Daniel Pouzzner
2ad5afaf4d
wolfcrypt/src/wc_slhdsa.c: fixes for uninited data reads in slhdsakey_wots_sign_chain_x4_*() and slhdsakey_wots_pk_from_sig_x4;
...
CMakeLists.txt, cmake/functions.cmake, cmake/options.h.in: fixes for -DWOLFSSL_SLHDSA.
2026-03-10 17:51:18 -05:00
Daniel Pouzzner
23f62bceb5
linuxkm/module_exports.c.template: add wolfssl/wolfcrypt/wc_slhdsa.h.
...
wolfcrypt/src/wc_slhdsa.c:
* refactor SAVE_VECTOR_REGISTERS2() in slhdsakey_fors_sign() as
CAN_SAVE_VECTOR_REGISTERS(), with local save-restore wrappers around the
rest of the vector calls deeper in the call stack, to avoid failing
GFP_ATOMIC allocations and long spans with interrupts disabled.
* fix numerous bugprone-macro-parentheses and bugprone-signed-char-misuses.
* use readUnalignedWord64() in SHAKE256_SET_SEED_HA_X4_*() and
slhdsakey_shake256_set_seed_ha_x4() to avoid benign unaligned access warnings
from sanitizers.
wolfcrypt/test/test.c:
* in TestDumpData(), use WOLFSSL_DEBUG_PRINTF(), not fprintf(stderr, ...), for
portability.
* in slhdsa_test_param() and slhdsa_test(), use WC_DECLARE_VAR() and friends
for SlhDsaKey allocations, and use ERROR_OUT() and single-return-point
refactors to fix error path memory leaks.
2026-03-09 23:08:42 -05:00
Sean Parkinson
39b34333d6
FIPS 205, SLH-DSA: implementation
...
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Daniel Pouzzner
b3f08f33b8
Merge pull request #9873 from miyazakh/fix_larger_crlnum
...
fix lareger(>57 octets) CRL number
2026-03-06 22:49:03 -06:00
Daniel Pouzzner
04e2adc799
Merge pull request #9916 from julek-wolfssl/fenrir/286
...
ecc.c: clear priv key with forcezero
2026-03-06 22:38:27 -06:00
Daniel Pouzzner
031c87407d
Merge pull request #9892 from embhorn/f380-381-382
...
Hardening in wc_MakeDsaKey and wc_FreeDsaKey
2026-03-06 22:37:44 -06:00
Daniel Pouzzner
396b5ec1da
Merge pull request #9896 from embhorn/f278-281-282
...
Fixes issues in SRP component:
2026-03-06 22:36:59 -06:00
Daniel Pouzzner
f02f6d1d67
Merge pull request #9895 from embhorn/f283-287
...
Hardening in GeneratePrivateDh186 and wc_DhImportKeyPair
2026-03-06 22:36:14 -06:00
Daniel Pouzzner
d4ac953ca5
Merge pull request #9893 from embhorn/f284-285
...
Hardening in wc_FreeRsaKey and wc_RsaPrivateKeyDecodeRaw
2026-03-06 22:35:39 -06:00
Daniel Pouzzner
2635315822
Merge pull request #9891 from embhorn/f194
...
Harden wc_ecc_shared_secret_gen_sync
2026-03-06 22:34:58 -06:00
Daniel Pouzzner
73b5306721
Merge pull request #9850 from kaleb-himes/p-collide-nth-solve
...
Nth attempt to resolve port collisions once-and-for-all
2026-03-06 22:34:16 -06:00
Daniel Pouzzner
e74d52a32e
Merge pull request #9915 from julek-wolfssl/fenrir/378
...
wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
2026-03-06 22:32:18 -06:00
Daniel Pouzzner
f0ba67ee21
Merge pull request #9906 from julek-wolfssl/fenrir/25
...
wolfSSL_ASN1_item_i2d: simplify buf cleanup
2026-03-06 22:31:27 -06:00
Daniel Pouzzner
1d49f411c7
Merge pull request #9914 from julek-wolfssl/fenrir/30
...
Make sure size check doesn't underflow
2026-03-06 22:30:51 -06:00
Daniel Pouzzner
467f16f47d
Merge pull request #9913 from julek-wolfssl/fenrir/365
...
Enforce null compression in compression_methods list
2026-03-06 22:29:59 -06:00
Daniel Pouzzner
a8686f615e
Merge pull request #9911 from julek-wolfssl/fenrir/298
...
QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
2026-03-06 22:28:40 -06:00
Daniel Pouzzner
5f15d57d89
Merge pull request #9908 from julek-wolfssl/fenrir/205
...
Set upper bound on post-auth cert reqs
2026-03-06 22:27:59 -06:00
Daniel Pouzzner
3b68026e70
Merge pull request #9907 from julek-wolfssl/fenrir/202
...
wolfSSL_X509_set_ext: fix memory handling
2026-03-06 22:27:23 -06:00
Daniel Pouzzner
4e4215ada9
Merge pull request #9904 from julek-wolfssl/fenrir/24
...
