Ruby Martin
75e6406cd3
upper bounds check for DSA signature
2026-03-26 11:28:36 -06:00
Ruby Martin
d4b25d0ebc
guard against heap buffer overflow
2026-03-26 11:28:36 -06:00
Marco Oliverio
1aa1cec3f2
dtls13: limit max number of ack records to 128
2026-03-26 18:25:48 +01:00
Marco Oliverio
350a9bfd89
dtls13: add DtlsDoScheduledWork in the WOLFSSL_API_PREFIX_MAP
2026-03-26 18:01:53 +01:00
Marco Oliverio
ccfc95809b
test: dtls13: add ack test
2026-03-26 15:11:31 +01:00
Marco Oliverio
1c83e24a7a
dtls13: keep a counter for seenRecords list
2026-03-26 15:11:31 +01:00
Marco Oliverio
025a7dcd16
dtls13: lock list manipulation
2026-03-26 15:11:31 +01:00
Marco Oliverio
3034dd9e2d
dtls13: release mutex on error
2026-03-26 15:11:31 +01:00
Josh Holtrop
aa33d7be35
Rust wrapper: chacha20_poly1305: add debug_assert checking in-place operation maximum length
2026-03-26 09:09:55 -04:00
Anthony Hu
6721bde8e0
Add bounds check in PKCS7 streaming indefinite-length end-of-content parsing
2026-03-25 20:03:00 -04:00
Josh Holtrop
444f90553a
Rust wrapper: document XChaCha20Poly1305 encrypt_in_place_detached maximum buffer length
2026-03-25 13:48:03 -04:00
Josh Holtrop
5d9439c581
Rust wrapper: aes: avoid overlapping Rust slices
2026-03-25 13:43:19 -04:00
Ruby Martin
50448ef7c6
add guard for integer underflow in DecryptTls13
2026-03-25 10:22:10 -06:00
Josh Holtrop
23cb7ae30c
Rust wrapper: add cipher trait support
2026-03-25 10:51:06 -04:00
Josh Holtrop
873bc05cde
Rust wrapper: add aead trait support
2026-03-25 10:51:00 -04:00
Josh Holtrop
07acf8d33d
Rust wrapper: add rand_core trait support
2026-03-25 10:50:52 -04:00
Daniel Pouzzner
7efc962d04
Merge pull request #10031 from holtrop-wolfssl/rust-cross-compile-support
...
Rust wrapper: update build.rs to support cross-compiling and bare-metal targets
2026-03-25 09:46:40 -05:00
Josh Holtrop
34afd28541
Rust wrapper: build.rs improvements from code review
2026-03-25 09:00:28 -04:00
Eric Blankenhorn
1a1bdb2cfe
Address review feedback
2026-03-25 07:48:16 -05:00
Josh Holtrop
a511e45d30
Rust wrapper: build.rs improvements per code review
2026-03-25 08:15:42 -04:00
David Garske
6cc94b07a4
Fix possible leak for ecc non-blocking crypto
2026-03-24 14:44:28 -07:00
David Garske
cf6c1722ae
Merge pull request #10027 from embhorn/zd21394
...
Remove FIPS guards in GetASN_BitString length check
2026-03-24 14:06:40 -07:00
David Garske
636f0e50a1
Merge pull request #10059 from douzzer/20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
...
20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
2026-03-24 13:13:42 -07:00
Anthony Hu
812e2b6bde
Volatile casting
2026-03-24 14:39:39 -04:00
Anthony Hu
2d29608f28
Not just FIPS 140-2, 3 as well.
2026-03-24 14:20:57 -04:00
Daniel Pouzzner
ec61e07d18
wolfcrypt/src/pwdbased.c: in wc_PKCS12_PBKDF_ex(), refactor the "Increment B by 1" loop to avoid bugprone-inc-dec-in-conditions.
2026-03-24 12:07:04 -05:00
David Garske
c64fd4f132
Merge pull request #9905 from julek-wolfssl/WC_ALLOC_DO_ON_FAILURE-cleanup
...
Don't declare WC_ALLOC_DO_ON_FAILURE by default
2026-03-24 09:35:03 -07:00
David Garske
73bea906be
Merge pull request #10034 from sebastian-carpenter/GH-10016
...
verify ciphersuite in CH2 matches HRR
2026-03-24 09:31:45 -07:00
David Garske
328822b447
Merge pull request #10047 from Frauschi/mldsa_no_ctx
...
