Peter Torelli
c4ef0e5cd2
Update .cyignore
...
Also need to ignore MLDSA and MLKEM Intel assembly source files.
2026-02-16 13:44:33 -08:00
Peter Torelli
654e102e4b
cyignore sslSniffer due to main conflicts
2026-02-13 15:48:59 -08:00
Daniel Pouzzner
c4131659cc
Merge pull request #9767 from SparkiDev/sp_thumb2_mont_sub_reg_fix
...
Thumb2 SP ASM: mont_sub fix
2026-02-13 11:35:36 -06:00
David Garske
16ba668ebe
Merge pull request #9632 from jackctj117/CSR-signing
...
Add wc_SignCert_cb API for external signing callbacks
2026-02-13 09:07:37 -08:00
Sean Parkinson
e48c867f6f
Thumb2 SP ASM: mont_sub fix
...
Always use all the parameters and always use the parameter name and not
the assumed register.
2026-02-13 11:49:21 +10:00
Daniel Pouzzner
1c77414798
Merge pull request #9766 from padelsbach/libssh2-docker-fix
...
Fix libssh2 workflow with Docker 29
2026-02-12 18:02:46 -06:00
Paul Adelsbach
f0222c36a5
Experimental: fix libssh2 workflow with Docker 29
2026-02-12 14:40:05 -08:00
David Garske
49ed1fa21f
Merge pull request #9684 from SparkiDev/ecc_import_pub_check_fix
...
ECC: import point, always do some checks
2026-02-11 21:53:03 -08:00
David Garske
1b0b4b1444
Merge pull request #9756 from SparkiDev/arm_asm_fixes_1
...
ARM assembly fixes
2026-02-11 21:51:51 -08:00
Sean Parkinson
29835c2281
Merge pull request #9755 from julek-wolfssl/fix-script-checks
...
Fix compilation checks in test scripts
2026-02-12 08:02:52 +10:00
Sean Parkinson
2f53add6a5
Merge pull request #9758 from LinuxJedi/lxj-fixes
...
Minor fixes to EVP and PKCS12 code
2026-02-12 08:01:28 +10:00
Sean Parkinson
1847c6e778
Merge pull request #9721 from dgarske/x25519_nb
...
Add X25519 non-blocking support and async example improvements
2026-02-12 07:56:58 +10:00
Sean Parkinson
cb169ca64c
Merge pull request #9763 from LinuxJedi/no-fips-selftest
...
Don't allow `--enable-selftest` with empty file
2026-02-12 07:53:06 +10:00
Andrew Hutchings
0a1c40b365
Don't allow --enable-selftest with empty file
...
It probably won't compile anyway.
2026-02-11 15:32:45 +00:00
Sean Parkinson
2ef096a21b
Merge pull request #9754 from julek-wolfssl/zd/21171
...
Add check for KS in SH
2026-02-11 09:11:05 +10:00
David Garske
bc12b7563f
Peer review improvements
2026-02-10 14:51:51 -08:00
Andrew Hutchings
33abaca065
Fix test for AESGC_STREAM
2026-02-10 18:06:47 +00:00
Andrew Hutchings
54e8e80e81
Added integer overflow protection to PKCS12
...
PKCS12_ConcatenateContent() could overflow.
2026-02-10 15:53:29 +00:00
Andrew Hutchings
6b4fd431da
Fix leak in PKCS12 error path
2026-02-10 15:47:10 +00:00
Andrew Hutchings
a8d844003e
Fix potential buffer overflow in EVP
...
It is potentially possible on a 32bit system to get realloc to overflow
with several of the EVP functions.
2026-02-10 14:49:20 +00:00
Juliusz Sosinowicz
5f755f6bd5
Fix compilation checks in test scripts
...
Correct the logic for checking if the client and server examples are compiled
in the test scripts. The previous logic was inverted, causing the tests to
always skip if the examples *were* compiled.
