wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 12:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,204 Commits 12 Branches 184 Tags
a0c8efdffecac230bcfbd2d12ee1d882f1d7c4b7
Commit Graph

26204 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mgrojo
a0c8efdffe Ada: fix wrapping of wolfSSL_ERR_error_string_n 
Use unchecked conversion instead of type conversion to mimic C style
conversion from int to unsigned long, avoiding the Ada overflow check that is raised when a negative value is converted to an unsigned type.
 2025-08-29 09:57:04 -07:00
Sean Parkinson
0224ef3d2e Merge pull request #9146 from rlm2002/gh9128_MEM_ZERO 
ForceZero change for WOLFSSL_CHECK_MEM_ZERO
 2025-08-28 22:37:55 +10:00
Ruby Martin
8b1422a869 add configuration for WOLFSSL_MEM_CHECK_ZERO 2025-08-27 16:12:57 -06:00
Ruby Martin
11942e774c do not abort MEM_ZERO check if TEST_ALWAYS_RUN_TO_END is defined 2025-08-27 15:04:49 -06:00
Ruby Martin
1ad8b2897a Force zero with bufferSize instead of length. add void prototype to definitions 2025-08-27 14:56:51 -06:00
David Garske
344f127e64 Merge pull request #9129 from effbiae/wolfSSL_read_ex 
SSL_read_ex() ... will return 1 for success or 0 for failure
 2025-08-27 07:33:29 -07:00
David Garske
dac80aad58 Merge pull request #9142 from SparkiDev/mlkem_dec5_oor_fix 
ML-KEM/Kyber: fix out of bouds read
 2025-08-27 07:05:29 -07:00
effbiae
934364b8e1 wolfSSL_read_ex returns {0,1} 2025-08-27 15:35:17 +10:00
Sean Parkinson
4ff6f5f10c ML-KEM/Kyber: fix out of bouds read 
Decompose 5-bit values: Don't read 15 bytes when only have 10 bytes
available.
 2025-08-27 14:49:24 +10:00
David Garske
c78bb1cd42 Merge pull request #9141 from gojimmypi/espressif-latest-debug 
Fix workflow for latest ESP-IDF for espressif examples
 2025-08-26 15:48:05 -07:00
gojimmypi
797c1d00ac Fix workflow for latest ESP-IDF for espressif examples 2025-08-26 14:38:23 -07:00
Sean Parkinson
02cba85856 Merge pull request #9135 from douzzer/20250825-linuxkm-IntelRDseed64_r-burn-buf 
20250825-linuxkm-IntelRDseed64_r-burn-buf
 2025-08-27 07:22:25 +10:00
David Garske
71581e321e Merge pull request #9098 from julek-wolfssl/fix-test_wolfSSL_tls_export 
Fix test_wolfSSL_tls_export
 2025-08-26 12:11:49 -07:00
philljj
00860baddf Merge pull request #9136 from douzzer/20250826-more-wc_linuxkm_normalize_relocations 
20250826-more-wc_linuxkm_normalize_relocations
 2025-08-26 14:04:14 -05:00
David Garske
1ce13fc3ee Merge pull request #9118 from SparkiDev/api_c_split_tls13 
api.c: pull out TLS 1.3 specific tests
 2025-08-26 09:23:56 -07:00
Daniel Pouzzner
79a75d1ef2 linuxkm/module_hooks.c: in wc_linuxkm_normalize_relocations(), allow non-text 
relocations 1 byte outside the destination segment, and when
  DEBUG_LINUXKM_PIE_SUPPORT, tally the relocation counts by segment for final info
  report;

