Commit Graph

28332 Commits

Author SHA1 Message Date
aidan garske 3295a6521c Fix Fenrir issues in wolfcrypt 2026-02-24 18:51:58 -08:00
JacobBarthelmeh 3f3bf7501c reduce arduino coverage to avoid tests failing from external changes 2026-02-24 16:35:10 -07:00
JacobBarthelmeh 47033c4b3e Merge pull request #9826 from Frauschi/declaration-after-statement
Wdeclaration-after-statement fixes
2026-02-24 16:14:00 -07:00
Kareem 9a0c18c8fa Work around error: enumerated and non-enumerated type in conditional expression 2026-02-24 15:19:31 -07:00
Daniel Pouzzner 314da6d6bc wolfssl/wolfcrypt/types.h: work around limitations of Watcom and Windows preprocessors, re WC_ARG_NOT_NULL and friends. 2026-02-24 15:41:11 -06:00
Daniel Pouzzner 39987a9d53 wolfcrypt/src/aes.c, wolfcrypt/src/cmac.c, wolfssl/wolfcrypt/aes.h, wolfssl/wolfcrypt/types.h: optimizations to mitigate performance regressions from 299e7bd097 (#9783):
* add prefetch_ptr flag argument to AesEncrypt_C() and AesDecrypt_C(), and call PreFetchTe() and PreFetchSBox() only if *prefetch_ptr is zero, whereupon it is set to 1;
* when C implementations are available, add prefetch_ptr arg to wc_AesEncrypt() and wc_AesDecrypt(), and pass it through;
* in functions that directly call the AES block encryption methods, opportunistically inhibit prefetch on all but the first call;
* move AES-specific code in wc_CmacUpdate() in cmac.c to wc_local_CmacUpdateAes() in aes.c to let it use conditional prefetching;
* add WC_ARG_NOT_NULL(), WC_ARGS_NOT_NULL(), and WC_ALL_ARGS_NOT_NULL attribute abstractions.
2026-02-24 13:59:12 -06:00
Josh Holtrop 7af0fa497a Rust wrapper: update dilithium module after review 2026-02-24 14:23:59 -05:00
Eric Blankenhorn 5536ecf026 Fix issue from review 2026-02-24 12:43:46 -06:00
Eric Blankenhorn 8f787909da Fix from review 2026-02-24 11:17:42 -06:00
Marco Oliverio d72fcb1d27 tls13: avoid to create a new suite in CertificateRequest
This way the ssl object honour the HasSigAlgo list set by
wolfSSL_set1_sigalgs_list.
2026-02-24 18:02:26 +01:00
Eric Blankenhorn 2ae3164c6f Fix cert chain size issue 2026-02-24 09:27:42 -06:00
Tobias Frauenschläger 96fc896265 Wdeclaration-after-statement fixes 2026-02-24 16:20:10 +01:00
Daniel Pouzzner 66566955db wolfssl/wolfcrypt/wc_port.h, wolfssl/wolfcrypt/sha256.h, wolfssl/wolfcrypt/sha512.h, wolfssl/wolfcrypt/sp.h, wolfssl/wolfcrypt/wc_mlkem.h: add WC_NO_INLINE. 2026-02-23 23:03:08 -06:00
Sean Parkinson 8a75e7d1c7 ML-KEM decapsulate: check for H
Decapsulation needs H, hash of public key, and it is not present if you
have a new key made from a seed.
Code changed to check for and create H in decapsulate.
2026-02-24 10:11:05 +10:00
Kareem 0463e37716 Pad session ID with 0s if session ticket length is less than ID_LEN.
Prevents underflow in SetTicket.
Thanks to Arjuna Arya for discovering and reporting this.
2026-02-23 16:46:01 -07:00
Kaleb Himes a08efc9b0a Merge pull request #9821 from douzzer/20260223-fix2-configure-kernel-mode-defaults
20260223-fix2-configure-kernel-mode-defaults
2026-02-23 16:33:03 -07:00
Daniel Pouzzner 1270733838 configure.ac: fix typo, $enabled_rng for $enable_rng, in KERNEL_MODE_DEFAULTS setup added in a21dad9555. 2026-02-23 16:05:24 -06:00
Kaleb Himes 9b10357e78 Merge pull request #9820 from douzzer/20260223-fix-configure-kernel-mode-defaults
20260223-fix-configure-kernel-mode-defaults
2026-02-23 14:46:45 -07:00
JacobBarthelmeh 505d170631 Merge pull request #9812 from rlm2002/coverity
02202026 Coverity changes
2026-02-23 14:42:48 -07:00
David Garske c3bc68806c Merge pull request #9811 from julek-wolfssl/ntp-4.2.8p18
Add changes for ntp 4.2.8p18
2026-02-23 10:46:11 -08:00
Daniel Pouzzner a21dad9555 configure.ac: fixes for 47dd864f32 (#9815) -- in KERNEL_MODE_DEFAULTS setup, add additional conditions for automatic activation of AES modes and CMAC, ECC options, and SHAKE, to avoid configuration conflicts in barebones configurations. 2026-02-23 12:31:37 -06:00
Andrew Hutchings 599eec673e Fix ImportKeyState wordAdj always-zero bug in DTLS session import
In ImportKeyState(), wordAdj was always zero because it was computed
after clamping wordCount, and the subtraction direction was reversed.
This caused misaligned parsing of all subsequent fields when importing
state from a peer compiled with a larger WOLFSSL_DTLS_WINDOW_WORDS.

