Commit Graph

29626 Commits

Author SHA1 Message Date
JacobBarthelmeh c6953b868a Merge pull request #10260 from Frauschi/ecc_fix
Fix ECC validation regression
2026-04-24 14:39:50 -06:00
JacobBarthelmeh 46cedcf0f6 Merge pull request #10268 from ColtonWilley/zephyr-4.3-default-tls-support
zephyr: changes needed for Zephyr 4.3 default TLS support
2026-04-24 14:30:59 -06:00
JacobBarthelmeh 0c9a496215 Merge pull request #10162 from embhorn/gh9753
Use O_CLOEXEC to avoid race conditions
2026-04-24 14:28:00 -06:00
JacobBarthelmeh a20c391b84 Merge pull request #10282 from kareem-wolfssl/zd21527
Fix W560 "possible truncation at implicit conversion to type unsigned char" warnings raised by Tasking compiler.
2026-04-24 14:11:41 -06:00
JacobBarthelmeh b9514e70be Merge pull request #10148 from julek-wolfssl/openvpn-master-bn2binpad
Add BN_bn2binpad API and enable OpenVPN master CI testing
2026-04-24 13:54:06 -06:00
JacobBarthelmeh 06abf84ca8 Merge pull request #10300 from julek-wolfssl/hostap-remove-ap_wpa2_eap_sim_sql
Remove ap_wpa2_eap_sim_sql
2026-04-24 13:50:49 -06:00
Paul Adelsbach 2fa541bac4 Fix AES multiblock issues for NXP DCP 2026-04-24 12:41:19 -07:00
JacobBarthelmeh 1da353b516 Merge pull request #10248 from holtrop-wolfssl/rust-digest-signature
Rust wrapper: add digest and signature crate trait implementations
2026-04-24 11:15:40 -06:00
JacobBarthelmeh cf2db428ba Merge pull request #9843 from kaleb-himes/PQ-FS-2026-Part2
Phase 2: PQ in boundary and SHA512 DRBG
2026-04-24 10:55:36 -06:00
Daniel Pouzzner 134f63a38c Merge pull request #10280 from philljj/no_stddef_h_guard
wc_port: guard stddef header include.
2026-04-24 11:33:55 -05:00
Juliusz Sosinowicz e79c13d95c ci: add OpenSSH 10.3p1 to CI matrix 2026-04-24 18:21:35 +02:00
Juliusz Sosinowicz 5dad65c04c Remove ap_wpa2_eap_sim_sql 2026-04-24 17:07:37 +02:00
Colton Willey 008ca51cb5 Add additional macros to known macro list 2026-04-24 06:09:25 -07:00
Eric Blankenhorn 6f2d48cd4c Fix from review 2026-04-24 07:54:52 -05:00
kaleb-himes 08fd7bde58 PQ FIPS v7.0.0 Phase 2 & 3: All changes
Implement peer review feedback
2026-04-24 06:52:49 -06:00
Eric Blankenhorn 412c428b0a Fix TLS ext bounds checking 2026-04-24 07:23:07 -05:00
Juliusz Sosinowicz 31278ee8bd Merge pull request #10296 from JacobBarthelmeh/hostap 2026-04-24 14:13:02 +02:00
JacobBarthelmeh 29f674e5b6 avoid glitch hardening false positive byte collision with small messages and adjust test case 2026-04-24 01:08:00 -06:00
Joseph Chen a8528f4cec Fix IPv6 parsing to use sin6_addr buffer in MatchIPv6 2026-04-24 09:59:01 +08:00
Joseph Chen 4f33799a31 Fix misuse of clientIp in server IPv6 parsing replaced with serverIp 2026-04-24 09:58:37 +08:00
Sean Parkinson 936f8e5423 Merge pull request #10203 from Frauschi/pkcs7_fixes
PKCS#7 fixes
2026-04-24 10:13:43 +10:00
JacobBarthelmeh 20c1b91914 Merge pull request #10286 from LinuxJedi/git-action
ci: add PR commit message sanity check workflow
2026-04-23 17:16:26 -06:00
JacobBarthelmeh d9beec2e81 Merge pull request #10283 from night1rider/SHE-test-double-free-fix
Fix double-free of she2 in she_test()
2026-04-23 16:59:52 -06:00
JacobBarthelmeh 90366b747f Merge pull request #10142 from kareem-wolfssl/variousFixes2
Various fixes
2026-04-23 16:47:21 -06:00
JacobBarthelmeh 72c7d12cfb exclude the trust anchor from prospective certification path with pathlen check 2026-04-23 16:23:07 -06:00
JacobBarthelmeh fe8541cc47 Merge pull request #10193 from padelsbach/set-hashtype-in-ports
Set hashType in ports
2026-04-23 15:02:30 -06:00
JacobBarthelmeh 6a0303e299 Merge pull request #10066 from dgarske/wc_puf
wolfCrypt SRAM PUF Support
2026-04-23 14:28:37 -06:00
JacobBarthelmeh 53e352181e Merge pull request #10058 from julek-wolfssl/hostap-ec-generate.sh
Re-enable hostap tests and remove some flaky tests
