Daniel Pouzzner
47b7d6ff04
Merge pull request #10739 from JacobBarthelmeh/test
...
fix for nightly memory allocation test cases with LMS
2026-07-03 00:44:29 -05:00
Daniel Pouzzner
27e160fa53
Merge pull request #10764 from embhorn/gh10761
...
Fix TLS1.2 error code correction
2026-07-03 00:41:35 -05:00
David Garske
d390a98f64
Merge pull request #10754 from SparkiDev/arm64_asm_c_fallback
...
Aarch64 asm: Have software fallback and CPU id checks
2026-07-02 09:30:19 -07:00
Daniel Pouzzner
076dc5a206
Merge pull request #10773 from rlm2002/coverity
...
24062026 Coverity fixes
2026-07-01 17:59:19 -05:00
Daniel Pouzzner
fd3b489ea5
Merge pull request #10787 from stenslae/update-wolfssl-email
...
Updated email to facts@wolfssl.com
2026-07-01 17:52:20 -05:00
Daniel Pouzzner
7dd269fc52
Merge pull request #10793 from embhorn/gh10790
...
Restore error code from DecodeGeneralName
2026-07-01 17:49:37 -05:00
Daniel Pouzzner
beca44b2fb
Merge pull request #10795 from embhorn/gh10791
...
Fix to send record_overflow alert
2026-07-01 17:45:43 -05:00
Daniel Pouzzner
22b552c668
Merge pull request #10809 from aidangarske/fenrir-6558-nameconstraints-minmax
...
Reject name constraint subtree with non-zero minimum or maximum
2026-07-01 17:38:28 -05:00
Daniel Pouzzner
0703dc9c6e
Merge pull request #10815 from SparkiDev/tls13_test_cv_sig_alg
...
TLSv1.3 test: CertificateVerify signature algorithm test
2026-07-01 17:27:48 -05:00
Daniel Pouzzner
7afcc3eef6
Merge pull request #10687 from rlm2002/zd-NameConstraints
...
Name Constraints cert chain walk
2026-07-01 17:24:52 -05:00
Daniel Pouzzner
9f48aef47f
Merge pull request #10638 from rizlik/nc_uri_trailing_dot
...
NameConstraints fixes
2026-07-01 17:14:08 -05:00
Daniel Pouzzner
d733f203fa
Merge pull request #10663 from rizlik/pubkey_ecc_operation_cb
...
Introduce ECC Make PUB and ECC Check Pub crypto callbacks
2026-07-01 16:53:24 -05:00
Daniel Pouzzner
5a9a49d5d5
Merge pull request #10730 from rizlik/dtlsv13_interop
...
dtlsv13: fix: send correct CH2 when server do not send HRR
2026-07-01 16:40:29 -05:00
Daniel Pouzzner
323027d1d2
Merge pull request #10820 from lealem47/dh_min_sz
...
FIPS: Default to 2048 bit min DH crypto
2026-07-01 14:40:04 -05:00
JacobBarthelmeh
64a4c7a7ae
Merge pull request #10750 from night1rider/SHAKE-Callbacks
...
SHAKE 128/256 callback wiring and tests, along with fix to devCTX initialization
2026-07-01 10:53:57 -06:00
Lealem Amedie
277bd66624
FIPS: Default to 2048 bit min DH crypto
2026-07-01 08:26:23 -06:00
Tobias Frauenschläger
9e71da21ac
Merge pull request #10751 from aidangarske/tinytls13
...
Add --enable-tinytls13 TLS 1.3-only footprint profile.
Merging with PRB-master-job failing. Failures are unrelated to this PR.
2026-07-01 15:21:04 +02:00
Sean Parkinson
6315f95378
Aarch64 asm: Have software fallback and CPU id checks
...
cpuid.h — added CPUID_ASIMD flag + IS_AARCH64_ASIMD() macro (NEON detection).
cpuid.c — added NEON/ASIMD detection fixed FreeBSD/OpenBSD to use HWCAP_*
sha256.c — runtime dispatch SHA256-crypto → NEON → software
sha512.c — replaced the #error with the same crypto → NEON → software dispatch.
chacha.c: add AArch64 runtime fallback to C.
poly1305.c: add AArch64 runtime fallback to C.
