wolfssl

mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 20:59:57 +01:00

Author	SHA1	Message	Date
Sean Parkinson	d66863d0ac	Aarch64 XFENCE Use sb instruction instead of isb if available.	2025-06-11 09:29:20 +10:00
JacobBarthelmeh	ae87afa677	Merge pull request #8857 from miyazakh/tsip_fix fix TSIP TLS example program	2025-06-10 16:26:34 -06:00
Hideki Miyazaki	d138c48a00	add TSIP_RSASSA_1024 and TSIP_RSASSA_2048 to known_macro_extras	2025-06-11 04:12:54 +09:00
JacobBarthelmeh	2d892f07eb	Merge pull request #8861 from gasbytes/psk-handshake-failure-fix tls13: clear tls1_3 on downgrade	2025-06-10 10:24:17 -06:00
JacobBarthelmeh	047f0bb5fc	Merge pull request #8847 from gojimmypi/pr-platformio-cert-bundles Improve PlatformIO Certificate Bundle Support	2025-06-10 10:23:07 -06:00
JacobBarthelmeh	eb3c324ea4	Merge pull request #8852 from holtrop/reseed-drbg-in-rand-poll-test Add additional compatibility layer RAND tests	2025-06-10 10:20:46 -06:00
JacobBarthelmeh	94f5948f20	Merge pull request #8858 from rizlik/dtls13_set_epoch_fix dtls13: move Dtls13NewEpoch into DeriveTls13Keys	2025-06-10 09:48:58 -06:00
JacobBarthelmeh	81852e7425	Merge pull request #8865 from SparkiDev/dilithium_fixes_2 ML-DSA: fix tests for different configs	2025-06-10 09:43:13 -06:00
Sean Parkinson	cb90b78688	ML-DSA: fix tests for different configs Setting the private key into SSL object requires signing to be available. Only enable the parameters that are compiled in.	2025-06-10 20:44:27 +10:00
Josh Holtrop	1c6e3d729a	Check that fork() returns >= 0 in RAND_poll fork test	2025-06-10 06:23:06 -04:00
JacobBarthelmeh	106bcb22d3	Merge pull request #8860 from LinuxJedi/tls13-trusted-ca Allow `trusted_ca_keys` with TLSv1.3	2025-06-09 17:43:44 -06:00
JacobBarthelmeh	4ae8ca03ac	Merge pull request #8859 from kojiws/clarify_supported_pkcs12_enc_algos Clarify supported encryption algorithms on wc_PKCS12_create()	2025-06-09 16:03:53 -06:00
David Garske	587d5c783b	Merge pull request #8862 from JacobBarthelmeh/pqc fix syntax error with pqc yml	2025-06-09 13:03:48 -07:00
Josh Holtrop	133e238359	Wait on child process in RAND_poll fork test	2025-06-09 15:59:22 -04:00
JacobBarthelmeh	496b0911be	fix syntax error with pqc yml	2025-06-09 13:50:00 -06:00
Marco Oliverio	3e6703e1fb	fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys	2025-06-09 19:20:06 +02:00
Marco Oliverio	1024bf0109	fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys	2025-06-09 18:00:23 +02:00
Reda Chouk	92b6e2f2e9	tls13: clear tls1_3 on downgrade Unset ssl->options.tls1_3 whenever we drop to TLS 1.2 so PSK handshakes don’t hit -326 VERSION_ERROR.	2025-06-09 17:12:56 +02:00
Marco Oliverio	59ff71f936	fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys	2025-06-09 16:11:17 +02:00
Andrew Hutchings	5e6cb2b0b6	Allow `trusted_ca_keys` with TLSv1.3 It is possible that the client will provied `trusted_ca_keys` during a TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with `EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and should be ignored. ZD 19936	2025-06-09 08:31:54 +01:00
Koji Takeda	0260ff789b	Clarify supported PKCS12 encryption algorithms	2025-06-09 12:03:47 +09:00
Marco Oliverio	c1c1929e55	dtls13: move Dtls13NewEpoch into DeriveTls13Keys Dlts13NewEpoch saves the keys currently derived in the ssl object. Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong keys when creating a new Epoch. This fixes at least he following scenario: - Client has encryption epoch != 2 in the handshake (eg. due to rtx) - Client derives traffic0 keys after receiving server Finished message - Client set encryption epoch to 2 again to send the Finished message, this override the traffic key computed - Client creates the new epoch with the wrong key	2025-06-09 02:35:29 +02:00
Hideki Miyazaki	eeb3961b6f	fix trailing whitespace	2025-06-07 14:23:59 +09:00
Hideki Miyazaki	0404447bd8	fix typo	2025-06-07 12:46:22 +09:00
