David Garske
70da83972b
Merge pull request #10536 from SparkiDev/curve25519_x64_red_fix
...
X25519 x64 ASM: fix full reduction
2026-06-03 09:24:48 -07:00
Daniel Pouzzner
768cdc39d3
wolfcrypt/src/asn.c: in DecodeGeneralName() and DecodeAcertGeneralName(),
...
* don't disable URI validation when defined(WOLFSSL_FPKI).
* return immediately with ASN_ALT_NAME_E when URI contains an unexpected '/', as in asn_orig.c DecodeAltNames(), fixing OOB read defect.
wolfcrypt/src/asn_orig.c: fix URI validation gating (ignore WOLFSSL_FPKI) in DecodeAltNames().
tests/api/test_certman.c: fix uriSan in test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match() (make it a URI).
tests/api.c: align gating in test_wolfSSL_URI() with new dynamics (URIs validated regardless of defined(WOLFSSL_FPKI)).
2026-06-02 22:16:40 -05:00
Josh Holtrop
7f3d589c12
Support importing/exporting DTLS sessions with encrypt-then-mac options
2026-06-02 09:34:14 -04:00
Daniel Pouzzner
d037bd1eed
tests/api/test_pkcs12.c, tests/api/test_pwdbased.c: add missing FIPS version gates to test_wc_PKCS12_PBKDF(), test_wc_PKCS12_PBKDF_ex(), and test_wc_PBKDF1_ex_iterations();
...
wolfcrypt/src/evp_pk.c: fix identicalInnerCondition in wolfSSL_d2i_PKCS8_PKEY().
2026-06-01 14:23:38 -05:00
David Garske
71ca579ef2
Merge pull request #10317 from Roy-Carter/feature/pem_write_enhancement
...
Implementation for PEM_write_PrivateKey & PEM_write_PUBKEY
2026-06-01 10:10:39 -07:00
Sean Parkinson
14b55a0bc4
X25519 x64 ASM: fix full reduction
...
The last add was overflowing into the top bit.
Must mask the last word to clear top bit.
Add test vectors from Wycheproof.
2026-06-01 09:14:57 +10:00
JacobBarthelmeh
9fa5db5606
Merge pull request #10509 from kareem-wolfssl/zd21863_5
...
Disallow matching URI type in CheckForAltNames. NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.
2026-05-29 16:08:04 -06:00
JacobBarthelmeh
1f32365e45
Merge pull request #10547 from SparkiDev/api_c_split_4
...
api.c: move out tests into other files
2026-05-29 16:03:56 -06:00
JacobBarthelmeh
beff858833
Merge pull request #10552 from julek-wolfssl/evp-x25519-x448
...
Add NID_X25519 and NID_X448 support to the EVP layer
2026-05-28 15:57:50 -06:00
JacobBarthelmeh
fc12de010d
Merge pull request #10513 from SparkiDev/tls13_aead_limit_fix
...
TLS 1.3: AEAD limit fixed
2026-05-28 09:30:43 -06:00
Juliusz Sosinowicz
df8cc30cb8
Add NID_X25519 and NID_X448 support to the EVP layer
2026-05-28 14:40:36 +00:00
Sean Parkinson
c674cec4ac
api.c: move out tests into other files
...
Move out DTLS 1.3 specific tests into test_dtls13.c. (Also move out from
test_dtls.c)
Move out DTLS tests into test_dtls.c.
Move out LMS and XMSS tests into test_lms_xmss.c.
Move out SSL session tests into test_session.c.
Move out remaining ML-DSA/Dilithium tests in api.c into test_mldsa.c.
2026-05-28 19:34:09 +10:00
David Garske
2dd7947d27
Merge pull request #10483 from cconlon/pkcs8V1PublicKeyParse
...
ML-DSA: PKCS#8 parsing + EVP_PKCS82PKEY support
2026-05-27 17:41:30 -07:00
Kareem
a28ea7ac1c
NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.
...
Thanks to Zou Dikai for the report.
2026-05-27 16:54:14 -07:00
Kareem
872a03a056
Disallow matching URI type in CheckForAltNames.
...
Thanks to Haruki Oyama (Waseda University) for the report.
2026-05-27 16:54:14 -07:00
Sean Parkinson
713a220fc9
Merge pull request #10426 from JeremiahM37/fenrir-8
...
protocol correctness, OpenSSL-compat hardening, and sensitive-memory zeroization
2026-05-28 09:48:10 +10:00
Sean Parkinson
78a5740bac
Merge pull request #10504 from miyazakh/f-2180_pbkdf
...
f-2180: fix clamp iterations <= 0 to 1 instead of returning an error
2026-05-28 09:32:01 +10:00
Sean Parkinson
c92208076f
Merge pull request #10374 from kareem-wolfssl/zd21699
...
Enable all-zero shared secret check for Curve448/25519 by default. Ensure post_handshake_auth extension was sent before accepting post-handshake CertificateRequest message.
2026-05-28 09:29:49 +10:00
Sean Parkinson
70f8bd9831
Merge pull request #10492 from rizlik/legacy_session_id_bad_client
...
Add compatibility flag and tests for pre-5.9.0 DTLSv1.3 clients
2026-05-28 08:57:48 +10:00
JacobBarthelmeh
b0d61c5e44
Merge pull request #10545 from douzzer/20260527-fixes
...
