David Garske
42581e4c05
Merge pull request #9982 from julek-wolfssl/DoTls13CertificateRequest-certsetup
...
DoTls13CertificateRequest: call CertSetupCbWrapper only once
2026-03-19 12:32:39 -07:00
David Garske
533e9b0859
Merge pull request #9995 from julek-wolfssl/zd/21341
...
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
2026-03-19 12:27:38 -07:00
JacobBarthelmeh
6f386fd6b2
Merge pull request #9981 from julek-wolfssl/fenrir/260316
...
Fenrir fixes
2026-03-17 08:36:11 -06:00
Juliusz Sosinowicz
0644369456
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
...
ZD21341
2026-03-17 14:59:04 +01:00
Tobias Frauenschläger
10b98733f2
Add tests for individual ML-KEM levels (based on #9777 )
...
Also fix minor problems found with these tests
2026-03-17 12:43:15 +01:00
Tobias Frauenschläger
76b1300adb
ML-KEM fixes
...
* DTLS 1.3 cookie and CH frag handling
* static memory handling
* Fix memory leak in TLS server PQC handling in case of ECH
* Make sure hybrids are actually tested in testsuite
2026-03-17 12:43:15 +01:00
Juliusz Sosinowicz
c6f41bce2f
Fix memory leak on hash failure in LoadCertByIssuer
...
F-721
2026-03-16 15:14:26 -07:00
Juliusz Sosinowicz
4596e9e1a7
Fix error return in InitSSL verify param path
...
F-720
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz
a9a9eae4d9
Fix error propagation in InitSSL QUIC path
...
F-719
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz
3ff051f3e4
Use secure wipe for RSA temporary
...
F-718
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz
0d7ef87f09
Fix bounds check in session deserialization
...
F-717
2026-03-16 15:14:25 -07:00
David Garske
96661a5dab
Merge pull request #9977 from JacobBarthelmeh/multi-test
...
Minor fixes for nightly multi-test tool
2026-03-16 14:31:39 -07:00
JacobBarthelmeh
57f416fc43
Merge pull request #9961 from sebastian-carpenter/tls-ech-coverity
...
minor coverity fixes for tls ech code
2026-03-16 15:27:27 -06:00
David Garske
77c7418052
Merge pull request #9973 from JacobBarthelmeh/static_analysis
...
fix to sanity check on importing raw session key info
2026-03-16 13:46:53 -06:00
JacobBarthelmeh
7de150eff0
Merge pull request #9975 from rlm2002/coverity
...
20260313 Coverity changes
2026-03-16 12:52:27 -06:00
Juliusz Sosinowicz
2051297ab0
DoTls13CertificateRequest: call CertSetupCbWrapper only once
2026-03-16 17:02:02 +01:00
JacobBarthelmeh
f8dda213b0
Merge pull request #9972 from cconlon/getCiphersCompatFix
...
Fix wolfSSL_get_ciphers_compat() to return NULL for empty cipher list
2026-03-16 08:29:00 -06:00
JacobBarthelmeh
681fb41fcb
Null check on SNI pointer before potential use
2026-03-16 00:06:38 -06:00
Ruby Martin
1ac4ba282b
remove early der free
2026-03-13 17:03:02 -06:00
JacobBarthelmeh
d36f7a2b99
fix to sanity check on importing raw session key info
2026-03-13 15:32:46 -06:00
Chris Conlon
428030a3e8
Fix wolfSSL_get_ciphers_compat to return NULL when no ciphers available
2026-03-13 15:07:25 -06:00
Kareem
94b370f5e2
Rework check to compare only ints.
2026-03-13 11:42:12 -07:00
Kareem
19b99f8072
Ensure the length computed by CheckHeaders in the SSL sniffer does not exceed the actual size of the packets.
...
Thanks to Haruto Kimura (Stella) for the report.
2026-03-13 11:42:12 -07:00
sebastian-carpenter
47a24d7b90
minor coverity fixes for tls ech
2026-03-13 11:04:44 -06:00
JacobBarthelmeh
156db7dd2d
Merge pull request #9831 from julek-wolfssl/pytho-3.13.4
...
