Commit Graph

28929 Commits

Author SHA1 Message Date
Colton Willey 008ca51cb5 Add additional macros to known macro list 2026-04-24 06:09:25 -07:00
Colton Willey c950a6aa46 zephyr: changes needed for Zephyr 4.3 default TLS support
Follow-up to #7731 ("Changes needed for default TLS support in zephyr
kernel"). Zephyr 4.3's TLS socket integration uses three additional
wolfSSL features that were not needed by the 3.7 integration, plus an
extension to the native_sim time-source gates introduced in #7731.

native_sim timer gates (src/internal.c, wolfcrypt/src/wc_port.c):
  Extend the !CONFIG_BOARD_NATIVE_POSIX gate in LowResTimer() and the
  CONFIG_BOARD_NATIVE_POSIX RTC path in z_time() to also cover
  CONFIG_BOARD_NATIVE_SIM. Zephyr 4.3 renamed the simulator board from
  native_posix to native_sim; without this, k_cpu_idle() on native_sim
  advances simulated time during DTLS retransmit loops and the RTC path
  falls through to uptime-since-boot. Behavior on native_posix is
  unchanged.

New Kconfig options (zephyr/Kconfig, zephyr/user_settings.h):
  CONFIG_WOLFSSL_SESSION_EXPORT   -> HAVE_EXT_CACHE
    Required by consumers that serialize TLS session state across
    connections via wolfSSL_i2d_SSL_SESSION / wolfSSL_d2i_SSL_SESSION.
  CONFIG_WOLFSSL_KEEP_PEER_CERT   -> KEEP_PEER_CERT
    Retain the peer certificate after handshake so the application
    layer can inspect it via wolfSSL_get_peer_certificate.
  CONFIG_WOLFSSL_ALWAYS_VERIFY_CB -> WOLFSSL_ALWAYS_VERIFY_CB
    Invoke an application-set verify callback on successful chain
    validation in addition to validation failures.

All three are default-off; customers opt in the same way they do for
the existing CONFIG_WOLFSSL_DTLS / ALPN / PSK feature options.

.wolfssl_known_macro_extras: register HAVE_EXT_CACHE.
2026-04-20 12:29:26 -07:00
Sean Parkinson fa9f24ff27 Merge pull request #10223 from rlm2002/zd21611
CN constraints fix
2026-04-19 21:28:29 +10:00
Sean Parkinson d577ea3228 Merge pull request #10238 from JeremiahM37/fenrir-issues-4
Fix UAF in Delete wrappers, harden KDF and LMS signing
2026-04-19 21:18:44 +10:00
Ruby Martin 797ba3f03b test DNS name constraints on CA are applied against Subject CN name when SAN name is unavailable
test correct CN with no SAN available is accepted
2026-04-17 12:10:25 -06:00
David Garske c4c71eece3 Merge pull request #10085 from Frauschi/rfc8773bis-cert-with-extern-psk
Add RFC8773(bis) cert_with_extern_psk support
2026-04-17 09:43:20 -07:00
David Garske 423b47177c Merge pull request #10243 from night1rider/SHE-doxygen-clean
Add SHE doxygen so documentation can pick up the API and notes.
2026-04-17 09:36:05 -07:00
David Garske 1f271855fc Merge pull request #10241 from SparkiDev/asm_gen_refactor_1
ASM files: generation script refactor output
2026-04-17 09:35:03 -07:00
Tobias Frauenschläger 0de3925207 Add RFC8773bis cert_with_extern_psk support
Implement RFC8773bis (draft-ietf-tls-8773bis-13)
cert_with_extern_psk for TLS 1.3, including protocol checks
and API support.

Includes unit tests for API and handshake behavior as well
as tests in the testsuite using extended examples.
2026-04-17 15:12:04 +02:00
Reda Chouk fb64844924 Merge pull request #10205 from holtrop-wolfssl/rust-fenrir-fixes
Rust fenrir fixes
2026-04-17 10:32:26 +02:00
Sean Parkinson 755a90b3f3 Merge pull request #10218 from julek-wolfssl/zd/21535
Fix bugs found in crl.c, keys.c, and ssl_certman.c review
2026-04-17 10:46:48 +10:00
Sean Parkinson 318cd62d44 Merge pull request #10231 from JeremiahM37/fenrir-issues-3
Fix PEM input validation and zeroize sensitive key buffers
2026-04-17 10:44:55 +10:00
Sean Parkinson 460463aa8f Merge pull request #10166 from JeremiahM37/test-coverage
Add negative tests for TLS handshake verification paths
2026-04-17 10:41:53 +10:00
Sean Parkinson 9d1fe652b1 Merge pull request #10224 from embhorn/zd21594
Various fixes in internal.c
2026-04-17 09:44:33 +10:00
Sean Parkinson fc433b2596 ASM files: generation script refactor output
Refactors the output format of generated assembly files across all
platforms
(x86_64, ARM AArch64, ARMv8-32, Thumb2, PowerPC) for consistency and
  correctness.

