Commit Graph

28332 Commits

Author SHA1 Message Date
Kareem 42b321a7d3 Use safe sum of used size after calculating it. No reason to redo the additions. Fixes unused variable warning as well.
Fix different type addition in hash.c.
2026-03-13 15:57:18 -07:00
Kareem d205fcac87 Fix potential overflows in two additional hash functions.
Thanks to Arjuna Arya for the report.

Fixes #9955.
2026-03-13 15:57:18 -07:00
Kareem 091016a149 Ensure se050Ctx->used does not overflow in se050_hash_update.
Thanks to Arjuna Arya for the report.

Fixes #9951.
2026-03-13 15:57:18 -07:00
JacobBarthelmeh bbf3beef35 fix to free CRL reason extension 2026-03-13 16:17:52 -06:00
JacobBarthelmeh a6195c30c1 Merge pull request #9947 from kareem-wolfssl/zd21325
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
2026-03-13 15:37:24 -06:00
JacobBarthelmeh d36f7a2b99 fix to sanity check on importing raw session key info 2026-03-13 15:32:46 -06:00
Chris Conlon 428030a3e8 Fix wolfSSL_get_ciphers_compat to return NULL when no ciphers available 2026-03-13 15:07:25 -06:00
Tobias Frauenschläger 3b4e51c150 ML-KEM Wconversion fixes
* fix -Wconversion warnings
* allow APIs without RNG usage in case WC_NO_RNG is defined
2026-03-13 21:22:48 +01:00
JacobBarthelmeh b97b3da81b use ENOMEM instead of MEMORY_E with aes glue returns f-669 2026-03-13 14:08:03 -06:00
JacobBarthelmeh 1958fbdf71 Add goto out on AAD error f-631 2026-03-13 14:03:31 -06:00
Chris Conlon aa9ee8b4fa Merge pull request #9963 from JacobBarthelmeh/caam
fixes for CAAM port without hash store
2026-03-13 13:45:08 -06:00
JacobBarthelmeh 73eb8f933b Merge pull request #9967 from Frauschi/pqc_cmake
Move PQC algos out of experimental in CMake
2026-03-13 13:12:53 -06:00
Kareem 94b370f5e2 Rework check to compare only ints. 2026-03-13 11:42:12 -07:00
Kareem 19b99f8072 Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
Thanks to Haruto Kimura (Stella) for the report.
2026-03-13 11:42:12 -07:00
Ruby Martin 5d54d8a488 init caCert before function can error out 2026-03-13 11:57:24 -06:00
sebastian-carpenter 47a24d7b90 minor coverity fixes for tls ech 2026-03-13 11:04:44 -06:00
Tobias Frauenschläger da94ea6265 Move PQC algos out of experimental in CMake
This has already been done long time in autoconf. User
now does not have to enable experimental features to use
PQC.
2026-03-13 17:53:54 +01:00
JacobBarthelmeh 156db7dd2d Merge pull request #9831 from julek-wolfssl/pytho-3.13.4
Fixes to run python with --enable-all
2026-03-13 10:50:23 -06:00
Josh Holtrop b6584d1e96 Rust wrapper: wolfssl-wolfcrypt crate version 1.2.0 2026-03-13 08:08:23 -04:00
David Garske 0792c674c5 Merge pull request #9960 from philljj/fix_coverity
asn: fix coverity null deref warnings.
2026-03-13 06:58:41 +01:00
David Garske 00cd1a7c22 Merge pull request #9962 from night1rider/ecc-dilithium-callback-free-fix
Fix expected callback behavior for ECC/Dilithium for Free Callbacks
2026-03-13 06:19:31 +01:00
David Garske cdacf3a53e Merge pull request #9964 from SparkiDev/asm_gen_fixes_1
SP fixes: 32-bit ARM assembly fixes
2026-03-13 06:16:57 +01:00
Sean Parkinson bac0563669 Merge pull request #9919 from anhu/lms-leaf-idx
Fix buffer-overflow in LMS leaf cache indexing
2026-03-13 10:02:50 +10:00
Sean Parkinson d23cb79f18 SP fixes: 32-bit ARM assembly fixes
mod_exp: subtract from 32 instread of 64 as n is 32 bits
sp_521_ecc_mulmod_fast: look up the last point in constant time when
required.
2026-03-13 09:37:28 +10:00
JacobBarthelmeh 424af6eb5b Merge pull request #9956 from rlm2002/coverity
20260311 Coverity changes
2026-03-12 16:53:39 -06:00
JacobBarthelmeh 357c2ad8e9 fixes for CAAM port without hash store 2026-03-12 15:55:19 -06:00
night1rider cdbd19551e Have ret initialized to 0 in wc_ecc_free() and wc_dilithium_free() 2026-03-12 15:40:38 -06:00
