Daniel Pouzzner
2d186b378a
Merge pull request #10537 from SparkiDev/tls13_pt_alert_before_enc
...
TLS 1.3 plaintext alert: ignore before seeing encrypted
2026-06-05 11:12:47 -05:00
Daniel Pouzzner
4bf2d52780
Merge pull request #10571 from Frauschi/mlkem_rename
...
Migrate internal ML-KEM consumers to canonical wc_MlKemKey API
2026-06-05 11:00:44 -05:00
Daniel Pouzzner
727041b525
Merge pull request #10543 from anhu/zeroOnAuthFail
...
For chachapoly, force zero of output on auth fail
2026-06-05 10:55:05 -05:00
Daniel Pouzzner
d80785bb07
Merge pull request #10583 from Frauschi/zephyr_patch
...
Fixes for Zephyr secure sockets integration
2026-06-05 10:06:23 -05:00
Sean Parkinson
eeab53205a
Merge pull request #10600 from douzzer/20260604-asm-and-linuxkm-fixes
...
20260604-asm-and-linuxkm-fixes
2026-06-05 20:55:43 +10:00
Daniel Pouzzner
b8d8e918af
Merge pull request #10597 from SparkiDev/sp_lazy_mutex_init_improv
...
SP gen: FP_ECC init mutex improvement
2026-06-04 22:38:06 -05:00
Sean Parkinson
b0757c1cb7
TLS 1.3 plaintext alert: ignore before seeing encrypted
...
Change to ignore plaintext alerts when
WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC is defined only until first
encrypted message from peer is seen.
Negative testing added.
2026-06-05 12:35:04 +10:00
Sean Parkinson
ada6c5f95b
SP gen: FP_ECC init mutex improvement
...
F-1379
Better handling of the lazy mutex initialization to use atomics where
available.
Improved atomic code when no system support:
- add types
- used types in functions
Add --no-ec to unit.test to not run wolfCrypt tests.
2026-06-05 10:58:44 +10:00
Daniel Pouzzner
af119869d2
Merge pull request #10364 from MarkAtwood/fix/evp-cipher-iv-length-cfb-ofb
...
fix: EVP_CIPHER_iv_length returns 0 for AES-CFB128 and AES-OFB (ZD-21730)
2026-06-04 17:26:48 -05:00
Daniel Pouzzner
b2e4bd1a11
Merge pull request #9987 from MarkAtwood/fix/evp-pkey-cmp-after-der-roundtrip
...
evp: fix EVP_PKEY_cmp for EC keys after DER deserialization
2026-06-04 17:19:46 -05:00
Daniel Pouzzner
6c4c03dc76
Merge pull request #10593 from miyazakh/f4429_EntropyGet
...
f4429 Add missing upper-bound validation in wc_Entropy_Get()
2026-06-04 17:09:36 -05:00
David Garske
887f88b106
Merge pull request #10599 from michael-membrowse/master
...
fix membrowse report group
2026-06-04 14:38:11 -07:00
Daniel Pouzzner
50166aab36
wolfcrypt/src/port/ppc64/ppc64-aes-asm.S: use TOC-relative addressing consistently, and add ELFv2 global-entry prologues.
2026-06-04 16:28:08 -05:00
Michael Rogov Papernov
5d810f4625
fix membrowse report group
2026-06-04 21:04:16 +01:00
Daniel Pouzzner
ca59984200
wolfssl/wolfcrypt/settings.h: for WOLFSSL_LINUXKM, force on NO_STDDEF_H to avoid conflicts with linux/stddef.h, which is always included indirectly in linuxkm_wc_port.h (via linux/kernel.h);
...
fix indentation in WOLFSSL_uITRON4 section.
2026-06-04 14:20:50 -05:00
Daniel Pouzzner
a7b0b3ebc2
linuxkm/module_hooks.c: tweak wc_linuxkm_malloc_usable_size() and my_kallsyms_lookup_name(), moving wc_linuxkm_can_block() to where it's really needed in my_kallsyms_lookup_name().
2026-06-04 14:18:34 -05:00
Daniel Pouzzner
99bf36bb61
wolfcrypt/src/port/arm/armv8-32-curve25519.S and wolfcrypt/src/port/arm/armv8-32-curve25519_c.c: fix MPI overflow in L_curve25519_inv_8, similar to fix in #10536 (efabd1844a).