2026-02-10 13:14:55 +01:00
Juliusz Sosinowicz
f810dc2a01
Add check for KeyShare in ServerHello
...
Fixes ZD21171
2026-02-10 12:39:27 +01:00
Sean Parkinson
7245ad02bb
Merge pull request #9748 from gasbytes/wolfSSL_d2i_SSL_SESSION-fix
...
add missing checks in wolfSSL_d2i_SSL_SESSION
2026-02-10 21:22:16 +10:00
Sean Parkinson
bf86450c01
Merge pull request #9749 from holtrop-wolfssl/rust-wolfssl-wolfcrypt-crate-1.1.0
...
Rust wrapper: update wolfssl-wolfcrypt crate to v1.1.0
2026-02-10 21:21:15 +10:00
Sean Parkinson
5bb39eb5c4
Merge pull request #9617 from julek-wolfssl/ada-testing
...
Ada Bindings and CI Improvements
2026-02-10 21:20:32 +10:00
Sean Parkinson
2b370f8ecb
ARM assembly fixes
...
armv8-32-aes-asm*: Fix #define protection around L_AES_ARM32_ecb_td4.
armv8-curve25519_c.c: Fix definition of fe_invert_nct to match
prototype.
2026-02-10 16:20:20 +10:00
David Garske
2a18b7ee44
Fix non-blocking X25519/ECC with WOLFSSL_ASYNC_CRYPT_SW
...
The non-blocking setup for X25519 and ECC in TLS was unconditionally
setting up nbCtx, which caused functions to return FP_WOULDBLOCK. However,
with INVALID_DEVID (the default), TLS has no async loop to handle
FP_WOULDBLOCK, only WC_PENDING_E via the async framework.
The fix follows the pattern used in asn.c: only set up nbCtx when the async
device is active (devId != INVALID_DEVID). With INVALID_DEVID, the code now
uses the blocking fallback (WC_ECC_NONBLOCK_ONLY) instead.
This prevents unit test timeouts when built with --enable-curve25519=nonblock
or --enable-ecc=nonblock.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-02-09 09:22:36 -08:00
Juliusz Sosinowicz
40d3befa61
Extend Ada bindings
...
Add Ada bindings for SHA-256, RSA sign/verify, and AES-CBC from
wolfCrypt. Use XMALLOC/XFREE for dynamic allocation and add GNATprove
ownership annotations to enable static leak detection.
Refactor the Ada wrapper into a base package (wolfssl.ads) and a child
package (wolfssl-full_runtime) to separate code that depends on
Interfaces.C.Strings and GNAT.Sockets from zero-footprint-compatible
code.
Add standalone examples for SHA-256 hashing, RSA signature verification,
and AES encryption under wrapper/Ada/examples/.
Add AUnit test suites for SHA-256, RSA, and AES bindings under
wrapper/Ada/tests/ with Valgrind suppressions and Alire integration.
Move TLS client/server examples into wrapper/Ada/examples/src/ and
update build files (default.gpr, examples.gpr, include.am) accordingly.
Update CI (ada.yml) to build default.gpr, run AUnit tests, run the
client-server examples, and run GNATprove.
Co-authored-by: Joakim Strandberg <joakim@mequinox.se >
2026-02-09 13:44:35 +01:00
David Garske
ca5b484e23
Merge pull request #9752 from douzzer/20260207-fixes
...
20260207-fixes
2026-02-07 12:43:22 -08:00
Daniel Pouzzner
d36953948b
src/ssl_api_pk.c: in wolfSSL_CTX_SetTmpEC_DHE_Sz(), fix gate-dependent syntax error in if construct;
...
src/ssl_p7p12.c: in wolfSSL_SMIME_read_PKCS7(), fix memleakOnRealloc.
2026-02-07 12:00:00 -06:00
David Garske
fbc5502a58
Merge pull request #9750 from douzzer/20260206-fixes
...
