Commit Graph

9158 Commits

Author SHA1 Message Date
David Garske 49ed1fa21f Merge pull request #9684 from SparkiDev/ecc_import_pub_check_fix
ECC: import point, always do some checks
2026-02-11 21:53:03 -08:00
Sean Parkinson 1847c6e778 Merge pull request #9721 from dgarske/x25519_nb
Add X25519 non-blocking support and async example improvements
2026-02-12 07:56:58 +10:00
Sean Parkinson 2ef096a21b Merge pull request #9754 from julek-wolfssl/zd/21171
Add check for KS in SH
2026-02-11 09:11:05 +10:00
David Garske bc12b7563f Peer review improvements 2026-02-10 14:51:51 -08:00
Juliusz Sosinowicz f810dc2a01 Add check for KeyShare in ServerHello
Fixes ZD21171
2026-02-10 12:39:27 +01:00
Sean Parkinson 7245ad02bb Merge pull request #9748 from gasbytes/wolfSSL_d2i_SSL_SESSION-fix
add missing checks in wolfSSL_d2i_SSL_SESSION
2026-02-10 21:22:16 +10:00
David Garske 2a18b7ee44 Fix non-blocking X25519/ECC with WOLFSSL_ASYNC_CRYPT_SW
The non-blocking setup for X25519 and ECC in TLS was unconditionally
setting up nbCtx, which caused functions to return FP_WOULDBLOCK. However,
with INVALID_DEVID (the default), TLS has no async loop to handle
FP_WOULDBLOCK, only WC_PENDING_E via the async framework.

The fix follows the pattern used in asn.c: only set up nbCtx when the async
device is active (devId != INVALID_DEVID). With INVALID_DEVID, the code now
uses the blocking fallback (WC_ECC_NONBLOCK_ONLY) instead.

This prevents unit test timeouts when built with --enable-curve25519=nonblock
or --enable-ecc=nonblock.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-09 09:22:36 -08:00
Daniel Pouzzner d36953948b src/ssl_api_pk.c: in wolfSSL_CTX_SetTmpEC_DHE_Sz(), fix gate-dependent syntax error in if construct;
src/ssl_p7p12.c: in wolfSSL_SMIME_read_PKCS7(), fix memleakOnRealloc.
2026-02-07 12:00:00 -06:00
Daniel Pouzzner 51f5f8799d src/ssl_api_pk.c: fix -Wmaybe-uninitialized in check_cert_key_dev() (defect introduced in #9723);
wolfcrypt/test/test.c: fix error-path memory leaks in srtpkdf_test(), and properly gate out incompatible SRTP_KDF_LONG_KEY test on old FIPS (defect introduced in #9733);

