Marco Oliverio
b30e0f679c
bio: update stale comment
2026-04-10 08:50:30 +02:00
Hideki Miyazaki
e04fe0c347
fix typo
2026-04-10 15:26:16 +09:00
Sean Parkinson
b764aac074
API testing additions: cipher tests
...
Fixed wc_AesEaxAuthDataUpdate to check eax for NULL before
dereferencing.
Fix AesSivCipher to delete/free AES if new/initialization succeeded.
Memsetting to 0 doesn't work when WC_DEBUG_CIPHER_LIFECYCLE is defined.
Added tests for:
- AES-EAX streaming
- AES-SIV
- Poly1305
- DES-CBC
2026-04-10 15:43:21 +10:00
JacobBarthelmeh
43f06851f1
update changelog notes
2026-04-09 20:45:59 -06:00
Sean Parkinson
f4b2908532
ASM generation fixes
...
Shift mnemonic case changed due to generation scripts fixup of class
name - no functional difference.
RISC-V AES-GCM tag check fixed
2026-04-10 10:18:26 +10:00
Sean Parkinson
41aae56ab8
ARM ASM: AES-GCM small table without NEON
...
Non-neon GCM_gmult_len requires M0 which is not available with a small
build.
Fix to have C implementation when M0 and NEON not available.
2026-04-10 08:06:17 +10:00
Sean Parkinson
ecd925f10e
Initialize certificate: default to SHA-1 when necessary
...
Make SHA-1 with RSA signature type the last option.
SHA-1 signatures are deprecated as weak.
2026-04-10 07:58:37 +10:00
Sean Parkinson
abfff1ec2f
Merge pull request #10167 from embhorn/zd21571
...
Fix ETM on resumption
2026-04-10 07:45:20 +10:00
Eric Blankenhorn
4d79d1efd9
Improve tests
2026-04-09 16:24:12 -05:00
David Garske
8059fbdbe8
Merge pull request #10129 from rlm2002/coverity_fix
...
03042026 Coverity tests fix
2026-04-09 13:35:36 -07:00
David Garske
9e199f3ae7
Merge pull request #10165 from rlm2002/coverity
...
Coverity fix
2026-04-09 13:34:26 -07:00
David Garske
cc72851694
Merge pull request #10026 from LinuxJedi/actions-composite-caching
...
Composite GHA action with caching
2026-04-09 12:01:24 -07:00
David Garske
a91096501f
Merge pull request #10153 from sebastian-carpenter/GH-10067
...
do not enable TLSX with --enable-ech
2026-04-09 11:43:52 -07:00
David Garske
a3ef93567e
Merge pull request #10147 from julek-wolfssl/ocsp-responder-docs
...
Add documentation for new OCSP responder and cert accessor APIs
2026-04-09 11:42:03 -07:00
Anthony Hu
7336ed7cee
Fixes ZD 19760
...
Before this fix, the certificates were not getting into the certificate manager.
This makes sure they are going in.
2026-04-09 13:09:17 -04:00
Eric Blankenhorn
31eb54f950
Fix from review
2026-04-09 11:32:47 -05:00
JacobBarthelmeh
044a5f8b81
Merge pull request #10143 from dgarske/qat_aes_gcm
...
Improve QAT AES GCM tag checking
2026-04-09 09:40:25 -06:00
Eric Blankenhorn
191b827579
Fix from review
2026-04-09 10:14:45 -05:00
Marco Oliverio
6b74ae5fc5
bio: simplify BIO_gets null-termination, improve ossl compat
2026-04-09 15:18:22 +02:00
Juliusz Sosinowicz
fd63d6c20e
Add bwrap network namespace isolation to scripts with listening ports
...
Add NETWORK_UNSHARE_HELPER/bwrap wrapping to benchmark.test,
openssl_srtp.test, and sniffer-gen.sh to isolate network namespaces and
prevent port collisions when tests run concurrently. sniffer-gen.sh uses
--cap-add ALL (like dtls.test) since it runs tcpdump. ocsp-stapling.test
is excluded because it connects to external servers (login.live.com).
2026-04-09 13:56:14 +02:00
Sean Parkinson
3e0679ee17
Merge pull request #10156 from douzzer/20260407-SHA3-unaligned-access
...
20260407-SHA3-unaligned-access
2026-04-09 18:47:06 +10:00
Sean Parkinson
6617863249
Merge pull request #10145 from Frauschi/ecc_follow_up
...
ECC curve validation follow-up
2026-04-09 18:35:56 +10:00
Yosuke Shimizu
0a05129bd6
Fix authTagSz validation
2026-04-09 17:15:28 +09:00
Sean Parkinson
2a064607e4
Merge pull request #10150 from julek-wolfssl/enable-ocsp-responder-disable-tls13
...
Guard OCSP signature params with WC_RSA_PSS ifdef
2026-04-09 18:13:00 +10:00
Sean Parkinson
139042e6d5
Merge pull request #10159 from Frauschi/dual_alg_fix
...
