David Garske
60085b0e48
Merge pull request #10837 from rlm2002/zd-NameConstraints
...
DNS name constraint fix
2026-07-08 09:21:52 -07:00
Tobias Frauenschläger
673d8d00bb
Merge pull request #10778 from SparkiDev/time_stamp_protocol
...
Time-Stamp Protocol (RFC 3161)
2026-07-08 17:43:38 +02:00
David Garske
b19f00a736
Merge pull request #10807 from SparkiDev/aes_gcm_siv_asm
...
AES-GCM-SIV: Add implementation in C and assembly
2026-07-08 08:30:02 -07:00
David Garske
a8d223b308
Merge pull request #10834 from SparkiDev/cmake_update_1
...
cmake: add more build options in line with automake
2026-07-08 08:29:11 -07:00
David Garske
7f441a687a
Merge pull request #10748 from night1rider/AES-Callbacks
...
AES callbacks for CFB and OFB
2026-07-08 08:25:23 -07:00
Tobias Frauenschläger
dcc2b23b1a
Merge pull request #10852 from stenslae/fix-mldsa-privkeydecode-no-asn1
...
Fix ML-DSA level auto-detection in WOLFSSL_MLDSA_NO_ASN1 builds
2026-07-08 10:03:34 +02:00
Tobias Frauenschläger
3b07f7df34
Merge pull request #10855 from philljj/misc_fixes
...
wolfcrypt: fix several redefinition of typedef errors.
2026-07-08 09:56:45 +02:00
David Garske
3cc69f0fae
Merge pull request #10839 from kojiws/fix_arm64_macro_name
...
ML-DSA: Fix misspelled `__arch64__` macro to `__aarch64__`
2026-07-07 21:55:46 -07:00
David Garske
e0a8f3f475
Merge pull request #10706 from JacobBarthelmeh/dev
...
defense in depth hardening for x509 extension create by OBJ and EVP decode update
2026-07-07 16:41:15 -07:00
Sean Parkinson
ae023a5643
Time-Stamp Protocol (RFC 3161)
...
Implementation in wolfCrypt
OpenSSL compatibility layer in wolfSSL
Added tests, certificates, examples.
2026-07-08 09:33:47 +10:00
David Garske
a296ac07fc
Merge pull request #10842 from miyazakh/f6162_tsiphash
...
[Renesas RX72N] RX72N TSIP fixes and command-line build/flash/UART tooling
2026-07-07 16:17:30 -07:00
Sean Parkinson
7a1513468d
cmake: add more build options in line with automake
...
Updates
- ~100 individual options added (ciphers, TLS features, debug/test, caches,
kernel-module, key-size numerics, asm) + fixed WOLFSSL_32BIT's missing define.
- 37 app-integration bundles (openssh, nginx, haproxy, openvpn, wpas,
apachehttpd, jni, wolfclu, wolfsentry, ...) - each force-enables its
sub-options and emits its defines; all build clean and match ./configure
--enable-X exactly (miss=0/extra=0).
- Each option wired in 3 places: add_option + define in CMakeLists.txt,
#cmakedefine in options.h.in, source selection where needed. Verified by real
libwolfssl.so builds.
2026-07-08 09:11:14 +10:00
philljj
2f2ffbac04
Merge pull request #10856 from douzzer/20260702-linuxkm-various
...
20260702-linuxkm-various
2026-07-07 17:44:50 -05:00
David Garske
6d38bc12e8
Merge pull request #10854 from rlm2002/gi10846-7
...
IDE resource handling and error-path improvements
2026-07-07 15:13:28 -07:00
David Garske
d805c804b9
Merge pull request #10733 from mattia-moffa/20260617-max32666-sha-streaming-old
...
MAX32666 fixes for old SDK
2026-07-07 14:54:34 -07:00
David Garske
7dd7ae86c0
Merge pull request #10770 from embhorn/zd22032
...
Fix wolfSSL_BUF_MEM_grow_ex with WOLFSSL_NO_REALLOC
2026-07-07 14:48:29 -07:00
David Garske
bee18d122d
Merge pull request #10801 from SparkiDev/windows_asm_1
...
Add Windows assembly files to the build
2026-07-07 14:26:31 -07:00
David Garske
926a50458b
Merge pull request #10841 from SparkiDev/extract_funcs_ssl_1
...
internal.c: extract functions to make code cleaner
2026-07-07 14:26:16 -07:00
Sean Parkinson
2c0e235bd1
AES-GCM-SIV: Add implementation in C and assembly
...
Added assembly for Intel x64, ARM64, ARM32, Thumb2.
2026-07-08 07:15:26 +10:00
David Garske
5ebc44ee4e
Merge pull request #10848 from SparkiDev/wycheproof_fixes_5
...
