Paul Adelsbach
645996e8ed
Fix double free possibility in wolfSSL_X509_set_ext
2026-05-14 07:12:27 -07:00
Daniel Pouzzner
00fe73b2ca
Merge pull request #10484 from SparkiDev/arm32_neon_chacha20_align_fix
...
ARM32 NEON ChaCha20: alignment fix
2026-05-14 08:54:09 -05:00
Sean Parkinson
81cce394db
Merge pull request #10440 from JeremiahM37/gh10423
...
fix NO_VERIFY_OID build in GetOID
2026-05-14 20:02:06 +10:00
Sean Parkinson
31a76d333b
Merge pull request #10468 from JeremiahM37/fenrir-wolfcrypt-api-hardening
...
wolfCrypt API hardening: input validation, key zeroization, hardware ports
2026-05-14 20:00:39 +10:00
Sean Parkinson
8d08ff8926
Merge pull request #10428 from kareem-wolfssl/gh10271_10313
...
tls13.c fixes + Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD.
2026-05-14 19:56:23 +10:00
Sean Parkinson
a7beb20675
Merge pull request #10451 from Frauschi/fix/client-nonblocking-resume-err
...
Minor error handling fixes in client and server examples
2026-05-14 19:53:32 +10:00
Sean Parkinson
75f32a336c
Merge pull request #10442 from JeremiahM37/zd21783
...
Fix SAKKE OOB write and correctness gap in sakke_hash_to_range
2026-05-14 19:51:52 +10:00
Sean Parkinson
233c3e9130
Merge pull request #10474 from Frauschi/membrowse_timeout
...
Add timeout to membrowse CI tests
2026-05-14 19:48:54 +10:00
Sean Parkinson
e1840c6f83
ARM32 NEON ChaCha20: alignment fix
...
vldm and vstm assume an 32-bit alignment.
Change to use vld1 and vst1.
2026-05-14 19:39:10 +10:00
David Garske
c450bdb381
Merge pull request #10471 from JacobBarthelmeh/cavium_octeon
...
fix Octeon AES-GCM J0 derivation when ivSz is a non-12-byte non-zero …
2026-05-13 15:25:11 -07:00
David Garske
121387ab25
Merge pull request #10479 from padelsbach/aesgcm-unused-vars
...
Avoid unused variable errors in aesgcm_non12iv_test
2026-05-13 14:36:07 -07:00
David Garske
e4b9ac442b
Merge pull request #10480 from douzzer/20260513-fixes
...
20260513-fixes
2026-05-13 14:35:53 -07:00
Daniel Pouzzner
ffab43aa82
.wolfssl_known_macro_extras: add __CHERI_PURE_CAPABILITY__.
2026-05-13 14:41:02 -05:00
Daniel Pouzzner
5dd30c277d
wolfcrypt/test/test.c: reapply lost fixes from 03cee6f2bf to aes_cbc_iv_state_test() (lost in #10404 / df5b2b6cb1).
2026-05-13 14:39:50 -05:00
Paul Adelsbach
51540a0c79
Avoid unused variable errors in aesgcm_non12iv_test
2026-05-13 10:59:06 -07:00
David Garske
497ed9843e
Merge pull request #10303 from julek-wolfssl/zd/21675
...
ocsp: bind responder authorization to CertID issuerKeyHash
2026-05-13 10:33:17 -07:00
David Garske
d6931b9f29
Merge pull request #10272 from The-Capable-Hub/wbeasley/meta-cheri-fixes
...
Fix support on CHERI RISC-V architecture
2026-05-13 09:33:53 -07:00
Jeremiah Mackey
e346cf93cc
Add SSV size coverage to sakke_op_test
2026-05-13 14:58:56 +00:00
Jeremiah Mackey
cd34cefbad
Reject ssvSz=0 in SAKKE public APIs
2026-05-13 14:58:56 +00:00
JeremiahM37
623ab49572
Fix sakke_xor_in_v write offset and read base
2026-05-13 14:58:56 +00:00
Tobias Frauenschläger
12070eb032
Merge pull request #10473 from douzzer/20260512-fips-gating-fixes
...
20260512-fips-gating-fixes
2026-05-13 16:15:30 +02:00
Tobias Frauenschläger
61e7e07720
Move membrowse CI workflows to install-apt-deps action
2026-05-13 15:49:32 +02:00
Tobias Frauenschläger
d11b5cd648
Add timeout to membrowse CI tests
2026-05-13 12:07:03 +02:00
Tobias Frauenschläger
d88ce69082
Minor error handling fixes in client and server examples
2026-05-13 09:50:12 +02:00
Sean Parkinson
58c41b6d57
Merge pull request #10458 from philljj/fix_GetShortInt
...
asn: fix GetShortInt for asn original.
2026-05-13 16:44:38 +10:00
Sean Parkinson
cef3187fdb
Merge pull request #10456 from padelsbach/lms-xmss-sw-fallback-fix
...
