Daniel Pouzzner
a8686f615e
Merge pull request #9911 from julek-wolfssl/fenrir/298
...
QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
2026-03-06 22:28:40 -06:00
Daniel Pouzzner
5f15d57d89
Merge pull request #9908 from julek-wolfssl/fenrir/205
...
Set upper bound on post-auth cert reqs
2026-03-06 22:27:59 -06:00
Daniel Pouzzner
3b68026e70
Merge pull request #9907 from julek-wolfssl/fenrir/202
...
wolfSSL_X509_set_ext: fix memory handling
2026-03-06 22:27:23 -06:00
Daniel Pouzzner
4e4215ada9
Merge pull request #9904 from julek-wolfssl/fenrir/24
...
Clean up hpke and rng allocation
2026-03-06 22:26:40 -06:00
Daniel Pouzzner
1744819348
Merge pull request #9901 from julek-wolfssl/fenrir/294
...
Add bounds check on read in sniffer
2026-03-06 22:25:58 -06:00
Daniel Pouzzner
a875ffe1f6
Merge pull request #9899 from julek-wolfssl/fenrir/16
...
Replace `XMEMCMP` with `ConstantCompare` when validating secure renegotiation (SCR) verify data
2026-03-06 22:25:24 -06:00
Daniel Pouzzner
68e085df45
Merge pull request #9918 from douzzer/20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback
...
20260306-NO_SHA-test_ocsp_cert_unknown_crl_fallback (approved by @JacobBarthelmeh)
2026-03-06 22:24:45 -06:00
Daniel Pouzzner
2655c436da
Merge pull request #9861 from JacobBarthelmeh/f360
...
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
Daniel Pouzzner
431724aaf0
Merge pull request #9909 from Frauschi/f-159
...
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 22:22:58 -06:00
Daniel Pouzzner
45d814e4f2
Merge pull request #9884 from Frauschi/f-204
...
Prevent session ticket nonce overflow
2026-03-06 22:22:24 -06:00
Daniel Pouzzner
313d27df15
Merge pull request #9900 from julek-wolfssl/fenrir/357
...
Use ConstantCompare in EchCheckAcceptance
2026-03-06 22:21:44 -06:00
Daniel Pouzzner
6c37629aa5
Merge pull request #9898 from julek-wolfssl/fenrir/15
...
Replace XMEMCMP with ConstantCompare for ticket MAC verification
2026-03-06 22:20:38 -06:00
Daniel Pouzzner
6424092fa6
Merge pull request #9903 from julek-wolfssl/fenrir/20
...
Remove duplicate check
2026-03-06 22:19:51 -06:00
Daniel Pouzzner
24b2dd040e
Merge pull request #9902 from julek-wolfssl/fenrir/359
...
Clear expandLabelPrk
2026-03-06 22:19:12 -06:00
JacobBarthelmeh
013e2c8fdf
remove special characters, use simple ASCII characters
2026-03-06 17:22:25 -07:00
Daniel Pouzzner
b08f959412
tests/api/test_ocsp.c: don't build test_ocsp_cert_unknown_crl_fallback and related helpers if NO_SHA.
2026-03-06 17:01:40 -06:00
Juliusz Sosinowicz
694f251663
Add explicit casts
2026-03-06 18:11:33 +01:00
Juliusz Sosinowicz
479de5a211
Always eval both ConstantCompare statements
2026-03-06 17:56:33 +01:00
Tobias Frauenschläger
a2622746cd
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 17:09:49 +01:00
Juliusz Sosinowicz
52c64c1340
QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
...
F-298
2026-03-06 16:21:11 +01:00
Juliusz Sosinowicz
0c26920ea0
Set upper bound on post-auth cert reqs
...
F-205
2026-03-06 16:07:41 +01:00
Juliusz Sosinowicz
49039ef156
wolfSSL_X509_set_ext: fix memory handling
2026-03-06 12:11:53 +01:00
Tobias Frauenschläger
1d8864980a
Prevent session ticket nonce overflow
2026-03-06 10:23:08 +01:00
Juliusz Sosinowicz
ac333c371c
Clean up hpke and rng allocation
2026-03-06 09:47:49 +01:00
Juliusz Sosinowicz
c62f535cb5
Remove duplicate check
...
F-20
2026-03-06 09:25:32 +01:00
Juliusz Sosinowicz
ddac52c6e8
Clear expandLabelPrk
...
F-359
2026-03-06 09:19:46 +01:00
Juliusz Sosinowicz
679d04d201
Add bounds check on read in sniffer
2026-03-06 09:05:53 +01:00
Juliusz Sosinowicz
eaef832494
Use ConstantCompare in EchCheckAcceptance
...