2026-06-04 14:12:01 -05:00
philljj
1f0f29cf30
Merge pull request #10590 from douzzer/20260603-linuxkm-fixes
...
20260603-linuxkm-fixes
2026-06-04 11:14:35 -05:00
Hideki Miyazaki
904a70d179
Addressed Copilot comments
2026-06-04 15:30:39 +09:00
Daniel Pouzzner
3bf1ae36a7
Merge pull request #10539 from julek-wolfssl/misc/20260527
...
Guard test_wrong_cs_downgrade on SHA-384 cipher suite; enable SHA disables in minimal DTLS os-check build
2026-06-03 22:50:57 -05:00
Daniel Pouzzner
35329296e8
Merge pull request #10554 from gasbytes/ocsp-certid-serial-number-fix
...
OCSP_resp_find_status to require exact serial-length match
2026-06-03 22:49:31 -05:00
Daniel Pouzzner
12e7a1d5c3
Merge pull request #10548 from SparkiDev/x509_fixups_1
...
X509 API: fix issues
2026-06-03 22:48:19 -05:00
Daniel Pouzzner
513bbccf9d
Merge pull request #10574 from embhorn/zd21918
...
Fix in IoTSafe RaspPi client example
2026-06-03 22:36:51 -05:00
Daniel Pouzzner
4993571ccd
Merge pull request #10549 from rizlik/nc_dns_wildcards
...
NameConstraints: support wildcard SAN
2026-06-03 22:29:49 -05:00
Daniel Pouzzner
374ad4051d
Merge pull request #10555 from anhu/NO_STDATOMIC_FENCE
...
Change macro name to avoid suspicion of typo
2026-06-03 20:49:47 -05:00
Daniel Pouzzner
590a367d16
Merge pull request #10576 from holtrop-wolfssl/zd21906
...
Fix user buffer overrun from wolfSSL_get_finished/wolfSSL_get_peer_finished
2026-06-03 20:48:03 -05:00
Daniel Pouzzner
c96da9a002
Merge pull request #10581 from miyazakh/ra6m4_update
...
Removes the legacy ASN parser override (`WOLFSSL_ASN_ORIGINAL`) from …
2026-06-03 20:42:46 -05:00
Daniel Pouzzner
86fa502285
Merge pull request #10577 from kareem-wolfssl/zd21907
...
Fix compilation with WOLFSSL_RNG_USE_FULL_SEED. Fix benchmark compilation with MAIN_NO_ARGS.
2026-06-03 20:41:02 -05:00
Hideki Miyazaki
9e711f5c9c
Add MAX ENTROPY BITS check
2026-06-04 09:08:24 +09:00
Sean Parkinson
aef6283a7e
Merge pull request #10540 from Frauschi/small_order_check
...
Reject small-order public keys for Ed25519 and Ed448
2026-06-04 09:58:24 +10:00
David Garske
3bc1575e12
Merge pull request #9852 from SparkiDev/ppc64_asm_aes
...
PPC64 ASM: AES-ECB/CBC/CTR/GCM
2026-06-03 16:30:12 -07:00
David Garske
4cce154024
Merge pull request #10530 from SparkiDev/riscv_unaligned_fix
...
RISC-V ASM unaligned read/writes: alternative assembly
2026-06-03 16:29:33 -07:00
Daniel Pouzzner
396e83a48b
linuxkm/linuxkm_wc_port.h:
...
* add WOLFSSL_API attribute to wc_linuxkm_sig_ignore_begin(), wc_linuxkm_sig_ignore_end(), wc_linuxkm_check_for_intr_signals(), and wc_linuxkm_relax_long_loop().
* fix WC_CONTAINERIZE_THIS macro wrappers for wc_linuxkm_sig_ignore_begin() and wc_linuxkm_sig_ignore_end() (stray semicolons).
linuxkm/linuxkm_wc_port.h, linuxkm/lkcapi_sha_glue.c, linuxkm/module_hooks.c: add wc_linuxkm_can_block(), and refactor ad hoc `preempt_count() != 0` checks for sleep safety as calls to wc_linuxkm_can_block().
linuxkm/module_hooks.c: fix wc_linuxkm_malloc_usable_size() implementation for kvmalloc() compatibility.
