Daniel Pouzzner
df486d8cd5
src/ssl_load.c: fix -Wnull-dereference in wolfssl_ctx_set_tmp_dh() (detected by armel build);
...
.github/workflows/pq-all.yml: for the --enable-sp-math scenario, --disable-quic (QUIC unit tests fail on that combo);
wolfcrypt/test/test.c: add WC_MAYBE_UNUSED to ecdsa_test_deterministic_k_rs(), to fix armel sp-math build.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
363bb0e216
configure.ac:
...
* allow for fips-dev in v7|ready|dev ENABLED_SHA256_DRBG and ENABLED_SHA512_DRBG setup and change from AC_MSG_WARN to AC_MSG_ERROR if user tries to disable outside fips-dev;
* set ENABLED_SHA512_DRBG=no in lean-aesgcm setup;
wolfcrypt/test/test.c: suppress concurrency-mt-unsafe in myFipsCb();
.wolfssl_known_macro_extras: fix lexical order.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
72a39bfa57
wolfssl/wolfcrypt/random.h: fix "comma at end of enumerator list [-Werror=pedantic]" in enum wc_DrbgType.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
b79221acd3
wolfcrypt/test/test.c: in random_bank_test(), accommodate WOLFSSL_DRBG_SHA512 in the WC_RNG_BANK_FLAG_NO_VECTOR_OPS test;
...
linuxkm/lkcapi_sha_glue.c: in wc_mix_pool_bytes(), accommodate WOLFSSL_DRBG_SHA512.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
d14b8f8e79
.github/workflows/:
...
* add "-Wnull-dereference" to all existing "-pedantic -Wdeclaration-after-statement" configs;
* add an --enable-sp-math config to .github/workflows/pq-all.yml and .github/workflows/multi-arch.yml.
2026-04-25 11:47:24 -05:00
Daniel Pouzzner
91c7c8f9fb
wolfcrypt/test/test.c and wolfcrypt/test/test.h: fix gating for dsa_test() and srp_test() prototypes to avoid -Wunused-function in --enable-sp-math builds.
2026-04-25 11:47:24 -05:00
Daniel Pouzzner
91f66fb9c0
tests/api/test_pkcs7.c: in test_wc_PKCS7_BER(), in expected-failure wc_PKCS7_DecodeEnvelopedData() in WOLFSSL_SP_MATH build, allow failure with either WC_KEY_SIZE_E or BUFFER_E, to accommodate blinding added by #10128 / 589feabc0c.
2026-04-25 11:47:24 -05:00
Daniel Pouzzner
1f1b572548
tests/api.c: fix -Wnull-dereferences in wolfSSL_UseSecureRenegotiation().
2026-04-25 11:47:24 -05:00
Daniel Pouzzner
6c9e0ea5a7
linuxkm/lkcapi_ecdsa_glue.c: in km_ecdsa_verify(), add checks on hash_len following pattern of #10131 , before calling wc_ecc_verify_hash(), for defense-in-depth.
2026-04-25 11:47:24 -05:00
David Garske
426dc7bb76
Merge pull request #10236 from Roy-Carter/feature/enhance_conf_and_max_size
...
Enhance extra user data value and external cookie length max size
2026-04-24 14:42:44 -07:00
David Garske
21921408b9
Merge pull request #10216 from ColtonWilley/add-null-checks-public-api
...
Add missing NULL checks in public API functions
2026-04-24 14:42:24 -07:00
JacobBarthelmeh
734a71180c
Merge pull request #10220 from embhorn/zd21596
...
Fix TLS ext bounds checking
2026-04-24 15:10:05 -06:00
JacobBarthelmeh
c6953b868a
Merge pull request #10260 from Frauschi/ecc_fix
...
Fix ECC validation regression
2026-04-24 14:39:50 -06:00
JacobBarthelmeh
46cedcf0f6
Merge pull request #10268 from ColtonWilley/zephyr-4.3-default-tls-support
...
zephyr: changes needed for Zephyr 4.3 default TLS support
2026-04-24 14:30:59 -06:00
JacobBarthelmeh
0c9a496215
Merge pull request #10162 from embhorn/gh9753
...
Use O_CLOEXEC to avoid race conditions
2026-04-24 14:28:00 -06:00
JacobBarthelmeh
a20c391b84
Merge pull request #10282 from kareem-wolfssl/zd21527
...
Fix W560 "possible truncation at implicit conversion to type unsigned char" warnings raised by Tasking compiler.
2026-04-24 14:11:41 -06:00
JacobBarthelmeh
b9514e70be
Merge pull request #10148 from julek-wolfssl/openvpn-master-bn2binpad
...
Add BN_bn2binpad API and enable OpenVPN master CI testing
2026-04-24 13:54:06 -06:00
JacobBarthelmeh
06abf84ca8
Merge pull request #10300 from julek-wolfssl/hostap-remove-ap_wpa2_eap_sim_sql
...
Remove ap_wpa2_eap_sim_sql
2026-04-24 13:50:49 -06:00
JacobBarthelmeh
1da353b516
Merge pull request #10248 from holtrop-wolfssl/rust-digest-signature
...
