David Garske
056b95235e
Merge pull request #9990 from rlm2002/coverity
...
Coverity: fix more null derefs
2026-03-19 12:32:51 -07:00
David Garske
c83dc5c254
Merge pull request #10005 from JeremiahM37/f-753
...
Fix sz==0 buffer underflow in devcrypto AES-CBC
2026-03-19 12:29:24 -07:00
David Garske
0d7c58e3e7
Merge pull request #9912 from LinuxJedi/se050-fixes2
...
Fix SE050 RSA-PSS signing, key cleanup, and mutex leaks
2026-03-19 12:28:47 -07:00
David Garske
be7bf60e38
Merge pull request #10010 from SparkiDev/dilithium_ctxlen_byte
...
Dilithium: fix API so that context length is byte
2026-03-19 12:26:42 -07:00
David Garske
325413f94a
Merge pull request #9983 from Frauschi/bench_stack_fix
...
Fix stack tracking in wolfCrypt benchmark
2026-03-19 11:55:30 -07:00
Sean Parkinson
a8247bfd62
Dilithium: fix API so that context length is byte
...
Only allowed to have a context length of 0..255 bytes.
Make all context len parameters type byte.
2026-03-19 14:28:22 +10:00
Jeremiah Mackey
b85e500ffa
Fix sz==0 buffer underflow in devcrypto AES-CBC
2026-03-18 17:22:44 +00:00
JacobBarthelmeh
816978050a
Merge pull request #10000 from douzzer/20260317-ecc_point_test-FIPS-gate
...
20260317-ecc_point_test-FIPS-gate
2026-03-17 19:41:38 -06:00
Daniel Pouzzner
df7b67ba27
wolfcrypt/test/test.c: fix FIPS gate in ecc_point_test() for "Test compressed point with missing x coordinate bytes".
2026-03-17 18:15:39 -05:00
Daniel Pouzzner
87125c49e1
wolfcrypt/src/rng_bank.c and wolfssl/wolfcrypt/rng_bank.h: add !WC_NO_CONSTRUCTORS gate around wc_rng_new_bankref().
2026-03-17 17:45:09 -05:00
JacobBarthelmeh
668d69b73a
Merge pull request #9988 from kareem-wolfssl/zd21356
...
Check raw pubkey length in wc_ecc_import_x963 before copying to it for KCAPI case.
2026-03-17 14:12:11 -06:00
David Garske
a98cb451c5
Merge pull request #9948 from SparkiDev/sp_int_comment_fixes_1
...
sp_int.c: comment fixes
2026-03-17 07:38:48 -07:00
JacobBarthelmeh
6f386fd6b2
Merge pull request #9981 from julek-wolfssl/fenrir/260316
...
Fenrir fixes
2026-03-17 08:36:11 -06:00
David Garske
e023c1793d
Merge pull request #9989 from JacobBarthelmeh/ecc
...
add sanity check on keysize found with ECC point import
2026-03-17 06:14:40 -07:00
Ruby Martin
f55afbd5f1
fix more null derefs
2026-03-16 17:22:51 -06:00
JacobBarthelmeh
44de734fa3
add sanity check on keysize found with ECC point import
2026-03-16 16:57:50 -06:00
Kareem
ddc177b669
Check raw pubkey length in wc_ecc_import_x963 before copying to it for KCAPI case.
2026-03-16 15:34:18 -07:00
Juliusz Sosinowicz
7c92fb204d
Use constant-time PKCS#7 padding check in EVP
...
F-763
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
fac08427e5
Fix missing op validation in EVP_PKEY_decrypt
...
F-747
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
5f7bc0f3a6
Clear sensitive stack buffers in ed448 signing
...
F-765
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
109e765b5b
Clear sensitive stack buffers in ed25519 signing
...
F-764
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
e4b55be65a
Use mp_forcezero for DH private key in async path
...
F-766
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
643427040b
Clear seed buffer after dilithium key generation
...
F-767
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
4ee9a263f0
Fix resource leak in wc_InitEccsiKey_ex error path
...
F-752
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
b168bfaa6a
Check wc_ecc_init_ex return value in wc_GetKeyOID
...
F-749
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
265fbdb3dd
Check wc_InitRsaKey return value in wc_GetKeyOID
...
F-748
2026-03-16 15:15:11 -07:00
David Garske
b5c532703a
Merge pull request #9954 from kareem-wolfssl/gh9951
...
Fix potential overflows in used size calculation in generic, TI and SE050 hash functions.
2026-03-16 15:09:22 -07:00
David Garske
da635c9004
Merge pull request #9980 from anhu/sphincs_no_elseif
...
Fixes SPHINCS else-if chain key detection
2026-03-16 15:03:59 -07:00
David Garske
90377e10c5
Merge pull request #9979 from anhu/falcon_no_elseif
...
