wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 17:52:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,342 Commits 12 Branches 184 Tags
677eeb31e414541773a9bfb89ee3614d24e2bf18
Commit Graph

8781 Commits

Author SHA1 Message Date
Stanislav Klima
1cfafc2a52 fixes from zd20556 2025-09-24 12:03:39 +02:00
effbiae
b20f3dac57 refactor to set_cert_type 2025-09-23 19:27:22 +10:00
Sean Parkinson
e497d28ae1 Merge pull request #9223 from kareem-wolfssl/zd20543_4 
Fix non constant compare of TLS 1.3 binder, check for negative dst_len in wc_XChaCha20Poly1305_crypt_oneshot.
 2025-09-23 09:09:33 +10:00
Kareem
7afcf20077 Fix non constant compare of TLS 1.3 binder, check for negative dst_len in wc_XChaCha20Poly1305_crypt_oneshot. 2025-09-19 11:39:46 -07:00
Daniel Pouzzner
4174f554be src/internal.c: fix clang-analyzer-deadcode.DeadStores in GetEcDiffieHellmanKea(). 2025-09-19 11:22:19 -05:00
Sean Parkinson
b90720c6be Merge pull request #9176 from effbiae/do-server-key-exchange 
refactor parts of DoServerKeyExchange()
 2025-09-19 08:36:07 +10:00
jordan
0231f33b2e ssl internal: log preMasterSecret Memory error msg. 2025-09-18 09:26:10 -05:00
JacobBarthelmeh
5b864657b7 Merge pull request #9175 from SparkiDev/sm2_cert_vfy_fix 
SM2 TLS1.3: Fix certificate verify
 2025-09-17 10:16:44 -06:00
effbiae
7da0b54d32 refactor DoServerKeyExchange() 2025-09-16 12:02:38 +10:00
effbiae
2332347ca1 refactor SessionSecret_callback* 2025-09-11 11:54:40 +10:00
Juliusz Sosinowicz
74c7115cc1 Revert "Fix building with --coding=no/WOLFSSL_PEM_TO_DER undefined." 2025-09-10 18:07:57 +02:00
David Garske
ce5878fb8d Merge pull request #9162 from embhorn/zd18673 
Fixes for INTIME RTOS
 2025-09-10 07:44:19 -07:00
David Garske
2a1df11327 Merge pull request #9145 from kareem-wolfssl/zd20038_2 
Fix building with --coding=no/WOLFSSL_PEM_TO_DER undefined.
 2025-09-09 16:24:21 -07:00
Sean Parkinson
b4f1abe0f4 SM2 TLS1.3: Fix certificate verify 
Code to verify with SM2/SM3 was not able to be reached.
The check of hsType (which was ECC for both ECC and SM2/SM3) was
replaced with a check of peerSigAlgo for ecc_dsa_sa_algo which is
different for ECDSA and SM2/SM3.
 2025-09-09 21:30:37 +10:00
effbiae
8e9a04c55f align two portions of src/internal.c prior to refactor 2025-09-06 13:55:44 +10:00
Eric Blankenhorn
53ee6d3a0b Fixes for INTIME RTOS 2025-09-05 16:23:26 -05:00
lealem47
e29b65d22b Merge pull request #9140 from dgarske/sniffer_partialoverlap 
Improve sniffer detection of partial overlap
 2025-09-03 14:12:44 -06:00
Kareem
183aa7a214 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20038_2 2025-09-02 16:17:18 -07:00
David Garske
6dd626de0c Improve detection of partial overlap (ZD 20369) 2025-09-02 07:51:30 -07:00
Sean Parkinson
0224ef3d2e Merge pull request #9146 from rlm2002/gh9128_MEM_ZERO 
ForceZero change for WOLFSSL_CHECK_MEM_ZERO
 2025-08-28 22:37:55 +10:00
Ruby Martin
1ad8b2897a Force zero with bufferSize instead of length. add void prototype to definitions 2025-08-27 14:56:51 -06:00
Kareem
e25bd603ed Fix building with --coding=no/WOLFSSL_PEM_TO_DER undefined. 2025-08-27 11:53:22 -07:00
effbiae
934364b8e1 wolfSSL_read_ex returns {0,1} 2025-08-27 15:35:17 +10:00
David Garske
71581e321e Merge pull request #9098 from julek-wolfssl/fix-test_wolfSSL_tls_export 
Fix test_wolfSSL_tls_export
 2025-08-26 12:11:49 -07:00
David Garske
c7d1673948 Merge pull request #9132 from anhu/dup_CKS 
Properly detect duplicate CKS extensions.
 2025-08-26 09:07:04 -07:00
Juliusz Sosinowicz
5934c1eece Fix test_wolfSSL_tls_export 
- Add TLS_EXPORT_OPT_SZ_4 to specify previous option size
- Actually pick up failures in the tests and propagate them to the top level
- Tests v4 and v5 sessions
Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082
 2025-08-26 11:04:54 +02:00
lealem47
1c2fb10007 Merge pull request #9124 from dgarske/sniffer_partial_overlap 
Fix for sniffer partial segment overlap that can occur when a TCP win…
 2025-08-25 15:15:48 -06:00
Anthony Hu
2885df68b4 Properly detect duplicate CKS extensions. 2025-08-25 12:01:50 -04:00
Daniel Pouzzner
e0383b496a linuxkm/module_hooks.c: implement wc_linuxkm_GenerateSeed_IntelRD, gated on WC_LINUXKM_RDSEED_IN_GLUE_LAYER; 
add WC_GENERATE_SEED_DEFAULT, which defaults to wc_GenerateSeed if not overridden, and replace wc_GenerateSeed with WC_GENERATE_SEED_DEFAULT in various calls to wc_SetSeed_Cb();

