Commit Graph

30681 Commits

Author SHA1 Message Date
Daniele Lacamera ba2e52ae02 tests: zero-init ccmTag to satisfy clang-tidy
clang-tidy (all-c89, async-quic, intelasm) flagged `ccmTag[0] ^= 0x01` as a use
of an uninitialized value: the analyzer does not model wc_AesCcmEncrypt writing
the tag buffer. Zero-initialize ccmTag; the subsequent encrypt still overwrites
it before the tamper, so behavior is unchanged.
2026-07-09 10:02:22 +02:00
Daniele Lacamera 9d0c6cb89c tests: guard AesModes/AesGcm ArgMcdc tests for the older FIPS API
Same FIPS-header mismatch as the earlier AesSetKey/Cmac guard: the FIPS v2/v5
modules lack AES_IV_FIXED_SZ and GCM_NONCE_MIN/MID/MAX_SZ and declare
wc_AesEncryptDirect as void, so test_wc_AesModesArgMcdc and test_wc_AesGcmArgMcdc
fail to compile there (fatal under -Werror). Gate both on the modern API with
the same idiom used by the other AES-DIRECT tests.
2026-07-09 10:02:22 +02:00
Daniele Lacamera a0dbe59597 tests: guard AesSetKey/Cmac ArgMcdc tests for the older FIPS API
The apple-m1 "known config A" (FIPS) build broke: the FIPS module's frozen
headers declare wc_AesEncryptDirect/wc_AesDecryptDirect as void (not int) and
omit wc_CmacFree, so the new tests' ExpectIntEQ(wc_AesEncryptDirect(...)) and
wc_CmacFree() usages don't compile.

Gate test_wc_AesSetKeyArgMcdc and test_wc_AesCmacArgMcdc on the modern API with
the same idiom test_wc_AesEncryptDecryptDirect_WithKey already uses:
  (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION > 6))
  && !defined(HAVE_SELFTEST)
The campaign runs non-FIPS, so no coverage is lost where it is measured.

Verified: --enable-all still builds and both tests run.
2026-07-09 10:02:22 +02:00
Daniele Lacamera a9299732d9 tests: fix AesKeyExport lifecycle-tag leak and server-only session-cache test
The last two red PR jobs, both in the branch's new tests:

- intelasm (ASAN): test_wc_AesKeyExportArgMcdc calls wc_AesInit_Id() and
  wc_AesInit_Label() which succeed (allocating the WC_DEBUG_CIPHER_LIFECYCLE
  tag) but were never freed -> 8-byte LeakSanitizer leak. Add wc_AesFree()
  to both blocks.
- no-client-no-client-auth (minimal server-only build):
  test_wolfSSL_session_cache_api_direct's wolfSSL_new() returned NULL because
  a certless server CTX has no usable cipher suite. Load the test server
  cert/key (file, with a USE_CERT_BUFFERS_2048 fallback) before wolfSSL_new()
  in the server-only path; the client path is cert-free as before.

Verified: --enable-all + ASAN run of the aes group is leak-free, and
CPPFLAGS="-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH" now passes.
2026-07-09 10:02:22 +02:00
Daniele Lacamera ba3fd1203b tests: skip AES rounds-corruption checks under WOLFSSL_ARMASM
The aes.rounds-validity check that returns KEYUSAGE_E lives only in the
pure-C block encrypt (AesEncryptBlocks_C). On ARMv8 with crypto extensions,
--enable-all auto-enables WOLFSSL_ARMASM, whose asm wc_AesEncrypt bypasses
that check, so corrupting aes.rounds no longer fails the op (returns 0).
This broke the SetKey/CTR/CFB/OFB/CCM/CMAC rounds-corruption assertions on
the arm64 CI runners.

Extend WC_TEST_AES_ROUNDS_OFFLOADED to also cover WOLFSSL_ARMASM (joining
WOLF_CRYPTO_CB_FIND / WOLF_CRYPTO_CB_ONLY_AES). MC/DC of that decision is
still obtained from the pure-C configs in the variant union. x86 (incl.
AES-NI, which does validate rounds) is unaffected.
2026-07-09 10:02:22 +02:00
Daniele Lacamera bd8730543c tests: fix X509V3_EXT leak, C++ build, and no-client link
Three more failures in the branch's added tests, found via the ASAN, C++
and no-client CI configs:

