Commit Graph

29160 Commits

Author SHA1 Message Date
Ruby Martin 75e6406cd3 upper bounds check for DSA signature 2026-03-26 11:28:36 -06:00
Ruby Martin d4b25d0ebc guard against heap buffer overflow 2026-03-26 11:28:36 -06:00
Marco Oliverio 1aa1cec3f2 dtls13: limit max number of ack records to 128 2026-03-26 18:25:48 +01:00
Marco Oliverio 350a9bfd89 dtls13: add DtlsDoScheduledWork in the WOLFSSL_API_PREFIX_MAP 2026-03-26 18:01:53 +01:00
Marco Oliverio ccfc95809b test: dtls13: add ack test 2026-03-26 15:11:31 +01:00
Marco Oliverio 1c83e24a7a dtls13: keep a counter for seenRecords list 2026-03-26 15:11:31 +01:00
Marco Oliverio 025a7dcd16 dtls13: lock list manipulation 2026-03-26 15:11:31 +01:00
Marco Oliverio 3034dd9e2d dtls13: release mutex on error 2026-03-26 15:11:31 +01:00
Josh Holtrop aa33d7be35 Rust wrapper: chacha20_poly1305: add debug_assert checking in-place operation maximum length 2026-03-26 09:09:55 -04:00
Anthony Hu 6721bde8e0 Add bounds check in PKCS7 streaming indefinite-length end-of-content parsing 2026-03-25 20:03:00 -04:00
Josh Holtrop 444f90553a Rust wrapper: document XChaCha20Poly1305 encrypt_in_place_detached maximum buffer length 2026-03-25 13:48:03 -04:00
Josh Holtrop 5d9439c581 Rust wrapper: aes: avoid overlapping Rust slices 2026-03-25 13:43:19 -04:00
Ruby Martin 50448ef7c6 add guard for integer underflow in DecryptTls13 2026-03-25 10:22:10 -06:00
Josh Holtrop 23cb7ae30c Rust wrapper: add cipher trait support 2026-03-25 10:51:06 -04:00
Josh Holtrop 873bc05cde Rust wrapper: add aead trait support 2026-03-25 10:51:00 -04:00
Josh Holtrop 07acf8d33d Rust wrapper: add rand_core trait support 2026-03-25 10:50:52 -04:00
Daniel Pouzzner 7efc962d04 Merge pull request #10031 from holtrop-wolfssl/rust-cross-compile-support
Rust wrapper: update build.rs to support cross-compiling and bare-metal targets
2026-03-25 09:46:40 -05:00
Josh Holtrop 34afd28541 Rust wrapper: build.rs improvements from code review 2026-03-25 09:00:28 -04:00
Eric Blankenhorn 1a1bdb2cfe Address review feedback 2026-03-25 07:48:16 -05:00
Josh Holtrop a511e45d30 Rust wrapper: build.rs improvements per code review 2026-03-25 08:15:42 -04:00
David Garske 6cc94b07a4 Fix possible leak for ecc non-blocking crypto 2026-03-24 14:44:28 -07:00
David Garske cf6c1722ae Merge pull request #10027 from embhorn/zd21394
Remove FIPS guards in GetASN_BitString length check
2026-03-24 14:06:40 -07:00
David Garske 636f0e50a1 Merge pull request #10059 from douzzer/20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
2026-03-24 13:13:42 -07:00
Anthony Hu 812e2b6bde Volatile casting 2026-03-24 14:39:39 -04:00
Anthony Hu 2d29608f28 Not just FIPS 140-2, 3 as well. 2026-03-24 14:20:57 -04:00
Daniel Pouzzner ec61e07d18 wolfcrypt/src/pwdbased.c: in wc_PKCS12_PBKDF_ex(), refactor the "Increment B by 1" loop to avoid bugprone-inc-dec-in-conditions. 2026-03-24 12:07:04 -05:00
David Garske c64fd4f132 Merge pull request #9905 from julek-wolfssl/WC_ALLOC_DO_ON_FAILURE-cleanup
Don't declare WC_ALLOC_DO_ON_FAILURE by default
2026-03-24 09:35:03 -07:00
David Garske 73bea906be Merge pull request #10034 from sebastian-carpenter/GH-10016
verify ciphersuite in CH2 matches HRR
2026-03-24 09:31:45 -07:00
David Garske 328822b447 Merge pull request #10047 from Frauschi/mldsa_no_ctx
