Commit Graph

9191 Commits

Author SHA1 Message Date
JacobBarthelmeh 76816a0e11 Merge pull request #9823 from embhorn/zd21242
Add sanity checks in key export
2026-02-25 14:38:46 -07:00
JacobBarthelmeh e317aa2b70 Merge pull request #9827 from embhorn/zd21241
Fix cert chain size issue
2026-02-25 14:30:58 -07:00
Eric Blankenhorn 75b0808fe5 Update from review 2026-02-25 09:02:55 -06:00
Eric Blankenhorn 41ebc92fa5 Replace macros from stdint.h with literals to make code more generic 2026-02-25 09:00:57 -06:00
Eric Blankenhorn 67de2349da Add sanity checks in key export 2026-02-25 09:00:57 -06:00
Eric Blankenhorn 8f787909da Fix from review 2026-02-24 11:17:42 -06:00
Marco Oliverio d72fcb1d27 tls13: avoid to create a new suite in CertificateRequest
This way the ssl object honour the HasSigAlgo list set by
wolfSSL_set1_sigalgs_list.
2026-02-24 18:02:26 +01:00
Eric Blankenhorn 2ae3164c6f Fix cert chain size issue 2026-02-24 09:27:42 -06:00
Juliusz Sosinowicz a9f23ad140 Add changes for ntp 4.2.8p18
Depends on https://github.com/wolfSSL/osp/pull/319
2026-02-20 19:06:55 +01:00
David Garske f1e8c1b886 Merge pull request #9787 from holtrop-wolfssl/fix-integrity-only-cipher-nonce-calculation
Fix integrity-only cipher nonce calculation
2026-02-19 09:05:24 -08:00
David Garske 1047aaa881 Merge pull request #9796 from JacobBarthelmeh/copyright
update Copyright year
2026-02-19 08:47:30 -08:00
Andrew Hutchings 66de1d6cdb Fix wolfSSL_CRYPTO_memcmp
This is used by the OpenSSL compatibility layer. If either parameter was
NULL, it would return as a match. We should return a non-match instead.

OpenSSL itself has no safety checks here.
2026-02-19 11:01:52 +00:00
Andrew Hutchings 4e37d99d07 Fix OCSP key-based responder ID lookup when SM2/SM3 is enabled.
When WOLFSSL_SM2 and WOLFSSL_SM3 are both defined, KEYID_SIZE becomes 32
(WC_SM3_DIGEST_SIZE) but OCSP_RESPONDER_ID_KEY_SZ remains 20 (SHA-1 per
RFC 6960). The guard (int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ in
OcspFindSigner() and OcspRespIdMatch() evaluated to false (32 != 20),
completely disabling key-based OCSP responder ID matching. This caused
OCSP stapling to fail with BAD_CERTIFICATE_STATUS_ERROR (-406) against
any server using a key-based responder ID (e.g. login.live.com).

Fix by comparing only OCSP_RESPONDER_ID_KEY_SZ bytes for the responder
ID match, and zero-padding the 20-byte key hash to KEYID_SIZE before
passing to CA lookup functions that compare the full KEYID_SIZE.
2026-02-18 18:01:33 +00:00
Andrew Hutchings 730519211d Fix wrong flags read on BIO write 2026-02-18 18:01:33 +00:00
Andrew Hutchings 3ffa625fd4 Fix leak in Aria upon error 2026-02-18 18:01:33 +00:00
Andrew Hutchings 5bb447dee6 Fix copy/paste error in SM4 CBC Decrypt Async 2026-02-18 18:01:33 +00:00
Andrew Hutchings 43aad1e4d7 Fix SM4 TLS 1.3 decrypt auth tag and SM2 cert verification
- Fix SM4 GCM/CCM TLS 1.3 decrypt to read auth tag from input buffer
  instead of output buffer, consistent with all other AEAD ciphers
  (src/tls13.c)

- Fix SM4_BLOCK_SIZE typo (was SM$_BLOCK_SIZE) in TicketEncDec SM4-GCM
  decrypt path (src/internal.c)

- Fix SM2 certificate signature verification for certs using
  id-ecPublicKey (ECDSAk) with SM2-with-SM3 signature algorithm.
  OpenSSL creates SM2 cert signatures without the standard
  distinguishing identifier in the ZA hash. The SM2k code path already
  handled this correctly (idSz=0), but the ECDSAk + CTC_SM3wSM2 path
  was incorrectly using CERT_SIG_ID_SZ (16), causing ASN_SIG_CONFIRM_E
  (-155) when verifying non-self-signed SM2 certs (wolfcrypt/src/asn.c)

- Regenerate expired SM2 test certificates via certs/sm2/gen-sm2-certs.sh
  They had expired.
2026-02-18 18:01:33 +00:00
Andrew Hutchings b7c3bbf101 Fixes to size checking
In `quic_record_transfer()`, the unsigned subtraction
`qr->end - qr->start` could wrap around if `end < start`, and the
subsequent `len <= 0` check was ineffective on a `word32`. Move the
comparison before the subtraction so the function returns `0` safely.

