Commit Graph

30122 Commits

Author SHA1 Message Date
David Garske 262a2e199a Merge pull request #10662 from Frauschi/zephyr_4_4_fixes
Fixes for Zephyr 4.4
2026-06-11 09:51:11 -07:00
David Garske e0324866bc Merge pull request #10654 from douzzer/20260610-ssl_api_ext-revert-ret-cascades
20260610-ssl_api_ext-revert-ret-cascades
2026-06-11 09:49:08 -07:00
philljj b1330f75d9 Merge pull request #10658 from douzzer/20260608-linuxkm-fenrir
20260608-linuxkm-fenrir
2026-06-11 11:19:46 -05:00
Tobias Frauenschläger c73afe67a5 Fixes for Zephyr 4.4 2026-06-11 13:33:27 +02:00
Daniel Pouzzner 486e8eefc0 .wolfssl_known_macro_extras: fix lexical order. 2026-06-10 17:32:20 -05:00
Daniel Pouzzner 0f3d3bedb0 fix F-5334: AEAD decrypt accepts ciphertext shorter than authentication tag before unsigned length subtraction 2026-06-10 17:28:06 -05:00
Daniel Pouzzner e98a03b80e fix F=3524: Heap Buffer Overflow in km_direct_rsa_dec When req->dst_len < ctx->key_len 2026-06-10 17:28:06 -05:00
Daniel Pouzzner 1e888383bb fix F-3025: Missing buffer-length validation in km_ecdh_decode_secret enables out-of-bounds read 2026-06-10 17:28:06 -05:00
Daniel Pouzzner 9b723b9e11 fix F-3024: Missing buffer-length validation in km_dh_decode_secret enables out-of-bounds read 2026-06-10 17:28:05 -05:00
Daniel Pouzzner b4139b1a90 fix F-706: AES-CTR and AES-OFB Encrypt Leak Aes Context Containing Key Schedule on skcipher_walk_done Error 2026-06-10 17:28:05 -05:00
Daniel Pouzzner afc2137351 fix F-682: Incorrect tolower/toupper Macros Produce Wrong Results for Non-Alpha Characters 2026-06-10 17:28:05 -05:00
Daniel Pouzzner c9cc79f9ae cleanup inspired by false positive F-675: AES-CTR and AES-OFB Modes Bypass WC_C_DYNAMIC_FALLBACK Selection Logic 2026-06-10 17:28:05 -05:00
Daniel Pouzzner da1b7fe236 fixes for F-674: Non-Constant-Time memcmp in RSA PKCS#1 v1.5 Signature Verification 2026-06-10 17:28:05 -05:00
Daniel Pouzzner ad98438baa fixes for
F-5335: ECDH overflow paths do not report the required output length
F-5336: RSA PKCS#1 overflow paths do not report the required output length
2026-06-10 17:28:05 -05:00
Daniel Pouzzner 67c1d65ef7 fixes for
F-2554 Missing wc_ecc_free Before free in km_ecdh_init When wc_ecc_set_rng Fails
F-2555 Missing wc_FreeDhKey Before free in km_ffdhe_init When wc_DhSetNamedKey Fails
2026-06-10 17:28:05 -05:00
Daniel Pouzzner 05fc258ca2 fix F-1423: AES-XTS Encrypt/Decrypt Missing skcipher_walk Cleanup on 6 Early-Return Error Paths 2026-06-10 17:28:05 -05:00
Daniel Pouzzner 19a9670aaa fix F-1234: IS_ERR Used on NULL-Returning Kernel Crypto Request Allocation Functions. 2026-06-10 17:28:05 -05:00
Sean Parkinson 63fd322382 Merge pull request #10641 from rlm2002/zd21890
Fixes for SM2/3 and FindMultiAttrib
2026-06-11 08:01:20 +10:00
David Garske d56fa7972d Merge pull request #10639 from julek-wolfssl/fix-current-cipher-kx-nid
Fix cipher property NIDs for SSL_get_current_cipher and add PSK kx mapping
