David Garske
da8ffd5762
Merge pull request #8463 from JacobBarthelmeh/sgx
...
updating the build with SGX
2025-08-21 11:06:35 -07:00
JacobBarthelmeh
42c5324962
SAES does not have GCM support, added IV option for CBC wrapping of key
2025-08-21 09:26:40 -06:00
Sean Parkinson
d66c69eaec
Merge pull request #9079 from holtrop/error-getshortint-on-negative-values
...
Error from GetShortInt with negative INTEGER values
2025-08-21 08:35:17 +10:00
Sean Parkinson
b3366acdaf
Merge pull request #9103 from rlm2002/zd20314-reduce-binary-footprint
...
Exclude assembly files when WOLFSSL_ARMASM_INLINE is defined
2025-08-21 08:33:39 +10:00
Sean Parkinson
b1cdf0b214
TLS 1.3 KeyShare: error on duplicate group
...
Don't allow a KeyShare extension from the client to have more
than one entry for any group.
2025-08-21 08:23:31 +10:00
JacobBarthelmeh
658c3d69fb
use memset, fix unlock, adjust return value checks
2025-08-20 13:53:27 -06:00
JacobBarthelmeh
993099e47e
Merge pull request #9114 from douzzer/20250819-debug-trace-errcodes-dist-artifacts
...
20250819-debug-trace-errcodes-dist-artifacts
2025-08-20 10:48:38 -06:00
David Garske
79fe6e467b
Merge pull request #9112 from SparkiDev/tls13_onlyDhePskKe_fix
...
TLS 1.3: Fix for onlyDhePskKe
2025-08-20 06:44:08 -07:00
David Garske
596e211a97
Merge pull request #9113 from SparkiDev/tls13_certvfy_sigalg_check
...
TLS 1.3: CertificateVerify - check sig alg was sent
2025-08-20 06:44:03 -07:00
Josh Holtrop
d2f139c9b0
Error from GetShortInt with negative INTEGER values - Add WORD8 case
2025-08-20 09:34:19 -04:00
Ruby Martin
0e6e040039
formatting remove whitespace
...
format whitespace so tabs are 4 spaces
format character count to be 80 characters or less per line
remove bracket
2025-08-19 17:08:53 -06:00
Daniel Pouzzner
5f7e2389d9
wolfssl/include.am: include wolfssl/debug-trace-error-codes.h and wolfssl/debug-untrace-error-codes.h in dist archives.
2025-08-19 17:09:58 -05:00
JacobBarthelmeh
8119034555
work around for shellcheck warning
2025-08-19 14:32:34 -06:00
JacobBarthelmeh
23498c293e
cpuid dummy call with sgx and fix assembly SP + SGX build
2025-08-19 14:32:33 -06:00
JacobBarthelmeh
44784729c0
touch up clean script and comment out sp-asm for now
2025-08-19 14:32:33 -06:00
JacobBarthelmeh
59ac260ae8
add option for building sgx with assembly optimizations
2025-08-19 14:32:33 -06:00
JacobBarthelmeh
9cdbc03a23
Merge pull request #9111 from douzzer/20250818-configure-linuxkm-fips-v5
...
20250818-configure-linuxkm-fips-v5
2025-08-19 14:31:08 -06:00
Josh Holtrop
98b6b92a76
Error from GetShortInt with negative INTEGER values
2025-08-19 12:40:48 -04:00
Sean Parkinson
2810656242
TLS 1.3: CertificateVerify - check sig alg was sent
...
Check that the signature algorithm used in the CertificateVerify message
was one that was sent in the SignatureAlgorithm extension.
2025-08-19 16:27:19 +10:00
Sean Parkinson
cd55fe6135
TLS 1.3: Fix for onlyDhePskKe
...
Make client enforce onlyDhPskKe flag.
2025-08-19 14:29:30 +10:00
Daniel Pouzzner
b9cc060340
configure.ac: tweaks for ENABLED_LINUXKM_DEFAULTS and FIPS v5.
2025-08-18 18:21:57 -05:00
JacobBarthelmeh
c089abe92f
add macro to list
2025-08-18 16:47:30 -06:00
Ruby Martin
27d03fce7a
additional check for ARM ASM Inline option
...
append thumb2 files, append inline c files with BUILD_ARMASM_INLINE
add all asm files. move curve25519 files under BUILD_CURVE25519
include remaining files
2025-08-18 15:41:43 -06:00
David Garske
f114f2cde2
Merge pull request #9093 from kareem-wolfssl/zd20372
...
Multiple fixes to wolfSSL_CIPHER_description to match documentation.
2025-08-18 13:43:53 -07:00
JacobBarthelmeh
fb6375551b
updating unwrap/wrap with use of DHUK
2025-08-18 13:38:26 -06:00
Kareem
aa6f1b231a
Fix memory leak in X509StoreRemoveCa.
2025-08-18 10:21:54 -07:00
Kareem
19b778dda0
Protect against exceeding original depth, fix overlong lines.