F-357
2026-03-06 08:55:34 +01:00
Juliusz Sosinowicz
1555ec4b76
Replace XMEMCMP with ConstantCompare when validating secure renegotiation (SCR) verify data
...
F-16
2026-03-06 08:51:37 +01:00
Juliusz Sosinowicz
94adedd109
Replace XMEMCMP with ConstantCompare for ticket MAC verification
...
F-15
2026-03-06 08:43:20 +01:00
Daniel Pouzzner
80938758ac
Merge pull request #9879 from embhorn/f379
...
Fix wc_ecc_sign_hash_ex with Intel QA
2026-03-05 22:53:55 -06:00
Daniel Pouzzner
cc2fdda54c
Merge pull request #9734 from SparkiDev/mlkem_mldsa_harden
...
ML-KEM/ML-DSA: harden against fault attacks
2026-03-05 21:34:39 -06:00
Daniel Pouzzner
fc677d7d52
Merge pull request #9833 from holtrop-wolfssl/rust-ml-kem
...
Rust wrapper: add mlkem module
2026-03-05 17:31:56 -06:00
Sean Parkinson
65a1a68877
ML-KEM/ML-DSA: harden against fault attacks
...
ML-DSA: check pointer to the y parameter has not be faulted.
ML-KEM: to harden against faultiong, use a different buffer for private
seed, sigma, and add a check that the buffer was copied correctly.
SHA-3: fix size of check variables.
2026-03-06 08:44:08 +10:00
Daniel Pouzzner
ed8f67cb37
Merge pull request #9858 from JacobBarthelmeh/ticket
...
additional sanity check with session ticket size
2026-03-05 16:35:51 -06:00
Daniel Pouzzner
8a5c1c7af1
Merge pull request #9855 from SparkiDev/sp_rv32i_muldi3
...
RISC-V 32 no mul SP C: implement multiplication
2026-03-05 16:32:26 -06:00
Daniel Pouzzner
90ca9c4b7f
Merge pull request #9864 from JacobBarthelmeh/f11
...
harden compare of mac with TLS 1.3 finished
2026-03-05 16:19:07 -06:00
Daniel Pouzzner
396b553c45
Merge pull request #9872 from SparkiDev/asn_improvements_1
...
ASN: improve handling of ASN.1 parsing/encoding
2026-03-05 16:18:12 -06:00
Daniel Pouzzner
e880f5947a
Merge pull request #9874 from Frauschi/f12
...
Harden hash comparison in TLS1.2 finished
2026-03-05 16:14:38 -06:00
Daniel Pouzzner
7cf118eae1
Merge pull request #9865 from embhorn/f362
...
F362 kNistCurves Table
2026-03-05 16:13:59 -06:00
Daniel Pouzzner
b36df34bcb
Merge pull request #9868 from embhorn/f295
...
Fix wolfSSL_get_peer_quic_transport_version
2026-03-05 16:13:14 -06:00
Daniel Pouzzner
22f40a1b5a
Merge pull request #9866 from embhorn/f196
...
Fix in wolfSSL_CTX_GenerateEchConfig
2026-03-05 16:12:27 -06:00
Daniel Pouzzner
7ee9bd03c7
Merge pull request #9867 from embhorn/f19
...
Fix sniffer CreateSession
2026-03-05 16:11:23 -06:00
Daniel Pouzzner
1866853073
Merge pull request #9883 from JacobBarthelmeh/f279
...
Fix to free RNG with SRP function in failure case
2026-03-05 16:10:35 -06:00
Daniel Pouzzner
ad3ad566f8
Merge pull request #9871 from JacobBarthelmeh/f296
...
fix to free x509 struct in error case with wolfSSL_PKCS7_get0_signers
2026-03-05 16:08:34 -06:00
Daniel Pouzzner
9010544108
Merge pull request #9870 from JacobBarthelmeh/f21
...
fix benign typo with sizeof
2026-03-05 16:07:50 -06:00
Daniel Pouzzner
63bee12c92
Merge pull request #9875 from Frauschi/f-158
...
Treat alerts as fatal errors regardless of level in TLS1.3
2026-03-05 16:06:40 -06:00
Daniel Pouzzner
888081b4e3
Merge pull request #9882 from Frauschi/f-160
...
Send alert in case of decrypted all-zero message
2026-03-05 15:57:09 -06:00
Daniel Pouzzner
4447f0cca4
Merge pull request #9881 from Frauschi/f-297
...
Make sure session ticket lifetime is in allowed range
2026-03-05 15:45:00 -06:00
Daniel Pouzzner
b2454d183d
Merge pull request #9880 from Frauschi/f-190
...
fix typo in PKCS#11 V3 init
2026-03-05 15:39:41 -06:00