2026-06-03 18:18:31 -05:00
Mark Atwood
05f8d0beed
evp: fix EVP_PKEY_cmp for EC keys after DER deserialization
...
wolfSSL_EVP_PKEY_cmp returned 'not equal' for EC keys that were
serialized to DER and deserialized back, even though the key material
was identical. This happened because keys imported via RFC 5915
(ECPrivateKey) without the optional public key field had type
ECC_PRIVATEKEY_ONLY, meaning the internal ecc_key.pubkey was not
populated. The point comparison then failed against a key that did
have a populated pubkey.
Fix by deriving the public key from the private key via
wc_ecc_make_pub() when the ecc_key type is ECC_PRIVATEKEY_ONLY
before comparing. Also ensure SetECKeyInternal() is called when
the internal representation is not yet synced from external BIGNUMs.
2026-06-03 16:09:53 -07:00
Daniel Pouzzner
df9f3e4cf9
Merge pull request #10377 from jackctj117/DTLS13-Kernel
...
docs(linuxkm): document DTLS 1.3 configure flags
2026-06-03 17:58:25 -05:00
David Garske
70da83972b
Merge pull request #10536 from SparkiDev/curve25519_x64_red_fix
...
X25519 x64 ASM: fix full reduction
2026-06-03 09:24:48 -07:00
Tobias Frauenschläger
e80b4b5888
Merge pull request #10578 from douzzer/20260602-FPKI-DecodeGeneralName-URI
...
20260602-FPKI-DecodeGeneralName-URI
2026-06-03 16:47:21 +02:00
David Garske
cf9d2446a5
Merge pull request #10490 from LinuxJedi/more-membrowse
...
Add lots more membrowse platforms
2026-06-03 07:30:17 -07:00
Tobias Frauenschläger
00a899e9a3
Fixes for Zephyr secure sockets integration
2026-06-03 14:04:19 +02:00
Andrew Hutchings
10c1816e35
Add GCC-ARM large linker script for membrowse
2026-06-03 11:21:35 +01:00
Andrew Hutchings
61a77e2dd6
Add lots more membrowse platforms
...
Lots more ARM Cortex, RiscV, AArch64, linuxkm and some Zephyr
2026-06-03 11:21:35 +01:00
Hideki Miyazaki
5af10ad14c
Fixed typo in README.md
2026-06-03 16:46:36 +09:00
Hideki Miyazaki
f3a60c2c69
Removes the legacy ASN parser override (WOLFSSL_ASN_ORIGINAL) from the RA6M4 demo project
2026-06-03 14:00:53 +09:00
Daniel Pouzzner
768cdc39d3
wolfcrypt/src/asn.c: in DecodeGeneralName() and DecodeAcertGeneralName(),
...
* don't disable URI validation when defined(WOLFSSL_FPKI).
* return immediately with ASN_ALT_NAME_E when URI contains an unexpected '/', as in asn_orig.c DecodeAltNames(), fixing OOB read defect.
wolfcrypt/src/asn_orig.c: fix URI validation gating (ignore WOLFSSL_FPKI) in DecodeAltNames().
tests/api/test_certman.c: fix uriSan in test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match() (make it a URI).
tests/api.c: align gating in test_wolfSSL_URI() with new dynamics (URIs validated regardless of defined(WOLFSSL_FPKI)).
2026-06-02 22:16:40 -05:00
Kareem
586fe466bf
Fix compilation of benchmark with MAIN_NO_ARGS defined.
2026-06-02 15:57:01 -07:00
Kareem
9592d8254a
Fix compilation with WOLFSSL_RNG_USE_FULL_SEED.
2026-06-02 15:50:42 -07:00
Josh Holtrop
faad28301a
Fix user buffer overrun from wolfSSL_get_finished/wolfSSL_get_peer_finished
2026-06-02 18:21:26 -04:00
JacobBarthelmeh
4c0c093fe9
Merge pull request #10544 from holtrop-wolfssl/zd21880
...
Support importing/exporting DTLS sessions with encrypt-then-mac options
2026-06-02 11:59:46 -06:00
Josh Holtrop
7f3d589c12
Support importing/exporting DTLS sessions with encrypt-then-mac options
2026-06-02 09:34:14 -04:00
Eric Blankenhorn
40dcda3fe3
Fix in IoTSafe RaspPi client example
2026-06-02 08:30:44 -05:00