Commit Graph

28332 Commits

Author SHA1 Message Date
Juliusz Sosinowicz ac333c371c Clean up hpke and rng allocation 2026-03-06 09:47:49 +01:00
Juliusz Sosinowicz c62f535cb5 Remove duplicate check
F-20
2026-03-06 09:25:32 +01:00
Juliusz Sosinowicz ddac52c6e8 Clear expandLabelPrk
F-359
2026-03-06 09:19:46 +01:00
Juliusz Sosinowicz 679d04d201 Add bounds check on read in sniffer 2026-03-06 09:05:53 +01:00
Juliusz Sosinowicz eaef832494 Use ConstantCompare in EchCheckAcceptance
F-357
2026-03-06 08:55:34 +01:00
Juliusz Sosinowicz 1555ec4b76 Replace XMEMCMP with ConstantCompare when validating secure renegotiation (SCR) verify data
F-16
2026-03-06 08:51:37 +01:00
Juliusz Sosinowicz 94adedd109 Replace XMEMCMP with ConstantCompare for ticket MAC verification
F-15
2026-03-06 08:43:20 +01:00
Juliusz Sosinowicz 341024e484 Adjust SendClientKeyExchange to use exact cipher overhead for DTLS MTU checks 2026-03-06 08:27:42 +01:00
Juliusz Sosinowicz 87d89d8492 CI fixes 2026-03-06 08:27:42 +01:00
Juliusz Sosinowicz 4a29af3062 Apply copilot suggestions 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz 5c7acedcbe Configure wolfSSL to disable old names for softhsm 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz 3084305200 Remove qt from enable-all as its defines are disruptive for most OSP's 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz 914e57d45c Revert version change 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz fb82496244 Add Python CI workflow and Blake2 EVP support
- Add a GitHub Actions workflow to automate testing of Python integration
- Implement Blake2b and Blake2s hash functions into the EVP API.
- Improve OpenSSL compatibility by standardizing ASN.1 encoding for
serial numbers and registered IDs, streamlining cipher stack management, and optimizing stack node copying.
- Enforce maximum fragment size during data transmission to ensure proper TLS/DTLS record fragmentation.
2026-03-06 08:27:41 +01:00
Hideki Miyazaki f59b9fd32e fix number in sh 2026-03-06 14:16:36 +09:00
Daniel Pouzzner 80938758ac Merge pull request #9879 from embhorn/f379
Fix wc_ecc_sign_hash_ex with Intel QA
2026-03-05 22:53:55 -06:00
Daniel Pouzzner cc2fdda54c Merge pull request #9734 from SparkiDev/mlkem_mldsa_harden
ML-KEM/ML-DSA: harden against fault attacks
2026-03-05 21:34:39 -06:00
Hideki Miyazaki 5ce86cff62 fix multi-test.sh failure 2026-03-06 10:53:52 +09:00
Hideki Miyazaki 4877c0e579 fix PRB tests failures 2026-03-06 10:51:57 +09:00
Hideki Miyazaki cfb7f35e72 fix lareger(>57 octets) crlnum 2026-03-06 10:51:54 +09:00
Daniel Pouzzner fc677d7d52 Merge pull request #9833 from holtrop-wolfssl/rust-ml-kem
Rust wrapper: add mlkem module
2026-03-05 17:31:56 -06:00
Sean Parkinson 65a1a68877 ML-KEM/ML-DSA: harden against fault attacks
ML-DSA: check pointer to the y parameter has not be faulted.
ML-KEM: to harden against faultiong, use a different buffer for private
seed, sigma, and add a check that the buffer was copied correctly.
SHA-3: fix size of check variables.
