Commit Graph

9296 Commits

Author SHA1 Message Date
Daniel Pouzzner 65092ab5eb Merge pull request #9838 from SparkiDev/slhdsa_1
FIPS 205, SLH-DSA: implementation
2026-03-10 19:28:59 -05:00
Daniel Pouzzner 18d1190e82 Merge pull request #9924 from Frauschi/f-426
Fix potential underflow in sniffer
2026-03-09 23:42:32 -05:00
Daniel Pouzzner f5902bd29a Merge pull request #9862 from embhorn/zd21243
Fix DeriveTls13Keys with no_key
2026-03-09 23:41:52 -05:00
Daniel Pouzzner 5bb8b3f803 src/pk_ec.c: in wolfSSL_ECDSA_SIG_new(), mitigate false-positive nullPointerOutOfMemory by returning immediately if initial XMALLOC() fails. 2026-03-09 10:59:50 -05:00
Eric Blankenhorn 9f1296062b Update comment 2026-03-09 09:49:39 -06:00
Eric Blankenhorn d57474a3b7 Fix DeriveTls13Keys with no_key 2026-03-09 09:46:17 -06:00
Tobias Frauenschläger 7ed66dd1c3 Fix potential underflow in sniffer 2026-03-09 13:37:02 +01:00
Sean Parkinson 39b34333d6 FIPS 205, SLH-DSA: implementation
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Daniel Pouzzner f0ba67ee21 Merge pull request #9906 from julek-wolfssl/fenrir/25
wolfSSL_ASN1_item_i2d: simplify buf cleanup
2026-03-06 22:31:27 -06:00
Daniel Pouzzner 1d49f411c7 Merge pull request #9914 from julek-wolfssl/fenrir/30
Make sure size check doesn't underflow
2026-03-06 22:30:51 -06:00
Daniel Pouzzner 467f16f47d Merge pull request #9913 from julek-wolfssl/fenrir/365
Enforce null compression in compression_methods list
2026-03-06 22:29:59 -06:00
Daniel Pouzzner a8686f615e Merge pull request #9911 from julek-wolfssl/fenrir/298
QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
2026-03-06 22:28:40 -06:00
Daniel Pouzzner 5f15d57d89 Merge pull request #9908 from julek-wolfssl/fenrir/205
Set upper bound on post-auth cert reqs
2026-03-06 22:27:59 -06:00
Daniel Pouzzner 3b68026e70 Merge pull request #9907 from julek-wolfssl/fenrir/202
wolfSSL_X509_set_ext: fix memory handling
2026-03-06 22:27:23 -06:00
Daniel Pouzzner 4e4215ada9 Merge pull request #9904 from julek-wolfssl/fenrir/24
Clean up hpke and rng allocation
2026-03-06 22:26:40 -06:00
Daniel Pouzzner 1744819348 Merge pull request #9901 from julek-wolfssl/fenrir/294
Add bounds check on read in sniffer
2026-03-06 22:25:58 -06:00
Daniel Pouzzner a875ffe1f6 Merge pull request #9899 from julek-wolfssl/fenrir/16
Replace `XMEMCMP` with `ConstantCompare` when validating secure renegotiation (SCR) verify data
2026-03-06 22:25:24 -06:00
Daniel Pouzzner 2655c436da Merge pull request #9861 from JacobBarthelmeh/f360
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
Daniel Pouzzner 431724aaf0 Merge pull request #9909 from Frauschi/f-159
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 22:22:58 -06:00
Daniel Pouzzner 45d814e4f2 Merge pull request #9884 from Frauschi/f-204
Prevent session ticket nonce overflow
2026-03-06 22:22:24 -06:00
Daniel Pouzzner 313d27df15 Merge pull request #9900 from julek-wolfssl/fenrir/357
Use ConstantCompare in EchCheckAcceptance
2026-03-06 22:21:44 -06:00
Daniel Pouzzner 6c37629aa5 Merge pull request #9898 from julek-wolfssl/fenrir/15
Replace XMEMCMP with ConstantCompare for ticket MAC verification
2026-03-06 22:20:38 -06:00