linuxkm/module_hooks.c and linuxkm/linuxkm_wc_port.h: tweak gating on
  wc_linuxkm_normalize_relocations() and related -- ifdef
  HAVE_LINUXKM_PIE_SUPPORT, not ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE --
  for consistency+clarity.
 2025-08-26 11:07:40 -05:00
David Garske
c7d1673948 Merge pull request #9132 from anhu/dup_CKS 
Properly detect duplicate CKS extensions.
 2025-08-26 09:07:04 -07:00
Juliusz Sosinowicz
d26b2811e0 test_wolfSSL_tls_export_run: silence unused cmpSess warning 2025-08-26 16:40:17 +02:00
Juliusz Sosinowicz
5934c1eece Fix test_wolfSSL_tls_export 
- Add TLS_EXPORT_OPT_SZ_4 to specify previous option size
- Actually pick up failures in the tests and propagate them to the top level
- Tests v4 and v5 sessions
Fixes https://github.com/wolfSSL/wolfssl/issues/9081 and https://github.com/wolfSSL/wolfssl/pull/9082
 2025-08-26 11:04:54 +02:00
Daniel Pouzzner
fa61187f2e linuxkm/module_hooks.c: in IntelRDseed64_r(), burn buf after each use to protect against info leakage. 2025-08-25 21:59:32 -05:00
Sean Parkinson
115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00
philljj
7aab2f3b47 Merge pull request #9126 from douzzer/20250823-linuxkm-reloc-bikeshedding 
20250823-linuxkm-reloc-bikeshedding
 2025-08-25 16:53:36 -05:00
lealem47
1c2fb10007 Merge pull request #9124 from dgarske/sniffer_partial_overlap 
Fix for sniffer partial segment overlap that can occur when a TCP win…
 2025-08-25 15:15:48 -06:00
David Garske
6ae0ecc5f3 Merge pull request #9133 from AlexLanzano/log-fix 
Fix value comparison typo in if statement
 2025-08-25 14:09:20 -07:00
David Garske
cfee026f98 Merge pull request #9131 from embhorn/zd20429 
Fix markdown in docs
 2025-08-25 14:08:30 -07:00
JacobBarthelmeh
e0913c47ef Merge pull request #9039 from tamasan238/for-pr-1 
Add _new/_delete API for ML-KEM/ML-DSA
 2025-08-25 14:47:07 -06:00
Alex Lanzano
8207053636 Fix value comparison typo in if statement 2025-08-25 13:56:35 -04:00
Anthony Hu
2885df68b4 Properly detect duplicate CKS extensions. 2025-08-25 12:01:50 -04:00
Eric Blankenhorn
6ab6634efc Fix markdown in docs 2025-08-25 09:28:08 -05:00
Sean Parkinson
ffbcd4f86c Merge pull request #9125 from douzzer/20250819-linuxkm-fips-v5-wc_GenerateSeed_IntelRD 
20250819-linuxkm-fips-v5-wc_GenerateSeed_IntelRD
 2025-08-25 21:37:35 +10:00
Daniel Pouzzner
a67d1a84f5 configure.ac: for linuxkm with PIE, don't include enable-fpcc in enable-all-crypto (the compiler generates a weird out-of-bounds bss reference for find_hole()); 
linuxkm/Makefile: in recipe (awk script) for wc_linuxkm_pie_reloc_tab.c, report and error on unexpected relocation types;

linuxkm/module_hooks.c: in wc_linuxkm_normalize_relocations():
* fix bounds checking on the input,
* recognize references pointing at the first byte after the end of the segment,
* and mask out pad bytes when rendering the 32 bit addresses;

linuxkm/wolfcrypt.lds: add 4k alignment directives just before the segment end fenceposts, to make the fenceposts more inclusive.
 2025-08-23 17:21:24 -05:00
Daniel Pouzzner
d9467db007 wolfssl/wolfcrypt/types.h: fix bugprone-macro-parentheses in definition of DISABLE_VECTOR_REGISTERS. 2025-08-22 23:43:36 -05:00
Daniel Pouzzner
e0383b496a linuxkm/module_hooks.c: implement wc_linuxkm_GenerateSeed_IntelRD, gated on WC_LINUXKM_RDSEED_IN_GLUE_LAYER; 
add WC_GENERATE_SEED_DEFAULT, which defaults to wc_GenerateSeed if not overridden, and replace wc_GenerateSeed with WC_GENERATE_SEED_DEFAULT in various calls to wc_SetSeed_Cb();

