wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 09:32:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,263 Commits 12 Branches 184 Tags
730b0d3e38340f0385bf45ae93023301eb4bef7a
Commit Graph

27263 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juliusz Sosinowicz
730b0d3e38 Add AGENTS.md to .gitignore 2025-12-29 19:01:50 +01:00
David Garske
5dee8ddfcb Merge pull request #9586 from holtrop-wolfssl/rust-blake2 
Rust wrapper: add wolfssl_wolfcrypt::blake2 module
 2025-12-29 09:55:58 -08:00
David Garske
ea8af7ae71 Merge pull request #9592 from julek-wolfssl/fix/coverity-tls-frag 
Fix Coverity (D)TLS fragmentation size checks
 2025-12-29 09:54:32 -08:00
David Garske
17e992ab3f Merge pull request #9589 from douzzer/20251226-fixes 
20251226-fixes
 2025-12-29 09:20:16 -08:00
Juliusz Sosinowicz
f2d24404c8 Fix Coverity (D)TLS fragmentation size checks 
Add MAX_RECORD_SIZE-based bounds checks in SendHandshakeMsg and Dtls13SendFragmentedInternal to prevent negative/overflowed fragment sizes from reaching memcpy/BuildMessage/DtlsMsgPoolSave.
 2025-12-29 17:16:04 +01:00
Daniel Pouzzner
7bbd28d369 wolfcrypt/src/aes.c: fix clang-diagnostic-unreachable-code in AesSetKey_C(). 2025-12-26 18:13:44 -06:00
Daniel Pouzzner
283792c207 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_startup(), deinstall the callbacks and stdrng first before checking refcnt. 2025-12-26 16:41:43 -06:00
Daniel Pouzzner
3b3ddd1fb4 wolfcrypt/src/random.c: in wc_GenerateSeed(), move the gate closures for !FORCE_FAILURE_RDSEED and !ENTROPY_MEMUSE_FORCE_FAILURE to follow the /dev/urandom fallback method. 2025-12-26 14:16:11 -06:00
Daniel Pouzzner
b487287abf wolfcrypt/benchmark/benchmark.c: smallstack refactor of bench_mlkem_encap() 2025-12-26 12:45:26 -06:00
Josh Holtrop
bbac280890 Rust wrapper: add wolfssl_wolfcrypt::blake2 module 2025-12-26 13:02:27 -05:00
David Garske
e70e7cb144 Merge pull request #9583 from kareem-wolfssl/gh8152_2 
Update CMake logic to allow WOLFSSL_SYS_CA_CERTS without filesystem support on Windows/Mac.
 2025-12-26 07:48:43 -08:00
David Garske
1744c11686 Merge pull request #9570 from kareem-wolfssl/variousFixes 
Add SSL_get_rfd and SSL_get_wfd.  Various documentation updates.
 2025-12-26 07:47:17 -08:00
David Garske
48d6811e04 Merge pull request #9582 from douzzer/20251224-wc_GenerateSeed-unreachable-code 
20251224-wc_GenerateSeed-unreachable-code
 2025-12-26 07:38:07 -08:00
Kareem
f98229554b Update CMake logic to allow WOLFSSL_SYS_CA_CERTS without filesystem support on Windows/Mac. 2025-12-24 17:02:25 -07:00
Daniel Pouzzner
f4f4c7cfae src/ssl.c: fix clang-analyzer-deadcode.DeadStores in check_cert_key(). 2025-12-24 17:49:33 -06:00
Daniel Pouzzner
a944575e4b wolfcrypt/src/random.c: fix clang-diagnostic-unreachable-code in wc_GenerateSeed(). 2025-12-24 17:48:37 -06:00
Takashi Kojo
ff14797c3a Merge pull request #9552 from tamasan238/pr9458 
[JA] Fix issues with the API documentation
 2025-12-25 08:28:21 +09:00
Daniel Pouzzner
019a420187 Merge pull request #9568 from kareem-wolfssl/zd20947 
Add a flag which allows requesting exactly SEED_SZ and using the full seed to instantiate the DRBG during RNG init.
 2025-12-24 17:03:26 -06:00
Takashi Kojo
09ce46e2d5 Merge pull request #9581 from tamasan238/pr9578 
[JA] Correct the API docs for wolfSSL_write_early_data()
 2025-12-25 07:34:57 +09:00
Masaki I.
ee8fcf9d36 [JA] Correct the API docs for wolfSSL_write_early_data() 2025-12-24 14:53:10 +09:00
David Garske
2354ea196b Merge pull request #9513 from rizlik/dtls_header_fix 
fix DTLS header headroom accounting
 2025-12-23 17:20:12 -08:00
David Garske
0fae0a7ba6 Merge pull request #9397 from rizlik/earlydata_want_write_fixes 
wolfssl: preserve early-data handling across WANT_WRITE retries
 2025-12-23 17:19:39 -08:00
David Garske
d885749c09 Merge pull request #9561 from miyazakh/renesas_ssp_upgrade 
add Renesas SK-S7G2 support
 2025-12-23 15:15:45 -08:00
David Garske
57ef8a7caf Merge pull request #9574 from anhu/dtls_guard 
Guard a bit of DTLS code.
 2025-12-23 15:03:46 -08:00
David Garske
18176392fa Merge pull request #9576 from douzzer/20251222-linuxkm-PK-initrng-optimize 
20251222-linuxkm-PK-initrng-optimize
 2025-12-23 15:02:53 -08:00
Marco Oliverio
149bf19b4c split overlong line 2025-12-23 23:41:52 +01:00
Marco Oliverio
2e63845531 use wolfssl_local as local functions prefix 2025-12-23 23:39:07 +01:00
Marco Oliverio
bafb8e56d5 use wolfssl_local_ as local functions prefix 2025-12-23 23:32:08 +01:00
Hideki Miyazaki
ba63d81441 add .gitignore to include.am 2025-12-24 06:36:08 +09:00
Hideki Miyazaki
75fad16f20 addressed code review comments 2025-12-24 05:59:09 +09:00
Anthony Hu
40327b7fe3 Binary consts to hexidecimal. C2X feature. 2025-12-23 14:45:36 -05:00
Daniel Pouzzner
b66f1b78a7 peer/Devin review: 
* in get_crypto_default_rng() (linuxkm/lkcapi_sha_glue.c), sanity check that crypto_default_rng isn't null;
* in wc_InitRsaKey_ex(), remove frivolous NULL/zero assignments (XMEMSET clears them implicitly);
* in wc_CheckRsaKey(), check ret from wc_InitRng() and short circuit return if failed.
 2025-12-23 13:05:40 -06:00
Daniel Pouzzner
da4fc4921e tests/api/test_ed25519.c: in test_wc_Ed25519PublicKeyToDer(), on old FIPS, tolerate old error code from wc_Ed25519PublicKeyToDer(). 2025-12-23 12:25:10 -06:00
Daniel Pouzzner
cd88a8ae88 peer review -- add !WC_NO_RNG gates around WC_RNG changes in wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h. 2025-12-23 11:41:59 -06:00
David Garske
d36bfabe18 Merge pull request #9560 from JacobBarthelmeh/clang 
fix for shadows global declaration warning
 2025-12-23 08:54:50 -08:00
David Garske
9de98cee73 Merge pull request #9569 from kareem-wolfssl/gh8152 
Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
 2025-12-23 08:53:51 -08:00
Anthony Hu
c03c2dd541 Add tests 2025-12-23 11:48:57 -05:00
David Garske
70165c517b Merge pull request #9571 from mattia-moffa/20251222-sniffer-uint-underflow-vuln 
Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM
 2025-12-23 08:37:50 -08:00
David Garske
776b31267c Merge pull request #9466 from SparkiDev/tls13_pt_alert_when_enc 
TLS 1.3, plaintext alert: ignore when expecting encrypted
 2025-12-23 08:37:00 -08:00
David Garske
86808b8a9b Merge pull request #9578 from anhu/early_data_doc 
Correct the API docs for wolfSSL_write_early_data()
 2025-12-23 08:14:10 -08:00
David Garske
8f089cdcfe Merge pull request #9508 from SparkiDev/ppc32_sha256_asm_pic 
PPC32 SHA-256 ASM: support compiling for PIC
 2025-12-23 08:12:50 -08:00
Anthony Hu
0b5e9c76ed Correct the API docs for wolfSSL_write_early_data() 2025-12-23 10:08:02 -05:00
Daniel Pouzzner
b087533fdf linuxkm/lkcapi_sha_glue.c: 
* add drbg_init_from() and fork_default_rng(), and
* use the latter to define LKCAPI_INITRNG_FOR_SELFTEST() opportunistically (with fallback to plain wc_InitRng());

