wolfcrypt/src/coding.c: in Base64_Decode() and Base64_Decode_nonCT(), check for non-whitespace characters past the end and return ASN_INPUT_E if found;
wolfcrypt/test/test.c: in base64_test(), remove ';' from goodChar[], and add trailing*[] test strings and N_BYTE_TRAILING_TEST(), for positive and negative testing of new checks.
* in slhdsa_keygen_kat() and slhdsa_id_label_test(), pass devId to wc_SlhDsaKey_Init*()
* in cryptocb_test(), inhibit the callback verification check for SLHDSA if FIPS (no crypto callbacks in FIPS-wrapped calls).
* implement wc_local_AesGcmCheckTagSz() with pedantic checks for valid authtag size. SP 800-38D restrictions are now uniformly imposed, unless WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH is defined (not allow with FIPS).
* refactor tag size checks in wc_AesGcmEncrypt(), wc_AesGcmDecrypt(), wc_AesGcmEncryptFinal(), wc_AesGcmDecryptFinal(), and wc_PKCS7_DecodeAuthEnvelopedData().
* in test.c, update aesgcm_non12iv_test() to skip tag sizes expected to fail.
ARM64/ARM32/Thumb2:
- Inline-asm use param names not registers.
- Return value through first parameter and not first register
- 32-bit values zero extended when loaded off stack
aes.c: Aligned-accedd GHASH for 32-bit CPUs.
test.c: #ifdef protection update.
sha3.h: make digest and block size constants defines for use in hash.h
sha512.h: internal Transform_Sha512* functions declared when only SHA-384.
sp_int.h: include WOLFSSL_SP_MATH_ALL in SP_INT_BITS selection
memory.c: fix printf format to be compatible with more platforms
wolfcrypt/test/test.c: add missing !HAVE_SELFTEST gate around AES-CCM counter overflow test in aesccm_128_badarg_test();
wolfcrypt/src/error.c and wolfssl/wolfcrypt/error-crypt.h: update messages for AES_{GCM,CCM}_OVERFLOW_E.
Add a crypto-callback operation for validating an ECC key.
Under WOLF_CRYPTO_CB_ONLY_ECC validation now fails closed with
NO_VALID_DEVID when no device handles the operation; previously such
keys were accepted unvalidated. This is a deliberate compatibility
break, documented at the dispatch site.
Return PUBLIC_KEY_E for wc_ed25519_export_key if public key is not
present.
Return PUBLIC_KEY_E for wc_ed448_export_key if public key is not
present.
Rename several inLen parameters to outLen for consistency.
Fix F-4427
wolfcrypt/src/aes.c: enforce AES-XTS K1!=K2 constraint in wc_AesXtsSetKeyNoInit() unless WC_AES_XTS_ALLOW_DUPLICATE_KEYS and !HAVE_FIPS:
tests/api/test_aes.c: add negative tests to test_wc_AesXtsSetKey() for K1==K2;
wolfcrypt/test/test.c: fix keys in aes_xts_128_inplace_test() and aes_xts_192_inplace_test() so that K1!=K2, update test vectors, and remove associated !HAVE_FIPS gating;
linuxkm/lkcapi_aes_glue.c: synchronize aes_xts_128_test() test of ciphertext stealing in-place with wolfcrypt/test/test.c.
wrapper/rust/wolfssl-wolfcrypt/src/aes.rs: synchronize XTS streaming test with wolfcrypt/test/test.c.
linuxkm/: refactor self-test sensing with version-gated setup in linuxkm_wc_port.h and refactored gates in lkcapi_glue.c.
Leak fixes: free existing ssl->buffers.key before overwriting in SetSSL_CTX() (internal.c) and wolfSSL_set_SSL_CTX() (ssl.c)
UAF fix: wc_CheckRsaKey() — mp_memzero_check(tmp) moved before the free (rsa.c)
Build guards: #ifndef NO_ED25519/ED448_VERIFY around forged-sig test data (test_ed25519/ed448.c); guard equal()/cmov() for verify-only builds (ge_operations.c); guard unused pointers under WOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC (wc_mldsa.c)
Test cleanups (test.c): fix UB from out-of-range enum in hash_test(), always free AES dec object, fix der buffer declaration under small-stack builds
After the SHA-512/224 and /256 fallback to the generic SHA-512 callback,
restore the variant initial state so the object is reset for reuse, and
exercise the path in cryptocb_test.
1. Side-aware ML-KEM in TLS (tls.c, tls13.c, ssl.c, internal.h):
TLSX_IsGroupSupported/TLSX_UseSupportedCurve take a `side` arg; new
TLSX_IsMlKemGroupSupported + client/server support macros. A build only
capable of one ML-KEM op no longer advertises groups it can't use for
its role.
2. NO_ASN_TIME support (ssl_asn1.c, ssl.h, settings.h): data-only
ASN1_TIME APIs now compile without system time; OCSP responder
auto-disabled under NO_ASN_TIME.
3. SP ECC (sp_*.c, sp_x86_64_asm.asm): curve `b` constants and
sp_ecc_is_point_* always compiled (point-check available in more
configs); asm movsxd -> movsx.
4. configure.ac: BUILD_MEMUSE fixed to trigger on != "xno".
5. Test fixes: HRR-aware TLS 1.3 memio tests (new
test_memio_msg_is_hello_retry_request); tightened build guards
(Ed25519/Ed448 key-import, AES decrypt, XMSS heights, SP sizes,
static-PSK).
wolfssl/wolfcrypt/settings.h: add WC_NO_GLOBAL_OBJECT_POINTERS implicitly in WC_SYM_RELOC_TABLES section of WOLFSSL_LINUXKM setup.
wolfssl/wolfcrypt/wolfmath.h, wolfcrypt/src/wolfmath.c, wolfcrypt/src/sp_int.c, wolfcrypt/src/sakke.c: when WC_NO_GLOBAL_OBJECT_POINTERS, use static local wc_off_on_addr rather than global in wolfmath.c.
wolfcrypt/src/sakke.c:
* in wc_DeriveSakkeSSV(), initialize a[] with explicit XMEMSET() rather than " = {0}", to avoid unmaskable implicit memset() emitted by compiler.
* remove all vector register provisions (SAVE_VECTOR_REGISTERS(), RESTORE_VECTOR_REGISTERS(), ASSERT_SAVED_VECTOR_REGISTERS()).
linuxkm/module_exports.c.template: add includes for eccsi.h and sakke.h.
configure.ac:
* tweak enable-all-crypto setup to make enable_eccsi unconditional alongside enable_fpecc;
* move enable_sakke to be conditional only on !FIPS.
* notably this activates ECCSI and SAKKE on kernel all-crypto builds.
wolfcrypt/test/test.c: WC_*_VAR*() refactors for eccsi_test() and sakke_test().
Add defense-in-depth checks to wc_ed{25519,448}_check_key() and
ed{25519,448}_verify_msg_final_with_sha() that reject the identity
point and other small-order public keys. Honest EdDSA key generation
never produces such keys, but wolfSSL previously accepted them on
import and verification. The guard runs at both entry points so it
holds even when a key is imported with trusted=1. New tests are gated
on !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0).