linuxkm/linuxkm_wc_port.h: if FIPS <v6 and RDSEED, define WC_LINUXKM_RDSEED_IN_GLUE_LAYER and define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD;

wolfcrypt/test/test.c: update rng_seed_test() with gating and vectors for FIPS v5 with HAVE_AMD_RDSEED or HAVE_INTEL_RDSEED;

wolfssl/wolfcrypt/types.h: add WC_HAVE_VECTOR_SPEEDUPS helper macro, and enlarge fallthrough definition coverage for DISABLE_VECTOR_REGISTERS.
 2025-08-22 21:58:00 -05:00
David Garske
8dd43077fd Fix for sniffer partial segment overlap that can occur when a TCP window is full and a TCP retransmission occurs. 2025-08-22 14:29:18 -07:00
JacobBarthelmeh
6f567bbca2 Merge pull request #9122 from julek-wolfssl/hostap-fix-cert-update 
Fix hostap cert update
 2025-08-22 15:28:19 -06:00
JacobBarthelmeh
9575c69d3b Merge pull request #9121 from douzzer/20250819-linuxkm-pie-normalize_relocs 
20250819-linuxkm-pie-normalize_relocs
 2025-08-22 15:11:48 -06:00
JacobBarthelmeh
bc5b297d33 Merge pull request #9046 from kareem-wolfssl/zd20038 
Allow setting the CA type when loading into cert manager and unloading specific CA types from the cert manager.
 2025-08-22 14:43:46 -06:00
David Garske
1f579afc66 Merge pull request #9117 from SparkiDev/tls13_ks_fix 
TLS 1.3 KeyShare: error on duplicate group
 2025-08-22 12:54:54 -07:00
David Garske
0d1e9c3264 Fix whitespace issue and known macros list 2025-08-22 12:48:55 -07:00
Juliusz Sosinowicz
4043dc2dd0 Fix hostap cert update 
Update the `rsa3072-*` certs to get `suite_b_192_*` tests passing
 2025-08-22 17:24:49 +02:00
Daniel Pouzzner
af4e2d127f linuxkm/: implement wc_linuxkm_pie_reloc_tab and wc_linuxkm_normalize_relocations(), and integrate with updateFipsHash(). 2025-08-22 00:38:06 -05:00
David Garske
7ab4c6fa14 Merge pull request #9087 from JacobBarthelmeh/dhuk 
initial SAES and DHUK support
 2025-08-21 14:32:20 -07:00
David Garske
da8ffd5762 Merge pull request #8463 from JacobBarthelmeh/sgx 
updating the build with SGX
 2025-08-21 11:06:35 -07:00
JacobBarthelmeh
42c5324962 SAES does not have GCM support, added IV option for CBC wrapping of key 2025-08-21 09:26:40 -06:00
Sean Parkinson
d66c69eaec Merge pull request #9079 from holtrop/error-getshortint-on-negative-values 
Error from GetShortInt with negative INTEGER values
 2025-08-21 08:35:17 +10:00
Sean Parkinson
b3366acdaf Merge pull request #9103 from rlm2002/zd20314-reduce-binary-footprint 
Exclude assembly files when WOLFSSL_ARMASM_INLINE is defined
 2025-08-21 08:33:39 +10:00
Sean Parkinson
b1cdf0b214 TLS 1.3 KeyShare: error on duplicate group 
Don't allow a KeyShare extension from the client to have more
than one entry for any group.
 2025-08-21 08:23:31 +10:00
JacobBarthelmeh
658c3d69fb use memset, fix unlock, adjust return value checks 2025-08-20 13:53:27 -06:00
JacobBarthelmeh
993099e47e Merge pull request #9114 from douzzer/20250819-debug-trace-errcodes-dist-artifacts 
20250819-debug-trace-errcodes-dist-artifacts
 2025-08-20 10:48:38 -06:00
David Garske
79fe6e467b Merge pull request #9112 from SparkiDev/tls13_onlyDhePskKe_fix 
TLS 1.3: Fix for onlyDhePskKe
 2025-08-20 06:44:08 -07:00