Anthony Hu
6721bde8e0
Add bounds check in PKCS7 streaming indefinite-length end-of-content parsing
2026-03-25 20:03:00 -04:00
David Garske
0f41e99c34
Merge pull request #10024 from embhorn/zd21390
...
Fix DecodeAltNames length check
2026-03-20 12:13:02 -07:00
David Garske
994a1fbacc
Merge pull request #9970 from JacobBarthelmeh/bench
...
use heap hint with dilithium benchmark
2026-03-20 09:46:56 -07:00
David Garske
45b31a1828
Merge pull request #10003 from SparkiDev/port_ai_review_1
...
Fixes from AI review
2026-03-20 08:36:30 -07:00
David Garske
82b6b9cb22
Merge pull request #10018 from embhorn/zd21389
...
Fix GetSafeContent to check length
2026-03-20 08:08:16 -07:00
Eric Blankenhorn
6446bb2115
Fix DecodeAltNames length check
2026-03-20 08:16:47 -05:00
Sean Parkinson
ec958de649
ASM generation fixes
...
Many comment fixes, label renaming and non-functional changes.
Bug Fixes
x86_64 (aes_xts_asm.S/.asm)
- Removed a spurious movl %edx, %eax that was clobbering a register,
then
fixed two comparisons to use %edx instead of the now-stale %eax. This
was a
functional bug in AES-XTS key-rounds selection.
x86_64 (fe_x25519_asm.S)
- Changed xor %rbx, %rbx → xorq %rbx, %rbx (explicit 64-bit operand
size
suffix).
ARM32 (sp_arm32.c, sp_cortexm.c)
- Fixed typo in assembly label names: sub_in_pkace → sub_in_place
(both label
definitions and branch targets). Affected 2048-bit and 3072-bit SP
functions.
- Fixed wrong source register in multiply/accumulate sequences: r11 →
r7 and
r3 → r4 (functional register-use bugs).
ARM32 ChaCha (armv8-32-chacha-asm.S/_c.c)
- Fixed label typo: same_keyb_ytes → same_key_bytes
- Fixed NEON instruction syntax: vrev32.i16 → vrev32.16 (invalid
mnemonic →
correct ARM NEON form, affects multiple sites)
ARM32 SHA3 (armv8-32-sha3-asm_c.c, .S)
- Fixed symbol name typo: L_sha3_arm2_neon_rt / L_sha3_arm2_rt →
L_sha3_arm32_neon_rt / L_sha3_arm32_rt
ARM32 AES (armv8-32-aes-asm_c.c, thumb2-aes-asm_c.c, .S variants)
- Fixed #endif comment: WOLFSSL_ARMASM_AES_BLOCK_INLINE →
!WOLFSSL_ARMASM_AES_BLOCK_INLINE (logic inversion was missing from the
comment)
ARM64 ChaCha (armv8-chacha-asm_c.c/.S)
- Fixed label typo: arm64loop_lt_8 → arm64_loop_lt_8
ARM32 ML-KEM (armv8-32-mlkem-asm.S/_c.c)
- Fixed #endif comment typo: WOLFSLS_ARM_ARCH → WOLFSSL_ARM_ARCH
(across many
occurrences)
SHA-512 (sha512_asm.S)
- Corrected off-by-one in comments: msg_sched done: 0-3 → 0-1, 2-5 →
2-3, etc.
(only 2 entries scheduled per block, not 4)
2026-03-20 11:56:25 +10:00
JacobBarthelmeh
5b9d0a13bf
Merge pull request #9992 from dgarske/macro_docs
...
Add inline documentation for missing macros and fix spelling errors
2026-03-19 17:08:33 -06:00
Eric Blankenhorn
b4d2cd6d9c
Fix feedback from review
2026-03-19 15:22:39 -05:00
Eric Blankenhorn
e0a19a798e
Fix GetSafeContent to check length
2026-03-19 15:09:02 -05:00
David Garske
056b95235e
Merge pull request #9990 from rlm2002/coverity
...