Guard old non-ctx ML-DSA API by default
2026-03-24 09:26:24 -07:00
David Garske bddeac1d72 Merge pull request #9952 from julek-wolfssl/zd/21324
wolfSSL_X509_verify_cert: add host check from `ctx->param`
2026-03-24 09:26:12 -07:00
David Garske 0b119e225f Merge pull request #10056 from philljj/fix_bsdkm_benchmark
bsdkm benchmark: fix build.
2026-03-24 09:24:49 -07:00
David Garske 3cf4aeab5c Merge pull request #10025 from embhorn/zd21392
Fix DecodeObjectId unknown ext parse
2026-03-24 09:17:10 -07:00
David Garske 03beeae44e Merge pull request #10033 from embhorn/gh10028
Fix FillSigner to clear pubkeystored
2026-03-24 09:15:05 -07:00
Daniel Pouzzner d36ddf4063 Merge pull request #9920 from dgarske/asn_old
Split original ASN.1 code from asn.c into asn_orig.c
2026-03-24 10:52:15 -05:00
David Garske ab8cd6fc46 Merge pull request #9937 from douzzer/20260306-wc_Hash-refactor
20260306-wc_Hash-refactor
2026-03-24 08:48:08 -07:00
David Garske 051b83b517 Merge pull request #9999 from sebastian-carpenter/hpke-fix
Fix: Improved support for combinations of HPKE algos
2026-03-24 08:47:01 -07:00
David Garske 3b9084142d Merge pull request #10020 from SparkiDev/sp_int_ai_fixes_1
SP int: fixes from AI review
2026-03-24 08:43:50 -07:00
Juliusz Sosinowicz a0e1fcebfb Re-enable hostap tests and remove some flaky tests
ALL should not include NULL ciphersuites. Those need to be enabled explicitly.
2026-03-24 16:31:31 +01:00
Andrew Hutchings 36de828dc0 Composite GHA action with caching
This adds caching for apt and should make things a bit more stable and
faster.
2026-03-24 15:24:01 +00:00
jordan 7016be9c29 bsdkm: clean up benchmark cflags. 2026-03-24 09:08:49 -05:00
jordan 019e6bca6f bsdkm benchmark: fix build. 2026-03-24 08:13:27 -05:00
Eric Blankenhorn 1d1d8ff41e Fix OCSP tests to use Alloc/FreeDer 2026-03-24 07:41:40 -05:00
Eric Blankenhorn e58b0d69b8 Fix test failure 2026-03-24 07:05:43 -05:00
Eric Blankenhorn 3a6ccc13a1 Fix FillSigner to clear pubkeystored 2026-03-24 07:05:43 -05:00
Tobias Frauenschläger 3fd13b819d Guard old non-ctx ML-DSA API by default 2026-03-24 11:16:22 +01:00
JacobBarthelmeh 81c3d26dde update macro guards for coexist build and use ret when getting SSL error 2026-03-23 22:46:34 -04:00
JacobBarthelmeh 3d62a6fe09 adjustment for openssl coexist build with the examples 2026-03-23 21:51:10 -04:00
JacobBarthelmeh bab432d84b fix examples to follow options.h config 2026-03-23 21:51:09 -04:00
Takashi Kojo ad7914b2ce automatic WOLFSSL_SP_4096setting.h/user_settings.h 2026-03-24 10:05:12 +09:00
Sean Parkinson f15199906d SP int: fixes from AI review
Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to
unit.test.

sp_int.c:
  Fixes to comments.
  Added more define build options documentation to top of file.
  Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined.
Fixes for when a->used is 0 and no underflow - not actually a problem
but cleaner code.
  sp_sub has different checks on a->used when values are only positive.
  sp_dic_2d  missing check for e less than zero.
sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i
to int to handle a->used of 0 and make code tidier.

Configuration testing fixes.
Fix formatting in test.c.
Added 128-bit types word128 and sword128 for cleaner PKCS#12 code.
2026-03-24 10:49:58 +10:00