  Changes

  Data constant consolidation
- Pack multiple values per directive line (e.g., 4× .long or 8× .short
per
line) instead of one value per line, reducing file sizes significantly
- Normalize hex literal formatting: 64-bit values use full 8-byte
zero-padded
form (e.g., 0x0000000003ffffff instead of 0x3ffffff)

  x86_64 assembly
- Use decimal immediate values for shift counts (e.g., $1 instead of
$0x01)
- .asm (MASM): use hex notation consistently for data constants;
update ALIGN
values to match data width (e.g., ALIGN 32 for 256-bit aligned data)

  ARM .S files
- Move .type directive before .section for data objects (correct
ordering per
ELF convention)

ARM/Thumb2 inline C (_c.c) files
  - Replace asm( with __asm__( for register variable constraints (better
portability)
- Add XALIGNED(8) attribute to constant lookup tables used in inline
asm
- Remove redundant #include <stdint.h> and
<wolfssl/wolfcrypt/libwolfssl_sources.h> headers

Files affected: 71 assembly and companion C files across
wolfcrypt/src/,
wolfcrypt/src/port/arm/, covering AES, ChaCha, Poly1305,
SHA-256/512/3,
  Curve25519, ML-KEM, ML-DSA, and SP math routines.
2026-04-17 09:38:57 +10:00
night1rider 87cbc57ec8 Add SHE doxygen so documentation can pick up the API and notes. 2026-04-16 17:35:44 -06:00
Brett Nicholas 4bf334c299 Merge pull request #10009 from night1rider/SHE-update
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-16 16:49:00 -06:00
David Garske 3d548f46b3 Merge pull request #10235 from SparkiDev/sp_int_fixes_6
SP int: fixes from review by Claude
2026-04-16 15:39:23 -07:00
David Garske 7486183f22 Merge pull request #10237 from douzzer/20260416-SNI-WOLFSSL_HOST_NAME_MAX
20260416-SNI-WOLFSSL_HOST_NAME_MAX
2026-04-16 10:52:09 -07:00
Jeremiah Mackey 4ce11fa5f5 zero LMS signature on write failure 2026-04-16 17:35:50 +00:00
Jeremiah Mackey 3175c3387f add NULL validation to KDF APIs 2026-04-16 17:35:50 +00:00
Jeremiah Mackey 625ea89284 save heap before Free in Delete wrappers 2026-04-16 17:14:05 +00:00
Daniel Pouzzner 801c412ad2 src/tls.c, wolfssl/ssl.h, tests/api.c: followup to ff7a32d022 (#10182):
* Fix OOB heap reads via TLSX_ExtractEch() by preemptively rejecting oversized
  SNI names in TLSX_UseSNI().

* In TLSX_EchChangeSNI(), don't attempt to truncate if an oversized name is
  seen, just return error.

