WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
25,693 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

25693 Commits (edacf0434c0e729d6d9af417f38edc00903a78d8)

Author SHA1 Message Date
Maxim Kostin 519b314cf2 Fix formatting inconsistencies in README.md 2025-06-09 17:12:46 +02:00
Marco Oliverio 59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Maxim Kostin 7b0b2e9f0c Added AES IV retrieval from TROPIC01 and use of new R-Memory slot definitions 2025-06-09 16:06:56 +02:00
kosmax871 2da1b4e6b2
Merge branch 'wolfSSL:master' into tropic01-dev 2025-06-09 16:01:23 +02:00
Andrew Hutchings 5e6cb2b0b6 Allow `trusted_ca_keys` with TLSv1.3 
It is possible that the client will provied `trusted_ca_keys` during a
TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with
`EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and
should be ignored.

ZD 19936
 2025-06-09 08:31:54 +01:00
Koji Takeda 0260ff789b Clarify supported PKCS12 encryption algorithms 2025-06-09 12:03:47 +09:00
Marco Oliverio c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
Hideki Miyazaki eeb3961b6f fix trailing whitespace 2025-06-07 14:23:59 +09:00
Hideki Miyazaki 0404447bd8 fix typo 2025-06-07 12:46:22 +09:00
Hideki Miyazaki 1f8efc3c14 fix TSIP example 
fix Client Certificate Verify using RSA sign/verify
 2025-06-07 12:38:18 +09:00
Daniel Pouzzner ae15693fa8 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_generate() and wc_linuxkm_drbg_seed(), check retval from wc_LockMutex(). 
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), restore smallstack path for digest[], but use non-smallstack path for WOLFSSL_LINUXKM.
 2025-06-07 07:07:20 +04:00
Josh Holtrop 10b3cc8dd2 Add fork test for RAND_poll() 2025-06-06 20:45:01 -04:00
gojimmypi 3254f56d32
Improve PlatformIO Certificate Bundle Support 2025-06-06 15:48:07 -07:00
JacobBarthelmeh 0bac2c2b34
Merge pull request #8846 from lealem47/zd20027 
Don't include AEAD nonce in decrypted data size
 2025-06-06 15:43:20 -06:00
Sean Parkinson 8e9e671a5a
Merge pull request #8853 from JacobBarthelmeh/pqc 
add macro WOLFSSL_ML_KEM_USE_OLD_IDS to PQC CI test
 2025-06-07 07:29:33 +10:00
JacobBarthelmeh 369f9f0339
Merge pull request #8849 from holtrop/reseed-drbg-in-rand-poll 
Reseed DRBG in RAND_poll()
 2025-06-06 11:55:46 -06:00
Maxim Kostin 0fe8fa7645 Add Tropic01_Deinit call in wolfCrypt_Cleanup for proper resource management 2025-06-06 19:46:27 +02:00
JacobBarthelmeh ae7509e746
Merge pull request #8813 from gojimmypi/espressif-mlkem-support 
Adjust Espressif Examples for Post Quantum ML-KEM
 2025-06-06 11:41:59 -06:00
JacobBarthelmeh 9ffca6b39c
Merge pull request #8822 from kojiws/support_cert_aes_cbc_on_pkcs12_export 
Support PBE_AES(256|128)_CBC certificate encryptions on wc_PKCS12_create()
 2025-06-06 11:35:13 -06:00
JacobBarthelmeh 45306e9378
Merge pull request #8845 from rlm2002/coverityTests 
Coverity: test adjustments and variable checks
 2025-06-06 11:29:56 -06:00
JacobBarthelmeh 8a4200eb31 add macro WOLFSSL_ML_KEM_USE_OLD_IDS to PQC CI test 2025-06-06 11:12:37 -06:00
JacobBarthelmeh f4821eb0f4
Merge pull request #8827 from SparkiDev/ml_kem_codepoints 
ML_KEM IDs backward compat
 2025-06-06 11:06:15 -06:00
JacobBarthelmeh 570c1fc390
Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
Josh Holtrop 0c12337194 Reseed DRBG in RAND_poll() 2025-06-06 12:20:58 -04:00
JacobBarthelmeh bfc55d9016
Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
kosmax871 04a1a3fec7
Merge branch 'wolfSSL:master' into tropic01-dev 2025-06-06 17:51:29 +02:00
JacobBarthelmeh 407a1259af
