Commit Graph

10747 Commits

Author SHA1 Message Date
Eric Blankenhorn 203cce48ef f287 harden wc_DhImportKeyPair 2026-03-05 15:44:12 -06:00
Eric Blankenhorn 296493acf0 f283 harden GeneratePrivateDh186 2026-03-05 15:43:10 -06:00
Daniel Pouzzner b2454d183d Merge pull request #9880 from Frauschi/f-190
fix typo in PKCS#11 V3 init
2026-03-05 15:39:41 -06:00
Eric Blankenhorn c0a4b94cb7 Fix from review 2026-03-05 15:39:20 -06:00
Daniel Pouzzner 663187150e Merge pull request #9878 from embhorn/f377
Fix checkPad to test for zero padding
2026-03-05 15:38:54 -06:00
Daniel Pouzzner 1b25c46d35 Merge pull request #9877 from embhorn/f276
Add null check in wolfSSL_EVP_PKEY_encrypt_init / _decrypt_init
2026-03-05 15:37:26 -06:00
Daniel Pouzzner 13c02b92b2 Merge pull request #9839 from padelsbach/crl-enhancements-ossl
CRL enhancements for revoked entries
2026-03-05 15:35:53 -06:00
jordan 1d3a0ca53a hpke: add missing ForceZero for eae_prk, key_schedule_context, secret. 2026-03-05 15:30:39 -06:00
Eric Blankenhorn b03a732d92 Fix f285 harden wc_RsaPrivateKeyDecodeRaw 2026-03-05 15:27:05 -06:00
Eric Blankenhorn 9062b98319 Fix f284 harden wc_FreeRsaKey 2026-03-05 15:25:29 -06:00
Daniel Pouzzner 58f48a96bf Merge pull request #9836 from Frauschi/pkcs11_dilithium
Add support for ML-DSA in PKCS#11
2026-03-05 15:22:10 -06:00
Eric Blankenhorn d638824b63 Fix F382 to harden wc_FreeDsaKey 2026-03-05 15:16:55 -06:00
Daniel Pouzzner c65e3e50fd Merge pull request #9825 from embhorn/zd21240
Fix issue in TLS_hmac size calculation
2026-03-05 15:16:47 -06:00
Eric Blankenhorn f093268bb9 Fix F381 to harden wc_MakeDsaKey 2026-03-05 15:15:41 -06:00
Eric Blankenhorn 967aaa2c56 Fix F380 to harden wc_MakeDsaKey 2026-03-05 15:14:47 -06:00
Eric Blankenhorn fdec6d0a06 Harden wc_ecc_shared_secret_gen_sync 2026-03-05 15:09:06 -06:00
Daniel Pouzzner 178f96c483 Merge pull request #9854 from sameehj/rsa-pss-fix
Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
2026-03-05 15:03:46 -06:00
Daniel Pouzzner 5fa18d9817 Merge pull request #9784 from dgarske/async_cryptocb
Fixes and tests for async and crypto callbacks
2026-03-05 14:59:27 -06:00
Daniel Pouzzner 91ea97ecdf Merge pull request #9712 from night1rider/max-32666-code-improvements
Fix Crash when using Sha224 Callback with MAX32666
2026-03-05 14:58:02 -06:00
Daniel Pouzzner b2913d27dd Merge pull request #9842 from rlm2002/coverity
20260227 Coverity changes
2026-03-05 14:53:14 -06:00
jordan dd2c5a7d2e hmac: add missing ForceZero for tmp, prk. 2026-03-05 14:24:20 -06:00
jordan 3e39a5c11e pwdbased: add missing ForceZero for blocks, v, y. 2026-03-05 13:09:26 -06:00
jordan fb8b3e779c wc_encrypt: add missing ForceZero for Des, Arc4, Rc2. 2026-03-05 12:22:00 -06:00
Ruby Martin 2e1a2b951b remove unused tempBuf = NULL 2026-03-05 10:52:20 -07:00
Ruby Martin adc7b81d9d check if ripemd->buffLen >= RIPEMD_BLOCK_SZ is true to prevent out of bounds write 2026-03-05 10:52:20 -07:00
JacobBarthelmeh 54816e8b18 Fix to free RNG with SRP function in failure case 2026-03-05 09:30:16 -07:00
Tobias Frauenschläger 4c5df4f2d9 fix typo in PKCS#11 V3 init 2026-03-05 16:41:05 +01:00
Eric Blankenhorn 0c2de309db Fix wc_ecc_sign_hash_ex with Intel QA 2026-03-05 09:35:23 -06:00
Eric Blankenhorn 7f487b9869 Fix checkPad to test for zero padding 2026-03-05 08:32:18 -06:00
Eric Blankenhorn 6dc4ba8a24 Fix from review 2026-03-05 08:23:02 -06:00
Eric Blankenhorn fe12395e61 Add null check in wolfSSL_EVP_PKEY_encrypt_init / _decrypt_init 2026-03-05 08:13:26 -06:00
Sean Parkinson 34916c80c8 ASN: improve handling of ASN.1 parsing/encoding
ToTraditionalInline_ex2 original ASN code:
  - Now return 0 when no OCTECT_STRING data found.
  - Change callers to accept 0 as a valid returnb value.

SizeASN_Items:
  - Change encoded size to word32 as won't be negative.
- Change callers to supply a pointer to a word32 instead of integer.
Fix casting due to change of parameter type.

ASN_LEN_ENC_LEN: Function to calculate the length of the encoded ASN.1
length.

GetLength_ex:
  - Change minLen to word32
- Change length to word32 and change negative check appropriately for
different type.

GetASNHeader_ex:
  - If not checking lengths in GetLength_ex, check it here.
DecodeObjectId:
  - Ensure no overflow in calculation.

