Commit Graph

29783 Commits

Author SHA1 Message Date
Colton Willey 7de624ff08 Add negative length validation to d2i wrappers, PEM helpers, and buffer loaders
Reject negative signed lengths before they are cast to unsigned (word32/size_t),
preventing heap buffer over-reads and oversized allocations. Covers d2i_* OpenSSL
compat wrappers, ProcessBuffer, PemToDer, certgen helpers, and CRL buffer paths.
2026-05-27 11:36:38 -07:00
JacobBarthelmeh 4e491ed3db Merge pull request #10511 from dgarske/zd21780
Fix minor compile error with `WOLFSSL_DEBUG_MEMORY`
2026-05-27 11:16:19 -06:00
JacobBarthelmeh 39a3546b64 Merge pull request #10519 from sebastian-carpenter/flaky-ech-test
CI Fix: fix flaky ECH test
2026-05-27 11:09:18 -06:00
JacobBarthelmeh 3fa4ebcaec Merge pull request #10527 from mattia-moffa/20260525-writedup-no-dtls
Allow --enable-writedup when DTLS is disabled
2026-05-27 11:02:55 -06:00
JacobBarthelmeh c568755751 Merge pull request #10528 from julek-wolfssl/tls/maxsigalgos
Default WOLFSSL_MAX_SIGALGO to 128
2026-05-27 11:01:54 -06:00
JacobBarthelmeh cd82d7e08d Merge pull request #10529 from SparkiDev/sp_fixes_8
sp_int: fixes and added testing
2026-05-27 10:59:24 -06:00
Zackery 7cf84dd833 Merge pull request #10523 from dgarske/ci_opt2
CI: cache compiler output in os-check Ubuntu matrix
2026-05-26 19:35:03 -06:00
Sean Parkinson 91f3e7e063 Merge pull request #10332 from jackctj117/SNI
tls.c: send missing_extension alert on TLS 1.3 SNI absence
2026-05-27 08:37:05 +10:00
David Garske 10020f9cc9 Fix minor compile error with WOLFSSL_DEBUG_MEMORY 2026-05-26 11:39:34 -07:00
David Garske 8199fda0a4 Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
Juliusz Sosinowicz cd2713a731 Default WOLFSSL_MAX_SIGALGO to 128 2026-05-26 17:37:11 +00:00
David Garske 08022ffebf CI: cache compiler output in os-check Ubuntu matrix
- Add .github/actions/ccache-setup composite (ccache + PATH intercept).
- Wire into os-check.yml make_check_linux; macOS unchanged for now.
- Measured on master --enable-all: cold 11.6s -> warm 1.1s (~10x), 100% hit.
2026-05-26 10:36:49 -07:00
David Garske a3f5260260 Merge pull request #10500 from rizlik/sha224_only
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
David Garske 52620e3204 Merge pull request #10516 from Frauschi/mldsa_rename
Finalize ML-DSA renaming
2026-05-26 08:05:04 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Sean Parkinson c57a873824 sp_int: fixes and added testing
sp_set_bit(): check i is in range before use.
_sp_div_2(): Use a constant-time clamp as called by a constant-time
function.
_sp_sqr(): static buffer needs to be one larger for when ECC with P-521
is the largest size.

Add tests:
 - Testing negative numbers with mp_read_raidx/mp_to_radix 10/16
 - Testing negative numbers with mp_add_d/mp_sub_d
 - Testing of mp_gcd without mp_lcm
 - More testing of mp_mod_d and when negative numbers are used
 - Check maximum values work for square. Check of _sp_sqr() bug
 - Add testing of mp_add/sub_mod_ct
 - Add testing of mp_cmp_mag
 - Add testing of mp_mulmod/mp_sqrmod
 - Add testing of mp_exch
 - Add testing of mp_to_unsigned_bin_len_ct
 - Add testing of mp_exptmod that uses base-2 windowing method.
 - Add testing of mp_invmod_mont_ct
2026-05-26 13:52:57 +10:00
Mattia Moffa 1f619a9f50 Allow --enable-writedup when DTLS is disabled 2026-05-25 17:34:32 +02:00
Sean Parkinson 887f242ee8 Merge pull request #10522 from dgarske/retrigger_prb_on_ready
GH Actions: retrigger Jenkins PRB when draft PR is marked ready
2026-05-25 20:55:05 +10:00
David Garske b0d2b10c6b GH Actions: retrigger Jenkins PRB when draft PR is marked ready 2026-05-22 15:14:50 -07:00
sebastian-carpenter d4ed43853f flaky ECH test: fix method for finding ECH extension 2026-05-22 10:48:56 -06:00
Roy Carter eb32554bdb Fix: support adding UE to excluded strings 2026-05-22 19:01:05 +03:00
Roy Carter dc86dc34a8 Fix: change test string to the new format 2026-05-22 19:01:05 +03:00
Roy Carter 8f15bf6d10 fix : bad merge conflics leftovers. 2026-05-22 19:01:05 +03:00
Roy Carter 56e4612e4e Fix : apply Julek pr notes 2026-05-22 19:01:05 +03:00
Roy Carter f15c896551 Build_fix:
When building with --enable-opensslextra=x509small, only OPENSSL_EXTRA_X509_SMALL is defined, not OPENSSL_EXTRA, so these functions are not compiled into the library
2026-05-22 19:01:05 +03:00
Roy Carter 7561911cba fix: Fix build errors for some tests on pipeline 2026-05-22 19:01:05 +03:00
Roy Carter c1a507e175 Feature: allow the usage of
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify

in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson 8597d9da83 Merge pull request #10496 from dgarske/fenrir_20260518
Various Fenrir fixes (F-2626, F-585, F-586, F-2638, F-1960, F-599)
2026-05-23 01:28:42 +10:00
Sean Parkinson fa8940f54f Merge pull request #10510 from miyazakh/testsuite_
Remove testsuite.test for leanTLS builds
2026-05-23 01:22:23 +10:00
Sean Parkinson abe15d260b Merge pull request #10487 from embhorn/zd21842
Add check for ARM to set WOLFSS_USE_ALIGN
2026-05-23 00:11:00 +10:00
Sean Parkinson b1e04464fc Merge pull request #10469 from sebastian-carpenter/tls-ech-server-improvements
Enhancement (ECH): Trial decryption and ECH connection status
2026-05-23 00:07:40 +10:00
Sean Parkinson eeb698dceb Merge pull request #10397 from philljj/support_wolfzfs
zfs: support wolfzfs patch.
2026-05-23 00:01:09 +10:00
kareem-wolfssl 22e505bcfa Merge pull request #10507 from dgarske/ci_opt
CI Optimizations
2026-05-21 17:50:20 -07:00
Sean Parkinson fc2f4fc7cc Merge pull request #10435 from Frauschi/pqc_default_curve
Improved handling for ClientHello default key share group
2026-05-22 08:13:35 +10:00
David Garske 6605060b18 CI: more smoke coverage + header self-sufficiency
- Add AddressSanitizer entry to smoke matrix (--enable-all + -fsanitize=address).
- Add check-headers workflow: 214 public wolfssl/*.h compile standalone.
- Fix quic.h, rng_bank.h, Renesas/renesas-fspsm-crypt.h to be self-sufficient.
- Remove no-tls.yml (its single config is already covered by os-check.yml).
2026-05-21 14:37:11 -07:00
Andrew Hutchings 8574fa995f Merge pull request #10470 from JacobBarthelmeh/tropic
fix for tropic port AES key length used
2026-05-21 13:59:48 -07:00
David Garske 7f80896033 CI optimizations
- Skip CI for draft PRs and redundant master-push re-runs; membrowse nightly.
- Add smoke test (8 configs, CFLAGS=-Werror, post-merge tree, fail-fast on conflicts).
- Add wait-for-smoke composite action for downstream CI gating.
- Add check-source-text + bash -n + shellcheck workflow (script in make dist).
- Cache apt-get update in install-apt-deps composite on cache hit.
2026-05-21 13:19:29 -07:00
Sean Parkinson 7bad79a5b7 Merge pull request #10512 from douzzer/20260520-linuxkm-7v2
20260520-linuxkm-7v2
2026-05-22 04:49:47 +10:00
Daniel Pouzzner 7164d75cb7 linuxkm: add WC_LINUXKM_USE_HEAP_WRAPPERS and implementations wc_linuxkm_malloc(), wc_linuxkm_free(), wc_linuxkm_realloc(), and wc_linuxkm_malloc_usable_size(), to insulate from API drift in kernel heap (required on 7.2+, implicit on 7.1+). 2026-05-21 17:21:12 +00:00
HIDEKI MIYAZAKI 2a35f628af remove testsuite.test for leanTLS builds 2026-05-20 21:18:24 -07:00
JacobBarthelmeh 70288b017f add sanity check on AES key length 2026-05-20 16:02:56 -07:00
David Garske 782787276c Merge pull request #10497 from Frauschi/mldsa_rename
ML-DSA renaming part 2
2026-05-20 11:24:09 -07:00
Daniel Pouzzner 46c6b60be6 Merge pull request #10505 from Frauschi/slhdsa_fix
Fix hashType comparison in SLH-DSA
2026-05-20 13:17:30 -05:00
Tobias Frauenschläger 1dffcffb80 Fix hashType comparison in SLH-DSA 2026-05-20 10:16:37 -07:00
Tobias Frauenschläger 2a30ce3c04 Rename ML-DSA wc_PqcSignatureType entry 2026-05-20 09:06:54 -07:00
Marco Oliverio 408ea84c83 sha256: check no hw accelleartion is enabled with CB_ONLY_SHA256 2026-05-20 11:33:31 +02:00
JacobBarthelmeh 6ac6e5065e fix for tropic port AES key length used 2026-05-20 00:43:36 -07:00
Tobias Frauenschläger 44074fd1df More ML-DSA renaming 2026-05-19 14:09:09 -07:00
David Garske dc56e87522 Merge pull request #10466 from Frauschi/slhdsa_cryptocb
Add CryptoCb support for SLH-DSA
2026-05-19 13:59:40 -07:00
Eric Blankenhorn 40de65785c Address warning in wolfDTLS_SetChGoodCb 2026-05-19 13:05:12 -05:00