Fix build failure for DUAL_ALG_CERTS
2026-04-09 18:00:47 +10:00
Eric Blankenhorn
b218b29403
Fix from review
2026-04-08 16:13:23 -05:00
Eric Blankenhorn
1e1e34ce8c
Fix for peer cert verify with IP address
2026-04-08 15:47:57 -05:00
Eric Blankenhorn
af5369636a
Fix ETM on resumption
2026-04-08 15:06:11 -05:00
David Garske
1d363f3adc
Merge pull request #10163 from JacobBarthelmeh/release
...
prepare for release 5.9.1
2026-04-08 10:40:06 -07:00
Juliusz Sosinowicz
bfad5398b1
MSVC: replace UINT32_MAX with WOLFSSL_MAX_32BIT in dilithium.c
2026-04-08 10:00:52 -07:00
Marco Oliverio
5107613025
bio: add tests
2026-04-08 18:49:40 +02:00
Marco Oliverio
c07d8634b3
bio: ABI breaking change: use int instead of byte for type
2026-04-08 18:49:40 +02:00
Marco Oliverio
7802a75acd
bio: various fixes and improvements
...
* simplify wolfSSL_BIO_set_conn_hostname, fixing OOB read
* restructure wolfSSL_BIO_ctrl_pending, fixing inverted check and
* ctrlCB checking
* return WOLFSSL_FAILURE in wolfSSL_BIO_up_ref when refInc fails,
updated test to reflect this
* check arguments for NULL in wolfSSL_BIO_ADDR_size
* replace non-portable type long usigned int with size_t
* wolfSSL_BIO_MEMORY_write: return WOLFSSL_BIO_ERROR on failure instead
of WOLFSSL_FAILURE, return 0 when len is 0
* wolfSSL_BIO_get_fp: fix type mismatch comparing XFILE* pointer against
XBADFILE
* wolfSSL_BIO_ctrl: add NULL check on bio before switch
* wolfSSL_BIO_pop: clear bio prev and next pointers after unlinking
* wolfSSL_BIO_gets: place null terminator after actual bytes read from
BIO_BIO nread
2026-04-08 18:49:40 +02:00
Ruby Martin
5e87b82dfa
initialize key and rng in test_DhAgree_rejects_p_minus_1()
2026-04-08 09:48:06 -06:00
JacobBarthelmeh
719e98f717
prepare for release 5.9.1
2026-04-08 07:34:41 -06:00
Juliusz Sosinowicz
78e5ae3978
Address review comments
2026-04-08 11:35:48 +02:00
Hideki Miyazaki
0e14849c31
addressed Copilot review comments
2026-04-08 17:24:11 +09:00
Tobias Frauenschläger
178d2f61f4
Fix build with WOLFSSL_DUAL_ALG_CERTS and HAVE_PK_CALLBACKS
2026-04-08 10:18:00 +02:00
Hideki Miyazaki
e3fd4cc24d
fix f-1370 key_len size check for void* in wc_SignatureGetSize
2026-04-08 17:07:42 +09:00
Daniel Pouzzner
750f3b119e
Merge pull request #10088 from anhu/new_various
...
Various security fixes and tests
2026-04-07 22:13:18 -05:00
JacobBarthelmeh
4fd0df42e7
add adjustment for review
2026-04-07 21:08:11 -06:00
JacobBarthelmeh
9a79c412a5
Merge pull request #10154 from douzzer/20260407-fips-ready-WC_FIPS_186_4
...
20260407-fips-ready-WC_FIPS_186_4
2026-04-07 16:46:16 -06:00
Aidan Garske
bf03de6b6d
Add WC_NO_ERR_TRACE
2026-04-07 15:30:14 -07:00
JacobBarthelmeh
7f84fb2624
Merge pull request #10152 from douzzer/20260407-BLAKE-gating
...
20260407-BLAKE-gating
2026-04-07 16:18:09 -06:00
JacobBarthelmeh
d1c6423b82
make the padding check constant time and move evp exponent print size macro to local file
2026-04-07 16:09:52 -06:00
Aidan Garske
773ac9d1f3
Reset sizes consumed by the first exchange
2026-04-07 14:01:53 -07:00
David Garske
852ddcb37d
Improve QAT AES GCM tag checking
2026-04-07 13:53:41 -07:00
Daniel Pouzzner
296148b4e6
wolfcrypt/src/sha3.c: fix Load64Unaligned() implementation with unaligned integer access when WC_SHA3_FAULT_HARDEN && !BIG_ENDIAN_ORDER.
2026-04-07 15:39:31 -05:00
Aidan Garske
c0726bbb2d
Use small stack so we dont exeed stack limit on linux cases
2026-04-07 13:34:46 -07:00
Aidan Garske
8d79ff3d6d
F-2208 - Add ForceZero of RSA private exponent before free in Xilinx path
2026-04-07 13:21:29 -07:00