wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 00:02:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,858 Commits 12 Branches 184 Tags
ee3b459e1692a17a2be7842413873be22b247e99
Commit Graph

8677 Commits

Author SHA1 Message Date
Kareem
c9d451e857 Fix wolfSSL_BIO_new_connect's handling of IPV6 addresses. 2025-07-10 10:33:46 -07:00
David Garske
2b07b9143b Fix issue with X509 reference counter with --enable-opensslextra=x509small or OPENSSL_EXTRA_X509_SMALL. Thank you Mohre. 2025-07-09 16:51:48 -07:00
David Garske
b0a5d2fdf0 Merge pull request #8969 from SparkiDev/alpn_gcc_Os_fix 
ALPN: don't use BIO
 2025-07-09 16:30:12 -07:00
David Garske
3f83ed2815 Merge pull request #8960 from ribes96/certwrite-custext 
When creating a Cert from a WOLFSSL_X509, account for custom extensions
 2025-07-09 16:13:07 -07:00
David Garske
3c00e26274 Merge pull request #8974 from rlm2002/coverity_fix 
Coverity: Check values
 2025-07-09 16:12:42 -07:00
gojimmypi
ebeb95e47b Initialize Dilithium keyTypeTemp and keySizeTemp 2025-07-09 09:13:14 -07:00
David Garske
0407ea131b Merge pull request #8970 from miyazakh/qt_jenkins_encryptedKey4PBKDF1 
Fix Qt nightly Jenkins failure
 2025-07-09 08:04:48 -07:00
Ruby Martin
f62d0fa256 check sigAlgs.size against WOLFSSL_MAX_SIGALGO 2025-07-09 08:57:44 -06:00
Ruby Martin
61e4142fe0 add null check for ssl before use in wc_DhGenerateKeyPair 2025-07-07 09:17:29 -06:00
Hideki Miyazaki
ee8be22a3f Fix Qt nightly jenkins failure 
PBKDF1 encrpted key
 2025-07-07 15:10:41 +09:00
Sean Parkinson
70e53d1a34 ALPN: don't use BIO 
Fix wolfSSL_set_alpn_protos to not use BIO.
When compiling with -Os and newer gcc, the compiler gets confused with
the void* cast in the wolfSSL_BIO_get_mem_data call.
 2025-07-07 12:59:42 +10:00
Albert Ribes
5615993f48 Add missing option checks 2025-07-03 19:01:50 +02:00
Albert Ribes
2ddd98927f When creating a Cert from a WOLFSSL_X509, account for custom extensions 
Function 'CertFromX509' is used to convert a WOLFSSL_X509 to a Cert
structure for writing out. It didn't copy custom extensions.
 2025-07-03 17:28:57 +02:00
JacobBarthelmeh
ff80d62db2 Merge pull request #8942 from rlm2002/coverity 
Coverity: address unresolved issue from previous change
 2025-07-01 16:09:32 -06:00
Ruby Martin
c06fa48e75 return NULL on negative length 2025-07-01 14:25:35 -06:00
Sean Parkinson
7c4de54e73 EVP HMAC: get working with WOLFSSL_HMAC_COPY_HASH 
Get the EVP layer working with the wolfSSL HMAC implementation when
WOLFSSL_HMAC_COPY_HASH is defined.
This define hashes the ipad and opad into temporary hashes and copies
the required hash into the working hash when needed. Uses more memory
but is faster when starting a new hash with the same key.
 2025-07-01 13:14:26 +10:00
JacobBarthelmeh
7fb750962b Merge pull request #8935 from philljj/fix_coverity 
coverity: prune dead code in ssl_sess.c.
 2025-06-30 13:32:34 -06:00
Daniel Pouzzner
1127dabe98 Merge pull request #8926 from dgarske/various_20250625 
Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT
 2025-06-27 22:29:24 -05:00
jordan
68cf96e7f6 coverity: do not free x509 on error in wolfSSL_add0_chain_cert. 2025-06-27 17:25:28 -05:00
jordan
d998d01a0c coverity: prune dead code in ssl_sess.c. 2025-06-27 15:40:01 -05:00
David Garske
1db3dbcc28 Improvement to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. Workaround to avoid large WOLFSSL structure size with compatibility layer enabled (the struct WOLFSSL_X509 is over 5KB). Note: May investigate way to place into heap instead. Fix issues building compatibility layer without MD5. 2025-06-27 12:42:52 -07:00
Ruby Martin
9b6b41627e move CFErrorRef instantiation 
cleanup
 2025-06-26 09:06:01 -06:00
Ruby Martin
79b6e62668 modify check domain test 
void code for unused variable warning

