Juliusz Sosinowicz
15dbd61dbe
Remove dead code
...
`ticket->lifetime` is never set to 0xfffffff anywhere
F-430
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz
7a264162b8
wc_ChaCha20Poly1305_Decrypt: clear unauthed plaintext
...
F-452
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz
0b03d56127
wc_GetKeyOID: Clean up logging in mldsa case
...
F-449
2026-03-10 09:52:05 +01:00
Daniel Pouzzner
b02ddde4f2
Merge pull request #9886 from philljj/fix_f_193
...
wc_encrypt: add missing ForceZero for Des, Arc4, Rc2.
2026-03-09 23:43:26 -05:00
Daniel Pouzzner
18d1190e82
Merge pull request #9924 from Frauschi/f-426
...
Fix potential underflow in sniffer
2026-03-09 23:42:32 -05:00
Daniel Pouzzner
f5902bd29a
Merge pull request #9862 from embhorn/zd21243
...
Fix DeriveTls13Keys with no_key
2026-03-09 23:41:52 -05:00
Daniel Pouzzner
2cb1781b9a
Merge pull request #9922 from Frauschi/f-450
...
Fix memory leak in error case within RsaMGF1
2026-03-09 23:39:30 -05:00
Daniel Pouzzner
cd2386c87e
Merge pull request #9894 from philljj/fix_f_280
...
hpke: add missing ForceZero for eae_prk, key_schedule_context, secret.
2026-03-09 23:38:37 -05:00
Daniel Pouzzner
3386e40453
Merge pull request #9890 from philljj/fix_f_hmac
...
hmac: add missing ForceZero for tmp, prk.
2026-03-09 23:38:04 -05:00
Daniel Pouzzner
3736352b24
Merge pull request #9888 from philljj/fix_f_383
...
pwdbased: add missing ForceZero for blocks, v, y.
2026-03-09 23:37:24 -05:00
Daniel Pouzzner
8f485a5b7d
Merge pull request #9929 from douzzer/20260309-nullPointerOutOfMemory
...
20260309-nullPointerOutOfMemory
(reviewed+approved by @philljj)
2026-03-09 23:36:44 -05:00
Daniel Pouzzner
23f62bceb5
linuxkm/module_exports.c.template: add wolfssl/wolfcrypt/wc_slhdsa.h.
...
wolfcrypt/src/wc_slhdsa.c:
* refactor SAVE_VECTOR_REGISTERS2() in slhdsakey_fors_sign() as
CAN_SAVE_VECTOR_REGISTERS(), with local save-restore wrappers around the
rest of the vector calls deeper in the call stack, to avoid failing
GFP_ATOMIC allocations and long spans with interrupts disabled.
* fix numerous bugprone-macro-parentheses and bugprone-signed-char-misuses.
* use readUnalignedWord64() in SHAKE256_SET_SEED_HA_X4_*() and
slhdsakey_shake256_set_seed_ha_x4() to avoid benign unaligned access warnings
from sanitizers.
wolfcrypt/test/test.c:
* in TestDumpData(), use WOLFSSL_DEBUG_PRINTF(), not fprintf(stderr, ...), for
portability.
* in slhdsa_test_param() and slhdsa_test(), use WC_DECLARE_VAR() and friends
for SlhDsaKey allocations, and use ERROR_OUT() and single-return-point
refactors to fix error path memory leaks.
2026-03-09 23:08:42 -05:00
Ruby Martin
66caf5ad55
free enc and dec before returning MEMORY_E
2026-03-09 13:03:54 -06:00
aidan garske
832af2164b
Fix copy-paste error in EncodeCertReq guard check where falconKey was checked twice instead of including dilithiumKey and sphincsKey
2026-03-09 11:43:41 -07:00
Ruby Martin
ba39aacf20
use ERROR_OUT when ret != 0 instead of returning
2026-03-09 11:48:39 -06:00
Ruby Martin
133f53f03d
replace sizeof with MAX_ECIES_TEST_SZ
2026-03-09 11:39:21 -06:00
Ruby Martin
6ae38f1b91
move unused variable suppression to top of exit_rsa label
2026-03-09 11:38:12 -06:00
JacobBarthelmeh
6e56635a09
Fix for setting curve using all caps with wolfSSL_set1_curves_list
2026-03-09 10:41:01 -06:00
Daniel Pouzzner
5bb8b3f803
src/pk_ec.c: in wolfSSL_ECDSA_SIG_new(), mitigate false-positive nullPointerOutOfMemory by returning immediately if initial XMALLOC() fails.
2026-03-09 10:59:50 -05:00
Daniel Pouzzner
aa4b84f9a2
wolfcrypt/src/evp_pk.c: fix benign nullPointer in d2i_make_pkey() reported by cppcheck-2.20.0.
2026-03-09 10:58:36 -05:00
Eric Blankenhorn
84650b576c
Add WOLFSSL_API_PREFIX_MAP
2026-03-09 09:49:39 -06:00
Eric Blankenhorn
9f1296062b
Update comment
2026-03-09 09:49:39 -06:00
Eric Blankenhorn
4b09fb36d9
Add test test_tls13_derive_keys_no_key
2026-03-09 09:49:37 -06:00
Eric Blankenhorn
d57474a3b7
Fix DeriveTls13Keys with no_key
2026-03-09 09:46:17 -06:00
jordan
f7127ca729
ascon: don't skip wc_AsconAEAD128_Clear on auth error.
