Daniel Pouzzner
aab90d7a25
tests/api.c: fix false-positive -Wmaybe-uninitialized in test_wolfSSL_clear_secure_renegotiation() with --enable-all CFLAGS=-Og.
2026-04-25 11:47:25 -05:00
Daniel Pouzzner
1f1b572548
tests/api.c: fix -Wnull-dereferences in wolfSSL_UseSecureRenegotiation().
2026-04-25 11:47:24 -05:00
JacobBarthelmeh
734a71180c
Merge pull request #10220 from embhorn/zd21596
...
Fix TLS ext bounds checking
2026-04-24 15:10:05 -06:00
kaleb-himes
08fd7bde58
PQ FIPS v7.0.0 Phase 2 & 3: All changes
...
Implement peer review feedback
2026-04-24 06:52:49 -06:00
Eric Blankenhorn
412c428b0a
Fix TLS ext bounds checking
2026-04-24 07:23:07 -05:00
Juliusz Sosinowicz
31278ee8bd
Merge pull request #10296 from JacobBarthelmeh/hostap
2026-04-24 14:13:02 +02:00
Sean Parkinson
936f8e5423
Merge pull request #10203 from Frauschi/pkcs7_fixes
...
PKCS#7 fixes
2026-04-24 10:13:43 +10:00
JacobBarthelmeh
72c7d12cfb
exclude the trust anchor from prospective certification path with pathlen check
2026-04-23 16:23:07 -06:00
JacobBarthelmeh
2ba4d7e6c9
Merge pull request #10210 from ColtonWilley/fix-scr-dangling-ptr-after-tlsx-freeall
...
Fix dangling secure_renegotiation pointer after TLSX_FreeAll
2026-04-23 13:58:24 -06:00
Tobias Frauenschläger
3fd4060458
Add more PKCS#7 tests
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
84fb0f694c
Fix various range and size bugs in PKCS#7 code
2026-04-23 09:36:32 +02:00
JacobBarthelmeh
b5738236d9
Merge pull request #10187 from embhorn/zd21587
...
Fixes in TLS ECH, handle empty records, and ASN len check
2026-04-22 14:44:15 -06:00
Mattia Moffa
389d15fa45
Fix compile error
2026-04-21 03:30:39 +02:00
Mattia Moffa
6f37b17757
Address Copilot suggestions
2026-04-21 02:56:36 +02:00
JacobBarthelmeh
ad8b6dbc32
Merge pull request #10217 from ColtonWilley/null-checks-evp-ocsp-x509
...
Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
2026-04-20 17:27:19 -06:00
Sean Parkinson
318cd62d44
Merge pull request #10231 from JeremiahM37/fenrir-issues-3
...
Fix PEM input validation and zeroize sensitive key buffers
2026-04-17 10:44:55 +10:00
Brett Nicholas
4bf334c299
Merge pull request #10009 from night1rider/SHE-update
...
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-16 16:49:00 -06:00
Daniel Pouzzner
801c412ad2
src/tls.c, wolfssl/ssl.h, tests/api.c: followup to ff7a32d022 ( #10182 ):
...
* Fix OOB heap reads via TLSX_ExtractEch() by preemptively rejecting oversized
SNI names in TLSX_UseSNI().
* In TLSX_EchChangeSNI(), don't attempt to truncate if an oversized name is
seen, just return error.
* Move definition of WOLFSSL_HOST_NAME_MAX to an ungated context in ssl.h, and
use it consistently in tls.c, eliminating the duplicative
WOLFSSL_HOST_NAME_MAX.
2026-04-16 11:12:02 -05:00
Sean Parkinson
6be03a5dab
Merge pull request #10182 from embhorn/zd21576
...
Fix TLSX_EchChangeSNI to check hostname termination
2026-04-16 08:37:42 +10:00
David Garske
26a7d594e3
Merge pull request #10232 from douzzer/20260415-confusing_globals
...
20260415-confusing_globals
2026-04-15 15:02:40 -07:00
night1rider
ee7fe9e1b1
SHE API: remove key storage from context, add direct output params
2026-04-15 11:28:03 -06:00
night1rider
8c0999a352
fix macro guarding in tests/api.c
2026-04-15 11:28:03 -06:00
night1rider
eeedc470e9
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-15 11:27:44 -06:00
David Garske
1a67eb7223
Merge pull request #9851 from night1rider/setkey-callbacks
...
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
Daniel Pouzzner
d8085cc427
src/ssl_load.c, wolfssl/ssl.h, tests/api.c: rename wolfSSL*PrivateKey_id() to wolfSSL*PrivateKey_Id_ex(), and add missing WOLF_PRIVATE_KEY_ID gating.
2026-04-15 11:53:06 -05:00
Jeremiah Mackey
bdebcfc5a0
reject negative pemSz in PEM-to-DER APIs
2026-04-15 16:46:32 +00:00
Sean Parkinson
6ac0f82b85
Merge pull request #10204 from mattia-moffa/20260413-fixes
...