Guard old non-ctx ML-DSA API by default
2026-03-24 09:26:24 -07:00
David Garske
bddeac1d72
Merge pull request #9952 from julek-wolfssl/zd/21324
...
wolfSSL_X509_verify_cert: add host check from `ctx->param`
2026-03-24 09:26:12 -07:00
David Garske
0b119e225f
Merge pull request #10056 from philljj/fix_bsdkm_benchmark
...
bsdkm benchmark: fix build.
2026-03-24 09:24:49 -07:00
David Garske
3cf4aeab5c
Merge pull request #10025 from embhorn/zd21392
...
Fix DecodeObjectId unknown ext parse
2026-03-24 09:17:10 -07:00
David Garske
03beeae44e
Merge pull request #10033 from embhorn/gh10028
...
Fix FillSigner to clear pubkeystored
2026-03-24 09:15:05 -07:00
Daniel Pouzzner
d36ddf4063
Merge pull request #9920 from dgarske/asn_old
...
Split original ASN.1 code from asn.c into asn_orig.c
2026-03-24 10:52:15 -05:00
David Garske
ab8cd6fc46
Merge pull request #9937 from douzzer/20260306-wc_Hash-refactor
...
20260306-wc_Hash-refactor
2026-03-24 08:48:08 -07:00
David Garske
051b83b517
Merge pull request #9999 from sebastian-carpenter/hpke-fix
...
Fix: Improved support for combinations of HPKE algos
2026-03-24 08:47:01 -07:00
David Garske
3b9084142d
Merge pull request #10020 from SparkiDev/sp_int_ai_fixes_1
...
SP int: fixes from AI review
2026-03-24 08:43:50 -07:00
Juliusz Sosinowicz
a0e1fcebfb
Re-enable hostap tests and remove some flaky tests
...
ALL should not include NULL ciphersuites. Those need to be enabled explicitly.
2026-03-24 16:31:31 +01:00
Andrew Hutchings
36de828dc0
Composite GHA action with caching
...
This adds caching for apt and should make things a bit more stable and
faster.
2026-03-24 15:24:01 +00:00
jordan
7016be9c29
bsdkm: clean up benchmark cflags.
2026-03-24 09:08:49 -05:00
jordan
019e6bca6f
bsdkm benchmark: fix build.
2026-03-24 08:13:27 -05:00
Eric Blankenhorn
1d1d8ff41e
Fix OCSP tests to use Alloc/FreeDer
2026-03-24 07:41:40 -05:00
Eric Blankenhorn
e58b0d69b8
Fix test failure
2026-03-24 07:05:43 -05:00
Eric Blankenhorn
3a6ccc13a1
Fix FillSigner to clear pubkeystored
2026-03-24 07:05:43 -05:00
Tobias Frauenschläger
3fd13b819d
Guard old non-ctx ML-DSA API by default
2026-03-24 11:16:22 +01:00
JacobBarthelmeh
81c3d26dde
update macro guards for coexist build and use ret when getting SSL error
2026-03-23 22:46:34 -04:00
JacobBarthelmeh
3d62a6fe09
adjustment for openssl coexist build with the examples
2026-03-23 21:51:10 -04:00
JacobBarthelmeh
bab432d84b
fix examples to follow options.h config
2026-03-23 21:51:09 -04:00
Takashi Kojo
ad7914b2ce
automatic WOLFSSL_SP_4096setting.h/user_settings.h
2026-03-24 10:05:12 +09:00
Sean Parkinson
f15199906d
SP int: fixes from AI review
...
Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to
unit.test.
sp_int.c:
Fixes to comments.
Added more define build options documentation to top of file.
Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined.
Fixes for when a->used is 0 and no underflow - not actually a problem
but cleaner code.
sp_sub has different checks on a->used when values are only positive.
sp_dic_2d missing check for e less than zero.
sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i
to int to handle a->used of 0 and make code tidier.
Configuration testing fixes.
Fix formatting in test.c.
Added 128-bit types word128 and sword128 for cleaner PKCS#12 code.
2026-03-24 10:49:58 +10:00