David Garske
4c75a866d9
Add inline documentation for missing macros and fix spelling errors
2026-03-16 17:09:13 -07:00
Sean Parkinson
bbd2f6f898
Fixes from regression testing
...
CRL APIs not usable when NO_ASN_TIME defined.
WOLFSSL_TLS13 needs to be defined with HAVE_ECH.
When session ticket encrypted with CBC, must be a multiple of block
size.
Fix test define protection.
Fix ML-DSA protection of reduction functions.
Need !NO_RSA with WC_RSA_PSS.
Connection ID is not a DTLS 1.3 only extension.
2026-03-12 08:19:39 +10:00
Daniel Pouzzner
3540d89c0d
Merge pull request #9945 from holtrop-wolfssl/zd21327
...
Avoid one-byte read outside of allocated encrypted content buffer in wc_PKCS7_DecodeEnvelopedData()
2026-03-10 22:39:24 -05:00
Daniel Pouzzner
a5bc0cd929
Merge pull request #9887 from rlm2002/static_analysis
...
20260305 Coverity fixes
2026-03-10 22:34:57 -05:00
Josh Holtrop
d37b51c3ce
Avoid one-byte read outside of allocated encrypted content buffer in wc_PKCS7_DecodeEnvelopedData()
2026-03-10 17:26:28 -04:00
Juliusz Sosinowicz
14357576d8
wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
...
F-378
2026-03-06 17:42:37 +01:00
Ruby Martin
2e1a2b951b
remove unused tempBuf = NULL
2026-03-05 10:52:20 -07:00
Sameeh Jubran
441bcbb680
Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
...
RSA-PSS signed certificates contain a valid RSA public key that can be
used for key transport, but wc_PKCS7_AddRecipient_KTRI and the
EnvelopedData/AuthEnvelopedData encode paths rejected them because they
only checked for RSAk. Allow RSAPSSk to fall through to the RSAk key
transport path, and always use RSAk as the KeyEncryptionAlgorithmIdentifier
since the operation is RSA encryption, not RSA-PSS signing.
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-03-04 12:24:08 +02:00
jackctj117
e6d4c5561c
Move paramsStart declaration inside WC_RSA_PSS guard
2026-02-27 09:20:54 -07:00
jackctj117
1f9dd3c955
Fix unused variable warning in PKCS7 without WC_RSA_PSS
2026-02-26 14:04:49 -07:00
Sameeh Jubran
deb668ca4b
pkcs7: add RSA-PSS support for SignedData
...
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.
This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.
Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData
This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-02-25 11:02:47 +02:00
David Garske
1047aaa881
Merge pull request #9796 from JacobBarthelmeh/copyright
...
update Copyright year
2026-02-19 08:47:30 -08:00
Andrew Hutchings
17680a2359
Fix leak in PKCS7 RSA-OAEP
2026-02-19 11:42:21 +00:00
JacobBarthelmeh
a156ed7bc7
update Copyright year
2026-02-18 09:52:21 -07:00
jackctj117
cfcd384c4c
Address copilot feedback
2026-02-05 12:12:16 -07:00
jackctj117
6d6d0ab088
Add PKCS7 ECC raw sign callback support
2026-01-28 14:44:00 -07:00
Reda Chouk
9c7b586565
Increment signedAttribsCount with the right number of attributes it
...
encoded
2026-01-08 20:46:47 +01:00
Chris Conlon
afe82b9512
Fix PKCS#7 degenerate detection based on signerInfos length
2025-12-18 16:28:03 -07:00
Chris Conlon
d6dcd30736
Fix PKCS#7 streaming for non OCTET STRING content types
2025-12-18 16:28:01 -07:00
Sean Parkinson
76fec60754
Merge pull request #9448 from anhu/p7_unknownExt
...
