David Garske
c5bbe798ec
Merge pull request #9760 from SparkiDev/mldsa_small_matrix_mul_reduce
...
ML-DSA/Dilithium: reduce vector when small build
2026-02-18 14:40:40 -08:00
David Garske
eceb55ebeb
Merge pull request #9795 from LinuxJedi/static-fixes2
...
Static analysis fixes
2026-02-18 12:07:26 -08:00
David Garske
2971c7024b
Merge pull request #9671 from SparkiDev/aes_gcm_arm32_hw_crypto_set_key_unaligned
...
ARM32 HW Crypto: AES-GCM set key unaligned key
2026-02-18 10:54:42 -08:00
David Garske
7efefc7b22
Merge pull request #9792 from SparkiDev/sp_c_rsa_pub_only
...
SP C - RSA public only build with DH
2026-02-18 10:01:53 -08:00
Andrew Hutchings
4e37d99d07
Fix OCSP key-based responder ID lookup when SM2/SM3 is enabled.
...
When WOLFSSL_SM2 and WOLFSSL_SM3 are both defined, KEYID_SIZE becomes 32
(WC_SM3_DIGEST_SIZE) but OCSP_RESPONDER_ID_KEY_SZ remains 20 (SHA-1 per
RFC 6960). The guard (int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ in
OcspFindSigner() and OcspRespIdMatch() evaluated to false (32 != 20),
completely disabling key-based OCSP responder ID matching. This caused
OCSP stapling to fail with BAD_CERTIFICATE_STATUS_ERROR (-406) against
any server using a key-based responder ID (e.g. login.live.com).
Fix by comparing only OCSP_RESPONDER_ID_KEY_SZ bytes for the responder
ID match, and zero-padding the 20-byte key hash to KEYID_SIZE before
passing to CA lookup functions that compare the full KEYID_SIZE.
2026-02-18 18:01:33 +00:00
Andrew Hutchings
43aad1e4d7
Fix SM4 TLS 1.3 decrypt auth tag and SM2 cert verification
...
- Fix SM4 GCM/CCM TLS 1.3 decrypt to read auth tag from input buffer
instead of output buffer, consistent with all other AEAD ciphers
(src/tls13.c)
- Fix SM4_BLOCK_SIZE typo (was SM$_BLOCK_SIZE) in TicketEncDec SM4-GCM
decrypt path (src/internal.c)
- Fix SM2 certificate signature verification for certs using
id-ecPublicKey (ECDSAk) with SM2-with-SM3 signature algorithm.
OpenSSL creates SM2 cert signatures without the standard
distinguishing identifier in the ZA hash. The SM2k code path already
handled this correctly (idSz=0), but the ECDSAk + CTC_SM3wSM2 path
was incorrectly using CERT_SIG_ID_SZ (16), causing ASN_SIG_CONFIRM_E
(-155) when verifying non-self-signed SM2 certs (wolfcrypt/src/asn.c)
- Regenerate expired SM2 test certificates via certs/sm2/gen-sm2-certs.sh
They had expired.
2026-02-18 18:01:33 +00:00
David Garske
0dd5009db0
Merge pull request #9768 from anhu/wc_CheckPrivateKey
...
wc_CheckPrivateKey returns NOT_COMPILED_IN for certain gating flags
2026-02-18 08:01:53 -08:00
Sean Parkinson
63b9d13db8
Merge pull request #9790 from bigbrett/sp-rsa-unused-var
...
Fix macro protection in SP code for RSA_LOW_MEM
2026-02-18 16:36:04 +10:00
Sean Parkinson
6b46754800
SP C - RSA public only build with DH
...
Fix build to compile when RSA public only but DH included.
2026-02-18 12:26:00 +10:00
Brett Nicholas
140f9aafe2
test-fix
2026-02-17 15:54:12 -07:00
Brett Nicholas
2c7eb9bc12
fix macro protection for sp_*_cond_add_* in ARM SP asm to prevent unused function warning when used with RSA_LOW_MEM
2026-02-17 15:33:14 -07:00
Anthony Hu
50fbf7f721
wc_CheckPrivateKey() returns NOT_COMPILED_IN for certain gating flags
2026-02-17 17:02:08 -05:00
David Garske
5960a365de
Merge pull request #9776 from Pushyanth-Infineon/fix_psoc6_sha_includes
...
