JacobBarthelmeh
c6953b868a
Merge pull request #10260 from Frauschi/ecc_fix
...
Fix ECC validation regression
2026-04-24 14:39:50 -06:00
JacobBarthelmeh
46cedcf0f6
Merge pull request #10268 from ColtonWilley/zephyr-4.3-default-tls-support
...
zephyr: changes needed for Zephyr 4.3 default TLS support
2026-04-24 14:30:59 -06:00
JacobBarthelmeh
0c9a496215
Merge pull request #10162 from embhorn/gh9753
...
Use O_CLOEXEC to avoid race conditions
2026-04-24 14:28:00 -06:00
JacobBarthelmeh
a20c391b84
Merge pull request #10282 from kareem-wolfssl/zd21527
...
Fix W560 "possible truncation at implicit conversion to type unsigned char" warnings raised by Tasking compiler.
2026-04-24 14:11:41 -06:00
JacobBarthelmeh
b9514e70be
Merge pull request #10148 from julek-wolfssl/openvpn-master-bn2binpad
...
Add BN_bn2binpad API and enable OpenVPN master CI testing
2026-04-24 13:54:06 -06:00
JacobBarthelmeh
06abf84ca8
Merge pull request #10300 from julek-wolfssl/hostap-remove-ap_wpa2_eap_sim_sql
...
Remove ap_wpa2_eap_sim_sql
2026-04-24 13:50:49 -06:00
Paul Adelsbach
2fa541bac4
Fix AES multiblock issues for NXP DCP
2026-04-24 12:41:19 -07:00
JacobBarthelmeh
1da353b516
Merge pull request #10248 from holtrop-wolfssl/rust-digest-signature
...
Rust wrapper: add digest and signature crate trait implementations
2026-04-24 11:15:40 -06:00
JacobBarthelmeh
cf2db428ba
Merge pull request #9843 from kaleb-himes/PQ-FS-2026-Part2
...
Phase 2: PQ in boundary and SHA512 DRBG
2026-04-24 10:55:36 -06:00
Daniel Pouzzner
134f63a38c
Merge pull request #10280 from philljj/no_stddef_h_guard
...
wc_port: guard stddef header include.
2026-04-24 11:33:55 -05:00
Juliusz Sosinowicz
e79c13d95c
ci: add OpenSSH 10.3p1 to CI matrix
2026-04-24 18:21:35 +02:00
Juliusz Sosinowicz
5dad65c04c
Remove ap_wpa2_eap_sim_sql
2026-04-24 17:07:37 +02:00
Colton Willey
008ca51cb5
Add additional macros to known macro list
2026-04-24 06:09:25 -07:00
Eric Blankenhorn
6f2d48cd4c
Fix from review
2026-04-24 07:54:52 -05:00
kaleb-himes
08fd7bde58
PQ FIPS v7.0.0 Phase 2 & 3: All changes
...
Implement peer review feedback
2026-04-24 06:52:49 -06:00
Eric Blankenhorn
412c428b0a
Fix TLS ext bounds checking
2026-04-24 07:23:07 -05:00
Juliusz Sosinowicz
31278ee8bd
Merge pull request #10296 from JacobBarthelmeh/hostap
2026-04-24 14:13:02 +02:00
JacobBarthelmeh
29f674e5b6
avoid glitch hardening false positive byte collision with small messages and adjust test case
2026-04-24 01:08:00 -06:00
Joseph Chen
a8528f4cec
Fix IPv6 parsing to use sin6_addr buffer in MatchIPv6
2026-04-24 09:59:01 +08:00
Joseph Chen
4f33799a31
Fix misuse of clientIp in server IPv6 parsing replaced with serverIp
2026-04-24 09:58:37 +08:00
Sean Parkinson
936f8e5423
Merge pull request #10203 from Frauschi/pkcs7_fixes
...
PKCS#7 fixes
2026-04-24 10:13:43 +10:00
JacobBarthelmeh
20c1b91914
Merge pull request #10286 from LinuxJedi/git-action
...
ci: add PR commit message sanity check workflow
2026-04-23 17:16:26 -06:00
JacobBarthelmeh
d9beec2e81
Merge pull request #10283 from night1rider/SHE-test-double-free-fix
...
Fix double-free of she2 in she_test()
2026-04-23 16:59:52 -06:00
JacobBarthelmeh
90366b747f
Merge pull request #10142 from kareem-wolfssl/variousFixes2
...
Various fixes
2026-04-23 16:47:21 -06:00
JacobBarthelmeh
72c7d12cfb
exclude the trust anchor from prospective certification path with pathlen check
2026-04-23 16:23:07 -06:00
JacobBarthelmeh
fe8541cc47
Merge pull request #10193 from padelsbach/set-hashtype-in-ports
...