2026-06-10 14:50:02 -07:00
David Garske fdfb0a9fe7 Merge pull request #10627 from julek-wolfssl/fenrir-fixes-20260601-dtls13-recv-epoch
F-5606: don't enforce DTLS 1.3 2^48-1 epoch cap on the receive side
2026-06-10 10:06:26 -07:00
David Garske 10e2afa20a Merge pull request #10595 from miyazakh/f5381_RSASSA-PSS_trailerField
f5381 enforce trailerField==1 in DecodeRsaPssParams
2026-06-10 10:05:22 -07:00
Daniel Pouzzner 37511b484e tests/api/test_ssl_cert.c, tests/api/test_ssl_ext.c, tests/api/test_ssl_pk.c: add missing gates on !NO_TLS. 2026-06-10 12:05:00 -05:00
Daniel Pouzzner 4ce3baa307 wolfssl/ssl.h: add !NO_TLS gate around prototypes for wolf*_{client,server}_method*() to induce compile-time failures for TLS/SSL usage in NO_TLS configurations. 2026-06-10 12:05:00 -05:00
Daniel Pouzzner 03825c17f8 src/ssl_api_ext.c and src/ssl_api_pk.c: restore early BAD_FUNC_ARG returns that were refactored away in 359e688dc3, fixing null pointer deref regression in wolfSSL_UseALPN() (possibly others too). 2026-06-10 12:05:00 -05:00
David Garske 73f78dd3cb Merge pull request #10646 from ColtonWilley/openwrt-ci-tls-reset
Docker/OpenWrt: accept exit 4 or 5 in negative TLS tests
2026-06-10 09:56:41 -07:00
Daniel Pouzzner 332c249c7a Merge pull request #10572 from Frauschi/lms_xmss_cert_gen
Support RFC 9802 LMS and XMSS in X.509 certificate and CSR generation
2026-06-10 11:14:43 -05:00
David Garske 953467875f Merge pull request #10560 from philljj/fix_dh_agree
dh: fix subgroup check in wc_DhAgree.
2026-06-10 09:13:31 -07:00
David Garske 760392f403 Merge pull request #10636 from embhorn/zd21942
Harden PKCS#7 FlattenEncodedAttribs
2026-06-10 08:57:39 -07:00
David Garske 791224b3c5 Merge pull request #10632 from Frauschi/fenrir
Fenrir fixes
2026-06-10 08:14:30 -07:00
Tobias Frauenschläger 11270fc465 Check for EC_PF_UNCOMPRESSED in TLS 1.2 ClientHello
Fixes F-4892
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger e407dba23b Improve supported_groups handling
Fixes F-4891
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger e1413a177f Add missing ForceZero() calls
Fixes  F-5437 and F-5438
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger c01152d35a Minor fix in liboqs GetRandomData
Fixes F-4443
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger 9c60d87abc Fix minor CAVIUM issues
Fixes F-4441 and F-4442
2026-06-10 11:37:40 +02:00
Tobias Frauenschläger c611a22b2f Ensure a key is set for DES3 operations
Fixes F-5379
2026-06-10 11:36:59 +02:00
Tobias Frauenschläger c76c83258c Ensure a key is set for ARC4 operations
Fixes F-5378
2026-06-10 11:36:29 +02:00
Tobias Frauenschläger 09b288000c Size cert signature buffers from the key and check sig type vs key
MAX_ENCODED_SIG_SZ grows to ~50KB once SLH-DSA is enabled, yet it was
used to size PKCS#1/signature scratch and output buffers across the
library, wasting stack and heap even for classic RSA/ECC operations.

