Sean Parkinson
bc9e37118e
Regression test fixes
...
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.
wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
2026-01-28 07:37:29 +10:00
JacobBarthelmeh
3e7efe8be2
Merge pull request #9705 from cconlon/nameConstraints
...
Support for extracting and validating X.509 Name Constraints extensions
2026-01-27 10:01:48 -07:00
Chris Conlon
610d530e45
Add Name Constraints extension support with wolfSSL_X509_get_ext_d2i() and wolfSSL_NAME_CONSTRAINTS_check_name()
2026-01-26 10:36:05 -07:00
David Garske
eeaa3a7160
Merge pull request #9596 from kareem-wolfssl/zd19378
...
Add a runtime option to enable or disable the secure renegotiation check.
2026-01-26 08:34:57 -08:00
David Garske
cd88ec57b0
Merge pull request #9685 from kareem-wolfssl/gh7735
...
Always reinitialize the SSL cipher suites in InitSSL_Side as the side and enabled algos have likely changed.
2026-01-23 12:38:46 -08:00
Tobias Frauenschläger
14ce7956f1
Increase test coverage
...
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests
Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
2026-01-23 09:27:16 +01:00
Sean Parkinson
27df554e99
Merge pull request #9701 from Frauschi/brainpool-tls13
...
Add support for TLS 1.3 Brainpool curves
2026-01-23 10:42:32 +10:00
David Garske
a17f68f036
Merge pull request #9587 from kareem-wolfssl/zd20850
...
Add duplicate entry error to distinguish cases where a duplicate CRL is rejected.
2026-01-22 15:07:19 -08:00
Kareem
1103552c37
Code review feedback
2026-01-22 15:46:13 -07:00
Kareem
d60dd53165
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19378
2026-01-22 15:37:30 -07:00
Kareem
4c0c51fdff
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into gh7735
2026-01-22 15:13:15 -07:00
Tobias Frauenschläger
eb8ba6124e
Support TLS 1.3 ECC Brainpool authentication
...
This also fixes TLS 1.2 authentication to only succeed in case the
brainpool curve was present in the supported_groups extension.
2026-01-22 14:14:09 +01:00
David Garske
e4e79dd8a3
Merge pull request #9694 from SparkiDev/tls_msg_sanity_fix
...
TLS: more sanity checks on message order
2026-01-21 15:11:11 -08:00
David Garske
f52930b844
More fixes for NO RNG and NO check key (broken in #9606 and #9576 )
2026-01-21 10:31:57 -08:00
Sean Parkinson
8902afdcea
TLS: more sanity checks on message order
...
Add more checks on message ordering for TLS 1.2 and below.
Reformat code.
2026-01-21 10:00:38 +10:00
Kareem
832bcd7f4b
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20850
2026-01-20 15:59:05 -07:00
Kareem
0f0163d888
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into gh7735
2026-01-20 15:18:26 -07:00
David Garske
6bdc6a7550
Merge pull request #9618 from SparkiDev/volatile_multi_statement
...
Multiple volatile variables in a C statement undefined
2026-01-20 10:42:49 -08:00
Kareem
d505c0b7c5
Only reinitialize suites in InitSSL_Side if they were not set by the user. Always allocate suites in InitSSL_Side if they're NULL so InitSSL_Suites will set them.
2026-01-20 11:40:37 -07:00
Kareem
89931bd884
Always reinitialize the SSL cipher suites in InitSSL_Side as the side and enabled algos have likely changed.
2026-01-19 17:50:26 -07:00
Sean Parkinson
c71a4dd66f
Merge pull request #9662 from AlexLanzano/tls1.2-empty-cert-fix
...
[TLS 1.2, TLS 1.3] Fail immediately if server sends empty certificate message for TLS 1.2 and beyond
2026-01-20 09:45:29 +10:00
Brett
65a2b06d89
ANCV: support server-side policy creation
2026-01-15 11:59:59 -07:00
Brett
22a9665e6d
Prevent verify callback from blocking ANCV invocation when verify
...
callback is registered. Reverts behavior to pre-PR#9144
2026-01-15 11:59:59 -07:00
Alex Lanzano
bdc525dd6d
[TLS 1.2, TLS 1.3] Fail immediately if server sends empty certificate message for TLS 1.2 and beyond
2026-01-14 11:30:13 -05:00
Sean Parkinson
1aa79af41e
Multiple volatile variables in a C statement undefined
...
Undefined behaviour when there are multiple volatile variables accessed
in the one C statement.
Changes to introduce non-volatile temporaries, split statement or make
variable non-volatile.
2026-01-13 15:08:50 +10:00
Sean Parkinson
ce69f1cec0
Merge pull request #9635 from miyazakh/x509errstr_handling
...
