Colton Willey
7de624ff08
Add negative length validation to d2i wrappers, PEM helpers, and buffer loaders
...
Reject negative signed lengths before they are cast to unsigned (word32/size_t),
preventing heap buffer over-reads and oversized allocations. Covers d2i_* OpenSSL
compat wrappers, ProcessBuffer, PemToDer, certgen helpers, and CRL buffer paths.
2026-05-27 11:36:38 -07:00
JacobBarthelmeh
4e491ed3db
Merge pull request #10511 from dgarske/zd21780
...
Fix minor compile error with `WOLFSSL_DEBUG_MEMORY`
2026-05-27 11:16:19 -06:00
JacobBarthelmeh
39a3546b64
Merge pull request #10519 from sebastian-carpenter/flaky-ech-test
...
CI Fix: fix flaky ECH test
2026-05-27 11:09:18 -06:00
JacobBarthelmeh
3fa4ebcaec
Merge pull request #10527 from mattia-moffa/20260525-writedup-no-dtls
...
Allow --enable-writedup when DTLS is disabled
2026-05-27 11:02:55 -06:00
JacobBarthelmeh
c568755751
Merge pull request #10528 from julek-wolfssl/tls/maxsigalgos
...
Default WOLFSSL_MAX_SIGALGO to 128
2026-05-27 11:01:54 -06:00
JacobBarthelmeh
cd82d7e08d
Merge pull request #10529 from SparkiDev/sp_fixes_8
...
sp_int: fixes and added testing
2026-05-27 10:59:24 -06:00
Zackery
7cf84dd833
Merge pull request #10523 from dgarske/ci_opt2
...
CI: cache compiler output in os-check Ubuntu matrix
2026-05-26 19:35:03 -06:00
Sean Parkinson
91f3e7e063
Merge pull request #10332 from jackctj117/SNI
...
tls.c: send missing_extension alert on TLS 1.3 SNI absence
2026-05-27 08:37:05 +10:00
David Garske
10020f9cc9
Fix minor compile error with WOLFSSL_DEBUG_MEMORY
2026-05-26 11:39:34 -07:00
David Garske
8199fda0a4
Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
...
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
Juliusz Sosinowicz
cd2713a731
Default WOLFSSL_MAX_SIGALGO to 128
2026-05-26 17:37:11 +00:00
David Garske
08022ffebf
CI: cache compiler output in os-check Ubuntu matrix
...
- Add .github/actions/ccache-setup composite (ccache + PATH intercept).
- Wire into os-check.yml make_check_linux; macOS unchanged for now.
- Measured on master --enable-all: cold 11.6s -> warm 1.1s (~10x), 100% hit.
2026-05-26 10:36:49 -07:00
David Garske
a3f5260260
Merge pull request #10500 from rizlik/sha224_only
...
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
David Garske
52620e3204
Merge pull request #10516 from Frauschi/mldsa_rename
...
Finalize ML-DSA renaming
2026-05-26 08:05:04 -07:00
Tobias Frauenschläger
637c07798a
Finalize ML-DSA renaming
2026-05-26 14:54:30 +02:00
Sean Parkinson
c57a873824
sp_int: fixes and added testing
...
sp_set_bit(): check i is in range before use.
_sp_div_2(): Use a constant-time clamp as called by a constant-time
function.
_sp_sqr(): static buffer needs to be one larger for when ECC with P-521
is the largest size.
Add tests:
- Testing negative numbers with mp_read_raidx/mp_to_radix 10/16
- Testing negative numbers with mp_add_d/mp_sub_d
- Testing of mp_gcd without mp_lcm
- More testing of mp_mod_d and when negative numbers are used
- Check maximum values work for square. Check of _sp_sqr() bug
- Add testing of mp_add/sub_mod_ct
- Add testing of mp_cmp_mag
- Add testing of mp_mulmod/mp_sqrmod
- Add testing of mp_exch
- Add testing of mp_to_unsigned_bin_len_ct
- Add testing of mp_exptmod that uses base-2 windowing method.
- Add testing of mp_invmod_mont_ct
2026-05-26 13:52:57 +10:00
Mattia Moffa
1f619a9f50
Allow --enable-writedup when DTLS is disabled
2026-05-25 17:34:32 +02:00
Sean Parkinson
887f242ee8
Merge pull request #10522 from dgarske/retrigger_prb_on_ready
...
GH Actions: retrigger Jenkins PRB when draft PR is marked ready
2026-05-25 20:55:05 +10:00
David Garske
b0d2b10c6b
GH Actions: retrigger Jenkins PRB when draft PR is marked ready
2026-05-22 15:14:50 -07:00
sebastian-carpenter
d4ed43853f
flaky ECH test: fix method for finding ECH extension
2026-05-22 10:48:56 -06:00
Roy Carter
eb32554bdb
Fix: support adding UE to excluded strings
2026-05-22 19:01:05 +03:00
Roy Carter
dc86dc34a8
Fix: change test string to the new format
2026-05-22 19:01:05 +03:00
Roy Carter
8f15bf6d10
fix : bad merge conflics leftovers.
2026-05-22 19:01:05 +03:00
Roy Carter
56e4612e4e
Fix : apply Julek pr notes
2026-05-22 19:01:05 +03:00
Roy Carter
f15c896551
Build_fix:
...
