Sameeh Jubran
ba51fbd30b
Zero TLS 1.3 traffic keys after AES SE offload
...
When WOLF_CRYPTO_CB_AES_SETKEY is enabled and a CryptoCB callback
imports the AES key into a Secure Element (aes->devCtx != NULL), the
TLS-layer copy in keys->{client,server}_write_key has no further
consumer: the software key schedule is not populated on offload.
ForceZero it in SetKeysSide() per provisioned side.
The static IVs (keys->{client,server}_write_IV and
keys->aead_{enc,dec}_imp_IV) are left intact because BuildTls13Nonce()
reads aead_{enc,dec}_imp_IV on every record (RFC 8446 Section 5.3).
Scope: TLS 1.3, non-DTLS, non-QUIC. DTLS 1.3 needs the write keys
in Dtls13EpochCopyKeys; TLS 1.2 needs them for rehandshake; QUIC is
untouched pending audit.
Add two memio tests (test_wc_CryptoCb_Tls13_Key_{Zero_After_Offload,
No_Zero_Without_Offload}) that pin AES-GCM and check key / IV state
after the handshake and a KeyUpdate round.
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-04-20 10:45:23 +03:00
JacobBarthelmeh
43f06851f1
update changelog notes
2026-04-09 20:45:59 -06:00
JacobBarthelmeh
719e98f717
prepare for release 5.9.1
2026-04-08 07:34:41 -06:00
JacobBarthelmeh
396d0719cd
minor formatting fixes to changelog
2026-03-20 12:07:39 -06:00
JacobBarthelmeh
1df1236230
remove trailing white space in ChangeLog.md
2026-03-18 21:17:26 -06:00
JacobBarthelmeh
a08fa98adc
prepare for release 5.9.0
2026-03-18 16:18:12 -06:00
JacobBarthelmeh
1d448ec3b4
public disclosure of CVE-2025-13912
2025-12-11 10:22:22 -07:00
JacobBarthelmeh
ab98c150c6
prepare for release 5.8.4
2025-11-20 10:57:50 -07:00
Eric Blankenhorn
6ab6634efc
Fix markdown in docs
2025-08-25 09:28:08 -05:00
JacobBarthelmeh
3759c6f1a1
fix changelog formatting
2025-07-22 09:21:26 -06:00
JacobBarthelmeh
c34e6ab8d9
prepare for release 5.8.2
2025-07-17 10:26:19 -06:00
JacobBarthelmeh
e4cb69caef
remove trailing space character in changelog
2025-04-24 12:20:23 -07:00
JacobBarthelmeh
9be6a81bab
prepare for release 5.8.0
2025-04-24 10:41:40 -07:00
JacobBarthelmeh
70e41d1ed1
prepare for release 5.7.6
2024-12-31 08:27:53 -07:00
JacobBarthelmeh
8c5e188dd4
remove trailing white space in README
2024-10-24 13:04:00 -06:00
JacobBarthelmeh
8604024b95
prepare for release 5.7.4
2024-10-24 11:32:33 -06:00
JacobBarthelmeh
4893017005
feature support will be listed in the next release notes
2024-09-25 15:54:59 -06:00
Joshua Okeleke
337456cc1e
Add support for (DevkitPro)libnds
2024-09-18 21:27:53 +02:00
Daniel Pouzzner
a3fb5029f8
clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text.
2024-09-05 14:52:18 -05:00
JacobBarthelmeh
26756da925
update CVE listed in changelog
2024-08-29 16:45:23 -06:00
JacobBarthelmeh
a26476b8b2
update changelog for kyber fix, thanks to Antoon Purnal
2024-07-11 09:01:11 -06:00
JacobBarthelmeh
c8aa0fa351
remove * in changelog created from search and replace
2024-07-08 10:31:13 -06:00
JacobBarthelmeh
203f65a636
prepare for release 5.7.2
2024-07-08 09:47:46 -06:00
JacobBarthelmeh
e80deece82
adjust ChangeLog text
2024-03-21 00:18:44 +07:00
JacobBarthelmeh
e5914effab
prepare for release 5.7.0
2024-03-20 19:32:22 +07:00
Lealem Amedie
63f7298be2
Default to ASN TEMPLATE library
2024-02-01 14:52:06 -07:00
Chris Conlon
5046e577d3
update ChangeLog/README with 5.6.6 release information
2023-12-18 15:24:14 -07:00
Eric Blankenhorn
7223b5a708
Fix spelling warnings
2023-11-22 12:34:56 -06:00
JacobBarthelmeh
6cf75a7d42
prepare for release 5.6.4
2023-10-30 07:59:00 -06:00
Dimitri Papadopoulos
52f91e4ab9
Fix residual typos found by codespell
2023-07-28 09:29:28 +02:00
John Safranek
42e934b251
Update read-me and change-log for the release.
2023-06-16 09:47:35 -07:00
JacobBarthelmeh
72536e0e10
prepare for 5.6.3
2023-06-13 14:47:06 -06:00
JacobBarthelmeh
032ac405db
prepare for release 5.6.2
2023-06-09 05:51:18 -07:00
JacobBarthelmeh
877e026da4
prepare for release 5.6.0
2023-03-23 21:44:18 -07:00
Jacob Barthelmeh
cca63a465d
prepare for release 5.5.4
2022-12-20 14:19:59 -07:00
JacobBarthelmeh
9b895b74bf
update for version 5.5.3
2022-11-02 13:58:37 -07:00
JacobBarthelmeh
eb52083afd
update version to 5.5.2
2022-10-28 06:25:33 -07:00
Jacob Barthelmeh
e720d4ab3b
update changelog notes
2022-10-06 14:31:25 -06:00
Jacob Barthelmeh
eb5076bb89
update changelog for release 5.5.1
2022-09-27 13:40:00 -06:00
Jacob Barthelmeh
d75ce08d75
update readme for release 5.5.0
2022-08-30 09:31:28 -06:00
JacobBarthelmeh
a48129eb99
update README for release
2022-07-11 07:28:15 -07:00
Jacob Barthelmeh
a9c7bc9d00
fix markdown in readme notes
2022-05-05 17:12:55 -06:00
Jacob Barthelmeh
29401334d3
prepare for release 5.3.0
2022-05-02 17:08:38 -06:00
John Safranek
ad8bf40b5e
Update readme for release.
2022-02-20 13:05:04 -08:00
Anthony Hu
884b8634af
CVE-2022-23408
2022-01-18 16:06:08 -05:00
Jacob Barthelmeh
7dd50a1beb
bump version for dev and update year in readme
2022-01-03 16:02:10 -07:00
JacobBarthelmeh
5f16a826dd
update README for release v5.1.1
2022-01-03 09:39:16 -07:00
Jacob Barthelmeh
05a19c852b
account for DTLS extra header size when reading msg from pool
2021-12-27 16:52:09 -07:00
Jacob Barthelmeh
816718ecd3
prepare for release 5.1.0
2021-12-27 10:34:09 -07:00
Anthony Hu
eec9649049
Mention falcon in the changelog
2021-12-10 16:54:13 -05:00