wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 13:42:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,121 Commits 12 Branches 184 Tags
fc7d4ffad4258a19585b4e27cb41df34c6b37e79
Commit Graph

3233 Commits

Author SHA1 Message Date
Daniel Pouzzner
fc7d4ffad4 PR#9545 20251211-DRBG-SHA2-smallstackcache-prealloc addressing peer review: clear dest if necessary in InitHandshakeHashesAndCopy(), style tweaks in random.c, explanatory comments in sha512.c. 2025-12-17 11:07:22 -06:00
Daniel Pouzzner
dc0fe803a5 src/internal.c: in InitHandshakeHashesAndCopy(), don't call InitHandshakeHashes(), to avoid leaking in the later wc_FooCopy() operation. 2025-12-17 11:01:10 -06:00
JacobBarthelmeh
75fdf959c1 Merge pull request #9514 from kareem-wolfssl/zd20936 
Fix uninitialized variable, fix potentially undefined printf reference in HASH_DRBG_Generate.
 2025-12-16 14:48:17 -07:00
Kareem
968662063d Merge remote-tracking branch 'upstream/master' into zd20936 2025-12-15 14:06:18 -07:00
Sean Parkinson
d3863e5fa3 TLS 1.3: duplicate extension alert code fix 
The specification states to return illegal_parameter when a message is
syntactically correct but semantically invalid. (RFC 8446 section 6,
Paragraph 5)
 2025-12-15 10:00:56 -08:00
Lealem Amedie
61e58f0f04 Fix for analyzer null dereference 2025-12-12 12:31:07 -07:00
Kareem
3797c03e6c Merge remote-tracking branch 'upstream/master' into zd20936 2025-12-12 11:37:34 -07:00
Kareem
63976cb09b Fix uninitialized variable, use WOLFSSL_DEBUG_PRINTF macro in Hash_DRBG_Generate to avoid undefined printf reference. 2025-12-10 12:28:54 -07:00
Marco Oliverio
33a518958c internal.c: fix comment to be more precise 2025-12-10 14:11:07 +01:00
Sean Parkinson
2b726ebf0b Merge pull request #9386 from sebastian-carpenter/oss-fuzz-fix-442261624 
fixed oss-fuzz warnings
 2025-12-04 15:28:18 +10:00
David Garske
8741805e9d Merge pull request #9476 from embhorn/zd20515 
Fix Coverity dead code report
 2025-12-01 13:59:21 -08:00
Sean Parkinson
6c8b9054a0 Merge pull request #9443 from holtrop/report-rsa_pss_pss-sig-algo 
TLSv1.3 certificate verify: report rsa_pss_pss_* signature algorithm when supported
 2025-11-27 09:12:58 +10:00
Josh Holtrop
36418aca76 Set useRsaPss flag in both SSL and CTX structures 2025-11-26 10:30:38 -05:00
Eric Blankenhorn
6de31e95fc Fix Coverity dead code report 2025-11-25 13:53:36 -06:00
Sean Parkinson
7c8d7dff5e Merge pull request #9348 from effbiae/ExportEccTempKey 
Refactor: Extract ExportEccTempKey, DhSetKey, and other helper functions from SendServerKeyExchange
 2025-11-25 09:31:20 +10:00
David Garske
658ea305d1 Fix issue with poorly written macros 2025-11-18 14:15:22 -08:00
sebastian-carpenter
7fdd177233 fixed oss-fuzz warnings 2025-11-18 13:28:51 -07:00
Daniel Pouzzner
c29abccc9f src/internal.c: peer review: refactor wolfssl_priv_der_unblind() and wolfssl_priv_der_unblind_free() to use AllocDer() and FreeDer(). 2025-11-14 18:13:44 -06:00
Daniel Pouzzner
dee0658e8a fix races around WOLFSSL_CTX.{privateKey,privateKeyMask,altPrivateKey,altPrivateKeyMask} in WOLFSSL_BLIND_PRIVATE_KEY code paths: 
* rename wolfssl_priv_der_unblind() to wolfssl_priv_der_blind_toggle(),
* add wolfssl_priv_der_unblind() that allocates a temp copy,
* add wolfssl_priv_der_unblind_free(),
* in wolfssl_priv_der_blind_toggle(), make mask a const arg;

restore const attribute to ctx arg to wolfSSL_CTX_get0_privatekey(), and add explanatory comment.
 2025-11-14 18:13:43 -06:00
jackctj117
0767cb84bf Removed trailing white space 2025-11-14 09:03:51 -07:00
jackctj117
5e2fd78113 Suppress unused parameter warning 2025-11-13 18:32:00 -07:00
jackctj117
29c2f15a8f Add #ifdef guards to cipher suite checks 2025-11-13 10:06:07 -07:00
effbiae
de0d3e610d refactor to ExportEccTempKey, DhSetKey and others 2025-11-13 14:49:26 +11:00
jackctj117
c56ea55f89 Fix TLS 1.3 cipher suite selection when TLS 1.2 ciphers precede TLS 1.3 ciphers 2025-11-12 17:03:06 -07:00
David Garske
6914f08f5e Merge pull request #9391 from holtrop/check-dup-extensions-fix 
Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377
 2025-11-11 14:05:14 -08:00
Josh Holtrop
798b16dcef Address more code review feedback for PR 9391 2025-11-11 15:36:28 -05:00
Josh Holtrop
32b00fd10b Address code review feedback for PR 9391 2025-11-11 14:06:44 -05:00
David Garske
2db1c7a522 Merge pull request #9395 from SparkiDev/tls12_cv_sig_check 
TLS 1.2 CertificateVerify: validate sig alg matches peer key
 2025-11-11 09:18:11 -08:00
Sean Parkinson
f54ca0d481 TLS 1.2 CertificateVerify: req sig alg to have been in CR 
The signature algorithm specified in CertificateVerify must have been in
the CertificateRequest. Add check.