linuxkm/lkcapi_rsa_glue.c:
* add km_rsa_ctx_init_rng(),
* remove wc_InitRng() from km_rsa_ctx_init(),
* remove the WC_RSA_BLINDING gates around calls to wc_RsaSetRNG(), and
* call km_rsa_ctx_init_rng() before each call that needs an initialized RNG;

linuxkm/lkcapi_dh_glue.c and linuxkm/lkcapi_ecdh_glue.c: in km_ffdhe_init() and km_ecdh_init(), if linuxkm_lkcapi_registering_now, use LKCAPI_INITRNG_FOR_SELFTEST() to initialize ctx->rng;

linuxkm/lkcapi_glue.c: add notes that lkcapi_sha_glue inclusion and registrations must precede PK, and move declaration of linuxkm_lkcapi_registering_now to precede lkcapi glue inclusions.
 2025-12-22 22:58:29 -06:00
Daniel Pouzzner
5030484bcf wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h: 
* add WC_DRBG_{NOT_INIT,OK,FAILED,CONT_FAILED} in public header file, and
* move setup for RNG_SECURITY_STRENGTH, ENTROPY_SCALE_FACTOR, SEED_BLOCK_SZ, SEED_SZ, MAX_SEED_SZ, and RNG_HEALTH_TEST_CHECK_SIZE from random.c to random.h, with public WC_DRBG_SEED_SZ and WC_DRBG_MAX_SEED_SZ.
 2025-12-22 22:58:29 -06:00
Daniel Pouzzner
b2ef89b2db wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h: make RsaKey.rng and wc_RsaSetRNG() available unconditionally, rather than only if WC_RSA_BLINDING, for use by wc_CheckRsaKey(). 2025-12-22 22:58:29 -06:00
Sean Parkinson
b766f11e7b TLS 1.3, plaintext alert: ignore when expecting encrypted 
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
 2025-12-23 09:09:06 +10:00
Sean Parkinson
59f84355a5 Merge pull request #9573 from night1rider/aes-free-callbacks 
Aes Free callback support
 2025-12-23 08:47:05 +10:00
Sean Parkinson
c8f2cc5b43 Merge pull request #9566 from dgarske/ca_skid_cert_akid 
Added build option to allow certificate CA matching using AKID with signers SKDI
 2025-12-23 08:40:14 +10:00
Anthony Hu
cb2a80bf53 Guard a bit of DTLS code. 2025-12-22 17:05:47 -05:00
night1rider
afbc65a6c3 Aes Free callback support 2025-12-22 12:39:41 -07:00