Daniel Pouzzner
b5a835abed
Merge pull request #10054 from kojo1/Csharp
...
fix for Csharp user_settings.h
2026-03-30 18:32:19 -05:00
Daniel Pouzzner
0a61997059
Merge pull request #10045 from embhorn/zd21385
...
Fix IAR warning about volatile access
2026-03-30 13:42:14 -05:00
Daniel Pouzzner
5b2e8b1376
Merge pull request #10065 from dgarske/async_nb_leak
...
Fix possible leak for ecc non-blocking crypto
2026-03-30 11:40:02 -05:00
Daniel Pouzzner
edb4b2828f
Merge pull request #10091 from rlm2002/gi10063Xchacha
...
GI issue fix use `size_t` instead of `long int`
2026-03-30 11:38:32 -05:00
Daniel Pouzzner
18111b1252
Merge pull request #10092 from anhu/hkex-ticket
...
Fix PQC hybrid KeyShare pointer sanity.
2026-03-30 11:36:11 -05:00
Daniel Pouzzner
df055976ed
Merge pull request #10079 from rlm2002/ghi10063
...
Various GI and ZD fixes
2026-03-30 11:34:05 -05:00
Daniel Pouzzner
9c0a9a6ceb
Merge pull request #10084 from holtrop-wolfssl/zd21439
...
Add buffer size and callback checks to wc_LmsKey_Sign
2026-03-30 11:32:38 -05:00
JacobBarthelmeh
348d75b749
Merge pull request #10098 from douzzer/20260328-test_wolfSSL_dtls_fragments-race-mitigation
...
20260328-test_wolfSSL_dtls_fragments-race-mitigation
2026-03-30 10:29:31 -06:00
Daniel Pouzzner
20d9ea0022
tests/api.c: in test_wolfSSL_dtls_fragments(), accommodate races between threads.
2026-03-28 16:25:41 -05:00
lealem47
b7e7e7555f
Merge pull request #10095 from douzzer/20260327-sanitizer-and-fixes-and-tls12_kdf_test-gating
...
20260327-sanitizer-and-tls12_kdf_test-gating-fixes
2026-03-27 17:52:37 -06:00
Daniel Pouzzner
76a498f7ea
wolfcrypt/src/asn.c: fix invalid-pointer-pair "wild pointer" in CheckCertSignature_ex().
2026-03-27 17:07:53 -05:00
Daniel Pouzzner
8b84b1fd1b
wolfssl/wolfcrypt/coding.h and wolfssl/wolfcrypt/settings.h: fix feature activation for WOLFSSL_BASE16 (move from coding.h to settings.h).
2026-03-27 16:42:25 -05:00
Daniel Pouzzner
e3d4d220c3
src/conf.c, src/ssl.c, wolfcrypt/src/asn.c, wolfssl/wolfcrypt/asn.h: fixes for invalid-pointer-pair memory errors reported by clang sanitizer with detect_invalid_pointer_pairs=2 in ASAN_OPTIONS.
2026-03-27 16:40:05 -05:00
Anthony Hu
46f6320380
Fix PQC hybrid KeyShare pointer sanity.
...
Also add tests for it and SetTicket
2026-03-27 14:33:41 -04:00
Ruby Martin
88fdc3d92a
remove casts that would cause truncation if long int is 32-bit but size_t is 64-bit
2026-03-27 12:09:53 -06:00
Josh Holtrop
048a03e8bf
Add buffer size and callback checks to wc_LmsKey_Sign
...
Fixes ZD#21439
2026-03-27 08:49:43 -04:00
Paul Adelsbach
5b1d2d795c
Merge pull request #10086 from douzzer/20260326-various-fixes
...
20260326-various-fixes
2026-03-26 20:28:46 -07:00
Ruby Martin
8b2fd34e95
free authInPadded if alloc'd on early return
2026-03-26 16:11:19 -06:00
Ruby Martin
a827a82ed3
return null if len<=0
2026-03-26 16:11:19 -06:00
Daniel Pouzzner
53f3ce635e
wolfcrypt/src/asn.c: fix flub in wc_EccPublicKeyDecode() -- restore FREE_ASNGETDATA(dataASN, key->heap).
2026-03-26 16:54:19 -05:00
Daniel Pouzzner
f0b711045c
wolfssl/wolfcrypt/types.h: restore WC_ALLOC_DO_ON_FAILURE fallback definition from 760178c7dc -- reversion in part of 5f4d499df0. fixes optest build failures in all-crypto-only-intelasm-fips-v5-linuxkm-next-insmod-optest, all-crypto-only-intelasm-fips-v6-linuxkm-next-insmod-optest, and all-crypto-only-intelasm-fips-dev-linuxkm-next-insmod-optest.
2026-03-26 16:28:18 -05:00
Daniel Pouzzner
292ea549cc
wolfcrypt/src/asn.c: fixes for invalid memory access in wc_DsaPublicKeyDecode() and wc_EccPublicKeyDecode(), detected by cppcheck-force-source, lms-xmss-wolfssl-all-clang-sanitizer, and sanitizer-clang-all-noasm.
