sebastian-carpenter
cbb7bfc53a
improved ifdef's for hpke
2026-03-19 13:59:57 -06:00
sebastian-carpenter
fcedc91d38
touch-ups:
...
- shrink ech interop workflow
- x448 macro now unused in hpke WOLFSSL_LOCAL functions
- bug fixes in added tests
2026-03-18 15:47:52 -06:00
sebastian-carpenter
7e9f9dc140
refactor openssl-ech workflow + add suite testing
2026-03-17 16:29:58 -06:00
sebastian-carpenter
8445493dd9
hpke snake_case to camelCase
2026-03-17 14:43:06 -06:00
sebastian-carpenter
36580b0ae8
move hpke-esque code out of tls
2026-03-17 14:43:06 -06:00
sebastian-carpenter
5acdcf6ad7
hpke uses wrong kdf/kem digest
2026-03-17 14:42:57 -06:00
JacobBarthelmeh
7ad9c25a5b
Merge pull request #9978 from SparkiDev/xmss_sign_idx_fix
...
XMSS: Fix index copy for signing.
2026-03-16 09:20:38 -06:00
JacobBarthelmeh
f8dda213b0
Merge pull request #9972 from cconlon/getCiphersCompatFix
...
Fix wolfSSL_get_ciphers_compat() to return NULL for empty cipher list
2026-03-16 08:29:00 -06:00
Sean Parkinson
9590255ceb
XMSS: Fix index copy for signing.
...
The index is already big-endian encoded but it needs to be front padded
with zeros instead of back end padded.
2026-03-16 21:24:08 +10:00
JacobBarthelmeh
a6195c30c1
Merge pull request #9947 from kareem-wolfssl/zd21325
...
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
2026-03-13 15:37:24 -06:00
Chris Conlon
428030a3e8
Fix wolfSSL_get_ciphers_compat to return NULL when no ciphers available
2026-03-13 15:07:25 -06:00
Chris Conlon
aa9ee8b4fa
Merge pull request #9963 from JacobBarthelmeh/caam
...
fixes for CAAM port without hash store
2026-03-13 13:45:08 -06:00
JacobBarthelmeh
73eb8f933b
Merge pull request #9967 from Frauschi/pqc_cmake
...
Move PQC algos out of experimental in CMake
2026-03-13 13:12:53 -06:00
Kareem
94b370f5e2
Rework check to compare only ints.
2026-03-13 11:42:12 -07:00
Kareem
19b99f8072
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
...
Thanks to Haruto Kimura (Stella) for the report.
2026-03-13 11:42:12 -07:00
Tobias Frauenschläger
da94ea6265
Move PQC algos out of experimental in CMake
...
This has already been done long time in autoconf. User
now does not have to enable experimental features to use
PQC.
2026-03-13 17:53:54 +01:00
JacobBarthelmeh
156db7dd2d
Merge pull request #9831 from julek-wolfssl/pytho-3.13.4
...
Fixes to run python with --enable-all
2026-03-13 10:50:23 -06:00
David Garske
0792c674c5
Merge pull request #9960 from philljj/fix_coverity
...
asn: fix coverity null deref warnings.
2026-03-13 06:58:41 +01:00
David Garske
00cd1a7c22
Merge pull request #9962 from night1rider/ecc-dilithium-callback-free-fix
...
Fix expected callback behavior for ECC/Dilithium for Free Callbacks
2026-03-13 06:19:31 +01:00
David Garske
cdacf3a53e
Merge pull request #9964 from SparkiDev/asm_gen_fixes_1
...
SP fixes: 32-bit ARM assembly fixes
2026-03-13 06:16:57 +01:00
Sean Parkinson
bac0563669
Merge pull request #9919 from anhu/lms-leaf-idx
...
Fix buffer-overflow in LMS leaf cache indexing
2026-03-13 10:02:50 +10:00
Sean Parkinson
d23cb79f18
SP fixes: 32-bit ARM assembly fixes
...
mod_exp: subtract from 32 instread of 64 as n is 32 bits
sp_521_ecc_mulmod_fast: look up the last point in constant time when
required.
2026-03-13 09:37:28 +10:00
JacobBarthelmeh
424af6eb5b
Merge pull request #9956 from rlm2002/coverity
...
20260311 Coverity changes
2026-03-12 16:53:39 -06:00
JacobBarthelmeh
357c2ad8e9
fixes for CAAM port without hash store
2026-03-12 15:55:19 -06:00
night1rider
cdbd19551e
Have ret initialized to 0 in wc_ecc_free() and wc_dilithium_free()
2026-03-12 15:40:38 -06:00
night1rider
2626f976f5
Update the PKCS11 ECC and dilithium free handlers so they will now return CRYPTOCB_UNAVAILABLE after attempting the context free so the caller still does software cleanup on the rest of the context that the callback does not handle.
2026-03-12 15:18:56 -06:00
JacobBarthelmeh
e5594a6366
Merge pull request #9889 from rlm2002/F29
...
remove word16 cast, add WOLFSSL_MAX_16BIT check
2026-03-12 14:54:19 -06:00
JacobBarthelmeh
80ba723e16
Merge pull request #9943 from philljj/fix_evp_set_iv_length
...
evp: check ivLen in wolfSSL_EVP_CIPHER_CTX_set_iv_length.