- test_wolfSSL_X509V3_EXT leaked 2296 bytes: the added
  X509_get_ext_d2i(x509, NID, &critical, NULL) calls (used to exercise the
  critical-flag output) discarded their allocated result. Free each per its
  actual return type: BASIC_CONSTRAINTS, ASN1_STRING (key usage),
  AUTHORITY_KEYID, AUTHORITY_INFO_ACCESS, and - for subject_key_identifier -
  a STACK_OF(ASN1_OBJECT) (wolfSSL_X509_get_ext_d2i wraps a lone obj in a
  stack). This was the real cause of the sanitize-asan / intelasm / krb-asan
  job failures (the read_write_ex/ECH/dtls13 asserts printed there are
  retry-masked and fail identically on master).
- C++ build (all-pq-cxx): void* from X509_get_ext_d2i does not implicitly
  convert; add explicit WOLFSSL_X509_EXTENSION* casts.
- no-client link (all-no-client): wolfSSL[_CTX]_UseOCSPStapling[V2] (CSR/CSR2)
  are client-side APIs; guard those blocks with !NO_WOLFSSL_CLIENT.

Verified: full --enable-all + ASAN run is leak-free and passes; --enable-all
-DNO_WOLFSSL_CLIENT builds and links.
2026-07-09 10:02:22 +02:00
Daniele Lacamera 9165eb0e4d tests: guard AES tests for cryptocb-only and no-AES-192/256 configs
Three more config-matrix failures in the AES coverage tests:

- Rounds-corruption checks (aes.rounds/cmac.aes.rounds = 0/17 -> expect
  KEYUSAGE_E) also break under WOLF_CRYPTO_CB_ONLY_AES, which strips the
  software AES so the op is serviced by the callback and ignores the
  corrupted struct (same net effect as WOLF_CRYPTO_CB_FIND). Introduce
  WC_TEST_AES_ROUNDS_OFFLOADED = (WOLF_CRYPTO_CB_FIND || _ONLY_AES), replace
  the previous WOLF_CRYPTO_CB_FIND-only guards with it, and extend it to the
  wc_AesEncryptDirect/wc_AesDecryptDirect checks in AesSetKeyArgMcdc (which
  the ONLY_AES path also offloads).
- test_wc_AesFeatureCoverage's GCM-streaming block uses a hardcoded 256-bit
  key; guard it with WOLFSSL_AES_256 (failed under -DNO_AES_256).
- Its AES-KeyWrap block uses a 192-bit key; guard with WOLFSSL_AES_192
  (failed under -DNO_AES_192).

Verified: --enable-swdev --enable-cryptocb ... -DWOLF_CRYPTO_CB_ONLY_AES and
--enable-all -DNO_AES_192 -DNO_AES_256 now both build and pass; a normal
--enable-all build still runs the rounds checks.
2026-07-09 10:02:22 +02:00
Daniele Lacamera 4880b27d55 tests: skip AES rounds-corruption checks under WOLF_CRYPTO_CB_FIND
Several AES ArgMcdc tests corrupt aes.rounds (or cmac.aes.rounds) and
expect the subsequent op to fail with KEYUSAGE_E from the in-process
software AES path. Under WOLF_CRYPTO_CB_FIND (e.g. --enable-swdev), the
"devId != INVALID_DEVID" guard is removed, so CTR/CCM/CMAC ops are
offloaded to the registered crypto callback even for INVALID_DEVID; the
callback re-derives the key and ignores the corrupted struct, returning 0
instead of KEYUSAGE_E and failing the assertion.

Guard those internal-failure checks with #ifndef WOLF_CRYPTO_CB_FIND
(wc_AesCtrEncrypt, wc_AesCfb/OfbEncrypt/Decrypt, wc_AesCcmEncrypt/Decrypt,
wc_CmacUpdate); the raw-block wc_AesEncryptDirect path in SetKey does not
route through cryptocb, so it stays. (void)-cast the locals only used by
the guarded checks to keep -Werror clean. MC/DC is unioned across configs,
so no union coverage is lost.