In `GetEchConfig()`, `XSTRLEN(config->publicName)` was assigned to a
single byte, silently truncating names longer than 255 characters while
`XMEMCPY` still copied the full string. Add a 255-byte length
validation in both `wolfSSL_CTX_GenerateEchConfig()` and
`GetEchConfig()`, and cache the length in a local variable to avoid
redundant `XSTRLEN` calls.
2026-02-18 18:01:33 +00:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Andrew Hutchings 060a2b3395 Fix DTLS 1.3 unified header fixed bits mask
DTLS13_FIXED_BITS_MASK used 0x111 (hex 273) instead of 0x7 (decimal 7,
binary 111). Per RFC 9147 Section 4, the top 3 bits of the unified
header flags byte must be 001. The incorrect hex value caused the mask
to only check bit 5 instead of bits 5, 6, and 7, allowing bytes with
bits 6 or 7 set to be misidentified as unified DTLS 1.3 headers.
2026-02-17 10:39:41 +00:00
Andrew Hutchings 00de3f3918 Use XMEMSET instead of memset in QUIC 2026-02-17 10:36:47 +00:00
Andrew Hutchings f31ed0d0cd Fix logic bug in TLSX_TCA_Find causing incorrect Trusted CA matching
The while loop conditions in TLSX_TCA_Find were inverted, causing two
bugs: the loop short-circuited on type match alone without checking the
id content, and the XMEMCMP sense was reversed (continuing on match,
stopping on mismatch). This meant any TCA entry with a matching type
would be returned as a match regardless of whether the identifier
actually matched.

Restructure the loop to correctly require both type and id (size +
content) to match before returning an entry, and to match any entry
immediately for PRE_AGREED type.

Add test_TLSX_TCA_Find unit test exercising exact match, mismatched id,
and PRE_AGREED cases via memio handshake.
2026-02-17 10:35:54 +00:00
Josh Holtrop 2be175fa35 Fix integrity-only cipher nonce calculation 2026-02-16 21:30:03 -05:00
Chris Conlon 36a28ac08c Merge pull request #9713 from padelsbach/crl-generation-cert-updates
Add cert/CRL capabilities: skid, akid, dist point, netscape
2026-02-16 15:29:18 -07:00
David Garske db82c3ef59 Merge pull request #9777 from Pushyanth-Infineon/fix_TLSX_IsGroupSupported_switch_case_handling
Fix switch case handling in TLSX_IsGroupSupported function
2026-02-16 13:13:46 -08:00
David Garske 10ca06cebe Merge pull request #9769 from anhu/midbox
Middle box compatibility compliance.
2026-02-16 12:27:07 -08:00
Andrew Hutchings 8b44b00317 Fix issues found during src/ code review
- ECH: add bounds check on hpkePubkeyLen against HPKE_Npk_MAX to
  prevent heap buffer overflow from untrusted ECH config data

- Sniffer: fix reassembly memory limit check typo, MaxRecoveryMemory -1
  should be MaxRecoveryMemory != -1

- Sniffer: add bounds check in IPv6 extension header parsing loop to
  prevent OOB read when next_header never matches TCP or NO_NEXT_HEADER

- Sniffer: validate tlsFragOffset + rhSize against tlsFragSize before
  XMEMCPY in both TLS handshake fragment reassembly paths

