Commit Graph

28262 Commits

Author SHA1 Message Date
Juliusz Sosinowicz c6f41bce2f Fix memory leak on hash failure in LoadCertByIssuer
F-721
2026-03-16 15:14:26 -07:00
Juliusz Sosinowicz 4596e9e1a7 Fix error return in InitSSL verify param path
F-720
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz a9a9eae4d9 Fix error propagation in InitSSL QUIC path
F-719
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz 3ff051f3e4 Use secure wipe for RSA temporary
F-718
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz 0d7ef87f09 Fix bounds check in session deserialization
F-717
2026-03-16 15:14:25 -07:00
David Garske b5c532703a Merge pull request #9954 from kareem-wolfssl/gh9951
Fix potential overflows in used size calculation in generic, TI and SE050 hash functions.
2026-03-16 15:09:22 -07:00
David Garske da635c9004 Merge pull request #9980 from anhu/sphincs_no_elseif
Fixes SPHINCS else-if chain key detection
2026-03-16 15:03:59 -07:00
David Garske 90377e10c5 Merge pull request #9979 from anhu/falcon_no_elseif
Fixes Falcon else-if chain key detection
2026-03-16 15:03:43 -07:00
David Garske 96661a5dab Merge pull request #9977 from JacobBarthelmeh/multi-test
Minor fixes for nightly multi-test tool
2026-03-16 14:31:39 -07:00
JacobBarthelmeh 57f416fc43 Merge pull request #9961 from sebastian-carpenter/tls-ech-coverity
minor coverity fixes for tls ech code
2026-03-16 15:27:27 -06:00
Daniel Pouzzner 416072f298 Merge pull request #9969 from Frauschi/mlkem_wconversion
ML-KEM Wconversion fixes
2026-03-16 15:03:26 -05:00
David Garske 77c7418052 Merge pull request #9973 from JacobBarthelmeh/static_analysis
fix to sanity check on importing raw session key info
2026-03-16 13:46:53 -06:00
David Garske 87906a38ab Merge pull request #9974 from JacobBarthelmeh/oss-fuzz
fix to free CRL reason extension
2026-03-16 13:46:34 -06:00
JacobBarthelmeh 7de150eff0 Merge pull request #9975 from rlm2002/coverity
20260313 Coverity changes
2026-03-16 12:52:27 -06:00
Daniel Pouzzner 30d8cf1a66 Merge pull request #9971 from JacobBarthelmeh/linuxkm
Use ENOMEM return and add goto out on AAD error with linuxkm
2026-03-16 11:43:15 -05:00
Daniel Pouzzner 49796a5159 configure.ac: don't include enable_ocsp_responder in enable-all if $enable_sha = no, remove enable_ocsp_responder from enable-all-crypto setup, and remove superseded fixup clause for ENABLED_OCSP_RESPONDER with ENABLED_SHA = no.
.wolfssl_known_macro_extras: remove unneeded WOLFSSL_PYTHON.
2026-03-16 10:20:48 -05:00
JacobBarthelmeh 7ad9c25a5b Merge pull request #9978 from SparkiDev/xmss_sign_idx_fix
XMSS: Fix index copy for signing.
2026-03-16 09:20:38 -06:00
Anthony Hu 2939ab7f6a Fixes SPHINCS else-if chain key detection
F-751
2026-03-16 11:20:19 -04:00
JacobBarthelmeh 93fc517dd1 add NO_RSA macro guard to test case 2026-03-16 08:58:15 -06:00
Anthony Hu 3b36db0c9d Fixes Falcon else-if chain key detection
F-750
2026-03-16 10:55:28 -04:00
JacobBarthelmeh f8dda213b0 Merge pull request #9972 from cconlon/getCiphersCompatFix
Fix wolfSSL_get_ciphers_compat() to return NULL for empty cipher list
2026-03-16 08:29:00 -06:00
Sean Parkinson 9590255ceb XMSS: Fix index copy for signing.
The index is already big-endian encoded but it needs to be front padded
with zeros instead of back end padded.
2026-03-16 21:24:08 +10:00
JacobBarthelmeh 8f810c2705 clear q with integer.c and mp_div_3 in error case 2026-03-16 00:09:37 -06:00
JacobBarthelmeh 73e425923b setting heap pointer based on if key is null 2026-03-16 00:08:04 -06:00
JacobBarthelmeh 9b96f49505 check return value of fwrite in test case 2026-03-16 00:07:09 -06:00
JacobBarthelmeh 681fb41fcb Null check on SNI pointer before potential use 2026-03-16 00:06:38 -06:00
JacobBarthelmeh eaa6db9462 account for --enable-all-crypto and --disable-sha build now having OCSP responder 2026-03-16 00:06:13 -06:00
Ruby Martin 2ca2781756 reallocate tmp buffer with space for null terminator 2026-03-13 17:28:00 -06:00
Ruby Martin 8b7b6754d9 macro guard with WOLFSSL_SMALL_STACK to prevent dead code 2026-03-13 17:03:02 -06:00
Ruby Martin 1ac4ba282b remove early der free 2026-03-13 17:03:02 -06:00
Kareem 0b26791168 Code review feedback 2026-03-13 15:57:18 -07:00
Kareem 3cc15548bc Code review feedback. Error out on len = 0 as well. 2026-03-13 15:57:18 -07:00
Kareem 0a082b08ca Code review feedback 2026-03-13 15:57:18 -07:00
Kareem 42b321a7d3 Use safe sum of used size after calculating it. No reason to redo the additions. Fixes unused variable warning as well.
Fix different type addition in hash.c.
2026-03-13 15:57:18 -07:00
Kareem d205fcac87 Fix potential overflows in two additional hash functions.
Thanks to Arjuna Arya for the report.

