sebastian-carpenter
c3a38dced7
testing + bug fixes for TLS ECH
2026-03-11 08:56:26 -06:00
sebastian-carpenter
cb2d693550
bad rebase + fixing dtls13 support for ECH
2026-03-11 08:54:00 -06:00
sebastian-carpenter
a2fe12a38a
TLS ECH OuterExtensions support (Server side)
2026-03-11 08:54:00 -06:00
sebastian-carpenter
30cfb385eb
fixed seg fault when confirmation not present
2026-03-11 08:54:00 -06:00
sebastian-carpenter
3605c2a417
client and server fix for TLS ECH
2026-03-11 08:54:00 -06:00
Daniel Pouzzner
fc7c19bb07
Merge pull request #9934 from SparkiDev/tls_length_fixes_1
...
TLS: Better handling of parsing TLS extensions
2026-03-10 22:34:10 -05:00
Daniel Pouzzner
ad21c89ba8
Merge pull request #9944 from JacobBarthelmeh/revert-pr9909
...
revert PR 9909
2026-03-10 19:38:57 -05:00
Daniel Pouzzner
e8a53c2e6d
Merge pull request #9941 from kaleb-himes/v6-wolfentropy-combofix
...
Ensure user-space wolfentropy builds of the v6 module compile the cor…
2026-03-10 19:36:52 -05:00
Daniel Pouzzner
e4dea8f261
Merge pull request #9885 from Frauschi/missing_force_zero
...
Add missing ForceZero calls
2026-03-10 19:36:07 -05:00
Daniel Pouzzner
f9b15210d9
Merge pull request #9921 from Frauschi/zd21310
...
Zeroize preMasterSecret in hybrid PQ/T error cases
2026-03-10 19:35:12 -05:00
Daniel Pouzzner
3203610249
Merge pull request #9925 from sameehj/fix-compilation
...
Fix undefined variable tls1 in InitSuites for PSK cipher suite
2026-03-10 19:34:05 -05:00
Daniel Pouzzner
f1508c910a
Merge pull request #9930 from julek-wolfssl/fenrir/260903
...
Fenrir fixes
2026-03-10 19:32:56 -05:00
Daniel Pouzzner
e3e5179cf8
Merge pull request #9869 from JacobBarthelmeh/f356
...
fix for sanity checks on serial input
2026-03-10 19:30:46 -05:00
Daniel Pouzzner
df504300db
Merge pull request #9863 from JacobBarthelmeh/f361
...
Fix for setting curve using all caps with wolfSSL_set1_curves_list
2026-03-10 19:29:46 -05:00
Daniel Pouzzner
65092ab5eb
Merge pull request #9838 from SparkiDev/slhdsa_1
...
FIPS 205, SLH-DSA: implementation
2026-03-10 19:28:59 -05:00
Sean Parkinson
0683dab9ac
TLS: Better handling of parsing TLS extensions
...
TLSX_CSR2_Parse: check didn't include length bytes
TLSX_UseSRTP_Parse: validate profile_len
TLSX_CA_Names_Parse: fix for integer overflow
TLSX_SignatureAlgorithms_Parse: set new length before checking
TLSX_ECH_Parse: better parsing
2026-03-11 07:41:13 +10:00
JacobBarthelmeh
528b22140b
revert PR 9909
2026-03-10 14:47:21 -06:00
kaleb-himes
b2520f120f
Ensure user-space wolfentropy builds of the v6 module compile the correct resource
2026-03-10 10:48:43 -06:00
Juliusz Sosinowicz
afed9d4b79
fixup! ProcessServerHello: verify extension lengths
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz
3a8e4a34ce
ProcessSessionTicket: verify nonce length
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz
2febc1c7f2
ProcessServerHello: verify extension lengths
...
F-428
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz
9c4e77d47d
DoTls13ClientHello: session length is a sender side requirement
...
F-433
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz
8a57ca84c3
CheckCertCRL_ex: check cbRet after callback
...
F-432
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz
8696d0d2d8
QuicTransportParam_new: update len check
...
F-431
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz
15dbd61dbe
Remove dead code
...
`ticket->lifetime` is never set to 0xfffffff anywhere
F-430
2026-03-10 09:52:05 +01:00
Daniel Pouzzner
18d1190e82
Merge pull request #9924 from Frauschi/f-426
...
Fix potential underflow in sniffer
2026-03-09 23:42:32 -05:00
Daniel Pouzzner
f5902bd29a
Merge pull request #9862 from embhorn/zd21243
...
Fix DeriveTls13Keys with no_key
2026-03-09 23:41:52 -05:00
JacobBarthelmeh
6e56635a09
Fix for setting curve using all caps with wolfSSL_set1_curves_list
2026-03-09 10:41:01 -06:00
Daniel Pouzzner
5bb8b3f803
src/pk_ec.c: in wolfSSL_ECDSA_SIG_new(), mitigate false-positive nullPointerOutOfMemory by returning immediately if initial XMALLOC() fails.