2026-03-09 09:33:34 -05:00
Sameeh Jubran
1825952783
Fix undefined variable tls1 in InitSuites for PSK cipher suite
...
The WOLFSSL_OLDTLS_SHA2_CIPHERSUITES else-branch for
BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 referenced undeclared variable
`tls1` instead of `tls`, a copy-paste typo from commit a975ba9e97
(2019). This caused a compilation error when both WOLFSSL_STATIC_PSK
and WOLFSSL_OLDTLS_SHA2_CIPHERSUITES were defined.
Add PSK CI config with WOLFSSL_OLDTLS_SHA2_CIPHERSUITES to prevent
regressions.
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-03-09 14:51:59 +02:00
Tobias Frauenschläger
7ed66dd1c3
Fix potential underflow in sniffer
2026-03-09 13:37:02 +01:00
Tobias Frauenschläger
9c2bb3d10d
Fix memory leak in error case within RsaMGF1
2026-03-09 11:17:31 +01:00
Tobias Frauenschläger
a4cd2f5f88
Zeroize preMasterSecret in hybrid PQ/T error cases
...
Fixes zd#21310, reported by YUE LI (Peking University)
2026-03-09 10:40:34 +01:00
Sean Parkinson
39b34333d6
FIPS 205, SLH-DSA: implementation
...
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Daniel Pouzzner
b3f08f33b8
Merge pull request #9873 from miyazakh/fix_larger_crlnum
...
fix lareger(>57 octets) CRL number
2026-03-06 22:49:03 -06:00
Daniel Pouzzner
04e2adc799
Merge pull request #9916 from julek-wolfssl/fenrir/286
...
ecc.c: clear priv key with forcezero
2026-03-06 22:38:27 -06:00
Daniel Pouzzner
031c87407d
Merge pull request #9892 from embhorn/f380-381-382
...
Hardening in wc_MakeDsaKey and wc_FreeDsaKey
2026-03-06 22:37:44 -06:00
Daniel Pouzzner
396b5ec1da
Merge pull request #9896 from embhorn/f278-281-282
...
Fixes issues in SRP component:
2026-03-06 22:36:59 -06:00
Daniel Pouzzner
f02f6d1d67
Merge pull request #9895 from embhorn/f283-287
...
Hardening in GeneratePrivateDh186 and wc_DhImportKeyPair
2026-03-06 22:36:14 -06:00
Daniel Pouzzner
d4ac953ca5
Merge pull request #9893 from embhorn/f284-285
...
Hardening in wc_FreeRsaKey and wc_RsaPrivateKeyDecodeRaw
2026-03-06 22:35:39 -06:00
Daniel Pouzzner
2635315822
Merge pull request #9891 from embhorn/f194
...
Harden wc_ecc_shared_secret_gen_sync
2026-03-06 22:34:58 -06:00
Daniel Pouzzner
73b5306721
Merge pull request #9850 from kaleb-himes/p-collide-nth-solve
...
Nth attempt to resolve port collisions once-and-for-all
2026-03-06 22:34:16 -06:00
Daniel Pouzzner
e74d52a32e
Merge pull request #9915 from julek-wolfssl/fenrir/378
...
wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
2026-03-06 22:32:18 -06:00
Daniel Pouzzner
f0ba67ee21
Merge pull request #9906 from julek-wolfssl/fenrir/25
...
wolfSSL_ASN1_item_i2d: simplify buf cleanup
2026-03-06 22:31:27 -06:00
Daniel Pouzzner
1d49f411c7
Merge pull request #9914 from julek-wolfssl/fenrir/30
...
Make sure size check doesn't underflow
2026-03-06 22:30:51 -06:00
Daniel Pouzzner
467f16f47d
Merge pull request #9913 from julek-wolfssl/fenrir/365
...
Enforce null compression in compression_methods list
2026-03-06 22:29:59 -06:00
Daniel Pouzzner
a8686f615e
Merge pull request #9911 from julek-wolfssl/fenrir/298
...
QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
2026-03-06 22:28:40 -06:00
Daniel Pouzzner
5f15d57d89
Merge pull request #9908 from julek-wolfssl/fenrir/205
...
Set upper bound on post-auth cert reqs
2026-03-06 22:27:59 -06:00
Daniel Pouzzner
3b68026e70
Merge pull request #9907 from julek-wolfssl/fenrir/202
...
wolfSSL_X509_set_ext: fix memory handling
2026-03-06 22:27:23 -06:00
Daniel Pouzzner
4e4215ada9
Merge pull request #9904 from julek-wolfssl/fenrir/24
...
Clean up hpke and rng allocation
2026-03-06 22:26:40 -06:00
Daniel Pouzzner
1744819348
Merge pull request #9901 from julek-wolfssl/fenrir/294
...
Add bounds check on read in sniffer
2026-03-06 22:25:58 -06:00
Daniel Pouzzner
a875ffe1f6
Merge pull request #9899 from julek-wolfssl/fenrir/16
...
Replace `XMEMCMP` with `ConstantCompare` when validating secure renegotiation (SCR) verify data
2026-03-06 22:25:24 -06:00
Daniel Pouzzner
68e085df45
Merge pull request #9918 from douzzer/20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback
...
20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback (approved by @JacobBarthelmeh)
2026-03-06 22:24:45 -06:00
Daniel Pouzzner
2655c436da
Merge pull request #9861 from JacobBarthelmeh/f360
...
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00