Fixes
test_tls.c: don't memcpy into buffer if length is too long.
sha256.c: even if data is not NULL, return immediately when length is 0.
2026-07-01 09:32:28 +10:00
Sean Parkinson
95e798e897
TLSv1.3 test: CertificateVerify signature algorithm test
...
F-2917
Added test for signature algorithms sent not matching available.
2026-06-30 15:51:51 +10:00
aidan garske
2124a1075f
F-6558 - Reject name constraint subtree with non-zero minimum or maximum
2026-06-29 16:10:15 -07:00
Daniel Pouzzner
8452f2b2e0
wolfssl/wolfcrypt/wc_port.h: keep #define INLINE WC_INLINE even for latest FIPS;
...
tests/api.c: use WOLFSSL_FILETYPE_PEM, not SSL_FILETYPE_PEM;
tests/api/test_dtls.c and tests/api/test_dtls13.c: use WOLFSSL_ERROR_WANT_READ, not SSL_ERROR_WANT_READ.
2026-06-27 22:31:48 -05:00
Emma Stensland
92e76d4667
updated email to facts@wolfssl.com
2026-06-26 14:44:16 -06:00
Eric Blankenhorn
c18833f520
Fix to send record_overflow alert
2026-06-26 11:49:59 -05:00
Eric Blankenhorn
e1a2ba3b02
Restore error code from DecodeGeneralName
2026-06-26 11:11:22 -05:00
Ruby Martin
37365796bd
Fix untrusted pointer issue. Bound tainted lengths in ECH test helper
2026-06-25 14:44:03 -06:00
Ruby Martin
720662e013
capture and free NULL peer to prevent resource leak false positive
2026-06-25 14:44:03 -06:00
Ruby Martin
c26f22e9f9
Correct assignment to ssl->options.tls1_3
2026-06-25 14:44:03 -06:00
Ruby Martin
c50d4d2a52
Add bounds check to test helper ech_find_extension()
2026-06-25 14:44:03 -06:00
Ruby Martin
92ed948907
Ignore return from remove() function in tests with (void)
2026-06-25 14:44:03 -06:00
Ruby Martin
26625b7d5e
Remove dead code. Dead XBADFILE check, remove() call
2026-06-25 14:44:03 -06:00
Ruby Martin
2c23f174ce
FreePeerProtocol before freeing, clears potential resource leak (currently false positive)
2026-06-25 14:44:03 -06:00
David Garske
039e97df89
Merge pull request #10779 from lealem47/guard_rsa_modulus_test
...
Testing: Guard RSA OversizedModulus test result by FIPS version
2026-06-25 12:06:14 -07:00
David Garske
cee4b2bb47
Merge pull request #10713 from SparkiDev/curve25519_hibit_mask
...
X25519: standard requires masking of top bit
2026-06-25 10:34:49 -07:00
Lealem Amedie
b707c00f80
Testing: Guard RSA OversizedModulus test result by FIPS version
2026-06-25 08:16:06 -06:00
JacobBarthelmeh
0ff9278bd9
fix for ecc init flag being set
2026-06-24 16:04:53 -06:00
Eric Blankenhorn
17523c69f6
Fix TLS1.2 error code correction
2026-06-23 14:32:24 -05:00
night1rider
fed375fcea
SHAKE 128/256 callback wiring and tests, along with fix to devCTX initialization.
2026-06-22 13:35:37 -06:00
aidan garske
8bce9f0ead
Add --enable-tinytls13 TLS 1.3-only footprint profile (PSK+ECDHE floor + minimal X.509)
2026-06-19 15:22:59 -07:00
JacobBarthelmeh
67c7a11b8f
fix for nightly memory allocation test cases with LMS
2026-06-18 17:23:11 -06:00
Ruby Martin
0052ec44dd
add regression tests for name-constraint ancestor walk
...
