David Garske
b5c532703a
Merge pull request #9954 from kareem-wolfssl/gh9951
...
Fix potential overflows in used size calculation in generic, TI and SE050 hash functions.
2026-03-16 15:09:22 -07:00
David Garske
da635c9004
Merge pull request #9980 from anhu/sphincs_no_elseif
...
Fixes SPHINCS else-if chain key detection
2026-03-16 15:03:59 -07:00
David Garske
90377e10c5
Merge pull request #9979 from anhu/falcon_no_elseif
...
Fixes Falcon else-if chain key detection
2026-03-16 15:03:43 -07:00
David Garske
96661a5dab
Merge pull request #9977 from JacobBarthelmeh/multi-test
...
Minor fixes for nightly multi-test tool
2026-03-16 14:31:39 -07:00
JacobBarthelmeh
57f416fc43
Merge pull request #9961 from sebastian-carpenter/tls-ech-coverity
...
minor coverity fixes for tls ech code
2026-03-16 15:27:27 -06:00
Daniel Pouzzner
416072f298
Merge pull request #9969 from Frauschi/mlkem_wconversion
...
ML-KEM Wconversion fixes
2026-03-16 15:03:26 -05:00
David Garske
87906a38ab
Merge pull request #9974 from JacobBarthelmeh/oss-fuzz
...
fix to free CRL reason extension
2026-03-16 13:46:34 -06:00
JacobBarthelmeh
7de150eff0
Merge pull request #9975 from rlm2002/coverity
...
20260313 Coverity changes
2026-03-16 12:52:27 -06:00
Anthony Hu
2939ab7f6a
Fixes SPHINCS else-if chain key detection
...
F-751
2026-03-16 11:20:19 -04:00
Anthony Hu
3b36db0c9d
Fixes Falcon else-if chain key detection
...
F-750
2026-03-16 10:55:28 -04:00
Sean Parkinson
9590255ceb
XMSS: Fix index copy for signing.
...
The index is already big-endian encoded but it needs to be front padded
with zeros instead of back end padded.
2026-03-16 21:24:08 +10:00
JacobBarthelmeh
8f810c2705
clear q with integer.c and mp_div_3 in error case
2026-03-16 00:09:37 -06:00
JacobBarthelmeh
73e425923b
setting heap pointer based on if key is null
2026-03-16 00:08:04 -06:00
Ruby Martin
8b7b6754d9
macro guard with WOLFSSL_SMALL_STACK to prevent dead code
2026-03-13 17:03:02 -06:00
Kareem
0b26791168
Code review feedback
2026-03-13 15:57:18 -07:00
Kareem
3cc15548bc
Code review feedback. Error out on len = 0 as well.
2026-03-13 15:57:18 -07:00
Kareem
0a082b08ca
Code review feedback
2026-03-13 15:57:18 -07:00
Kareem
42b321a7d3
Use safe sum of used size after calculating it. No reason to redo the additions. Fixes unused variable warning as well.
...
Fix different type addition in hash.c.
2026-03-13 15:57:18 -07:00
Kareem
d205fcac87
Fix potential overflows in two additional hash functions.
...
Thanks to Arjuna Arya for the report.
Fixes #9955 .
2026-03-13 15:57:18 -07:00
Kareem
091016a149
Ensure se050Ctx->used does not overflow in se050_hash_update.
...
Thanks to Arjuna Arya for the report.
Fixes #9951 .
2026-03-13 15:57:18 -07:00
JacobBarthelmeh
bbf3beef35
fix to free CRL reason extension
2026-03-13 16:17:52 -06:00
Tobias Frauenschläger
3b4e51c150
ML-KEM Wconversion fixes
...
* fix -Wconversion warnings
* allow APIs without RNG usage in case WC_NO_RNG is defined
2026-03-13 21:22:48 +01:00
Chris Conlon
aa9ee8b4fa
Merge pull request #9963 from JacobBarthelmeh/caam
...
fixes for CAAM port without hash store
2026-03-13 13:45:08 -06:00
sebastian-carpenter
47a24d7b90
minor coverity fixes for tls ech
2026-03-13 11:04:44 -06:00
JacobBarthelmeh
156db7dd2d
Merge pull request #9831 from julek-wolfssl/pytho-3.13.4
...
Fixes to run python with --enable-all
2026-03-13 10:50:23 -06:00
David Garske
0792c674c5
Merge pull request #9960 from philljj/fix_coverity
...
asn: fix coverity null deref warnings.
2026-03-13 06:58:41 +01:00
David Garske
00cd1a7c22
Merge pull request #9962 from night1rider/ecc-dilithium-callback-free-fix
...
Fix expected callback behavior for ECC/Dilithium for Free Callbacks
2026-03-13 06:19:31 +01:00
David Garske
cdacf3a53e
Merge pull request #9964 from SparkiDev/asm_gen_fixes_1
...
