Commit Graph

9254 Commits

Author SHA1 Message Date
Juliusz Sosinowicz ddac52c6e8 Clear expandLabelPrk
F-359
2026-03-06 09:19:46 +01:00
Daniel Pouzzner ed8f67cb37 Merge pull request #9858 from JacobBarthelmeh/ticket
additional sanity check with session ticket size
2026-03-05 16:35:51 -06:00
Daniel Pouzzner 90ca9c4b7f Merge pull request #9864 from JacobBarthelmeh/f11
harden compare of mac with TLS 1.3 finished
2026-03-05 16:19:07 -06:00
Daniel Pouzzner 396b553c45 Merge pull request #9872 from SparkiDev/asn_improvements_1
ASN: improve handling of ASN.1 parsing/encoding
2026-03-05 16:18:12 -06:00
Daniel Pouzzner e880f5947a Merge pull request #9874 from Frauschi/f12
Harden hash comparison in TLS1.2 finished
2026-03-05 16:14:38 -06:00
Daniel Pouzzner 7cf118eae1 Merge pull request #9865 from embhorn/f362
F362 kNistCurves Table
2026-03-05 16:13:59 -06:00
Daniel Pouzzner b36df34bcb Merge pull request #9868 from embhorn/f295
Fix wolfSSL_get_peer_quic_transport_version
2026-03-05 16:13:14 -06:00
Daniel Pouzzner 22f40a1b5a Merge pull request #9866 from embhorn/f196
Fix in wolfSSL_CTX_GenerateEchConfig
2026-03-05 16:12:27 -06:00
Daniel Pouzzner 7ee9bd03c7 Merge pull request #9867 from embhorn/f19
Fix sniffer CreateSession
2026-03-05 16:11:23 -06:00
Daniel Pouzzner ad3ad566f8 Merge pull request #9871 from JacobBarthelmeh/f296
fix to free x509 struct in error case with wolfSSL_PKCS7_get0_signers
2026-03-05 16:08:34 -06:00
Daniel Pouzzner 9010544108 Merge pull request #9870 from JacobBarthelmeh/f21
fix benign typo with sizeof
2026-03-05 16:07:50 -06:00
Daniel Pouzzner 63bee12c92 Merge pull request #9875 from Frauschi/f-158
Treat alerts as fatal errors regardless of level in TLS1.3
2026-03-05 16:06:40 -06:00
Daniel Pouzzner 888081b4e3 Merge pull request #9882 from Frauschi/f-160
Send alert in case of decrypted all-zero message
2026-03-05 15:57:09 -06:00
Daniel Pouzzner 4447f0cca4 Merge pull request #9881 from Frauschi/f-297
Make sure session ticket lifetime is in allowed range
2026-03-05 15:45:00 -06:00
Daniel Pouzzner 13c02b92b2 Merge pull request #9839 from padelsbach/crl-enhancements-ossl
CRL enhancements for revoked entries
2026-03-05 15:35:53 -06:00
Daniel Pouzzner ff493c2979 Merge pull request #9834 from padelsbach/padelsbach/finding-23
Fix OCSP->CRL fallback
2026-03-05 15:33:25 -06:00
Daniel Pouzzner c65e3e50fd Merge pull request #9825 from embhorn/zd21240
Fix issue in TLS_hmac size calculation
2026-03-05 15:16:47 -06:00
Daniel Pouzzner 26e2f05bfd Merge pull request #9848 from Frauschi/dtls_hrr_group
Fix for DTLS1.3 HRR group handling
2026-03-05 15:02:16 -06:00
Daniel Pouzzner 5fa18d9817 Merge pull request #9784 from dgarske/async_cryptocb
Fixes and tests for async and crypto callbacks
2026-03-05 14:59:27 -06:00
Tobias Frauenschläger f285a523d7 Make sure ticket lifetime is in allowed range 2026-03-05 18:22:53 +01:00
Tobias Frauenschläger 11fc781d0d Treat alerts as fatal errors regardless of level in TLS1.3 2026-03-05 18:21:02 +01:00
Tobias Frauenschläger 0bb094e644 Send alert in case of decrypted all-zero message 2026-03-05 17:11:39 +01:00
Tobias Frauenschläger eaa40f3df6 Harden hash comparison in TLS1.2 finished 2026-03-05 11:46:33 +01:00
Paul Adelsbach 73f352692b Fix cppcheck warning 2026-03-04 19:51:22 -08:00
Sean Parkinson 34916c80c8 ASN: improve handling of ASN.1 parsing/encoding
ToTraditionalInline_ex2 original ASN code:
  - Now return 0 when no OCTECT_STRING data found.
  - Change callers to accept 0 as a valid returnb value.

SizeASN_Items:
  - Change encoded size to word32 as won't be negative.
- Change callers to supply a pointer to a word32 instead of integer.
Fix casting due to change of parameter type.

ASN_LEN_ENC_LEN: Function to calculate the length of the encoded ASN.1
length.

GetLength_ex:
  - Change minLen to word32
- Change length to word32 and change negative check appropriately for
different type.

GetASNHeader_ex:
  - If not checking lengths in GetLength_ex, check it here.
DecodeObjectId:
  - Ensure no overflow in calculation.

_RsaPrivateKeyDecode (original)
  - Clear RSA integers on failure (will be done in free anyway).

wc_CreatePKCS8Key (original):
  - safe check of overflow.

DecryptContent (templare):
- Parse will fail if OID not recognized, and recognized OIDs are 9/10
bytes long - but check idx is 9/10 anyway so we know we can read 2 end
bytes of data.

wc_RsaPublicKeyDecode_ex (original):
- Fix calculation of seqEndIdx and use it to bound modulus and
exponent.