Coverity: fix more null derefs
2026-03-19 12:32:51 -07:00
David Garske
c83dc5c254
Merge pull request #10005 from JeremiahM37/f-753
...
Fix sz==0 buffer underflow in devcrypto AES-CBC
2026-03-19 12:29:24 -07:00
David Garske
0d7c58e3e7
Merge pull request #9912 from LinuxJedi/se050-fixes2
...
Fix SE050 RSA-PSS signing, key cleanup, and mutex leaks
2026-03-19 12:28:47 -07:00
David Garske
be7bf60e38
Merge pull request #10010 from SparkiDev/dilithium_ctxlen_byte
...
Dilithium: fix API so that context length is byte
2026-03-19 12:26:42 -07:00
David Garske
325413f94a
Merge pull request #9983 from Frauschi/bench_stack_fix
...
Fix stack tracking in wolfCrypt benchmark
2026-03-19 11:55:30 -07:00
Sean Parkinson
a8247bfd62
Dilithium: fix API so that context length is byte
...
Only allowed to have a context length of 0..255 bytes.
Make all context len parameters type byte.
2026-03-19 14:28:22 +10:00
Jeremiah Mackey
b85e500ffa
Fix sz==0 buffer underflow in devcrypto AES-CBC
2026-03-18 17:22:44 +00:00
Sean Parkinson
30cb25e498
Fixes from AI review
2026-03-18 22:08:58 +10:00
JacobBarthelmeh
816978050a
Merge pull request #10000 from douzzer/20260317-ecc_point_test-FIPS-gate
...
20260317-ecc_point_test-FIPS-gate
2026-03-17 19:41:38 -06:00
Daniel Pouzzner
df7b67ba27
wolfcrypt/test/test.c: fix FIPS gate in ecc_point_test() for "Test compressed point with missing x coordinate bytes".
2026-03-17 18:15:39 -05:00
Daniel Pouzzner
87125c49e1
wolfcrypt/src/rng_bank.c and wolfssl/wolfcrypt/rng_bank.h: add !WC_NO_CONSTRUCTORS gate around wc_rng_new_bankref().
2026-03-17 17:45:09 -05:00
JacobBarthelmeh
668d69b73a
Merge pull request #9988 from kareem-wolfssl/zd21356
...
Check raw pubkey length in wc_ecc_import_x963 before copying to it for KCAPI case.
2026-03-17 14:12:11 -06:00
David Garske
a98cb451c5
Merge pull request #9948 from SparkiDev/sp_int_comment_fixes_1
...
sp_int.c: comment fixes
2026-03-17 07:38:48 -07:00
JacobBarthelmeh
6f386fd6b2
Merge pull request #9981 from julek-wolfssl/fenrir/260316
...
Fenrir fixes
2026-03-17 08:36:11 -06:00
David Garske
e023c1793d
Merge pull request #9989 from JacobBarthelmeh/ecc
...
add sanity check on keysize found with ECC point import
2026-03-17 06:14:40 -07:00
David Garske
4c75a866d9
Add inline documentation for missing macros and fix spelling errors
2026-03-16 17:09:13 -07:00
Ruby Martin
f55afbd5f1
fix more null derefs
2026-03-16 17:22:51 -06:00
JacobBarthelmeh
44de734fa3
add sanity check on keysize found with ECC point import
2026-03-16 16:57:50 -06:00
Kareem
ddc177b669
Check raw pubkey length in wc_ecc_import_x963 before copying to it for KCAPI case.
2026-03-16 15:34:18 -07:00
Juliusz Sosinowicz
7c92fb204d
Use constant-time PKCS#7 padding check in EVP
...
F-763
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
fac08427e5
Fix missing op validation in EVP_PKEY_decrypt
...
F-747
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
5f7bc0f3a6
Clear sensitive stack buffers in ed448 signing
...
F-765
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
109e765b5b
Clear sensitive stack buffers in ed25519 signing
...
F-764
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
e4b55be65a
Use mp_forcezero for DH private key in async path
...
