night1rider
aa7b7defba
Switch to use merge branch for PR testing instead of HEAD Branch
2026-06-11 15:57:29 -06:00
David Garske
bd78a42e9a
Merge pull request #10097 from kareem-wolfssl/gh9936
...
Define HAVE_LIMITS_H in options.h rather than config.h.
2026-06-11 10:25:41 -07:00
David Garske
4b8fd23ae7
Merge pull request #10606 from miyazakh/fix_tls_bench_dtls
...
fix tls_bench DTLS mode failures
2026-06-11 10:12:45 -07:00
David Garske
262a2e199a
Merge pull request #10662 from Frauschi/zephyr_4_4_fixes
...
Fixes for Zephyr 4.4
2026-06-11 09:51:11 -07:00
David Garske
e0324866bc
Merge pull request #10654 from douzzer/20260610-ssl_api_ext-revert-ret-cascades
...
20260610-ssl_api_ext-revert-ret-cascades
2026-06-11 09:49:08 -07:00
philljj
b1330f75d9
Merge pull request #10658 from douzzer/20260608-linuxkm-fenrir
...
20260608-linuxkm-fenrir
2026-06-11 11:19:46 -05:00
Tobias Frauenschläger
c73afe67a5
Fixes for Zephyr 4.4
2026-06-11 13:33:27 +02:00
Hideki Miyazaki
20dadc8d86
Addressed code review
2026-06-11 08:38:00 +09:00
Daniel Pouzzner
486e8eefc0
.wolfssl_known_macro_extras: fix lexical order.
2026-06-10 17:32:20 -05:00
Daniel Pouzzner
0f3d3bedb0
fix F-5334: AEAD decrypt accepts ciphertext shorter than authentication tag before unsigned length subtraction
2026-06-10 17:28:06 -05:00
Daniel Pouzzner
e98a03b80e
fix F=3524: Heap Buffer Overflow in km_direct_rsa_dec When req->dst_len < ctx->key_len
2026-06-10 17:28:06 -05:00
Daniel Pouzzner
1e888383bb
fix F-3025: Missing buffer-length validation in km_ecdh_decode_secret enables out-of-bounds read
2026-06-10 17:28:06 -05:00
Daniel Pouzzner
9b723b9e11
fix F-3024: Missing buffer-length validation in km_dh_decode_secret enables out-of-bounds read
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
b4139b1a90
fix F-706: AES-CTR and AES-OFB Encrypt Leak Aes Context Containing Key Schedule on skcipher_walk_done Error
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
afc2137351
fix F-682: Incorrect tolower/toupper Macros Produce Wrong Results for Non-Alpha Characters
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
c9cc79f9ae
cleanup inspired by false positive F-675: AES-CTR and AES-OFB Modes Bypass WC_C_DYNAMIC_FALLBACK Selection Logic
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
da1b7fe236
fixes for F-674: Non-Constant-Time memcmp in RSA PKCS#1 v1.5 Signature Verification
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
ad98438baa
fixes for
...
F-5335: ECDH overflow paths do not report the required output length
F-5336: RSA PKCS#1 overflow paths do not report the required output length
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
67c1d65ef7
fixes for
...
F-2554 Missing wc_ecc_free Before free in km_ecdh_init When wc_ecc_set_rng Fails
F-2555 Missing wc_FreeDhKey Before free in km_ffdhe_init When wc_DhSetNamedKey Fails
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
05fc258ca2
fix F-1423: AES-XTS Encrypt/Decrypt Missing skcipher_walk Cleanup on 6 Early-Return Error Paths
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
19a9670aaa
fix F-1234: IS_ERR Used on NULL-Returning Kernel Crypto Request Allocation Functions.
2026-06-10 17:28:05 -05:00
Sean Parkinson
63fd322382
Merge pull request #10641 from rlm2002/zd21890
...
Fixes for SM2/3 and FindMultiAttrib
2026-06-11 08:01:20 +10:00
David Garske
d56fa7972d
Merge pull request #10639 from julek-wolfssl/fix-current-cipher-kx-nid
...
Fix cipher property NIDs for SSL_get_current_cipher and add PSK kx mapping
2026-06-10 14:50:02 -07:00
Kareem
1b78eff3cd
Revert moving SIZEOF_LONG and SIZEOF_LONG_LONG to fix a build issue with Windows FIPS ready. Instead add detection for SIZEOF_LONG == 8 in types.h.
2026-06-10 11:19:10 -07:00
Kareem
d3d5824bcb
Fix HAVE_LIMITS_H definition in CMake. Also move SIZEOF_LONG and SIZEOF_LONG_LONG definitions to options.h.
2026-06-10 11:19:10 -07:00
Kareem
d263987bfd
Move HAVE_LIMITS_H outside of WOLFSSL_OPTIONS_IGNORE_SYS.
2026-06-10 11:19:10 -07:00
Kareem
a11ab0e46b
Define HAVE_LIMITS_H in options.h rather than config.h since types.h depends on this definition and config.h isn't consistently available at runtime.
...
Fixes #9936 .
2026-06-10 11:19:10 -07:00
David Garske
fdfb0a9fe7
Merge pull request #10627 from julek-wolfssl/fenrir-fixes-20260601-dtls13-recv-epoch
...
F-5606: don't enforce DTLS 1.3 2^48-1 epoch cap on the receive side
2026-06-10 10:06:26 -07:00
David Garske
10e2afa20a
Merge pull request #10595 from miyazakh/f5381_RSASSA-PSS_trailerField
...
f5381 enforce trailerField==1 in DecodeRsaPssParams
2026-06-10 10:05:22 -07:00
Daniel Pouzzner
37511b484e
tests/api/test_ssl_cert.c, tests/api/test_ssl_ext.c, tests/api/test_ssl_pk.c: add missing gates on !NO_TLS.