* Move definition of WOLFSSL_HOST_NAME_MAX to an ungated context in ssl.h, and
  use it consistently in tls.c, eliminating the duplicative
  WOLFSSL_HOST_NAME_MAX.
2026-04-16 11:12:02 -05:00
Jeremiah Mackey a0614dd3c0 add negative tests for TLS handshake verification paths 2026-04-16 14:37:07 +00:00
Sean Parkinson c119a21931 SP int: fixes from review by Claude
1. sp_cond_swap_ct_ex (line ~5524) — XOR typo: b->sign ^= b->sign always
zeroed the sign. Fixed to b->sign ^= t->sign to correctly swap signs.
2. sp_mod_d (line ~7271) — Negative modulo correction was applied even
when the remainder was 0. Added (*r != 0) guard to avoid producing d
instead of 0.
3. sp_lshb (line ~8444) — Left-shift size check was off. Refactored to
correctly distinguish between pure-digit shifts and bit-within-digit
shifts when checking if the result fits, using separate overflow checks
for each case.
4. _sp_mulmod_tmp (line ~12160) — Zero inputs caused an allocation of
size 0, which is problematic. Added an early path: if either operand is
zero, set result to zero and skip the allocation/multiply entirely.
5. sp_mod_2d — copy path (line ~14762) — XMEMCPY copied digits *
SP_WORD_SIZEOF bytes but a may have fewer than digits used digits. Fixed
to copy min(a->used, digits) digits to avoid reading uninitialized
memory.
6. sp_mod_2d — negation loop (line ~14782) — Negation loop iterated
over r->used, which could exceed digits. Fixed to loop over min(r->used,
digits).
7. _sp_sqrmod (line ~17314) — Same zero-input issue as _sp_mulmod_tmp.
Added early zero path to skip the allocation/squaring when input is
zero.
8. sp_lcm (line ~19838) — Typo in sign check: b->sign >= MP_NEG
(comparing against a value that is 1, so >= 1 would also match MP_ZPOS)
changed to b->sign == MP_NEG.
2026-04-16 19:01:53 +10:00
David Garske f086e91cbf Merge pull request #10234 from douzzer/20260415-trace-errcodes-fixes-and-tests
20260415-trace-errcodes-fixes-and-tests
2026-04-15 20:38:53 -07:00
Daniel Pouzzner 4cd7126092 tests/api/test_aes.c: fix gating for test_wc_AesGcm_MonteCarlo() to exclude WOLFSSL_AFALG and WOLFSSL_DEVCRYPTO. 2026-04-15 21:29:17 -05:00
Daniel Pouzzner 0f0dab0105 wolfcrypt/src/logging.c and wolfssl/wolfcrypt/logging.h: add wc_backtrace_set_fp(). 2026-04-15 21:28:43 -05:00
Daniel Pouzzner 8d332778b0 wolfcrypt/test/test.c: in ed25519_test(), fix RARE_ED_BAD_ENC_E and RARE_ED_BAD_SIG_E macros to use WC_NO_ERR_TRACE() safely;
.github/workflows/trackmemory.yml: add --enable-debug-trace-errcodes to a couple scenarios.
2026-04-15 21:12:21 -05:00
night1rider 64a1ac8dd2 wc_SHE_ImportM1M2M3: fix guard from || to && so it gates on WOLF_CRYPTO_CB 2026-04-15 18:03:39 -06:00
Sean Parkinson 3c2a92d21d Merge pull request #10225 from kareem-wolfssl/zd21544
Fix uninitialized before use warning.  Fix unsupported #warning directive by Tasking compiler.
2026-04-16 08:55:49 +10:00
Sean Parkinson cd6b062847 Merge pull request #10136 from JeremiahM37/fenrir-issues-2
Fenrir fixes
2026-04-16 08:51:17 +10:00
Sean Parkinson d2175f3b42 Merge pull request #10222 from embhorn/zd21597
Report cert verify failure with MD5
2026-04-16 08:45:15 +10:00
Sean Parkinson f286f62cb3 Merge pull request #10201 from gasbytes/quic_record_cap
add missing WOLFSSL_QUIC_MAX_RECORD_CAPACITY check on the early-data
2026-04-16 08:42:35 +10:00
Sean Parkinson 6be03a5dab Merge pull request #10182 from embhorn/zd21576
Fix TLSX_EchChangeSNI to check hostname termination
2026-04-16 08:37:42 +10:00
Sean Parkinson 0c93bf9e7c Merge pull request #10229 from mattia-moffa/20260415-zd21621
Fix regressions (fast math MAX_ENCODED_SIG_SZ; DTLS export IV buffer size)
2026-04-16 08:33:23 +10:00
Sean Parkinson 1fab25301f Merge pull request #10221 from julek-wolfssl/gh/10197
TLS 1.3: evict session from cache after accepted 0-RTT resumption
2026-04-16 08:16:31 +10:00
Eric Blankenhorn 0ddde71279 Fix from review 2026-04-15 17:07:22 -05:00
David Garske 26a7d594e3 Merge pull request #10232 from douzzer/20260415-confusing_globals
20260415-confusing_globals
2026-04-15 15:02:40 -07:00
David Garske faa6e985a5 Merge pull request #10226 from SparkiDev/api_test_cipher_algs_3
API tests: more cipher tests
2026-04-15 14:32:11 -07:00
Eric Blankenhorn c429a41121 Fix from review 2026-04-15 15:26:46 -05:00
David Garske 48a0347581 Merge pull request #10180 from Frauschi/dilithium-alloc-key
Add dynamic key allocation support for Dilithium
2026-04-15 10:36:14 -07:00
Daniel Pouzzner 4ac3c89cd7 wolfssl/ssl.h: add backward compat mappings for wolfSSL*PrivateKey_id(). 2026-04-15 12:29:35 -05:00
night1rider 9775795470 Add ability to skip load key verify test 2026-04-15 11:28:03 -06:00
night1rider 1413afb0db Fix CMake SHE build: add wc_she.c to sources, propagate CMAC/AES_DIRECT defines, 2026-04-15 11:28:03 -06:00
night1rider 1078e797f8 Fix CMake SHE deps, const-correctness in CryptoCb uid, stale comment, XSTRLEN double call, configure.ac AES-CBC guard, and add LoadKey/LoadKey_Verify test coverage 2026-04-15 11:28:03 -06:00
Zackery Backman 92bd03a8a2 Fix .wolfssl_known_macro_extras: remove 19 unneeded macros, add NO_WC_SHE_LOADKEY, fix sort order 2026-04-15 11:28:03 -06:00
night1rider 8760b72426 Add missing NO_WC_SHE_LOADKEY macro to known macros list 2026-04-15 11:28:03 -06:00
night1rider 994b0cdedd Add one-shot SHE LoadKey and LoadKey Verify convenience APIs: wc_SHE_LoadKey, wc_SHE_LoadKey_Id, wc_SHE_LoadKey_Label and their verify counterparts 2026-04-15 11:28:03 -06:00
night1rider f8956abcc1 update she union for callback to be getUid not setUid 2026-04-15 11:28:03 -06:00