F-766
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
643427040b
Clear seed buffer after dilithium key generation
...
F-767
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
4ee9a263f0
Fix resource leak in wc_InitEccsiKey_ex error path
...
F-752
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
b168bfaa6a
Check wc_ecc_init_ex return value in wc_GetKeyOID
...
F-749
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz
265fbdb3dd
Check wc_InitRsaKey return value in wc_GetKeyOID
...
F-748
2026-03-16 15:15:11 -07:00
David Garske
b5c532703a
Merge pull request #9954 from kareem-wolfssl/gh9951
...
Fix potential overflows in used size calculation in generic, TI and SE050 hash functions.
2026-03-16 15:09:22 -07:00
David Garske
da635c9004
Merge pull request #9980 from anhu/sphincs_no_elseif
...
Fixes SPHINCS else-if chain key detection
2026-03-16 15:03:59 -07:00
David Garske
90377e10c5
Merge pull request #9979 from anhu/falcon_no_elseif
...
Fixes Falcon else-if chain key detection
2026-03-16 15:03:43 -07:00
David Garske
96661a5dab
Merge pull request #9977 from JacobBarthelmeh/multi-test
...
Minor fixes for nightly multi-test tool
2026-03-16 14:31:39 -07:00
JacobBarthelmeh
57f416fc43
Merge pull request #9961 from sebastian-carpenter/tls-ech-coverity
...
minor coverity fixes for tls ech code
2026-03-16 15:27:27 -06:00
Daniel Pouzzner
416072f298
Merge pull request #9969 from Frauschi/mlkem_wconversion
...
ML-KEM Wconversion fixes
2026-03-16 15:03:26 -05:00
David Garske
87906a38ab
Merge pull request #9974 from JacobBarthelmeh/oss-fuzz
...
fix to free CRL reason extension
2026-03-16 13:46:34 -06:00
Andrew Hutchings
cfd819370a
Fix SE050 RSA-PSS signing, key cleanup, and mutex leaks
...
RSA-PSS fix:
Skip SE050 hardware path for RSA-PSS sign and verify operations in
RsaPublicEncryptEx() and RsaPrivateDecryptEx(). The SE050's PSS sign
API (Se05x_API_RSASign) is a hash-then-sign operation, which
double-hashes when wolfSSL passes a pre-computed digest (as done during
TLS CertificateVerify). PSS operations now fall through to the software
RSA path. PKCS#1 v1.5 signing continues to use SE050 hardware.
Key object leak fix:
Add se050_rsa_free_key() called from wc_FreeRsaKey() to erase
wolfSSL-allocated RSA key objects from SE050 persistent storage on
free. Without this, persistent key slots on the SE050 are never
reclaimed and eventually exhaust secure storage. Add matching
sss_key_store_erase_key() calls to se050_ecc_free_key(),
se050_ed25519_free_key(), and se050_curve25519_free_key(). Only keys
with keyId >= SE050_KEYID_START are erased (pre-provisioned keys are
left intact).
Mutex leak fix:
Add missing wolfSSL_CryptHwMutexUnLock() calls before early returns in
se050_rsa_sign(), se050_rsa_verify(), se050_rsa_public_encrypt(), and
se050_rsa_private_decrypt() when the algorithm lookup fails after the
mutex has already been acquired.
ZD 21212
2026-03-16 19:19:14 +00:00
JacobBarthelmeh
7de150eff0
Merge pull request #9975 from rlm2002/coverity
...
20260313 Coverity changes
2026-03-16 12:52:27 -06:00
Tobias Frauenschläger
987a705318
Fix stack tracking in wolfCrypt benchmark
2026-03-16 18:33:55 +01:00
Anthony Hu
2939ab7f6a
Fixes SPHINCS else-if chain key detection
...
F-751
2026-03-16 11:20:19 -04:00
Anthony Hu
3b36db0c9d
Fixes Falcon else-if chain key detection
...
F-750
2026-03-16 10:55:28 -04:00