Commit Graph

29780 Commits

Author SHA1 Message Date
JacobBarthelmeh 39a3546b64 Merge pull request #10519 from sebastian-carpenter/flaky-ech-test
CI Fix: fix flaky ECH test
2026-05-27 11:09:18 -06:00
JacobBarthelmeh 3fa4ebcaec Merge pull request #10527 from mattia-moffa/20260525-writedup-no-dtls
Allow --enable-writedup when DTLS is disabled
2026-05-27 11:02:55 -06:00
JacobBarthelmeh c568755751 Merge pull request #10528 from julek-wolfssl/tls/maxsigalgos
Default WOLFSSL_MAX_SIGALGO to 128
2026-05-27 11:01:54 -06:00
JacobBarthelmeh cd82d7e08d Merge pull request #10529 from SparkiDev/sp_fixes_8
sp_int: fixes and added testing
2026-05-27 10:59:24 -06:00
Zackery 7cf84dd833 Merge pull request #10523 from dgarske/ci_opt2
CI: cache compiler output in os-check Ubuntu matrix
2026-05-26 19:35:03 -06:00
Sean Parkinson 91f3e7e063 Merge pull request #10332 from jackctj117/SNI
tls.c: send missing_extension alert on TLS 1.3 SNI absence
2026-05-27 08:37:05 +10:00
David Garske 8199fda0a4 Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
Juliusz Sosinowicz cd2713a731 Default WOLFSSL_MAX_SIGALGO to 128 2026-05-26 17:37:11 +00:00
David Garske 08022ffebf CI: cache compiler output in os-check Ubuntu matrix
- Add .github/actions/ccache-setup composite (ccache + PATH intercept).
- Wire into os-check.yml make_check_linux; macOS unchanged for now.
- Measured on master --enable-all: cold 11.6s -> warm 1.1s (~10x), 100% hit.
2026-05-26 10:36:49 -07:00
David Garske a3f5260260 Merge pull request #10500 from rizlik/sha224_only
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
David Garske 52620e3204 Merge pull request #10516 from Frauschi/mldsa_rename
Finalize ML-DSA renaming
2026-05-26 08:05:04 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Sean Parkinson c57a873824 sp_int: fixes and added testing
sp_set_bit(): check i is in range before use.
_sp_div_2(): Use a constant-time clamp as called by a constant-time
function.
_sp_sqr(): static buffer needs to be one larger for when ECC with P-521
is the largest size.

Add tests:
 - Testing negative numbers with mp_read_raidx/mp_to_radix 10/16
 - Testing negative numbers with mp_add_d/mp_sub_d
 - Testing of mp_gcd without mp_lcm
 - More testing of mp_mod_d and when negative numbers are used
 - Check maximum values work for square. Check of _sp_sqr() bug
 - Add testing of mp_add/sub_mod_ct
 - Add testing of mp_cmp_mag
 - Add testing of mp_mulmod/mp_sqrmod
 - Add testing of mp_exch
 - Add testing of mp_to_unsigned_bin_len_ct
 - Add testing of mp_exptmod that uses base-2 windowing method.
 - Add testing of mp_invmod_mont_ct
2026-05-26 13:52:57 +10:00
Mattia Moffa 1f619a9f50 Allow --enable-writedup when DTLS is disabled 2026-05-25 17:34:32 +02:00
Sean Parkinson 887f242ee8 Merge pull request #10522 from dgarske/retrigger_prb_on_ready
GH Actions: retrigger Jenkins PRB when draft PR is marked ready
2026-05-25 20:55:05 +10:00
David Garske b0d2b10c6b GH Actions: retrigger Jenkins PRB when draft PR is marked ready 2026-05-22 15:14:50 -07:00
sebastian-carpenter d4ed43853f flaky ECH test: fix method for finding ECH extension 2026-05-22 10:48:56 -06:00
Roy Carter eb32554bdb Fix: support adding UE to excluded strings 2026-05-22 19:01:05 +03:00
Roy Carter dc86dc34a8 Fix: change test string to the new format 2026-05-22 19:01:05 +03:00
Roy Carter 8f15bf6d10 fix : bad merge conflics leftovers. 2026-05-22 19:01:05 +03:00
Roy Carter 56e4612e4e Fix : apply Julek pr notes 2026-05-22 19:01:05 +03:00
Roy Carter f15c896551 Build_fix:
When building with --enable-opensslextra=x509small, only OPENSSL_EXTRA_X509_SMALL is defined, not OPENSSL_EXTRA, so these functions are not compiled into the library
2026-05-22 19:01:05 +03:00
Roy Carter 7561911cba fix: Fix build errors for some tests on pipeline 2026-05-22 19:01:05 +03:00
Roy Carter c1a507e175 Feature: allow the usage of
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify

in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson 8597d9da83 Merge pull request #10496 from dgarske/fenrir_20260518
Various Fenrir fixes (F-2626, F-585, F-586, F-2638, F-1960, F-599)
2026-05-23 01:28:42 +10:00
Sean Parkinson fa8940f54f Merge pull request #10510 from miyazakh/testsuite_
Remove testsuite.test for leanTLS builds
2026-05-23 01:22:23 +10:00
Sean Parkinson abe15d260b Merge pull request #10487 from embhorn/zd21842
Add check for ARM to set WOLFSS_USE_ALIGN
2026-05-23 00:11:00 +10:00
Sean Parkinson b1e04464fc Merge pull request #10469 from sebastian-carpenter/tls-ech-server-improvements
Enhancement (ECH): Trial decryption and ECH connection status
2026-05-23 00:07:40 +10:00
Sean Parkinson eeb698dceb Merge pull request #10397 from philljj/support_wolfzfs
zfs: support wolfzfs patch.
2026-05-23 00:01:09 +10:00
kareem-wolfssl 22e505bcfa Merge pull request #10507 from dgarske/ci_opt
CI Optimizations
2026-05-21 17:50:20 -07:00
Sean Parkinson fc2f4fc7cc Merge pull request #10435 from Frauschi/pqc_default_curve
Improved handling for ClientHello default key share group
2026-05-22 08:13:35 +10:00
David Garske 6605060b18 CI: more smoke coverage + header self-sufficiency
- Add AddressSanitizer entry to smoke matrix (--enable-all + -fsanitize=address).
- Add check-headers workflow: 214 public wolfssl/*.h compile standalone.
- Fix quic.h, rng_bank.h, Renesas/renesas-fspsm-crypt.h to be self-sufficient.
- Remove no-tls.yml (its single config is already covered by os-check.yml).
2026-05-21 14:37:11 -07:00
Andrew Hutchings 8574fa995f Merge pull request #10470 from JacobBarthelmeh/tropic
fix for tropic port AES key length used
2026-05-21 13:59:48 -07:00
David Garske 7f80896033 CI optimizations
- Skip CI for draft PRs and redundant master-push re-runs; membrowse nightly.
- Add smoke test (8 configs, CFLAGS=-Werror, post-merge tree, fail-fast on conflicts).
- Add wait-for-smoke composite action for downstream CI gating.
- Add check-source-text + bash -n + shellcheck workflow (script in make dist).
- Cache apt-get update in install-apt-deps composite on cache hit.
2026-05-21 13:19:29 -07:00
Sean Parkinson 7bad79a5b7 Merge pull request #10512 from douzzer/20260520-linuxkm-7v2
20260520-linuxkm-7v2
2026-05-22 04:49:47 +10:00
Daniel Pouzzner 7164d75cb7 linuxkm: add WC_LINUXKM_USE_HEAP_WRAPPERS and implementations wc_linuxkm_malloc(), wc_linuxkm_free(), wc_linuxkm_realloc(), and wc_linuxkm_malloc_usable_size(), to insulate from API drift in kernel heap (required on 7.2+, implicit on 7.1+). 2026-05-21 17:21:12 +00:00
HIDEKI MIYAZAKI 2a35f628af remove testsuite.test for leanTLS builds 2026-05-20 21:18:24 -07:00
JacobBarthelmeh 70288b017f add sanity check on AES key length 2026-05-20 16:02:56 -07:00
David Garske 782787276c Merge pull request #10497 from Frauschi/mldsa_rename
ML-DSA renaming part 2
2026-05-20 11:24:09 -07:00
Daniel Pouzzner 46c6b60be6 Merge pull request #10505 from Frauschi/slhdsa_fix
Fix hashType comparison in SLH-DSA
2026-05-20 13:17:30 -05:00
Tobias Frauenschläger 1dffcffb80 Fix hashType comparison in SLH-DSA 2026-05-20 10:16:37 -07:00
Tobias Frauenschläger 2a30ce3c04 Rename ML-DSA wc_PqcSignatureType entry 2026-05-20 09:06:54 -07:00
Marco Oliverio 408ea84c83 sha256: check no hw accelleartion is enabled with CB_ONLY_SHA256 2026-05-20 11:33:31 +02:00
JacobBarthelmeh 6ac6e5065e fix for tropic port AES key length used 2026-05-20 00:43:36 -07:00
Tobias Frauenschläger 44074fd1df More ML-DSA renaming 2026-05-19 14:09:09 -07:00
David Garske dc56e87522 Merge pull request #10466 from Frauschi/slhdsa_cryptocb
Add CryptoCb support for SLH-DSA
2026-05-19 13:59:40 -07:00
Eric Blankenhorn 40de65785c Address warning in wolfDTLS_SetChGoodCb 2026-05-19 13:05:12 -05:00
Eric Blankenhorn 47db354fad Fix from review 2026-05-19 13:03:35 -05:00
Eric Blankenhorn 7df2ead36d Add check for ARM to set WOLFSS_USE_ALIGN 2026-05-19 13:03:35 -05:00
David Garske 9a5bb8eb23 fix(signature): fenrir 2626 enforce min hash strength 2026-05-19 10:06:56 -07:00