Fix both window and prevWindow blocks to compute the adjustment before
clamping, with the correct subtraction direction.

Add test that imports a state buffer with wordCount > WOLFSSL_DTLS_WINDOW_WORDS
to verify the fix.
2026-02-23 16:52:52 +00:00
Andrew Hutchings 10325b4587 Fix integer underflow in ECH innerClientHelloLen parsing
Add bounds check before subtracting WC_AES_BLOCK_SIZE from the
attacker-controlled innerClientHelloLen field in TLSX_ECH_Parse().
Values 0-15 caused a word16 underflow to ~65K, leading to a heap
buffer overflow write via XMEMSET and heap buffer over-read via
wc_AesGcmDecrypt. Return BAD_FUNC_ARG if the field is too small.
2026-02-23 16:52:52 +00:00
Andrew Hutchings af329b38a8 Fix heap buffer over-read in wolfSSL_select_next_proto
Add missing bounds validation in wolfSSL_select_next_proto. Three
issues fixed:

1. Outer loop: no check that length byte + position stays within inLen,
   allowing XMEMCMP to read past the server protocol list buffer.

2. Inner loop: same missing check for clientNames/clientLen boundary.

3. No-overlap fallback unconditionally dereferences clientNames[0] even
   when clientLen is 0, and returns an outLen that may exceed the buffer.

Also reject zero-length protocol entries (invalid per RFC 7301) to
prevent infinite loops.

Add unit test test_wolfSSL_select_next_proto with 8 cases covering NULL
params, normal match, no overlap, malformed length overruns, zero-length
entries, and empty client lists.
2026-02-23 16:52:52 +00:00
Andrew Hutchings 558ae34f68 Fix CRL_STATIC_REVOKED_LIST binary search bugs in FindRevokedSerial
The CRL_STATIC_REVOKED_LIST code path stored revoked certificates in a
fixed array but never sorted it after parsing, causing binary search to
silently miss revoked serials when entries arrived in non-sorted wire
order. Additionally, comparisons used rc[0].serialSz instead of
rc[mid].serialSz, omitted the length-equality check before XMEMCMP,
and ignored the serialHash lookup path entirely (causing a NULL
dereference when hash-based lookup was used).

Fixes:
- Sort the revoked cert array in InitCRL_Entry after populating it
- Use rc[mid].serialSz instead of rc->serialSz in binary search
- Add serialSz equality check before XMEMCMP, matching linked-list path
- Implement serialHash-based linear scan for hash lookup callers

