Commit Graph

89 Commits

Author SHA1 Message Date
Sameeh Jubran ba51fbd30b Zero TLS 1.3 traffic keys after AES SE offload
When WOLF_CRYPTO_CB_AES_SETKEY is enabled and a CryptoCB callback
imports the AES key into a Secure Element (aes->devCtx != NULL), the
TLS-layer copy in keys->{client,server}_write_key has no further
consumer: the software key schedule is not populated on offload.
ForceZero it in SetKeysSide() per provisioned side.

The static IVs (keys->{client,server}_write_IV and
keys->aead_{enc,dec}_imp_IV) are left intact because BuildTls13Nonce()
reads aead_{enc,dec}_imp_IV on every record (RFC 8446 Section 5.3).

Scope: TLS 1.3, non-DTLS, non-QUIC.  DTLS 1.3 needs the write keys
in Dtls13EpochCopyKeys; TLS 1.2 needs them for rehandshake; QUIC is
untouched pending audit.

Add two memio tests (test_wc_CryptoCb_Tls13_Key_{Zero_After_Offload,
No_Zero_Without_Offload}) that pin AES-GCM and check key / IV state
after the handshake and a KeyUpdate round.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-04-20 10:45:23 +03:00
JacobBarthelmeh 43f06851f1 update changelog notes 2026-04-09 20:45:59 -06:00
JacobBarthelmeh 719e98f717 prepare for release 5.9.1 2026-04-08 07:34:41 -06:00
JacobBarthelmeh 396d0719cd minor formatting fixes to changelog 2026-03-20 12:07:39 -06:00
JacobBarthelmeh 1df1236230 remove trailing white space in ChangeLog.md 2026-03-18 21:17:26 -06:00
JacobBarthelmeh a08fa98adc prepare for release 5.9.0 2026-03-18 16:18:12 -06:00
JacobBarthelmeh 1d448ec3b4 public disclosure of CVE-2025-13912 2025-12-11 10:22:22 -07:00
JacobBarthelmeh ab98c150c6 prepare for release 5.8.4 2025-11-20 10:57:50 -07:00
Eric Blankenhorn 6ab6634efc Fix markdown in docs 2025-08-25 09:28:08 -05:00
JacobBarthelmeh 3759c6f1a1 fix changelog formatting 2025-07-22 09:21:26 -06:00
JacobBarthelmeh c34e6ab8d9 prepare for release 5.8.2 2025-07-17 10:26:19 -06:00
JacobBarthelmeh e4cb69caef remove trailing space character in changelog 2025-04-24 12:20:23 -07:00
JacobBarthelmeh 9be6a81bab prepare for release 5.8.0 2025-04-24 10:41:40 -07:00
JacobBarthelmeh 70e41d1ed1 prepare for release 5.7.6 2024-12-31 08:27:53 -07:00
JacobBarthelmeh 8c5e188dd4 remove trailing white space in README 2024-10-24 13:04:00 -06:00
JacobBarthelmeh 8604024b95 prepare for release 5.7.4 2024-10-24 11:32:33 -06:00
JacobBarthelmeh 4893017005 feature support will be listed in the next release notes 2024-09-25 15:54:59 -06:00
Joshua Okeleke 337456cc1e Add support for (DevkitPro)libnds 2024-09-18 21:27:53 +02:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
JacobBarthelmeh 26756da925 update CVE listed in changelog 2024-08-29 16:45:23 -06:00
JacobBarthelmeh a26476b8b2 update changelog for kyber fix, thanks to Antoon Purnal 2024-07-11 09:01:11 -06:00
JacobBarthelmeh c8aa0fa351 remove * in changelog created from search and replace 2024-07-08 10:31:13 -06:00
JacobBarthelmeh 203f65a636 prepare for release 5.7.2 2024-07-08 09:47:46 -06:00
JacobBarthelmeh e80deece82 adjust ChangeLog text 2024-03-21 00:18:44 +07:00
JacobBarthelmeh e5914effab prepare for release 5.7.0 2024-03-20 19:32:22 +07:00
Lealem Amedie 63f7298be2 Default to ASN TEMPLATE library 2024-02-01 14:52:06 -07:00
Chris Conlon 5046e577d3 update ChangeLog/README with 5.6.6 release information 2023-12-18 15:24:14 -07:00
Eric Blankenhorn 7223b5a708 Fix spelling warnings 2023-11-22 12:34:56 -06:00
JacobBarthelmeh 6cf75a7d42 prepare for release 5.6.4 2023-10-30 07:59:00 -06:00
Dimitri Papadopoulos 52f91e4ab9 Fix residual typos found by codespell 2023-07-28 09:29:28 +02:00
John Safranek 42e934b251 Update read-me and change-log for the release. 2023-06-16 09:47:35 -07:00
JacobBarthelmeh 72536e0e10 prepare for 5.6.3 2023-06-13 14:47:06 -06:00
JacobBarthelmeh 032ac405db prepare for release 5.6.2 2023-06-09 05:51:18 -07:00
JacobBarthelmeh 877e026da4 prepare for release 5.6.0 2023-03-23 21:44:18 -07:00
Jacob Barthelmeh cca63a465d prepare for release 5.5.4 2022-12-20 14:19:59 -07:00
JacobBarthelmeh 9b895b74bf update for version 5.5.3 2022-11-02 13:58:37 -07:00
JacobBarthelmeh eb52083afd update version to 5.5.2 2022-10-28 06:25:33 -07:00
Jacob Barthelmeh e720d4ab3b update changelog notes 2022-10-06 14:31:25 -06:00
Jacob Barthelmeh eb5076bb89 update changelog for release 5.5.1 2022-09-27 13:40:00 -06:00
Jacob Barthelmeh d75ce08d75 update readme for release 5.5.0 2022-08-30 09:31:28 -06:00
JacobBarthelmeh a48129eb99 update README for release 2022-07-11 07:28:15 -07:00
Jacob Barthelmeh a9c7bc9d00 fix markdown in readme notes 2022-05-05 17:12:55 -06:00
Jacob Barthelmeh 29401334d3 prepare for release 5.3.0 2022-05-02 17:08:38 -06:00
John Safranek ad8bf40b5e Update readme for release. 2022-02-20 13:05:04 -08:00
Anthony Hu 884b8634af CVE-2022-23408 2022-01-18 16:06:08 -05:00
Jacob Barthelmeh 7dd50a1beb bump version for dev and update year in readme 2022-01-03 16:02:10 -07:00
JacobBarthelmeh 5f16a826dd update README for release v5.1.1 2022-01-03 09:39:16 -07:00
Jacob Barthelmeh 05a19c852b account for DTLS extra header size when reading msg from pool 2021-12-27 16:52:09 -07:00
Jacob Barthelmeh 816718ecd3 prepare for release 5.1.0 2021-12-27 10:34:09 -07:00
Anthony Hu eec9649049 Mention falcon in the changelog 2021-12-10 16:54:13 -05:00