20260206-fixes
2026-02-06 14:54:58 -08:00
Josh Holtrop
fbed7e8553
Rust wrapper: update CHANGELOG for wolfssl-wolfcrypt v1.1.0
2026-02-06 14:44:44 -05:00
Daniel Pouzzner
872661186f
Merge pull request #9746 from JacobBarthelmeh/wolfhsm
...
warning for 'type' may be used uninitialiized
2026-02-06 13:14:41 -06:00
Daniel Pouzzner
51f5f8799d
src/ssl_api_pk.c: fix -Wmaybe-uninitialized in check_cert_key_dev() (defect introduced in #9723 );
...
wolfcrypt/test/test.c: fix error-path memory leaks in srtpkdf_test(), and properly gate out incompatible SRTP_KDF_LONG_KEY test on old FIPS (defect introduced in #9733 );
.wolfssl_known_macro_extras: get into lexical order and remove unneeded WC_RSA_DIRECT.
2026-02-06 13:06:10 -06:00
David Garske
19bb7198a2
Peer review fixes
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-06 10:24:31 -08:00
Josh Holtrop
70a7f4d5de
Rust wrapper: update wolfssl-wolfcrypt crate to v1.1.0
2026-02-06 13:18:18 -05:00
Reda Chouk
f94eb68ea3
add missing checks in wolfSSL_d2i_SSL_SESSION
2026-02-06 17:00:42 +01:00
David Garske
78bba7e90f
Fix for TLS with WOLFSSL_SMALL_CERT_VERIFY
2026-02-05 21:55:32 -08:00
JacobBarthelmeh
4fc778c8eb
warning for 'type' may be used uninitialiized
2026-02-05 22:14:43 -07:00
Daniel Pouzzner
25db90afe7
Merge pull request #9741 from kareem-wolfssl/variousFixes
...
Various fixes
2026-02-05 20:32:12 -06:00
Daniel Pouzzner
8e6ebdb8ac
Merge pull request #9723 from SparkiDev/ssl_split_cert
...
Split out code form ssl.c and pk.c
2026-02-05 18:21:36 -06:00
David Garske
c3ef6afcfd
Merge pull request #9743 from douzzer/20260205-fixes
...
20260205-fixes
2026-02-05 15:23:57 -08:00
Daniel Pouzzner
1d871879df
Merge pull request #9726 from Frauschi/pkcs11_pqc_prep
...
PKCS#11 PQC preparation work
2026-02-05 16:50:25 -06:00
Daniel Pouzzner
a6ee93c84c
Merge pull request #9739 from holtrop-wolfssl/rust-crate-fips-support
...
Rust wrapper: add FIPS support
2026-02-05 16:49:58 -06:00
Daniel Pouzzner
88edcf6c96
Merge pull request #9736 from embhorn/gh9731
...
Exclude Config.cmake.in in .gitignore
2026-02-05 16:49:35 -06:00
Daniel Pouzzner
da426d9c1d
Merge pull request #9725 from Frauschi/cmake
...
CMake fixes and improvements
2026-02-05 16:49:03 -06:00
Daniel Pouzzner
681d09fc3c
Merge pull request #9714 from philljj/bsdkm_crypto_accel
...
bsdkm: x86 crypto acceleration support.
2026-02-05 16:48:03 -06:00
Daniel Pouzzner
2a32e108d0
Merge pull request #9656 from jackctj117/PKCS7-signing
...
Add PKCS7 ECC raw sign callback support
2026-02-05 16:46:27 -06:00
Daniel Pouzzner
6d7cb87965
Merge pull request #9733 from SparkiDev/srtp_kdf_ctr_fix
...
SRTP-KDF: use two bytes of index
2026-02-05 16:21:38 -06:00
Paul Adelsbach
635832010e
Use WOLFSSL_STACK methods in new AIA functions
2026-02-05 11:54:26 -08:00