Sean Parkinson
6b46754800
SP C - RSA public only build with DH
...
Fix build to compile when RSA public only but DH included.
2026-02-18 12:26:00 +10:00
David Garske
5960a365de
Merge pull request #9776 from Pushyanth-Infineon/fix_psoc6_sha_includes
...
Fix missing header includes and conditional compilation issue for PSoC6 port.
2026-02-17 10:12:00 -08:00
David Garske
40bb3e7c4a
Merge pull request #9773 from petertorelli/master
...
cyignore sslSniffer due to main() conflicts
2026-02-17 10:11:54 -08:00
David Garske
a0a76254a5
Merge pull request #9783 from SparkiDev/aes_clang_volatile
...
AES clang: make x volatile in pre-fetch functions
2026-02-17 10:10:56 -08:00
David Garske
90d0ea1ee2
Merge pull request #9788 from LinuxJedi/static-fixes
...
Fix issues found in static analysis
2026-02-17 10:02:19 -08:00
David Garske
03260bf478
Merge pull request #9786 from LinuxJedi/quick-fixes
...
Fixes found when trying a new static analysis method
2026-02-17 09:57:21 -08:00
Andrew Hutchings
8042f767ed
Fix issues found in static analysis
...
- Fix missing cleanup on error in wc_XChaCha20Poly1305_crypt_oneshot:
change early return to goto out so ForceZero and free are called
- Fix memory leak in wc_DeCompressDynamic: free tmp buffer before
early return on avail_out size check failure
- Fix unconditional mutex unlock in PQC sign functions (falcon,
sphincs, dilithium): only call unlock when lock was acquired
- Remove dead oqssig NULL checks in falcon sign/verify that are
unreachable after the preceding SIG_TYPE_E assignment
2026-02-17 15:20:36 +00:00
Andrew Hutchings
565c6aad49
Fix test building
2026-02-17 10:46:33 +00:00
Andrew Hutchings
060a2b3395
Fix DTLS 1.3 unified header fixed bits mask
...
DTLS13_FIXED_BITS_MASK used 0x111 (hex 273) instead of 0x7 (decimal 7,
binary 111). Per RFC 9147 Section 4, the top 3 bits of the unified
header flags byte must be 001. The incorrect hex value caused the mask
to only check bit 5 instead of bits 5, 6, and 7, allowing bytes with
bits 6 or 7 set to be misidentified as unified DTLS 1.3 headers.
2026-02-17 10:39:41 +00:00
Andrew Hutchings
00de3f3918
Use XMEMSET instead of memset in QUIC
2026-02-17 10:36:47 +00:00
Andrew Hutchings
f31ed0d0cd
Fix logic bug in TLSX_TCA_Find causing incorrect Trusted CA matching
...
The while loop conditions in TLSX_TCA_Find were inverted, causing two
bugs: the loop short-circuited on type match alone without checking the
id content, and the XMEMCMP sense was reversed (continuing on match,
stopping on mismatch). This meant any TCA entry with a matching type
would be returned as a match regardless of whether the identifier
actually matched.
Restructure the loop to correctly require both type and id (size +
content) to match before returning an entry, and to match any entry
immediately for PRE_AGREED type.
Add test_TLSX_TCA_Find unit test exercising exact match, mismatched id,
and PRE_AGREED cases via memio handshake.
2026-02-17 10:35:54 +00:00
Sean Parkinson
299e7bd097
AES clang: make x volatile in pre-fetch functions
...
Latest version of clang with optimization turned right up will make the
pre-fetch functions return 0.
The pre-fetch functions are there to ensure tables are all in cache not
to calculate a value.
2026-02-17 08:44:24 +10:00
David Garske
d81bb7234a
Merge pull request #9778 from LinuxJedi/exp-fixes
...
Fixes to big-endian bugs found in Curve448 and Blake2S
2026-02-16 14:30:47 -08:00
Chris Conlon
36a28ac08c
Merge pull request #9713 from padelsbach/crl-generation-cert-updates
...
Add cert/CRL capabilities: skid, akid, dist point, netscape
2026-02-16 15:29:18 -07:00
David Garske
cf4bf83ab2
Merge pull request #9762 from rizlik/bench_ed25519_use_devid
...
wolfcrypt: benchmark: use WC_USE_DEVID to benchmark ed25519 if defined
2026-02-16 13:49:53 -08:00
Peter Torelli
c4ef0e5cd2
Update .cyignore
...
Also need to ignore MLDSA and MLKEM Intel assembly source files.
2026-02-16 13:44:33 -08:00
David Garske
db82c3ef59
Merge pull request #9777 from Pushyanth-Infineon/fix_TLSX_IsGroupSupported_switch_case_handling
...
Fix switch case handling in TLSX_IsGroupSupported function
2026-02-16 13:13:46 -08:00
David Garske
be9f3853fa
Merge pull request #9764 from lealem47/wolfEntropy_arm32
...
wolfEntropy: Add ARM Generic Timer virtual counter as time src
2026-02-16 13:00:26 -08:00
Pushyanth Kamatham
b395eef455
Fix missing header includes and conditional compilation issue in PSoC6 crypto hardware acceleration port.
...
Guard the `aes->left = 0` assignment to enable when WOLFSSL_AES_CFB is defined.
2026-02-17 02:26:52 +05:30
David Garske
2111249508
Merge pull request #9759 from gasbytes/test_wolfSSL_d2i_SSL_SESSION
...
add test for session deserialization input validation
2026-02-16 12:35:58 -08:00
David Garske
10ca06cebe
Merge pull request #9769 from anhu/midbox
...
Middle box compatibility compliance.
2026-02-16 12:27:07 -08:00
David Garske
1b05b26604
Merge pull request #9779 from LinuxJedi/src-fixes
...