2025-08-18 10:21:54 -07:00
Kareem
cb985dcfa8
ECC required for newly added unit test.
2025-08-18 10:21:54 -07:00
Kareem
60c84744c8
Fix memory leak in x509_verify_cert itself, the failed certs need a pop_free call so the reference is properly decremented, as they are no longer in the X509_STORE.
2025-08-18 10:21:53 -07:00
Kareem
1e367597b6
Fix memory leak in newly added unit test.
2025-08-18 10:21:53 -07:00
Kareem
6b01053d98
Add test case for new x509_verify_cert retry functionality.
...
Add CA cert with the same SKI and intentionally invalid AKI as part of x509_verify_cert test case.
2025-08-18 10:21:53 -07:00
Kareem
027f0891f4
Don't fail out if X509StoreRemoveCa fails, since adding the temp CA was optional, it is possible there is no temp CA to remove.
2025-08-18 10:21:53 -07:00
Kareem
aaadb7971d
Fix narrowing conversion of type in RemoveCa.
2025-08-18 10:21:53 -07:00
Kareem
7b4a50b701
Add missing XFREE for dCert.
2025-08-18 10:21:53 -07:00
Kareem
d6f603b661
Add X509StoreRemoveCa wrapper around RemoveCa
...
WOLFSSL_X509's calculated subject key hash is not guaranteed to match the cert's,
ie. in the case that NO_SHA is defined. Use the same logic as AddCa,
parsing the DER cert and using the decoded cert's subject key hash.
2025-08-18 10:21:53 -07:00
Kareem
15a147d957
Remove incorrectly added NULL check, add debug logging to RemoveCA.
2025-08-18 10:21:53 -07:00
Kareem
f9eda18445
Fix missing cast and correct freeing of certs.
2025-08-18 10:21:53 -07:00
Kareem
946f20ccc7
Add type parameter to RemoveCA to avoid removing CAs of the wrong type.
2025-08-18 10:21:53 -07:00
Kareem
025dbc3454
Retry all certificates passed into wolfSSL_X509_verify_cert until a valid chain is found, rather than failing out on the first invalid chain. This allows for registering multiple certs with the same subject key, ie. alt cert chains.
2025-08-18 10:21:52 -07:00
Sean Parkinson
43f94a5d7d
Merge pull request #9107 from douzzer/20250816-cpuid_get_flags_ex-optimize
...
20250816-cpuid_get_flags_ex-optimize
2025-08-18 22:13:44 +10:00
Sean Parkinson
0ba16a9c5b
Merge pull request #9104 from kojiws/export_long_key_orig_asn
...
Improve original implementation on SetAsymKeyDer() and the test
2025-08-18 22:11:25 +10:00
Daniel Pouzzner
39c6c5af6f
wolfcrypt/src/cpuid.c, wolfssl/wolfcrypt/cpuid.h: change cpuid_flags_t to a
...
regular word32, and use non-atomics for general flag checking, with a new
implementation of cpuid_get_flags_ex() that is threadsafe by idempotency;
rename strictly-threadsafe cpuid_get_flags_ex() as cpuid_get_flags_atomic()
(strictly accurate return value), and add cpuid_flags_atomic_t and
WC_CPUID_ATOMIC_INITIALIZER, used only for internal manipulation of flags in
cpuid.c where atomicity matters.
2025-08-16 13:04:28 -05:00
lealem47
b096d9b250
Merge pull request #9106 from dgarske/zd20399
...
Fix sniffer issue handling TLS records with multiple handshake messages to be skipped
2025-08-15 15:57:00 -06:00
David Garske
32b0bd963b
Fix issue introduced in PR #9051 causing TLS records with multiple handshake messages to be skipped (ZD 20399)
2025-08-15 10:08:28 -07:00
David Garske
a98006eca9
Merge pull request #9105 from douzzer/20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
...
20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
2025-08-15 09:07:38 -07:00
Daniel Pouzzner
10a05ad839
wolfcrypt/src/dilithium.c: fix dilithium_expand_s() to fall through to dilithium_expand_s_c() for s1Len not implemented for USE_INTEL_SPEEDUP.
2025-08-15 09:48:55 -05:00
Juliusz Sosinowicz
ffe3d80f8d
Merge pull request #9097 from douzzer/20250812-atomic-cmpxchg
...
20250812-atomic-cmpxchg
2025-08-15 01:14:45 +02:00
Sean Parkinson
5b1302e4df
Merge pull request #9094 from dgarske/zd20369
...
Fix to better detect sniffer invalid spurious re-transmissions
2025-08-15 09:01:02 +10:00
Sean Parkinson
228ede7495
Merge pull request #9102 from rlm2002/zd20212
...
Remove dead code and check return values.
2025-08-15 08:21:38 +10:00
Daniel Pouzzner
c5bbf4c7e0
Merge pull request #9085 from effbiae/while-pending
...
`wolfSSL_AsyncPoll` calls refactor
2025-08-14 14:51:05 -05:00