2026-03-26 16:07:37 -05:00
Daniel Pouzzner
52d5d0a940
linuxkm/, wolfcrypt/src/dh.c, wolfcrypt/test/test.c, wolfcrypt/test/test.h, wolfssl/wolfcrypt/wc_port.h:
...
fixes and workarounds for clang-tidy complaints:
* clang-diagnostic-unknown-warning-option
* bugprone-sizeof-expression
* clang-diagnostic-error "address argument to atomic operation must be a pointer to a trivially-copyable type"
* bugprone-macro-parentheses
* clang-diagnostic-unused-but-set-variable
* readability-redundant-declaration
2026-03-26 15:41:47 -05:00
Ruby Martin
ce7b81b6ee
break when idx greater than MAX_CHAIN_DEPTH
2026-03-26 11:28:36 -06:00
Ruby Martin
a963c5fc47
add check to prevent integer underflow
2026-03-26 11:28:36 -06:00
Ruby Martin
a696d11519
if len is 0, do not subtract 1 when calling XMALLOC
2026-03-26 11:28:36 -06:00
Ruby Martin
1766b91dc2
check idx before accessing certificate list
2026-03-26 11:28:36 -06:00
Ruby Martin
3bc72b5d27
bounds check when parsing dual-algo cert sigs
2026-03-26 11:28:36 -06:00
Ruby Martin
14695fb9cd
zeroize ssl->encrypt after transferring ownership to dup
2026-03-26 11:28:36 -06:00
Ruby Martin
75e6406cd3
upper bounds check for DSA signature
2026-03-26 11:28:36 -06:00
Ruby Martin
d4b25d0ebc
guard against heap buffer overflow
2026-03-26 11:28:36 -06:00
Ruby Martin
50448ef7c6
add guard for integer underflow in DecryptTls13
2026-03-25 10:22:10 -06:00
Daniel Pouzzner
7efc962d04
Merge pull request #10031 from holtrop-wolfssl/rust-cross-compile-support
...
Rust wrapper: update build.rs to support cross-compiling and bare-metal targets
2026-03-25 09:46:40 -05:00
Josh Holtrop
34afd28541
Rust wrapper: build.rs improvements from code review
2026-03-25 09:00:28 -04:00
Eric Blankenhorn
1a1bdb2cfe
Address review feedback
2026-03-25 07:48:16 -05:00
Josh Holtrop
a511e45d30
Rust wrapper: build.rs improvements per code review
2026-03-25 08:15:42 -04:00
David Garske
6cc94b07a4
Fix possible leak for ecc non-blocking crypto
2026-03-24 14:44:28 -07:00
David Garske
cf6c1722ae
Merge pull request #10027 from embhorn/zd21394
...
Remove FIPS guards in GetASN_BitString length check
2026-03-24 14:06:40 -07:00
David Garske
636f0e50a1
Merge pull request #10059 from douzzer/20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
...
20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
2026-03-24 13:13:42 -07:00
Daniel Pouzzner
ec61e07d18
wolfcrypt/src/pwdbased.c: in wc_PKCS12_PBKDF_ex(), refactor the "Increment B by 1" loop to avoid bugprone-inc-dec-in-conditions.
2026-03-24 12:07:04 -05:00
David Garske
c64fd4f132
Merge pull request #9905 from julek-wolfssl/WC_ALLOC_DO_ON_FAILURE-cleanup
...
Don't declare WC_ALLOC_DO_ON_FAILURE by default
2026-03-24 09:35:03 -07:00
David Garske
73bea906be
Merge pull request #10034 from sebastian-carpenter/GH-10016
...
verify ciphersuite in CH2 matches HRR
2026-03-24 09:31:45 -07:00
David Garske
328822b447
Merge pull request #10047 from Frauschi/mldsa_no_ctx
...
Guard old non-ctx ML-DSA API by default
2026-03-24 09:26:24 -07:00
David Garske
bddeac1d72
Merge pull request #9952 from julek-wolfssl/zd/21324
...
wolfSSL_X509_verify_cert: add host check from `ctx->param`
2026-03-24 09:26:12 -07:00
David Garske
0b119e225f
Merge pull request #10056 from philljj/fix_bsdkm_benchmark
...
bsdkm benchmark: fix build.
2026-03-24 09:24:49 -07:00
David Garske
3cf4aeab5c
Merge pull request #10025 from embhorn/zd21392
...
Fix DecodeObjectId unknown ext parse
2026-03-24 09:17:10 -07:00
David Garske
03beeae44e
Merge pull request #10033 from embhorn/gh10028
...
Fix FillSigner to clear pubkeystored
2026-03-24 09:15:05 -07:00
Daniel Pouzzner
d36ddf4063
Merge pull request #9920 from dgarske/asn_old
...
Split original ASN.1 code from asn.c into asn_orig.c
2026-03-24 10:52:15 -05:00
David Garske
ab8cd6fc46
Merge pull request #9937 from douzzer/20260306-wc_Hash-refactor
...
20260306-wc_Hash-refactor
2026-03-24 08:48:08 -07:00
David Garske
051b83b517
Merge pull request #9999 from sebastian-carpenter/hpke-fix
...
Fix: Improved support for combinations of HPKE algos
2026-03-24 08:47:01 -07:00