Fix missing header includes and conditional compilation issue for PSoC6 port.
2026-02-17 10:12:00 -08:00
David Garske
a0a76254a5
Merge pull request #9783 from SparkiDev/aes_clang_volatile
...
AES clang: make x volatile in pre-fetch functions
2026-02-17 10:10:56 -08:00
Andrew Hutchings
8042f767ed
Fix issues found in static analysis
...
- Fix missing cleanup on error in wc_XChaCha20Poly1305_crypt_oneshot:
change early return to goto out so ForceZero and free are called
- Fix memory leak in wc_DeCompressDynamic: free tmp buffer before
early return on avail_out size check failure
- Fix unconditional mutex unlock in PQC sign functions (falcon,
sphincs, dilithium): only call unlock when lock was acquired
- Remove dead oqssig NULL checks in falcon sign/verify that are
unreachable after the preceding SIG_TYPE_E assignment
2026-02-17 15:20:36 +00:00
Sean Parkinson
299e7bd097
AES clang: make x volatile in pre-fetch functions
...
Latest version of clang with optimization turned right up will make the
pre-fetch functions return 0.
The pre-fetch functions are there to ensure tables are all in cache not
to calculate a value.
2026-02-17 08:44:24 +10:00
David Garske
d81bb7234a
Merge pull request #9778 from LinuxJedi/exp-fixes
...
Fixes to big-endian bugs found in Curve448 and Blake2S
2026-02-16 14:30:47 -08:00
David Garske
cf4bf83ab2
Merge pull request #9762 from rizlik/bench_ed25519_use_devid
...
wolfcrypt: benchmark: use WC_USE_DEVID to benchmark ed25519 if defined
2026-02-16 13:49:53 -08:00
David Garske
be9f3853fa
Merge pull request #9764 from lealem47/wolfEntropy_arm32
...
wolfEntropy: Add ARM Generic Timer virtual counter as time src
2026-02-16 13:00:26 -08:00
Pushyanth Kamatham
b395eef455
Fix missing header includes and conditional compilation issue in PSoC6 crypto hardware acceleration port.
...
Guard the `aes->left = 0` assignment to enable when WOLFSSL_AES_CFB is defined.
2026-02-17 02:26:52 +05:30
Andrew Hutchings
451cb45670
Fix Blake2s overlapping writes
...
We are copying from a 32bit buffer, so are overlapping writes. This
could cause damage the hash on big-endian platforms.
2026-02-16 16:08:27 +00:00
Andrew Hutchings
180c66ba70
Fix curve448
...
`wc_curve448_check_public` can get into an infinite loop in the
big-endian code path.
2026-02-16 15:56:41 +00:00
Daniel Pouzzner
1c92c74116
Merge pull request #9631 from padelsbach/crl-generation
...
Add CRL generation code
2026-02-13 21:59:52 -06:00
Paul Adelsbach
81ae472e50
Add CRL generation code
2026-02-13 10:54:47 -08:00
Daniel Pouzzner
c4131659cc
Merge pull request #9767 from SparkiDev/sp_thumb2_mont_sub_reg_fix
...
Thumb2 SP ASM: mont_sub fix
2026-02-13 11:35:36 -06:00
David Garske
16ba668ebe
Merge pull request #9632 from jackctj117/CSR-signing
...
Add wc_SignCert_cb API for external signing callbacks
2026-02-13 09:07:37 -08:00
Sean Parkinson
e48c867f6f
Thumb2 SP ASM: mont_sub fix
...
Always use all the parameters and always use the parameter name and not
the assumed register.
2026-02-13 11:49:21 +10:00
Lealem Amedie
d9b934323a
Check if _POSIX_C_SOURCE is defined
2026-02-12 18:13:29 -07:00
Lealem Amedie
17287cd595
wolfEntropy: Add ARM Generic Timer virtual counter as time src
2026-02-12 18:13:29 -07:00
David Garske
49ed1fa21f
Merge pull request #9684 from SparkiDev/ecc_import_pub_check_fix
...
