Sean Parkinson
f15199906d
SP int: fixes from AI review
...
Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to
unit.test.
sp_int.c:
Fixes to comments.
Added more define build options documentation to top of file.
Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined.
Fixes for when a->used is 0 and no underflow - not actually a problem
but cleaner code.
sp_sub has different checks on a->used when values are only positive.
sp_dic_2d missing check for e less than zero.
sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i
to int to handle a->used of 0 and make code tidier.
Configuration testing fixes.
Fix formatting in test.c.
Added 128-bit types word128 and sword128 for cleaner PKCS#12 code.
2026-03-24 10:49:58 +10:00
David Garske
20f640a19f
Merge pull request #10035 from night1rider/allow-0-len-input-hash-update
...
Allow zero-length input in _wc_Hash_Grow and fix SHA Copy MAX32666
2026-03-21 15:20:53 -07:00
David Garske
6f23de44e6
Merge pull request #10036 from douzzer/20260319-trace-errocde-runtime-control-and-various-fixes
...
20260319-trace-errcode-runtime-control-and-various-fixes
2026-03-21 15:05:39 -07:00
Daniel Pouzzner
5175bc10e7
wolfssl/wolfcrypt/error-crypt.h: fix "error: ISO C forbids braced-groups within expressions [-Werror=pedantic]".
2026-03-20 17:28:19 -05:00
night1rider
92e3647a32
Fix wc_MXC_TPU_SHA_Copy to deep copy src msg buffer instead of freed dst pointer
2026-03-20 16:11:09 -06:00
night1rider
5b3750c39f
Allow zero length inputs to _wc_Hash_Grow to be a succesful no-op
...
Added '--enable-all CPPFLAGS=-DWOLFSSL_HASH_KEEP' to the make_check matrix in os-check.yml.
2026-03-20 14:06:55 -06:00
Daniel Pouzzner
15dcd1e3bd
src/ssl.c: fixes for -Wsign-compares in wolfSSL_ERR_GET_REASON().
2026-03-20 14:53:05 -05:00
Daniel Pouzzner
2b47453800
configure.ac: add SHAKE_DEFAULT, following ENABLED_SHA3, with a FIPS v6 threshold.
2026-03-20 14:53:05 -05:00
Daniel Pouzzner
a98499866d
wolfcrypt/src/wc_mlkem.c, wolfcrypt/src/wc_mlkem_poly.c, wolfssl/wolfcrypt/mlkem.h, wolfssl/wolfcrypt/wc_mlkem.h: fixes for C89 compliance and aarch64-FIPS-linuxkm compatibility.
2026-03-20 14:53:05 -05:00
Daniel Pouzzner
b68991195f
configure.ac:
...
* don't default-enable ML-KEM if SHA3/SHAKE are explicitly disabled at user request, or if FIPS <7.
* move ML-KEM flag setup after FIPS setup (like SHA3 and SHAKE flag setup) to allow FIPS overrides.
* remove the unused and misleading "v6-ready" FIPS flavor, and fix v6-dev to get the v6 version triplet.
2026-03-20 14:53:05 -05:00
Daniel Pouzzner
1fc7949225
linuxkm/lkcapi_aes_glue.c: don't log wc_AesSetKey failures for invalid keylens, to avoid log noise on expected-failure kernel native crypto self-test.
2026-03-20 14:53:05 -05:00
Daniel Pouzzner
ba743ccd5b
wolfcrypt/src/logging.c, wolfssl/wolfcrypt/error-crypt.h, and wolfssl/wolfcrypt/logging.h: implement WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE, wc_debug_trace_error_codes_enabled(), and wc_debug_trace_error_codes_set(), to allow runtime control of error tracing.
2026-03-20 14:53:05 -05:00
Daniel Pouzzner
84a4abfaa8
wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: implement wolfSSL_Atomic_Int_Exchange().
2026-03-20 14:53:05 -05:00
David Garske
0f41e99c34
Merge pull request #10024 from embhorn/zd21390
...
Fix DecodeAltNames length check
2026-03-20 12:13:02 -07:00
David Garske
994a1fbacc
Merge pull request #9970 from JacobBarthelmeh/bench
...
use heap hint with dilithium benchmark
2026-03-20 09:46:56 -07:00
David Garske
9877bec7b7
Merge pull request #9997 from JacobBarthelmeh/qt
...
add back WOLFSSL_QT macro guard for get cipher name behavior
2026-03-20 09:46:40 -07:00
David Garske
45b31a1828
Merge pull request #10003 from SparkiDev/port_ai_review_1
...