Clean up hpke and rng allocation
2026-03-06 22:26:40 -06:00
Daniel Pouzzner
1744819348
Merge pull request #9901 from julek-wolfssl/fenrir/294
...
Add bounds check on read in sniffer
2026-03-06 22:25:58 -06:00
Daniel Pouzzner
a875ffe1f6
Merge pull request #9899 from julek-wolfssl/fenrir/16
...
Replace `XMEMCMP` with `ConstantCompare` when validating secure renegotiation (SCR) verify data
2026-03-06 22:25:24 -06:00
Daniel Pouzzner
68e085df45
Merge pull request #9918 from douzzer/20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback
...
20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback (approved by @JacobBarthelmeh)
2026-03-06 22:24:45 -06:00
Daniel Pouzzner
2655c436da
Merge pull request #9861 from JacobBarthelmeh/f360
...
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
Daniel Pouzzner
431724aaf0
Merge pull request #9909 from Frauschi/f-159
...
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 22:22:58 -06:00
Daniel Pouzzner
45d814e4f2
Merge pull request #9884 from Frauschi/f-204
...
Prevent session ticket nonce overflow
2026-03-06 22:22:24 -06:00
Daniel Pouzzner
313d27df15
Merge pull request #9900 from julek-wolfssl/fenrir/357
...
Use ConstantCompare in EchCheckAcceptance
2026-03-06 22:21:44 -06:00
Daniel Pouzzner
6c37629aa5
Merge pull request #9898 from julek-wolfssl/fenrir/15
...
Replace XMEMCMP with ConstantCompare for ticket MAC verification
2026-03-06 22:20:38 -06:00
Daniel Pouzzner
6424092fa6
Merge pull request #9903 from julek-wolfssl/fenrir/20
...
Remove duplicate check
2026-03-06 22:19:51 -06:00
Daniel Pouzzner
24b2dd040e
Merge pull request #9902 from julek-wolfssl/fenrir/359
...
Clear expandLabelPrk
2026-03-06 22:19:12 -06:00
JacobBarthelmeh
68a1f6f756
remove special characters, use simple ASCII characters
2026-03-06 17:30:48 -07:00
JacobBarthelmeh
013e2c8fdf
remove special characters, use simple ASCII characters
2026-03-06 17:22:25 -07:00
Daniel Pouzzner
b08f959412
tests/api/test_ocsp.c: don't build test_ocsp_cert_unknown_crl_fallback and related helpers if NO_SHA.
2026-03-06 17:01:40 -06:00
kaleb-himes
325ee2c274
Implement peer review feedback
2026-03-06 10:38:02 -07:00
Juliusz Sosinowicz
694f251663
Add explicit casts
2026-03-06 18:11:33 +01:00
Juliusz Sosinowicz
3c06c22314
Make sure only free'd on error
2026-03-06 18:01:02 +01:00
Juliusz Sosinowicz
479de5a211
Always eval both ConstantCompare statements
2026-03-06 17:56:33 +01:00
Juliusz Sosinowicz
cc079a3da8
ecc.c: clear priv key with forcezero
...
F-286
2026-03-06 17:48:38 +01:00
Juliusz Sosinowicz
14357576d8
wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
...
F-378
2026-03-06 17:42:37 +01:00
Tobias Frauenschläger
a2622746cd
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 17:09:49 +01:00
Juliusz Sosinowicz
5e22d04baf
Make sure size check doesn't underflow
...
F-30
2026-03-06 17:05:35 +01:00
Juliusz Sosinowicz
1537f83c24
Enforce null compression in compression_methods list`
...
F-365
2026-03-06 16:56:09 +01:00
Juliusz Sosinowicz
52c64c1340
QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
...
F-298
2026-03-06 16:21:11 +01:00
Juliusz Sosinowicz
0c26920ea0
Set upper bound on post-auth cert reqs
...
F-205
2026-03-06 16:07:41 +01:00
Eric Blankenhorn
355081b123
Fix test with cast
2026-03-06 07:33:52 -06:00
Juliusz Sosinowicz
49039ef156
wolfSSL_X509_set_ext: fix memory handling
2026-03-06 12:11:53 +01:00
Juliusz Sosinowicz
da9dc821e4
wolfSSL_ASN1_item_i2d: simplify buf cleanup
...
F-25
2026-03-06 12:03:46 +01:00
Tobias Frauenschläger
1d8864980a
Prevent session ticket nonce overflow
2026-03-06 10:23:08 +01:00
Juliusz Sosinowicz
ac333c371c
Clean up hpke and rng allocation
2026-03-06 09:47:49 +01:00
Juliusz Sosinowicz
c62f535cb5
Remove duplicate check
...
F-20
2026-03-06 09:25:32 +01:00
Juliusz Sosinowicz
ddac52c6e8
Clear expandLabelPrk
...
F-359
2026-03-06 09:19:46 +01:00