Tobias Frauenschläger
76b1300adb
ML-KEM fixes
...
* DTLS 1.3 cookie and CH frag handling
* static memory handling
* Fix memory leak in TLS server PQC handling in case of ECH
* Make sure hybrids are actually tested in testsuite
2026-03-17 12:43:15 +01:00
David Garske
b5c532703a
Merge pull request #9954 from kareem-wolfssl/gh9951
...
Fix potential overflows in used size calculation in generic, TI and SE050 hash functions.
2026-03-16 15:09:22 -07:00
David Garske
da635c9004
Merge pull request #9980 from anhu/sphincs_no_elseif
...
Fixes SPHINCS else-if chain key detection
2026-03-16 15:03:59 -07:00
David Garske
90377e10c5
Merge pull request #9979 from anhu/falcon_no_elseif
...
Fixes Falcon else-if chain key detection
2026-03-16 15:03:43 -07:00
David Garske
96661a5dab
Merge pull request #9977 from JacobBarthelmeh/multi-test
...
Minor fixes for nightly multi-test tool
2026-03-16 14:31:39 -07:00
JacobBarthelmeh
57f416fc43
Merge pull request #9961 from sebastian-carpenter/tls-ech-coverity
...
minor coverity fixes for tls ech code
2026-03-16 15:27:27 -06:00
Daniel Pouzzner
416072f298
Merge pull request #9969 from Frauschi/mlkem_wconversion
...
ML-KEM Wconversion fixes
2026-03-16 15:03:26 -05:00
David Garske
77c7418052
Merge pull request #9973 from JacobBarthelmeh/static_analysis
...
fix to sanity check on importing raw session key info
2026-03-16 13:46:53 -06:00
David Garske
87906a38ab
Merge pull request #9974 from JacobBarthelmeh/oss-fuzz
...
fix to free CRL reason extension
2026-03-16 13:46:34 -06:00
JacobBarthelmeh
7de150eff0
Merge pull request #9975 from rlm2002/coverity
...
20260313 Coverity changes
2026-03-16 12:52:27 -06:00
Daniel Pouzzner
30d8cf1a66
Merge pull request #9971 from JacobBarthelmeh/linuxkm
...
Use ENOMEM return and add goto out on AAD error with linuxkm
2026-03-16 11:43:15 -05:00
Daniel Pouzzner
49796a5159
configure.ac: don't include enable_ocsp_responder in enable-all if $enable_sha = no, remove enable_ocsp_responder from enable-all-crypto setup, and remove superseded fixup clause for ENABLED_OCSP_RESPONDER with ENABLED_SHA = no.
...
.wolfssl_known_macro_extras: remove unneeded WOLFSSL_PYTHON.
2026-03-16 10:20:48 -05:00
JacobBarthelmeh
7ad9c25a5b
Merge pull request #9978 from SparkiDev/xmss_sign_idx_fix
...
XMSS: Fix index copy for signing.
2026-03-16 09:20:38 -06:00
Anthony Hu
2939ab7f6a
Fixes SPHINCS else-if chain key detection
...
F-751
2026-03-16 11:20:19 -04:00
JacobBarthelmeh
93fc517dd1
add NO_RSA macro guard to test case
2026-03-16 08:58:15 -06:00
Anthony Hu
3b36db0c9d
Fixes Falcon else-if chain key detection
...
F-750
2026-03-16 10:55:28 -04:00
JacobBarthelmeh
f8dda213b0
Merge pull request #9972 from cconlon/getCiphersCompatFix
...
Fix wolfSSL_get_ciphers_compat() to return NULL for empty cipher list
2026-03-16 08:29:00 -06:00
Sean Parkinson
9590255ceb
XMSS: Fix index copy for signing.
...
The index is already big-endian encoded but it needs to be front padded
with zeros instead of back end padded.
2026-03-16 21:24:08 +10:00
JacobBarthelmeh
8f810c2705
clear q with integer.c and mp_div_3 in error case
2026-03-16 00:09:37 -06:00
JacobBarthelmeh
73e425923b
setting heap pointer based on if key is null
2026-03-16 00:08:04 -06:00
JacobBarthelmeh
9b96f49505
check return value of fwrite in test case
2026-03-16 00:07:09 -06:00
JacobBarthelmeh
681fb41fcb
Null check on SNI pointer before potential use
2026-03-16 00:06:38 -06:00
JacobBarthelmeh
eaa6db9462
account for --enable-all-crypto and --disable-sha build now having OCSP responder
2026-03-16 00:06:13 -06:00
Ruby Martin
2ca2781756
reallocate tmp buffer with space for null terminator
2026-03-13 17:28:00 -06:00
Ruby Martin
8b7b6754d9
macro guard with WOLFSSL_SMALL_STACK to prevent dead code
2026-03-13 17:03:02 -06:00
Ruby Martin
1ac4ba282b
remove early der free
2026-03-13 17:03:02 -06:00
Kareem
0b26791168
Code review feedback
2026-03-13 15:57:18 -07:00
Kareem
3cc15548bc
Code review feedback. Error out on len = 0 as well.
