David Garske
262a2e199a
Merge pull request #10662 from Frauschi/zephyr_4_4_fixes
...
Fixes for Zephyr 4.4
2026-06-11 09:51:11 -07:00
David Garske
e0324866bc
Merge pull request #10654 from douzzer/20260610-ssl_api_ext-revert-ret-cascades
...
20260610-ssl_api_ext-revert-ret-cascades
2026-06-11 09:49:08 -07:00
philljj
b1330f75d9
Merge pull request #10658 from douzzer/20260608-linuxkm-fenrir
...
20260608-linuxkm-fenrir
2026-06-11 11:19:46 -05:00
Tobias Frauenschläger
c73afe67a5
Fixes for Zephyr 4.4
2026-06-11 13:33:27 +02:00
Daniel Pouzzner
486e8eefc0
.wolfssl_known_macro_extras: fix lexical order.
2026-06-10 17:32:20 -05:00
Daniel Pouzzner
0f3d3bedb0
fix F-5334: AEAD decrypt accepts ciphertext shorter than authentication tag before unsigned length subtraction
2026-06-10 17:28:06 -05:00
Daniel Pouzzner
e98a03b80e
fix F=3524: Heap Buffer Overflow in km_direct_rsa_dec When req->dst_len < ctx->key_len
2026-06-10 17:28:06 -05:00
Daniel Pouzzner
1e888383bb
fix F-3025: Missing buffer-length validation in km_ecdh_decode_secret enables out-of-bounds read
2026-06-10 17:28:06 -05:00
Daniel Pouzzner
9b723b9e11
fix F-3024: Missing buffer-length validation in km_dh_decode_secret enables out-of-bounds read
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
b4139b1a90
fix F-706: AES-CTR and AES-OFB Encrypt Leak Aes Context Containing Key Schedule on skcipher_walk_done Error
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
afc2137351
fix F-682: Incorrect tolower/toupper Macros Produce Wrong Results for Non-Alpha Characters
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
c9cc79f9ae
cleanup inspired by false positive F-675: AES-CTR and AES-OFB Modes Bypass WC_C_DYNAMIC_FALLBACK Selection Logic
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
da1b7fe236
fixes for F-674: Non-Constant-Time memcmp in RSA PKCS#1 v1.5 Signature Verification
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
ad98438baa
fixes for
...
F-5335: ECDH overflow paths do not report the required output length
F-5336: RSA PKCS#1 overflow paths do not report the required output length
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
67c1d65ef7
fixes for
...
F-2554 Missing wc_ecc_free Before free in km_ecdh_init When wc_ecc_set_rng Fails
F-2555 Missing wc_FreeDhKey Before free in km_ffdhe_init When wc_DhSetNamedKey Fails
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
05fc258ca2
fix F-1423: AES-XTS Encrypt/Decrypt Missing skcipher_walk Cleanup on 6 Early-Return Error Paths
2026-06-10 17:28:05 -05:00
Daniel Pouzzner
19a9670aaa
fix F-1234: IS_ERR Used on NULL-Returning Kernel Crypto Request Allocation Functions.
2026-06-10 17:28:05 -05:00
Sean Parkinson
63fd322382
Merge pull request #10641 from rlm2002/zd21890
...
Fixes for SM2/3 and FindMultiAttrib
2026-06-11 08:01:20 +10:00
David Garske
d56fa7972d
Merge pull request #10639 from julek-wolfssl/fix-current-cipher-kx-nid
...
Fix cipher property NIDs for SSL_get_current_cipher and add PSK kx mapping
2026-06-10 14:50:02 -07:00
David Garske
fdfb0a9fe7
Merge pull request #10627 from julek-wolfssl/fenrir-fixes-20260601-dtls13-recv-epoch
...
