Juliusz Sosinowicz
ac333c371c
Clean up hpke and rng allocation
2026-03-06 09:47:49 +01:00
Juliusz Sosinowicz
c62f535cb5
Remove duplicate check
...
F-20
2026-03-06 09:25:32 +01:00
Juliusz Sosinowicz
ddac52c6e8
Clear expandLabelPrk
...
F-359
2026-03-06 09:19:46 +01:00
Juliusz Sosinowicz
679d04d201
Add bounds check on read in sniffer
2026-03-06 09:05:53 +01:00
Juliusz Sosinowicz
eaef832494
Use ConstantCompare in EchCheckAcceptance
...
F-357
2026-03-06 08:55:34 +01:00
Juliusz Sosinowicz
1555ec4b76
Replace XMEMCMP with ConstantCompare when validating secure renegotiation (SCR) verify data
...
F-16
2026-03-06 08:51:37 +01:00
Juliusz Sosinowicz
94adedd109
Replace XMEMCMP with ConstantCompare for ticket MAC verification
...
F-15
2026-03-06 08:43:20 +01:00
Juliusz Sosinowicz
341024e484
Adjust SendClientKeyExchange to use exact cipher overhead for DTLS MTU checks
2026-03-06 08:27:42 +01:00
Juliusz Sosinowicz
87d89d8492
CI fixes
2026-03-06 08:27:42 +01:00
Juliusz Sosinowicz
4a29af3062
Apply copilot suggestions
2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz
5c7acedcbe
Configure wolfSSL to disable old names for softhsm
2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz
3084305200
Remove qt from enable-all as its defines are disruptive for most OSP's
2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz
914e57d45c
Revert version change
2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz
fb82496244
Add Python CI workflow and Blake2 EVP support
...
- Add a GitHub Actions workflow to automate testing of Python integration
- Implement Blake2b and Blake2s hash functions into the EVP API.
- Improve OpenSSL compatibility by standardizing ASN.1 encoding for
serial numbers and registered IDs, streamlining cipher stack management, and optimizing stack node copying.
- Enforce maximum fragment size during data transmission to ensure proper TLS/DTLS record fragmentation.
2026-03-06 08:27:41 +01:00
Hideki Miyazaki
f59b9fd32e
fix number in sh
2026-03-06 14:16:36 +09:00
Daniel Pouzzner
80938758ac
Merge pull request #9879 from embhorn/f379
...
Fix wc_ecc_sign_hash_ex with Intel QA
2026-03-05 22:53:55 -06:00
Daniel Pouzzner
cc2fdda54c
Merge pull request #9734 from SparkiDev/mlkem_mldsa_harden
...
ML-KEM/ML-DSA: harden against fault attacks
2026-03-05 21:34:39 -06:00
Hideki Miyazaki
5ce86cff62
fix multi-test.sh failure
2026-03-06 10:53:52 +09:00
Hideki Miyazaki
4877c0e579
fix PRB tests failures
2026-03-06 10:51:57 +09:00
Hideki Miyazaki
cfb7f35e72
fix lareger(>57 octets) crlnum
2026-03-06 10:51:54 +09:00
Daniel Pouzzner
fc677d7d52
Merge pull request #9833 from holtrop-wolfssl/rust-ml-kem
...
Rust wrapper: add mlkem module
2026-03-05 17:31:56 -06:00
Sean Parkinson
65a1a68877
ML-KEM/ML-DSA: harden against fault attacks
...
ML-DSA: check pointer to the y parameter has not be faulted.
ML-KEM: to harden against faultiong, use a different buffer for private
seed, sigma, and add a check that the buffer was copied correctly.
SHA-3: fix size of check variables.
2026-03-06 08:44:08 +10:00
Daniel Pouzzner
ed8f67cb37
Merge pull request #9858 from JacobBarthelmeh/ticket
...
additional sanity check with session ticket size
2026-03-05 16:35:51 -06:00
Daniel Pouzzner
8a5c1c7af1
Merge pull request #9855 from SparkiDev/sp_rv32i_muldi3
...
RISC-V 32 no mul SP C: implement multiplication
2026-03-05 16:32:26 -06:00
Daniel Pouzzner
90ca9c4b7f
Merge pull request #9864 from JacobBarthelmeh/f11
...
harden compare of mac with TLS 1.3 finished
2026-03-05 16:19:07 -06:00
Daniel Pouzzner
396b553c45
Merge pull request #9872 from SparkiDev/asn_improvements_1
...