linuxkm/linuxkm_wc_port.h: if FIPS <v6 and RDSEED, define WC_LINUXKM_RDSEED_IN_GLUE_LAYER and define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD;

wolfcrypt/test/test.c: update rng_seed_test() with gating and vectors for FIPS v5 with HAVE_AMD_RDSEED or HAVE_INTEL_RDSEED;

wolfssl/wolfcrypt/types.h: add WC_HAVE_VECTOR_SPEEDUPS helper macro, and enlarge fallthrough definition coverage for DISABLE_VECTOR_REGISTERS.
 2025-08-22 21:58:00 -05:00
David Garske
8dd43077fd Fix for sniffer partial segment overlap that can occur when a TCP window is full and a TCP retransmission occurs. 2025-08-22 14:29:18 -07:00
JacobBarthelmeh
bc5b297d33 Merge pull request #9046 from kareem-wolfssl/zd20038 
Allow setting the CA type when loading into cert manager and unloading specific CA types from the cert manager.
 2025-08-22 14:43:46 -06:00
David Garske
1f579afc66 Merge pull request #9117 from SparkiDev/tls13_ks_fix 
TLS 1.3 KeyShare: error on duplicate group
 2025-08-22 12:54:54 -07:00
Sean Parkinson
b1cdf0b214 TLS 1.3 KeyShare: error on duplicate group 
Don't allow a KeyShare extension from the client to have more
than one entry for any group.
 2025-08-21 08:23:31 +10:00
David Garske
79fe6e467b Merge pull request #9112 from SparkiDev/tls13_onlyDhePskKe_fix 
TLS 1.3: Fix for onlyDhePskKe
 2025-08-20 06:44:08 -07:00
Sean Parkinson
2810656242 TLS 1.3: CertificateVerify - check sig alg was sent 
Check that the signature algorithm used in the CertificateVerify message
was one that was sent in the SignatureAlgorithm extension.
 2025-08-19 16:27:19 +10:00
Sean Parkinson
cd55fe6135 TLS 1.3: Fix for onlyDhePskKe 
Make client enforce onlyDhPskKe flag.
 2025-08-19 14:29:30 +10:00
David Garske
f114f2cde2 Merge pull request #9093 from kareem-wolfssl/zd20372 
Multiple fixes to wolfSSL_CIPHER_description to match documentation.
 2025-08-18 13:43:53 -07:00
David Garske
32b0bd963b Fix issue introduced in PR #9051 causing TLS records with multiple handshake messages to be skipped (ZD 20399) 2025-08-15 10:08:28 -07:00
Sean Parkinson
5b1302e4df Merge pull request #9094 from dgarske/zd20369 
Fix to better detect sniffer invalid spurious re-transmissions
 2025-08-15 09:01:02 +10:00
Sean Parkinson
228ede7495 Merge pull request #9102 from rlm2002/zd20212 
Remove dead code and check return values.
 2025-08-15 08:21:38 +10:00
David Garske
e00fd2fd70 Fix to better detect invalid spurious retransmission. 2025-08-14 12:19:39 -07:00
Kareem
cb3f7de3f7 Fix issues found by CI/CD tests. 2025-08-14 11:34:15 -07:00
Kareem
3bcbbd2924 Fix issue with loading PEM certs. Address code review feedback. 
Add tests.
 2025-08-14 11:34:15 -07:00
Kareem
a652b733e4 Fix conversion warning. 2025-08-14 11:34:15 -07:00
Kareem
ab342978d7 Fix implicit conversion warning. 2025-08-14 11:34:14 -07:00
Kareem
61ccea55ac Allow setting the CA type when loading into cert manager 
and unloading specific CA types from the cert manager.
 2025-08-14 11:34:14 -07:00
Kareem
cb623dc9ea Multiple fixes to wolfSSL_CIPHER_description to match documentation. 
Add "any" value for TLS 1.3 cipher suites.
Fix key size comparison for enc bits.
Output AEAD as MAC if cipher suite is using it, otherwise output hash MAC.
 2025-08-14 11:27:10 -07:00
Ruby Martin
71c2878780 verify previously unchecked return values 2025-08-13 16:28:36 -06:00
Ruby Martin
31bf1b90b4 update wolfSSL_get_SessionTicket to be able to return ticket length 2025-08-13 08:29:30 -06:00
David Garske
3289b6b3da Merge pull request #9089 from douzzer/20250811-linuxkm-and-other-fixes 
20250811-linuxkm-and-other-fixes
 2025-08-12 11:40:36 -07:00