Commit Graph

28332 Commits

Author SHA1 Message Date
Tobias Frauenschläger 9c2bb3d10d Fix memory leak in error case within RsaMGF1 2026-03-09 11:17:31 +01:00
Tobias Frauenschläger a4cd2f5f88 Zeroize preMasterSecret in hybrid PQ/T error cases
Fixes zd#21310, reported by YUE LI (Peking University)
2026-03-09 10:40:34 +01:00
Sean Parkinson 39b34333d6 FIPS 205, SLH-DSA: implementation
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Daniel Pouzzner b3f08f33b8 Merge pull request #9873 from miyazakh/fix_larger_crlnum
fix lareger(>57 octets) CRL number
2026-03-06 22:49:03 -06:00
Daniel Pouzzner 04e2adc799 Merge pull request #9916 from julek-wolfssl/fenrir/286
ecc.c: clear priv key with forcezero
2026-03-06 22:38:27 -06:00
Daniel Pouzzner 031c87407d Merge pull request #9892 from embhorn/f380-381-382
Hardening in wc_MakeDsaKey and wc_FreeDsaKey
2026-03-06 22:37:44 -06:00
Daniel Pouzzner 396b5ec1da Merge pull request #9896 from embhorn/f278-281-282
Fixes issues in SRP component:
2026-03-06 22:36:59 -06:00
Daniel Pouzzner f02f6d1d67 Merge pull request #9895 from embhorn/f283-287
Hardening in GeneratePrivateDh186 and wc_DhImportKeyPair
2026-03-06 22:36:14 -06:00
Daniel Pouzzner d4ac953ca5 Merge pull request #9893 from embhorn/f284-285
Hardening in wc_FreeRsaKey and wc_RsaPrivateKeyDecodeRaw
2026-03-06 22:35:39 -06:00
Daniel Pouzzner 2635315822 Merge pull request #9891 from embhorn/f194
Harden wc_ecc_shared_secret_gen_sync
2026-03-06 22:34:58 -06:00
Daniel Pouzzner 73b5306721 Merge pull request #9850 from kaleb-himes/p-collide-nth-solve
Nth attempt to resolve port collisions once-and-for-all
2026-03-06 22:34:16 -06:00
Daniel Pouzzner e74d52a32e Merge pull request #9915 from julek-wolfssl/fenrir/378
wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
2026-03-06 22:32:18 -06:00
Daniel Pouzzner f0ba67ee21 Merge pull request #9906 from julek-wolfssl/fenrir/25
wolfSSL_ASN1_item_i2d: simplify buf cleanup
2026-03-06 22:31:27 -06:00
Daniel Pouzzner 1d49f411c7 Merge pull request #9914 from julek-wolfssl/fenrir/30
Make sure size check doesn't underflow
2026-03-06 22:30:51 -06:00
Daniel Pouzzner 467f16f47d Merge pull request #9913 from julek-wolfssl/fenrir/365
Enforce null compression in compression_methods list
2026-03-06 22:29:59 -06:00
Daniel Pouzzner a8686f615e Merge pull request #9911 from julek-wolfssl/fenrir/298
QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
2026-03-06 22:28:40 -06:00
Daniel Pouzzner 5f15d57d89 Merge pull request #9908 from julek-wolfssl/fenrir/205
Set upper bound on post-auth cert reqs
2026-03-06 22:27:59 -06:00
Daniel Pouzzner 3b68026e70 Merge pull request #9907 from julek-wolfssl/fenrir/202
wolfSSL_X509_set_ext: fix memory handling
2026-03-06 22:27:23 -06:00
Daniel Pouzzner 4e4215ada9 Merge pull request #9904 from julek-wolfssl/fenrir/24
Clean up hpke and rng allocation
2026-03-06 22:26:40 -06:00
Daniel Pouzzner 1744819348 Merge pull request #9901 from julek-wolfssl/fenrir/294
Add bounds check on read in sniffer
2026-03-06 22:25:58 -06:00
Daniel Pouzzner a875ffe1f6 Merge pull request #9899 from julek-wolfssl/fenrir/16
Replace `XMEMCMP` with `ConstantCompare` when validating secure renegotiation (SCR) verify data
2026-03-06 22:25:24 -06:00
Daniel Pouzzner 68e085df45 Merge pull request #9918 from douzzer/20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback
20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback (approved by @JacobBarthelmeh)
2026-03-06 22:24:45 -06:00
Daniel Pouzzner 2655c436da Merge pull request #9861 from JacobBarthelmeh/f360
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
Daniel Pouzzner 431724aaf0 Merge pull request #9909 from Frauschi/f-159
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 22:22:58 -06:00
Daniel Pouzzner 45d814e4f2 Merge pull request #9884 from Frauschi/f-204
Prevent session ticket nonce overflow
2026-03-06 22:22:24 -06:00
Daniel Pouzzner 313d27df15 Merge pull request #9900 from julek-wolfssl/fenrir/357
Use ConstantCompare in EchCheckAcceptance
2026-03-06 22:21:44 -06:00
Daniel Pouzzner 6c37629aa5 Merge pull request #9898 from julek-wolfssl/fenrir/15
Replace XMEMCMP with ConstantCompare for ticket MAC verification
2026-03-06 22:20:38 -06:00
Daniel Pouzzner 6424092fa6 Merge pull request #9903 from julek-wolfssl/fenrir/20
Remove duplicate check
2026-03-06 22:19:51 -06:00
Daniel Pouzzner 24b2dd040e Merge pull request #9902 from julek-wolfssl/fenrir/359
Clear expandLabelPrk
2026-03-06 22:19:12 -06:00
JacobBarthelmeh 68a1f6f756 remove special characters, use simple ASCII characters 2026-03-06 17:30:48 -07:00
JacobBarthelmeh 013e2c8fdf remove special characters, use simple ASCII characters 2026-03-06 17:22:25 -07:00
Daniel Pouzzner b08f959412 tests/api/test_ocsp.c: don't build test_ocsp_cert_unknown_crl_fallback and related helpers if NO_SHA. 2026-03-06 17:01:40 -06:00
kaleb-himes 325ee2c274 Implement peer review feedback 2026-03-06 10:38:02 -07:00
Juliusz Sosinowicz 694f251663 Add explicit casts 2026-03-06 18:11:33 +01:00
Juliusz Sosinowicz 3c06c22314 Make sure only free'd on error 2026-03-06 18:01:02 +01:00
Juliusz Sosinowicz 479de5a211 Always eval both ConstantCompare statements 2026-03-06 17:56:33 +01:00
Juliusz Sosinowicz cc079a3da8 ecc.c: clear priv key with forcezero
F-286
2026-03-06 17:48:38 +01:00
Juliusz Sosinowicz 14357576d8 wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
F-378
2026-03-06 17:42:37 +01:00
Tobias Frauenschläger a2622746cd Error out in case of unknown extensions in response message in TLS 1.3 2026-03-06 17:09:49 +01:00
Juliusz Sosinowicz 5e22d04baf Make sure size check doesn't underflow
F-30
2026-03-06 17:05:35 +01:00
jordan 7726f5cc7f pwdbased: fix cast warning. 2026-03-06 09:59:43 -06:00
Juliusz Sosinowicz 1537f83c24 Enforce null compression in compression_methods list`
F-365
2026-03-06 16:56:09 +01:00
Juliusz Sosinowicz 52c64c1340 QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
F-298
2026-03-06 16:21:11 +01:00
Josh Holtrop fa07db2cc6 Rust wrapper: add lms module 2026-03-06 10:19:12 -05:00
Juliusz Sosinowicz 0c26920ea0 Set upper bound on post-auth cert reqs
F-205
2026-03-06 16:07:41 +01:00
Tobias Frauenschläger 001eae7272 Add missing ForceZero calls 2026-03-06 15:22:02 +01:00
Eric Blankenhorn 355081b123 Fix test with cast 2026-03-06 07:33:52 -06:00
Juliusz Sosinowicz 49039ef156 wolfSSL_X509_set_ext: fix memory handling 2026-03-06 12:11:53 +01:00
Juliusz Sosinowicz da9dc821e4 wolfSSL_ASN1_item_i2d: simplify buf cleanup
F-25
2026-03-06 12:03:46 +01:00
Tobias Frauenschläger 1d8864980a Prevent session ticket nonce overflow 2026-03-06 10:23:08 +01:00