The cipher suite test cases, when client auth and RSA are built-in and
use the default client certificate and use the *-ECDSA-* cipher
suites, no longer work. The client certificate must be ECC when the
cipher suite has ECDSA. Don't run them for that build.
 2025-11-11 13:20:46 +10:00
Josh Holtrop
3af60ff85d Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377 2025-11-10 10:06:07 -05:00
Daniel Pouzzner
9e9a7392d4 Merge pull request #9373 from julek-wolfssl/WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY 
Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards
 2025-11-08 11:04:43 -06:00
JacobBarthelmeh
4c5bc5f8fe Merge pull request #9387 from SparkiDev/tls12_cr_order 
TLS 1.2: client message order check
 2025-11-07 10:00:39 -07:00
Sean Parkinson
58bd6a8d94 TLS 1.2 CertificateVerify: validate sig alg matches peer key 
Don't proceed with parsing CertificateVerify message in TLS 1.2 if the
signature algorithm doesn't match the peer's key (key from client
certificate).
 2025-11-07 13:26:26 +10:00
Juliusz Sosinowicz
3ebc0c5f99 Update logs 2025-11-06 16:39:48 +01:00
Juliusz Sosinowicz
ed970e7cd8 Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards 2025-11-06 16:35:11 +01:00
Sean Parkinson
958fa1af60 TLS 1.2: client message order check 
Error when client receives CertificateRequest out of order: not after
Certificate and not after ServerKeyExchange if being sent.
 2025-11-05 10:00:11 +10:00
Juliusz Sosinowicz
f95cb4e9bf Improve domain and IP address matching in certificate verification 
- Distinguish between domain and IP address checks.
- Update curl action to test with httpd server
 2025-11-04 18:36:29 +01:00
Daniel Pouzzner
5922b5def5 Merge pull request #9363 from julek-wolfssl/refactor-zero-return 
Improve TLS 1.3 early data handling.
 2025-10-31 17:39:11 -05:00
Daniel Pouzzner
7085421dd0 Merge pull request #9340 from julek-wolfssl/tls13-hrr-cs-change 
Validate cipher suite after HelloRetryRequest
 2025-10-30 23:46:50 -05:00
Daniel Pouzzner
a2b3af095d Merge pull request #9339 from effbiae/EcMakeKey 
refactor to EcMakeKey
 2025-10-30 23:45:22 -05:00
Daniel Pouzzner
9c031608ef Merge pull request #9349 from effbiae/EcExportHsKey 
refactor to EcExportHsKey
 2025-10-30 23:44:58 -05:00
Juliusz Sosinowicz
3209d264b8 Improve TLS 1.3 early data handling. 
Introduce `clientInEarlyData` to only return when in `wolfSSL_read_early_data`. This makes sure that other API don't return `ZERO_RETURN` when not in `wolfSSL_read_early_data`. Chose `APP_DATA_READY` as it won't result in a false positive return from `wolfSSL_read_early_data`.
 2025-10-29 19:04:36 +01:00
Daniel Pouzzner
d260493642 src/internal.c: in HashOutput(), check for null output pointer; 
examples/pem/pem.c: in main(), add missing check that ret == 0 in _DER_TO_PEM code path.
 2025-10-29 10:04:24 -05:00
Juliusz Sosinowicz
7b7f9a4fe0 dtls: Check PSK ciphersuite against local list 2025-10-29 13:14:50 +01:00
Daniel Pouzzner
8c60b7b250 src/internal.c and tests/api.c: fix clang-analyzer-core.NullPointerArithms. 2025-10-28 16:42:14 -05:00
effbiae
1c8e7885b4 refactor to EcMakeKey 2025-10-28 08:46:47 -07:00
effbiae
993ecad16a refactor to EcExportHsKey 2025-10-28 16:01:39 +11:00
David Garske
7bbe15936d Merge pull request #9290 from effbiae/make-pre-master-secret 
refactor to Make(Dhe)PSKPreMasterSecret
 2025-10-27 08:39:17 -07:00
Daniel Pouzzner
c9cc701097 src/internal.c: suppress clang-analyzer-deadcode.DeadStores in ImportPeerECCKey() introduced by 4964a1760a. 2025-10-25 08:55:23 -05:00
David Garske
4282ad38ec Merge pull request #9300 from effbiae/ImportPeerECCKey 
refactor to ImportPeerECCKey
 2025-10-24 08:17:54 -07:00