Commit Graph

28014 Commits

Author SHA1 Message Date
Daniel Pouzzner 4e4215ada9 Merge pull request #9904 from julek-wolfssl/fenrir/24
Clean up hpke and rng allocation
2026-03-06 22:26:40 -06:00
Daniel Pouzzner 1744819348 Merge pull request #9901 from julek-wolfssl/fenrir/294
Add bounds check on read in sniffer
2026-03-06 22:25:58 -06:00
Daniel Pouzzner a875ffe1f6 Merge pull request #9899 from julek-wolfssl/fenrir/16
Replace `XMEMCMP` with `ConstantCompare` when validating secure renegotiation (SCR) verify data
2026-03-06 22:25:24 -06:00
Daniel Pouzzner 68e085df45 Merge pull request #9918 from douzzer/20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback
20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback (approved by @JacobBarthelmeh)
2026-03-06 22:24:45 -06:00
Daniel Pouzzner 2655c436da Merge pull request #9861 from JacobBarthelmeh/f360
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
Daniel Pouzzner 431724aaf0 Merge pull request #9909 from Frauschi/f-159
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 22:22:58 -06:00
Daniel Pouzzner 45d814e4f2 Merge pull request #9884 from Frauschi/f-204
Prevent session ticket nonce overflow
2026-03-06 22:22:24 -06:00
Daniel Pouzzner 313d27df15 Merge pull request #9900 from julek-wolfssl/fenrir/357
Use ConstantCompare in EchCheckAcceptance
2026-03-06 22:21:44 -06:00
Daniel Pouzzner 6c37629aa5 Merge pull request #9898 from julek-wolfssl/fenrir/15
Replace XMEMCMP with ConstantCompare for ticket MAC verification
2026-03-06 22:20:38 -06:00
Daniel Pouzzner 6424092fa6 Merge pull request #9903 from julek-wolfssl/fenrir/20
Remove duplicate check
2026-03-06 22:19:51 -06:00
Daniel Pouzzner 24b2dd040e Merge pull request #9902 from julek-wolfssl/fenrir/359
Clear expandLabelPrk
2026-03-06 22:19:12 -06:00
JacobBarthelmeh 013e2c8fdf remove special characters, use simple ASCII characters 2026-03-06 17:22:25 -07:00
Daniel Pouzzner b08f959412 tests/api/test_ocsp.c: don't build test_ocsp_cert_unknown_crl_fallback and related helpers if NO_SHA. 2026-03-06 17:01:40 -06:00
Juliusz Sosinowicz 694f251663 Add explicit casts 2026-03-06 18:11:33 +01:00
Juliusz Sosinowicz 479de5a211 Always eval both ConstantCompare statements 2026-03-06 17:56:33 +01:00
Tobias Frauenschläger a2622746cd Error out in case of unknown extensions in response message in TLS 1.3 2026-03-06 17:09:49 +01:00
Tobias Frauenschläger 1d8864980a Prevent session ticket nonce overflow 2026-03-06 10:23:08 +01:00
Juliusz Sosinowicz ac333c371c Clean up hpke and rng allocation 2026-03-06 09:47:49 +01:00
Juliusz Sosinowicz c62f535cb5 Remove duplicate check
F-20
2026-03-06 09:25:32 +01:00
Juliusz Sosinowicz ddac52c6e8 Clear expandLabelPrk
F-359
2026-03-06 09:19:46 +01:00
Juliusz Sosinowicz 679d04d201 Add bounds check on read in sniffer 2026-03-06 09:05:53 +01:00
Juliusz Sosinowicz eaef832494 Use ConstantCompare in EchCheckAcceptance
F-357
2026-03-06 08:55:34 +01:00
Juliusz Sosinowicz 1555ec4b76 Replace XMEMCMP with ConstantCompare when validating secure renegotiation (SCR) verify data
F-16
2026-03-06 08:51:37 +01:00
Juliusz Sosinowicz 94adedd109 Replace XMEMCMP with ConstantCompare for ticket MAC verification
F-15
2026-03-06 08:43:20 +01:00
Daniel Pouzzner 80938758ac Merge pull request #9879 from embhorn/f379
Fix wc_ecc_sign_hash_ex with Intel QA
2026-03-05 22:53:55 -06:00
Daniel Pouzzner cc2fdda54c Merge pull request #9734 from SparkiDev/mlkem_mldsa_harden
ML-KEM/ML-DSA: harden against fault attacks
2026-03-05 21:34:39 -06:00
Daniel Pouzzner fc677d7d52 Merge pull request #9833 from holtrop-wolfssl/rust-ml-kem
Rust wrapper: add mlkem module
2026-03-05 17:31:56 -06:00
Sean Parkinson 65a1a68877 ML-KEM/ML-DSA: harden against fault attacks
ML-DSA: check pointer to the y parameter has not be faulted.
