WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
25,515 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

25515 Commits (master)

Author SHA1 Message Date
David Garske 05ff12969e
Merge pull request #8864 from kojiws/improve_pkcs12_export_params 
Apply 16 bytes salt length for PBES2 key encryption on wc_PKCS12_create()
 2025-06-13 14:12:37 -07:00
Koji Takeda ff1baf0ae7 Apply stronger salt length for PBES2 2025-06-14 00:45:03 +09:00
JacobBarthelmeh e74214ded0
Merge pull request #8878 from dgarske/fix_pr8867_oscheck 
Fix for syntax error in os-check.yml
 2025-06-13 09:09:27 -06:00
David Garske 8181561f0f Fix for syntax error in os-check.yml added in PR #8867. 2025-06-13 07:17:37 -07:00
Daniel Pouzzner 1549425411
Merge pull request #8873 from philljj/fix_fips_enabled 
linuxkm: don't toggle fips_enabled.
 2025-06-13 05:56:52 -05:00
jordan b6b58a957b linuxkm: add missing WC_NO_ERR_TRACE. 2025-06-13 01:45:47 -05:00
jordan bb5291aa5e linuxkm: don't toggle fips_enabled. 2025-06-13 00:45:12 -05:00
David Garske 6cb0c8513d
Merge pull request #8874 from JacobBarthelmeh/nginx-tests 
fix for perl module version used with nginx test
 2025-06-12 16:09:31 -07:00
JacobBarthelmeh b78f8a4ed6 fix for perl module version used with nginx test 2025-06-12 15:55:56 -06:00
David Garske c5e63b84ca
Merge pull request #8840 from douzzer/20250605-linuxkm-DRBG-multithread-round-1 
20250605-linuxkm-DRBG-multithread-round-1
 2025-06-12 13:17:54 -07:00
David Garske 2fc1110a13
Merge pull request #8587 from lealem47/gh8574 
Fix bug in ParseCRL_Extensions
 2025-06-12 12:09:52 -07:00
David Garske 701e3ba64e
Merge pull request #8808 from rlm2002/coverity 
Coverity: api.c fix
 2025-06-12 12:03:14 -07:00
David Garske bfdce3a345
Merge pull request #8832 from SparkiDev/aarch64_xfence 
Aarch64 XFENCE
 2025-06-12 11:53:55 -07:00
David Garske 6571f42cb9
Merge pull request #8867 from JacobBarthelmeh/rng 
Improvements to RNG and compatibility layer
 2025-06-11 14:31:53 -07:00
JacobBarthelmeh 8ee1f8f287 add macro guard on test case 2025-06-11 10:43:47 -06:00
JacobBarthelmeh 675ff71b0b
Merge pull request #8863 from rlm2002/AppleNativeCert 
Add api unit test for checking domain name
 2025-06-11 09:38:08 -06:00
Sean Parkinson d66863d0ac Aarch64 XFENCE 
Use sb instruction instead of isb if available.
 2025-06-11 09:29:20 +10:00
JacobBarthelmeh ae87afa677
Merge pull request #8857 from miyazakh/tsip_fix 
fix TSIP TLS example program
 2025-06-10 16:26:34 -06:00
JacobBarthelmeh 47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh 4207affc72 adding additional RAND test cases 2025-06-10 16:01:52 -06:00
Ruby Martin d0134f2212 coverity: address reuse after free, add NULL checks 2025-06-10 15:33:47 -06:00
Ruby Martin a7a5062c7a add api test for checking domain name 
use SNI example.com in client ssl
 2025-06-10 15:22:01 -06:00
JacobBarthelmeh fbbb6b7707 add mutex locking and compat layer FIPS case 2025-06-10 14:37:11 -06:00
JacobBarthelmeh 31490ab813 add sanity checks on pid with RNG 2025-06-10 14:37:11 -06:00
Hideki Miyazaki d138c48a00 add TSIP_RSASSA_1024 and TSIP_RSASSA_2048 to known_macro_extras 2025-06-11 04:12:54 +09:00
JacobBarthelmeh 2d892f07eb