ASN: improve handling of ASN.1 parsing/encoding
2026-03-05 16:18:12 -06:00
Daniel Pouzzner
e880f5947a
Merge pull request #9874 from Frauschi/f12
...
Harden hash comparison in TLS1.2 finished
2026-03-05 16:14:38 -06:00
Eric Blankenhorn
25f8d6d54a
f282 harden wc_SrpComputeKey
2026-03-05 16:14:16 -06:00
Daniel Pouzzner
7cf118eae1
Merge pull request #9865 from embhorn/f362
...
F362 kNistCurves Table
2026-03-05 16:13:59 -06:00
Daniel Pouzzner
b36df34bcb
Merge pull request #9868 from embhorn/f295
...
Fix wolfSSL_get_peer_quic_transport_version
2026-03-05 16:13:14 -06:00
Eric Blankenhorn
f28a660273
f281 harden wc_SrpInit
2026-03-05 16:13:10 -06:00
Daniel Pouzzner
22f40a1b5a
Merge pull request #9866 from embhorn/f196
...
Fix in wolfSSL_CTX_GenerateEchConfig
2026-03-05 16:12:27 -06:00
Eric Blankenhorn
e21c4d71a6
f278 fix setting heap in wc_SrpInit_ex
2026-03-05 16:11:47 -06:00
Daniel Pouzzner
7ee9bd03c7
Merge pull request #9867 from embhorn/f19
...
Fix sniffer CreateSession
2026-03-05 16:11:23 -06:00
Daniel Pouzzner
1866853073
Merge pull request #9883 from JacobBarthelmeh/f279
...
Fix to free RNG with SRP function in failure case
2026-03-05 16:10:35 -06:00
Daniel Pouzzner
ad3ad566f8
Merge pull request #9871 from JacobBarthelmeh/f296
...
fix to free x509 struct in error case with wolfSSL_PKCS7_get0_signers
2026-03-05 16:08:34 -06:00
Daniel Pouzzner
9010544108
Merge pull request #9870 from JacobBarthelmeh/f21
...
fix benign typo with sizeof
2026-03-05 16:07:50 -06:00
Daniel Pouzzner
63bee12c92
Merge pull request #9875 from Frauschi/f-158
...
Treat alerts as fatal errors regardless of level in TLS1.3
2026-03-05 16:06:40 -06:00
Daniel Pouzzner
888081b4e3
Merge pull request #9882 from Frauschi/f-160
...
Send alert in case of decrypted all-zero message
2026-03-05 15:57:09 -06:00
Daniel Pouzzner
4447f0cca4
Merge pull request #9881 from Frauschi/f-297
...
Make sure session ticket lifetime is in allowed range
2026-03-05 15:45:00 -06:00
Eric Blankenhorn
203cce48ef
f287 harden wc_DhImportKeyPair
2026-03-05 15:44:12 -06:00
Eric Blankenhorn
296493acf0
f283 harden GeneratePrivateDh186
2026-03-05 15:43:10 -06:00
Daniel Pouzzner
b2454d183d
Merge pull request #9880 from Frauschi/f-190
...
fix typo in PKCS#11 V3 init
2026-03-05 15:39:41 -06:00
Eric Blankenhorn
c0a4b94cb7
Fix from review
2026-03-05 15:39:20 -06:00
Daniel Pouzzner
663187150e
Merge pull request #9878 from embhorn/f377
...
Fix checkPad to test for zero padding
2026-03-05 15:38:54 -06:00
Daniel Pouzzner
1b25c46d35
Merge pull request #9877 from embhorn/f276
...
Add null check in wolfSSL_EVP_PKEY_encrypt_init / _decrypt_init
2026-03-05 15:37:26 -06:00
Daniel Pouzzner
13c02b92b2
Merge pull request #9839 from padelsbach/crl-enhancements-ossl
...
CRL enhancements for revoked entries
2026-03-05 15:35:53 -06:00
Daniel Pouzzner
ff493c2979
Merge pull request #9834 from padelsbach/padelsbach/finding-23
...
Fix OCSP->CRL fallback
2026-03-05 15:33:25 -06:00
jordan
1d3a0ca53a
hpke: add missing ForceZero for eae_prk, key_schedule_context, secret.
2026-03-05 15:30:39 -06:00
Eric Blankenhorn
b03a732d92
Fix f285 harden wc_RsaPrivateKeyDecodeRaw
2026-03-05 15:27:05 -06:00