Fix OpenSSL error code handling in ERR_reason_error_string()
2026-01-12 08:57:17 +10:00
Hideki Miyazaki
8571a67f13
fix PR test
2026-01-10 14:53:23 +09:00
Hideki Miyazaki
0e8af03f1d
OpenSSL error code handling in reason_error_string
2026-01-10 13:50:08 +09:00
Sean Parkinson
819eab8b46
Merge pull request #9609 from Frauschi/memory_leak_fix
...
Fix memory leak in case of handshake error
2026-01-09 10:10:31 +10:00
David Garske
198eac24d3
Merge pull request #9606 from Frauschi/cleanup_decode_private_key
...
Cleanup for DecodePrivateKey() functionality
2026-01-08 11:09:44 -08:00
David Garske
d290caa848
Merge pull request #9608 from Frauschi/typo_fix
...
Fix for WOLFSSL_BLIND_PRIVATE_KEY and WOLFSSL_DUAL_ALG_CERTS
2026-01-08 10:23:30 -08:00
Tobias Frauenschläger
05dc9f0449
Fix memory leak in case of handshake error
...
Make sure peer dilithium key is properly freed in case the handshakes fails.
2026-01-08 16:50:28 +01:00
Tobias Frauenschläger
b8cb5bee87
Cleanup for DecodePrivateKey() functionality
...
* Create a new method DecodePrivateKey_ex() that gets the key to decode as parameters
* Adapt DecodePrivateKey() and DecodeAltPrivateKey() to use this new method
* Fix unblinding for TLS 1.3 Dual Algorithm Certificate alternative keys
This removes a lot of nearly duplicate code and simplifies maintenance.
2026-01-07 13:45:11 +01:00
Sean Parkinson
5343cb386a
Merge pull request #9588 from kareem-wolfssl/ghAlerts
...
Fix incorrect alerts.
2026-01-06 20:22:51 +10:00
Tobias Frauenschläger
116260762f
Fix for WOLFSSL_BLIND_PRIVATE_KEY and WOLFSSL_DUAL_ALG_CERTS
2026-01-05 17:26:11 +01:00
Kareem
ddb2fb628e
Add a runtime option to enable or disable the secure renegotation check.
2025-12-30 13:19:04 -07:00
Kareem
1773a4ab41
Send no_renegotiation alert when rejecting renegotation attempt as defined in RFC 5246 section 7.2.2.
2025-12-30 13:18:48 -07:00
Juliusz Sosinowicz
f2d24404c8
Fix Coverity (D)TLS fragmentation size checks
...
Add MAX_RECORD_SIZE-based bounds checks in SendHandshakeMsg and Dtls13SendFragmentedInternal to prevent negative/overflowed fragment sizes from reaching memcpy/BuildMessage/DtlsMsgPoolSave.
2025-12-29 17:16:04 +01:00
Kareem
a7b83b06c1
Alert on out of order message with unexpected_message.
...
Fixes #9531 .
2025-12-26 15:23:23 -07:00
Kareem
d09b5ee1f1
Add duplicate entry error to distinguish cases where a duplicate CRL is rejected.
2025-12-26 12:02:35 -07:00
David Garske
1744c11686
Merge pull request #9570 from kareem-wolfssl/variousFixes
...
Add SSL_get_rfd and SSL_get_wfd. Various documentation updates.
2025-12-26 07:47:17 -08:00
David Garske
2354ea196b
Merge pull request #9513 from rizlik/dtls_header_fix
...
fix DTLS header headroom accounting
2025-12-23 17:20:12 -08:00
David Garske
0fae0a7ba6
Merge pull request #9397 from rizlik/earlydata_want_write_fixes
...
wolfssl: preserve early-data handling across WANT_WRITE retries
2025-12-23 17:19:39 -08:00
David Garske
57ef8a7caf
Merge pull request #9574 from anhu/dtls_guard
...
Guard a bit of DTLS code.
2025-12-23 15:03:46 -08:00
Marco Oliverio
149bf19b4c
split overlong line
2025-12-23 23:41:52 +01:00
Marco Oliverio
2e63845531
use wolfssl_local as local functions prefix
2025-12-23 23:39:07 +01:00
Marco Oliverio
bafb8e56d5
use wolfssl_local_ as local functions prefix
2025-12-23 23:32:08 +01:00
David Garske
d36bfabe18
Merge pull request #9560 from JacobBarthelmeh/clang
...
fix for shadows global declaration warning
2025-12-23 08:54:50 -08:00
Sean Parkinson
b766f11e7b
TLS 1.3, plaintext alert: ignore when expecting encrypted
...
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
2025-12-23 09:09:06 +10:00
Anthony Hu
cb2a80bf53
Guard a bit of DTLS code.
2025-12-22 17:05:47 -05:00