Jeremiah Mackey
|
c8e0e23660
|
use constant-time tag compare in TI AES
|
2026-03-26 17:30:14 +00:00 |
|
Jeremiah Mackey
|
f382526bcc
|
zero FSL CAAM ECC private key buffers
|
2026-03-26 17:30:14 +00:00 |
|
Jeremiah Mackey
|
8d9a4b47c2
|
zero CAAM ECC private key stack buffers
|
2026-03-26 17:30:14 +00:00 |
|
Jeremiah Mackey
|
6f710aa8f7
|
fix DH privkey leak and zero buffer
|
2026-03-26 17:30:14 +00:00 |
|
Jeremiah Mackey
|
0aae4251a6
|
zero RSA DER key buffer before free
|
2026-03-26 17:29:59 +00:00 |
|
Jeremiah Mackey
|
b71c2a27bf
|
zero ECC private key stack buffers
|
2026-03-26 17:29:59 +00:00 |
|
Jeremiah Mackey
|
a5ae5f128e
|
zero RSA key buffers before free
|
2026-03-26 17:29:59 +00:00 |
|
Jeremiah Mackey
|
7aeffa2c29
|
fix silabs_ecc_sign_hash buffer validation
|
2026-03-26 17:29:59 +00:00 |
|
Jeremiah Mackey
|
0b2a9d3dbc
|
fix SHA-512/224,256 KCAPI digest sizes
|
2026-03-26 17:29:44 +00:00 |
|
Jeremiah Mackey
|
7facd3e4f4
|
fix ImportKeyState DTLS window OOB read
|
2026-03-26 17:29:44 +00:00 |
|
Ruby Martin
|
ce7b81b6ee
|
break when idx greater than MAX_CHAIN_DEPTH
|
2026-03-26 11:28:36 -06:00 |
|
Ruby Martin
|
a963c5fc47
|
add check to prevent integer underflow
|
2026-03-26 11:28:36 -06:00 |
|
Ruby Martin
|
a696d11519
|
if len is 0, do not subtract 1 when calling XMALLOC
|
2026-03-26 11:28:36 -06:00 |
|
Ruby Martin
|
1766b91dc2
|
check idx before accessing certificate list
|
2026-03-26 11:28:36 -06:00 |
|
Ruby Martin
|
3bc72b5d27
|
bounds check when parsing dual-algo cert sigs
|
2026-03-26 11:28:36 -06:00 |
|
Ruby Martin
|
14695fb9cd
|
zeroize ssl->encrypt after transferring ownership to dup
|
2026-03-26 11:28:36 -06:00 |
|
Ruby Martin
|
75e6406cd3
|
upper bounds check for DSA signature
|
2026-03-26 11:28:36 -06:00 |
|
Ruby Martin
|
d4b25d0ebc
|
guard against heap buffer overflow
|
2026-03-26 11:28:36 -06:00 |
|
Marco Oliverio
|
1aa1cec3f2
|
dtls13: limit max number of ack records to 128
|
2026-03-26 18:25:48 +01:00 |
|
Marco Oliverio
|
350a9bfd89
|
dtls13: add DtlsDoScheduledWork in the WOLFSSL_API_PREFIX_MAP
|
2026-03-26 18:01:53 +01:00 |
|
Marco Oliverio
|
ccfc95809b
|
test: dtls13: add ack test
|
2026-03-26 15:11:31 +01:00 |
|
Marco Oliverio
|
1c83e24a7a
|
dtls13: keep a counter for seenRecords list
|
2026-03-26 15:11:31 +01:00 |
|
Marco Oliverio
|
025a7dcd16
|
dtls13: lock list manipulation
|
2026-03-26 15:11:31 +01:00 |
|
Marco Oliverio
|
3034dd9e2d
|
dtls13: release mutex on error
|
2026-03-26 15:11:31 +01:00 |
|
Josh Holtrop
|
aa33d7be35
|
Rust wrapper: chacha20_poly1305: add debug_assert checking in-place operation maximum length
|
2026-03-26 09:09:55 -04:00 |
|
Anthony Hu
|
6721bde8e0
|
Add bounds check in PKCS7 streaming indefinite-length end-of-content parsing
|
2026-03-25 20:03:00 -04:00 |
|
Josh Holtrop
|
444f90553a
|
Rust wrapper: document XChaCha20Poly1305 encrypt_in_place_detached maximum buffer length
|
2026-03-25 13:48:03 -04:00 |
|
Josh Holtrop
|
5d9439c581
|
Rust wrapper: aes: avoid overlapping Rust slices
|
2026-03-25 13:43:19 -04:00 |