SP fixes: 32-bit ARM assembly fixes
2026-03-13 06:16:57 +01:00
Sean Parkinson
bac0563669
Merge pull request #9919 from anhu/lms-leaf-idx
...
Fix buffer-overflow in LMS leaf cache indexing
2026-03-13 10:02:50 +10:00
Sean Parkinson
d23cb79f18
SP fixes: 32-bit ARM assembly fixes
...
mod_exp: subtract from 32 instread of 64 as n is 32 bits
sp_521_ecc_mulmod_fast: look up the last point in constant time when
required.
2026-03-13 09:37:28 +10:00
JacobBarthelmeh
424af6eb5b
Merge pull request #9956 from rlm2002/coverity
...
20260311 Coverity changes
2026-03-12 16:53:39 -06:00
JacobBarthelmeh
357c2ad8e9
fixes for CAAM port without hash store
2026-03-12 15:55:19 -06:00
night1rider
cdbd19551e
Have ret initialized to 0 in wc_ecc_free() and wc_dilithium_free()
2026-03-12 15:40:38 -06:00
night1rider
2626f976f5
Update the PKCS11 ECC and dilithium free handlers so they will now return CRYPTOCB_UNAVAILABLE after attempting the context free so the caller still does software cleanup on the rest of the context that the callback does not handle.
2026-03-12 15:18:56 -06:00
JacobBarthelmeh
80ba723e16
Merge pull request #9943 from philljj/fix_evp_set_iv_length
...
evp: check ivLen in wolfSSL_EVP_CIPHER_CTX_set_iv_length.
2026-03-12 14:47:32 -06:00
night1rider
5ff2b55345
Fix Free Callback Behavior for Dilithium's free callback path so that it respects the return code of the callback
2026-03-12 14:45:33 -06:00
JacobBarthelmeh
c1f71fcf33
Merge pull request #9959 from philljj/fix_wolfboot_build
...
asn: add HAVE_OCSP_RESPONDER guard, to fix wolfboot build.
2026-03-12 14:44:29 -06:00
JacobBarthelmeh
351d2594ac
Merge pull request #9938 from SparkiDev/regression_fixes_23
...
Fixes from regression testing
2026-03-12 14:41:18 -06:00
night1rider
e766b8f0af
Update the wolfCrypt test so that Dilithium init so that devID will get passed to hit callback paths when configured and that Dilithium will be retested in the callback section of the wolfCrypt test.
2026-03-12 14:31:05 -06:00
night1rider
9d65982d80
Fix Free Callback Behavior for ECC's free callback path so that it respects the return code of the callback
2026-03-12 14:24:10 -06:00
night1rider
352daa085b
Add test case for free ecc/dilithum callback for expected behavior to match existing free callback code paths
2026-03-12 14:18:31 -06:00
jordan
02bdde0264
asn: fix coverity null deref warnings.
2026-03-12 14:28:24 -05:00
Ruby Martin
d359f420ab
set *inLen = outLen if output == NULL, if != NULL, check that outLen <= *inLen before assigning *inLen = outLen
2026-03-12 10:25:14 -06:00
Ruby Martin
d432759fdd
verify algoSz is <= MAX_ALGO_SZ
2026-03-12 09:53:34 -06:00
Ruby Martin
8314aa56ae
catch MEMORY_E from CALLOC_ASNSETDATA()
2026-03-12 09:53:34 -06:00
jordan
d67c034b14
asn: add HAVE_OCSP_RESPONDER guard, to fix wolfboot build.
2026-03-12 10:50:18 -05:00
Juliusz Sosinowicz
4fbc81916c
Address final comments from #9761
...
- Fix line length
- Remove duplicate comment
- Check return of `wc_HashGetDigestSize`
- Use constant instead of magic number
2026-03-12 12:30:13 +01:00
JacobBarthelmeh
0de6e8fd50
Merge pull request #9950 from douzzer/20260311-bench_slhdsa-smallstack
...
20260311-bench_slhdsa-smallstack
2026-03-11 17:30:08 -06:00
JacobBarthelmeh
a8dfa59bbe
Merge pull request #9761 from julek-wolfssl/ocsp-responder
...
Implement OCSP responder
2026-03-11 17:27:33 -06:00
Sean Parkinson
bbd2f6f898
Fixes from regression testing
...
CRL APIs not usable when NO_ASN_TIME defined.
WOLFSSL_TLS13 needs to be defined with HAVE_ECH.
When session ticket encrypted with CBC, must be a multiple of block
size.
Fix test define protection.
Fix ML-DSA protection of reduction functions.
Need !NO_RSA with WC_RSA_PSS.
Connection ID is not a DTLS 1.3 only extension.
2026-03-12 08:19:39 +10:00