F-5606: don't enforce DTLS 1.3 2^48-1 epoch cap on the receive side
2026-06-10 10:06:26 -07:00
David Garske
10e2afa20a
Merge pull request #10595 from miyazakh/f5381_RSASSA-PSS_trailerField
...
f5381 enforce trailerField==1 in DecodeRsaPssParams
2026-06-10 10:05:22 -07:00
Daniel Pouzzner
37511b484e
tests/api/test_ssl_cert.c, tests/api/test_ssl_ext.c, tests/api/test_ssl_pk.c: add missing gates on !NO_TLS.
2026-06-10 12:05:00 -05:00
Daniel Pouzzner
4ce3baa307
wolfssl/ssl.h: add !NO_TLS gate around prototypes for wolf*_{client,server}_method*() to induce compile-time failures for TLS/SSL usage in NO_TLS configurations.
2026-06-10 12:05:00 -05:00
Daniel Pouzzner
03825c17f8
src/ssl_api_ext.c and src/ssl_api_pk.c: restore early BAD_FUNC_ARG returns that were refactored away in 359e688dc3, fixing null pointer deref regression in wolfSSL_UseALPN() (possibly others too).
2026-06-10 12:05:00 -05:00
David Garske
73f78dd3cb
Merge pull request #10646 from ColtonWilley/openwrt-ci-tls-reset
...
Docker/OpenWrt: accept exit 4 or 5 in negative TLS tests
2026-06-10 09:56:41 -07:00
Daniel Pouzzner
332c249c7a
Merge pull request #10572 from Frauschi/lms_xmss_cert_gen
...
Support RFC 9802 LMS and XMSS in X.509 certificate and CSR generation
2026-06-10 11:14:43 -05:00
David Garske
953467875f
Merge pull request #10560 from philljj/fix_dh_agree
...
dh: fix subgroup check in wc_DhAgree.
2026-06-10 09:13:31 -07:00
David Garske
760392f403
Merge pull request #10636 from embhorn/zd21942
...
Harden PKCS#7 FlattenEncodedAttribs
2026-06-10 08:57:39 -07:00
David Garske
791224b3c5
Merge pull request #10632 from Frauschi/fenrir
...
Fenrir fixes
2026-06-10 08:14:30 -07:00
Tobias Frauenschläger
11270fc465
Check for EC_PF_UNCOMPRESSED in TLS 1.2 ClientHello
...
Fixes F-4892
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
e407dba23b
Improve supported_groups handling
...
Fixes F-4891
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
e1413a177f
Add missing ForceZero() calls
...
Fixes F-5437 and F-5438
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
c01152d35a
Minor fix in liboqs GetRandomData
...
Fixes F-4443
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
9c60d87abc
Fix minor CAVIUM issues
...
Fixes F-4441 and F-4442
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger
c611a22b2f
Ensure a key is set for DES3 operations
...
Fixes F-5379
2026-06-10 11:36:59 +02:00
Tobias Frauenschläger
c76c83258c
Ensure a key is set for ARC4 operations
...
Fixes F-5378
2026-06-10 11:36:29 +02:00
Tobias Frauenschläger
09b288000c
Size cert signature buffers from the key and check sig type vs key
...
MAX_ENCODED_SIG_SZ grows to ~50KB once SLH-DSA is enabled, yet it was
used to size PKCS#1/signature scratch and output buffers across the
library, wasting stack and heap even for classic RSA/ECC operations.
- Add MAX_ENCODED_CLASSIC_SIG_SZ for RSA/DSA/ECC DigestInfo buffers that
can never hold a PQC signature.
- Size the certificate/CSR signing output buffer from the signing key at
runtime instead of the worst-case macro.
- Add overridable WOLFSSL_MAX_SIG_SZ for the WOLFSSL_NO_MALLOC buffer.
- Reject a signature type that does not match the signing key.
2026-06-10 10:51:41 +02:00
Tobias Frauenschläger
e05a453944
Support RFC 9802 LMS and XMSS in X.509 certificate and CSR generation
...
