Josh Holtrop
ca3c779182
Rust wrapper: use consistent rc check in ECC::shared_secret
...
Fixes F-2676
2026-04-28 11:08:09 -04:00
Josh Holtrop
cf199c9ab8
Rust wrapper: replace Lms::sigs_left() with Lms::has_sigs_left()
...
Fixes F-3094
2026-04-28 11:08:08 -04:00
Josh Holtrop
135110232f
Rust wrapper: make ECC::verify_hash C result check more strict
...
Fixes F-1989
2026-04-28 11:08:08 -04:00
Josh Holtrop
40bc5d09f7
Rust wrapper: remove return value from MlKem::encode_{public,private}_key()
...
Fixes F-3093
2026-04-28 11:08:08 -04:00
Josh Holtrop
0cddbb25b2
Rust wrapper: check for NUL-terminated slice in ECC::rs_hex_to_sig
...
Fixes F-3092
2026-04-28 11:08:08 -04:00
Josh Holtrop
79358fea80
Rust wrapper: add mac feature and implement digest/mac traits
2026-04-28 11:08:08 -04:00
Josh Holtrop
84f8b5fa13
Rust wrapper: implement kem traits
2026-04-28 11:08:08 -04:00
Josh Holtrop
c08c16ee8f
Rust wrapper: implement password-hash traits
2026-04-28 11:08:08 -04:00
David Garske
1c9555c121
Merge pull request #10324 from douzzer/20260426-fixes
...
20260426-fixes
2026-04-27 14:06:07 -07:00
Daniel Pouzzner
66ea4daa09
wolfcrypt/src/wc_port.c: in wc_socket_cloexec(), add necessary but undocumented __USE_GNU gating on call to accept4() (pre-includes can bring in socket.h before the override setting of _GNU_SOURCE at the top). Also enable accept4() for FreeBSD.
2026-04-27 11:40:04 -05:00
Daniel Pouzzner
3279b367d7
wolfcrypt/src/wc_lms.c: remove redundant gating on WOLFSSL_LMS_SHAKE256 in wc_LmsParamsMap wc_lms_map[].
2026-04-27 11:37:29 -05:00
Daniel Pouzzner
ac11279c60
wolfcrypt/src/random.c:
...
* add workaround in Hash512_df() for gcc compiler bug around AVX512 and object alignment.
* add missing WC_VERBOSE_RNG clause.
2026-04-27 11:37:15 -05:00
Daniel Pouzzner
1d8028865f
wolfcrypt/benchmark/benchmark.c: add missing WOLFSSL_USE_SAVE_VECTOR_REGISTERS handling in bench_stats_ops_finish().
2026-04-27 11:36:48 -05:00
Daniel Pouzzner
beae56fba7
wolfcrypt/test/test.c:
...
* fix aes_eax_test() for NO_MALLOC (use WC_*_VAR() to allocate eax context).
* in slhdsa_test(), gate the profusely verbose TestDumpData() clauses on WC_SLHDSA_VERBOSE_DEBUG.
2026-04-27 11:36:34 -05:00
Daniel Pouzzner
7035fcf72b
wolfcrypt/src/wc_slhdsa.c:
...
* fix smallstackcache memory leaks in sha256 and sha512 contexts -- don't init or copy over a context that's been inited but not freed, and make sure to explicitly free any context that's been inited or copied over.
* fix uninited-var warnings in slhdsakey_wots_sign(), slhdsakey_xmss_sign(), and slhdsakey_fors_sign() (the uninited-var scenario depends on corrupt arg(s) resulting in zero iterations).
2026-04-27 11:36:15 -05:00
David Garske
3181e2bcf8
Merge pull request #10309 from JacobBarthelmeh/openvpn
...
remove openvpn master from CI test
2026-04-27 08:49:30 -07:00
David Garske
6074a2dbe8
Merge pull request #10308 from douzzer/20260424-fixes
...
