Daniel Pouzzner
7fd41b13de
Merge pull request #10104 from padelsbach/cast-shift-slhdsa.c
...
Cast to unsigned prior to shift to avoid UB in SLH-DSA
2026-04-02 00:03:42 -05:00
Daniel Pouzzner
27aac0ac60
Merge pull request #10007 from julek-wolfssl/zd/21376
...
DTLS 1.3: don't echo legacy_session_id in ServerHello
2026-04-02 00:03:06 -05:00
Daniel Pouzzner
68eaf67767
Merge pull request #10061 from anhu/fips23
...
Not just FIPS 140-2, 3 as well.
2026-04-01 18:03:09 -05:00
JacobBarthelmeh
107cf61ab7
Merge pull request #10118 from padelsbach/crl-no-ecc-fix
...
Fix compile issue with --enable-crl and --disable-ecc
2026-04-01 15:32:23 -06:00
Paul Adelsbach
2d8e853c74
Fix compile issue with --enable-crl and --disable-ecc
2026-04-01 10:10:35 -07:00
Daniel Pouzzner
6fc93ac412
Merge pull request #10107 from danielinux/vde-license-exception
...
Added approved license exception for vde
2026-03-31 12:27:15 -05:00
Paul Adelsbach
4aac31bf09
Cast to unsigned prior to shift to avoid UB in SLH-DSA
2026-03-31 09:43:58 -07:00
Daniel Pouzzner
ef3ba4906b
Merge pull request #10109 from julek-wolfssl/openvpn-master
...
Fix GetLength return value check in ASN1_INTEGER functions
2026-03-31 11:23:11 -05:00
Juliusz Sosinowicz
4c2a90c8ef
Fix GetLength return value check in ASN1_INTEGER functions
...
Change GetLength() return check from > 0 to >= 0 in wolfSSL_ASN1_INTEGER_get_length
and wolfSSL_ASN1_INTEGER_get0_data. GetLength returns the decoded length (≥ 0) on
success and negative error codes on failure, so checking > 0 incorrectly excluded
zero-length values, making the DER-stripping logic dead code.
2026-03-31 12:44:30 +02:00
Juliusz Sosinowicz
9cbdf04359
fixup! Refactor: Use dynamic allocation for RSA test buffers
2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz
8b378bcfd1
fixup! DTLS1.3: Implement RFC 9147 legacy_session_id_echo requirements
2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz
362a374e73
fixup! Refactor: Use dynamic allocation for RSA test buffers
2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz
3b0b50e392
DTLS1.3: Implement RFC 9147 legacy_session_id_echo requirements
2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz
c9c2376068
TLS1.3: Improve session version handling for resumption
2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz
fb4600bf54
Core: Unconditionally expose WOLFSSL_SESSION::version
2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz
003c0147d0
Refactor: Use XFILE for test memory I/O dumps
2026-03-31 12:42:15 +02:00
Juliusz Sosinowicz
1a4f327d11
Refactor: Use dynamic allocation for RSA test buffers
2026-03-31 12:42:15 +02:00
Daniele Lacamera
18332faa05
Added approved license exception for vde
2026-03-31 08:49:29 +02:00
Daniel Pouzzner
b36a9ca80e
Merge pull request #10032 from JacobBarthelmeh/changelog
...
minor formatting fixes to changelog
2026-03-30 23:01:35 -05:00
Daniel Pouzzner
a2298dde9c
Merge pull request #10105 from padelsbach/lms-sign-external
...
Add buffer size and callback checks to external wc_LmsKey_Sign
2026-03-30 23:01:00 -05:00
Daniel Pouzzner
5f54de0577
Merge pull request #10076 from rizlik/dtls13_ack_improvements
...
Dtls13: ack management improvements
2026-03-30 22:59:54 -05:00
Daniel Pouzzner
1a3daf0148
Merge pull request #10087 from padelsbach/crl-num-negative
...
Reject negative CRL numbers when decoding
2026-03-30 22:58:34 -05:00
Daniel Pouzzner
adf70b1629
Merge pull request #10089 from julek-wolfssl/openvpn-master
...
openssl compat: fix ASN1_STRING_{length,get0_data} for ASN1_INTEGER
2026-03-30 22:52:36 -05:00
Daniel Pouzzner
8e54eb9364
Merge pull request #10048 from anhu/constraints
...
Enforce URI name constraints in ConfirmNameConstraints
2026-03-30 22:51:52 -05:00
Daniel Pouzzner
74a407939b
Merge pull request #10093 from lealem47/ocsp_hang
...
Fix hang in OCSP Stapling test
2026-03-30 22:50:44 -05:00
Daniel Pouzzner
c8415c407f
Merge pull request #10100 from Frauschi/zd21464
...