Add unit test that loads a CRL with serials in unsorted wire order and
verifies that a revoked certificate is correctly detected.
2026-02-23 16:52:52 +00:00
Josh Holtrop 504617bbe9 Rust wrapper: add dilithium module 2026-02-23 10:54:21 -05:00
Kaleb Himes 9ed2f4bad1 Merge pull request #9815 from douzzer/20260221-configure-kernel-mode-defaults
20260221-configure-kernel-mode-defaults
2026-02-22 11:19:07 -07:00
Daniel Pouzzner 47dd864f32 configure.ac:
* add a kernel-appropriate subset of enable-all-crypto to enable whenever KERNEL_MODE_DEFAULTS (almost all of these overlap with FIPS v5/v6 settings);
* move ocspstapling features from enable-all-crypto to enable-all.
2026-02-21 15:09:30 -06:00
David Garske f9572880bf Merge pull request #9813 from embhorn/tlsanvil-fixes
Extend timeout for tls13-client
2026-02-21 12:13:27 -08:00
Kaleb Himes f60beb6c7c Merge pull request #9814 from douzzer/20260221-configure-all-crypto-fpecc
20260221-configure-all-crypto-fpecc
2026-02-21 11:16:19 -07:00
Daniel Pouzzner ff7bc11774 configure.ac: restore fpecc to enable-all-crypto, accidentally removed in f376ae210e. 2026-02-21 10:48:14 -06:00
philljj 1a0549fe5a Merge pull request #9800 from douzzer/20260204-linuxkm-fips-hash
20260204-linuxkm-fips-hash
2026-02-20 18:39:25 -06:00
Ruby Martin d85387b84c set s = NULL to prevent use object after free error 2026-02-20 15:44:47 -07:00
Ruby Martin c17217ce31 add null check in test_wolfSSL_X509_CRL_sign_large()
init revoked
2026-02-20 15:44:45 -07:00
Eric Blankenhorn 4f8fc76d9d Extend timeout for tls13-client 2026-02-20 16:35:52 -06:00
Juliusz Sosinowicz aff0d42686 Add bind 9.20.11 to the test matrix
Depends on https://github.com/wolfSSL/osp/pull/316
2026-02-20 23:18:36 +01:00
Daniel Pouzzner 9ca32e23d4 linuxkm/linuxkm-fips-hash.c: cosmetic bikeshedding (AI-prompted);
linuxkm/linuxkm_memory.c and linuxkm/linuxkm_memory.h: set up and use WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ.
2026-02-20 15:45:27 -06:00
Daniel Pouzzner 10ba02fe40 linuxkm/lkcapi_sha_glue.c: add -wolfentropy and/or -rdseed to WOLFKM_STDRNG_DRIVER to advertise the seed source. 2026-02-20 15:44:54 -06:00
Ruby Martin 00c773e1b5 remove dead code in MakeSignature() 2026-02-20 14:38:12 -07:00
David Garske 9641ab4b68 Merge pull request #9805 from julek-wolfssl/openldap-2.6.9-testing
Add openldap 2.6.9 testing
2026-02-20 11:16:44 -08:00
David Garske 1e544b303f Merge pull request #9810 from julek-wolfssl/rng-tools-6.17
Add rng-tools 6.17 testing
2026-02-20 11:16:18 -08:00
David Garske 670aa59dee Merge pull request #9809 from holtrop-wolfssl/cmake-null-cipher
Add CMake support for NULL_CIPHER
2026-02-20 10:59:17 -08:00
David Garske e34e679766 Merge pull request #9804 from embhorn/tls-anvil-workflow
TLS Anvil workflow
2026-02-20 10:59:05 -08:00
David Garske 940ac7093f Merge pull request #9808 from holtrop-wolfssl/rust-no-std
Rust wrapper: fix no_std support
2026-02-20 10:55:01 -08:00
Juliusz Sosinowicz a9f23ad140 Add changes for ntp 4.2.8p18
Depends on https://github.com/wolfSSL/osp/pull/319
2026-02-20 19:06:55 +01:00
Daniel Pouzzner f84377ed69 linuxkm/linuxkm-fips-hash-wrapper.sh: make sure awk is gawk. 2026-02-20 11:35:47 -06:00
Daniel Pouzzner 70aa3dc5b1 20260204-linuxkm-fips-hash: more fixes+improvements from peer and AI review:
linuxkm/linuxkm_memory.c:
* fix straddle check in wc_reloc_normalize_text();
* fix seg_map bounds checks in wc_fips_generate_hash();

linuxkm/linuxkm_memory.h: fix initializer for wc_reloc_table_segments.bss_end;