2026-03-06 08:44:08 +10:00
Daniel Pouzzner ed8f67cb37 Merge pull request #9858 from JacobBarthelmeh/ticket
additional sanity check with session ticket size
2026-03-05 16:35:51 -06:00
Daniel Pouzzner 8a5c1c7af1 Merge pull request #9855 from SparkiDev/sp_rv32i_muldi3
RISC-V 32 no mul SP C: implement multiplication
2026-03-05 16:32:26 -06:00
Daniel Pouzzner 90ca9c4b7f Merge pull request #9864 from JacobBarthelmeh/f11
harden compare of mac with TLS 1.3 finished
2026-03-05 16:19:07 -06:00
Daniel Pouzzner 396b553c45 Merge pull request #9872 from SparkiDev/asn_improvements_1
ASN: improve handling of ASN.1 parsing/encoding
2026-03-05 16:18:12 -06:00
Daniel Pouzzner e880f5947a Merge pull request #9874 from Frauschi/f12
Harden hash comparison in TLS1.2 finished
2026-03-05 16:14:38 -06:00
Eric Blankenhorn 25f8d6d54a f282 harden wc_SrpComputeKey 2026-03-05 16:14:16 -06:00
Daniel Pouzzner 7cf118eae1 Merge pull request #9865 from embhorn/f362
F362 kNistCurves Table
2026-03-05 16:13:59 -06:00
Daniel Pouzzner b36df34bcb Merge pull request #9868 from embhorn/f295
Fix wolfSSL_get_peer_quic_transport_version
2026-03-05 16:13:14 -06:00
Eric Blankenhorn f28a660273 f281 harden wc_SrpInit 2026-03-05 16:13:10 -06:00
Daniel Pouzzner 22f40a1b5a Merge pull request #9866 from embhorn/f196
Fix in wolfSSL_CTX_GenerateEchConfig
2026-03-05 16:12:27 -06:00
Eric Blankenhorn e21c4d71a6 f278 fix setting heap in wc_SrpInit_ex 2026-03-05 16:11:47 -06:00
Daniel Pouzzner 7ee9bd03c7 Merge pull request #9867 from embhorn/f19
Fix sniffer CreateSession
2026-03-05 16:11:23 -06:00
Daniel Pouzzner 1866853073 Merge pull request #9883 from JacobBarthelmeh/f279
Fix to free RNG with SRP function in failure case
2026-03-05 16:10:35 -06:00
Daniel Pouzzner ad3ad566f8 Merge pull request #9871 from JacobBarthelmeh/f296
fix to free x509 struct in error case with wolfSSL_PKCS7_get0_signers
2026-03-05 16:08:34 -06:00
Daniel Pouzzner 9010544108 Merge pull request #9870 from JacobBarthelmeh/f21
fix benign typo with sizeof
2026-03-05 16:07:50 -06:00
Daniel Pouzzner 63bee12c92 Merge pull request #9875 from Frauschi/f-158
Treat alerts as fatal errors regardless of level in TLS1.3
2026-03-05 16:06:40 -06:00
Daniel Pouzzner 888081b4e3 Merge pull request #9882 from Frauschi/f-160
Send alert in case of decrypted all-zero message
2026-03-05 15:57:09 -06:00
Daniel Pouzzner 4447f0cca4 Merge pull request #9881 from Frauschi/f-297
Make sure session ticket lifetime is in allowed range
2026-03-05 15:45:00 -06:00
Eric Blankenhorn 203cce48ef f287 harden wc_DhImportKeyPair 2026-03-05 15:44:12 -06:00
Eric Blankenhorn 296493acf0 f283 harden GeneratePrivateDh186 2026-03-05 15:43:10 -06:00
Daniel Pouzzner b2454d183d Merge pull request #9880 from Frauschi/f-190
fix typo in PKCS#11 V3 init
2026-03-05 15:39:41 -06:00
Eric Blankenhorn c0a4b94cb7 Fix from review 2026-03-05 15:39:20 -06:00
Daniel Pouzzner 663187150e Merge pull request #9878 from embhorn/f377
Fix checkPad to test for zero padding
2026-03-05 15:38:54 -06:00
Daniel Pouzzner 1b25c46d35 Merge pull request #9877 from embhorn/f276
Add null check in wolfSSL_EVP_PKEY_encrypt_init / _decrypt_init
2026-03-05 15:37:26 -06:00
Daniel Pouzzner 13c02b92b2 Merge pull request #9839 from padelsbach/crl-enhancements-ossl
CRL enhancements for revoked entries
2026-03-05 15:35:53 -06:00
Daniel Pouzzner ff493c2979 Merge pull request #9834 from padelsbach/padelsbach/finding-23
Fix OCSP->CRL fallback
2026-03-05 15:33:25 -06:00
jordan 1d3a0ca53a hpke: add missing ForceZero for eae_prk, key_schedule_context, secret. 2026-03-05 15:30:39 -06:00
Eric Blankenhorn b03a732d92 Fix f285 harden wc_RsaPrivateKeyDecodeRaw 2026-03-05 15:27:05 -06:00