Kareem
|
76c52c31fb
|
Disallow wildcard partial domains when using MatchDomainName.
|
2026-03-16 16:21:47 -07:00 |
|
Daniel Pouzzner
|
416072f298
|
Merge pull request #9969 from Frauschi/mlkem_wconversion
ML-KEM Wconversion fixes
|
2026-03-16 15:03:26 -05:00 |
|
David Garske
|
77c7418052
|
Merge pull request #9973 from JacobBarthelmeh/static_analysis
fix to sanity check on importing raw session key info
|
2026-03-16 13:46:53 -06:00 |
|
David Garske
|
87906a38ab
|
Merge pull request #9974 from JacobBarthelmeh/oss-fuzz
fix to free CRL reason extension
|
2026-03-16 13:46:34 -06:00 |
|
JacobBarthelmeh
|
7de150eff0
|
Merge pull request #9975 from rlm2002/coverity
20260313 Coverity changes
|
2026-03-16 12:52:27 -06:00 |
|
Daniel Pouzzner
|
30d8cf1a66
|
Merge pull request #9971 from JacobBarthelmeh/linuxkm
Use ENOMEM return and add goto out on AAD error with linuxkm
|
2026-03-16 11:43:15 -05:00 |
|
JacobBarthelmeh
|
7ad9c25a5b
|
Merge pull request #9978 from SparkiDev/xmss_sign_idx_fix
XMSS: Fix index copy for signing.
|
2026-03-16 09:20:38 -06:00 |
|
JacobBarthelmeh
|
93fc517dd1
|
add NO_RSA macro guard to test case
|
2026-03-16 08:58:15 -06:00 |
|
JacobBarthelmeh
|
f8dda213b0
|
Merge pull request #9972 from cconlon/getCiphersCompatFix
Fix wolfSSL_get_ciphers_compat() to return NULL for empty cipher list
|
2026-03-16 08:29:00 -06:00 |
|
Sean Parkinson
|
9590255ceb
|
XMSS: Fix index copy for signing.
The index is already big-endian encoded but it needs to be front padded
with zeros instead of back end padded.
|
2026-03-16 21:24:08 +10:00 |
|
Ruby Martin
|
2ca2781756
|
reallocate tmp buffer with space for null terminator
|
2026-03-13 17:28:00 -06:00 |
|
Ruby Martin
|
8b7b6754d9
|
macro guard with WOLFSSL_SMALL_STACK to prevent dead code
|
2026-03-13 17:03:02 -06:00 |
|
Ruby Martin
|
1ac4ba282b
|
remove early der free
|
2026-03-13 17:03:02 -06:00 |
|
JacobBarthelmeh
|
bbf3beef35
|
fix to free CRL reason extension
|
2026-03-13 16:17:52 -06:00 |
|
JacobBarthelmeh
|
a6195c30c1
|
Merge pull request #9947 from kareem-wolfssl/zd21325
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
|
2026-03-13 15:37:24 -06:00 |
|
JacobBarthelmeh
|
d36f7a2b99
|
fix to sanity check on importing raw session key info
|
2026-03-13 15:32:46 -06:00 |
|
Chris Conlon
|
428030a3e8
|
Fix wolfSSL_get_ciphers_compat to return NULL when no ciphers available
|
2026-03-13 15:07:25 -06:00 |
|
Tobias Frauenschläger
|
3b4e51c150
|
ML-KEM Wconversion fixes
* fix -Wconversion warnings
* allow APIs without RNG usage in case WC_NO_RNG is defined
|
2026-03-13 21:22:48 +01:00 |
|
JacobBarthelmeh
|
b97b3da81b
|
use ENOMEM instead of MEMORY_E with aes glue returns f-669
|
2026-03-13 14:08:03 -06:00 |
|
JacobBarthelmeh
|
1958fbdf71
|
Add goto out on AAD error f-631
|
2026-03-13 14:03:31 -06:00 |
|
Chris Conlon
|
aa9ee8b4fa
|
Merge pull request #9963 from JacobBarthelmeh/caam
fixes for CAAM port without hash store
|
2026-03-13 13:45:08 -06:00 |
|
JacobBarthelmeh
|
73eb8f933b
|
Merge pull request #9967 from Frauschi/pqc_cmake
Move PQC algos out of experimental in CMake
|
2026-03-13 13:12:53 -06:00 |
|
Kareem
|
94b370f5e2
|
Rework check to compare only ints.
|
2026-03-13 11:42:12 -07:00 |
|
Kareem
|
19b99f8072
|
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
Thanks to Haruto Kimura (Stella) for the report.
|
2026-03-13 11:42:12 -07:00 |
|
Ruby Martin
|
5d54d8a488
|
init caCert before function can error out
|
2026-03-13 11:57:24 -06:00 |
|
Tobias Frauenschläger
|
da94ea6265
|
Move PQC algos out of experimental in CMake
This has already been done long time in autoconf. User
now does not have to enable experimental features to use
PQC.
|
2026-03-13 17:53:54 +01:00 |
|
JacobBarthelmeh
|
156db7dd2d
|
Merge pull request #9831 from julek-wolfssl/pytho-3.13.4
Fixes to run python with --enable-all
|
2026-03-13 10:50:23 -06:00 |
|
David Garske
|
0792c674c5
|
Merge pull request #9960 from philljj/fix_coverity
asn: fix coverity null deref warnings.
