/zd20947 
Add a flag which allows requesting exactly SEED_SZ and using the full seed to instantiate the DRBG during RNG init.
 2025-12-24 17:03:26 -06:00
Takashi Kojo
09ce46e2d5 Merge pull request #9581 from tamasan238/pr9578 
[JA] Correct the API docs for wolfSSL_write_early_data()
 2025-12-25 07:34:57 +09:00
Masaki I.
ee8fcf9d36 [JA] Correct the API docs for wolfSSL_write_early_data() 2025-12-24 14:53:10 +09:00
David Garske
2354ea196b Merge pull request #9513 from rizlik/dtls_header_fix 
fix DTLS header headroom accounting
 2025-12-23 17:20:12 -08:00
David Garske
0fae0a7ba6 Merge pull request #9397 from rizlik/earlydata_want_write_fixes 
wolfssl: preserve early-data handling across WANT_WRITE retries
 2025-12-23 17:19:39 -08:00