Fix LMS and XMSS cryptocb software fallback
2026-05-13 16:43:41 +10:00
Sean Parkinson
9e739c6ad0
Merge pull request #10455 from sebastian-carpenter/hpke-fix
...
Fix: hpke return code improvements
2026-05-13 16:42:45 +10:00
Sean Parkinson
581a9688c6
Merge pull request #10444 from philljj/fix_wc_export_int
...
wolfmath: check mpSz in wc_export_int.
2026-05-13 16:41:17 +10:00
Sean Parkinson
b8bc480394
Merge pull request #10291 from JeremiahM37/test-coverage
...
Add negative tests for AEAD, PKCS7, PSS, DSA, DRBG, and PQ key
2026-05-13 16:39:54 +10:00
Sean Parkinson
2670a4f976
Merge pull request #10441 from padelsbach/pkcs7-verify-fix
...
Fix OOB possibility in PKCS7_VerifySignedData
2026-05-13 16:19:15 +10:00
Sean Parkinson
16132b4582
Merge pull request #10445 from embhorn/zd21742
...
Fix in ECC point conversion
2026-05-13 16:09:02 +10:00
Daniel Pouzzner
e1c7385ccf
wolfcrypt/test/test.c:
...
* in pbkdf2_test(), pwdbased_test(), and pkcs12_test(), add missing FIPS v7+
gates around stanzas that use wc_PBKDF_max_iterations_set() and
wc_PBKDF_max_iterations_get() or depend on erroring for excessive PBKDF
iterations (fixes #10050 );
* in ecc_test_buffers(), omit new corrupt HMAC tag test on FIPS <v6 (fixes
8f2a3f9563 ).
tests/api/test_dtls.c: add FIPS v7+ gate to test_dtls13_frag_ch2_with_ch1_rtx().
wolfssl/wolfcrypt/memory.h: #include "../../linuxkm/linuxkm_memory.h" rather than "linuxkm/linuxkm_memory.h", following pattern in wc_port.h.
2026-05-12 20:46:46 -05:00
Daniel Pouzzner
dc4796b06c
Merge pull request #10404 from SparkiDev/test_c_refactor_1
...
test.c: Improved testing
2026-05-12 20:46:25 -05:00
David Garske
dfe03ff538
Merge pull request #10381 from kareem-wolfssl/zd21694
...
Validate DSA parameters when verifying DSA key.
2026-05-12 16:29:29 -07:00
Jeremiah Mackey
efe98a71fd
add DRBG reseed boundary test
2026-05-12 20:59:29 +00:00
Jeremiah Mackey
0b917bc206
add signature negative verify tests
2026-05-12 20:59:29 +00:00
Jeremiah Mackey
71ce5a1e56
add PQ key integrity tests
2026-05-12 20:59:29 +00:00
Jeremiah Mackey
0a4ef94f5e
add PKCS7 tampered attribs tests
2026-05-12 20:59:29 +00:00
Jeremiah Mackey
ec44572bfc
add AEAD bad tag tests
2026-05-12 20:59:29 +00:00
Jeremiah Mackey
b235af7714
Harden wolfCrypt hardware port paths
2026-05-12 20:57:31 +00:00
Jeremiah Mackey
c516d9b6af
Add wc_Rc2Free for key zeroization
2026-05-12 20:57:31 +00:00
Jeremiah Mackey
9fd21431c2
Null-check wolfCrypt API inputs
2026-05-12 20:57:31 +00:00
JeremiahM37
cb1f8002df
ci: add NO_VERIFY_OID os-check matrix entries
2026-05-12 20:40:58 +00:00
JacobBarthelmeh
d184b79217
fix Octeon AES-GCM J0 derivation when ivSz is a non-12-byte non-zero multiple of WC_AES_BLOCK_SIZE
2026-05-12 14:17:43 -06:00
Jeremiah Mackey
76b48f8fc4
fix NO_VERIFY_OID build in GetOID
2026-05-12 20:00:04 +00:00
Andrew Hutchings
90359f90e1
Add STM32 emulator from simulators repo
...
This tests a lot more than the Renode STM32H753 test, so this PR removes
that and adds our own emulator for STM32H753 and STM32U585. This
includes testing the v1 and v2 HAL CRYP / HASH / PKA functionality.
2026-05-12 20:17:11 +02:00
Kareem
6aadfaa9ca
Code review feedback
2026-05-12 10:30:24 -07:00
Kareem
2dc257834d
Code review feedback
2026-05-12 10:30:24 -07:00
Kareem
d9985b8a81
Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD.
...
Fixes #10271 .
2026-05-12 10:30:24 -07:00
Kareem
75e38c360f
NULL check wolfSSL_get_cipher_name_by_hash arguments.
...
Thanks to Cal Page for the report.
2026-05-12 10:30:24 -07:00