.wolfssl_known_macro_extras: get into lexical order and remove unneeded WC_RSA_DIRECT.
2026-02-06 13:06:10 -06:00
David Garske 19bb7198a2 Peer review fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 10:24:31 -08:00
Reda Chouk f94eb68ea3 add missing checks in wolfSSL_d2i_SSL_SESSION 2026-02-06 17:00:42 +01:00
Daniel Pouzzner 25db90afe7 Merge pull request #9741 from kareem-wolfssl/variousFixes
Various fixes
2026-02-05 20:32:12 -06:00
Daniel Pouzzner 8e6ebdb8ac Merge pull request #9723 from SparkiDev/ssl_split_cert
Split out code form ssl.c and pk.c
2026-02-05 18:21:36 -06:00
David Garske c3ef6afcfd Merge pull request #9743 from douzzer/20260205-fixes
20260205-fixes
2026-02-05 15:23:57 -08:00
Daniel Pouzzner 1d871879df Merge pull request #9726 from Frauschi/pkcs11_pqc_prep
PKCS#11 PQC preparation work
2026-02-05 16:50:25 -06:00
Paul Adelsbach 635832010e Use WOLFSSL_STACK methods in new AIA functions 2026-02-05 11:54:26 -08:00
Daniel Pouzzner 0cc1dc29c4 src/x509.c: in x509_aia_append_string(), use heap pointer from supplied *head, and initialize WOLFSSL_STACK.type (fixes "Conditional jump or move depends on uninitialised value(s)" from 08c1397cc1);
wolfssl/wolfcrypt/asn.h: use WC_BITFIELD for extAuthInfoListSz and extAuthInfoListOverflow bitfields, for C89 compat (fixes -Wpedantic from 08c1397cc1).
2026-02-05 10:04:17 -06:00
David Garske 4d3925d526 Add X25519 non-blocking support for key gen and shared secret
## Summary
- Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`)
- Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply
- Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key
- Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`)
- Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`)
- Add X25519 async software dispatch cases in `async.c` and types in `async.h`
- Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms)
- Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync
- Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow
- Add wolfcrypt test and API test coverage for X25519 non-blocking
2026-02-04 21:28:52 -08:00
Kareem eae22ab37d Send illegal_parameter alert rather than handshake_failure when the server tries to use a cipher suite that the client does not support. Fixes #9639. 2026-02-04 15:44:16 -07:00
Kareem 1e770e1a0f Send decode_error alert rather than illegal_parameter when receiving an empty/malformed keyshare extension. Fixes #9640. 2026-02-04 15:40:30 -07:00
Paul Adelsbach 08c1397cc1 Enable 8 combined OCSP and URLs instead of 1 of each 2026-02-04 11:04:46 -08:00
Paul Adelsbach aa020f39c4 Extend AIA interface 2026-02-02 08:48:40 -08:00
Sean Parkinson 565ac4c101 ECC: import point, always do some checks when untrusted
Always check for infinity and, when B param available, whether the point
is on the curve when point is untrusted.
Change TLS code to treat points from peer as untrusted on import.
2026-02-02 16:12:19 +10:00
Daniel Pouzzner f2f9d5bbe7 src/internal.c: in SanityCheckMsgReceived(), gate "TLS 1.2 message order check: certificate before CKE" from 5b6f86bc8e on !WOLFSSL_NO_CLIENT_AUTH. 2026-01-30 22:38:44 -06:00
Daniel Pouzzner 6123febd3f src/ssl_sk.c, src/x509.c, wolfssl/ssl.h: tweaks and fixes to from #9705: remove !WOLFSSL_LINUXKM gates, and fix nullPointerArithmeticRedundantCheck in ExtractHostFromUri(). 2026-01-30 17:34:37 -06:00
JacobBarthelmeh 1dc177fdbe Merge pull request #9718 from SparkiDev/tls12_msg_order_checks
TLS 1.2 message order check: certificate before CKE
2026-01-30 10:50:33 -07:00
JacobBarthelmeh 9ca379f3bb Merge pull request #9719 from dgarske/usersettings_expand
Improve user_settings.h examples and add validation rules
2026-01-29 15:35:12 -07:00
Tobias Frauenschläger 90be76cb94 Misc fixes and improvements regarding PKCS#11 2026-01-29 18:39:15 +01:00
Sean Parkinson be4584784c Split out code form ssl.c and pk.c
Move EC and RSA code out of pk.c into separate file.

Move out of ssl.c into separate files:
  - Certificate APIs
  - CRL/OCSP APIs
  - Public Key APIs
  - ECH

Internal Certificate Manager APIs pulled out into ssl_certman.c.
d2i and i2d WOLFSSL_EVP_PKEY APIs pulled out into evp_pk.c.

Fix formatting.
2026-01-29 18:49:56 +10:00
David Garske c2a987595f Add new user_settings.h templates for tls13, dtls13, pq, openssl_compat, baremetal, rsa_only, pkcs7, ca 2026-01-28 11:27:01 -08:00
JacobBarthelmeh a6316114bd Merge pull request #9716 from SparkiDev/regression_fixes_22
Regression test fixes
2026-01-27 22:07:50 -07:00
Sean Parkinson 5b6f86bc8e TLS 1.2 message order check: certificate before CKE
Make sure we received a Certificate message before the ClientKeyExchange
when a certificate is requested. (Certificate message will be empty when
client has no valid certificate.)
2026-01-28 10:35:14 +10:00
Sean Parkinson eb2fb4a9ce Merge pull request #9699 from anhu/downg
Add cipher suite filtering when downgrade is disabled
2026-01-28 08:59:06 +10:00
Sean Parkinson bc9e37118e Regression test fixes
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.

wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
2026-01-28 07:37:29 +10:00
JacobBarthelmeh 3e7efe8be2 Merge pull request #9705 from cconlon/nameConstraints
Support for extracting and validating X.509 Name Constraints extensions
2026-01-27 10:01:48 -07:00
Chris Conlon 610d530e45 Add Name Constraints extension support with wolfSSL_X509_get_ext_d2i() and wolfSSL_NAME_CONSTRAINTS_check_name() 2026-01-26 10:36:05 -07:00
David Garske eeaa3a7160 Merge pull request #9596 from kareem-wolfssl/zd19378
Add a runtime option to enable or disable the secure renegotiation check.
2026-01-26 08:34:57 -08:00
David Garske cd88ec57b0 Merge pull request #9685 from kareem-wolfssl/gh7735
Always reinitialize the SSL cipher suites in InitSSL_Side as the side and enabled algos have likely changed.
2026-01-23 12:38:46 -08:00
Tobias Frauenschläger 14ce7956f1 Increase test coverage
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests

Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
2026-01-23 09:27:16 +01:00
Sean Parkinson 27df554e99 Merge pull request #9701 from Frauschi/brainpool-tls13
Add support for TLS 1.3 Brainpool curves
2026-01-23 10:42:32 +10:00
David Garske a17f68f036 Merge pull request #9587 from kareem-wolfssl/zd20850
Add duplicate entry error to distinguish cases where a duplicate CRL is rejected.
2026-01-22 15:07:19 -08:00
Kareem 1103552c37 Code review feedback 2026-01-22 15:46:13 -07:00
Kareem d60dd53165 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19378 2026-01-22 15:37:30 -07:00
Kareem 4c0c51fdff Merge branch 'master' of https://github.com/wolfSSL/wolfssl into gh7735 2026-01-22 15:13:15 -07:00
Kareem baedba6a58 Force client haveDH to true in wolfSSL_set_options. haveDH won't be set to true on the client as the server side is what calls DH param generation APIs which set this to true, but we still want the client to support DH cipher suites if enabled. This matches behavior from InitSSL_EitherSide. 2026-01-22 15:13:08 -07:00
Tobias Frauenschläger eb8ba6124e Support TLS 1.3 ECC Brainpool authentication
This also fixes TLS 1.2 authentication to only succeed in case the
brainpool curve was present in the supported_groups extension.
2026-01-22 14:14:09 +01:00
Tobias Frauenschläger a462398387 Support Brainpool ECC curve TLS 1.3 key exchange
When both TLS 1.3 and Brainpool curves are enabled, three new groups can
be used for the ECDHE key exchange according to RFC 8734:
* WOLFSSL_ECC_BRAINPOOLP256R1TLS13 (31)
* WOLFSSL_ECC_BRAINPOOLP384R1TLS13 (32)
* WOLFSSL_ECC_BRAINPOOLP512R1TLS13 (33)

Also ensure that the existing TLS 1.2 curves are sent properly.

The TLS client application is updated to support handshakes via
Brainpool curves using the new argument "--bpKs".
2026-01-22 14:14:09 +01:00
David Garske e4e79dd8a3 Merge pull request #9694 from SparkiDev/tls_msg_sanity_fix
TLS: more sanity checks on message order
2026-01-21 15:11:11 -08:00
Anthony Hu d088fee72c Add cipher suite filtering when downgrade is disabled
When wolfSSL_SetVersion() is called to set a specific TLS version,
the downgrade flag is now set to 0. This causes wolfSSL_parse_cipher_list()
to no longer preserve cipher suites from the other TLS version group.

Previously, when using SSLv23 method and setting cipher suites for only
one TLS version (e.g., TLS 1.2), the library would preserve any existing
cipher suites from the other version (e.g., TLS 1.3) for OpenSSL API
compatibility. With this change, if a specific version is set via
wolfSSL_SetVersion(), only the cipher suites for that version are kept.
2026-01-21 18:01:01 -05:00
David Garske f52930b844 More fixes for NO RNG and NO check key (broken in #9606 and #9576) 2026-01-21 10:31:57 -08:00