20260527-fixes
2026-05-27 16:14:21 -06:00
Daniel Pouzzner
f6d6ae687a
tests/api/test_mldsa_legacy.c: fix bugprone-macro-parentheses in MLDSA_LEGACY_SIZE_ASSERT().
...
wolfssl/wolfcrypt/wc_mldsa.h: move WOLFSSL_MLDSA_NO_CTX setup to precede legacy dilithium.h header, so that the _NO_CTX remap macros are properly gated in.
2026-05-27 14:02:37 -05:00
JacobBarthelmeh
39a3546b64
Merge pull request #10519 from sebastian-carpenter/flaky-ech-test
...
CI Fix: fix flaky ECH test
2026-05-27 11:09:18 -06:00
JacobBarthelmeh
3fa4ebcaec
Merge pull request #10527 from mattia-moffa/20260525-writedup-no-dtls
...
Allow --enable-writedup when DTLS is disabled
2026-05-27 11:02:55 -06:00
David Garske
8199fda0a4
Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
...
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
David Garske
a3f5260260
Merge pull request #10500 from rizlik/sha224_only
...
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
Tobias Frauenschläger
637c07798a
Finalize ML-DSA renaming
2026-05-26 14:54:30 +02:00
Marco Oliverio
bc574f7930
dtls13: WOLFSSL_DTLS13_5_9_0_COMPAT -> WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
2026-05-26 09:16:56 +02:00
Marco Oliverio
e6fa789e68
test_dtls: remove non-ASCII chars
2026-05-26 09:15:58 +02:00
Marco Oliverio
7592b481e7
test: dtls: add WOLFSSL_DTLS13_5_9_0_COMPAT related tests
2026-05-26 09:15:58 +02:00
Mattia Moffa
1f619a9f50
Allow --enable-writedup when DTLS is disabled
2026-05-25 17:34:32 +02:00
Chris Conlon
497de930fd
evp: support ML-DSA in wolfSSL_EVP_PKCS82PKEY() and wolfSSL_X509_check_private_key()
2026-05-22 14:56:14 -06:00
Chris Conlon
a9e15634db
asn: parse RFC 5958 PKCS#8 (OneAsymmetricKey) publicKey trailer in ToTraditional_ex()
2026-05-22 14:55:38 -06:00
sebastian-carpenter
d4ed43853f
flaky ECH test: fix method for finding ECH extension
2026-05-22 10:48:56 -06:00
Roy Carter
5403298327
Refactor - Split test to two different functions
2026-05-22 19:24:53 +03:00
Roy Carter
96e966e779
Feat: Allow for a wrapper for pem write privatekey & PUBKEY
2026-05-22 19:24:53 +03:00
Roy Carter
dc86dc34a8
Fix: change test string to the new format
2026-05-22 19:01:05 +03:00
Roy Carter
8f15bf6d10
fix : bad merge conflics leftovers.
2026-05-22 19:01:05 +03:00
Roy Carter
f15c896551
Build_fix:
...
When building with --enable-opensslextra=x509small, only OPENSSL_EXTRA_X509_SMALL is defined, not OPENSSL_EXTRA, so these functions are not compiled into the library
2026-05-22 19:01:05 +03:00
Roy Carter
7561911cba
fix: Fix build errors for some tests on pipeline
2026-05-22 19:01:05 +03:00
Roy Carter
c1a507e175
Feature: allow the usage of
...
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify
in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson
b1e04464fc
Merge pull request #10469 from sebastian-carpenter/tls-ech-server-improvements
...
Enhancement (ECH): Trial decryption and ECH connection status
2026-05-23 00:07:40 +10:00
Sean Parkinson
8dae4b34bb
TLS 1.3: AEAD limit fixed
...
Values were 16-bit each when they are 32-bit each.
Add tests for KeyUpdate limits for TLS 1.3.
2026-05-22 16:41:23 +10:00
HIDEKI MIYAZAKI
afb3ca4b77
fix prb failures
2026-05-20 17:31:08 -07:00
HIDEKI MIYAZAKI
319f1d699d
fix clamp iterations <= 0 to 1 instead of returning an error
2026-05-20 07:25:35 -07:00
Marco Oliverio
0c8cabedff
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-19 10:22:06 +02:00
David Garske
be67bf88f7
Merge pull request #10436 from Frauschi/mldsa_rename
...
Rename Dilithium to canonical ML-DSA (FIPS 204) names
2026-05-18 11:44:21 -07:00
David Garske
1ccd462ea1
Merge pull request #10482 from rlm2002/coverity
...
13052026 Coverity Fixes
2026-05-18 10:35:42 -07:00
David Garske
bc2e842234
Merge pull request #10460 from JacobBarthelmeh/static_analysis
...
Static analysis fixes/improvements for SECO, devcrypto, ARIA, MD4, MD2
2026-05-18 10:31:37 -07:00
David Garske
9096bcc8fa
Merge pull request #10393 from JacobBarthelmeh/opensslextra
...
support build --enable-opensslextra with NO_BIO and NO_FILESYSTEM
2026-05-17 22:33:23 -07:00
David Garske
4c9116c743
Merge pull request #10462 from kareem-wolfssl/zd21507
...
Fix alert type for missing cert. Prevent building with RNG disabled and blinding enabled by default. Enforce bounds for AES CMAC size in verify.
2026-05-17 22:25:09 -07:00