wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 07:12:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,445 Commits 12 Branches 184 Tags
fc348da28f08ca4e2c9233c82fff68ecd78db5b2
Commit Graph

26445 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marco Oliverio
fc348da28f fix: escape error code operands 2025-10-06 14:47:13 +02:00
Marco Oliverio
9cbc3f97e5 cryptocb: sha512_family: try specific digest length hashtype first 
If the cryptocb provider supports specific SHA512/224 and SHA512/256
hashtype, this commit allows to:

1. avoid a copy
2. do not touch the output buffer outside of the cryptocb handler

2 might be important for cryptocb provider that needs special handling
of memory buffer (DMA, memory mapping).
 2025-10-06 11:42:23 +02:00
Kaleb Himes
99c983d44f Merge pull request #9269 from douzzer/20251002-linuxkm-fencepost-and-fortify-tweaks 
20251002-linuxkm-fencepost-and-fortify-tweaks
 2025-10-03 17:01:45 -06:00
Daniel Pouzzner
781c9bb990 Merge pull request #9268 from dgarske/cryptocb_only 
Remove the `NO_WRITE_TEMP_FILES` test.c logic added in #9194
 2025-10-03 16:39:59 -05:00
Daniel Pouzzner
46fd3d60f9 linuxkm/Kbuild: activate linker script with backward-compatible construct (tests good on 4.4); 
linuxkm/linuxkm_wc_port.h: completely inhibit CONFIG_FORTIFY_SOURCE across the module when HAVE_LINUXKM_PIE_SUPPORT, for fidget-free backward compat;

linuxkm/module_hooks.c:
* add startup-time sanity check on fenceposts,
* enhance DEBUG_LINUXKM_PIE_SUPPORT with coverage for WOLFSSL_TEXT_SEGMENT_CANONICALIZER on the entire text segment,
* compute and report a hash on the stabilized text segment,
* fix wc_linuxkm_normalize_relocations() to allow span end == __wc_text_end, and
* add numerous verbose pr_err()s when DEBUG_LINUXKM_PIE_SUPPORT.
 2025-10-03 15:07:56 -05:00
David Garske
d2be867b51 Remove the NO_WRITE_TEMP_FILES test.c logic added in #9194 2025-10-03 10:40:11 -07:00
David Garske
ac23b48283 Merge pull request #9144 from julek-wolfssl/ocsp-callbacks 
tls ocsp: support lazy cert loading with ocsp stapling
 2025-10-03 09:47:55 -07:00
Juliusz Sosinowicz
f9063c406b Enables dynamic TLS cert loading with OCSP 
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
 2025-10-03 13:08:11 +02:00
Sean Parkinson
ea4554c941 Merge pull request #9234 from effbiae/TLSX_WriteWithEch 
restore inner server name in TLSX_WriteWithEch
 2025-10-03 09:20:40 +10:00
Sean Parkinson
d8d3a7a22d Merge pull request #9190 from colmenero/hmacCopy-sm3-issue-9187 
Add SM3 in wolfSSL_HmacCopy
 2025-10-03 09:10:03 +10:00
Daniel Pouzzner
5804ba759a Merge pull request #9194 from dgarske/cryptocb_only_test 
Fixes for crypto callback only (no filesystem and keygen)
 2025-10-02 16:52:31 -05:00
David Garske
5501111e77 Merge pull request #9265 from douzzer/20251002-misc-clang-tidy-and-fips-fixes 
20251002-misc-clang-tidy-and-fips-fixes
 2025-10-02 14:38:14 -07:00
Daniel Pouzzner
408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero(); 
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
 2025-10-02 14:38:05 -05:00
David Garske
db6a4dfedb Merge pull request #9238 from effbiae/X509PrintSubjAltName 
refactor X509PrintSubjAltName
 2025-10-02 11:53:22 -07:00
David Garske
6de0b93a08 Merge pull request #9262 from julek-wolfssl/ascon-h-comment 
ascon.h: Correct the placement of the AsconAEAD API comment
 2025-10-02 11:11:01 -07:00
David Garske
6430a123fd Merge pull request #9264 from gojimmypi/pr-espressif-workflow 
Update Espressif workflow to pin latest to ESP-IDF v5.5
 2025-10-02 11:05:15 -07:00
gojimmypi
b4b9bee950 Update workflow to pin latest to ESP-IDF v5.5 2025-10-02 10:25:25 -07:00
David Garske
36ce93d409 Merge pull request #9225 from gojimmypi/pr-espidf-v6-sha-fix 
Add fix for SHA HW on ESP-IDF v6
 2025-10-02 09:50:46 -07:00
Juliusz Sosinowicz
31db2b9e08 ascon.h: Correct the placement of the AsconAEAD API comment 2025-10-02 10:22:16 +02:00
effbiae
c3c7b11cfc refactor X509PrintSubjAltName 2025-10-02 15:36:36 +10:00
Kaleb Himes
018af47f49 Merge pull request #9260 from douzzer/20251001-wc_DhGeneratePublic-ungate 
20251001-wc_DhGeneratePublic-ungate
 2025-10-01 14:38:39 -06:00
Daniel Pouzzner
2ca9f66579 wolfcrypt/test/test.c: add FIPS gate around wc_DhGeneratePublic() test in dh_ffdhe_test(). 2025-10-01 10:23:49 -05:00
Daniel Pouzzner
477d7fae54 remove WOLFSSL_DH_GEN_PUB, WOLFSSL_NO_DH_GEN_PUB, and WOLFSSL_DH_EXTRA gating re wc_DhGeneratePublic(), consistent with recent FIPS changes. 2025-10-01 09:38:27 -05:00
Daniel Pouzzner
56524a3169 Merge pull request #9226 from philljj/tiny_curl_config 
curl: document tiny-curl config a bit more.
 2025-09-30 20:45:15 -05:00
Daniel Pouzzner
b3a5c96c56 Merge pull request #9205 from gasbytes/issue-9188 
Prevent replaying ClientHello messages when Finished message are epoch 0
 2025-09-30 20:44:09 -05:00
Daniel Pouzzner
88075664dc Merge pull request #9252 from bigbrett/kdf-cryptocb 
HKDF cryptocb
 2025-09-30 20:37:11 -05:00
Daniel Pouzzner
d5750ac7ca Merge pull request #9250 from gasbytes/issue-9247 
Added check in TLX_Parse to check if KeyShare extension is present SupportedGroups must be present too (and viceversa)
 2025-09-30 20:36:50 -05:00
Daniel Pouzzner
c893191577 Merge pull request #9253 from julek-wolfssl/gh/9245 
DTLS SRTP should also do a cookie exchange since it uses UDP
 2025-09-30 20:36:27 -05:00
Daniel Pouzzner
55a19da4c6 Merge pull request #9178 from SparkiDev/ed448_no_large_code 
Ed448: No large code option with fast code
 2025-09-30 20:36:10 -05:00
Daniel Pouzzner
234ba7780a Merge pull request #9148 from SparkiDev/ct_volatile 
Mark variables as volatile
 2025-09-30 20:35:52 -05:00
Daniel Pouzzner
b4ee8869c8 Merge pull request #9246 from julek-wolfssl/gh/9240 
Abort connection if we are about to send the same CH
 2025-09-30 20:35:32 -05:00
Daniel Pouzzner
1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3 
Fix building and running tests and examples with coding/PEM support disabled.
 2025-09-30 20:34:46 -05:00
Daniel Pouzzner
2172a4dea9 Merge pull request #9248 from holtrop/rust-wc-aes 
Rust wrapper: Add aes module
 2025-09-30 20:34:25 -05:00
Daniel Pouzzner
4a176d175a Merge pull request #9137 from kareem-wolfssl/gh8354 
Fix documentation typo for wc_ed25519_export_public.
 2025-09-30 20:34:06 -05:00
Daniel Pouzzner
c7cd3b6c6d Merge pull request #8543 from JacobBarthelmeh/fsl_caam 
handle unsupported fsl algo
 2025-09-30 20:33:34 -05:00
Daniel Pouzzner
42d2b81231 Merge pull request #9209 from mattia-moffa/20250910-certauth-clienthello 
Add support for certificate_authorities extension in ClientHello
 2025-09-30 20:33:16 -05:00
Daniel Pouzzner
f869daafa2 Merge pull request #9037 from night1rider/issue-9009-cmake-options 
Updating configure/Cmake to track Apple options for resulting wolfssl.pc file that is generated
 2025-09-30 20:32:52 -05:00
Daniel Pouzzner
b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify 
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
 2025-09-30 16:22:41 -05:00
David Garske
50f25c5849 Merge pull request #9254 from douzzer/20250929-WOLFSSL_KERNEL_MODE 
20250929-WOLFSSL_KERNEL_MODE
 2025-09-30 09:04:13 -07:00
Sean Parkinson
4719fd5e80 Ed448: No large code option with fast code 
Make from bytes, to bytes and mod top half use for loops when no large
code.
Make generation script generate casting changes.
 2025-09-30 09:38:06 +10:00
Daniel Pouzzner
7ea66aeffe refactor WOLFSSL_LINUXKM gates as generic WOLFSSL_KERNEL_MODE gates where appropriate: 
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).

rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.

rename lkm_printf() to wc_km_printf().

replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H

remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
 2025-09-29 16:59:12 -05:00
David Garske
6698cb7616 Fix for crypto callback only 2025-09-29 12:37:57 -07:00
Brett Nicholas
5121847728 add HAVE_SELFTEST protection 2025-09-29 12:00:41 -06:00
Daniel Pouzzner
1247d2b5ed Merge pull request #9249 from lealem47/wg_enable_encoding 
Enable base16 & 64 encoding when wolfGuard is enabled
 2025-09-29 12:49:36 -05:00
Brett Nicholas
7b67dbaa31 add FIPS protection to test.c usage of wc_HKDF_ex() 2025-09-29 11:36:18 -06:00
philljj
436a06e864 Merge pull request #9251 from douzzer/20250928-linuxkm-krealloc_node_align_noprof 
20250928-linuxkm-krealloc_node_align_noprof
 2025-09-29 12:16:10 -05:00
Brett Nicholas
26ed835ca1 fix HKDF test macro protection 2025-09-29 10:52:22 -06:00
Juliusz Sosinowicz
d8fd19feb8 DTLS SRTP should also do a cookie exchange since it uses UDP 2025-09-29 18:27:36 +02:00
Brett Nicholas
3c81fffedd Add HKDF cryptoCb and test 2025-09-29 10:16:01 -06:00
Reda Chouk
be02b1ea72 Added check in TLX_Parse to check if KeyShare extension is present 
SupportedGroups must be present too (and viceversa).
From RFC 8446 Section 9.2.
 2025-09-29 13:10:32 +02:00