Set hashType in ports
2026-04-23 15:02:30 -06:00
JacobBarthelmeh
6a0303e299
Merge pull request #10066 from dgarske/wc_puf
...
wolfCrypt SRAM PUF Support
2026-04-23 14:28:37 -06:00
JacobBarthelmeh
53e352181e
Merge pull request #10058 from julek-wolfssl/hostap-ec-generate.sh
...
Re-enable hostap tests and remove some flaky tests
2026-04-23 14:09:09 -06:00
JacobBarthelmeh
5277556989
Merge pull request #10264 from JeremiahM37/fenrir-issues-5
...
Harden wolfCrypt input validation and zeroization
2026-04-23 14:06:29 -06:00
JacobBarthelmeh
2ba4d7e6c9
Merge pull request #10210 from ColtonWilley/fix-scr-dangling-ptr-after-tlsx-freeall
...
Fix dangling secure_renegotiation pointer after TLSX_FreeAll
2026-04-23 13:58:24 -06:00
JacobBarthelmeh
118c0ccb53
Merge pull request #10269 from LinuxJedi/repoint-se050
...
Move SE050 simulator under wolfSSL
2026-04-23 13:54:29 -06:00
JacobBarthelmeh
4fe2e7feb3
Merge pull request #10128 from kareem-wolfssl/zd21526_21530
...
PKCS7 Fixes
2026-04-23 13:29:28 -06:00
Daniel Pouzzner
9d46b57af3
Merge pull request #10246 from sameehj/aes-gcm-fix
...
Zero TLS 1.3 traffic keys after AES SE offload
2026-04-23 13:26:59 -05:00
Tobias Frauenschläger
6c5de29758
Fix ECC validation regression
2026-04-23 11:26:33 +02:00
Tobias Frauenschläger
22d1441331
Bounds-check the RecipientInfo SET length in wc_PKCS7_ParseToRecipientInfoSet()
2026-04-23 11:03:24 +02:00
Tobias Frauenschläger
97b82b5087
Add nonce length validation for PKCS#7
2026-04-23 11:03:19 +02:00
Tobias Frauenschläger
b7f6e77a95
Reject PKCS#7 SignedData signer-identity forgery
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
589feabc0c
Harden PKCS#7 EnvelopedData key unwrap
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
3fd4060458
Add more PKCS#7 tests
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
4e423fde17
More PKCS#7 bounds checks
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
46f3ebb0c6
Add missing ForceZero calls in PKCS#7
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
16e1d33f24
Fix invalid preprocessor guard in PKCS7 with SHA224
...
Also add missing ForceZero for ECDH shared secret on the heap.
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
5634cfd67c
Fix PKCS#7 regression with --enable-all and NO_PKCS7_STREAM
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
e2167e4bbd
add length check in PKCS#7
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
84fb0f694c
Fix various range and size bugs in PKCS#7 code
2026-04-23 09:36:32 +02:00
Andrew Hutchings
8810160da7
ci: add PR commit message sanity check workflow
...
Adds a GitHub Actions workflow that scans every commit in a pull
request and fails if any commit message carries a Co-authored-by
or Signed-off-by trailer pointing at noreply@anthropic.com .
2026-04-23 07:08:36 +01:00
Colton Willey
d5038f1a43
Move Related Work Check from section 12 to section 8 in report template
...
Related Work Check is a triage prerequisite and belongs with the other
due-diligence sections, not at the end after disclosure coordination.
Previous sections 8-11 shift to 9-12. Content unchanged; no internal
cross-references point to the shifted sections.
2026-04-22 19:07:36 -07:00
Colton Willey
c6837a96c5
Publish wolfSSL Security Policy and Vulnerability Report Template
...
Add SECURITY-POLICY.md and SECURITY-REPORT-TEMPLATE.md at the repository
root and replace the .github/SECURITY.md stub with a short pointer.
SECURITY-POLICY.md is intentionally terse and discretionary, matching
OpenSSL and Mbed TLS practice. It states the CVE-filing criterion,
severity tiers, categories not considered CVE-eligible, coordinated-
disclosure practice, and credit.
SECURITY-REPORT-TEMPLATE.md is a structured report template whose use is
mandatory for CVE consideration. It requires a reachability trace,
attacker model, working proof-of-concept, and a related-work check
against open pull requests and recent commits.
All reports route to support@wolfssl.com .
2026-04-22 18:53:38 -07:00
night1rider
d673b62143
Fix double-free of she2 in she_test
2026-04-22 17:33:21 -06:00
Kareem
c69d9693f0
Fix code review feedback and test failure.
2026-04-22 16:33:07 -07:00