|
Ruby Martin
|
50448ef7c6
|
add guard for integer underflow in DecryptTls13
|
2026-03-25 10:22:10 -06:00 |
|
Josh Holtrop
|
23cb7ae30c
|
Rust wrapper: add cipher trait support
|
2026-03-25 10:51:06 -04:00 |
|
Josh Holtrop
|
873bc05cde
|
Rust wrapper: add aead trait support
|
2026-03-25 10:51:00 -04:00 |
|
Josh Holtrop
|
07acf8d33d
|
Rust wrapper: add rand_core trait support
|
2026-03-25 10:50:52 -04:00 |
|
Daniel Pouzzner
|
7efc962d04
|
Merge pull request #10031 from holtrop-wolfssl/rust-cross-compile-support
Rust wrapper: update build.rs to support cross-compiling and bare-metal targets
|
2026-03-25 09:46:40 -05:00 |
|
Josh Holtrop
|
34afd28541
|
Rust wrapper: build.rs improvements from code review
|
2026-03-25 09:00:28 -04:00 |
|
Eric Blankenhorn
|
1a1bdb2cfe
|
Address review feedback
|
2026-03-25 07:48:16 -05:00 |
|
Josh Holtrop
|
a511e45d30
|
Rust wrapper: build.rs improvements per code review
|
2026-03-25 08:15:42 -04:00 |
|
David Garske
|
6cc94b07a4
|
Fix possible leak for ecc non-blocking crypto
|
2026-03-24 14:44:28 -07:00 |
|
David Garske
|
cf6c1722ae
|
Merge pull request #10027 from embhorn/zd21394
Remove FIPS guards in GetASN_BitString length check
|
2026-03-24 14:06:40 -07:00 |
|
David Garske
|
636f0e50a1
|
Merge pull request #10059 from douzzer/20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
|
2026-03-24 13:13:42 -07:00 |
|
Anthony Hu
|
812e2b6bde
|
Volatile casting
|
2026-03-24 14:39:39 -04:00 |
|
Anthony Hu
|
2d29608f28
|
Not just FIPS 140-2, 3 as well.
|
2026-03-24 14:20:57 -04:00 |
|
Daniel Pouzzner
|
ec61e07d18
|
wolfcrypt/src/pwdbased.c: in wc_PKCS12_PBKDF_ex(), refactor the "Increment B by 1" loop to avoid bugprone-inc-dec-in-conditions.
|
2026-03-24 12:07:04 -05:00 |
|
David Garske
|
c64fd4f132
|
Merge pull request #9905 from julek-wolfssl/WC_ALLOC_DO_ON_FAILURE-cleanup
Don't declare WC_ALLOC_DO_ON_FAILURE by default
|
2026-03-24 09:35:03 -07:00 |
|
David Garske
|
73bea906be
|
Merge pull request #10034 from sebastian-carpenter/GH-10016
verify ciphersuite in CH2 matches HRR
|
2026-03-24 09:31:45 -07:00 |
|
David Garske
|
328822b447
|
Merge pull request #10047 from Frauschi/mldsa_no_ctx
Guard old non-ctx ML-DSA API by default
|
2026-03-24 09:26:24 -07:00 |
|
David Garske
|
bddeac1d72
|
Merge pull request #9952 from julek-wolfssl/zd/21324
wolfSSL_X509_verify_cert: add host check from `ctx->param`
|
2026-03-24 09:26:12 -07:00 |
|
David Garske
|
0b119e225f
|
Merge pull request #10056 from philljj/fix_bsdkm_benchmark
bsdkm benchmark: fix build.
|
2026-03-24 09:24:49 -07:00 |
|
David Garske
|
3cf4aeab5c
|
Merge pull request #10025 from embhorn/zd21392
Fix DecodeObjectId unknown ext parse
|
2026-03-24 09:17:10 -07:00 |
|
David Garske
|
03beeae44e
|
Merge pull request #10033 from embhorn/gh10028
Fix FillSigner to clear pubkeystored
|
2026-03-24 09:15:05 -07:00 |
|
Daniel Pouzzner
|
d36ddf4063
|
Merge pull request #9920 from dgarske/asn_old
Split original ASN.1 code from asn.c into asn_orig.c
|
2026-03-24 10:52:15 -05:00 |
|