wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-04 04:25:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,600 Commits 12 Branches 184 Tags
c8079030884ea289db1a580b02a14d2989d289bb
Commit Graph

27600 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JacobBarthelmeh
c807903088 Merge pull request #9722 from SparkiDev/sha3-harden 
SHA-3: harden against glitch attack
 2026-02-02 09:21:35 -07:00
Sean Parkinson
5924524920 SHA-3: harden against glitch attack 
Check loop counts to ensure glitching didn't change number of times loop
was performed.
 2026-02-02 15:54:55 +10:00
Sean Parkinson
b56eeb91aa Merge pull request #9730 from douzzer/20251126-linuxkm-full-reloc-support 
20251126-linuxkm-full-reloc-support
 2026-02-02 15:52:15 +10:00
Daniel Pouzzner
f2f9d5bbe7 src/internal.c: in SanityCheckMsgReceived(), gate "TLS 1.2 message order check: certificate before CKE" from 5b6f86bc8e on !WOLFSSL_NO_CLIENT_AUTH. 2026-01-30 22:38:44 -06:00
Daniel Pouzzner
64bdcce08d linuxkm/linuxkm_wc_port.h: move implementation of wc_linuxkm_inet_pton() and definition of XINET_PTON() inside BUILDING_WOLFSSL guard. 2026-01-30 22:35:31 -06:00
Daniel Pouzzner
6123febd3f src/ssl_sk.c, src/x509.c, wolfssl/ssl.h: tweaks and fixes to from #9705: remove !WOLFSSL_LINUXKM gates, and fix nullPointerArithmeticRedundantCheck in ExtractHostFromUri(). 2026-01-30 17:34:37 -06:00
Daniel Pouzzner
0b91a0e913 linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, linuxkm/Makefile: refactor wc_linuxkm_normalize_relocations() and associated types and objects: 
* change wc_linuxkm_pie_reloc_tab from unsigned int[] to struct wc_linuxkm_pie_reloc_tab_ent[], with dest_segment and reloc_type members;
  * add enum wc_reloc_dest_segment and enum wc_reloc_type;
  * update GENERATE_RELOC_TAB recipe in Makefile to render the dest segment and reloc type;
  * add struct reloc_layout_ent, and reloc_layouts[] fully populated for x86 and ARM relocations;
  * refactor find_reloc_tab_offset() and wc_linuxkm_normalize_relocations() to reflect the above;

linuxkm/module_hooks.c: tweak various printf format characters and arguments for compatibility with ARM32;

