Commit Graph

28786 Commits

Author SHA1 Message Date
Josh Holtrop 337dfc323e Rust wrapper: avoid uninitialized sys::XtsAesStreamData
Fix F-1066
2026-04-14 20:50:08 -04:00
Josh Holtrop 9843f0365a Rust wrapper: avoid creating a MaybeUninit<RNG>
Fix F-1067
2026-04-14 20:50:08 -04:00
Josh Holtrop a8fa845fa9 Rust wrapper: ecc: fix possible resource leak in some error cases
Fix F-1062.

If wolfSSL returns an error after initializing ECC struct with
wc_ecc_init_ex(), wc_ecc_free() might not have been called in all cases.

Move construction of the ECC struct earlier ahead of further wolfSSL
calls after wc_ecc_init_ex() so if those subsequent wolfSSL calls return
an error the Drop impl for ECC will be called to deinitialize.
2026-04-14 20:50:07 -04:00
Sean Parkinson 5ad6097f15 Merge pull request #10168 from night1rider/zd-21534
Address bug fixes sent in by ZD 21534
2026-04-15 09:11:04 +10:00
Sean Parkinson 8fd896aa49 Merge pull request #10191 from dgarske/csharp_pqc
C# Wrapper: ML-KEM and ML-DSA (Dilithium) Support
2026-04-15 09:05:25 +10:00
Sean Parkinson 0b88017e20 Merge pull request #10181 from embhorn/zd21567
Fix ReqCertFromX509 to check bounds
2026-04-15 09:01:25 +10:00
Sean Parkinson 409b5fcf38 Merge pull request #10172 from embhorn/zd21568
Fix pkcs12 parse issue
2026-04-15 09:00:12 +10:00
Sean Parkinson 14ebd3d649 Merge pull request #10170 from embhorn/zd21566
Fix partial chain verification
2026-04-15 08:58:28 +10:00
Sean Parkinson 64c4203d96 Merge pull request #10214 from douzzer/20260413-cross-riscv64-all-asm-fips-dev
20260413-cross-riscv64-all-asm-fips-dev
2026-04-15 07:13:53 +10:00
David Garske e3e95c0454 Merge pull request #10213 from SparkiDev/api_test_cipher_algs_2
Unit testing: Add Monte Carlo testing to ciphers
2026-04-14 13:05:08 -07:00
David Garske 584489f2e0 Merge pull request #10211 from night1rider/mlkem-cryptocb-sha3-hashtype-bug
Mlkem cryptocb sha3 hashtype not reset after final call
2026-04-14 11:08:26 -07:00
David Garske 9ed79a2815 Merge pull request #10189 from michael-membrowse/master
ci: membrowse integration
2026-04-14 09:25:53 -07:00
David Garske c01eca5fc8 Merge pull request #10206 from Frauschi/mlkem-dynamic-key-2
Store the size of the allocated private key buffer for ML-KEM
2026-04-14 09:15:10 -07:00
Eric Blankenhorn c873f3f77d Fix from review 2026-04-14 07:58:43 -05:00
Eric Blankenhorn 68b3bbb16f Fix from review 2026-04-14 07:47:29 -05:00
Eric Blankenhorn 2b503dae54 Fix from review 2026-04-14 07:41:30 -05:00
Eric Blankenhorn a6fd25b94e Fix partial chain verification 2026-04-14 07:25:11 -05:00
Tobias Frauenschläger 17ba0c252a Store the size of the allocated private key buffer for ML-KEM 2026-04-14 13:33:14 +02:00
Zackery Backman 467ed28d3f wolfcrypt/mlkem: fix -Wparentheses-equality error when WOLF_CRYPTO_CB_FIND is defined 2026-04-13 22:30:22 -06:00
Sean Parkinson 59a17dd598 Unit testing: Add Monte Carlo testing to ciphers
Monte Carlo testing is randomized test data.
These new tests have random keys, IVs, nonce, etc and random data to
encrypt.
100 sets of random test data are encrypted and decrypted with a check to
ensure the input to encrypt is the same as the output of decrypt.
Tags are generated and checked in the calls to encrypt and decrypt.
2026-04-14 13:25:15 +10:00
Daniel Pouzzner c4c2d8fafe src/include.am, wolfcrypt/src/aes.c, wolfcrypt/src/port/riscv/riscv-64-aes.c: initial buildability of fips-dev with --enable-riscv-asm. 2026-04-13 18:57:20 -05:00
Zackery Backman fffb80d221 Clear sha3->hashType in InitSha3 so Final fully resets the struct for cross sha3 reuse. 2026-04-13 17:12:49 -06:00