wolfssl/wolfcrypt/settings.h: add WC_BITS_TO_BYTES() and WC_BITS_FULL_BYTES() and deploy opportunistically to wolfssl/internal.h, wolfssl/wolfcrypt/{asn.h,dh.h,rsa.h,types.h}, wolfcrypt/src/sakke.c, and wolfcrypt/test/test.c.
2026-02-20 11:09:37 -06:00
Daniel Pouzzner 9443f59db1 linuxkm/linuxkm-fips-hash.c: fix overlong lines;
.wolfssl_known_macro_extras: fix lexical order.
2026-02-20 11:09:37 -06:00
Daniel Pouzzner db7a04a626 improvements spurred by peer review for 20260204-linuxkm-fips-hash:
configure.ac: add --enable-kernel-verbose-debug and --enable-kernel-stack-debug;

linuxkm/Makefile:
* add QFLAG and VFLAG setup, and pass their values appropriately;
* add missing `@set -e` and `-Wall -Wextra` to the linuxkm-fips-hash recipe;
* use +$(MAKE), not @$(MAKE), for proper dry run recursion.

linuxkm/README.md: update to reflect new goodies, and generally revise+extend remarks.

linuxkm/linuxkm-fips-hash-wrapper.sh: add copyright header; pass through extra caller arguments to ./linuxkm-fips-hash.

linuxkm/linuxkm-fips-hash.c:
* add copyright header;
* fix code around user_coreKey;
* add explicit wolfCrypt_Cleanup() and cleanup of mod_fd and mod_map at end;
* remove unused reloc_tab_len
* fix a couple -Wsign-compares;
* add missing fprintf arguments
* properly set ret = -1 in a couple failure paths.

linuxkm/linuxkm_wc_port.h: set WOLFSSL_LINUXKM_VERBOSE_DEBUG when WOLFSSL_KERNEL_VERBOSE_DEBUG, and recognize WOLFSSL_KERNEL_STACK_DEBUG as a synonym for WC_LINUXKM_STACK_DEBUG.

linuxkm/linuxkm_memory.c and linuxkm/linuxkm_memory.h: add brief explanatory comments.
2026-02-20 11:09:37 -06:00
Daniel Pouzzner f376ae210e Implement Linux kernel module offline integrity hash calculation:
Add:

* linuxkm/linuxkm-fips-hash.c
* linuxkm/linuxkm-fips-hash-wrapper.sh
* linuxkm/linuxkm_memory.h

Move from linuxkm/module_hooks.c to linuxkm/linuxkm_memory.c:
* reloc_layouts[]
* find_reloc_tab_offset()
* the body of wc_linuxkm_normalize_relocations() as wc_reloc_normalize_text()
* most of updateFipsHash() as wc_fips_generate_hash()

Move from linuxkm/linuxkm_wc_port.h to linuxkm/linuxkm_memory.h:
* struct wc_linuxkm_pie_reloc_tab_ent
* enum wc_reloc_dest_segment
* enum wc_reloc_type

linuxkm/Makefile:
* Update GENERATE_RELOC_TAB recipe to populate new fields in struct wc_reloc_table_ent.
* Add targets:
  * libwolfssl-user-build/src/.libs/libwolfssl.so
  * linuxkm-fips-hash
  * module-with-matching-fips-hash
  * module-with-matching-fips-hash-no-sign
* Add support for alternate target module name, via LIBWOLFSSL_NAME make variable.

linuxkm/linuxkm_wc_port.h and linuxkm/module_hooks.c:
* Fixes to make linuxkm-pie work with CONFIG_KASAN.
* Implement WC_LINUXKM_STACK_DEBUG:
  * wc_linuxkm_stack_bottom()
  * wc_linuxkm_stack_top()
  * wc_linuxkm_stack_current()
  * wc_linuxkm_stack_left()
  * wc_linuxkm_stack_hwm_prepare()
  * wc_linuxkm_stack_hwm_measure_rel()
  * wc_linuxkm_stack_hwm_measure_total()

wolfssl/wolfcrypt/settings.h:
* When WOLFSSL_KERNEL_MODE, make sure WOLFSSL_GENERAL_ALIGNMENT is at least SIZEOF_LONG.
* When WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE, make sure WOLFSSL_BASE16 is defined.

configure.ac and wolfcrypt/benchmark/benchmark.c: Disable scrypt when KERNEL_MODE_DEFAULTS, due to excessive memory requirements.
2026-02-20 11:09:37 -06:00