Fixes #9955.
2026-03-13 15:57:18 -07:00
Kareem 091016a149 Ensure se050Ctx->used does not overflow in se050_hash_update.
Thanks to Arjuna Arya for the report.

Fixes #9951.
2026-03-13 15:57:18 -07:00
JacobBarthelmeh bbf3beef35 fix to free CRL reason extension 2026-03-13 16:17:52 -06:00
JacobBarthelmeh a6195c30c1 Merge pull request #9947 from kareem-wolfssl/zd21325
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
2026-03-13 15:37:24 -06:00
JacobBarthelmeh d36f7a2b99 fix to sanity check on importing raw session key info 2026-03-13 15:32:46 -06:00
Chris Conlon 428030a3e8 Fix wolfSSL_get_ciphers_compat to return NULL when no ciphers available 2026-03-13 15:07:25 -06:00
Tobias Frauenschläger 3b4e51c150 ML-KEM Wconversion fixes
* fix -Wconversion warnings
* allow APIs without RNG usage in case WC_NO_RNG is defined
2026-03-13 21:22:48 +01:00
JacobBarthelmeh b97b3da81b use ENOMEM instead of MEMORY_E with aes glue returns f-669 2026-03-13 14:08:03 -06:00
JacobBarthelmeh 1958fbdf71 Add goto out on AAD error f-631 2026-03-13 14:03:31 -06:00
Chris Conlon aa9ee8b4fa Merge pull request #9963 from JacobBarthelmeh/caam
fixes for CAAM port without hash store
2026-03-13 13:45:08 -06:00
JacobBarthelmeh 73eb8f933b Merge pull request #9967 from Frauschi/pqc_cmake
Move PQC algos out of experimental in CMake
2026-03-13 13:12:53 -06:00
Kareem 94b370f5e2 Rework check to compare only ints. 2026-03-13 11:42:12 -07:00
Kareem 19b99f8072 Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
Thanks to Haruto Kimura (Stella) for the report.
2026-03-13 11:42:12 -07:00
Ruby Martin 5d54d8a488 init caCert before function can error out 2026-03-13 11:57:24 -06:00
sebastian-carpenter 47a24d7b90 minor coverity fixes for tls ech 2026-03-13 11:04:44 -06:00
Tobias Frauenschläger da94ea6265 Move PQC algos out of experimental in CMake
This has already been done long time in autoconf. User
now does not have to enable experimental features to use
PQC.
2026-03-13 17:53:54 +01:00