WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
25,485 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

25485 Commits (fbbb6b7707f7f8ae1c38ab68daec0af02ee0208a)

Author SHA1 Message Date
JacobBarthelmeh fbbb6b7707 add mutex locking and compat layer FIPS case 2025-06-10 14:37:11 -06:00
JacobBarthelmeh 31490ab813 add sanity checks on pid with RNG 2025-06-10 14:37:11 -06:00
JacobBarthelmeh 2d892f07eb
Merge pull request #8861 from gasbytes/psk-handshake-failure-fix 
tls13: clear tls1_3 on downgrade
 2025-06-10 10:24:17 -06:00
JacobBarthelmeh 047f0bb5fc
Merge pull request #8847 from gojimmypi/pr-platformio-cert-bundles 
Improve PlatformIO Certificate Bundle Support
 2025-06-10 10:23:07 -06:00
JacobBarthelmeh eb3c324ea4
Merge pull request #8852 from holtrop/reseed-drbg-in-rand-poll-test 
Add additional compatibility layer RAND tests
 2025-06-10 10:20:46 -06:00
JacobBarthelmeh 94f5948f20
Merge pull request #8858 from rizlik/dtls13_set_epoch_fix 
dtls13: move Dtls13NewEpoch into DeriveTls13Keys
 2025-06-10 09:48:58 -06:00
JacobBarthelmeh 81852e7425
Merge pull request #8865 from SparkiDev/dilithium_fixes_2 
ML-DSA: fix tests for different configs
 2025-06-10 09:43:13 -06:00
Sean Parkinson cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Josh Holtrop 1c6e3d729a Check that fork() returns >= 0 in RAND_poll fork test 2025-06-10 06:23:06 -04:00
JacobBarthelmeh 106bcb22d3
Merge pull request #8860 from LinuxJedi/tls13-trusted-ca 
Allow `trusted_ca_keys` with TLSv1.3
 2025-06-09 17:43:44 -06:00
JacobBarthelmeh 4ae8ca03ac
Merge pull request #8859 from kojiws/clarify_supported_pkcs12_enc_algos 
Clarify supported encryption algorithms on wc_PKCS12_create()
 2025-06-09 16:03:53 -06:00
David Garske 587d5c783b
Merge pull request #8862 from JacobBarthelmeh/pqc 
fix syntax error with pqc yml
 2025-06-09 13:03:48 -07:00
Josh Holtrop 133e238359 Wait on child process in RAND_poll fork test 2025-06-09 15:59:22 -04:00
JacobBarthelmeh 496b0911be fix syntax error with pqc yml 2025-06-09 13:50:00 -06:00
Marco Oliverio 3e6703e1fb fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 19:20:06 +02:00
Marco Oliverio 1024bf0109 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 18:00:23 +02:00
Reda Chouk 92b6e2f2e9 tls13: clear tls1_3 on downgrade 
Unset ssl->options.tls1_3 whenever we drop to TLS 1.2 so PSK
handshakes don’t hit -326 VERSION_ERROR.
 2025-06-09 17:12:56 +02:00
Marco Oliverio 59ff71f936 fixup! dtls13: move Dtls13NewEpoch into DeriveTls13Keys 2025-06-09 16:11:17 +02:00
Andrew Hutchings 5e6cb2b0b6 Allow `trusted_ca_keys` with TLSv1.3 
It is possible that the client will provied `trusted_ca_keys` during a
TLSv1.3 connection with 1.2 downgrade. wolfSSL would error with
`EXT_NOT_ALLOWED`. The TLSv1.3 spec states that it can be provided and
should be ignored.

ZD 19936
 2025-06-09 08:31:54 +01:00
Koji Takeda 0260ff789b Clarify supported PKCS12 encryption algorithms 2025-06-09 12:03:47 +09:00
Marco Oliverio c1c1929e55 dtls13: move Dtls13NewEpoch into DeriveTls13Keys 
Dlts13NewEpoch saves the keys currently derived in the ssl object.
Moving Dtls13NewEpoch inside DeriveTls13Keys avoid the risk of using the wrong
keys when creating a new Epoch.

This fixes at least he following scenario:

- Client has encryption epoch != 2 in the handshake (eg. due to rtx)

- Client derives traffic0 keys after receiving server Finished message

- Client set encryption epoch to 2 again to send the Finished message, this
   override the traffic key computed