Fixes from AI review
2026-03-20 08:36:30 -07:00
David Garske
d49df869d9
Merge pull request #9935 from padelsbach/padelsbach/san-ip-addr-test
...
Add IP SAN matching
2026-03-20 08:15:00 -07:00
David Garske
82b6b9cb22
Merge pull request #10018 from embhorn/zd21389
...
Fix GetSafeContent to check length
2026-03-20 08:08:16 -07:00
David Garske
2c030ddb0d
Merge pull request #10017 from embhorn/zd21388
...
Fix ssl_DecodePacketInternal chain processing
2026-03-20 08:07:54 -07:00
David Garske
440fb7092f
Merge pull request #10023 from SparkiDev/asm_gen_fixes_2
...
ASM generation fixes
2026-03-20 08:00:57 -07:00
David Garske
3e820e591b
Merge pull request #9946 from LinuxJedi/lms-xmss-flags
...
Automatically turn on LMS / XMSS full hash
2026-03-20 08:00:12 -07:00
Eric Blankenhorn
8ffb096fc5
Fix from review
2026-03-20 09:06:22 -05:00
Eric Blankenhorn
6446bb2115
Fix DecodeAltNames length check
2026-03-20 08:16:47 -05:00
Andrew Hutchings
4cdb979920
Remove unneeded entries from known macro extras
2026-03-20 11:12:15 +00:00
Andrew Hutchings
dca9951355
Fixup code comments in XMSS and LMS
2026-03-20 10:22:46 +00:00
Sean Parkinson
ec958de649
ASM generation fixes
...
Many comment fixes, label renaming and non-functional changes.
Bug Fixes
x86_64 (aes_xts_asm.S/.asm)
- Removed a spurious movl %edx, %eax that was clobbering a register,
then
fixed two comparisons to use %edx instead of the now-stale %eax. This
was a
functional bug in AES-XTS key-rounds selection.
x86_64 (fe_x25519_asm.S)
- Changed xor %rbx, %rbx → xorq %rbx, %rbx (explicit 64-bit operand
size
suffix).
ARM32 (sp_arm32.c, sp_cortexm.c)
- Fixed typo in assembly label names: sub_in_pkace → sub_in_place
(both label
definitions and branch targets). Affected 2048-bit and 3072-bit SP
functions.
- Fixed wrong source register in multiply/accumulate sequences: r11 →
r7 and
r3 → r4 (functional register-use bugs).
ARM32 ChaCha (armv8-32-chacha-asm.S/_c.c)
- Fixed label typo: same_keyb_ytes → same_key_bytes
- Fixed NEON instruction syntax: vrev32.i16 → vrev32.16 (invalid
mnemonic →
correct ARM NEON form, affects multiple sites)
ARM32 SHA3 (armv8-32-sha3-asm_c.c, .S)
- Fixed symbol name typo: L_sha3_arm2_neon_rt / L_sha3_arm2_rt →
L_sha3_arm32_neon_rt / L_sha3_arm32_rt
ARM32 AES (armv8-32-aes-asm_c.c, thumb2-aes-asm_c.c, .S variants)
- Fixed #endif comment: WOLFSSL_ARMASM_AES_BLOCK_INLINE →
!WOLFSSL_ARMASM_AES_BLOCK_INLINE (logic inversion was missing from the
comment)
ARM64 ChaCha (armv8-chacha-asm_c.c/.S)
- Fixed label typo: arm64loop_lt_8 → arm64_loop_lt_8
ARM32 ML-KEM (armv8-32-mlkem-asm.S/_c.c)
- Fixed #endif comment typo: WOLFSLS_ARM_ARCH → WOLFSSL_ARM_ARCH
(across many
occurrences)
SHA-512 (sha512_asm.S)
- Corrected off-by-one in comments: msg_sched done: 0-3 → 0-1, 2-5 →
2-3, etc.
(only 2 entries scheduled per block, not 4)
2026-03-20 11:56:25 +10:00
JacobBarthelmeh
5b9d0a13bf
Merge pull request #9992 from dgarske/macro_docs
...