2026-04-23 14:09:09 -06:00
JacobBarthelmeh 5277556989 Merge pull request #10264 from JeremiahM37/fenrir-issues-5
Harden wolfCrypt input validation and zeroization
2026-04-23 14:06:29 -06:00
JacobBarthelmeh 2ba4d7e6c9 Merge pull request #10210 from ColtonWilley/fix-scr-dangling-ptr-after-tlsx-freeall
Fix dangling secure_renegotiation pointer after TLSX_FreeAll
2026-04-23 13:58:24 -06:00
JacobBarthelmeh 118c0ccb53 Merge pull request #10269 from LinuxJedi/repoint-se050
Move SE050 simulator under wolfSSL
2026-04-23 13:54:29 -06:00
JacobBarthelmeh 4fe2e7feb3 Merge pull request #10128 from kareem-wolfssl/zd21526_21530
PKCS7 Fixes
2026-04-23 13:29:28 -06:00
Daniel Pouzzner 9d46b57af3 Merge pull request #10246 from sameehj/aes-gcm-fix
Zero TLS 1.3 traffic keys after AES SE offload
2026-04-23 13:26:59 -05:00
Tobias Frauenschläger 6c5de29758 Fix ECC validation regression 2026-04-23 11:26:33 +02:00
Tobias Frauenschläger 22d1441331 Bounds-check the RecipientInfo SET length in wc_PKCS7_ParseToRecipientInfoSet() 2026-04-23 11:03:24 +02:00
Tobias Frauenschläger 97b82b5087 Add nonce length validation for PKCS#7 2026-04-23 11:03:19 +02:00
Tobias Frauenschläger b7f6e77a95 Reject PKCS#7 SignedData signer-identity forgery 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 589feabc0c Harden PKCS#7 EnvelopedData key unwrap 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 3fd4060458 Add more PKCS#7 tests 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 4e423fde17 More PKCS#7 bounds checks 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 46f3ebb0c6 Add missing ForceZero calls in PKCS#7 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 16e1d33f24 Fix invalid preprocessor guard in PKCS7 with SHA224
Also add missing ForceZero for ECDH shared secret on the heap.
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 5634cfd67c Fix PKCS#7 regression with --enable-all and NO_PKCS7_STREAM 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger e2167e4bbd add length check in PKCS#7 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 84fb0f694c Fix various range and size bugs in PKCS#7 code 2026-04-23 09:36:32 +02:00
Andrew Hutchings 8810160da7 ci: add PR commit message sanity check workflow
Adds a GitHub Actions workflow that scans every commit in a pull
request and fails if any commit message carries a Co-authored-by
or Signed-off-by trailer pointing at noreply@anthropic.com.
2026-04-23 07:08:36 +01:00
Colton Willey d5038f1a43 Move Related Work Check from section 12 to section 8 in report template
Related Work Check is a triage prerequisite and belongs with the other
due-diligence sections, not at the end after disclosure coordination.
Previous sections 8-11 shift to 9-12. Content unchanged; no internal
cross-references point to the shifted sections.
2026-04-22 19:07:36 -07:00
Colton Willey c6837a96c5 Publish wolfSSL Security Policy and Vulnerability Report Template
Add SECURITY-POLICY.md and SECURITY-REPORT-TEMPLATE.md at the repository
root and replace the .github/SECURITY.md stub with a short pointer.

SECURITY-POLICY.md is intentionally terse and discretionary, matching
OpenSSL and Mbed TLS practice. It states the CVE-filing criterion,
severity tiers, categories not considered CVE-eligible, coordinated-
disclosure practice, and credit.

SECURITY-REPORT-TEMPLATE.md is a structured report template whose use is
mandatory for CVE consideration. It requires a reachability trace,
attacker model, working proof-of-concept, and a related-work check
against open pull requests and recent commits.

All reports route to support@wolfssl.com.
2026-04-22 18:53:38 -07:00
night1rider d673b62143 Fix double-free of she2 in she_test 2026-04-22 17:33:21 -06:00
Kareem c69d9693f0 Fix code review feedback and test failure. 2026-04-22 16:33:07 -07:00