Zackery Backman 4c8c67f8aa Add --enable-cryptocb --enable-keygen -DWOLF_CRYPTO_CB_FIND CI config to surface mlkem SHA3 hashType latch bug 2026-04-13 16:57:59 -06:00
David Garske d692f99631 More peer review fixes (Use ML-DSA naming) 2026-04-13 15:55:31 -07:00
David Garske 5f124a9ae9 Peer review fixes 2026-04-13 15:30:58 -07:00
David Garske 72c57dc127 Improvements to C# PQC 2026-04-13 15:30:57 -07:00
Masaki Iwai 21be3776bd add ML-KEM/ML-DSA support for C# wrapper 2026-04-13 15:29:57 -07:00
Sean Parkinson 9176185d66 Merge pull request #10171 from dgarske/hpke_csharp
Add HPKE (RFC 9180) C# wrapper
2026-04-14 08:27:03 +10:00
Sean Parkinson 649a32fd6e Merge pull request #10169 from embhorn/zd21565
Fix for peer cert verify with IP address
2026-04-14 08:21:23 +10:00
Eric Blankenhorn 33310010a9 Fix wolfSSL_sk_X509_OBJECT_deep_copy to check bounds 2026-04-13 17:02:51 -05:00
Eric Blankenhorn 863db50318 Fix word32 truncation and add true regression test for PKCS12 OOB read 2026-04-13 16:05:51 -05:00
Eric Blankenhorn 4cb016f434 Fix pkcs12 parse issue 2026-04-13 15:11:15 -05:00
David Garske b17755b63f Merge pull request #10164 from rizlik/bio
BIO improvements and fixes
2026-04-13 12:40:02 -07:00
David Garske a143369522 Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
night1rider 8cc02d8a8a Add DH regression test and incremement ref counter tests to api.c 2026-04-13 11:32:51 -06:00
Zackery Backman 0ab5401edf Fix cast-away-const in ws_ctx_ssl_set_tmp_dh: allocate DerBuffer with actual size and copy data instead of pointing at caller's const buffer, which caused FreeDer to free non-owned memory. 2026-04-13 11:32:51 -06:00
Zackery Backman 4594f3f275 Copy-paste error in ProcessBufferCertPublicKey and ProcessBufferCertAltPublicKey, Fix #endif comments closing WOLFSSL_SM2/SM3 blocks, not HAVE_ED25519 2026-04-13 11:32:51 -06:00
Zackery Backman 2a0d76cf63 Fix DH encoding check in wolfSSL_CTX_set_tmp_dh: && to || and < to <= to catch single-param failure and zero-length, matching wolfSSL_set_tmp_dh. 2026-04-13 11:32:51 -06:00
Zackery Backman 886ca031d0 Fix == vs = in wolfSSL_add1_chain_cert so ret captures up_ref result instead of comparing against it, matching wolfSSL_CTX_add1_chain_cert 2026-04-13 11:32:51 -06:00
Zackery Backman 0a152dd482 Fix inverted AllocDer success check in wolfSSL_use_AltPrivateKey_Label 2026-04-13 11:32:51 -06:00
Zackery Backman b74731d878 Add test for wolfSSL_use_AltPrivateKey_Label to verify successful key label allocation 2026-04-13 11:32:51 -06:00
Zackery Backman 72c1dd7290 Fix inverted AllocDer success check in wolfSSL_use_AltPrivateKey_Id 2026-04-13 11:32:51 -06:00
Zackery Backman 3925804da6 Add test for wolfSSL_use_AltPrivateKey_Id to verify successful key ID allocation 2026-04-13 11:32:50 -06:00
David Garske 178e10e42a Merge pull request #10081 from julek-wolfssl/openssh-10.2p1
Add openssh 10.2p1 to CI
2026-04-13 10:21:50 -07:00
David Garske a67179e3c5 Merge pull request #10202 from LinuxJedi/fix-gha-cache
ci: rebuild mbedtls/nss in test job on cache miss
2026-04-13 10:02:04 -07:00
David Garske c4e7198686 Merge pull request #10070 from holtrop-wolfssl/rust-rand_core-aead-cipher
Rust wrapper: add rand_core, aead, cipher trait implementations
2026-04-13 10:00:26 -07:00
David Garske c36beba9b7 Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
David Garske bf492eba12 Merge pull request #10175 from yosuke-wolfssl/f_2205
Fix authTagSz validation
2026-04-13 09:33:14 -07:00
David Garske e73b255cbc Merge pull request #10194 from douzzer/20260410-linuxkm-aes-ccm
20260410-linuxkm-aes-ccm
2026-04-13 09:19:17 -07:00
David Garske 9627d80363 Merge pull request #10184 from SparkiDev/asm_gen_fixes_4
ASM generation fixes
2026-04-13 08:37:33 -07:00