2026-06-10 12:05:00 -05:00
Daniel Pouzzner
4ce3baa307
wolfssl/ssl.h: add !NO_TLS gate around prototypes for wolf*_{client,server}_method*() to induce compile-time failures for TLS/SSL usage in NO_TLS configurations.
2026-06-10 12:05:00 -05:00
Daniel Pouzzner
03825c17f8
src/ssl_api_ext.c and src/ssl_api_pk.c: restore early BAD_FUNC_ARG returns that were refactored away in 359e688dc3, fixing null pointer deref regression in wolfSSL_UseALPN() (possibly others too).
2026-06-10 12:05:00 -05:00
David Garske
73f78dd3cb
Merge pull request #10646 from ColtonWilley/openwrt-ci-tls-reset
...
Docker/OpenWrt: accept exit 4 or 5 in negative TLS tests
2026-06-10 09:56:41 -07:00
Daniel Pouzzner
332c249c7a
Merge pull request #10572 from Frauschi/lms_xmss_cert_gen
...
Support RFC 9802 LMS and XMSS in X.509 certificate and CSR generation
2026-06-10 11:14:43 -05:00
David Garske
953467875f
Merge pull request #10560 from philljj/fix_dh_agree
...
dh: fix subgroup check in wc_DhAgree.
2026-06-10 09:13:31 -07:00
David Garske
760392f403
Merge pull request #10636 from embhorn/zd21942
...
Harden PKCS#7 FlattenEncodedAttribs
2026-06-10 08:57:39 -07:00
David Garske
791224b3c5
Merge pull request #10632 from Frauschi/fenrir
...
Fenrir fixes
2026-06-10 08:14:30 -07:00
Tobias Frauenschläger
11270fc465
Check for EC_PF_UNCOMPRESSED in TLS 1.2 ClientHello
...
Fixes F-4892
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
e407dba23b
Improve supported_groups handling
...
Fixes F-4891
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
e1413a177f
Add missing ForceZero() calls
...
Fixes F-5437 and F-5438
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
c01152d35a
Minor fix in liboqs GetRandomData
...
Fixes F-4443
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
9c60d87abc
Fix minor CAVIUM issues
...
Fixes F-4441 and F-4442
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
c611a22b2f
Ensure a key is set for DES3 operations
...
Fixes F-5379
2026-06-10 11:36:59 +02:00
Tobias Frauenschläger
c76c83258c
Ensure a key is set for ARC4 operations
...
Fixes F-5378
2026-06-10 11:36:29 +02:00
Tobias Frauenschläger
09b288000c
Size cert signature buffers from the key and check sig type vs key
...
MAX_ENCODED_SIG_SZ grows to ~50KB once SLH-DSA is enabled, yet it was
used to size PKCS#1/signature scratch and output buffers across the
library, wasting stack and heap even for classic RSA/ECC operations.
- Add MAX_ENCODED_CLASSIC_SIG_SZ for RSA/DSA/ECC DigestInfo buffers that
can never hold a PQC signature.
- Size the certificate/CSR signing output buffer from the signing key at
runtime instead of the worst-case macro.
- Add overridable WOLFSSL_MAX_SIG_SZ for the WOLFSSL_NO_MALLOC buffer.
- Reject a signature type that does not match the signing key.
2026-06-10 10:51:41 +02:00
Tobias Frauenschläger
e05a453944
Support RFC 9802 LMS and XMSS in X.509 certificate and CSR generation
...
Extend wc_MakeCert_ex/wc_SignCert_ex/wc_MakeCertReq_ex to issue HSS/LMS and
XMSS/XMSS^MT certificates and PKCS#10 requests, building on the existing
RFC 9802 verification support. New LMS_TYPE/XMSS_TYPE/XMSSMT_TYPE selectors,
wc_{Lms,Xmss}Key_PublicKeyToDer SPKI encoders, runtime signature-buffer
sizing, and sigType/key consistency checks. Generation is ASN.1-template
only, matching where the verification path lives.
Tests generate self-signed roots, CSRs and a CA->ECC-leaf chain in-process
and verify them, replacing the patched Bouncy Castle fixtures (only the stock
RFC 9802-aligned LMS interop anchor is kept).
2026-06-10 10:51:33 +02:00
jordan
0640b2ef99
dh tests: fix define gate.
2026-06-10 01:39:18 -05:00
jordan
c78fb5f41b
dh: fix subgroup check in wc_DhAgree.
2026-06-10 01:28:12 -05:00
Daniel Pouzzner
fdbfb66c4b
Merge pull request #10569 from SparkiDev/ssl_c_split_1
...
ssl.c: Move functions out to own files and add testing
2026-06-09 22:52:34 -05:00
Juliusz Sosinowicz
a5e58b1eb5
Fix CI: expect config-dependent cipher name in test_SSL_CIPHER_get_current_kx
...
SSL_CIPHER_get_name returns the internal cipher name (PSK-AES128-GCM-SHA256)
instead of the IANA name when WOLFSSL_CIPHER_INTERNALNAME, NO_ERROR_STRINGS or
WOLFSSL_QT is defined. user_settings_all.h with the compatibility layer enables
WOLFSSL_QT, so the test failed in the 'make user_setting.h (with sed)' job.
Match the expected name to the build configuration, mirroring the existing
pattern used elsewhere in tests/api.c.
2026-06-10 02:11:01 +00:00