Daniel Pouzzner 6424092fa6 Merge pull request #9903 from julek-wolfssl/fenrir/20
Remove duplicate check
2026-03-06 22:19:51 -06:00
JacobBarthelmeh 013e2c8fdf remove special characters, use simple ASCII characters 2026-03-06 17:22:25 -07:00
Juliusz Sosinowicz 694f251663 Add explicit casts 2026-03-06 18:11:33 +01:00
Juliusz Sosinowicz 3c06c22314 Make sure only free'd on error 2026-03-06 18:01:02 +01:00
Juliusz Sosinowicz 479de5a211 Always eval both ConstantCompare statements 2026-03-06 17:56:33 +01:00
Tobias Frauenschläger a2622746cd Error out in case of unknown extensions in response message in TLS 1.3 2026-03-06 17:09:49 +01:00
Juliusz Sosinowicz 5e22d04baf Make sure size check doesn't underflow
F-30
2026-03-06 17:05:35 +01:00
Juliusz Sosinowicz 1537f83c24 Enforce null compression in compression_methods list`
F-365
2026-03-06 16:56:09 +01:00
Juliusz Sosinowicz 52c64c1340 QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
F-298
2026-03-06 16:21:11 +01:00
Juliusz Sosinowicz 0c26920ea0 Set upper bound on post-auth cert reqs
F-205
2026-03-06 16:07:41 +01:00
Juliusz Sosinowicz 49039ef156 wolfSSL_X509_set_ext: fix memory handling 2026-03-06 12:11:53 +01:00
Juliusz Sosinowicz da9dc821e4 wolfSSL_ASN1_item_i2d: simplify buf cleanup
F-25
2026-03-06 12:03:46 +01:00
Tobias Frauenschläger 1d8864980a Prevent session ticket nonce overflow 2026-03-06 10:23:08 +01:00
Juliusz Sosinowicz ac333c371c Clean up hpke and rng allocation 2026-03-06 09:47:49 +01:00
Juliusz Sosinowicz c62f535cb5 Remove duplicate check
F-20
2026-03-06 09:25:32 +01:00
Juliusz Sosinowicz ddac52c6e8 Clear expandLabelPrk
F-359
2026-03-06 09:19:46 +01:00
Juliusz Sosinowicz 679d04d201 Add bounds check on read in sniffer 2026-03-06 09:05:53 +01:00
Juliusz Sosinowicz eaef832494 Use ConstantCompare in EchCheckAcceptance
F-357
2026-03-06 08:55:34 +01:00
Juliusz Sosinowicz 1555ec4b76 Replace XMEMCMP with ConstantCompare when validating secure renegotiation (SCR) verify data
F-16
2026-03-06 08:51:37 +01:00
Juliusz Sosinowicz 94adedd109 Replace XMEMCMP with ConstantCompare for ticket MAC verification
F-15
2026-03-06 08:43:20 +01:00
Daniel Pouzzner ed8f67cb37 Merge pull request #9858 from JacobBarthelmeh/ticket
additional sanity check with session ticket size
2026-03-05 16:35:51 -06:00
Daniel Pouzzner 90ca9c4b7f Merge pull request #9864 from JacobBarthelmeh/f11
harden compare of mac with TLS 1.3 finished
2026-03-05 16:19:07 -06:00
Daniel Pouzzner 396b553c45 Merge pull request #9872 from SparkiDev/asn_improvements_1
ASN: improve handling of ASN.1 parsing/encoding
2026-03-05 16:18:12 -06:00
Daniel Pouzzner e880f5947a Merge pull request #9874 from Frauschi/f12
Harden hash comparison in TLS1.2 finished
2026-03-05 16:14:38 -06:00
Daniel Pouzzner 7cf118eae1 Merge pull request #9865 from embhorn/f362
F362 kNistCurves Table
2026-03-05 16:13:59 -06:00
Daniel Pouzzner b36df34bcb Merge pull request #9868 from embhorn/f295
Fix wolfSSL_get_peer_quic_transport_version
2026-03-05 16:13:14 -06:00
Daniel Pouzzner 22f40a1b5a Merge pull request #9866 from embhorn/f196
Fix in wolfSSL_CTX_GenerateEchConfig
2026-03-05 16:12:27 -06:00
Daniel Pouzzner 7ee9bd03c7 Merge pull request #9867 from embhorn/f19
Fix sniffer CreateSession
2026-03-05 16:11:23 -06:00