Commit Graph

29160 Commits

Author SHA1 Message Date
Daniel Pouzzner 431724aaf0 Merge pull request #9909 from Frauschi/f-159
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 22:22:58 -06:00
Daniel Pouzzner 45d814e4f2 Merge pull request #9884 from Frauschi/f-204
Prevent session ticket nonce overflow
2026-03-06 22:22:24 -06:00
Daniel Pouzzner 313d27df15 Merge pull request #9900 from julek-wolfssl/fenrir/357
Use ConstantCompare in EchCheckAcceptance
2026-03-06 22:21:44 -06:00
Daniel Pouzzner 6c37629aa5 Merge pull request #9898 from julek-wolfssl/fenrir/15
Replace XMEMCMP with ConstantCompare for ticket MAC verification
2026-03-06 22:20:38 -06:00
Daniel Pouzzner 6424092fa6 Merge pull request #9903 from julek-wolfssl/fenrir/20
Remove duplicate check
2026-03-06 22:19:51 -06:00
Daniel Pouzzner 24b2dd040e Merge pull request #9902 from julek-wolfssl/fenrir/359
Clear expandLabelPrk
2026-03-06 22:19:12 -06:00
JacobBarthelmeh 68a1f6f756 remove special characters, use simple ASCII characters 2026-03-06 17:30:48 -07:00
JacobBarthelmeh 013e2c8fdf remove special characters, use simple ASCII characters 2026-03-06 17:22:25 -07:00
Daniel Pouzzner b08f959412 tests/api/test_ocsp.c: don't build test_ocsp_cert_unknown_crl_fallback and related helpers if NO_SHA. 2026-03-06 17:01:40 -06:00
kaleb-himes 325ee2c274 Implement peer review feedback 2026-03-06 10:38:02 -07:00
Juliusz Sosinowicz 694f251663 Add explicit casts 2026-03-06 18:11:33 +01:00
Juliusz Sosinowicz 3c06c22314 Make sure only free'd on error 2026-03-06 18:01:02 +01:00
Juliusz Sosinowicz 479de5a211 Always eval both ConstantCompare statements 2026-03-06 17:56:33 +01:00
Juliusz Sosinowicz cc079a3da8 ecc.c: clear priv key with forcezero
F-286
2026-03-06 17:48:38 +01:00
Juliusz Sosinowicz 14357576d8 wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
F-378
2026-03-06 17:42:37 +01:00
Tobias Frauenschläger a2622746cd Error out in case of unknown extensions in response message in TLS 1.3 2026-03-06 17:09:49 +01:00
Juliusz Sosinowicz 5e22d04baf Make sure size check doesn't underflow
F-30
2026-03-06 17:05:35 +01:00
jordan 7726f5cc7f pwdbased: fix cast warning. 2026-03-06 09:59:43 -06:00
Juliusz Sosinowicz 1537f83c24 Enforce null compression in compression_methods list`
F-365
2026-03-06 16:56:09 +01:00
Juliusz Sosinowicz 52c64c1340 QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
F-298
2026-03-06 16:21:11 +01:00
Josh Holtrop fa07db2cc6 Rust wrapper: add lms module 2026-03-06 10:19:12 -05:00
Juliusz Sosinowicz 0c26920ea0 Set upper bound on post-auth cert reqs
F-205
2026-03-06 16:07:41 +01:00
Tobias Frauenschläger 001eae7272 Add missing ForceZero calls 2026-03-06 15:22:02 +01:00
Eric Blankenhorn 355081b123 Fix test with cast 2026-03-06 07:33:52 -06:00
Juliusz Sosinowicz 49039ef156 wolfSSL_X509_set_ext: fix memory handling 2026-03-06 12:11:53 +01:00
Juliusz Sosinowicz da9dc821e4 wolfSSL_ASN1_item_i2d: simplify buf cleanup
F-25
2026-03-06 12:03:46 +01:00
Tobias Frauenschläger 1d8864980a Prevent session ticket nonce overflow 2026-03-06 10:23:08 +01:00