2026-03-12 14:47:32 -06:00
night1rider
5ff2b55345
Fix Free Callback Behavior for Dilithium's free callback path so that it respects the return code of the callback
2026-03-12 14:45:33 -06:00
JacobBarthelmeh
67abcc6f2d
Merge pull request #9949 from philljj/fix_d2i_SSL_SESSION
...
ssl_sess: check fields in wolfSSL_d2i_SSL_SESSION.
2026-03-12 14:45:29 -06:00
JacobBarthelmeh
c1f71fcf33
Merge pull request #9959 from philljj/fix_wolfboot_build
...
asn: add HAVE_OCSP_RESPONDER guard, to fix wolfboot build.
2026-03-12 14:44:29 -06:00
JacobBarthelmeh
351d2594ac
Merge pull request #9938 from SparkiDev/regression_fixes_23
...
Fixes from regression testing
2026-03-12 14:41:18 -06:00
night1rider
e766b8f0af
Update the wolfCrypt test so that Dilithium init so that devID will get passed to hit callback paths when configured and that Dilithium will be retested in the callback section of the wolfCrypt test.
2026-03-12 14:31:05 -06:00
night1rider
9d65982d80
Fix Free Callback Behavior for ECC's free callback path so that it respects the return code of the callback
2026-03-12 14:24:10 -06:00
night1rider
352daa085b
Add test case for free ecc/dilithum callback for expected behavior to match existing free callback code paths
2026-03-12 14:18:31 -06:00
jordan
02bdde0264
asn: fix coverity null deref warnings.
2026-03-12 14:28:24 -05:00
JacobBarthelmeh
a05a3ed1c2
Merge pull request #9940 from cconlon/pathLenSet
...
Fix pathlen not copied in ASN1_OBJECT_dup and not marked set in X509_add_ext
2026-03-12 10:34:58 -06:00
JacobBarthelmeh
2831a1e864
Merge pull request #9958 from julek-wolfssl/ocsp-responder-follow-up
...
Address final comments from #9761
2026-03-12 10:29:56 -06:00
Ruby Martin
d359f420ab
set *inLen = outLen if output == NULL, if != NULL, check that outLen <= *inLen before assigning *inLen = outLen
2026-03-12 10:25:14 -06:00
Ruby Martin
6ebd967345
bounds check on ext_dump
2026-03-12 09:53:35 -06:00
Ruby Martin
d432759fdd
verify algoSz is <= MAX_ALGO_SZ
2026-03-12 09:53:34 -06:00
Ruby Martin
8314aa56ae
catch MEMORY_E from CALLOC_ASNSETDATA()
2026-03-12 09:53:34 -06:00
jordan
d67c034b14
asn: add HAVE_OCSP_RESPONDER guard, to fix wolfboot build.
2026-03-12 10:50:18 -05:00
Juliusz Sosinowicz
4fbc81916c
Address final comments from #9761
...
- Fix line length
- Remove duplicate comment
- Check return of `wc_HashGetDigestSize`
- Use constant instead of magic number
2026-03-12 12:30:13 +01:00
JacobBarthelmeh
0de6e8fd50
Merge pull request #9950 from douzzer/20260311-bench_slhdsa-smallstack
...
20260311-bench_slhdsa-smallstack
2026-03-11 17:30:08 -06:00
JacobBarthelmeh
a8dfa59bbe
Merge pull request #9761 from julek-wolfssl/ocsp-responder
...
Implement OCSP responder
2026-03-11 17:27:33 -06:00
Sean Parkinson
bbd2f6f898
Fixes from regression testing
...
CRL APIs not usable when NO_ASN_TIME defined.
WOLFSSL_TLS13 needs to be defined with HAVE_ECH.
When session ticket encrypted with CBC, must be a multiple of block
size.
Fix test define protection.
Fix ML-DSA protection of reduction functions.
Need !NO_RSA with WC_RSA_PSS.
Connection ID is not a DTLS 1.3 only extension.
2026-03-12 08:19:39 +10:00
JacobBarthelmeh
c15715ed54
Merge pull request #9737 from sebastian-carpenter/tls-ech-confirmation-fix
...
TLS ECH Testing Improvements
2026-03-11 15:11:13 -06:00
Anthony Hu
00d0b09401
Fix buffer-overflow in LMS leaf cache indexing
...
wc_lms_treehash_init() writes leaf node hashes into the leaf cache
using an absolute index (i * hash_len), but the cache is only
max_cb entries starting from leaf->idx. When leaf->idx > 0 (which
occurs when wc_LmsKey_Reload is called after signing more than
max_cb times), the write goes past the end of the cache buffer.
Fix by using the relative offset (i - leaf->idx) * hash_len instead.
Added unit tests (test_lms.c):
- test_wc_LmsKey_sign_verify: basic sign/verify sanity check
- test_wc_LmsKey_reload_cache: (TDD) reproduces the overflow by
signing 33 times then reloading the key
2026-03-11 16:58:48 -04:00
sebastian-carpenter
bb7c6a13c8
ECH tidying
2026-03-11 12:07:20 -06:00