20260424-fixes
2026-04-25 16:35:09 -07:00
Daniel Pouzzner
6040cd7915
configure.ac: fix to allow SHAKE force-off FIPS lean-aesgcm setup.
2026-04-25 12:34:25 -05:00
Daniel Pouzzner
0bfa206b74
configure.ac: for FIPS v6 setup, explicitly set WOLFSSL_NOSHA512_224 and WOLFSSL_NOSHA512_256;
...
wolfssl/wolfcrypt/hash.h: when WOLFSSL_NOSHA512_{224,256}, gate out prototypes for wc_Sha512_{224,256}Hash[_ex](), to shift build failures from link-time to compile-time.
2026-04-25 12:21:26 -05:00
Daniel Pouzzner
caffc458af
.github/workflows/: add -Wnull-dereferences to a few -pedantic scenarios missed in the first pass.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
aab90d7a25
tests/api.c: fix false-positive -Wmaybe-uninitialized in test_wolfSSL_clear_secure_renegotiation() with --enable-all CFLAGS=-Og.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
df486d8cd5
src/ssl_load.c: fix -Wnull-dereference in wolfssl_ctx_set_tmp_dh() (detected by armel build);
...
.github/workflows/pq-all.yml: for the --enable-sp-math scenario, --disable-quic (QUIC unit tests fail on that combo);
wolfcrypt/test/test.c: add WC_MAYBE_UNUSED to ecdsa_test_deterministic_k_rs(), to fix armel sp-math build.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
363bb0e216
configure.ac:
...
* allow for fips-dev in v7|ready|dev ENABLED_SHA256_DRBG and ENABLED_SHA512_DRBG setup and change from AC_MSG_WARN to AC_MSG_ERROR if user tries to disable outside fips-dev;
* set ENABLED_SHA512_DRBG=no in lean-aesgcm setup;
wolfcrypt/test/test.c: suppress concurrency-mt-unsafe in myFipsCb();
.wolfssl_known_macro_extras: fix lexical order.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
72a39bfa57
wolfssl/wolfcrypt/random.h: fix "comma at end of enumerator list [-Werror=pedantic]" in enum wc_DrbgType.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
b79221acd3
wolfcrypt/test/test.c: in random_bank_test(), accommodate WOLFSSL_DRBG_SHA512 in the WC_RNG_BANK_FLAG_NO_VECTOR_OPS test;
...
linuxkm/lkcapi_sha_glue.c: in wc_mix_pool_bytes(), accommodate WOLFSSL_DRBG_SHA512.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
d14b8f8e79
.github/workflows/:
...
* add "-Wnull-dereference" to all existing "-pedantic -Wdeclaration-after-statement" configs;
* add an --enable-sp-math config to .github/workflows/pq-all.yml and .github/workflows/multi-arch.yml.
2026-04-25 11:47:24 -05:00
Daniel Pouzzner
91c7c8f9fb
wolfcrypt/test/test.c and wolfcrypt/test/test.h: fix gating for dsa_test() and srp_test() prototypes to avoid -Wunused-function in --enable-sp-math builds.
2026-04-25 11:47:24 -05:00
Daniel Pouzzner
91f66fb9c0
tests/api/test_pkcs7.c: in test_wc_PKCS7_BER(), in expected-failure wc_PKCS7_DecodeEnvelopedData() in WOLFSSL_SP_MATH build, allow failure with either WC_KEY_SIZE_E or BUFFER_E, to accommodate blinding added by #10128 / 589feabc0c.
2026-04-25 11:47:24 -05:00
Daniel Pouzzner
1f1b572548
tests/api.c: fix -Wnull-dereferences in wolfSSL_UseSecureRenegotiation().
2026-04-25 11:47:24 -05:00
Daniel Pouzzner
6c9e0ea5a7
linuxkm/lkcapi_ecdsa_glue.c: in km_ecdsa_verify(), add checks on hash_len following pattern of #10131 , before calling wc_ecc_verify_hash(), for defense-in-depth.