do not run check_domain_name test if ssl_verify_none has been set
 2025-06-26 08:39:32 -06:00
Ruby Martin
7c44f14e77 add apple test to github actions 2025-06-26 08:38:30 -06:00
Ruby Martin
d3b30f8d51 Check underlying error, want only maximum validity period error 
add apple test macros to tests requiring cert manager
 2025-06-26 08:38:28 -06:00
Brett
877bade216 additional debugging 2025-06-26 08:38:28 -06:00
Brett
7232b3a6bb Apple native cert validation: add WOLFSSL_TEST_APPLE_CERT_VALIDATION feature macro that forces system CA certs on and makes all CA certs added to CM via xxx_load_verify_xxx APIs to instead be loaded as system trust anchors when used for TLS cert verification 2025-06-26 08:38:26 -06:00
Daniel Pouzzner
23a37b2ebc Merge pull request #8916 from dgarske/revert_pr8911 
Revert PR #8911
 2025-06-25 21:52:34 -05:00
Daniel Pouzzner
d6d124bb85 Merge pull request #8774 from SparkiDev/armv8_ghs 
Armv8 (Aarch64) ASM fixes for Green Hills compiler
 2025-06-25 21:46:48 -05:00
Daniel Pouzzner
38892fdd07 Merge pull request #8757 from anhu/recalc_suites 
Recalculate suites at ssl initialization.
 2025-06-25 21:32:38 -05:00
JacobBarthelmeh
fe7d458d29 random.c is also locked in FIPS v6 2025-06-24 16:08:25 -06:00
David Garske
bfebeae533 Revert PR #8911. For TLS v1.2 RSA only is only supported with WOLFSSL_STATIC_RSA. For TLS v1.3 RSA only is not supported (must be PFS). 2025-06-24 09:40:15 -07:00
Anthony Hu
43df11c9c1 Add gate on having DH 2025-06-24 10:37:26 -04:00
Anthony Hu
8c1298a1d8 Check if DH's P and G are set 2025-06-24 09:59:12 -04:00
Sean Parkinson
fc1d281268 Green Hills compiler fixes 
internal.c: Move non-enumeration value out of switch.
ssl.c: Only declare globalRNGMutex when required.
x509.c: initialize ret

armv8-aes.c, armv8-chacha.c: fix branch instructions
armv8-mlkem*: ensure only required constants are input operands and move
constants closer to first use.
armv8-poly1305.c: remove POLY1305_BLOCK_SIZE from input operands.
armv8-sha3-asm_c.c, armv8-sha512-asm_c.c: use constraint ':' instead of
'S'.
armv8-sha512.c: initialize initfp. Is always used.
 2025-06-24 19:39:40 +10:00
David Garske
978a29da0b Merge pull request #8898 from cconlon/getpidOptionsH 
Add HAVE_GETPID to options.h if getpid detected
 2025-06-23 17:11:55 -07:00
Anthony Hu
d45e42e2e6 keySz is only in Buffers if NO_CERTS not defined. 2025-06-23 18:29:39 -04:00
Anthony Hu
6385999ae9 Recalculate suites at ssl initialization. 2025-06-23 18:29:39 -04:00
David Garske
caf8494d65 Merge pull request #8911 from gojimmypi/pr-allow-only-rsa 
Allow configuration with only RSA cipher suites
 2025-06-23 11:18:27 -07:00
Daniel Pouzzner
b361c62372 Merge pull request #8903 from dgarske/cadate_calist 
Expose API to access "store" error code and depth for cert failure callback
 2025-06-23 10:08:41 -05:00
gojimmypi
afa22dfc2b Allow configuration with only RSA cipher suites 2025-06-21 14:54:10 -07:00
David Garske
1be303866e Merge pull request #8908 from douzzer/20250620-clang-tidy-and-cppcheck-fixes-and-workarounds 
20250620-clang-tidy-and-cppcheck-fixes-and-workarounds
 2025-06-20 15:07:09 -07:00
David Garske
f30c54abdd Merge pull request #8894 from SparkiDev/ppc32_sha256_asm 
PPC 32 ASM: SHA-256
 2025-06-20 14:29:47 -07:00
Daniel Pouzzner
7977a605c5 src/internal.c: in FreeSskeArgs(), move nullness check on args to the start, and make it unconditional, to resolve nullPointerRedundantChecks. 2025-06-20 15:04:07 -05:00
David Garske
b98cf8882b Remove HAVE_LIGHTY from the client_ca_names feature. 2025-06-20 11:29:02 -07:00
David Garske
9b50708741 Fix to expose API to access "store" error code and error depth for cert failure callback (from set_verify). Useful for C# wrapper or clients that cannot directly dereference X509_STORE. Fixes for building with WOLFSSL_EXTRA and WOLFSSL_NO_CA_NAMES (and added new tests). Added example in CSharp TLS client for overriding a begin date error (useful if date is not set). 2025-06-19 14:49:00 -07:00
Chris Conlon
cdd02f9665 Add check for reseed in ssl.c for HAVE_SELFTEST, similar to old FIPS bundles that do not have older random.c files 2025-06-18 17:21:55 -06:00
David Garske
27176a5eeb Merge pull request #8870 from kareem-wolfssl/zd20030 
Various minor fixes.
 2025-06-18 08:55:07 -07:00
Sean Parkinson
c39f1fe721 PPC 32 ASM: SHA-256 
Pure and inline  ASM for the PowerPC 32-bit.
 2025-06-18 21:23:15 +10:00
David Garske
7d77446964 Merge pull request #8882 from rizlik/dtls13_always_transmit_explicit_ack 
dtls13: always send ACKs on detected retransmission
 2025-06-17 11:35:07 -07:00