Extend wc_MakeCert_ex/wc_SignCert_ex/wc_MakeCertReq_ex to issue HSS/LMS and
XMSS/XMSS^MT certificates and PKCS#10 requests, building on the existing
RFC 9802 verification support. New LMS_TYPE/XMSS_TYPE/XMSSMT_TYPE selectors,
wc_{Lms,Xmss}Key_PublicKeyToDer SPKI encoders, runtime signature-buffer
sizing, and sigType/key consistency checks. Generation is ASN.1-template
only, matching where the verification path lives.
Tests generate self-signed roots, CSRs and a CA->ECC-leaf chain in-process
and verify them, replacing the patched Bouncy Castle fixtures (only the stock
RFC 9802-aligned LMS interop anchor is kept).
2026-06-10 10:51:33 +02:00
jordan
0640b2ef99
dh tests: fix define gate.
2026-06-10 01:39:18 -05:00
jordan
c78fb5f41b
dh: fix subgroup check in wc_DhAgree.
2026-06-10 01:28:12 -05:00
Daniel Pouzzner
fdbfb66c4b
Merge pull request #10569 from SparkiDev/ssl_c_split_1
...
ssl.c: Move functions out to own files and add testing
2026-06-09 22:52:34 -05:00
Juliusz Sosinowicz
a5e58b1eb5
Fix CI: expect config-dependent cipher name in test_SSL_CIPHER_get_current_kx
...
SSL_CIPHER_get_name returns the internal cipher name (PSK-AES128-GCM-SHA256)
instead of the IANA name when WOLFSSL_CIPHER_INTERNALNAME, NO_ERROR_STRINGS or
WOLFSSL_QT is defined. user_settings_all.h with the compatibility layer enables
WOLFSSL_QT, so the test failed in the 'make user_setting.h (with sed)' job.
Match the expected name to the build configuration, mirroring the existing
pattern used elsewhere in tests/api.c.
2026-06-10 02:11:01 +00:00
Sean Parkinson
359e688dc3
ssl.c: Move functions out to own files and add testing
...
ssl_api_pk.c: added Public-key APIs (min/max key sizes, DH key test,
signature NIDs, tmp ecdh. Reworked code of new functions.
ssl_api_cert.c: added more SSL Certificate APIs. Reworked code of new
functions.
ssl_api_ext.c: TLS extension APIs (session tickets, max fragment,
groups, etc.). Reworked code.
ssl_api_dtls.c: DTLS APIs (cookie secret, etc.)
Improved test coverage for functions moved.
2026-06-10 09:11:59 +10:00
David Garske
4f09916e7e
Merge pull request #10443 from anhu/protonamelist
...
Enforce only 1 protocolname in serverhello
2026-06-09 15:42:02 -07:00
Juliusz Sosinowicz
6853bf1d93
F-5606: don't enforce DTLS 1.3 2^48-1 epoch cap on the receive side
...
RFC 9147 Section 8's 2^48-1 epoch ceiling is a sender-only rule; the same
paragraph says receiving implementations MUST NOT enforce it. The KeyUpdate
receive path was rejecting a peer epoch that crossed 2^48-1, violating that.
Guard only the genuine wrap-to-zero (Section 4.2.1) and let the receiving
epoch advance past 2^48-1. The sender-side gates are unchanged.
2026-06-10 00:26:00 +02:00
Hideki Miyazaki
7d74caac6d
Addressed review comments
2026-06-10 07:02:46 +09:00
Ruby Martin
b167c2687e
verify i >= 0 before continuing loop. clears coverity false positive
2026-06-09 15:40:16 -06:00
David Garske
358ae9a559
Merge pull request #10249 from ColtonWilley/pr15-tls-config-bounds
...
Add negative-count and NULL checks to group-setting and shared-cipher APIs
2026-06-09 14:40:16 -07:00
Ruby Martin
1786cebf8c
add negative value check after wc_HashGetDigestSize
2026-06-09 15:40:16 -06:00
Ruby Martin
fa5247b516
add regression test for sm builds
2026-06-09 15:40:16 -06:00