2026-04-25 11:47:24 -05:00
JacobBarthelmeh
186ab8b0c3
remove openvpn master from CI test
2026-04-24 16:55:51 -06:00
David Garske
426dc7bb76
Merge pull request #10236 from Roy-Carter/feature/enhance_conf_and_max_size
...
Enhance extra user data value and external cookie length max size
2026-04-24 14:42:44 -07:00
David Garske
21921408b9
Merge pull request #10216 from ColtonWilley/add-null-checks-public-api
...
Add missing NULL checks in public API functions
2026-04-24 14:42:24 -07:00
JacobBarthelmeh
734a71180c
Merge pull request #10220 from embhorn/zd21596
...
Fix TLS ext bounds checking
2026-04-24 15:10:05 -06:00
JacobBarthelmeh
c6953b868a
Merge pull request #10260 from Frauschi/ecc_fix
...
Fix ECC validation regression
2026-04-24 14:39:50 -06:00
JacobBarthelmeh
46cedcf0f6
Merge pull request #10268 from ColtonWilley/zephyr-4.3-default-tls-support
...
zephyr: changes needed for Zephyr 4.3 default TLS support
2026-04-24 14:30:59 -06:00
JacobBarthelmeh
0c9a496215
Merge pull request #10162 from embhorn/gh9753
...
Use O_CLOEXEC to avoid race conditions
2026-04-24 14:28:00 -06:00
JacobBarthelmeh
a20c391b84
Merge pull request #10282 from kareem-wolfssl/zd21527
...
Fix W560 "possible truncation at implicit conversion to type unsigned char" warnings raised by Tasking compiler.
2026-04-24 14:11:41 -06:00
JacobBarthelmeh
b9514e70be
Merge pull request #10148 from julek-wolfssl/openvpn-master-bn2binpad
...
Add BN_bn2binpad API and enable OpenVPN master CI testing
2026-04-24 13:54:06 -06:00
JacobBarthelmeh
06abf84ca8
Merge pull request #10300 from julek-wolfssl/hostap-remove-ap_wpa2_eap_sim_sql
...
Remove ap_wpa2_eap_sim_sql
2026-04-24 13:50:49 -06:00
JacobBarthelmeh
1da353b516
Merge pull request #10248 from holtrop-wolfssl/rust-digest-signature
...
Rust wrapper: add digest and signature crate trait implementations
2026-04-24 11:15:40 -06:00
JacobBarthelmeh
cf2db428ba
Merge pull request #9843 from kaleb-himes/PQ-FS-2026-Part2
...
Phase 2: PQ in boundary and SHA512 DRBG
2026-04-24 10:55:36 -06:00
Daniel Pouzzner
134f63a38c
Merge pull request #10280 from philljj/no_stddef_h_guard
...
wc_port: guard stddef header include.
2026-04-24 11:33:55 -05:00
Juliusz Sosinowicz
5dad65c04c
Remove ap_wpa2_eap_sim_sql
2026-04-24 17:07:37 +02:00
Colton Willey
008ca51cb5
Add additional macros to known macro list
2026-04-24 06:09:25 -07:00
Eric Blankenhorn
6f2d48cd4c
Fix from review
2026-04-24 07:54:52 -05:00
kaleb-himes
08fd7bde58
PQ FIPS v7.0.0 Phase 2 & 3: All changes
...
Implement peer review feedback
2026-04-24 06:52:49 -06:00
Eric Blankenhorn
412c428b0a
Fix TLS ext bounds checking
2026-04-24 07:23:07 -05:00
Juliusz Sosinowicz
31278ee8bd
Merge pull request #10296 from JacobBarthelmeh/hostap
2026-04-24 14:13:02 +02:00
JacobBarthelmeh
29f674e5b6
avoid glitch hardening false positive byte collision with small messages and adjust test case
2026-04-24 01:08:00 -06:00