David Garske
1744c11686
Merge pull request #9570 from kareem-wolfssl/variousFixes
...
Add SSL_get_rfd and SSL_get_wfd. Various documentation updates.
2025-12-26 07:47:17 -08:00
Daniel Pouzzner
f4f4c7cfae
src/ssl.c: fix clang-analyzer-deadcode.DeadStores in check_cert_key().
2025-12-24 17:49:33 -06:00
David Garske
2354ea196b
Merge pull request #9513 from rizlik/dtls_header_fix
...
fix DTLS header headroom accounting
2025-12-23 17:20:12 -08:00
David Garske
0fae0a7ba6
Merge pull request #9397 from rizlik/earlydata_want_write_fixes
...
wolfssl: preserve early-data handling across WANT_WRITE retries
2025-12-23 17:19:39 -08:00
David Garske
57ef8a7caf
Merge pull request #9574 from anhu/dtls_guard
...
Guard a bit of DTLS code.
2025-12-23 15:03:46 -08:00
Marco Oliverio
149bf19b4c
split overlong line
2025-12-23 23:41:52 +01:00
Marco Oliverio
2e63845531
use wolfssl_local as local functions prefix
2025-12-23 23:39:07 +01:00
Marco Oliverio
bafb8e56d5
use wolfssl_local_ as local functions prefix
2025-12-23 23:32:08 +01:00
David Garske
d36bfabe18
Merge pull request #9560 from JacobBarthelmeh/clang
...
fix for shadows global declaration warning
2025-12-23 08:54:50 -08:00
David Garske
9de98cee73
Merge pull request #9569 from kareem-wolfssl/gh8152
...
Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
2025-12-23 08:53:51 -08:00
David Garske
70165c517b
Merge pull request #9571 from mattia-moffa/20251222-sniffer-uint-underflow-vuln
...
Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM
2025-12-23 08:37:50 -08:00
Sean Parkinson
b766f11e7b
TLS 1.3, plaintext alert: ignore when expecting encrypted
...
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
2025-12-23 09:09:06 +10:00
Anthony Hu
cb2a80bf53
Guard a bit of DTLS code.
2025-12-22 17:05:47 -05:00
Mattia Moffa
ca78994298
Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM
2025-12-22 16:13:27 +01:00
Marco Oliverio
29d8fa7cb6
tls13: fix indentation alignment
2025-12-22 13:45:34 +01:00
Marco Oliverio
8cbc4047df
internal: rename to use wolfssl internal prefix
2025-12-22 13:41:33 +01:00
Marco Oliverio
aa4fb5d3e5
internal: GetMaxPlainTextSize: precise pad size when adjusting for MTU
2025-12-22 13:41:33 +01:00
Marco Oliverio
1200efdeb3
internal: GetRecordSize: precise header computation on fallback path
2025-12-22 13:41:33 +01:00
Marco Oliverio
75e7d5e9bd
fix: split message > MTU on WOLFSSL_NO_DTLS_SIZE_CHECK
2025-12-22 12:49:31 +01:00
Marco Oliverio
14b124769a
use wolfssl internal prefix for MaybeCheckAlertOnErr
2025-12-22 10:04:50 +01:00
Marco Oliverio
12c2cdafaf
rename wolfSSL_MaybeCheckAlertOnErr in wolfMaybeCheckAlertOnErr
2025-12-22 09:51:06 +01:00
Marco Oliverio
f4c48c19c1
fix: abide unused arguments when WOLFSSL_CHECK_ALER_ON_ERR is disabled
2025-12-22 09:51:06 +01:00
Marco Oliverio
38d8eb6f0d
address reviewer's comments
2025-12-22 09:51:06 +01:00
Marco Oliverio
57282140a9
WOLFSSL_CHECK_ALERT_ON_ERR: ignore non fatal errors
2025-12-22 09:51:06 +01:00
Marco Oliverio
093d77727b
early_data: avoid resetting ssl->earlyData after WANT_WRITE retry
2025-12-22 09:51:06 +01:00
Marco Oliverio
a1c8790039
wolfssl: preserve early-data handling across WANT_WRITE retries
...
The early-data logic setups "early" exits in Accept/Connect state machine so
that the data exchanged during the handshake can be delivered to the
caller.
After the caller process the data, it usually calls Accept/Connect again
to cotinue the handshake.
Under non-blocking I/O there is the chance that these early exits are
skipped, this commit fixes that.
Server-side accept (TLS 1.3/DTLS 1.3) could skip the early-data shortcut
whenever sending the Finished flight first hit WANT_WRITE: when Accept
is called again and the data is eventually flushed into the I/O layer
the accept state is advanced past TLS13_ACCEPT_FINISHED_SENT, so the
next wolfSSL_accept() call skipped the block that marks
SERVER_FINISHED_COMPLETE and lets the application drain 0-RTT data. By
keeping the FALL_THROUGH into TLS13_ACCEPT_FINISHED_SENT and only
returning early while that handshake flag is still unset, we revisit the
shortcut immediately after the buffered flight is delivered, preserving
the intentional behaviour even under non-blocking I/O.
On the client, the same pattern showed up after SendTls13ClientHello()
buffered due to WANT_WRITE: after flushing, the connect state is already
CLIENT_HELLO_SENT so the early-data exit is no longer executed. We now
fall through into the CLIENT_HELLO_SENT case and only short-circuit once
per handshake, ensuring the reply-processing loop still executes on the
retry.