2026-03-09 10:59:50 -05:00
Eric Blankenhorn
9f1296062b
Update comment
2026-03-09 09:49:39 -06:00
Eric Blankenhorn
d57474a3b7
Fix DeriveTls13Keys with no_key
2026-03-09 09:46:17 -06:00
Sameeh Jubran
1825952783
Fix undefined variable tls1 in InitSuites for PSK cipher suite
...
The WOLFSSL_OLDTLS_SHA2_CIPHERSUITES else-branch for
BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 referenced undeclared variable
`tls1` instead of `tls`, a copy-paste typo from commit a975ba9e97
(2019). This caused a compilation error when both WOLFSSL_STATIC_PSK
and WOLFSSL_OLDTLS_SHA2_CIPHERSUITES were defined.
Add PSK CI config with WOLFSSL_OLDTLS_SHA2_CIPHERSUITES to prevent
regressions.
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-03-09 14:51:59 +02:00
Tobias Frauenschläger
7ed66dd1c3
Fix potential underflow in sniffer
2026-03-09 13:37:02 +01:00
Tobias Frauenschläger
a4cd2f5f88
Zeroize preMasterSecret in hybrid PQ/T error cases
...
Fixes zd#21310, reported by YUE LI (Peking University)
2026-03-09 10:40:34 +01:00
Sean Parkinson
39b34333d6
FIPS 205, SLH-DSA: implementation
...
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Daniel Pouzzner
f0ba67ee21
Merge pull request #9906 from julek-wolfssl/fenrir/25
...
wolfSSL_ASN1_item_i2d: simplify buf cleanup
2026-03-06 22:31:27 -06:00
Daniel Pouzzner
1d49f411c7
Merge pull request #9914 from julek-wolfssl/fenrir/30
...
Make sure size check doesn't underflow
2026-03-06 22:30:51 -06:00
Daniel Pouzzner
467f16f47d
Merge pull request #9913 from julek-wolfssl/fenrir/365
...
Enforce null compression in compression_methods list
2026-03-06 22:29:59 -06:00
Daniel Pouzzner
a8686f615e
Merge pull request #9911 from julek-wolfssl/fenrir/298
...
QUIC transport parameters are carried in the ClientHello and the EncryptedExtensions messages
2026-03-06 22:28:40 -06:00
Daniel Pouzzner
5f15d57d89
Merge pull request #9908 from julek-wolfssl/fenrir/205
...
Set upper bound on post-auth cert reqs
2026-03-06 22:27:59 -06:00
Daniel Pouzzner
3b68026e70
Merge pull request #9907 from julek-wolfssl/fenrir/202
...
wolfSSL_X509_set_ext: fix memory handling
2026-03-06 22:27:23 -06:00
Daniel Pouzzner
4e4215ada9
Merge pull request #9904 from julek-wolfssl/fenrir/24
...
Clean up hpke and rng allocation
2026-03-06 22:26:40 -06:00
Daniel Pouzzner
1744819348
Merge pull request #9901 from julek-wolfssl/fenrir/294
...
Add bounds check on read in sniffer
2026-03-06 22:25:58 -06:00
Daniel Pouzzner
a875ffe1f6
Merge pull request #9899 from julek-wolfssl/fenrir/16
...
Replace `XMEMCMP` with `ConstantCompare` when validating secure renegotiation (SCR) verify data
2026-03-06 22:25:24 -06:00
Daniel Pouzzner
2655c436da
Merge pull request #9861 from JacobBarthelmeh/f360
...
additional sanity check on number of groups passed to set groups func…
2026-03-06 22:23:40 -06:00
Daniel Pouzzner
431724aaf0
Merge pull request #9909 from Frauschi/f-159
...
Error out in case of unknown extensions in response message in TLS 1.3
2026-03-06 22:22:58 -06:00
Daniel Pouzzner
45d814e4f2
Merge pull request #9884 from Frauschi/f-204
...
Prevent session ticket nonce overflow
2026-03-06 22:22:24 -06:00
Daniel Pouzzner
313d27df15
Merge pull request #9900 from julek-wolfssl/fenrir/357
...
Use ConstantCompare in EchCheckAcceptance
2026-03-06 22:21:44 -06:00
Daniel Pouzzner
6c37629aa5
Merge pull request #9898 from julek-wolfssl/fenrir/15
...
Replace XMEMCMP with ConstantCompare for ticket MAC verification
2026-03-06 22:20:38 -06:00
Daniel Pouzzner
6424092fa6
Merge pull request #9903 from julek-wolfssl/fenrir/20
...
Remove duplicate check
2026-03-06 22:19:51 -06:00