SetSuitesHashSigAlgo fix
2026-04-15 11:39:26 +10:00
night1rider
642a65a34d
Add export hooks for ecc
2026-04-14 16:21:50 -06:00
night1rider
79b0d9f9f5
Add setkey/exportkey/eccgetsize test coverage in api.c
2026-04-14 16:21:50 -06:00
night1rider
1295f4fe0e
Add WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY crypto callback
...
utilities for generic SetKey and ExportKey operations on HMAC, RSA, ECC,
and AES. Add wc_ecc_size/wc_ecc_sig_size callback hooks for hardware-only
keys. Integrate into configure.ac as --enable-cryptocbutils=setkey,export
options with CI test configurations in os-check.yml.
Add test handlers in test.c and api.c with export/import delegation
pattern, small-stack-safe allocations, custom curve support, and
DEBUG_CRYPTOCB helpers.
2026-04-14 16:21:50 -06:00
Eric Blankenhorn
415c288965
Fix from review
2026-04-14 08:14:55 -05:00
Eric Blankenhorn
8f73ae460d
Fix TLSX_Parse to check dup ECH
2026-04-14 07:37:21 -05:00
Mattia Moffa
e10ff384ba
Fix unrelated flaky test
2026-04-14 10:36:47 +02:00
Colton Willey
58a27848a8
Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
...
Harden OpenSSL compatibility layer against NULL pointers, negative lengths,
and buffer overflows across EVP, OCSP, and X509 APIs. Fix DSA SignFinal
write-before-check overflow, add missing i2d_OCSP_RESPONSE allocation path,
and fix unaligned keyUsage access.
2026-04-13 20:29:50 -07:00
Colton Willey
373b45cd7a
Fix dangling secure_renegotiation pointer after TLSX_FreeAll
...
ssl->secure_renegotiation caches a pointer into extension data owned by
the ssl->extensions list. Three call sites free that list via TLSX_FreeAll
without NULLing the cached pointer, leaving it dangling:
- wolfSSL_clear()
- FreeHandshakeResources() (TLSX_FreeAll branch)
- wolfSSL_ResourceFree()
After wolfSSL_clear(), calling wolfSSL_SSL_get_secure_renegotiation_support()
reads the freed SecureRenegotiation struct. Confirmed heap-use-after-free
under ASan with nginx, haproxy, and openssl-compat build profiles.
NULL the pointer at all three sites. Add regression test covering the
wolfSSL_clear path.
2026-04-13 14:53:22 -07:00
Mattia Moffa
99d1c80bde
Add regression test
2026-04-13 22:25:15 +02:00
Eric Blankenhorn
ff7a32d022
Fix TLSX_EchChangeSNI to check hostname length
2026-04-13 14:53:06 -05:00
night1rider
8cc02d8a8a
Add DH regression test and incremement ref counter tests to api.c
2026-04-13 11:32:51 -06:00
Zackery Backman
0ab5401edf
Fix cast-away-const in ws_ctx_ssl_set_tmp_dh: allocate DerBuffer with actual size and copy data instead of pointing at caller's const buffer, which caused FreeDer to free non-owned memory.
2026-04-13 11:32:51 -06:00
Zackery Backman
b74731d878
Add test for wolfSSL_use_AltPrivateKey_Label to verify successful key label allocation
2026-04-13 11:32:51 -06:00
Zackery Backman
3925804da6
Add test for wolfSSL_use_AltPrivateKey_Id to verify successful key ID allocation
2026-04-13 11:32:50 -06:00
David Garske
c36beba9b7
Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
...
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
Tobias Frauenschläger
b0763ea4d1
Error out in case of unknown extensions in response message in TLS 1.3
2026-04-10 17:43:35 +02:00
Sean Parkinson
b764aac074
API testing additions: cipher tests
...
Fixed wc_AesEaxAuthDataUpdate to check eax for NULL before
dereferencing.
Fix AesSivCipher to delete/free AES if new/initialization succeeded.
Memsetting to 0 doesn't work when WC_DEBUG_CIPHER_LIFECYCLE is defined.
Added tests for:
- AES-EAX streaming
- AES-SIV
- Poly1305
- DES-CBC
2026-04-10 15:43:21 +10:00
Ruby Martin
5e87b82dfa
initialize key and rng in test_DhAgree_rejects_p_minus_1()
2026-04-08 09:48:06 -06:00
JacobBarthelmeh
ad1cc4e87f
adjust test case return value check after rebase
2026-04-07 10:26:16 -06:00
Paul Adelsbach
c335f7dd6f
Remove UTF-8 chars
...
Get rid of weird character
Fix warning found by CI
Style changes
Addressed 1 and 2.
2026-04-07 10:07:12 -06:00
Anthony Hu
2e32094545
Add regression tests for fixes
2026-04-07 10:05:56 -06:00
JacobBarthelmeh
7aac9e5766
Merge pull request #10139 from philljj/fix_nightly_mem
...
Fix nightly mem
2026-04-07 09:08:01 -06:00
philljj
b5874a6d9e
Merge pull request #10132 from douzzer/20260404-default_rng_bank
...
20260404-default_rng_bank
2026-04-06 22:54:20 -05:00