ECC: import point, always do some checks
2026-02-11 21:53:03 -08:00
David Garske
1b0b4b1444
Merge pull request #9756 from SparkiDev/arm_asm_fixes_1
...
ARM assembly fixes
2026-02-11 21:51:51 -08:00
Sean Parkinson
2f53add6a5
Merge pull request #9758 from LinuxJedi/lxj-fixes
...
Minor fixes to EVP and PKCS12 code
2026-02-12 08:01:28 +10:00
Sean Parkinson
1847c6e778
Merge pull request #9721 from dgarske/x25519_nb
...
Add X25519 non-blocking support and async example improvements
2026-02-12 07:56:58 +10:00
Marco Oliverio
b767d8218a
wolfcrypt: benchmark: use WC_USE_DEVID to benchmark ed25519 if defined
2026-02-11 15:25:28 +01:00
Sean Parkinson
895fb2936d
ML-DSA/Dilithium: reduce vector when small build
...
Ensure the matrix multiplication result has values reduced to the
correct range. Only an issue for small builds.
2026-02-11 09:47:45 +10:00
David Garske
bc12b7563f
Peer review improvements
2026-02-10 14:51:51 -08:00
Andrew Hutchings
54e8e80e81
Added integer overflow protection to PKCS12
...
PKCS12_ConcatenateContent() could overflow.
2026-02-10 15:53:29 +00:00
Andrew Hutchings
6b4fd431da
Fix leak in PKCS12 error path
2026-02-10 15:47:10 +00:00
Andrew Hutchings
a8d844003e
Fix potential buffer overflow in EVP
...
It is potentially possible on a 32bit system to get realloc to overflow
with several of the EVP functions.
2026-02-10 14:49:20 +00:00
Sean Parkinson
2b370f8ecb
ARM assembly fixes
...
armv8-32-aes-asm*: Fix #define protection around L_AES_ARM32_ecb_td4.
armv8-curve25519_c.c: Fix definition of fe_invert_nct to match
prototype.
2026-02-10 16:20:20 +10:00
Daniel Pouzzner
51f5f8799d
src/ssl_api_pk.c: fix -Wmaybe-uninitialized in check_cert_key_dev() (defect introduced in #9723 );
...
wolfcrypt/test/test.c: fix error-path memory leaks in srtpkdf_test(), and properly gate out incompatible SRTP_KDF_LONG_KEY test on old FIPS (defect introduced in #9733 );
.wolfssl_known_macro_extras: get into lexical order and remove unneeded WC_RSA_DIRECT.
2026-02-06 13:06:10 -06:00
David Garske
19bb7198a2
Peer review fixes
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-06 10:24:31 -08:00
David Garske
78bba7e90f
Fix for TLS with WOLFSSL_SMALL_CERT_VERIFY
2026-02-05 21:55:32 -08:00
Daniel Pouzzner
25db90afe7
Merge pull request #9741 from kareem-wolfssl/variousFixes
...
Various fixes
2026-02-05 20:32:12 -06:00
Daniel Pouzzner
8e6ebdb8ac
Merge pull request #9723 from SparkiDev/ssl_split_cert
...
Split out code form ssl.c and pk.c
2026-02-05 18:21:36 -06:00
Daniel Pouzzner
1d871879df
Merge pull request #9726 from Frauschi/pkcs11_pqc_prep
...
PKCS#11 PQC preparation work
2026-02-05 16:50:25 -06:00
Daniel Pouzzner
a6ee93c84c
Merge pull request #9739 from holtrop-wolfssl/rust-crate-fips-support
...
Rust wrapper: add FIPS support
2026-02-05 16:49:58 -06:00
Daniel Pouzzner
681d09fc3c
Merge pull request #9714 from philljj/bsdkm_crypto_accel
...
bsdkm: x86 crypto acceleration support.
2026-02-05 16:48:03 -06:00
Daniel Pouzzner
2a32e108d0
Merge pull request #9656 from jackctj117/PKCS7-signing
...
Add PKCS7 ECC raw sign callback support
2026-02-05 16:46:27 -06:00
Daniel Pouzzner
6d7cb87965
Merge pull request #9733 from SparkiDev/srtp_kdf_ctr_fix
...
SRTP-KDF: use two bytes of index
2026-02-05 16:21:38 -06:00