Verified: --enable-swdev ... (WOLF_CRYPTO_CB_FIND) now passes, and a
non-CB_FIND build with all these modes still runs and passes the checks.
2026-07-09 10:02:22 +02:00
Daniele Lacamera 09e4888e43 tests: replace non-ASCII chars in MC/DC test comments/docs
The check-source-text CI job flags non-ASCII (8-bit) bytes in source. The
new MC/DC tests and README used UTF-8 punctuation in comments/prose
(em-dash, ellipsis, left-right arrow). Replace with ASCII equivalents
(-, ..., <->). Verified: ./.github/scripts/check-source-text.sh on the
changed files reports clean.
2026-07-09 10:02:22 +02:00
Daniele Lacamera 8324b67fae tests: fix -Werror/config-gating failures in MC/DC coverage tests
The new MC/DC coverage tests broke many CI configs under -Werror (which is
auto-enabled for in-git-tree builds). Fixes, each verified with a real
-Werror build of the relevant config:

- test_aes.c: wrap the whole test_wc_AesSivArgMcdc definition in
  WOLFSSL_AES_SIV && WOLFSSL_AES_128 (was body-only guarded while its
  prototype is guarded) -> fixes -Wmissing-prototypes when SIV is off.
- test_aes.c: mark key/in/out (void) in test_wc_AesModesArgMcdc; they are
  used only by the per-mode (CTR/CFB/OFB) blocks -> fixes -Wunused-variable
  when no such mode is enabled.
- api.c: guard the test_CryptoCb_* callback helpers with
  WOLF_CRYPTO_CB && WOLFSSL_TEST_STATIC_BUILD to match their only caller
  -> fixes -Wunused-function in cryptocb non-static builds.
- api.c: register test_wc_CryptoCb_registry under its actual definition
  condition (WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES && !ONLY_*) and
  keep test_wc_CryptoCb registered unconditionally (as on master)
  -> fixes undeclared / defined-but-unused across cryptocb configs.
- api.c: declare session-cache 'mode' under OPENSSL_EXTRA (its only uses)
  -> fixes -Wunused-variable without opensslextra.
- api.c: guard the Enable/DisableOCSPStapling calls in
  test_wolfSSL_crl_ocsp_object_api with HAVE_CERTIFICATE_STATUS_REQUEST[_V2]
  -> fixes undefined references with OCSP but no stapling.

Verified clean under: --enable-ocsp --enable-ocspstapling, --enable-ocsp
(no stapling), and --enable-all; unit.test runs pass.
2026-07-09 10:02:22 +02:00
Daniele Lacamera a3b3ee829b tests: fix config-dependent AES-CTR rounds-check coverage assertion
test_wc_AesModesArgMcdc asserted that wc_AesCtrEncrypt() with corrupted
aes.rounds returns KEYUSAGE_E, but used sz = 32 (an exact block multiple).
When in != out, the full blocks are consumed by a batch path that does not
surface the per-block rounds error - the AES-NI batch, or the HAVE_AES_ECB
fast path which ignores wc_AesEcbEncrypt()'s return - leaving no trailing
partial block, so the function returns 0 and the assertion fails. This was
latent (the whole test binary failed to link before the visibility fix) and
reproduces in --disable-aesni --enable-aesecb builds.

Use a non-block-multiple size (WC_AES_BLOCK_SIZE + 4) so the
"(ret == 0) && sz" leftover-handling call runs and fails on the corrupted
rounds via wc_AesEncrypt() in every backend. Reported by Copilot review on
PR #10845.

Verified: test_wc_AesModesArgMcdc now passes under --disable-aesni
--enable-aesecb (previously failed) and under --enable-aesni --enable-aesecb.
2026-07-09 10:02:22 +02:00
Daniele Lacamera e8cad24798 tests: guard internal-symbol MC/DC tests with WOLFSSL_TEST_STATIC_BUILD
Several MC/DC coverage tests called WOLFSSL_LOCAL (hidden-visibility)
library functions directly from the in-tree unit.test:
  - wc_AesCcmCheckTagSize()                         (test_aes.c)
  - wc_CryptoCb_Init/Cleanup/GetDevIdAtIndex()      (api.c)

These only link when the library is built with test-static visibility, so
normal (shared) builds failed at link with "undefined reference", breaking
essentially every CI build job. Gate the affected assertions on
WOLFSSL_TEST_STATIC_BUILD (in addition to the existing feature guards) so
they compile out where the symbols are hidden, matching the existing
wolfSSL convention for internal-symbol tests.

Verified: ./configure --enable-all (no WOLFSSL_TEST_STATIC_BUILD) now
builds tests/unit.test cleanly and the full suite passes.
2026-07-09 10:02:21 +02:00
Daniele Lacamera e7cd2b773e tests: AES MC/DC white-box supplement + api decision/feature coverage
Add tests/unit-mcdc/, a standalone white-box program that compiles
wolfcrypt/src/aes.c directly to reach static/WOLFSSL_LOCAL helpers
(GHASH/GHASH_UPDATE ptr guards, _AesNew_common cross-arg checks) that
are structurally unreachable through the public API, closing 19 of the
AES MC/DC residuals. Extend tests/api/test_aes.{c,h} with the
decision/feature coverage cases these build on.

