Commit Graph

29626 Commits

Author SHA1 Message Date
Jeremiah Mackey c8e0e23660 use constant-time tag compare in TI AES 2026-03-26 17:30:14 +00:00
Jeremiah Mackey f382526bcc zero FSL CAAM ECC private key buffers 2026-03-26 17:30:14 +00:00
Jeremiah Mackey 8d9a4b47c2 zero CAAM ECC private key stack buffers 2026-03-26 17:30:14 +00:00
Jeremiah Mackey 6f710aa8f7 fix DH privkey leak and zero buffer 2026-03-26 17:30:14 +00:00
Jeremiah Mackey 0aae4251a6 zero RSA DER key buffer before free 2026-03-26 17:29:59 +00:00
Jeremiah Mackey b71c2a27bf zero ECC private key stack buffers 2026-03-26 17:29:59 +00:00
Jeremiah Mackey a5ae5f128e zero RSA key buffers before free 2026-03-26 17:29:59 +00:00
Jeremiah Mackey 7aeffa2c29 fix silabs_ecc_sign_hash buffer validation 2026-03-26 17:29:59 +00:00
Jeremiah Mackey 0b2a9d3dbc fix SHA-512/224,256 KCAPI digest sizes 2026-03-26 17:29:44 +00:00
Jeremiah Mackey 7facd3e4f4 fix ImportKeyState DTLS window OOB read 2026-03-26 17:29:44 +00:00
Ruby Martin ce7b81b6ee break when idx greater than MAX_CHAIN_DEPTH 2026-03-26 11:28:36 -06:00
Ruby Martin a963c5fc47 add check to prevent integer underflow 2026-03-26 11:28:36 -06:00
Ruby Martin a696d11519 if len is 0, do not subtract 1 when calling XMALLOC 2026-03-26 11:28:36 -06:00
Ruby Martin 1766b91dc2 check idx before accessing certificate list 2026-03-26 11:28:36 -06:00
Ruby Martin 3bc72b5d27 bounds check when parsing dual-algo cert sigs 2026-03-26 11:28:36 -06:00
Ruby Martin 14695fb9cd zeroize ssl->encrypt after transferring ownership to dup 2026-03-26 11:28:36 -06:00
Ruby Martin 75e6406cd3 upper bounds check for DSA signature 2026-03-26 11:28:36 -06:00
Ruby Martin d4b25d0ebc guard against heap buffer overflow 2026-03-26 11:28:36 -06:00
Marco Oliverio 1aa1cec3f2 dtls13: limit max number of ack records to 128 2026-03-26 18:25:48 +01:00
Marco Oliverio 350a9bfd89 dtls13: add DtlsDoScheduledWork in the WOLFSSL_API_PREFIX_MAP 2026-03-26 18:01:53 +01:00
Marco Oliverio ccfc95809b test: dtls13: add ack test 2026-03-26 15:11:31 +01:00
Marco Oliverio 1c83e24a7a dtls13: keep a counter for seenRecords list 2026-03-26 15:11:31 +01:00
Marco Oliverio 025a7dcd16 dtls13: lock list manipulation 2026-03-26 15:11:31 +01:00
Marco Oliverio 3034dd9e2d dtls13: release mutex on error 2026-03-26 15:11:31 +01:00
Josh Holtrop aa33d7be35 Rust wrapper: chacha20_poly1305: add debug_assert checking in-place operation maximum length 2026-03-26 09:09:55 -04:00
Anthony Hu 6721bde8e0 Add bounds check in PKCS7 streaming indefinite-length end-of-content parsing 2026-03-25 20:03:00 -04:00
Josh Holtrop 444f90553a Rust wrapper: document XChaCha20Poly1305 encrypt_in_place_detached maximum buffer length 2026-03-25 13:48:03 -04:00
Josh Holtrop 5d9439c581 Rust wrapper: aes: avoid overlapping Rust slices 2026-03-25 13:43:19 -04:00
Ruby Martin 50448ef7c6 add guard for integer underflow in DecryptTls13 2026-03-25 10:22:10 -06:00
Josh Holtrop 23cb7ae30c Rust wrapper: add cipher trait support 2026-03-25 10:51:06 -04:00
Josh Holtrop 873bc05cde Rust wrapper: add aead trait support 2026-03-25 10:51:00 -04:00
Josh Holtrop 07acf8d33d Rust wrapper: add rand_core trait support 2026-03-25 10:50:52 -04:00
Daniel Pouzzner 7efc962d04 Merge pull request #10031 from holtrop-wolfssl/rust-cross-compile-support
Rust wrapper: update build.rs to support cross-compiling and bare-metal targets
2026-03-25 09:46:40 -05:00
Josh Holtrop 34afd28541 Rust wrapper: build.rs improvements from code review 2026-03-25 09:00:28 -04:00
Eric Blankenhorn 1a1bdb2cfe Address review feedback 2026-03-25 07:48:16 -05:00
Josh Holtrop a511e45d30 Rust wrapper: build.rs improvements per code review 2026-03-25 08:15:42 -04:00
David Garske 6cc94b07a4 Fix possible leak for ecc non-blocking crypto 2026-03-24 14:44:28 -07:00
David Garske cf6c1722ae Merge pull request #10027 from embhorn/zd21394
Remove FIPS guards in GetASN_BitString length check
2026-03-24 14:06:40 -07:00
David Garske 636f0e50a1 Merge pull request #10059 from douzzer/20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
2026-03-24 13:13:42 -07:00
Anthony Hu 812e2b6bde Volatile casting 2026-03-24 14:39:39 -04:00
Anthony Hu 2d29608f28 Not just FIPS 140-2, 3 as well. 2026-03-24 14:20:57 -04:00
Daniel Pouzzner ec61e07d18 wolfcrypt/src/pwdbased.c: in wc_PKCS12_PBKDF_ex(), refactor the "Increment B by 1" loop to avoid bugprone-inc-dec-in-conditions. 2026-03-24 12:07:04 -05:00
David Garske c64fd4f132 Merge pull request #9905 from julek-wolfssl/WC_ALLOC_DO_ON_FAILURE-cleanup
Don't declare WC_ALLOC_DO_ON_FAILURE by default
2026-03-24 09:35:03 -07:00
David Garske 73bea906be Merge pull request #10034 from sebastian-carpenter/GH-10016
verify ciphersuite in CH2 matches HRR
2026-03-24 09:31:45 -07:00
David Garske 328822b447 Merge pull request #10047 from Frauschi/mldsa_no_ctx
Guard old non-ctx ML-DSA API by default
2026-03-24 09:26:24 -07:00
David Garske bddeac1d72 Merge pull request #9952 from julek-wolfssl/zd/21324
wolfSSL_X509_verify_cert: add host check from `ctx->param`
2026-03-24 09:26:12 -07:00
David Garske 0b119e225f Merge pull request #10056 from philljj/fix_bsdkm_benchmark
bsdkm benchmark: fix build.
2026-03-24 09:24:49 -07:00
David Garske 3cf4aeab5c Merge pull request #10025 from embhorn/zd21392
Fix DecodeObjectId unknown ext parse
2026-03-24 09:17:10 -07:00
David Garske 03beeae44e Merge pull request #10033 from embhorn/gh10028
Fix FillSigner to clear pubkeystored
2026-03-24 09:15:05 -07:00
Daniel Pouzzner d36ddf4063 Merge pull request #9920 from dgarske/asn_old
Split original ASN.1 code from asn.c into asn_orig.c
2026-03-24 10:52:15 -05:00