Commit Graph

8862 Commits

Author SHA1 Message Date
David Garske 3534fad3ee Merge pull request #9295 from rizlik/shutdown_nonblocking_fix
wolfSSL_shutdown: handle non-blocking I/O
2025-10-14 12:50:57 -07:00
Marco Oliverio 4b7a2b677b wolfSSL_shutdown: fix non-blocking retry after WANT_WRITE.
1. Send buffered message in case SendAlert_ex returned WANT_WRITE.
2. If pending messages are sent successfully return SHUTDOWN_NOT_DONE as
   current API behavior.
3. Propagate WANT_READ error for ProcessReply if waiting for other peer
   shutdown (when invoking wolfSSL_shutdown for the second time)
2025-10-14 10:05:11 +02:00
Daniel Pouzzner b2c105d5f7 Merge pull request #9292 from embhorn/zd20626
Fix GCC warnings
2025-10-13 23:17:13 -05:00
Eric Blankenhorn dd22fa3243 Fix from testing 2025-10-13 15:27:01 -05:00
Eric Blankenhorn e67b85724e Fix from testing 2025-10-13 12:57:47 -05:00
Eric Blankenhorn adc9146035 Fix from testing 2025-10-13 12:33:40 -05:00
Eric Blankenhorn 83336e3436 Fix from testing 2025-10-13 12:15:39 -05:00
effbiae f4b8f844b2 indent {.*;} macro args 2025-10-13 14:04:06 +11:00
effbiae b5c5854064 fix for cppcheck defect in src/ssl.c 2025-10-11 11:40:30 +11:00
effbiae 75a6621c63 hand edits for small stack compress 2025-10-11 11:40:30 +11:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Eric Blankenhorn e47be2163a Fix buffer warnings in x509 2025-10-10 15:33:53 -05:00
Eric Blankenhorn f713cdb5e0 Fix evp const warning and pk buffer warning 2025-10-10 15:14:56 -05:00
David Garske 8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering
Add message order sanity checks
2025-10-10 10:26:34 -07:00
Eric Blankenhorn aa56c40d30 Fix / suppress GCC warnings 2025-10-10 11:56:03 -05:00
Juliusz Sosinowicz 5efdc6b7b6 Make mutual auth side check more robust 2025-10-09 20:23:56 +02:00
Juliusz Sosinowicz bd9f7b5b87 Clarify return values in wolfSSL_mutual_auth documentation 2025-10-09 00:57:08 +02:00
David Garske 3f460b40bc Merge pull request #9258 from kareem-wolfssl/zd19563_4
Fix potential memory leak in wolfSSL_X509_verify_cert.
2025-10-08 13:59:58 -07:00
Juliusz Sosinowicz 10365d6082 Allow clearing group messages flag 2025-10-08 11:11:03 +02:00
Juliusz Sosinowicz 6fbbdf9324 Add message order sanity checks
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
2025-10-08 11:11:03 +02:00
Kareem b564138490 Merge remote-tracking branch 'upstream/master' into zd19563_4 2025-10-07 14:23:45 -07:00
JacobBarthelmeh 2445af9308 compile both fe_operations.c and low_mem version and rely on macro defines to choose which code gets compiled 2025-10-07 10:42:08 -06:00
David Garske b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
2025-10-07 08:51:26 -07:00
David Garske d9b52d832c Merge pull request #9259 from julek-wolfssl/dtls13-timeout
Reset DTLS 1.3 timeout
2025-10-07 07:57:17 -07:00
Sean Parkinson 9d546acd03 Merge pull request #9200 from effbiae/build-msg-or-hash-output
refactor to BuildMsgOrHashOutput()
2025-10-07 08:20:20 +10:00
David Garske d4242fa026 Merge pull request #9272 from julek-wolfssl/cov-20251006
Handle coverity reported errors
2025-10-06 10:57:20 -07:00
David Garske fe7b6f1651 Add missing TimeNowInMilliseconds for FreeRTOS 2025-10-06 18:38:09 +02:00
David Garske c349001d94 Move the STM32 hash options into STM32_HASH. Fix for realloc. Improve docs for hcom_uart. Fix issue with detecting RTC and incorrectly setting NO_ASN_TIME. 2025-10-06 18:38:09 +02:00
Juliusz Sosinowicz cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz a9ad5181e6 tls13: remove dead code in SetupOcspResp csr assignment 2025-10-06 16:21:47 +02:00
Juliusz Sosinowicz 303401b047 Refactor certificate status handling to use word32 2025-10-06 16:19:54 +02:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
effbiae 2adae90a5d refactor to BuildMsgOrHashOutput 2025-10-03 11:41:57 +10:00
Sean Parkinson ea4554c941 Merge pull request #9234 from effbiae/TLSX_WriteWithEch
restore inner server name in TLSX_WriteWithEch
2025-10-03 09:20:40 +10:00
Sean Parkinson d8d3a7a22d Merge pull request #9190 from colmenero/hmacCopy-sm3-issue-9187
Add SM3 in wolfSSL_HmacCopy
2025-10-03 09:10:03 +10:00
Sean Parkinson e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
2025-10-03 08:28:02 +10:00
effbiae c3c7b11cfc refactor X509PrintSubjAltName 2025-10-02 15:36:36 +10:00
Kareem 992dfecc11 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_4 2025-10-01 11:15:46 -07:00
Daniel Pouzzner b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188
Prevent replaying ClientHello messages when Finished message are epoch 0
2025-09-30 20:44:09 -05:00
Daniel Pouzzner d5750ac7ca Merge pull request #9250 from gasbytes/issue-9247
Added check in TLX_Parse to check if KeyShare extension is present SupportedGroups must be present too (and viceversa)
2025-09-30 20:36:50 -05:00
Daniel Pouzzner c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245
DTLS SRTP should also do a cookie exchange since it uses UDP
2025-09-30 20:36:27 -05:00
Daniel Pouzzner 234ba7780a Merge pull request #9148 from SparkiDev/ct_volatile
Mark variables as volatile
2025-09-30 20:35:52 -05:00
Daniel Pouzzner b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240
Abort connection if we are about to send the same CH
2025-09-30 20:35:32 -05:00
Daniel Pouzzner 1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3
Fix building and running tests and examples with coding/PEM support disabled.
2025-09-30 20:34:46 -05:00
Daniel Pouzzner 42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello
Add support for certificate_authorities extension in ClientHello
2025-09-30 20:33:16 -05:00
Kareem 0efc8118d3 Fix potential memory leak in wolfSSL_X509_verify_cert. 2025-09-30 17:39:33 -07:00
Daniel Pouzzner b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
2025-09-30 16:22:41 -05:00
Daniel Pouzzner 7ea66aeffe refactor WOLFSSL_LINUXKM gates as generic WOLFSSL_KERNEL_MODE gates where appropriate:
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).

rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.

rename lkm_printf() to wc_km_printf().

replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H

remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
2025-09-29 16:59:12 -05:00
Juliusz Sosinowicz d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Reda Chouk be02b1ea72 Added check in TLX_Parse to check if KeyShare extension is present
SupportedGroups must be present too (and viceversa).
From RFC 8446 Section 9.2.
2025-09-29 13:10:32 +02:00