Merge pull request #8851 from douzzer/20250606-fixes 
Adjustment for warnings with NO_TLS build and add github actions test
 2025-06-06 09:46:42 -06:00
Daniel Pouzzner efc36655e6 src/internal.c: add pedantic-compatible NO_TLS codepath for cipher_names[] and GetCipherNamesSize(). 2025-06-06 18:02:19 +04:00
Daniel Pouzzner 4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; 
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
 2025-06-06 17:18:50 +04:00
Sean Parkinson 7eca4fb331 ML_KEM IDs backward compat 
Allow backward compatibilitly of Hybrid ML_KEM codepoints in TLS with
version before wolfSSL 5.8.0.
When WOLFSSL_ML_KEM_USE_OLD_IDS is defined, it will accept the old
codepoints for P256 with ML-KEM-512, P384 with ML-KEM-768, P521 with
ML-KEM-10124. (Others combinations were not know pre 5.8.0.)
Both old client with new server and new client with new server work with
old codepoints.
 2025-06-06 09:17:40 +10:00
JacobBarthelmeh 3ecc58cc0e
Merge pull request #8842 from julek-wolfssl/zd/19966 
ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING
 2025-06-05 17:07:47 -06:00
Juliusz Sosinowicz 736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Lealem Amedie 53f3e74bf1 Sniffer: Don't include AEAD nonce in decrypted data size 2025-06-05 14:13:45 -06:00
Juliusz Sosinowicz edfc5360d4 TLSX_SupportedCurve_Parse: fix commonCurves wouldn't be free'd on error 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz 0ac6ca3cf7 Fix hard tabs and c++ style comments 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz 761f0f1d1f Simplify TLSX_SupportedCurve_Parse 
Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.
 2025-06-05 22:04:49 +02:00
JeremiahM37 a160ba1379 Supported_group unit test fix 2025-06-05 22:04:49 +02:00
JeremiahM37 9d342bae83 unit tests for set_groups curve fix 2025-06-05 22:04:49 +02:00
JeremiahM37 888407e40b Updated fix for set_groups 2025-06-05 22:04:49 +02:00
JeremiahM37 3c1c4792da tls fix for set_groups 2025-06-05 22:04:49 +02:00
Ruby Martin a413be1984 remove null assignment, add null check 2025-06-05 12:25:50 -06:00
Juliusz Sosinowicz f2584fd5fa ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING 2025-06-05 19:17:00 +02:00
JacobBarthelmeh c207e2d198
Merge pull request #8838 from miyazakh/fsp_fix2 
Fix Renesas SCE on RA6M4
 2025-06-05 09:43:05 -06:00
Chris Conlon e51702043f
Merge pull request #8837 from BridgerVoss/code_cov 
Unit test for Dh.c code coverage
 2025-06-05 09:37:42 -06:00
Chris Conlon a17b3b4985
Merge pull request #8831 from JeremiahM37/UnitTest 
Unit test for wolfcrypt pkcs12 file to improve code coverage
 2025-06-05 09:30:48 -06:00
JacobBarthelmeh 307840388b
Merge pull request #8786 from SparkiDev/lms_kid 
LMS: Key ID fixup
 2025-06-05 09:22:48 -06:00
Daniel Pouzzner dbc34352c7 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_seed(), prefix the supplied seed with the CPU ID of each DRBG, to avoid duplicate states; 
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), always put digest[] on the stack even in WOLFSSL_SMALL_STACK configuration (it's only 32 bytes);

configure.ac: default smallstackcache on when linuxkm-defaults.
 2025-06-05 16:31:46 +04:00
Daniel Pouzzner 29cf3eb84e linuxkm/lkcapi_sha_glue.c: refactor DRBG wrapper to instantiate one DRBG per core, to relieve contention. 2025-06-05 09:18:18 +04:00
Sean Parkinson fbc483e23a
Merge pull request #8833 from rlm2002/AppleNativeCert 
domain name policy for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION
 2025-06-05 12:22:20 +10:00
Brett 89be92f1a8 formatting 2025-06-04 18:29:05 -06:00