Fixes to run python with --enable-all
2026-03-13 10:50:23 -06:00
JacobBarthelmeh
e5594a6366
Merge pull request #9889 from rlm2002/F29
...
remove word16 cast, add WOLFSSL_MAX_16BIT check
2026-03-12 14:54:19 -06:00
JacobBarthelmeh
67abcc6f2d
Merge pull request #9949 from philljj/fix_d2i_SSL_SESSION
...
ssl_sess: check fields in wolfSSL_d2i_SSL_SESSION.
2026-03-12 14:45:29 -06:00
JacobBarthelmeh
351d2594ac
Merge pull request #9938 from SparkiDev/regression_fixes_23
...
Fixes from regression testing
2026-03-12 14:41:18 -06:00
JacobBarthelmeh
a05a3ed1c2
Merge pull request #9940 from cconlon/pathLenSet
...
Fix pathlen not copied in ASN1_OBJECT_dup and not marked set in X509_add_ext
2026-03-12 10:34:58 -06:00
Juliusz Sosinowicz
4fbc81916c
Address final comments from #9761
...
- Fix line length
- Remove duplicate comment
- Check return of `wc_HashGetDigestSize`
- Use constant instead of magic number
2026-03-12 12:30:13 +01:00
JacobBarthelmeh
a8dfa59bbe
Merge pull request #9761 from julek-wolfssl/ocsp-responder
...
Implement OCSP responder
2026-03-11 17:27:33 -06:00
Sean Parkinson
bbd2f6f898
Fixes from regression testing
...
CRL APIs not usable when NO_ASN_TIME defined.
WOLFSSL_TLS13 needs to be defined with HAVE_ECH.
When session ticket encrypted with CBC, must be a multiple of block
size.
Fix test define protection.
Fix ML-DSA protection of reduction functions.
Need !NO_RSA with WC_RSA_PSS.
Connection ID is not a DTLS 1.3 only extension.
2026-03-12 08:19:39 +10:00
sebastian-carpenter
bb7c6a13c8
ECH tidying
2026-03-11 12:07:20 -06:00
sebastian-carpenter
8a7d327d24
ECH fixes F-293, F-201, F-358, F-203
2026-03-11 10:06:37 -06:00
sebastian-carpenter
032dbe6878
ECH fixes F-292, F-28
2026-03-11 10:06:36 -06:00
Chris Conlon
354691d24a
Copy pathlen in ASN1_OBJECT_dup() and set pathLengthSet in X509_add_ext() when adding basic constraints with a path length
2026-03-11 09:59:19 -06:00
sebastian-carpenter
e17ac41070
TLS ECH fixes [SNI, api.c, server.c, comments]
2026-03-11 09:52:13 -06:00
sebastian-carpenter
58625d1f03
corrections for ECH specification
2026-03-11 09:52:11 -06:00
sebastian-carpenter
c3a38dced7
testing + bug fixes for TLS ECH
2026-03-11 08:56:26 -06:00
sebastian-carpenter
cb2d693550
bad rebase + fixing dtls13 support for ECH
2026-03-11 08:54:00 -06:00
sebastian-carpenter
a2fe12a38a
TLS ECH OuterExtensions support (Server side)
2026-03-11 08:54:00 -06:00
sebastian-carpenter
30cfb385eb
fixed seg fault when confirmation not present
2026-03-11 08:54:00 -06:00
sebastian-carpenter
3605c2a417
client and server fix for TLS ECH
2026-03-11 08:54:00 -06:00
jordan
0a99a08b0f
ssl_sess: check fields in wolfSSL_d2i_SSL_SESSION.
2026-03-11 09:47:15 -05:00
Juliusz Sosinowicz
6bb122d29f
Address copilot review
2026-03-11 11:08:44 +01:00
Juliusz Sosinowicz
6fc83e292b
Address code review
2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz
9015ae9e17
Return unknown information inside of Basic Responde
2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz
10be06d747
Address copilot feedback
2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz
9a9eb2bf1d
Add ocsp responder test to testsuite.c and tested on windows
2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz
a795b19db2
Implement copilot suggestions
2026-03-11 10:21:16 +01:00