These are for the external ISO 26262 per-module MC/DC campaign; they do
not change library behaviour and are not part of the wolfSSL build.
2026-07-09 10:02:21 +02:00
Daniele Lacamera 8b5abe54c1 tests: add MC/DC decision/feature coverage tests
Add MC/DC-targeted unit tests exercising decision and feature coverage
across AES (key wrap, GCM, feature), ASN.1, RSA, signature (falcon),
and CryptoCb registry surfaces.
2026-07-09 10:02:21 +02:00
David Garske a03cd09dc0 Merge pull request #10868 from SparkiDev/tsp_staticmem_fix
Time-Stamping Protocol testing: fix CI loop static-memory
2026-07-08 20:26:39 -07:00
Sean Parkinson b3a9c18839 Time-Stamping Protocol testing: fix CI loop static-memory
Static-memory CI loop failed as tests were using too much memory.
Tests changed.
Name of loop change to tsp-staticmemory to make more sense.
2026-07-09 09:59:01 +10:00
David Garske a4aab71ffe Merge pull request #10861 from padelsbach/asn-integer-overflow-copy
Fix possible memcpy length overflow in wolfSSL_d2i_ASN1_INTEGER
2026-07-08 15:20:05 -07:00
Daniel Pouzzner a5dbbf80f5 Merge pull request #10864 from danielinux/riscv-port-null-checks
Riscv port bug fixes
2026-07-08 17:06:56 -05:00
David Garske 95f337ada4 Merge pull request #10831 from padelsbach/ci-json-dry
CI: unify repeated flags using existing python script
2026-07-08 14:00:05 -07:00
David Garske fdfba83c38 Merge pull request #10788 from aidangarske/fenrir-tls-batch-2026-06
Various hardening fixes across sniffer, QUIC, PKCS#11, TLS and tooling
2026-07-08 13:58:14 -07:00
David Garske 1e6f266e47 Merge pull request #10760 from Frauschi/pkcs7-server-encode
PKCS#7 improvements
2026-07-08 13:55:52 -07:00
HAJA MOHIDEEN M c2b9cc55fb Merge pull request #10408 from hmohide/master
Add UDP support to NetX sockets for DTLS sessions
2026-07-08 12:24:31 -07:00
David Garske b4d51dbbda Merge pull request #10607 from julek-wolfssl/evp-pkey-encoded-public-key
Add EVP_PKEY encoded public key get/set compatibility functions
2026-07-08 12:20:33 -07:00
David Garske 4d3d2318f6 Merge pull request #10628 from yosuke-wolfssl/fix/f_4226
Reject CR/LF in OCSP/CRL URLs to block HTTP injection
2026-07-08 11:54:00 -07:00
David Garske 922e126423 Merge pull request #10693 from padelsbach/crl-use-after-free
Fix use-after-free possibility in GetCRLInfo
2026-07-08 11:37:41 -07:00
David Garske 9395547299 Merge pull request #10716 from padelsbach/crl-reentrancy-uaf
Address possible UAF in BufferLoadCRL
2026-07-08 11:35:29 -07:00
David Garske b29e3a1a11 Merge pull request #10863 from holtrop-wolfssl/zd22109
Fix use-after-free in some TLS shutdown/ReceiveData sequences
2026-07-08 10:54:52 -07:00
David Garske 76491e6b60 Merge pull request #10661 from yosuke-wolfssl/fix/f_5808
Enable SCSV check unconditionally
2026-07-08 10:52:59 -07:00
David Garske 6b1bf6b81b Merge pull request #10551 from julek-wolfssl/dtls-perf-benchmark
Add DTLS throughput benchmark tool and optimize send path
2026-07-08 10:31:11 -07:00
David Garske 16a2681ca4 Merge pull request #10604 from AlexLanzano/cryptocb-getdevice
Expose wc_CryptoCb_GetDevice and add CryptoCb API test coverage
2026-07-08 10:30:59 -07:00
David Garske a6ee818b27 Merge pull request #10781 from julek-wolfssl/parallel-make-check-status-emoji
.github/scripts/parallel-make-check.py: emit literal status emoji, not :shortcodes:
2026-07-08 10:25:29 -07:00
David Garske 67ca317097 Merge pull request #10737 from kareem-wolfssl/zd21998
X509 validation fixes
2026-07-08 09:48:26 -07:00
JacobBarthelmeh 7c085837ae Merge pull request #10772 from dgarske/qat_review
Intel QuickAssist: multi-device utilization + software-fallback / Cavium fixes
2026-07-08 10:39:24 -06:00
Daniele Lacamera fc1bb6395d riscv: return KEYUSAGE_E for AES use without a key schedule
The generic wc_AesEncrypt/wc_AesDecrypt (aes.c) reject an AES object
whose key schedule was never set (rounds outside 1..7 after halving)
with KEYUSAGE_E, and every mode inherits that through their int return.
The RISC-V port's block helpers are void, so nothing reported unkeyed
use: wc_AesEncryptDirect and wc_AesCcmEncrypt/Decrypt silently
processed with a garbage schedule, and wc_AesCtrEncrypt classified it
as BAD_FUNC_ARG instead of KEYUSAGE_E.