- Internal: use WC_SAFE_SUM_WORD32 in GrowAnOutputBuffer to prevent
  integer overflow on allocation size, matching existing pattern in
  GrowOutputBuffer
2026-02-16 17:27:10 +00:00
Sean Parkinson 4fe05d7fe0 Merge pull request #9771 from padelsbach/pk-ec-fix-null-check
Fix null check in ECDSA encode
2026-02-16 22:07:29 +10:00
Pushyanth Kamatham 33c14ead5c Fix switch case handling in TLSX_IsGroupSupported function 2026-02-16 15:59:34 +05:30
Paul Adelsbach aafc876759 Add cert/CRL capabilities: skid, akid, dist point, netscape 2026-02-13 20:35:44 -08:00
Paul Adelsbach 70fa2c4e2a Fix null check in ECDSA encode 2026-02-13 12:07:19 -08:00
Paul Adelsbach 81ae472e50 Add CRL generation code 2026-02-13 10:54:47 -08:00
Anthony Hu c3c9acc5bf Middle box compatibility compliance. 2026-02-13 10:28:12 -05:00
David Garske 49ed1fa21f Merge pull request #9684 from SparkiDev/ecc_import_pub_check_fix
ECC: import point, always do some checks
2026-02-11 21:53:03 -08:00
Sean Parkinson 1847c6e778 Merge pull request #9721 from dgarske/x25519_nb
Add X25519 non-blocking support and async example improvements
2026-02-12 07:56:58 +10:00
Sean Parkinson 2ef096a21b Merge pull request #9754 from julek-wolfssl/zd/21171
Add check for KS in SH
2026-02-11 09:11:05 +10:00
David Garske bc12b7563f Peer review improvements 2026-02-10 14:51:51 -08:00
Juliusz Sosinowicz f810dc2a01 Add check for KeyShare in ServerHello
Fixes ZD21171
2026-02-10 12:39:27 +01:00
Sean Parkinson 7245ad02bb Merge pull request #9748 from gasbytes/wolfSSL_d2i_SSL_SESSION-fix
add missing checks in wolfSSL_d2i_SSL_SESSION
2026-02-10 21:22:16 +10:00
David Garske 2a18b7ee44 Fix non-blocking X25519/ECC with WOLFSSL_ASYNC_CRYPT_SW
The non-blocking setup for X25519 and ECC in TLS was unconditionally
setting up nbCtx, which caused functions to return FP_WOULDBLOCK. However,
with INVALID_DEVID (the default), TLS has no async loop to handle
FP_WOULDBLOCK, only WC_PENDING_E via the async framework.

The fix follows the pattern used in asn.c: only set up nbCtx when the async
device is active (devId != INVALID_DEVID). With INVALID_DEVID, the code now
uses the blocking fallback (WC_ECC_NONBLOCK_ONLY) instead.

This prevents unit test timeouts when built with --enable-curve25519=nonblock
or --enable-ecc=nonblock.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-09 09:22:36 -08:00
Daniel Pouzzner d36953948b src/ssl_api_pk.c: in wolfSSL_CTX_SetTmpEC_DHE_Sz(), fix gate-dependent syntax error in if construct;
src/ssl_p7p12.c: in wolfSSL_SMIME_read_PKCS7(), fix memleakOnRealloc.
2026-02-07 12:00:00 -06:00
Daniel Pouzzner 51f5f8799d src/ssl_api_pk.c: fix -Wmaybe-uninitialized in check_cert_key_dev() (defect introduced in #9723);
wolfcrypt/test/test.c: fix error-path memory leaks in srtpkdf_test(), and properly gate out incompatible SRTP_KDF_LONG_KEY test on old FIPS (defect introduced in #9733);

.wolfssl_known_macro_extras: get into lexical order and remove unneeded WC_RSA_DIRECT.
2026-02-06 13:06:10 -06:00
David Garske 19bb7198a2 Peer review fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 10:24:31 -08:00
Reda Chouk f94eb68ea3 add missing checks in wolfSSL_d2i_SSL_SESSION 2026-02-06 17:00:42 +01:00
Daniel Pouzzner 25db90afe7 Merge pull request #9741 from kareem-wolfssl/variousFixes
Various fixes
2026-02-05 20:32:12 -06:00
Daniel Pouzzner 8e6ebdb8ac Merge pull request #9723 from SparkiDev/ssl_split_cert
Split out code form ssl.c and pk.c
2026-02-05 18:21:36 -06:00
David Garske c3ef6afcfd Merge pull request #9743 from douzzer/20260205-fixes
20260205-fixes
2026-02-05 15:23:57 -08:00
Daniel Pouzzner 1d871879df Merge pull request #9726 from Frauschi/pkcs11_pqc_prep
PKCS#11 PQC preparation work
2026-02-05 16:50:25 -06:00
Paul Adelsbach 635832010e Use WOLFSSL_STACK methods in new AIA functions 2026-02-05 11:54:26 -08:00
Daniel Pouzzner 0cc1dc29c4 src/x509.c: in x509_aia_append_string(), use heap pointer from supplied *head, and initialize WOLFSSL_STACK.type (fixes "Conditional jump or move depends on uninitialised value(s)" from 08c1397cc1);
wolfssl/wolfcrypt/asn.h: use WC_BITFIELD for extAuthInfoListSz and extAuthInfoListOverflow bitfields, for C89 compat (fixes -Wpedantic from 08c1397cc1).
2026-02-05 10:04:17 -06:00