- test_wolfSSL_CertManagerNameConstraint_valid_chain
- test_wolfSSL_CertManagerNameConstraint_skid_disambiguates
- Cert/key fixtures under certs/test/nc-ancestor/
- gen-nc-ancestor.sh to regenerate from committed keys
2026-06-18 14:52:08 -06:00
Daniel Pouzzner
0b20777315
tests/api.c: in test_wolfSSL_set_cipher_list_exclusions(), don't test IANA names if NO_ERROR_STRINGS.
2026-06-18 13:41:20 -05:00
JacobBarthelmeh
1001428637
adjust test case macro guard for ALLOW_INVALID_CERTSIGN builds
2026-06-18 08:20:33 -06:00
Marco Oliverio
9e7958c108
dtlsv13: fix: send correct CH2 when server do not send HRR
2026-06-18 13:46:08 +02:00
JacobBarthelmeh
506a8649e9
add macro guard around new test case for specific builds
2026-06-18 00:48:26 -06:00
JacobBarthelmeh
633784e91b
Merge pull request #10714 from Frauschi/zd21992_2
...
Some more fixes
2026-06-17 17:34:15 -06:00
Tobias Frauenschläger
dedba75ad4
Reject duplicate certificatePolicies extension in WOLFSSL_CERT_EXT builds
...
DecodeExtensionType() guarded the certificatePolicies duplicate check
(VERIFY_AND_SET_OID) under WOLFSSL_SEP only, because the extCertPolicySet
tracking bit was SEP-only. In a WOLFSSL_CERT_EXT-without-WOLFSSL_SEP build a
cert with two certificatePolicies extensions was accepted and the second
silently overwrote the first (RFC 5280 4.2 forbids repeats). Make the bit and
the guard available under WOLFSSL_CERT_EXT too, matching every other
non-repeatable extension.
Add test_DecodeCertExtensions_dup_certpol (DecodeExtensionType now
WOLFSSL_TEST_VIS).
2026-06-17 19:14:21 +02:00
Tobias Frauenschläger
8e5be42a9d
Fix !aNULL/!eNULL to drop explicitly-listed anonymous/NULL cipher suites
...
ParseCipherList() only cleared the InitSuites mask for "!aNULL"/"!eNULL",
which governs generated defaults, so an explicitly listed ADH or NULL-cipher
suite survived (e.g. "ADH-AES128-SHA:!aNULL" still offered an unauthenticated
suite). Scrub the explicit suites after parsing; exclusions are order-
independent and sticky (a later "ALL" cannot re-enable them).
Add test_wolfSSL_set_cipher_list_exclusions.
2026-06-17 19:14:07 +02:00
Tobias Frauenschläger
160b3179a1
Add regression tests for various d2i_* methods
2026-06-17 18:44:11 +02:00
Marco Oliverio
c43ab39306
cryptocb: add WC_PK_TYPE_EC_CHECK_PUB_KEY for ECC key validation offload
...
Add a crypto-callback operation for validating an ECC key.
Under WOLF_CRYPTO_CB_ONLY_ECC validation now fails closed with
NO_VALID_DEVID when no device handles the operation; previously such
keys were accepted unvalidated. This is a deliberate compatibility
break, documented at the dispatch site.
2026-06-17 15:02:14 +02:00
Marco Oliverio
f7877887d7
cryptocb: add WC_PK_TYPE_EC_MAKE_PUB for ECC public-key derivation offload
...
Under WOLF_CRYPTO_CB_ONLY_ECC, HAVE_ECC_MAKE_PUB is now enabled and
backed by the dispatch alone, failing closed with NO_VALID_DEVID when
no device handles the operation (previously NOT_COMPILED_IN).
2026-06-17 13:21:48 +02:00