Daniel Pouzzner
f1508c910a
Merge pull request #9930 from julek-wolfssl/fenrir/260903
...
Fenrir fixes
2026-03-10 19:32:56 -05:00
Daniel Pouzzner
7af6decbf3
Merge pull request #9856 from anhu/rsa_guard
...
Macro guard parameter null check.
2026-03-10 19:32:19 -05:00
Daniel Pouzzner
f18d5ba359
Merge pull request #9928 from philljj/fix_f_451
...
ascon: don't skip wc_AsconAEAD128_Clear on auth error.
2026-03-10 19:31:20 -05:00
Daniel Pouzzner
65092ab5eb
Merge pull request #9838 from SparkiDev/slhdsa_1
...
FIPS 205, SLH-DSA: implementation
2026-03-10 19:28:59 -05:00
Daniel Pouzzner
2ad5afaf4d
wolfcrypt/src/wc_slhdsa.c: fixes for uninited data reads in slhdsakey_wots_sign_chain_x4_*() and slhdsakey_wots_pk_from_sig_x4;
...
CMakeLists.txt, cmake/functions.cmake, cmake/options.h.in: fixes for -DWOLFSSL_SLHDSA.
2026-03-10 17:51:18 -05:00
Josh Holtrop
d37b51c3ce
Avoid one-byte read outside of allocated encrypted content buffer in wc_PKCS7_DecodeEnvelopedData()
2026-03-10 17:26:28 -04:00
jordan
77b6f531fb
evp: check ivLen in wolfSSL_EVP_CIPHER_CTX_set_iv_length.
2026-03-10 15:27:37 -05:00
night1rider
0442918391
Add Zephyr 4.1+ build compatibility for wolfssl_tls_sock sample. Replace removed Kconfig options (PTHREAD_IPC, POSIX_CLOCK, NET_SOCKETS_POSIX_NAMES) with version-conditional config fragments and fix min/max macro collision with Zephyr's sys/util.h.
2026-03-10 14:23:47 -06:00
Sean Parkinson
b180a279b0
ML-KEM: Fixes for comments plus bug fixes
...
wc_MlKemKey_SharedSecretSize: Check len is not NULL before use.
wc_MlKemKey_DecodePrivateKey:
Don't set flags when public key hash fails.
ForceZero the private key on failure if copied.
2026-03-10 21:09:08 +10:00
Juliusz Sosinowicz
7a264162b8
wc_ChaCha20Poly1305_Decrypt: clear unauthed plaintext
...
F-452
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz
0b03d56127
wc_GetKeyOID: Clean up logging in mldsa case
...
F-449
2026-03-10 09:52:05 +01:00
Daniel Pouzzner
b02ddde4f2
Merge pull request #9886 from philljj/fix_f_193
...
wc_encrypt: add missing ForceZero for Des, Arc4, Rc2.
2026-03-09 23:43:26 -05:00
Daniel Pouzzner
2cb1781b9a
Merge pull request #9922 from Frauschi/f-450
...
Fix memory leak in error case within RsaMGF1
2026-03-09 23:39:30 -05:00
Daniel Pouzzner
cd2386c87e
Merge pull request #9894 from philljj/fix_f_280
...
hpke: add missing ForceZero for eae_prk, key_schedule_context, secret.
2026-03-09 23:38:37 -05:00
Daniel Pouzzner
3386e40453
Merge pull request #9890 from philljj/fix_f_hmac
...
hmac: add missing ForceZero for tmp, prk.
2026-03-09 23:38:04 -05:00
Daniel Pouzzner
3736352b24
Merge pull request #9888 from philljj/fix_f_383
...
pwdbased: add missing ForceZero for blocks, v, y.
2026-03-09 23:37:24 -05:00
Daniel Pouzzner
23f62bceb5
linuxkm/module_exports.c.template: add wolfssl/wolfcrypt/wc_slhdsa.h.
...
wolfcrypt/src/wc_slhdsa.c:
* refactor SAVE_VECTOR_REGISTERS2() in slhdsakey_fors_sign() as
CAN_SAVE_VECTOR_REGISTERS(), with local save-restore wrappers around the
rest of the vector calls deeper in the call stack, to avoid failing
GFP_ATOMIC allocations and long spans with interrupts disabled.
* fix numerous bugprone-macro-parentheses and bugprone-signed-char-misuses.
* use readUnalignedWord64() in SHAKE256_SET_SEED_HA_X4_*() and
slhdsakey_shake256_set_seed_ha_x4() to avoid benign unaligned access warnings
from sanitizers.
wolfcrypt/test/test.c:
* in TestDumpData(), use WOLFSSL_DEBUG_PRINTF(), not fprintf(stderr, ...), for
portability.
* in slhdsa_test_param() and slhdsa_test(), use WC_DECLARE_VAR() and friends
for SlhDsaKey allocations, and use ERROR_OUT() and single-return-point
refactors to fix error path memory leaks.
2026-03-09 23:08:42 -05:00
Ruby Martin
66caf5ad55
free enc and dec before returning MEMORY_E
2026-03-09 13:03:54 -06:00
aidan garske
832af2164b
Fix copy-paste error in EncodeCertReq guard check where falconKey was checked twice instead of including dilithiumKey and sphincsKey
2026-03-09 11:43:41 -07:00
Ruby Martin
ba39aacf20
use ERROR_OUT when ret != 0 instead of returning
2026-03-09 11:48:39 -06:00
Ruby Martin
133f53f03d
replace sizeof with MAX_ECIES_TEST_SZ
2026-03-09 11:39:21 -06:00
Ruby Martin
6ae38f1b91
move unused variable suppression to top of exit_rsa label
2026-03-09 11:38:12 -06:00
Daniel Pouzzner
aa4b84f9a2
wolfcrypt/src/evp_pk.c: fix benign nullPointer in d2i_make_pkey() reported by cppcheck-2.20.0.