- Client creates the new epoch with the wrong key
 2025-06-09 02:35:29 +02:00
Josh Holtrop 10b3cc8dd2 Add fork test for RAND_poll() 2025-06-06 20:45:01 -04:00
gojimmypi 3254f56d32
Improve PlatformIO Certificate Bundle Support 2025-06-06 15:48:07 -07:00
JacobBarthelmeh 0bac2c2b34
Merge pull request #8846 from lealem47/zd20027 
Don't include AEAD nonce in decrypted data size
 2025-06-06 15:43:20 -06:00
Sean Parkinson 8e9e671a5a
Merge pull request #8853 from JacobBarthelmeh/pqc 
add macro WOLFSSL_ML_KEM_USE_OLD_IDS to PQC CI test
 2025-06-07 07:29:33 +10:00
JacobBarthelmeh 369f9f0339
Merge pull request #8849 from holtrop/reseed-drbg-in-rand-poll 
Reseed DRBG in RAND_poll()
 2025-06-06 11:55:46 -06:00
JacobBarthelmeh ae7509e746
Merge pull request #8813 from gojimmypi/espressif-mlkem-support 
Adjust Espressif Examples for Post Quantum ML-KEM
 2025-06-06 11:41:59 -06:00
JacobBarthelmeh 9ffca6b39c
Merge pull request #8822 from kojiws/support_cert_aes_cbc_on_pkcs12_export 
Support PBE_AES(256|128)_CBC certificate encryptions on wc_PKCS12_create()
 2025-06-06 11:35:13 -06:00
JacobBarthelmeh 45306e9378
Merge pull request #8845 from rlm2002/coverityTests 
Coverity: test adjustments and variable checks
 2025-06-06 11:29:56 -06:00
JacobBarthelmeh 8a4200eb31 add macro WOLFSSL_ML_KEM_USE_OLD_IDS to PQC CI test 2025-06-06 11:12:37 -06:00
JacobBarthelmeh f4821eb0f4
Merge pull request #8827 from SparkiDev/ml_kem_codepoints 
ML_KEM IDs backward compat
 2025-06-06 11:06:15 -06:00
JacobBarthelmeh 570c1fc390
Merge pull request #8824 from JeremiahM37/tlsCurveFix 
tls fix for set_groups
 2025-06-06 10:47:06 -06:00
Josh Holtrop 0c12337194 Reseed DRBG in RAND_poll() 2025-06-06 12:20:58 -04:00
JacobBarthelmeh bfc55d9016
Merge pull request #8848 from julek-wolfssl/gh/8841 
dtlsProcessPendingPeer: correctly set the current peer
 2025-06-06 09:52:35 -06:00
JacobBarthelmeh 407a1259af
Merge pull request #8851 from douzzer/20250606-fixes 
Adjustment for warnings with NO_TLS build and add github actions test
 2025-06-06 09:46:42 -06:00
Daniel Pouzzner efc36655e6 src/internal.c: add pedantic-compatible NO_TLS codepath for cipher_names[] and GetCipherNamesSize(). 2025-06-06 18:02:19 +04:00
Daniel Pouzzner 4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; 
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
 2025-06-06 17:18:50 +04:00
Sean Parkinson 7eca4fb331 ML_KEM IDs backward compat 
Allow backward compatibilitly of Hybrid ML_KEM codepoints in TLS with
version before wolfSSL 5.8.0.
When WOLFSSL_ML_KEM_USE_OLD_IDS is defined, it will accept the old
codepoints for P256 with ML-KEM-512, P384 with ML-KEM-768, P521 with
ML-KEM-10124. (Others combinations were not know pre 5.8.0.)
Both old client with new server and new client with new server work with
old codepoints.
 2025-06-06 09:17:40 +10:00
JacobBarthelmeh 3ecc58cc0e
Merge pull request #8842 from julek-wolfssl/zd/19966 
ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING
 2025-06-05 17:07:47 -06:00
Juliusz Sosinowicz 736a5e1f89 dtlsProcessPendingPeer: correctly set the current peer 2025-06-06 00:12:38 +02:00
Lealem Amedie 53f3e74bf1 Sniffer: Don't include AEAD nonce in decrypted data size 2025-06-05 14:13:45 -06:00
Juliusz Sosinowicz edfc5360d4 TLSX_SupportedCurve_Parse: fix commonCurves wouldn't be free'd on error 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz 0ac6ca3cf7 Fix hard tabs and c++ style comments 2025-06-05 22:04:50 +02:00
Juliusz Sosinowicz 761f0f1d1f Simplify TLSX_SupportedCurve_Parse 
Server only uses curves that are supported by both the client and the server. If no common groups are found, the connection will fail in TLS 1.2 and below. In TLS 1.3, HRR may still be used to resolve the group mismatch.
 2025-06-05 22:04:49 +02:00
JeremiahM37 a160ba1379 Supported_group unit test fix 2025-06-05 22:04:49 +02:00
JeremiahM37 9d342bae83 unit tests for set_groups curve fix 2025-06-05 22:04:49 +02:00
JeremiahM37 888407e40b Updated fix for set_groups 2025-06-05 22:04:49 +02:00
JeremiahM37 3c1c4792da tls fix for set_groups 2025-06-05 22:04:49 +02:00
Ruby Martin a413be1984 remove null assignment, add null check 2025-06-05 12:25:50 -06:00
Juliusz Sosinowicz f2584fd5fa ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING 2025-06-05 19:17:00 +02:00