wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 12:52:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,569 Commits 12 Branches 184 Tags
cadea76e43859e09932d4c63dbaea09dff356fa5
Commit Graph

8863 Commits

Author SHA1 Message Date
effbiae
cadea76e43 refactor wolfSSL_CTX_set_srp_username 2025-10-15 17:15:07 +11:00
David Garske
3534fad3ee Merge pull request #9295 from rizlik/shutdown_nonblocking_fix 
wolfSSL_shutdown: handle non-blocking I/O
 2025-10-14 12:50:57 -07:00
Marco Oliverio
4b7a2b677b wolfSSL_shutdown: fix non-blocking retry after WANT_WRITE. 
1. Send buffered message in case SendAlert_ex returned WANT_WRITE.
2. If pending messages are sent successfully return SHUTDOWN_NOT_DONE as
   current API behavior.
3. Propagate WANT_READ error for ProcessReply if waiting for other peer
   shutdown (when invoking wolfSSL_shutdown for the second time)
 2025-10-14 10:05:11 +02:00
Daniel Pouzzner
b2c105d5f7 Merge pull request #9292 from embhorn/zd20626 
Fix GCC warnings
 2025-10-13 23:17:13 -05:00
Eric Blankenhorn
dd22fa3243 Fix from testing 2025-10-13 15:27:01 -05:00
Eric Blankenhorn
e67b85724e Fix from testing 2025-10-13 12:57:47 -05:00
Eric Blankenhorn
adc9146035 Fix from testing 2025-10-13 12:33:40 -05:00
Eric Blankenhorn
83336e3436 Fix from testing 2025-10-13 12:15:39 -05:00
effbiae
f4b8f844b2 indent {.*;} macro args 2025-10-13 14:04:06 +11:00
effbiae
b5c5854064 fix for cppcheck defect in src/ssl.c 2025-10-11 11:40:30 +11:00
effbiae
75a6621c63 hand edits for small stack compress 2025-10-11 11:40:30 +11:00
effbiae
7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Eric Blankenhorn
e47be2163a Fix buffer warnings in x509 2025-10-10 15:33:53 -05:00
Eric Blankenhorn
f713cdb5e0 Fix evp const warning and pk buffer warning 2025-10-10 15:14:56 -05:00
David Garske
8a6297d42b Merge pull request #9267 from julek-wolfssl/dtls-stricter-ordering 
Add message order sanity checks
 2025-10-10 10:26:34 -07:00
Eric Blankenhorn
aa56c40d30 Fix / suppress GCC warnings 2025-10-10 11:56:03 -05:00
Juliusz Sosinowicz
5efdc6b7b6 Make mutual auth side check more robust 2025-10-09 20:23:56 +02:00
Juliusz Sosinowicz
bd9f7b5b87 Clarify return values in wolfSSL_mutual_auth documentation 2025-10-09 00:57:08 +02:00
David Garske
3f460b40bc Merge pull request #9258 from kareem-wolfssl/zd19563_4 
Fix potential memory leak in wolfSSL_X509_verify_cert.
 2025-10-08 13:59:58 -07:00
Juliusz Sosinowicz
10365d6082 Allow clearing group messages flag 2025-10-08 11:11:03 +02:00
Juliusz Sosinowicz
6fbbdf9324 Add message order sanity checks 
Reorganize test_dtls tests to use TEST_DECL_GROUP
Reorganize test_tls tests to use TEST_DECL_GROUP
 2025-10-08 11:11:03 +02:00
Kareem
b564138490 Merge remote-tracking branch 'upstream/master' into zd19563_4 2025-10-07 14:23:45 -07:00
JacobBarthelmeh
2445af9308 compile both fe_operations.c and low_mem version and rely on macro defines to choose which code gets compiled 2025-10-07 10:42:08 -06:00
David Garske
b3031d25ca Merge pull request #9255 from SparkiDev/tls13_cookie_hash 
TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
 2025-10-07 08:51:26 -07:00
David Garske
d9b52d832c Merge pull request #9259 from julek-wolfssl/dtls13-timeout 
Reset DTLS 1.3 timeout
 2025-10-07 07:57:17 -07:00
Sean Parkinson
9d546acd03 Merge pull request #9200 from effbiae/build-msg-or-hash-output 
refactor to BuildMsgOrHashOutput()
 2025-10-07 08:20:20 +10:00
David Garske