night1rider 2626f976f5 Update the PKCS11 ECC and dilithium free handlers so they will now return CRYPTOCB_UNAVAILABLE after attempting the context free so the caller still does software cleanup on the rest of the context that the callback does not handle. 2026-03-12 15:18:56 -06:00
JacobBarthelmeh e5594a6366 Merge pull request #9889 from rlm2002/F29
remove word16 cast, add WOLFSSL_MAX_16BIT check
2026-03-12 14:54:19 -06:00
JacobBarthelmeh 80ba723e16 Merge pull request #9943 from philljj/fix_evp_set_iv_length
evp: check ivLen in wolfSSL_EVP_CIPHER_CTX_set_iv_length.
2026-03-12 14:47:32 -06:00
night1rider 5ff2b55345 Fix Free Callback Behavior for Dilithium's free callback path so that it respects the return code of the callback 2026-03-12 14:45:33 -06:00
JacobBarthelmeh 67abcc6f2d Merge pull request #9949 from philljj/fix_d2i_SSL_SESSION
ssl_sess: check fields in wolfSSL_d2i_SSL_SESSION.
2026-03-12 14:45:29 -06:00
JacobBarthelmeh c1f71fcf33 Merge pull request #9959 from philljj/fix_wolfboot_build
asn: add HAVE_OCSP_RESPONDER guard, to fix wolfboot build.
2026-03-12 14:44:29 -06:00
JacobBarthelmeh 351d2594ac Merge pull request #9938 from SparkiDev/regression_fixes_23
Fixes from regression testing
2026-03-12 14:41:18 -06:00
night1rider e766b8f0af Update the wolfCrypt test so that Dilithium init so that devID will get passed to hit callback paths when configured and that Dilithium will be retested in the callback section of the wolfCrypt test. 2026-03-12 14:31:05 -06:00
night1rider 9d65982d80 Fix Free Callback Behavior for ECC's free callback path so that it respects the return code of the callback 2026-03-12 14:24:10 -06:00
night1rider 352daa085b Add test case for free ecc/dilithum callback for expected behavior to match existing free callback code paths 2026-03-12 14:18:31 -06:00
jordan 02bdde0264 asn: fix coverity null deref warnings. 2026-03-12 14:28:24 -05:00
JacobBarthelmeh a05a3ed1c2 Merge pull request #9940 from cconlon/pathLenSet
Fix pathlen not copied in ASN1_OBJECT_dup and not marked set in X509_add_ext
2026-03-12 10:34:58 -06:00
JacobBarthelmeh 2831a1e864 Merge pull request #9958 from julek-wolfssl/ocsp-responder-follow-up
Address final comments from #9761
2026-03-12 10:29:56 -06:00
Ruby Martin d359f420ab set *inLen = outLen if output == NULL, if != NULL, check that outLen <= *inLen before assigning *inLen = outLen 2026-03-12 10:25:14 -06:00
Ruby Martin 6ebd967345 bounds check on ext_dump 2026-03-12 09:53:35 -06:00
Ruby Martin d432759fdd verify algoSz is <= MAX_ALGO_SZ 2026-03-12 09:53:34 -06:00
Ruby Martin 8314aa56ae catch MEMORY_E from CALLOC_ASNSETDATA() 2026-03-12 09:53:34 -06:00
jordan d67c034b14 asn: add HAVE_OCSP_RESPONDER guard, to fix wolfboot build. 2026-03-12 10:50:18 -05:00
Juliusz Sosinowicz 4fbc81916c Address final comments from #9761
- Fix line length
- Remove duplicate comment
- Check return of `wc_HashGetDigestSize`
- Use constant instead of magic number
2026-03-12 12:30:13 +01:00
JacobBarthelmeh 0de6e8fd50 Merge pull request #9950 from douzzer/20260311-bench_slhdsa-smallstack
20260311-bench_slhdsa-smallstack
2026-03-11 17:30:08 -06:00
JacobBarthelmeh a8dfa59bbe Merge pull request #9761 from julek-wolfssl/ocsp-responder
Implement OCSP responder
2026-03-11 17:27:33 -06:00
Sean Parkinson bbd2f6f898 Fixes from regression testing
CRL APIs not usable when NO_ASN_TIME defined.
WOLFSSL_TLS13 needs to be defined with HAVE_ECH.
When session ticket encrypted with CBC, must be a multiple of block
size.
Fix test define protection.
Fix ML-DSA protection of reduction functions.
Need !NO_RSA with WC_RSA_PSS.
Connection ID is not a DTLS 1.3 only extension.
2026-03-12 08:19:39 +10:00
JacobBarthelmeh c15715ed54 Merge pull request #9737 from sebastian-carpenter/tls-ech-confirmation-fix
TLS ECH Testing Improvements
2026-03-11 15:11:13 -06:00