Fix issues found during src/ code review
2026-02-16 10:45:40 -08:00
Andrew Hutchings
8b44b00317
Fix issues found during src/ code review
...
- ECH: add bounds check on hpkePubkeyLen against HPKE_Npk_MAX to
prevent heap buffer overflow from untrusted ECH config data
- Sniffer: fix reassembly memory limit check typo, MaxRecoveryMemory -1
should be MaxRecoveryMemory != -1
- Sniffer: add bounds check in IPv6 extension header parsing loop to
prevent OOB read when next_header never matches TCP or NO_NEXT_HEADER
- Sniffer: validate tlsFragOffset + rhSize against tlsFragSize before
XMEMCPY in both TLS handshake fragment reassembly paths
- Internal: use WC_SAFE_SUM_WORD32 in GrowAnOutputBuffer to prevent
integer overflow on allocation size, matching existing pattern in
GrowOutputBuffer
2026-02-16 17:27:10 +00:00
Andrew Hutchings
451cb45670
Fix Blake2s overlapping writes
...
We are copying from a 32bit buffer, so are overlapping writes. This
could cause damage the hash on big-endian platforms.
2026-02-16 16:08:27 +00:00
Andrew Hutchings
180c66ba70
Fix curve448
...
`wc_curve448_check_public` can get into an infinite loop in the
big-endian code path.
2026-02-16 15:56:41 +00:00
Sean Parkinson
4fe05d7fe0
Merge pull request #9771 from padelsbach/pk-ec-fix-null-check
...
Fix null check in ECDSA encode
2026-02-16 22:07:29 +10:00
Pushyanth Kamatham
33c14ead5c
Fix switch case handling in TLSX_IsGroupSupported function
2026-02-16 15:59:34 +05:30
Daniel Pouzzner
2c0c28d999
Merge pull request #9770 from padelsbach/sort-known-macros
...
Fix sorting in .wolfssl_known_macro_extras
2026-02-14 11:17:45 -06:00
Paul Adelsbach
aafc876759
Add cert/CRL capabilities: skid, akid, dist point, netscape
2026-02-13 20:35:44 -08:00
Daniel Pouzzner
1c92c74116
Merge pull request #9631 from padelsbach/crl-generation
...
Add CRL generation code
2026-02-13 21:59:52 -06:00
Peter Torelli
654e102e4b
cyignore sslSniffer due to main conflicts
2026-02-13 15:48:59 -08:00
Paul Adelsbach
70fa2c4e2a
Fix null check in ECDSA encode
2026-02-13 12:07:19 -08:00
Paul Adelsbach
b5380cf1b4
Fix sorting in .wolfssl_known_macro_extras
2026-02-13 10:59:00 -08:00
Paul Adelsbach
81ae472e50
Add CRL generation code
2026-02-13 10:54:47 -08:00
Daniel Pouzzner
c4131659cc
Merge pull request #9767 from SparkiDev/sp_thumb2_mont_sub_reg_fix
...
Thumb2 SP ASM: mont_sub fix
2026-02-13 11:35:36 -06:00
David Garske
16ba668ebe
Merge pull request #9632 from jackctj117/CSR-signing
...
Add wc_SignCert_cb API for external signing callbacks
2026-02-13 09:07:37 -08:00
Anthony Hu
c3c9acc5bf
Middle box compatibility compliance.
2026-02-13 10:28:12 -05:00
Sean Parkinson
e48c867f6f
Thumb2 SP ASM: mont_sub fix
...
Always use all the parameters and always use the parameter name and not
the assumed register.
2026-02-13 11:49:21 +10:00
Lealem Amedie
d9b934323a
Check if _POSIX_C_SOURCE is defined
2026-02-12 18:13:29 -07:00
Lealem Amedie
17287cd595
wolfEntropy: Add ARM Generic Timer virtual counter as time src
2026-02-12 18:13:29 -07:00
Daniel Pouzzner
1c77414798
Merge pull request #9766 from padelsbach/libssh2-docker-fix
...
Fix libssh2 workflow with Docker 29
2026-02-12 18:02:46 -06:00
Paul Adelsbach
f0222c36a5
Experimental: fix libssh2 workflow with Docker 29
2026-02-12 14:40:05 -08:00
David Garske
49ed1fa21f
Merge pull request #9684 from SparkiDev/ecc_import_pub_check_fix
...
ECC: import point, always do some checks
2026-02-11 21:53:03 -08:00
David Garske
1b0b4b1444
Merge pull request #9756 from SparkiDev/arm_asm_fixes_1
...
ARM assembly fixes
2026-02-11 21:51:51 -08:00
Sean Parkinson
29835c2281
Merge pull request #9755 from julek-wolfssl/fix-script-checks
...
Fix compilation checks in test scripts
2026-02-12 08:02:52 +10:00
Sean Parkinson
2f53add6a5
Merge pull request #9758 from LinuxJedi/lxj-fixes
...
Minor fixes to EVP and PKCS12 code
2026-02-12 08:01:28 +10:00
Sean Parkinson
1847c6e778
Merge pull request #9721 from dgarske/x25519_nb
...
Add X25519 non-blocking support and async example improvements
2026-02-12 07:56:58 +10:00
Sean Parkinson
cb169ca64c
Merge pull request #9763 from LinuxJedi/no-fips-selftest
...
Don't allow `--enable-selftest` with empty file
2026-02-12 07:53:06 +10:00
Andrew Hutchings
0a1c40b365
Don't allow --enable-selftest with empty file
...
It probably won't compile anyway.
2026-02-11 15:32:45 +00:00
Marco Oliverio
b767d8218a
wolfcrypt: benchmark: use WC_USE_DEVID to benchmark ed25519 if defined
2026-02-11 15:25:28 +01:00