David Garske
679366a5a4
Merge pull request #9991 from kareem-wolfssl/zd21354_2
...
Disallow wildcard partial domains when using MatchDomainName.
2026-03-19 12:35:14 -07:00
David Garske
3e8338dbc7
Merge pull request #9993 from kojo1/brainpool
...
Brainpool to set1_sigalgs_list
2026-03-19 12:34:54 -07:00
David Garske
056b95235e
Merge pull request #9990 from rlm2002/coverity
...
Coverity: fix more null derefs
2026-03-19 12:32:51 -07:00
David Garske
42581e4c05
Merge pull request #9982 from julek-wolfssl/DoTls13CertificateRequest-certsetup
...
DoTls13CertificateRequest: call CertSetupCbWrapper only once
2026-03-19 12:32:39 -07:00
David Garske
e642d57528
Merge pull request #10002 from julek-wolfssl/ignore-claud.md
...
Ignore CLAUDE.md
2026-03-19 12:30:47 -07:00
David Garske
c83dc5c254
Merge pull request #10005 from JeremiahM37/f-753
...
Fix sz==0 buffer underflow in devcrypto AES-CBC
2026-03-19 12:29:24 -07:00
David Garske
0d7c58e3e7
Merge pull request #9912 from LinuxJedi/se050-fixes2
...
Fix SE050 RSA-PSS signing, key cleanup, and mutex leaks
2026-03-19 12:28:47 -07:00
David Garske
533e9b0859
Merge pull request #9995 from julek-wolfssl/zd/21341
...
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
2026-03-19 12:27:38 -07:00
David Garske
be7bf60e38
Merge pull request #10010 from SparkiDev/dilithium_ctxlen_byte
...
Dilithium: fix API so that context length is byte
2026-03-19 12:26:42 -07:00
David Garske
a636c730c0
Merge pull request #9953 from holtrop-wolfssl/rust-wolfssl-wolfcrypt-1.2.0
...
Rust wrapper: wolfssl-wolfcrypt crate version 1.2.0
2026-03-19 12:19:50 -07:00
David Garske
325413f94a
Merge pull request #9983 from Frauschi/bench_stack_fix
...
Fix stack tracking in wolfCrypt benchmark
2026-03-19 11:55:30 -07:00
Daniel Pouzzner
b6f481070f
Merge pull request #9996 from sameehj/linuxkm-fix
...
linuxkm/lkcapi_aes_glue.c: fix scatterwalk_map error handling in AesG…
2026-03-19 12:35:32 -05:00
David Garske
63f6f0511b
Merge pull request #10014 from danielinux/fix-regression-missing-include
...
Add missing include in asn.h
2026-03-19 08:57:23 -07:00
Daniele Lacamera
cdc9c0a496
Add missing include in asn.h
2026-03-19 16:35:42 +01:00
Daniel Pouzzner
46f4b3b2c4
Merge pull request #10013 from JacobBarthelmeh/format
...
remove trailing white space in ChangeLog.md
2026-03-18 23:47:55 -05:00
Sean Parkinson
a8247bfd62
Dilithium: fix API so that context length is byte
...
Only allowed to have a context length of 0..255 bytes.
Make all context len parameters type byte.
2026-03-19 14:28:22 +10:00
JacobBarthelmeh
1df1236230
remove trailing white space in ChangeLog.md
2026-03-18 21:17:26 -06:00
David Garske
922d04b356
Merge pull request #10008 from JacobBarthelmeh/release
...
prepare for release 5.9.0
2026-03-18 15:57:35 -07:00
JacobBarthelmeh
a08fa98adc
prepare for release 5.9.0
2026-03-18 16:18:12 -06:00
Jeremiah Mackey
b85e500ffa
Fix sz==0 buffer underflow in devcrypto AES-CBC
2026-03-18 17:22:44 +00:00
Juliusz Sosinowicz
141662edfb
Ignore CLAUDE.md
2026-03-18 12:57:27 +01:00
JacobBarthelmeh
816978050a
Merge pull request #10000 from douzzer/20260317-ecc_point_test-FIPS-gate
...
20260317-ecc_point_test-FIPS-gate
2026-03-17 19:41:38 -06:00
JacobBarthelmeh
e30923678a
Merge pull request #9998 from douzzer/20260317-wc_linuxkm_rng_is_wolfcrypt
...
20260317-wc_linuxkm_rng_is_wolfcrypt
2026-03-17 18:59:07 -06:00
Daniel Pouzzner
df7b67ba27
wolfcrypt/test/test.c: fix FIPS gate in ecc_point_test() for "Test compressed point with missing x coordinate bytes".