Add inline documentation for missing macros and fix spelling errors
2026-03-19 17:08:33 -06:00
Paul Adelsbach
041bb185c6
Add IP SAN matching
2026-03-19 15:10:21 -07:00
Eric Blankenhorn
b4d2cd6d9c
Fix feedback from review
2026-03-19 15:22:39 -05:00
Chris Conlon
8b388ba3e3
Merge pull request #10011 from mattia-moffa/20260319-jni-no-md5
...
Don't force enable MD5 with --enable-jni
2026-03-19 14:16:18 -06:00
Eric Blankenhorn
e0a19a798e
Fix GetSafeContent to check length
2026-03-19 15:09:02 -05:00
Eric Blankenhorn
a66e29473e
Fix ssl_DecodePacketInternal chain processing
2026-03-19 14:56:24 -05:00
David Garske
255f14bab9
Merge pull request #9732 from Frauschi/pqc_first
...
Enable and use ML-KEM by default
2026-03-19 12:38:36 -07:00
David Garske
679366a5a4
Merge pull request #9991 from kareem-wolfssl/zd21354_2
...
Disallow wildcard partial domains when using MatchDomainName.
2026-03-19 12:35:14 -07:00
David Garske
3e8338dbc7
Merge pull request #9993 from kojo1/brainpool
...
Brainpool to set1_sigalgs_list
2026-03-19 12:34:54 -07:00
David Garske
056b95235e
Merge pull request #9990 from rlm2002/coverity
...
Coverity: fix more null derefs
2026-03-19 12:32:51 -07:00
David Garske
42581e4c05
Merge pull request #9982 from julek-wolfssl/DoTls13CertificateRequest-certsetup
...
DoTls13CertificateRequest: call CertSetupCbWrapper only once
2026-03-19 12:32:39 -07:00
David Garske
e642d57528
Merge pull request #10002 from julek-wolfssl/ignore-claud.md
...
Ignore CLAUDE.md
2026-03-19 12:30:47 -07:00
David Garske
c83dc5c254
Merge pull request #10005 from JeremiahM37/f-753
...
Fix sz==0 buffer underflow in devcrypto AES-CBC
2026-03-19 12:29:24 -07:00
David Garske
0d7c58e3e7
Merge pull request #9912 from LinuxJedi/se050-fixes2
...
Fix SE050 RSA-PSS signing, key cleanup, and mutex leaks
2026-03-19 12:28:47 -07:00
David Garske
533e9b0859
Merge pull request #9995 from julek-wolfssl/zd/21341
...
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
2026-03-19 12:27:38 -07:00
David Garske
be7bf60e38
Merge pull request #10010 from SparkiDev/dilithium_ctxlen_byte
...
Dilithium: fix API so that context length is byte
2026-03-19 12:26:42 -07:00
David Garske
a636c730c0
Merge pull request #9953 from holtrop-wolfssl/rust-wolfssl-wolfcrypt-1.2.0
...
Rust wrapper: wolfssl-wolfcrypt crate version 1.2.0
2026-03-19 12:19:50 -07:00
David Garske
325413f94a
Merge pull request #9983 from Frauschi/bench_stack_fix
...
Fix stack tracking in wolfCrypt benchmark
2026-03-19 11:55:30 -07:00
Daniel Pouzzner
b6f481070f
Merge pull request #9996 from sameehj/linuxkm-fix
...
linuxkm/lkcapi_aes_glue.c: fix scatterwalk_map error handling in AesG…
2026-03-19 12:35:32 -05:00
David Garske
63f6f0511b
Merge pull request #10014 from danielinux/fix-regression-missing-include
...
Add missing include in asn.h
2026-03-19 08:57:23 -07:00
Daniele Lacamera
cdc9c0a496
Add missing include in asn.h
2026-03-19 16:35:42 +01:00
Daniel Pouzzner
46f4b3b2c4
Merge pull request #10013 from JacobBarthelmeh/format
...
remove trailing white space in ChangeLog.md
2026-03-18 23:47:55 -05:00
Sean Parkinson
a8247bfd62
Dilithium: fix API so that context length is byte
...
Only allowed to have a context length of 0..255 bytes.
Make all context len parameters type byte.
2026-03-19 14:28:22 +10:00