wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 12:32:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,204 Commits 12 Branches 184 Tags
cb81cc8ce6fa0cd0fc0128532e720703fa0fa968
Commit Graph

27204 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kareem
cb81cc8ce6 Merge remote-tracking branch 'upstream/master' into gh7197 2025-12-23 14:43:57 -07:00
David Garske
d36bfabe18 Merge pull request #9560 from JacobBarthelmeh/clang 
fix for shadows global declaration warning
 2025-12-23 08:54:50 -08:00
David Garske
9de98cee73 Merge pull request #9569 from kareem-wolfssl/gh8152 
Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
 2025-12-23 08:53:51 -08:00
David Garske
70165c517b Merge pull request #9571 from mattia-moffa/20251222-sniffer-uint-underflow-vuln 
Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM
 2025-12-23 08:37:50 -08:00
David Garske
776b31267c Merge pull request #9466 from SparkiDev/tls13_pt_alert_when_enc 
TLS 1.3, plaintext alert: ignore when expecting encrypted
 2025-12-23 08:37:00 -08:00
David Garske
86808b8a9b Merge pull request #9578 from anhu/early_data_doc 
Correct the API docs for wolfSSL_write_early_data()
 2025-12-23 08:14:10 -08:00
David Garske
8f089cdcfe Merge pull request #9508 from SparkiDev/ppc32_sha256_asm_pic 
PPC32 SHA-256 ASM: support compiling for PIC
 2025-12-23 08:12:50 -08:00
Anthony Hu
0b5e9c76ed Correct the API docs for wolfSSL_write_early_data() 2025-12-23 10:08:02 -05:00
Sean Parkinson
b766f11e7b TLS 1.3, plaintext alert: ignore when expecting encrypted 
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
 2025-12-23 09:09:06 +10:00
Sean Parkinson
59f84355a5 Merge pull request #9573 from night1rider/aes-free-callbacks 
Aes Free callback support
 2025-12-23 08:47:05 +10:00
Sean Parkinson
c8f2cc5b43 Merge pull request #9566 from dgarske/ca_skid_cert_akid 
Added build option to allow certificate CA matching using AKID with signers SKDI
 2025-12-23 08:40:14 +10:00
night1rider
afbc65a6c3 Aes Free callback support 2025-12-22 12:39:41 -07:00
Mattia Moffa
ca78994298 Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM 2025-12-22 16:13:27 +01:00
Sean Parkinson
da06e1aeea Merge pull request #9558 from kareem-wolfssl/zd20944_2 
Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application.
 2025-12-22 19:38:42 +10:00
Sean Parkinson
7a326ef43f Merge pull request #9553 from julek-wolfssl/ed25519-export-key-check 
ed25519: validate presence of keys in export functions
 2025-12-22 19:31:14 +10:00
Kareem
a1999d29ed Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems. 
wolfSSL's support for WOLFSSL_SYS_CA_CERTS uses APIs which don't depend on !NO_FILESYSTEM
on Windows/Mac.

Fixes #8152.
 2025-12-19 16:37:50 -07:00
JacobBarthelmeh
0a0c43054f Merge pull request #9564 from douzzer/20251219-fixes 
20251219-fixes
 2025-12-19 16:24:20 -07:00
Kareem
3e59b83727 Only keep /dev/urandom open, close /dev/random after each use. 
Improve logic for opening RNG seed FD.