Juliusz Sosinowicz 5f4d499df0 Don't declare WC_ALLOC_DO_ON_FAILURE by default 2026-03-06 10:15:48 +01:00
Juliusz Sosinowicz ac333c371c Clean up hpke and rng allocation 2026-03-06 09:47:49 +01:00
Juliusz Sosinowicz c62f535cb5 Remove duplicate check
F-20
2026-03-06 09:25:32 +01:00
Juliusz Sosinowicz ddac52c6e8 Clear expandLabelPrk
F-359
2026-03-06 09:19:46 +01:00
Juliusz Sosinowicz 679d04d201 Add bounds check on read in sniffer 2026-03-06 09:05:53 +01:00
Juliusz Sosinowicz eaef832494 Use ConstantCompare in EchCheckAcceptance
F-357
2026-03-06 08:55:34 +01:00
Juliusz Sosinowicz 1555ec4b76 Replace XMEMCMP with ConstantCompare when validating secure renegotiation (SCR) verify data
F-16
2026-03-06 08:51:37 +01:00
Juliusz Sosinowicz 94adedd109 Replace XMEMCMP with ConstantCompare for ticket MAC verification
F-15
2026-03-06 08:43:20 +01:00
Juliusz Sosinowicz 341024e484 Adjust SendClientKeyExchange to use exact cipher overhead for DTLS MTU checks 2026-03-06 08:27:42 +01:00
Juliusz Sosinowicz 87d89d8492 CI fixes 2026-03-06 08:27:42 +01:00
Juliusz Sosinowicz 4a29af3062 Apply copilot suggestions 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz 5c7acedcbe Configure wolfSSL to disable old names for softhsm 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz 3084305200 Remove qt from enable-all as its defines are disruptive for most OSP's 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz 914e57d45c Revert version change 2026-03-06 08:27:41 +01:00
Juliusz Sosinowicz fb82496244 Add Python CI workflow and Blake2 EVP support
- Add a GitHub Actions workflow to automate testing of Python integration
- Implement Blake2b and Blake2s hash functions into the EVP API.
- Improve OpenSSL compatibility by standardizing ASN.1 encoding for
serial numbers and registered IDs, streamlining cipher stack management, and optimizing stack node copying.
- Enforce maximum fragment size during data transmission to ensure proper TLS/DTLS record fragmentation.
2026-03-06 08:27:41 +01:00
Hideki Miyazaki f59b9fd32e fix number in sh 2026-03-06 14:16:36 +09:00
Daniel Pouzzner 80938758ac Merge pull request #9879 from embhorn/f379
Fix wc_ecc_sign_hash_ex with Intel QA
2026-03-05 22:53:55 -06:00
Daniel Pouzzner cc2fdda54c Merge pull request #9734 from SparkiDev/mlkem_mldsa_harden
ML-KEM/ML-DSA: harden against fault attacks
2026-03-05 21:34:39 -06:00
Hideki Miyazaki 5ce86cff62 fix multi-test.sh failure 2026-03-06 10:53:52 +09:00
Hideki Miyazaki 4877c0e579 fix PRB tests failures 2026-03-06 10:51:57 +09:00
Hideki Miyazaki cfb7f35e72 fix lareger(>57 octets) crlnum 2026-03-06 10:51:54 +09:00
Daniel Pouzzner fc677d7d52 Merge pull request #9833 from holtrop-wolfssl/rust-ml-kem
Rust wrapper: add mlkem module
2026-03-05 17:31:56 -06:00
Sean Parkinson 65a1a68877 ML-KEM/ML-DSA: harden against fault attacks
ML-DSA: check pointer to the y parameter has not be faulted.
ML-KEM: to harden against faultiong, use a different buffer for private
seed, sigma, and add a check that the buffer was copied correctly.
SHA-3: fix size of check variables.
2026-03-06 08:44:08 +10:00