When building with --enable-opensslextra=x509small, only OPENSSL_EXTRA_X509_SMALL is defined, not OPENSSL_EXTRA, so these functions are not compiled into the library
2026-05-22 19:01:05 +03:00
Roy Carter
7561911cba
fix: Fix build errors for some tests on pipeline
2026-05-22 19:01:05 +03:00
Roy Carter
c1a507e175
Feature: allow the usage of
...
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify
in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson
8597d9da83
Merge pull request #10496 from dgarske/fenrir_20260518
...
Various Fenrir fixes (F-2626, F-585, F-586, F-2638, F-1960, F-599)
2026-05-23 01:28:42 +10:00
Sean Parkinson
fa8940f54f
Merge pull request #10510 from miyazakh/testsuite_
...
Remove testsuite.test for leanTLS builds
2026-05-23 01:22:23 +10:00
Sean Parkinson
abe15d260b
Merge pull request #10487 from embhorn/zd21842
...
Add check for ARM to set WOLFSS_USE_ALIGN
2026-05-23 00:11:00 +10:00
Sean Parkinson
b1e04464fc
Merge pull request #10469 from sebastian-carpenter/tls-ech-server-improvements
...
Enhancement (ECH): Trial decryption and ECH connection status
2026-05-23 00:07:40 +10:00
Sean Parkinson
eeb698dceb
Merge pull request #10397 from philljj/support_wolfzfs
...
zfs: support wolfzfs patch.
2026-05-23 00:01:09 +10:00
kareem-wolfssl
22e505bcfa
Merge pull request #10507 from dgarske/ci_opt
...
CI Optimizations
2026-05-21 17:50:20 -07:00
Sean Parkinson
fc2f4fc7cc
Merge pull request #10435 from Frauschi/pqc_default_curve
...
Improved handling for ClientHello default key share group
2026-05-22 08:13:35 +10:00
David Garske
6605060b18
CI: more smoke coverage + header self-sufficiency
...
- Add AddressSanitizer entry to smoke matrix (--enable-all + -fsanitize=address).
- Add check-headers workflow: 214 public wolfssl/*.h compile standalone.
- Fix quic.h, rng_bank.h, Renesas/renesas-fspsm-crypt.h to be self-sufficient.
- Remove no-tls.yml (its single config is already covered by os-check.yml).
2026-05-21 14:37:11 -07:00
Andrew Hutchings
8574fa995f
Merge pull request #10470 from JacobBarthelmeh/tropic
...
fix for tropic port AES key length used
2026-05-21 13:59:48 -07:00
David Garske
7f80896033
CI optimizations
...
- Skip CI for draft PRs and redundant master-push re-runs; membrowse nightly.
- Add smoke test (8 configs, CFLAGS=-Werror, post-merge tree, fail-fast on conflicts).
- Add wait-for-smoke composite action for downstream CI gating.
- Add check-source-text + bash -n + shellcheck workflow (script in make dist).
- Cache apt-get update in install-apt-deps composite on cache hit.
2026-05-21 13:19:29 -07:00
Sean Parkinson
7bad79a5b7
Merge pull request #10512 from douzzer/20260520-linuxkm-7v2
...
20260520-linuxkm-7v2
2026-05-22 04:49:47 +10:00
Daniel Pouzzner
7164d75cb7
linuxkm: add WC_LINUXKM_USE_HEAP_WRAPPERS and implementations wc_linuxkm_malloc(), wc_linuxkm_free(), wc_linuxkm_realloc(), and wc_linuxkm_malloc_usable_size(), to insulate from API drift in kernel heap (required on 7.2+, implicit on 7.1+).
2026-05-21 17:21:12 +00:00
HIDEKI MIYAZAKI
2a35f628af
remove testsuite.test for leanTLS builds
2026-05-20 21:18:24 -07:00
JacobBarthelmeh
70288b017f
add sanity check on AES key length
2026-05-20 16:02:56 -07:00
David Garske
782787276c
Merge pull request #10497 from Frauschi/mldsa_rename
...
ML-DSA renaming part 2
2026-05-20 11:24:09 -07:00
Daniel Pouzzner
46c6b60be6
Merge pull request #10505 from Frauschi/slhdsa_fix
...
Fix hashType comparison in SLH-DSA
2026-05-20 13:17:30 -05:00
Tobias Frauenschläger
1dffcffb80
Fix hashType comparison in SLH-DSA
2026-05-20 10:16:37 -07:00
Tobias Frauenschläger
2a30ce3c04
Rename ML-DSA wc_PqcSignatureType entry
2026-05-20 09:06:54 -07:00
Marco Oliverio
408ea84c83
sha256: check no hw accelleartion is enabled with CB_ONLY_SHA256
2026-05-20 11:33:31 +02:00
JacobBarthelmeh
6ac6e5065e
fix for tropic port AES key length used
2026-05-20 00:43:36 -07:00
Tobias Frauenschläger
44074fd1df
More ML-DSA renaming
2026-05-19 14:09:09 -07:00
David Garske
dc56e87522
Merge pull request #10466 from Frauschi/slhdsa_cryptocb
...
Add CryptoCb support for SLH-DSA
2026-05-19 13:59:40 -07:00
Eric Blankenhorn
40de65785c
Address warning in wolfDTLS_SetChGoodCb
2026-05-19 13:05:12 -05:00