2026-03-13 15:57:18 -07:00
Kareem
0a082b08ca
Code review feedback
2026-03-13 15:57:18 -07:00
Kareem
42b321a7d3
Use safe sum of used size after calculating it. No reason to redo the additions. Fixes unused variable warning as well.
...
Fix different type addition in hash.c.
2026-03-13 15:57:18 -07:00
Kareem
d205fcac87
Fix potential overflows in two additional hash functions.
...
Thanks to Arjuna Arya for the report.
Fixes #9955 .
2026-03-13 15:57:18 -07:00
Kareem
091016a149
Ensure se050Ctx->used does not overflow in se050_hash_update.
...
Thanks to Arjuna Arya for the report.
Fixes #9951 .
2026-03-13 15:57:18 -07:00
JacobBarthelmeh
bbf3beef35
fix to free CRL reason extension
2026-03-13 16:17:52 -06:00
JacobBarthelmeh
a6195c30c1
Merge pull request #9947 from kareem-wolfssl/zd21325
...
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
2026-03-13 15:37:24 -06:00
JacobBarthelmeh
d36f7a2b99
fix to sanity check on importing raw session key info
2026-03-13 15:32:46 -06:00
Chris Conlon
428030a3e8
Fix wolfSSL_get_ciphers_compat to return NULL when no ciphers available
2026-03-13 15:07:25 -06:00
Tobias Frauenschläger
3b4e51c150
ML-KEM Wconversion fixes
...
* fix -Wconversion warnings
* allow APIs without RNG usage in case WC_NO_RNG is defined
2026-03-13 21:22:48 +01:00
JacobBarthelmeh
b97b3da81b
use ENOMEM instead of MEMORY_E with aes glue returns f-669
2026-03-13 14:08:03 -06:00
JacobBarthelmeh
1958fbdf71
Add goto out on AAD error f-631
2026-03-13 14:03:31 -06:00
Chris Conlon
aa9ee8b4fa
Merge pull request #9963 from JacobBarthelmeh/caam
...
fixes for CAAM port without hash store
2026-03-13 13:45:08 -06:00
JacobBarthelmeh
73eb8f933b
Merge pull request #9967 from Frauschi/pqc_cmake
...
Move PQC algos out of experimental in CMake
2026-03-13 13:12:53 -06:00
Kareem
94b370f5e2
Rework check to compare only ints.
2026-03-13 11:42:12 -07:00
Kareem
19b99f8072
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
...
Thanks to Haruto Kimura (Stella) for the report.
2026-03-13 11:42:12 -07:00
Ruby Martin
5d54d8a488
init caCert before function can error out
2026-03-13 11:57:24 -06:00
sebastian-carpenter
47a24d7b90
minor coverity fixes for tls ech
2026-03-13 11:04:44 -06:00
Tobias Frauenschläger
da94ea6265
Move PQC algos out of experimental in CMake
...
This has already been done long time in autoconf. User
now does not have to enable experimental features to use
PQC.
2026-03-13 17:53:54 +01:00
JacobBarthelmeh
156db7dd2d
Merge pull request #9831 from julek-wolfssl/pytho-3.13.4
...
Fixes to run python with --enable-all
2026-03-13 10:50:23 -06:00
David Garske
0792c674c5
Merge pull request #9960 from philljj/fix_coverity
...
asn: fix coverity null deref warnings.
2026-03-13 06:58:41 +01:00
David Garske
00cd1a7c22
Merge pull request #9962 from night1rider/ecc-dilithium-callback-free-fix
...
Fix expected callback behavior for ECC/Dilithium for Free Callbacks
2026-03-13 06:19:31 +01:00
David Garske
cdacf3a53e
Merge pull request #9964 from SparkiDev/asm_gen_fixes_1
...
SP fixes: 32-bit ARM assembly fixes
2026-03-13 06:16:57 +01:00