2026-03-17 18:15:39 -05:00
Daniel Pouzzner
87125c49e1
wolfcrypt/src/rng_bank.c and wolfssl/wolfcrypt/rng_bank.h: add !WC_NO_CONSTRUCTORS gate around wc_rng_new_bankref().
2026-03-17 17:45:09 -05:00
Daniel Pouzzner
7c0d64ade5
linuxkm/lkcapi_sha_glue.c and linuxkm/linuxkm_wc_port.h: add wc_linux_kernel_rng_is_wolfcrypt(), and remove incorrect crypto_put_default_rng() in get_crypto_default_rng().
2026-03-17 17:44:45 -05:00
JacobBarthelmeh
668d69b73a
Merge pull request #9988 from kareem-wolfssl/zd21356
...
Check raw pubkey length in wc_ecc_import_x963 before copying to it for KCAPI case.
2026-03-17 14:12:11 -06:00
David Garske
a98cb451c5
Merge pull request #9948 from SparkiDev/sp_int_comment_fixes_1
...
sp_int.c: comment fixes
2026-03-17 07:38:48 -07:00
JacobBarthelmeh
6f386fd6b2
Merge pull request #9981 from julek-wolfssl/fenrir/260316
...
Fenrir fixes
2026-03-17 08:36:11 -06:00
Juliusz Sosinowicz
0644369456
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
...
ZD21341
2026-03-17 14:59:04 +01:00
David Garske
a51b40bd01
Merge pull request #9968 from Frauschi/mlkem_fixes
...
ML-KEM fixes
2026-03-17 06:53:38 -07:00
David Garske
e023c1793d
Merge pull request #9989 from JacobBarthelmeh/ecc
...
add sanity check on keysize found with ECC point import
2026-03-17 06:14:40 -07:00
Sameeh Jubran
e96dc3690f
linuxkm/lkcapi_aes_glue.c: fix scatterwalk_map error handling in AesGcmCrypt_1
...
When scatterwalk_map fails in either the stream or non-stream path, the
code jumped to cleanup without setting err, causing the function to
return 0 (success) despite the failure. This could cause the kernel
crypto layer to treat uninitialized data as valid ciphertext/plaintext.
- Capture the error code (PTR_ERR) into err before goto out
- Fix PTR_ERR arguments that incorrectly used assoc instead of
in_map/out_map (assoc was NULL or pointed to the wrong mapping)
- Make in_map/out_map NULL assignments unconditional (previously
gated behind < 6.15, but the cleanup at out: checks these
pointers on all kernel versions)
- Remove bogus scatterwalk_unmap of a failed walk in the stream
path on >= 6.15
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-03-17 14:01:50 +02:00
Tobias Frauenschläger
10b98733f2
Add tests for individual ML-KEM levels (based on #9777 )
...
Also fix minor problems found with these tests
2026-03-17 12:43:15 +01:00
Tobias Frauenschläger
76b1300adb
ML-KEM fixes
...
* DTLS 1.3 cookie and CH frag handling
* static memory handling
* Fix memory leak in TLS server PQC handling in case of ECH
* Make sure hybrids are actually tested in testsuite
2026-03-17 12:43:15 +01:00
Takashi Kojo
8354eb71ca
Brainpool to set1_sigalgs_list
2026-03-17 11:22:14 +09:00
Ruby Martin
f55afbd5f1
fix more null derefs
2026-03-16 17:22:51 -06:00
Kareem
76c52c31fb
Disallow wildcard partial domains when using MatchDomainName.
2026-03-16 16:21:47 -07:00
JacobBarthelmeh
44de734fa3
add sanity check on keysize found with ECC point import
2026-03-16 16:57:50 -06:00
Kareem
ddc177b669
Check raw pubkey length in wc_ecc_import_x963 before copying to it for KCAPI case.
2026-03-16 15:34:18 -07:00
Juliusz Sosinowicz
7c92fb204d
Use constant-time PKCS#7 padding check in EVP
...
F-763
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
fac08427e5
Fix missing op validation in EVP_PKEY_decrypt
...
F-747
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
5f7bc0f3a6
Clear sensitive stack buffers in ed448 signing
...
F-765
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
109e765b5b
Clear sensitive stack buffers in ed25519 signing
...
F-764
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
e4b55be65a
Use mp_forcezero for DH private key in async path
...
F-766
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
643427040b
Clear seed buffer after dilithium key generation
...
F-767
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
4ee9a263f0
Fix resource leak in wc_InitEccsiKey_ex error path
...
F-752
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
b168bfaa6a
Check wc_ecc_init_ex return value in wc_GetKeyOID
...
F-749
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
265fbdb3dd
Check wc_InitRsaKey return value in wc_GetKeyOID
...
F-748
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
f56356a9b4
test_lms_write_key: check fwrite return
2026-03-16 15:15:11 -07:00