WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
25,498 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

25498 Commits (bfdce3a345a63dc8cc3c4b51f764aa34131c187c)

Author SHA1 Message Date
David Garske bfdce3a345
Merge pull request #8832 from SparkiDev/aarch64_xfence 
Aarch64 XFENCE
 2025-06-12 11:53:55 -07:00
David Garske 6571f42cb9
Merge pull request #8867 from JacobBarthelmeh/rng 
Improvements to RNG and compatibility layer
 2025-06-11 14:31:53 -07:00
JacobBarthelmeh 8ee1f8f287 add macro guard on test case 2025-06-11 10:43:47 -06:00
JacobBarthelmeh 675ff71b0b
Merge pull request #8863 from rlm2002/AppleNativeCert 
Add api unit test for checking domain name
 2025-06-11 09:38:08 -06:00
Sean Parkinson d66863d0ac Aarch64 XFENCE 
Use sb instruction instead of isb if available.
 2025-06-11 09:29:20 +10:00
JacobBarthelmeh ae87afa677
Merge pull request #8857 from miyazakh/tsip_fix 
fix TSIP TLS example program
 2025-06-10 16:26:34 -06:00
JacobBarthelmeh 47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh 4207affc72 adding additional RAND test cases 2025-06-10 16:01:52 -06:00
Ruby Martin a7a5062c7a add api test for checking domain name 
use SNI example.com in client ssl
 2025-06-10 15:22:01 -06:00
JacobBarthelmeh fbbb6b7707 add mutex locking and compat layer FIPS case 2025-06-10 14:37:11 -06:00
JacobBarthelmeh 31490ab813 add sanity checks on pid with RNG 2025-06-10 14:37:11 -06:00
Hideki Miyazaki d138c48a00 add TSIP_RSASSA_1024 and TSIP_RSASSA_2048 to known_macro_extras 2025-06-11 04:12:54 +09:00
JacobBarthelmeh 2d892f07eb
Merge pull request #8861 from gasbytes/psk-handshake-failure-fix 
tls13: clear tls1_3 on downgrade
 2025-06-10 10:24:17 -06:00
JacobBarthelmeh 047f0bb5fc
Merge pull request #8847 from gojimmypi/pr-platformio-cert-bundles 
Improve PlatformIO Certificate Bundle Support
 2025-06-10 10:23:07 -06:00
JacobBarthelmeh eb3c324ea4
Merge pull request #8852 from holtrop/reseed-drbg-in-rand-poll-test 
Add additional compatibility layer RAND tests
 2025-06-10 10:20:46 -06:00
JacobBarthelmeh 94f5948f20
Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
JacobBarthelmeh 81852e7425
Merge pull request #8865 from SparkiDev/dilithium_fixes_2 
ML-DSA: fix tests for different configs
 2025-06-10 09:43:13 -06:00
Sean Parkinson cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Josh Holtrop 1c6e3d729a Check that fork() returns >= 0 in RAND_poll fork test 2025-06-10 06:23:06 -04:00
JacobBarthelmeh 106bcb22d3
Merge pull request #8860 from LinuxJedi/tls13-trusted-ca 
Allow `trusted_ca_keys` with TLSv1.3
 2025-06-09 17:43:44 -06:00
JacobBarthelmeh 4ae8ca03ac
Merge pull request #8859 from kojiws/clarify_supported_pkcs12_enc_algos 
Clarify supported encryption algorithms on wc_PKCS12_create()
 2025-06-09 16:03:53 -06:00
David Garske 587d5c783b
Merge pull request #8862 from JacobBarthelmeh/pqc 
fix syntax error with pqc yml
 2025-06-09 13:03:48 -07:00
Josh Holtrop 133e238359 Wait on child process in RAND_poll fork test 2025-06-09 15:59:22 -04:00
JacobBarthelmeh 496b0911be fix syntax error with pqc yml 2025-06-09 13:50:00 -06:00
Marco Oliverio 3e6703e1fb fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 19:20:06 +02:00
Marco Oliverio 1024bf0109 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 18:00:23 +02:00
Reda Chouk 92b6e2f2e9 tls13: clear tls1_3 on downgrade 
Unset ssl->options.tls1_3 whenever we drop to TLS 1.2 so PSK
handshakes don’t hit -326 VERSION_ERROR.
 2025-06-09 17:12:56 +02:00
Marco Oliverio 59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Andrew Hutchings 5e6cb2b0b6 Allow `trusted_ca_keys` with TLSv1.3 
It is possible that the client will provied `trusted_ca_keys` during a
TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with
`EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and
should be ignored.