unknown extension support in wc_PKCS7_EcdsaVerify
2025-11-25 09:21:47 +10:00
Anthony Hu
668602016c
Allow user to prevent wc_PKCS7_EcdsaVerify from erroring out due to extentions we do not know about
2025-11-19 14:36:04 -05:00
JacobBarthelmeh
c63ca04228
convert to type int for return value
2025-11-13 12:17:04 -07:00
JacobBarthelmeh
d06221c16e
with decode enveloped data track total encrypted content size
2025-11-13 12:08:46 -07:00
effbiae
f4b8f844b2
indent {.*;} macro args
2025-10-13 14:04:06 +11:00
effbiae
7a3db09ddd
automated small stack compress
2025-10-11 11:40:30 +11:00
JacobBarthelmeh
7128932eff
avoid attempt of key decode and free buffer if incorrect recipient found
2025-10-06 10:48:59 -06:00
JacobBarthelmeh
fca3028395
advance index past recipent set in non stream case too
2025-10-03 15:55:35 -06:00
JacobBarthelmeh
4e92920a7f
cast variable to word32 for compare
2025-10-03 13:51:15 -06:00
JacobBarthelmeh
12cfca4060
account for no AES build and add err trace macro
2025-10-03 13:51:15 -06:00
JacobBarthelmeh
328f505702
add pkcs7 test with multiple recipients
2025-10-03 13:51:15 -06:00
JacobBarthelmeh
7a5e97e30e
adjustment for recipient index advancement
2025-10-03 13:51:15 -06:00
JacobBarthelmeh
6987304f42
Fix to advance past multiple recipients
2025-10-03 13:51:15 -06:00
Josh Holtrop
df7e105fb7
Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset
2025-07-29 11:46:44 -04:00
Josh Holtrop
26a4ea93eb
Allow building with HAVE_PKCS7 set and HAVE_AES_KEYWRAP unset
2025-07-28 12:40:35 -04:00
David Garske
c347f75b3c
Merge pull request #9029 from holtrop/extract-kari-rid
...
Add wc_PKCS7_GetEnvelopedDataKariRid()
2025-07-25 09:04:11 -07:00
David Garske
2db1669713
Merge pull request #8988 from JacobBarthelmeh/visibility
...
remove WOLFSSL_API in source code when already used in header file
2025-07-24 11:00:55 -07:00
Josh Holtrop
cf843c8b82
Add wc_PKCS7_GetEnvelopedDataKariRid()
...
Allow access to recipient ID before attempting to decrypt content.
2025-07-24 11:15:30 -04:00
David Garske
6aabc73845
Merge pull request #9018 from holtrop/decode-skp
...
Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects
2025-07-23 16:01:58 -07:00
David Garske
44eba446ec
Merge pull request #9002 from holtrop/aes-key-wrap-callbacks
...
Add callback functions for custom AES key wrap/unwrap operations
2025-07-23 16:01:49 -07:00
Josh Holtrop
13fb6b83cd
Update style per code review comments
2025-07-22 16:38:13 -04:00
Josh Holtrop
27f0ef8789
Combine AES key wrap/unwrap callbacks
2025-07-22 16:34:37 -04:00
Josh Holtrop
7bcb346dd7
Remove early function returns per code review comments
2025-07-22 14:58:26 -04:00
Josh Holtrop
15c8730ef7
Use wc_ prefix for IndexSequenceOf()
2025-07-22 14:50:42 -04:00
Josh Holtrop
77bace5010
Update style per code review comments
2025-07-22 14:47:22 -04:00
Josh Holtrop
525f1cc39e
Update style per code review comments
2025-07-22 08:19:01 -04:00
Josh Holtrop
06d86af67c
Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects
2025-07-19 18:28:06 -04:00
Josh Holtrop
af3296a836
wc_PKCS7_KeyWrap(): mark pointers as to const and check for NULL
2025-07-14 17:28:23 -04:00
Daniel Pouzzner
2c341a5806
Merge pull request #8990 from JacobBarthelmeh/license
...
updating license from GPLv2 to GPLv3
(linuxkm tweak to `MODULE_LICENSE("GPL")` to follow.)
2025-07-14 16:14:39 -05:00
Josh Holtrop
429ccd5456
Add callback functions for custom AES key wrap/unwrap operations
2025-07-14 15:58:14 -04:00
JacobBarthelmeh
629c5b4cf6
updating license from GPLv2 to GPLv3
2025-07-10 16:11:36 -06:00