Wycheproof: fixes for various platforms
2026-07-07 14:10:07 -07:00
David Garske
c635740d6e
Merge pull request #10850 from holtrop-wolfssl/wolfssl-wolfcrypt-2.1.0
...
Rust wrapper: wolfssl-wolfcrypt v2.1.0
2026-07-07 14:07:57 -07:00
Aidan Garske
e6567ac353
Merge pull request #10838 from cyberstormdotmu/loganaden-patch-wolfssl_quic_underflow
...
quic: Fix buffer underflow
2026-07-07 13:30:26 -07:00
night1rider
2c6261d1a8
Add testing for cryptocb only for aes ofb and cfb
2026-07-07 14:20:29 -06:00
night1rider
d09803154b
Adding callbacks for AES mode OFB and CFB, along with callback testing/coverage for the callback paths
2026-07-07 14:20:26 -06:00
Daniel Pouzzner
833e360ccd
fixes for issues identified by CI tests and AI review:
...
tests/api/api.h: always use FIPS 186-4 settings if defined(HAVE_SELFTEST).
wolfssl/wolfcrypt/settings.h: if defined(HAVE_SELFTEST), #define WC_FIPS_186_4.
2026-07-07 02:35:51 -05:00
Daniel Pouzzner
3965993c6d
wolfssl/wolfcrypt/types.h: in fallback definition of DISABLE_VECTOR_REGISTERS(), return NOT_COMPILED_IN rather than (-1), for clarity and traceability.
...
linuxkm/lkcapi_sha_glue.c: require defined(WOLFSSL_EXPERIMENTAL_SETTINGS) when defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES).
2026-07-07 00:19:48 -05:00
Daniel Pouzzner
5cee8bec39
wolfcrypt/src/rng_bank.c:
...
* refactor rng_bank.refcount management using wolfSSL_RefInc_IfAtLeast() and wolfSSL_RefDec_IfEquals(), to mitigate deallocation races.
* in wc_rng_bank_init(), fail fast for non-retryable errors.
* in wc_rng_bank_init(), wc_rng_bank_checkout(), and wc_rng_bank_inst_reinit(), consistently treat timeout_secs==0 as dont-wait, and timeout_secs<0 as wait-forever if wc_rng_bank_init() or flags & WC_RNG_BANK_FLAG_CAN_WAIT.
* in wc_rng_bank_checkout(), fix affinity dynamics to recompute after possible sleep, or drop affinity attempts entirely if using WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST strategy.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner
0fdceafe6b
wolfcrypt/src/wc_port.c, wolfssl/wolfcrypt/wc_port.h:
...
* implement wolfSSL_RefInc_IfAtLeast() and wolfSSL_RefDec_IfEquals().
* implement wolfSSL_RefWithMutexInc_IfAtLeast() and wolfSSL_RefWithMutexDec_IfEquals().
wolfssl/wolfcrypt/wc_port.h: for old FIPS when __GNUC__ or __clang__, always map __FUNCTION__ to __func__ for pedantic conformance.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner
bd977dc0b9
linuxkm/lkcapi_ecdsa_glue.c and linuxkm/lkcapi_glue.c: implement support for ECDSA verify on kernel 6.13+ (struct sig_alg API).
2026-07-07 00:19:48 -05:00
Daniel Pouzzner
09db3a6410
linuxkm/linuxkm_wc_port.h:
...
* set up WC_LINUXKM_HAVE_SELFTEST and WC_LINUXKM_HAVE_SELFTEST_FULL early.
* replace the forced-downgrade from FIPS 186-5 to 186-4 for SHA-1 support, with a #error if configuration is incompatible.
linuxkm/linuxkm_wc_port.h, linuxkm/lkcapi_glue.c, linuxkm/module_exports.c.template, linuxkm/module_hooks.c, wolfcrypt/src/random.c: consolidate into the warning-masked span of linuxkm_wc_port.h, the #includes for kernel headers linux/fips.h, linux/vmalloc.h, and linux/random.h.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner
12272e1c06
wolfssl/wolfcrypt/hash.h, src/internal.c, src/pk_ec.c, tests/api/api.h, wolfcrypt/src/dsa.c, wolfcrypt/src/ecc.c, wolfcrypt/src/pkcs7.c, wolfcrypt/test/test.c:
...
* remove FIPS 186-5 sign-mode restrictions from WC_HASH_CUSTOM_MIN_DIGEST_SIZE.
* set up WC_MIN_DIGEST_SIZE_FOR_SIGN and WC_MIN_DIGEST_SIZE_FOR_VERIFY, derived from WC_HASH_CUSTOM_MIN_DIGEST_SIZE, but enforcing FIPS 186-5 sign-mode restrictions only for WC_MIN_DIGEST_SIZE_FOR_SIGN.