 2025-12-19 15:57:49 -07:00
David Garske
1cb2231ff5 Added build option to allow certificate CA matching using AKID with signers SKID ( WOLFSSL_ALLOW_AKID_SKID_MATCH). Fixed issue with cert->extAuthKeyIdSz not being set with ASN template code. 2025-12-19 14:14:39 -08:00
Daniel Pouzzner
a7550346dd wolfcrypt/test/test.c: in rng_seed_test(), fix gates for FIPS 5.2.4. 2025-12-19 15:50:27 -06:00
Daniel Pouzzner
d3f74557fe wolfcrypt/src/wolfentropy.c: add volatile attribute to entropy_memuse_initialized declaration; in wc_Entropy_Get(), if HAVE_FIPS, call Entropy_Init() if necessary, to accommodate FIPS KATs; in Entropy_Init(), add thread safety. 2025-12-19 15:45:17 -06:00
JacobBarthelmeh
d5723d0d89 Merge pull request #9544 from julek-wolfssl/gh/9362 
Check KeyShare after HRR
 2025-12-19 14:36:31 -07:00
David Garske
1825bd86f5 Merge pull request #9550 from JacobBarthelmeh/caam 
sanity checks on buffer size with AES and CAAM Integrity use
 2025-12-19 11:03:40 -08:00
JacobBarthelmeh
d26c11c626 Merge pull request #9551 from josepho0918/iar 
Add IAR support to WC_OFFSETOF macro
 2025-12-19 11:36:33 -07:00
JacobBarthelmeh
8153ea6189 Merge pull request #9559 from cconlon/pkcs7SignedNonOctet 
Fix PKCS#7 SignedData parsing for non-OCTET_STRING content types
 2025-12-19 11:12:06 -07:00
Daniel Pouzzner
6f95a9c58e wolfcrypt/src/random.c: in _InitRng(), remove "drbg_instantiated" conditional cleanup logic (Coverity true-benign-positive: DEADCODE because drbg_instantiated is always false when ret != DRBG_SUCCESS). 2025-12-19 10:30:14 -06:00
Daniel Pouzzner
fb26b2dfe1 wolfcrypt/test/test.c: in HMAC tests, initialize ret, to silence uninitvar from cppcheck-force-source. 2025-12-19 09:07:14 -06:00
Daniel Pouzzner
96c47cd18c wolfcrypt/test/test.c: in _rng_test(), inhibit the WC_RESEED_INTERVAL subtest if an rng callback is installed. 2025-12-19 08:55:35 -06:00
Juliusz Sosinowicz
dd35f10b57 ed25519: validate presence of keys in export functions 2025-12-19 10:14:26 +01:00
JacobBarthelmeh
a3072c7a8d fix for shadows global declaration warning 2025-12-18 17:18:39 -07:00
Chris Conlon
afe82b9512 Fix PKCS#7 degenerate detection based on signerInfos length 2025-12-18 16:28:03 -07:00
Chris Conlon
d6dcd30736 Fix PKCS#7 streaming for non OCTET STRING content types 2025-12-18 16:28:01 -07:00
JacobBarthelmeh
bbc3a72ea8 Merge pull request #9556 from julek-wolfssl/rng-tools-timeout-fix 
rng-tools: increase jitter timeout
 2025-12-18 15:59:42 -07:00
Kareem
b0b840aa0f Rename fdOpen to seedFdOpen to avoid potential conflicts. 
Gate keeping the seed FD open behind WOLFSSL_KEEP_RNG_SEED_FD_OPEN and only
enable by default for HAProxy.  It is causing issues on OS X and may
cause issues on other OSes, and is generally a major behavior change.
 2025-12-18 15:55:35 -07:00
Kareem
c238defe23 Add cast for public_size 2025-12-18 15:32:59 -07:00
Kareem
755097d512 Track if RNG seed FD was opened and only close it if it was already open. This fixes the case where wc_FreeRng is called when _InitRng was not called on the RNG. Since the FD value defaults to 0 before _InitRng was called, and 0 is potentially a valid FD, it was being closed. 2025-12-18 15:27:00 -07:00
JacobBarthelmeh
4162f24434 Merge pull request #9555 from embhorn/zd20964 
Null deref check in Pkcs11ECDH
 2025-12-18 15:14:35 -07:00
Chris Conlon
5eef52c6fa Add test for PKCS#7 SignedData with non-OCTET_STRING content 2025-12-18 15:02:02 -07:00
Kareem
81d32f4fe6 Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application. 2025-12-18 14:37:59 -07:00
David Garske
4e96b11cce Merge pull request #9557 from douzzer/20251218-fixes 
20251218-fixes
 2025-12-18 12:35:44 -08:00
Kareem
0420c942a0 Only use -1 for uninitialized fds as 0 is a valid fd. 2025-12-18 11:22:22 -07:00
Kareem
2e83b97909 Only attempt to close RNG file descriptor on platforms with XCLOSE. 2025-12-18 11:15:33 -07:00
Kareem
fb880e943b Reset fd after closing it. 2025-12-18 11:15:33 -07:00
Kareem
6bcbfec200 Initalize RNG seed fd in _InitRng. 2025-12-18 11:15:33 -07:00
Kareem
ea43bcba72 Keep RNG seed file descriptor open until the RNG is freed. 2025-12-18 11:15:33 -07:00
Daniel Pouzzner
8a8ef3512e src/internal.c: in FreeSSL_Ctx(), use wolfSSL_RefWithMutexFree(&ctx->ref), matching refactor in #8187. 2025-12-18 11:48:31 -06:00
Juliusz Sosinowicz
4e15ccec35 rng-tools: increase jitter timeout 2025-12-18 18:40:54 +01:00
Daniel Pouzzner
83e9a0780f wolfcrypt/src/wc_lms.c: fix leak in wc_LmsKey_Reload(). 2025-12-18 11:09:37 -06:00
Daniel Pouzzner
59b3219c0f wolfcrypt/test/test.c: fix memory leaks in Hmac tests. 2025-12-18 10:47:21 -06:00
Eric Blankenhorn
d1a4677a8a Null deref check in Pkcs11ECDH 2025-12-18 10:10:57 -06:00