Merge pull request #8861 from gasbytes/psk-handshake-failure-fix 
tls13: clear tls1_3 on downgrade
 2025-06-10 10:24:17 -06:00
JacobBarthelmeh 047f0bb5fc
Merge pull request #8847 from gojimmypi/pr-platformio-cert-bundles 
Improve PlatformIO Certificate Bundle Support
 2025-06-10 10:23:07 -06:00
JacobBarthelmeh eb3c324ea4
Merge pull request #8852 from holtrop/reseed-drbg-in-rand-poll-test 
Add additional compatibility layer RAND tests
 2025-06-10 10:20:46 -06:00
JacobBarthelmeh 94f5948f20
Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
JacobBarthelmeh 81852e7425
Merge pull request #8865 from SparkiDev/dilithium_fixes_2 
ML-DSA: fix tests for different configs
 2025-06-10 09:43:13 -06:00
Sean Parkinson cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Josh Holtrop 1c6e3d729a Check that fork() returns >= 0 in RAND_poll fork test 2025-06-10 06:23:06 -04:00
JacobBarthelmeh 106bcb22d3
Merge pull request #8860 from LinuxJedi/tls13-trusted-ca 
Allow `trusted_ca_keys` with TLSv1.3
 2025-06-09 17:43:44 -06:00
JacobBarthelmeh 4ae8ca03ac
Merge pull request #8859 from kojiws/clarify_supported_pkcs12_enc_algos 
Clarify supported encryption algorithms on wc_PKCS12_create()
 2025-06-09 16:03:53 -06:00
David Garske 587d5c783b
Merge pull request #8862 from JacobBarthelmeh/pqc 
fix syntax error with pqc yml
 2025-06-09 13:03:48 -07:00
Josh Holtrop 133e238359 Wait on child process in RAND_poll fork test 2025-06-09 15:59:22 -04:00
JacobBarthelmeh 496b0911be fix syntax error with pqc yml 2025-06-09 13:50:00 -06:00
Marco Oliverio 3e6703e1fb fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 19:20:06 +02:00
Marco Oliverio 1024bf0109 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 18:00:23 +02:00
Reda Chouk 92b6e2f2e9 tls13: clear tls1_3 on downgrade 
Unset ssl->options.tls1_3 whenever we drop to TLS 1.2 so PSK
handshakes don’t hit -326 VERSION_ERROR.
 2025-06-09 17:12:56 +02:00
Marco Oliverio 59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Andrew Hutchings 5e6cb2b0b6 Allow `trusted_ca_keys` with TLSv1.3 
It is possible that the client will provied `trusted_ca_keys` during a
TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with
`EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and
should be ignored.

ZD 19936
 2025-06-09 08:31:54 +01:00
Koji Takeda 0260ff789b Clarify supported PKCS12 encryption algorithms 2025-06-09 12:03:47 +09:00
Marco Oliverio c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
Hideki Miyazaki eeb3961b6f fix trailing whitespace 2025-06-07 14:23:59 +09:00
Hideki Miyazaki 0404447bd8 fix typo 2025-06-07 12:46:22 +09:00
Hideki Miyazaki 1f8efc3c14 fix TSIP example 
fix Client Certificate Verify using RSA sign/verify
 2025-06-07 12:38:18 +09:00
Daniel Pouzzner ae15693fa8 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_generate() and wc_linuxkm_drbg_seed(), check retval from wc_LockMutex(). 
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), restore smallstack path for digest[], but use non-smallstack path for WOLFSSL_LINUXKM.
 2025-06-07 07:07:20 +04:00
Josh Holtrop 10b3cc8dd2 Add fork test for RAND_poll() 2025-06-06 20:45:01 -04:00
gojimmypi 3254f56d32
Improve PlatformIO Certificate Bundle Support 2025-06-06 15:48:07 -07:00