2026-03-09 10:58:36 -05:00
jordan
f7127ca729
ascon: don't skip wc_AsconAEAD128_Clear on auth error.
2026-03-09 09:33:34 -05:00
Tobias Frauenschläger
9c2bb3d10d
Fix memory leak in error case within RsaMGF1
2026-03-09 11:17:31 +01:00
Sean Parkinson
39b34333d6
FIPS 205, SLH-DSA: implementation
...
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Daniel Pouzzner
b3f08f33b8
Merge pull request #9873 from miyazakh/fix_larger_crlnum
...
fix lareger(>57 octets) CRL number
2026-03-06 22:49:03 -06:00
Daniel Pouzzner
04e2adc799
Merge pull request #9916 from julek-wolfssl/fenrir/286
...
ecc.c: clear priv key with forcezero
2026-03-06 22:38:27 -06:00
Daniel Pouzzner
031c87407d
Merge pull request #9892 from embhorn/f380-381-382
...
Hardening in wc_MakeDsaKey and wc_FreeDsaKey
2026-03-06 22:37:44 -06:00
Daniel Pouzzner
396b5ec1da
Merge pull request #9896 from embhorn/f278-281-282
...
Fixes issues in SRP component:
2026-03-06 22:36:59 -06:00
Daniel Pouzzner
f02f6d1d67
Merge pull request #9895 from embhorn/f283-287
...
Hardening in GeneratePrivateDh186 and wc_DhImportKeyPair
2026-03-06 22:36:14 -06:00
Daniel Pouzzner
d4ac953ca5
Merge pull request #9893 from embhorn/f284-285
...
Hardening in wc_FreeRsaKey and wc_RsaPrivateKeyDecodeRaw
2026-03-06 22:35:39 -06:00
Daniel Pouzzner
2635315822
Merge pull request #9891 from embhorn/f194
...
Harden wc_ecc_shared_secret_gen_sync
2026-03-06 22:34:58 -06:00
Juliusz Sosinowicz
cc079a3da8
ecc.c: clear priv key with forcezero
...
F-286
2026-03-06 17:48:38 +01:00
Juliusz Sosinowicz
14357576d8
wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
...
F-378
2026-03-06 17:42:37 +01:00
jordan
7726f5cc7f
pwdbased: fix cast warning.
2026-03-06 09:59:43 -06:00
Eric Blankenhorn
355081b123
Fix test with cast
2026-03-06 07:33:52 -06:00
Juliusz Sosinowicz
4a29af3062
Apply copilot suggestions
2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz
fb82496244
Add Python CI workflow and Blake2 EVP support
...
- Add a GitHub Actions workflow to automate testing of Python integration
- Implement Blake2b and Blake2s hash functions into the EVP API.
- Improve OpenSSL compatibility by standardizing ASN.1 encoding for
serial numbers and registered IDs, streamlining cipher stack management, and optimizing stack node copying.
- Enforce maximum fragment size during data transmission to ensure proper TLS/DTLS record fragmentation.
2026-03-06 08:27:41 +01:00
Daniel Pouzzner
80938758ac
Merge pull request #9879 from embhorn/f379
...
Fix wc_ecc_sign_hash_ex with Intel QA
2026-03-05 22:53:55 -06:00
Daniel Pouzzner
cc2fdda54c
Merge pull request #9734 from SparkiDev/mlkem_mldsa_harden
...
ML-KEM/ML-DSA: harden against fault attacks
2026-03-05 21:34:39 -06:00
Hideki Miyazaki
4877c0e579
fix PRB tests failures
2026-03-06 10:51:57 +09:00
Hideki Miyazaki
cfb7f35e72
fix lareger(>57 octets) crlnum
2026-03-06 10:51:54 +09:00
Sean Parkinson
65a1a68877
ML-KEM/ML-DSA: harden against fault attacks
...
ML-DSA: check pointer to the y parameter has not be faulted.
ML-KEM: to harden against faultiong, use a different buffer for private
seed, sigma, and add a check that the buffer was copied correctly.
SHA-3: fix size of check variables.
2026-03-06 08:44:08 +10:00
Daniel Pouzzner
8a5c1c7af1
Merge pull request #9855 from SparkiDev/sp_rv32i_muldi3
...
RISC-V 32 no mul SP C: implement multiplication
2026-03-05 16:32:26 -06:00
Daniel Pouzzner
396b553c45
Merge pull request #9872 from SparkiDev/asn_improvements_1
...
ASN: improve handling of ASN.1 parsing/encoding
2026-03-05 16:18:12 -06:00
Eric Blankenhorn
25f8d6d54a
f282 harden wc_SrpComputeKey
2026-03-05 16:14:16 -06:00
Eric Blankenhorn
f28a660273
f281 harden wc_SrpInit
2026-03-05 16:13:10 -06:00
Eric Blankenhorn
e21c4d71a6
f278 fix setting heap in wc_SrpInit_ex
2026-03-05 16:11:47 -06:00
Daniel Pouzzner
1866853073
Merge pull request #9883 from JacobBarthelmeh/f279
...
Fix to free RNG with SRP function in failure case
2026-03-05 16:10:35 -06:00