Rust wrapper: add digest and signature crate trait implementations
2026-04-24 11:15:40 -06:00
JacobBarthelmeh
cf2db428ba
Merge pull request #9843 from kaleb-himes/PQ-FS-2026-Part2
...
Phase 2: PQ in boundary and SHA512 DRBG
2026-04-24 10:55:36 -06:00
Daniel Pouzzner
134f63a38c
Merge pull request #10280 from philljj/no_stddef_h_guard
...
wc_port: guard stddef header include.
2026-04-24 11:33:55 -05:00
Juliusz Sosinowicz
5dad65c04c
Remove ap_wpa2_eap_sim_sql
2026-04-24 17:07:37 +02:00
Colton Willey
008ca51cb5
Add additional macros to known macro list
2026-04-24 06:09:25 -07:00
Eric Blankenhorn
6f2d48cd4c
Fix from review
2026-04-24 07:54:52 -05:00
kaleb-himes
08fd7bde58
PQ FIPS v7.0.0 Phase 2 & 3: All changes
...
Implement peer review feedback
2026-04-24 06:52:49 -06:00
Eric Blankenhorn
412c428b0a
Fix TLS ext bounds checking
2026-04-24 07:23:07 -05:00
Juliusz Sosinowicz
31278ee8bd
Merge pull request #10296 from JacobBarthelmeh/hostap
2026-04-24 14:13:02 +02:00
JacobBarthelmeh
29f674e5b6
avoid glitch hardening false positive byte collision with small messages and adjust test case
2026-04-24 01:08:00 -06:00
Sean Parkinson
936f8e5423
Merge pull request #10203 from Frauschi/pkcs7_fixes
...
PKCS#7 fixes
2026-04-24 10:13:43 +10:00
JacobBarthelmeh
20c1b91914
Merge pull request #10286 from LinuxJedi/git-action
...
ci: add PR commit message sanity check workflow
2026-04-23 17:16:26 -06:00
JacobBarthelmeh
d9beec2e81
Merge pull request #10283 from night1rider/SHE-test-double-free-fix
...
Fix double-free of she2 in she_test()
2026-04-23 16:59:52 -06:00
JacobBarthelmeh
90366b747f
Merge pull request #10142 from kareem-wolfssl/variousFixes2
...
Various fixes
2026-04-23 16:47:21 -06:00
JacobBarthelmeh
72c7d12cfb
exclude the trust anchor from prospective certification path with pathlen check
2026-04-23 16:23:07 -06:00
JacobBarthelmeh
fe8541cc47
Merge pull request #10193 from padelsbach/set-hashtype-in-ports
...
Set hashType in ports
2026-04-23 15:02:30 -06:00
JacobBarthelmeh
6a0303e299
Merge pull request #10066 from dgarske/wc_puf
...
wolfCrypt SRAM PUF Support
2026-04-23 14:28:37 -06:00
JacobBarthelmeh
53e352181e
Merge pull request #10058 from julek-wolfssl/hostap-ec-generate.sh
...
Re-enable hostap tests and remove some flaky tests
2026-04-23 14:09:09 -06:00
JacobBarthelmeh
5277556989
Merge pull request #10264 from JeremiahM37/fenrir-issues-5
...
Harden wolfCrypt input validation and zeroization
2026-04-23 14:06:29 -06:00
JacobBarthelmeh
2ba4d7e6c9
Merge pull request #10210 from ColtonWilley/fix-scr-dangling-ptr-after-tlsx-freeall
...
Fix dangling secure_renegotiation pointer after TLSX_FreeAll
2026-04-23 13:58:24 -06:00
JacobBarthelmeh
118c0ccb53
Merge pull request #10269 from LinuxJedi/repoint-se050
...
Move SE050 simulator under wolfSSL
2026-04-23 13:54:29 -06:00
JacobBarthelmeh
4fe2e7feb3
Merge pull request #10128 from kareem-wolfssl/zd21526_21530
...
PKCS7 Fixes
2026-04-23 13:29:28 -06:00
Daniel Pouzzner
9d46b57af3
Merge pull request #10246 from sameehj/aes-gcm-fix
...
Zero TLS 1.3 traffic keys after AES SE offload
2026-04-23 13:26:59 -05:00
Tobias Frauenschläger
6c5de29758
Fix ECC validation regression
2026-04-23 11:26:33 +02:00
Tobias Frauenschläger
22d1441331
Bounds-check the RecipientInfo SET length in wc_PKCS7_ParseToRecipientInfoSet()
2026-04-23 11:03:24 +02:00
Tobias Frauenschläger
97b82b5087
Add nonce length validation for PKCS#7
2026-04-23 11:03:19 +02:00
Tobias Frauenschläger
b7f6e77a95
Reject PKCS#7 SignedData signer-identity forgery
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
589feabc0c
Harden PKCS#7 EnvelopedData key unwrap
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
3fd4060458
Add more PKCS#7 tests
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
4e423fde17
More PKCS#7 bounds checks
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
46f3ebb0c6
Add missing ForceZero calls in PKCS#7
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
16e1d33f24
Fix invalid preprocessor guard in PKCS7 with SHA224
...
Also add missing ForceZero for ECDH shared secret on the heap.
2026-04-23 09:36:32 +02:00