ZD 19936
 2025-06-09 08:31:54 +01:00
Koji Takeda 0260ff789b Clarify supported PKCS12 encryption algorithms 2025-06-09 12:03:47 +09:00
Marco Oliverio c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
Hideki Miyazaki eeb3961b6f fix trailing whitespace 2025-06-07 14:23:59 +09:00
Hideki Miyazaki 0404447bd8 fix typo 2025-06-07 12:46:22 +09:00
Hideki Miyazaki 1f8efc3c14 fix TSIP example 
fix Client Certificate Verify using RSA sign/verify
 2025-06-07 12:38:18 +09:00
Josh Holtrop 10b3cc8dd2 Add fork test for RAND_poll() 2025-06-06 20:45:01 -04:00
gojimmypi 3254f56d32
Improve PlatformIO Certificate Bundle Support 2025-06-06 15:48:07 -07:00
JacobBarthelmeh 0bac2c2b34
Merge pull request #8846 from lealem47/zd20027 
Don't include AEAD nonce in decrypted data size
 2025-06-06 15:43:20 -06:00
Sean Parkinson 8e9e671a5a
Merge pull request #8853 from JacobBarthelmeh/pqc 
add macro WOLFSSL_ML_KEM_USE_OLD_IDS to PQC CI test
 2025-06-07 07:29:33 +10:00
JacobBarthelmeh 369f9f0339
Merge pull request #8849 from holtrop/reseed-drbg-in-rand-poll 
Reseed DRBG in RAND_poll()
 2025-06-06 11:55:46 -06:00
JacobBarthelmeh ae7509e746
Merge pull request #8813 from gojimmypi/espressif-mlkem-support 
Adjust Espressif Examples for Post Quantum ML-KEM
 2025-06-06 11:41:59 -06:00
JacobBarthelmeh 9ffca6b39c
Merge pull request #8822 from kojiws/support_cert_aes_cbc_on_pkcs12_export 
Support PBE_AES(256|128)_CBC certificate encryptions on wc_PKCS12_create()
 2025-06-06 11:35:13 -06:00
JacobBarthelmeh 45306e9378
Merge pull request #8845 from rlm2002/coverityTests 
Coverity: test adjustments and variable checks
 2025-06-06 11:29:56 -06:00
JacobBarthelmeh 8a4200eb31 add macro WOLFSSL_ML_KEM_USE_OLD_IDS to PQC CI test 2025-06-06 11:12:37 -06:00
JacobBarthelmeh f4821eb0f4
Merge pull request #8827 from SparkiDev/ml_kem_codepoints 
ML_KEM IDs backward compat
 2025-06-06 11:06:15 -06:00
JacobBarthelmeh 570c1fc390
Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
Josh Holtrop 0c12337194 Reseed DRBG in RAND_poll() 2025-06-06 12:20:58 -04:00
JacobBarthelmeh bfc55d9016
Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
JacobBarthelmeh 407a1259af
Merge pull request #8851 from douzzer/20250606-fixes 
Adjustment for warnings with NO_TLS build and add github actions test
 2025-06-06 09:46:42 -06:00
Daniel Pouzzner efc36655e6 src/internal.c: add pedantic-compatible NO_TLS codepath for cipher_names[] and GetCipherNamesSize(). 2025-06-06 18:02:19 +04:00
Daniel Pouzzner 4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; 
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
 2025-06-06 17:18:50 +04:00