Fixes Falcon else-if chain key detection
2026-03-16 15:03:43 -07:00
David Garske
96661a5dab
Merge pull request #9977 from JacobBarthelmeh/multi-test
...
Minor fixes for nightly multi-test tool
2026-03-16 14:31:39 -07:00
JacobBarthelmeh
57f416fc43
Merge pull request #9961 from sebastian-carpenter/tls-ech-coverity
...
minor coverity fixes for tls ech code
2026-03-16 15:27:27 -06:00
Daniel Pouzzner
416072f298
Merge pull request #9969 from Frauschi/mlkem_wconversion
...
ML-KEM Wconversion fixes
2026-03-16 15:03:26 -05:00
David Garske
87906a38ab
Merge pull request #9974 from JacobBarthelmeh/oss-fuzz
...
fix to free CRL reason extension
2026-03-16 13:46:34 -06:00
Andrew Hutchings
cfd819370a
Fix SE050 RSA-PSS signing, key cleanup, and mutex leaks
...
RSA-PSS fix:
Skip SE050 hardware path for RSA-PSS sign and verify operations in
RsaPublicEncryptEx() and RsaPrivateDecryptEx(). The SE050's PSS sign
API (Se05x_API_RSASign) is a hash-then-sign operation, which
double-hashes when wolfSSL passes a pre-computed digest (as done during
TLS CertificateVerify). PSS operations now fall through to the software
RSA path. PKCS#1 v1.5 signing continues to use SE050 hardware.
Key object leak fix:
Add se050_rsa_free_key() called from wc_FreeRsaKey() to erase
wolfSSL-allocated RSA key objects from SE050 persistent storage on
free. Without this, persistent key slots on the SE050 are never
reclaimed and eventually exhaust secure storage. Add matching
sss_key_store_erase_key() calls to se050_ecc_free_key(),
se050_ed25519_free_key(), and se050_curve25519_free_key(). Only keys
with keyId >= SE050_KEYID_START are erased (pre-provisioned keys are
left intact).
Mutex leak fix:
Add missing wolfSSL_CryptHwMutexUnLock() calls before early returns in
se050_rsa_sign(), se050_rsa_verify(), se050_rsa_public_encrypt(), and
se050_rsa_private_decrypt() when the algorithm lookup fails after the
mutex has already been acquired.
ZD 21212
2026-03-16 19:19:14 +00:00
JacobBarthelmeh
7de150eff0
Merge pull request #9975 from rlm2002/coverity
...
20260313 Coverity changes
2026-03-16 12:52:27 -06:00
Tobias Frauenschläger
987a705318
Fix stack tracking in wolfCrypt benchmark
2026-03-16 18:33:55 +01:00
Anthony Hu
2939ab7f6a
Fixes SPHINCS else-if chain key detection
...
F-751
2026-03-16 11:20:19 -04:00
Anthony Hu
3b36db0c9d
Fixes Falcon else-if chain key detection
...
F-750
2026-03-16 10:55:28 -04:00
Sean Parkinson
9590255ceb
XMSS: Fix index copy for signing.
...
The index is already big-endian encoded but it needs to be front padded
with zeros instead of back end padded.
2026-03-16 21:24:08 +10:00
JacobBarthelmeh
8f810c2705
clear q with integer.c and mp_div_3 in error case
2026-03-16 00:09:37 -06:00
JacobBarthelmeh
73e425923b
setting heap pointer based on if key is null
2026-03-16 00:08:04 -06:00
Ruby Martin
8b7b6754d9
macro guard with WOLFSSL_SMALL_STACK to prevent dead code
2026-03-13 17:03:02 -06:00
Kareem
0b26791168
Code review feedback
2026-03-13 15:57:18 -07:00
Kareem
3cc15548bc
Code review feedback. Error out on len = 0 as well.
2026-03-13 15:57:18 -07:00
Kareem
0a082b08ca
Code review feedback
2026-03-13 15:57:18 -07:00
Kareem
42b321a7d3
Use safe sum of used size after calculating it. No reason to redo the additions. Fixes unused variable warning as well.
...
Fix different type addition in hash.c.
2026-03-13 15:57:18 -07:00
Kareem
d205fcac87
Fix potential overflows in two additional hash functions.
...
Thanks to Arjuna Arya for the report.
Fixes #9955 .
2026-03-13 15:57:18 -07:00
Kareem
091016a149
Ensure se050Ctx->used does not overflow in se050_hash_update.
...
Thanks to Arjuna Arya for the report.
Fixes #9951 .
2026-03-13 15:57:18 -07:00
JacobBarthelmeh
bbf3beef35
fix to free CRL reason extension
2026-03-13 16:17:52 -06:00
Tobias Frauenschläger
3b4e51c150
ML-KEM Wconversion fixes
...
* fix -Wconversion warnings
* allow APIs without RNG usage in case WC_NO_RNG is defined
2026-03-13 21:22:48 +01:00