linuxkm/linuxkm_wc_port.h: include linux/inet.h and define wc_linuxkm_inet_pton() and XINET_PTON(), unless WOLFCRYPT_ONLY.
 2026-01-30 17:34:02 -06:00
Daniel Pouzzner
8719df2666 wolfcrypt/src/aes.c: in wc_AesGcmSetKey(), don't VECTOR_REGISTERS_POP() until after GCM_generate_m0_*(). 2026-01-30 17:33:30 -06:00
Daniel Pouzzner
e48663248c wolfssl/wolfcrypt/types.h: in setup for wc_static_assert, include assert.h if __STDC_VERSION__ or __cplusplus denotes presence, even if WOLFSSL_HAVE_ASSERT_H is unset. 2026-01-30 17:33:13 -06:00
Daniel Pouzzner
1feb7d247d .github/workflows/linuxkm.yml: in first scenario, remove --disable-opensslextra (i.e. retain opensslextra implicit to --enable-all), remove -DWOLFSSL_LINUXKM_VERBOSE_DEBUG, and use --enable-all-asm rather than --enable-intelasm --disable-sp-asm; in second secnario, add -DDEBUG_LINUXKM_PIE_SUPPORT. 2026-01-30 17:32:55 -06:00
JacobBarthelmeh
ff28a114b3 Merge pull request #9724 from holtrop-wolfssl/rust-ecc-allow-empty-pub_buf_slice-on-import-private 
Rust wrapper: ECC: Allow import_private_*() calls with empty pub_buf slice
 2026-01-30 10:54:01 -07:00
JacobBarthelmeh
1dc177fdbe Merge pull request #9718 from SparkiDev/tls12_msg_order_checks 
TLS 1.2 message order check: certificate before CKE
 2026-01-30 10:50:33 -07:00
JacobBarthelmeh
9ca379f3bb Merge pull request #9719 from dgarske/usersettings_expand 
Improve user_settings.h examples and add validation rules
 2026-01-29 15:35:12 -07:00
David Garske
7077a7bdd8 Fix for macros not longer needed in .wolfssl_known_macro_extras 2026-01-29 09:28:23 -08:00
Josh Holtrop
88b34a68d8 Rust wrapper: ECC: Allow import_private_*() calls with empty pub_buf slice 2026-01-29 10:32:50 -05:00
David Garske
c2a987595f Add new user_settings.h templates for tls13, dtls13, pq, openssl_compat, baremetal, rsa_only, pkcs7, ca 2026-01-28 11:27:01 -08:00
David Garske
3946ba8de3 Improve user_settings.h examples and add validation rules 
- Standardize header guards to WOLFSSL_USER_SETTINGS_H across all files
  - Add #if 0/1 gates with labels for easy feature toggling
  - Fix bugs: typos in eccnonblock (WOLFSL_SHA*), duplicates in fipsv5/all
  - Add NO_DES3_TLS_SUITES alongside NO_DES3 where needed
  - Update wolfboot_keytools with upstream PQ algorithms (ML-DSA, LMS, XMSS)
  - Add settings.h validation rules with descriptive error messages
  - Auto-define NO_DES3_TLS_SUITES when NO_DES3 is set (instead of error)
  - Update README.md and add missing files to CI tests
 2026-01-28 09:52:24 -08:00
JacobBarthelmeh
a6316114bd Merge pull request #9716 from SparkiDev/regression_fixes_22 
Regression test fixes
 2026-01-27 22:07:50 -07:00
JacobBarthelmeh
ba3653d8d0 Merge pull request #9717 from dgarske/config_rules 
Make sure all configure.ac rules are also enforced in settings.h
 2026-01-27 21:53:51 -07:00
Sean Parkinson
5b6f86bc8e TLS 1.2 message order check: certificate before CKE 
Make sure we received a Certificate message before the ClientKeyExchange
when a certificate is requested. (Certificate message will be empty when
client has no valid certificate.)
 2026-01-28 10:35:14 +10:00
Sean Parkinson
eb2fb4a9ce Merge pull request #9699 from anhu/downg 
Add cipher suite filtering when downgrade is disabled
 2026-01-28 08:59:06 +10:00
David Garske
46251bb401 Fix issue with NO_DES3_TLS_SUITES 2026-01-27 14:42:41 -08:00
Sean Parkinson
bc9e37118e Regression test fixes 
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.

wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
 2026-01-28 07:37:29 +10:00
JacobBarthelmeh
f7b5f00973 Merge pull request #9710 from rlm2002/xChaCha20_Poly1305_unitTest 
Unit test updates for XChacha20-Poly1305
 2026-01-27 13:56:16 -07:00
JacobBarthelmeh
4f84be8e66 Merge pull request #9715 from dgarske/rsa_key_parsing 
Fix for RSA private key parsing (allowing public) and RSA keygen no malloc support
 2026-01-27 13:11:14 -07:00
David Garske
74a4bcb546 Enforce all configure.ac rules in settings.h also. Keeping configure.ac for early error checking. 2026-01-27 10:46:29 -08:00
Anthony Hu
3aa758c615 renegotiation indication changes number of ciphersuites so gate on that 2026-01-27 12:57:31 -05:00
JacobBarthelmeh
3e7efe8be2 Merge pull request #9705 from cconlon/nameConstraints 
Support for extracting and validating X.509 Name Constraints extensions
 2026-01-27 10:01:48 -07:00
Anthony Hu
9a53125794 Simplify testing gating logic. 2026-01-27 11:19:50 -05:00
David Garske
c8fa1e915b Fix for RSA private key parsing (allowing public) and RSA keygen no malloc support. 2026-01-26 16:06:05 -08:00
Ruby Martin
38cb14f2a9 add API unit test for XChacha20-Poly1305 
Expand XChacha20-Poly1305 unit test
 2026-01-26 15:33:35 -07:00
Chris Conlon
610d530e45 Add Name Constraints extension support with wolfSSL_X509_get_ext_d2i() and wolfSSL_NAME_CONSTRAINTS_check_name() 2026-01-26 10:36:05 -07:00
David Garske
eeaa3a7160 Merge pull request #9596 from kareem-wolfssl/zd19378 
Add a runtime option to enable or disable the secure renegotiation check.
 2026-01-26 08:34:57 -08:00
Anthony Hu
d6985a6ee3 AES-GCM guard. 2026-01-23 16:23:44 -05:00
Kaleb Himes
4574a0c10e Merge pull request #9706 from miyazakh/selftest_pqc 
Enable kyber and dilithium in selftest
 2026-01-23 13:41:44 -07:00
David Garske
6ae5555718 Merge pull request #9704 from douzzer/20260122-toolchain-workarounds 
20260122-toolchain-workarounds
 2026-01-23 12:39:05 -08:00
David Garske
cd88ec57b0 Merge pull request #9685 from kareem-wolfssl/gh7735 
Always reinitialize the SSL cipher suites in InitSSL_Side as the side and enabled algos have likely changed.
 2026-01-23 12:38:46 -08:00
JacobBarthelmeh
2f388dde4c Merge pull request #9703 from dgarske/stsafe-a120-ecdhe 
Fixes for STSAFE-A120 ECDHE
 2026-01-23 10:59:45 -07:00
David Garske
4773ea6d44 Merge pull request #9637 from Frauschi/test_coverage 
Increase test coverage for PQC and CMake
 2026-01-23 07:51:40 -08:00
David Garske
b5209344e0 Merge pull request #9707 from danielinux/enable_stm32g0_AES_only 
Add STM32G0 hardware crypto support
 2026-01-23 07:50:30 -08:00
Michal Jahelka
269c28be16 Add STM32G0 hardware crypto support 2026-01-23 11:09:08 +01:00
Tobias Frauenschläger
14ce7956f1 Increase test coverage 
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests

Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
 2026-01-23 09:27:16 +01:00
Anthony Hu
2616fe3ff1 Better guards around tests 2026-01-22 22:17:59 -05:00
Hideki Miyazaki
0f72d2eafe enable kyber and dilithium in selftest 2026-01-23 11:59:46 +09:00
Sean Parkinson
27df554e99 Merge pull request #9701 from Frauschi/brainpool-tls13 
Add support for TLS 1.3 Brainpool curves
 2026-01-23 10:42:32 +10:00
Sean Parkinson
baaa368a61 Merge pull request #9668 from kaleb-himes/PQ-FS-2026-Part1 
PQ FS 2026 part1
 2026-01-23 10:30:47 +10:00
David Garske
2c83711319 Merge pull request #9693 from kareem-wolfssl/zd21012 
Use MinGW XINET_PTON definition for 32-bit MinGW as well as 64-bit.
 2026-01-22 15:24:31 -08:00
Daniel Pouzzner
a1b43ab3fa wolfssl/wolfcrypt/dilithium.h: add a check for whether all supported levels are disabled, in WOLFSSL_WC_DILITHIUM setup. 2026-01-22 17:20:46 -06:00
Daniel Pouzzner
71bffcc5eb linuxkm/Kbuild: move FORCE_GLOBAL_OBJTOOL_OFF setup outside ENABLED_LINUXKM_PIE setup, i.e. always usable. 2026-01-22 17:20:46 -06:00
David Garske
a17f68f036 Merge pull request #9587 from kareem-wolfssl/zd20850 
Add duplicate entry error to distinguish cases where a duplicate CRL is rejected.
 2026-01-22 15:07:19 -08:00