|
2026-03-13 06:58:41 +01:00 |
|
David Garske
|
00cd1a7c22
|
Merge pull request #9962 from night1rider/ecc-dilithium-callback-free-fix
Fix expected callback behavior for ECC/Dilithium for Free Callbacks
|
2026-03-13 06:19:31 +01:00 |
|
David Garske
|
cdacf3a53e
|
Merge pull request #9964 from SparkiDev/asm_gen_fixes_1
SP fixes: 32-bit ARM assembly fixes
|
2026-03-13 06:16:57 +01:00 |
|
Sean Parkinson
|
bac0563669
|
Merge pull request #9919 from anhu/lms-leaf-idx
Fix buffer-overflow in LMS leaf cache indexing
|
2026-03-13 10:02:50 +10:00 |
|
Sean Parkinson
|
d23cb79f18
|
SP fixes: 32-bit ARM assembly fixes
mod_exp: subtract from 32 instread of 64 as n is 32 bits
sp_521_ecc_mulmod_fast: look up the last point in constant time when
required.
|
2026-03-13 09:37:28 +10:00 |
|
JacobBarthelmeh
|
424af6eb5b
|
Merge pull request #9956 from rlm2002/coverity
20260311 Coverity changes
|
2026-03-12 16:53:39 -06:00 |
|
JacobBarthelmeh
|
357c2ad8e9
|
fixes for CAAM port without hash store
|
2026-03-12 15:55:19 -06:00 |
|
night1rider
|
cdbd19551e
|
Have ret initialized to 0 in wc_ecc_free() and wc_dilithium_free()
|
2026-03-12 15:40:38 -06:00 |
|
night1rider
|
2626f976f5
|
Update the PKCS11 ECC and dilithium free handlers so they will now return CRYPTOCB_UNAVAILABLE after attempting the context free so the caller still does software cleanup on the rest of the context that the callback does not handle.
|
2026-03-12 15:18:56 -06:00 |
|
JacobBarthelmeh
|
e5594a6366
|
Merge pull request #9889 from rlm2002/F29
remove word16 cast, add WOLFSSL_MAX_16BIT check
|
2026-03-12 14:54:19 -06:00 |
|
JacobBarthelmeh
|
80ba723e16
|
Merge pull request #9943 from philljj/fix_evp_set_iv_length
evp: check ivLen in wolfSSL_EVP_CIPHER_CTX_set_iv_length.
|
2026-03-12 14:47:32 -06:00 |
|
night1rider
|
5ff2b55345
|
Fix Free Callback Behavior for Dilithium's free callback path so that it respects the return code of the callback
|
2026-03-12 14:45:33 -06:00 |
|
JacobBarthelmeh
|
67abcc6f2d
|
Merge pull request #9949 from philljj/fix_d2i_SSL_SESSION
ssl_sess: check fields in wolfSSL_d2i_SSL_SESSION.
|
2026-03-12 14:45:29 -06:00 |
|
JacobBarthelmeh
|
c1f71fcf33
|
Merge pull request #9959 from philljj/fix_wolfboot_build
asn: add HAVE_OCSP_RESPONDER guard, to fix wolfboot build.
|
2026-03-12 14:44:29 -06:00 |
|
JacobBarthelmeh
|
351d2594ac
|
Merge pull request #9938 from SparkiDev/regression_fixes_23
Fixes from regression testing
|
2026-03-12 14:41:18 -06:00 |
|
night1rider
|
e766b8f0af
|
Update the wolfCrypt test so that Dilithium init so that devID will get passed to hit callback paths when configured and that Dilithium will be retested in the callback section of the wolfCrypt test.
|
2026-03-12 14:31:05 -06:00 |
|
night1rider
|
9d65982d80
|
Fix Free Callback Behavior for ECC's free callback path so that it respects the return code of the callback
|
2026-03-12 14:24:10 -06:00 |
|
night1rider
|
352daa085b
|
Add test case for free ecc/dilithum callback for expected behavior to match existing free callback code paths
|
2026-03-12 14:18:31 -06:00 |
|
jordan
|
02bdde0264
|
asn: fix coverity null deref warnings.
|
2026-03-12 14:28:24 -05:00 |
|
JacobBarthelmeh
|
a05a3ed1c2
|
Merge pull request #9940 from cconlon/pathLenSet
Fix pathlen not copied in ASN1_OBJECT_dup and not marked set in X509_add_ext
|
2026-03-12 10:34:58 -06:00 |
|
JacobBarthelmeh
|
2831a1e864
|
Merge pull request #9958 from julek-wolfssl/ocsp-responder-follow-up
Address final comments from #9761
|
2026-03-12 10:29:56 -06:00 |
|
Ruby Martin
|
d359f420ab
|
set *inLen = outLen if output == NULL, if != NULL, check that outLen <= *inLen before assigning *inLen = outLen
|
2026-03-12 10:25:14 -06:00 |
|
Ruby Martin
|
6ebd967345
|
bounds check on ext_dump
|
2026-03-12 09:53:35 -06:00 |
|