ML-KEM: to harden against faultiong, use a different buffer for private
seed, sigma, and add a check that the buffer was copied correctly.
SHA-3: fix size of check variables.
2026-03-06 08:44:08 +10:00
Daniel Pouzzner ed8f67cb37 Merge pull request #9858 from JacobBarthelmeh/ticket
additional sanity check with session ticket size
2026-03-05 16:35:51 -06:00
Daniel Pouzzner 8a5c1c7af1 Merge pull request #9855 from SparkiDev/sp_rv32i_muldi3
RISC-V 32 no mul SP C: implement multiplication
2026-03-05 16:32:26 -06:00
Daniel Pouzzner 90ca9c4b7f Merge pull request #9864 from JacobBarthelmeh/f11
harden compare of mac with TLS 1.3 finished
2026-03-05 16:19:07 -06:00
Daniel Pouzzner 396b553c45 Merge pull request #9872 from SparkiDev/asn_improvements_1
ASN: improve handling of ASN.1 parsing/encoding
2026-03-05 16:18:12 -06:00
Daniel Pouzzner e880f5947a Merge pull request #9874 from Frauschi/f12
Harden hash comparison in TLS1.2 finished
2026-03-05 16:14:38 -06:00
Daniel Pouzzner 7cf118eae1 Merge pull request #9865 from embhorn/f362
F362 kNistCurves Table
2026-03-05 16:13:59 -06:00
Daniel Pouzzner b36df34bcb Merge pull request #9868 from embhorn/f295
Fix wolfSSL_get_peer_quic_transport_version
2026-03-05 16:13:14 -06:00
Daniel Pouzzner 22f40a1b5a Merge pull request #9866 from embhorn/f196
Fix in wolfSSL_CTX_GenerateEchConfig
2026-03-05 16:12:27 -06:00
Daniel Pouzzner 7ee9bd03c7 Merge pull request #9867 from embhorn/f19
Fix sniffer CreateSession
2026-03-05 16:11:23 -06:00
Daniel Pouzzner 1866853073 Merge pull request #9883 from JacobBarthelmeh/f279
Fix to free RNG with SRP function in failure case
2026-03-05 16:10:35 -06:00
Daniel Pouzzner ad3ad566f8 Merge pull request #9871 from JacobBarthelmeh/f296
fix to free x509 struct in error case with wolfSSL_PKCS7_get0_signers
2026-03-05 16:08:34 -06:00
Daniel Pouzzner 9010544108 Merge pull request #9870 from JacobBarthelmeh/f21
fix benign typo with sizeof
2026-03-05 16:07:50 -06:00
Daniel Pouzzner 63bee12c92 Merge pull request #9875 from Frauschi/f-158
Treat alerts as fatal errors regardless of level in TLS1.3
2026-03-05 16:06:40 -06:00
Daniel Pouzzner 888081b4e3 Merge pull request #9882 from Frauschi/f-160
Send alert in case of decrypted all-zero message
2026-03-05 15:57:09 -06:00
Daniel Pouzzner 4447f0cca4 Merge pull request #9881 from Frauschi/f-297
Make sure session ticket lifetime is in allowed range
2026-03-05 15:45:00 -06:00
Daniel Pouzzner b2454d183d Merge pull request #9880 from Frauschi/f-190
fix typo in PKCS#11 V3 init
2026-03-05 15:39:41 -06:00
Daniel Pouzzner 663187150e Merge pull request #9878 from embhorn/f377
Fix checkPad to test for zero padding
2026-03-05 15:38:54 -06:00
Daniel Pouzzner 1b25c46d35 Merge pull request #9877 from embhorn/f276
Add null check in wolfSSL_EVP_PKEY_encrypt_init / _decrypt_init
2026-03-05 15:37:26 -06:00
Daniel Pouzzner 13c02b92b2 Merge pull request #9839 from padelsbach/crl-enhancements-ossl
CRL enhancements for revoked entries
2026-03-05 15:35:53 -06:00
Daniel Pouzzner ff493c2979 Merge pull request #9834 from padelsbach/padelsbach/finding-23
Fix OCSP->CRL fallback
2026-03-05 15:33:25 -06:00
Daniel Pouzzner 58f48a96bf Merge pull request #9836 from Frauschi/pkcs11_dilithium
Add support for ML-DSA in PKCS#11
2026-03-05 15:22:10 -06:00
Daniel Pouzzner c65e3e50fd Merge pull request #9825 from embhorn/zd21240
Fix issue in TLS_hmac size calculation
2026-03-05 15:16:47 -06:00