_RsaPrivateKeyDecode (original)
  - Clear RSA integers on failure (will be done in free anyway).

wc_CreatePKCS8Key (original):
  - safe check of overflow.

DecryptContent (templare):
- Parse will fail if OID not recognized, and recognized OIDs are 9/10
bytes long - but check idx is 9/10 anyway so we know we can read 2 end
bytes of data.

wc_RsaPublicKeyDecode_ex (original):
- Fix calculation of seqEndIdx and use it to bound modulus and
exponent.

DecodePolicyOID
  - enusre inSz is not too long.
  - Ensure no overflow in calculation.

SetOidValue (orginal):
  - Safe check of inSz and oidSz.

SetAltNames (original):
  - Improve length checks

FlattenAltNames:
  - Check for overflow.
  - Better length check.

ParseCRL_CertList (original):
  - overflow check
2026-03-05 13:11:30 +10:00
Paul Adelsbach 22d7550f8e CRL enhancements for revoked entries 2026-03-04 14:53:28 -08:00
Daniel Pouzzner 1297a85b03 wolfcrypt/test/test.c:
* skip pkcs12_test() if NO_SHA;
* sha3_224_test(): fix error-path leak and possible uninited-read of shaCopy.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner f67c29ae51 linuxkm/Kbuild:
* for aarch64/arm64, only add -mno-outline-atomics if the compiler supports it.
* in ENABLED_LINUXKM_PIE setup, avoid -fPIE on arm32 <5.11 (missing reloc support).

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: gate interception of alt_cb_patch_nops() on kernel >= 6.1.

linuxkm/linuxkm_wc_port.h: define WC_LINUXKM_SUPPORT_DUMP_TO_FILE implicitly when WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT.

linuxkm/module_hooks.c: fixes for text_dump_path and rodata_dump_path handler code.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner 4a51ed4c26 wolfcrypt/test/test.c: add FIPS gates around "Copy cleanup test" exercises added by 4713ad5675 (#9829). 2026-03-04 13:14:07 -06:00
night1rider daf3b067d4 Add common SHA copy/free helpers with leak-safe msg buffer handling and copy/free crypto callbacks to replicate the non-callback code behavior when using MAX3266X_SHA_CB. 2026-03-04 10:27:22 -07:00
night1rider c3b329eb2e Refactor to use HASH_KEEP option instead of dedicated context for SHA, also add HASH_KEEP to sha1 context with correct init/free calls 2026-03-04 10:27:22 -07:00
Zackery Backman 2f2fca6a91 Remove stdio inclusion and then revert removal of null check for MXC free 2026-03-04 10:27:22 -07:00
night1rider 224ac9e2ff Add setting callback and MXC init when using arm asm with callbacks 2026-03-04 10:27:22 -07:00
Zackery Backman 4ef0492f23 Improve logic behind copy and free for sha, add copy and free callback functions, fix sha224 crashing when using callbacks for MAX32666 due to unitialized struct. 2026-03-04 10:27:22 -07:00
Anthony Hu 069be208ee Macro guard parameter null check. 2026-03-04 07:56:11 -05:00
Sameeh Jubran 441bcbb680 Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
RSA-PSS signed certificates contain a valid RSA public key that can be
used for key transport, but wc_PKCS7_AddRecipient_KTRI and the
EnvelopedData/AuthEnvelopedData encode paths rejected them because they
only checked for RSAk. Allow RSAPSSk to fall through to the RSAk key
transport path, and always use RSAk as the KeyEncryptionAlgorithmIdentifier
since the operation is RSA encryption, not RSA-PSS signing.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-03-04 12:24:08 +02:00
Sean Parkinson 71226b68b6 RISC-V 32 no mul SP C: implement multiplication
No multiplication instructions when M extension not included.
Standard implementation of __muldi3 is not constant time.
Include a constant time implementation when SP_NO_MUL_INSTRUCTION is
defined
Define it when compiling for RISC-V 32 and no multiplication extension.

Also fix get_entry in SP C implementation to do constant time
comparison.
2026-03-04 19:23:20 +10:00
Ruby Martin 682901e32e return MP_VAL if n < 0. remove check for max int value
remove comment
2026-03-03 09:50:16 -07:00
Ruby Martin 0ef8541b73 validate hashAlgSz is within bounds before calling XMEMCPY 2026-03-02 15:05:01 -07:00
Eric Blankenhorn 42e51701e1 Fix DRBG_internal alloc in wc_RNG_HealthTestLocal 2026-03-02 11:19:38 -06:00
Sean Parkinson 215fe1341c Merge pull request #9829 from night1rider/tmpSha-fixes
Fix potential memory leak when copying into existing SHA contexts and zero init tmpSha
2026-03-02 21:18:55 +10:00
Tobias Frauenschläger ad22f9a37c Support for ML-DSA in PKCS#11
Offload ML-DSA operations onto a PKCS#11 token via the cryptoCb
interface:
* Key generation
* Signature generation
* Signature verification
* Key import

Both the pure and pre-hash versions are supported. Not yet supported are
the pre-hash versions that also offload the hashing onto the token.

This also fixes casting errors introduced in #9780 due to usage of
uintptr_t, which is unavailable without including stdint.h on some
platforms. Use the wolfssl own wc_ptr_t instead.
2026-03-02 11:45:11 +01:00
Daniel Pouzzner 76bc6e337b wolfcrypt/src/hpke.c, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: implement RFC 9180 overflow checks on context->seq in wc_HpkeContextSealBase() and wc_HpkeContextOpenBase(), and add SEQ_OVERFLOW_E to wolfCrypt_ErrorCodes (Fenrir M-70). 2026-02-27 23:40:37 -06:00