d4242fa026 Merge pull request #9272 from julek-wolfssl/cov-20251006 
Handle coverity reported errors
 2025-10-06 10:57:20 -07:00
David Garske
fe7b6f1651 Add missing TimeNowInMilliseconds for FreeRTOS 2025-10-06 18:38:09 +02:00
David Garske
c349001d94 Move the STM32 hash options into STM32_HASH. Fix for realloc. Improve docs for hcom_uart. Fix issue with detecting RTC and incorrectly setting NO_ASN_TIME. 2025-10-06 18:38:09 +02:00
Juliusz Sosinowicz
cd0d986016 Reset DTLS 1.3 timeout 2025-10-06 18:23:16 +02:00
Juliusz Sosinowicz
a9ad5181e6 tls13: remove dead code in SetupOcspResp csr assignment 2025-10-06 16:21:47 +02:00
Juliusz Sosinowicz
303401b047 Refactor certificate status handling to use word32 2025-10-06 16:19:54 +02:00
Juliusz Sosinowicz
f9063c406b Enables dynamic TLS cert loading with OCSP 
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
 2025-10-03 13:08:11 +02:00
effbiae
2adae90a5d refactor to BuildMsgOrHashOutput 2025-10-03 11:41:57 +10:00
Sean Parkinson
ea4554c941 Merge pull request #9234 from effbiae/TLSX_WriteWithEch 
restore inner server name in TLSX_WriteWithEch
 2025-10-03 09:20:40 +10:00
Sean Parkinson
d8d3a7a22d Merge pull request #9190 from colmenero/hmacCopy-sm3-issue-9187 
Add SM3 in wolfSSL_HmacCopy
 2025-10-03 09:10:03 +10:00
Sean Parkinson
e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256 
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
 2025-10-03 08:28:02 +10:00
effbiae
c3c7b11cfc refactor X509PrintSubjAltName 2025-10-02 15:36:36 +10:00
Kareem
992dfecc11 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19563_4 2025-10-01 11:15:46 -07:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Daniel Pouzzner
d5750ac7ca Merge pull request #9250 from gasbytes/issue-9247 
Added check in TLX_Parse to check if KeyShare extension is present SupportedGroups must be present too (and viceversa)
 2025-09-30 20:36:50 -05:00
Daniel Pouzzner
c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245 
DTLS SRTP should also do a cookie exchange since it uses UDP
 2025-09-30 20:36:27 -05:00
Daniel Pouzzner
234ba7780a Merge pull request #9148 from SparkiDev/ct_volatile 
Mark variables as volatile
 2025-09-30 20:35:52 -05:00
Daniel Pouzzner
b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240 
Abort connection if we are about to send the same CH
 2025-09-30 20:35:32 -05:00
Daniel Pouzzner
1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3 
Fix building and running tests and examples with coding/PEM support disabled.
 2025-09-30 20:34:46 -05:00
Daniel Pouzzner
42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello 
Add support for certificate_authorities extension in ClientHello
 2025-09-30 20:33:16 -05:00
Kareem
0efc8118d3 Fix potential memory leak in wolfSSL_X509_verify_cert. 2025-09-30 17:39:33 -07:00
Daniel Pouzzner
b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify 
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
 2025-09-30 16:22:41 -05:00
Daniel Pouzzner
7ea66aeffe refactor WOLFSSL_LINUXKM gates as generic WOLFSSL_KERNEL_MODE gates where appropriate: 
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).

rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.

rename lkm_printf() to wc_km_printf().

replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H

remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
 2025-09-29 16:59:12 -05:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00