Zeroize sensitive buffers for ML-DSA
2026-03-30 22:34:53 -05:00
Daniel Pouzzner
b5a835abed
Merge pull request #10054 from kojo1/Csharp
...
fix for Csharp user_settings.h
2026-03-30 18:32:19 -05:00
Paul Adelsbach
18494e154f
Reject negative CRL numbers when decoding
2026-03-30 16:09:32 -07:00
Paul Adelsbach
2ac3020bb6
Add buffer size and callback checks to external wc_LmsKey_Sign
2026-03-30 15:02:13 -07:00
Daniel Pouzzner
0a61997059
Merge pull request #10045 from embhorn/zd21385
...
Fix IAR warning about volatile access
2026-03-30 13:42:14 -05:00
Daniel Pouzzner
5b2e8b1376
Merge pull request #10065 from dgarske/async_nb_leak
...
Fix possible leak for ecc non-blocking crypto
2026-03-30 11:40:02 -05:00
Daniel Pouzzner
edb4b2828f
Merge pull request #10091 from rlm2002/gi10063Xchacha
...
GI issue fix use `size_t` instead of `long int`
2026-03-30 11:38:32 -05:00
Daniel Pouzzner
18111b1252
Merge pull request #10092 from anhu/hkex-ticket
...
Fix PQC hybrid KeyShare pointer sanity.
2026-03-30 11:36:11 -05:00
Daniel Pouzzner
df055976ed
Merge pull request #10079 from rlm2002/ghi10063
...
Various GI and ZD fixes
2026-03-30 11:34:05 -05:00
Daniel Pouzzner
9c0a9a6ceb
Merge pull request #10084 from holtrop-wolfssl/zd21439
...
Add buffer size and callback checks to wc_LmsKey_Sign
2026-03-30 11:32:38 -05:00
JacobBarthelmeh
348d75b749
Merge pull request #10098 from douzzer/20260328-test_wolfSSL_dtls_fragments-race-mitigation
...
20260328-test_wolfSSL_dtls_fragments-race-mitigation
2026-03-30 10:29:31 -06:00
Marco Oliverio
1496614579
internal.h: clarify DTLS13_ACK_MAX_RECORDS comment
2026-03-30 17:34:36 +02:00
Marco Oliverio
d1d6e587c0
test_dtls: remove bad char
2026-03-30 16:53:07 +02:00
Tobias Frauenschläger
7bdf13a3a3
Zeroize sensitive buffers for ML-DSA
...
Make sure stack-allocated buffers containing potentially senstive
material are zeroized before function exit.
Identified by: Abhinav Agarwal (GitHub: @abhinavagarwal07)
2026-03-30 11:21:32 +02:00
Daniel Pouzzner
20d9ea0022
tests/api.c: in test_wolfSSL_dtls_fragments(), accommodate races between threads.
2026-03-28 16:25:41 -05:00
lealem47
b7e7e7555f
Merge pull request #10095 from douzzer/20260327-sanitizer-and-fixes-and-tls12_kdf_test-gating
...
20260327-sanitizer-and-tls12_kdf_test-gating-fixes
2026-03-27 17:52:37 -06:00
Lealem Amedie
22717a4672
Address copilot feedback
2026-03-27 16:35:42 -06:00
Daniel Pouzzner
76a498f7ea
wolfcrypt/src/asn.c: fix invalid-pointer-pair "wild pointer" in CheckCertSignature_ex().
2026-03-27 17:07:53 -05:00
Daniel Pouzzner
8b84b1fd1b
wolfssl/wolfcrypt/coding.h and wolfssl/wolfcrypt/settings.h: fix feature activation for WOLFSSL_BASE16 (move from coding.h to settings.h).
2026-03-27 16:42:25 -05:00
Daniel Pouzzner
e3d4d220c3
src/conf.c, src/ssl.c, wolfcrypt/src/asn.c, wolfssl/wolfcrypt/asn.h: fixes for invalid-pointer-pair memory errors reported by clang sanitizer with detect_invalid_pointer_pairs=2 in ASAN_OPTIONS.
2026-03-27 16:40:05 -05:00
Lealem Amedie
49003f8e54
Fix hang in OCSP test
2026-03-27 14:41:24 -06:00
Anthony Hu
46f6320380
Fix PQC hybrid KeyShare pointer sanity.
...
Also add tests for it and SetTicket
2026-03-27 14:33:41 -04:00
Ruby Martin
88fdc3d92a
remove casts that would cause truncation if long int is 32-bit but size_t is 64-bit
2026-03-27 12:09:53 -06:00
Juliusz Sosinowicz
0f30790c9b
openssl compat: fix ASN1_STRING_{length,get0_data} for ASN1_INTEGER
...
In OpenSSL, ASN1_INTEGER is typedef'd to ASN1_STRING (same struct), so
calling ASN1_STRING_length() / ASN1_STRING_get0_data() on an
ASN1_INTEGER* is valid and well-defined. wolfSSL has them as distinct,
incompatible structs. This fixes the openvpn master failures introduced in
https://github.com/OpenVPN/openvpn/pull/1003
2026-03-27 17:20:45 +01:00
Josh Holtrop
048a03e8bf
Add buffer size and callback checks to wc_LmsKey_Sign
...
Fixes ZD#21439
2026-03-27 08:49:43 -04:00