- Add MAX_ENCODED_CLASSIC_SIG_SZ for RSA/DSA/ECC DigestInfo buffers that
  can never hold a PQC signature.
- Size the certificate/CSR signing output buffer from the signing key at
  runtime instead of the worst-case macro.
- Add overridable WOLFSSL_MAX_SIG_SZ for the WOLFSSL_NO_MALLOC buffer.
- Reject a signature type that does not match the signing key.
2026-06-10 10:51:41 +02:00
Tobias Frauenschläger e05a453944 Support RFC 9802 LMS and XMSS in X.509 certificate and CSR generation
Extend wc_MakeCert_ex/wc_SignCert_ex/wc_MakeCertReq_ex to issue HSS/LMS and
XMSS/XMSS^MT certificates and PKCS#10 requests, building on the existing
RFC 9802 verification support. New LMS_TYPE/XMSS_TYPE/XMSSMT_TYPE selectors,
wc_{Lms,Xmss}Key_PublicKeyToDer SPKI encoders, runtime signature-buffer
sizing, and sigType/key consistency checks. Generation is ASN.1-template
only, matching where the verification path lives.

Tests generate self-signed roots, CSRs and a CA->ECC-leaf chain in-process
and verify them, replacing the patched Bouncy Castle fixtures (only the stock
RFC 9802-aligned LMS interop anchor is kept).
2026-06-10 10:51:33 +02:00
jordan 0640b2ef99 dh tests: fix define gate. 2026-06-10 01:39:18 -05:00
jordan c78fb5f41b dh: fix subgroup check in wc_DhAgree. 2026-06-10 01:28:12 -05:00
Daniel Pouzzner fdbfb66c4b Merge pull request #10569 from SparkiDev/ssl_c_split_1
ssl.c: Move functions out to own files and add testing
2026-06-09 22:52:34 -05:00
Juliusz Sosinowicz a5e58b1eb5 Fix CI: expect config-dependent cipher name in test_SSL_CIPHER_get_current_kx
SSL_CIPHER_get_name returns the internal cipher name (PSK-AES128-GCM-SHA256)
instead of the IANA name when WOLFSSL_CIPHER_INTERNALNAME, NO_ERROR_STRINGS or
WOLFSSL_QT is defined. user_settings_all.h with the compatibility layer enables
WOLFSSL_QT, so the test failed in the 'make user_setting.h (with sed)' job.
Match the expected name to the build configuration, mirroring the existing
pattern used elsewhere in tests/api.c.
2026-06-10 02:11:01 +00:00
Sean Parkinson 359e688dc3 ssl.c: Move functions out to own files and add testing
ssl_api_pk.c: added Public-key APIs (min/max key sizes, DH key test,
signature NIDs, tmp ecdh. Reworked code of new functions.
ssl_api_cert.c: added more SSL Certificate APIs. Reworked code of new
functions.
ssl_api_ext.c: TLS extension APIs (session tickets, max fragment,
groups, etc.). Reworked code.
ssl_api_dtls.c: DTLS APIs (cookie secret, etc.)

Improved test coverage for functions moved.
2026-06-10 09:11:59 +10:00
David Garske 4f09916e7e Merge pull request #10443 from anhu/protonamelist
Enforce only 1 protocolname in serverhello
2026-06-09 15:42:02 -07:00
Juliusz Sosinowicz 6853bf1d93 F-5606: don't enforce DTLS 1.3 2^48-1 epoch cap on the receive side
RFC 9147 Section 8's 2^48-1 epoch ceiling is a sender-only rule; the same
paragraph says receiving implementations MUST NOT enforce it. The KeyUpdate
receive path was rejecting a peer epoch that crossed 2^48-1, violating that.
Guard only the genuine wrap-to-zero (Section 4.2.1) and let the receiving
epoch advance past 2^48-1. The sender-side gates are unchanged.
2026-06-10 00:26:00 +02:00
Hideki Miyazaki 7d74caac6d Addressed review comments 2026-06-10 07:02:46 +09:00
Ruby Martin b167c2687e verify i >= 0 before continuing loop. clears coverity false positive 2026-06-09 15:40:16 -06:00
David Garske 358ae9a559 Merge pull request #10249 from ColtonWilley/pr15-tls-config-bounds
Add negative-count and NULL checks to group-setting and shared-cipher APIs
2026-06-09 14:40:16 -07:00
Ruby Martin 1786cebf8c add negative value check after wc_HashGetDigestSize 2026-06-09 15:40:16 -06:00
Ruby Martin fa5247b516 add regression test for sm builds 2026-06-09 15:40:16 -06:00