Align the port with the generic error contract:
* wc_AesEncryptDirect / wc_AesDecryptDirect: add the generic rounds
  check (also fixes wc_CmacUpdate error reporting, which goes through
  wc_AesEncryptDirect on this port)
* wc_AesCcmEncrypt / wc_AesCcmDecrypt: same check after the argument
  sanity block
* wc_AesCtrEncrypt (both variants): the existing rounds switch now
  returns KEYUSAGE_E instead of BAD_FUNC_ARG

Found by the ISO 26262 MC/DC campaign argument-matrix tests
(test_wc_AesSetKeyArgMcdc, test_wc_AesModesArgMcdc, test_wc_AesCcmArgMcdc,
test_wc_CmacArgMcdc) under qemu-riscv64.
2026-07-08 18:29:52 +02:00
David Garske 59e942b07a Merge pull request #10844 from SparkiDev/windows_arm64_1
ARM64 Windows: Add assembly
2026-07-08 09:28:41 -07:00
David Garske 0d02f2fe2f Merge pull request #10816 from kojiws/fix_mem_cast_on_mldsa
Fix unaligned memory access in ML-DSA
2026-07-08 09:28:28 -07:00
David Garske 60085b0e48 Merge pull request #10837 from rlm2002/zd-NameConstraints
DNS name constraint fix
2026-07-08 09:21:52 -07:00
Tobias Frauenschläger 673d8d00bb Merge pull request #10778 from SparkiDev/time_stamp_protocol
Time-Stamp Protocol (RFC 3161)
2026-07-08 17:43:38 +02:00
David Garske b19f00a736 Merge pull request #10807 from SparkiDev/aes_gcm_siv_asm
AES-GCM-SIV: Add implementation in C and assembly
2026-07-08 08:30:02 -07:00
David Garske a8d223b308 Merge pull request #10834 from SparkiDev/cmake_update_1
cmake: add more build options in line with automake
2026-07-08 08:29:11 -07:00
David Garske 7f441a687a Merge pull request #10748 from night1rider/AES-Callbacks
AES callbacks for CFB and OFB
2026-07-08 08:25:23 -07:00
Daniele Lacamera 7b72cf6acf riscv: add missing argument checks in AES port
Align the RISC-V AES port's argument validation with the generic aes.c
implementations (and with the port's own vector/scalar-crypto siblings):

* wc_AesSetKey (base assembly variant, i.e. neither
  WOLFSSL_RISCV_VECTOR_CRYPTO_ASM nor WOLFSSL_RISCV_SCALAR_CRYPTO_ASM):
  reject key == NULL. The vector and scalar-crypto variants of the same
  function already check it; the base variant passed NULL through to the
  key expansion and wc_AesGcmSetKey then dereferenced the uninitialized
  schedule, crashing on e.g. wc_AesGcmSetKey(aes, NULL, 16).

* wc_AesCcmEncrypt / wc_AesCcmDecrypt: reject authIn == NULL when
  authInSz > 0, as the generic implementation does. The port otherwise
  walks the NULL authIn buffer while computing the CBC-MAC.

Found by the ISO 26262 per-module MC/DC campaign's argument-matrix tests
(test_wc_AesGcmSetKey, test_wc_AesCcmArgMcdc) running the RISC-V port
under qemu-riscv64: upstream CI only exercises this port with the KAT
suite, which never passes invalid arguments.
2026-07-08 16:37:08 +02:00
Josh Holtrop 07d41740de Fix use-after-free in some TLS shutdown/ReceiveData sequences 2026-07-08 08:14:39 -04:00
Tobias Frauenschläger 366000eec2 PKCS#7: support degenerate certs-only encode and harden signed-attribute handling
Server-side PKCS#7 encode improvements that let downstream EST/SCEP enrollment
code (wolfCert) drive the existing encoder through the public API rather than
hand-rolling DER. Everything is gated under the existing HAVE_PKCS7 — no new
build options and no new public functions; the convenience wrappers live
caller-side.