2025-12-22 09:51:05 +01:00
Kareem
7c4feb5e87
Improve the error message returned by BAD_KEY_SHARE_DATA.
...
Fixes #9084 .
2025-12-19 17:17:33 -07:00
Kareem
a1999d29ed
Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
...
wolfSSL's support for WOLFSSL_SYS_CA_CERTS uses APIs which don't depend on !NO_FILESYSTEM
on Windows/Mac.
Fixes #8152 .
2025-12-19 16:37:50 -07:00
JacobBarthelmeh
d5723d0d89
Merge pull request #9544 from julek-wolfssl/gh/9362
...
Check KeyShare after HRR
2025-12-19 14:36:31 -07:00
JacobBarthelmeh
a3072c7a8d
fix for shadows global declaration warning
2025-12-18 17:18:39 -07:00
Daniel Pouzzner
8a8ef3512e
src/internal.c: in FreeSSL_Ctx(), use wolfSSL_RefWithMutexFree(&ctx->ref), matching refactor in #8187 .
2025-12-18 11:48:31 -06:00
Marco Oliverio
988ba340ba
address reviewer's comments
2025-12-18 10:28:54 +01:00
Sean Parkinson
a103f5af8b
Merge pull request #9545 from douzzer/20251211-DRBG-SHA2-smallstackcache-prealloc
...
20251211-DRBG-SHA2-smallstackcache-prealloc
2025-12-18 10:07:37 +10:00
JacobBarthelmeh
911e996a8d
Merge pull request #9546 from SparkiDev/curve25519_base_smul_improv
...
Curve25519: improved smul
2025-12-17 15:28:56 -07:00
Daniel Pouzzner
fc7d4ffad4
PR#9545 20251211-DRBG-SHA2-smallstackcache-prealloc addressing peer review: clear dest if necessary in InitHandshakeHashesAndCopy(), style tweaks in random.c, explanatory comments in sha512.c.
2025-12-17 11:07:22 -06:00
Daniel Pouzzner
dc0fe803a5
src/internal.c: in InitHandshakeHashesAndCopy(), don't call InitHandshakeHashes(), to avoid leaking in the later wc_FooCopy() operation.
2025-12-17 11:01:10 -06:00
Daniel Pouzzner
cd3e81a656
src/ssl_load.c: in ProcessBufferCert(), check ctx for nullness before accessing ctx->verifyNone (fixes -Wnull-dereference reported by multi-test dtls-no-rsa-no-dh after merge of 36e66eb763).
2025-12-17 11:01:10 -06:00
Juliusz Sosinowicz
f61bfd7805
Check KeyShare after HRR
2025-12-17 10:27:04 +01:00
Sean Parkinson
f54266c2c6
Curve25519: improved smul
...
Use the Ed25519 base smul in Curve25519 base mul and covert to
Montogmery curve for a faster implementation.
Only when Ed25519 is compiled in or WOLFSSL_CURVE25519_USE_ED25519 is
defined.
When compiling Intel x64 assembly and Aarch64 assembly, always define
WOLFSSL_CURVE25519_USE_ED25519.
Can't use with blinding - normal C implementation.
Optimized the Curve25519 smul slightly for Intel x64 and Aarch64.
Improved the conditional table lookup on Intel x64 to use AVX2 when
available.
2025-12-17 13:25:36 +10:00
JacobBarthelmeh
75fdf959c1
Merge pull request #9514 from kareem-wolfssl/zd20936
...
Fix uninitialized variable, fix potentially undefined printf reference in HASH_DRBG_Generate.
2025-12-16 14:48:17 -07:00
JacobBarthelmeh
9156b50bbc
Merge pull request #9538 from SparkiDev/tls13_dup_ext_alert_code_fix
...
TLS 1.3: duplicate extension alert code fix
2025-12-16 14:43:19 -07:00
Marco Oliverio
0fa0fd2317
(d)tls: refactor wolfSSL_GetMaxFragSize(), simplify length computations
2025-12-16 10:46:29 +01:00
Sean Parkinson
5512c2d0b4
Merge pull request #9541 from jackctj117/empty-hash-comment
...
Added comment with empty hash use
2025-12-16 08:34:16 +10:00
Sean Parkinson
85d40c8e9b
Merge pull request #9522 from JacobBarthelmeh/time
...
tie in use of check_time with x509 store
2025-12-16 08:24:49 +10:00
Kareem
968662063d
Merge remote-tracking branch 'upstream/master' into zd20936
2025-12-15 14:06:18 -07:00
Sean Parkinson
d3863e5fa3
TLS 1.3: duplicate extension alert code fix
...
The specification states to return illegal_parameter when a message is
syntactically correct but semantically invalid. (RFC 8446 section 6,
Paragraph 5)
2025-12-15 10:00:56 -08:00
jackctj117
585a8d22aa
Added comment with empty hash imofrmation
2025-12-15 10:52:24 -07:00
Sean Parkinson
44be44a509
TLS 1.3 missing extension: return correct alert code
...
Change TLS 1.3 handling to return missing_extension alert code when
- KeyShare is present but SupportedGroups is missing and
- SupportedGroups is present but KeyShare is missing
Added tests for this.
2025-12-15 09:07:13 +10:00
Lealem Amedie
61e58f0f04
Fix for analyzer null dereference
2025-12-12 12:31:07 -07:00
Kareem
3797c03e6c
Merge remote-tracking branch 'upstream/master' into zd20936
2025-12-12 11:37:34 -07:00