Hideki Miyazaki	1f8efc3c14	fix TSIP example fix Client Certificate Verify using RSA sign/verify	2025-06-07 12:38:18 +09:00
Josh Holtrop	10b3cc8dd2	Add fork test for RAND_poll()	2025-06-06 20:45:01 -04:00
gojimmypi	3254f56d32	Improve PlatformIO Certificate Bundle Support	2025-06-06 15:48:07 -07:00
JacobBarthelmeh	0bac2c2b34	Merge pull request #8846 from lealem47/zd20027 Don't include AEAD nonce in decrypted data size	2025-06-06 15:43:20 -06:00
Sean Parkinson	8e9e671a5a	Merge pull request #8853 from JacobBarthelmeh/pqc add macro WOLFSSL_ML_KEM_USE_OLD_IDS to PQC CI test	2025-06-07 07:29:33 +10:00
JacobBarthelmeh	369f9f0339	Merge pull request #8849 from holtrop/reseed-drbg-in-rand-poll Reseed DRBG in RAND_poll()	2025-06-06 11:55:46 -06:00
JacobBarthelmeh	ae7509e746	Merge pull request #8813 from gojimmypi/espressif-mlkem-support Adjust Espressif Examples for Post Quantum ML-KEM	2025-06-06 11:41:59 -06:00
JacobBarthelmeh	9ffca6b39c	Merge pull request #8822 from kojiws/support_cert_aes_cbc_on_pkcs12_export Support PBE_AES(256\|128)_CBC certificate encryptions on wc_PKCS12_create()	2025-06-06 11:35:13 -06:00
JacobBarthelmeh	45306e9378	Merge pull request #8845 from rlm2002/coverityTests Coverity: test adjustments and variable checks	2025-06-06 11:29:56 -06:00
JacobBarthelmeh	8a4200eb31	add macro WOLFSSL_ML_KEM_USE_OLD_IDS to PQC CI test	2025-06-06 11:12:37 -06:00
JacobBarthelmeh	f4821eb0f4	Merge pull request #8827 from SparkiDev/ml_kem_codepoints ML_KEM IDs backward compat	2025-06-06 11:06:15 -06:00
JacobBarthelmeh	570c1fc390	Merge pull request #8824 from JeremiahM37/tlsCurveFix tls fix for set_groups	2025-06-06 10:47:06 -06:00
Josh Holtrop	0c12337194	Reseed DRBG in RAND_poll()	2025-06-06 12:20:58 -04:00
JacobBarthelmeh	bfc55d9016	Merge pull request #8848 from julek-wolfssl/gh/8841 dtlsProcessPendingPeer: correctly set the current peer	2025-06-06 09:52:35 -06:00
JacobBarthelmeh	407a1259af	Merge pull request #8851 from douzzer/20250606-fixes Adjustment for warnings with NO_TLS build and add github actions test	2025-06-06 09:46:42 -06:00
Daniel Pouzzner	efc36655e6	src/internal.c: add pedantic-compatible NO_TLS codepath for cipher_names[] and GetCipherNamesSize().	2025-06-06 18:02:19 +04:00
Daniel Pouzzner	4572dcf9f9	tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement; add .github/workflows/no-tls.yml; .github/workflows/pq-all.yml: add smallstack scenario.	2025-06-06 17:18:50 +04:00
Sean Parkinson	7eca4fb331	ML_KEM IDs backward compat Allow backward compatibilitly of Hybrid ML_KEM codepoints in TLS with version before wolfSSL 5.8.0. When WOLFSSL_ML_KEM_USE_OLD_IDS is defined, it will accept the old codepoints for P256 with ML-KEM-512, P384 with ML-KEM-768, P521 with ML-KEM-10124. (Others combinations were not know pre 5.8.0.) Both old client with new server and new client with new server work with old codepoints.	2025-06-06 09:17:40 +10:00
JacobBarthelmeh	3ecc58cc0e	Merge pull request #8842 from julek-wolfssl/zd/19966 ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING	2025-06-05 17:07:47 -06:00
Juliusz Sosinowicz	736a5e1f89	dtlsProcessPendingPeer: correctly set the current peer	2025-06-06 00:12:38 +02:00
Lealem Amedie	53f3e74bf1	Sniffer: Don't include AEAD nonce in decrypted data size	2025-06-05 14:13:45 -06:00
Juliusz Sosinowicz	edfc5360d4	TLSX_SupportedCurve_Parse: fix commonCurves wouldn't be free'd on error	2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz	0ac6ca3cf7	Fix hard tabs and c++ style comments	2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz	761f0f1d1f	Simplify TLSX_SupportedCurve_Parse Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.	2025-06-05 22:04:49 +02:00
JeremiahM37	a160ba1379	Supported_group unit test fix	2025-06-05 22:04:49 +02:00
JeremiahM37	9d342bae83	unit tests for set_groups curve fix	2025-06-05 22:04:49 +02:00

1 2 3 4 5 ...

25489 Commits