DecodePolicyOID
  - enusre inSz is not too long.
  - Ensure no overflow in calculation.

SetOidValue (orginal):
  - Safe check of inSz and oidSz.

SetAltNames (original):
  - Improve length checks

FlattenAltNames:
  - Check for overflow.
  - Better length check.

ParseCRL_CertList (original):
  - overflow check
2026-03-05 13:11:30 +10:00
JacobBarthelmeh 13ebc5b9bf fix to free x509 struct in error case with wolfSSL_PKCS7_get0_signers 2026-03-04 15:59:56 -07:00
Paul Adelsbach 22d7550f8e CRL enhancements for revoked entries 2026-03-04 14:53:28 -08:00
JacobBarthelmeh 1ddefce99b fix benign typo with sizeof 2026-03-04 15:28:27 -07:00
Eric Blankenhorn 165c2cf017 Fix wolfSSL_get_peer_quic_transport_version 2026-03-04 15:26:59 -06:00
Eric Blankenhorn d9237210fc Fix sniffer CreateSession 2026-03-04 14:50:21 -06:00
Eric Blankenhorn 37d6c14ddf Fix in wolfSSL_CTX_GenerateEchConfig 2026-03-04 14:43:27 -06:00
Eric Blankenhorn 2cd3b7b67d F362 kNistCurves Table 2026-03-04 14:29:50 -06:00
JacobBarthelmeh 5117acb7be harden compare of mac with TLS 1.3 finished 2026-03-04 10:49:02 -07:00
Anthony Hu 9d3cc6e30c Fix for loop exit condition.
size should be length.  s includes offset, so it must be compared against
length, not size because size is only what is after offset.
2026-03-04 10:17:33 -05:00
Tobias Frauenschläger 7842bf30f4 Fix for DTLS1.3 HRR group handling
When a server uses a HRR to negotiate the key exchange group to use, the
selected group is advertised in the HRR key share extension.
Furthermore, this group is also stored in the Cookie that is sent to the
client. When the server receives the second CH, the group used in the
key share extension MUST be the one of the HRR.

For stateless DTLS servers, the handling of this check had a bug. The
key share group of the HRR is stored in the ssl->hrr_keyshare_group
variable and is checked against the received key share of the second CH.
However, in the stateless server case, another CH message may be
received inbetween the two CH message of the desired client, potentially
overwriting the ssl->hrr_keyshare_group variable. This then causes
handshake failures when the ssl->hrr_keyshare_group variable contains
another group than the second CH message of the desired client.

To fix this, the following changes are conducted:
1. Disable the ssl->hrr_keyshare_group check for stateless DTLS 1.3
   servers. As long as the server is stateless, CHs from multiple
   clients may be received that individually cause HRRs with different
   groups. For each of these clients, the HRR group is properly stored
   in the cookie.
2. When a valid cookie is received from the client, the server becomes
   stateful. In this case, we now parse the cookie for a stored HRR
   group in the RestartHandshakeHashWithCookie() method. If present,
   we restore the ssl->hrr_keyshare_group variable to this group to
   ensure the error checks succeed.
3. Move the check of ssl->hrr_keyshare_group of the the KeyShare
   extension parsing logic into the general TLS1.3 ClientHello parsing
   after extension handling. This ensures that the order of the cookie
   and key share extensions does not matter.

A new test is added to check for this behavior.
2026-03-04 15:58:45 +01:00
JacobBarthelmeh a4c4740ea8 additional sanity check with session ticket size 2026-03-04 00:17:42 -07:00
Sean Parkinson 215fe1341c Merge pull request #9829 from night1rider/tmpSha-fixes
Fix potential memory leak when copying into existing SHA contexts and zero init tmpSha
2026-03-02 21:18:55 +10:00
Sean Parkinson cba9ffd703 Merge pull request #9782 from kareem-wolfssl/zd21204
Ensure length is at least ID_LEN in SetTicket.
2026-03-02 21:12:29 +10:00
Daniel Pouzzner bdea01a931 src/x509.c: in loadX509orX509REQFromPemBio(), fix an identicalInnerCondition. 2026-02-27 23:39:38 -06:00
David Garske 0dffc8abff Fixes for async and crypto callbacks 2026-02-27 14:35:03 -08:00
night1rider 60573a3782 memset 0 the temp contexts 2026-02-27 12:56:57 -07:00
Eric Blankenhorn cbe8dd5f11 Address FP warning from VS 2026-02-27 10:57:58 -06:00
Kareem aaf6aa5aca Code review feedback 2026-02-26 17:09:23 -07:00
Kareem 3d5c03a275 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd21204 2026-02-26 17:03:15 -07:00
JacobBarthelmeh 5a26692ee9 Merge pull request #9818 from julek-wolfssl/sssd-2.10.2
sssd 2.10.2 changes
2026-02-26 16:23:00 -07:00
Sean Parkinson b9838aa563 Merge pull request #9711 from julek-wolfssl/nginx-1.28.0
nginx 1.28.1 fixes
2026-02-27 08:39:10 +10:00
JacobBarthelmeh 85228f088e Merge pull request #9824 from embhorn/zd21239
Fix issues in TLS Extension size calculations
2026-02-26 13:47:54 -07:00
Paul Adelsbach ebda79fadb Fix OCSP->CRL fallback 2026-02-26 11:44:50 -08:00
JacobBarthelmeh ba859d21fa Merge pull request #9817 from LinuxJedi/static-fixes4
Static code analysis fixes
2026-02-26 12:03:24 -07:00
Eric Blankenhorn f53ce49694 Fix from review 2026-02-26 10:46:03 -06:00