Allow degenerate (certs-only) SignedData encode
  Relax the hashOID != 0 requirement in PKCS7_EncodeSigned() when
  sidType == DEGENERATE_SID, so a caller can produce a certs-only bundle (no
  signer, attributes, or eContent — the form used by EST /cacerts and SCEP
  GetCACert) by selecting DEGENERATE_SID via wc_PKCS7_SetSignerIdentifierType()
  and calling wc_PKCS7_EncodeSignedData(). The output round-trips through
  wc_PKCS7_VerifySignedData().

Size the signed-attribute array to the actual count
  The SignerInfo attribute working array is now sized to the real attribute
  count instead of a fixed [7] array. An inline buffer (sized
  MAX_SIGNED_ATTRIBS_SZ, the historical footprint) covers the common
  allocation-free case; a heap buffer is used only when the count exceeds it.
  The default-attribute count comes from a single helper
  (wc_PKCS7_GetDefaultSignedAttribCount) so the sizing matches the emission
  logic exactly, and the canned-attribute write is bound-checked against the
  array capacity. This also fixes a latent overflow where the backing array was
  hardcoded [7] while the bound check used MAX_SIGNED_ATTRIBS_SZ. The macro is
  retained for source compatibility but no longer caps the count.

Document the decoded-attribute value shape
  Documented the stable shape of PKCS7DecodedAttrib.value (the contents of the
  SET OF AttributeValue, outer SET tag stripped) so callers can rely on it. No
  behavior change.

Fix multi-certificate decode in non-streaming builds
  Bound the additional-certificate loop in wc_PKCS7_VerifySignedData against the
  absolute end of the certificate set (idx + length) rather than the relative
  length. In NO_PKCS7_STREAM builds the old bound dropped trailing certificates
  (all but the first when a large eContent preceded the set), failing
  verification when the signer cert was among those dropped. Streaming builds
  were unaffected.

Tests
  Added coverage in pkcs7signed_test: degenerate certs-only encode via the
  public API, nine-attribute encode (beyond the inline capacity), decoded
  attribute value shape for PrintableString and OCTET STRING, and a
  multi-certificate decode regression with large content that triggers the
  bound bug under NO_PKCS7_STREAM. Added a signed-attribute selection
  round-trip covering a messageDigest-only subset and the no-attributes case
  via wc_PKCS7_SetDefaultSignedAttribs/wc_PKCS7_NoDefaultSignedAttribs, a
  WOLFSSL_NO_MALLOC over-capacity case that must return BUFFER_E instead of
  overrunning the inline buffer, and a malformed certificate-set length that
  exercises the certSetEnd clamp in the verifier. Config-sensitive cases are
  guarded.
2026-07-08 12:33:38 +02:00
Tobias Frauenschläger dcc2b23b1a Merge pull request #10852 from stenslae/fix-mldsa-privkeydecode-no-asn1
Fix ML-DSA level auto-detection in WOLFSSL_MLDSA_NO_ASN1 builds
2026-07-08 10:03:34 +02:00
Tobias Frauenschläger 3b07f7df34 Merge pull request #10855 from philljj/misc_fixes
wolfcrypt: fix several redefinition of typedef errors.
2026-07-08 09:56:45 +02:00
David Garske 3cc69f0fae Merge pull request #10839 from kojiws/fix_arm64_macro_name
ML-DSA: Fix misspelled `__arch64__` macro to `__aarch64__`
2026-07-07 21:55:46 -07:00
Paul Adelsbach f842e33145 Fix possible memcpy length overflow in wolfSSL_d2i_ASN1_INTEGER 2026-07-07 17:41:49 -07:00
David Garske e0a8f3f475 Merge pull request #10706 from JacobBarthelmeh/dev
defense in depth hardening for x509 extension create by OBJ and EVP decode update
2026-07-07 16:41:15 -07:00
Sean Parkinson ae023a5643 Time-Stamp Protocol (RFC 3161)
Implementation in wolfCrypt
OpenSSL compatibility layer in wolfSSL
Added tests, certificates, examples.
2026-07-08 09:33:47 +10:00