* replace all uses of WC_MIN_DIGEST_SIZE with WC_MIN_DIGEST_SIZE_FOR_SIGN or WC_MIN_DIGEST_SIZE_FOR_VERIFY as appropriate.
wolfcrypt/test/test.c: in cryptocb_test(), don't expect callback execution in FIPS builds.
wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, if defined(NO_SHA) while registering ECDSA handlers, force WC_MIN_DIGEST_SIZE_FOR_VERIFY to 20 for SHA-1 verify support.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner
d7a29f58b4
wolfcrypt/src/aes.c: activate USE_INTEL_SPEEDUP when defined(USE_INTEL_SPEEDUP_FOR_AES) in the WOLFSSL_X86_64_BUILD build path too.
...
linuxkm/lkcapi_aes_glue.c: tweak WOLFKM_AES_DRIVER_ISA_EXT to reflect AVX512 and VAES capabilities.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner
42a9983e05
tests/api.c: appropriately pivot expected result code on minDhKeySz in test_wolfSSL_CTX_SetTmpDH_file() and test_wolfSSL_SetTmpDH_file().
...
tests/api/test_evp_pkey.c and tests/api/test_ossl_rsa.c: for FIPS, use WC_RSA_EXPONENT as the exponent for RSA_generate_key(), not 3.
2026-07-07 00:19:47 -05:00
Loganaden Velvindron
0cdc7ab583
Fix whitespaces
2026-07-07 08:51:12 +04:00
jordan
e6e8d9c7e2
wolfcrypt: fix several redefinition of typedef errors.
2026-07-06 23:49:14 -05:00
Loganaden Velvindron
98c48a43b7
move check earlier
2026-07-07 08:47:50 +04:00
David Garske
675d5df2cd
Merge pull request #10833 from kareem-wolfssl/zd22079
...
Add some missing PKCS7 length checks and bound DTLS 1.3 ACK list.
2026-07-06 17:28:22 -07:00
Sean Parkinson
649054f7b8
Wycheproof: fixes for various platforms
...
Fixes for C, Intel x64, Aarch64, ARM32, Thumb2, Thumb.
2026-07-07 09:06:00 +10:00
Ruby Martin
3cc906f5d1
Rework fail cleanup (GCC-ARM)
2026-07-06 16:27:01 -06:00
Ruby Martin
1cad9fb5b6
IDE examples: fix ssl double-free and unsafe connd close in servers
2026-07-06 16:27:01 -06:00
Ruby Martin
e54ef44870
Fix ssl double-free and accepted-socket leak in Azure Sphere server
...
Set ssl = NULL after the per-connection free so the final util_Cleanup
no longer double-frees it; close(connd) on post-accept error paths.
2026-07-06 16:27:01 -06:00
Ruby Martin
f5610a8a76
Jump to exit on error paths to free resources before returning
...
iotsafe-raspberrypi: goto exit on cert-load failure (was return -1).
MQX server: replace bare return -1 with goto exit + guarded cleanup.
QNX client: correct cleanup-ladder jump targets to unwind properly.
initialize ctx and ssl to NULL
validate wolfIoTSafe_GetCert's int return before casting to uint32_t
2026-07-06 16:27:01 -06:00
Sean Parkinson
9918a1177a
internal.c: extract functions to make code cleaner
2026-07-07 08:11:10 +10:00
Emma Stensland
8407359792
fix ml-dsa level auto detection in no asn1 builds
2026-07-06 16:08:58 -06:00
Sean Parkinson
bcef8f4f6d
Add Windows assembly files to the build
...
Windows ASM files generated along side the ATT assembly files.
Adding them to the build so they can be used.
2026-07-07 08:02:20 +10:00
JacobBarthelmeh
f1b700180c
Merge pull request #10738 from dgarske/zd_ecc_nonblock_certchain
...
Add WOLFSSL_ASYNC_CERT_YIELD: per-certificate non-blocking yield
2026-07-06 14:21:08 -06:00
Josh Holtrop
a29a882a3a
Rust wrapper: wolfssl-wolfcrypt v2.1.0
2026-07-06 12:07:39 -04:00
Josh Holtrop
19f6f01c61
Rust wrapper: update CHANGELOG for v2.1.0
2026-07-06 12:05:45 -04:00
Josh Holtrop
0a85d07ab3
Rust wrapper: update crate dependencies
2026-07-06 12:03:14 -04:00
David Garske
e79c581105
Merge pull request #10712 from kareem-wolfssl/gh10679
...
Configure.ac updates
2026-07-06 08:16:17 -07:00