Commit Graph

28332 Commits

Author SHA1 Message Date
Anthony Hu 0b5e9c76ed Correct the API docs for wolfSSL_write_early_data() 2025-12-23 10:08:02 -05:00
Daniel Pouzzner b087533fdf linuxkm/lkcapi_sha_glue.c:
* add drbg_init_from() and fork_default_rng(), and
* use the latter to define LKCAPI_INITRNG_FOR_SELFTEST() opportunistically (with fallback to plain wc_InitRng());

linuxkm/lkcapi_rsa_glue.c:
* add km_rsa_ctx_init_rng(),
* remove wc_InitRng() from km_rsa_ctx_init(),
* remove the WC_RSA_BLINDING gates around calls to wc_RsaSetRNG(), and
* call km_rsa_ctx_init_rng() before each call that needs an initialized RNG;

linuxkm/lkcapi_dh_glue.c and linuxkm/lkcapi_ecdh_glue.c: in km_ffdhe_init() and km_ecdh_init(), if linuxkm_lkcapi_registering_now, use LKCAPI_INITRNG_FOR_SELFTEST() to initialize ctx->rng;

linuxkm/lkcapi_glue.c: add notes that lkcapi_sha_glue inclusion and registrations must precede PK, and move declaration of linuxkm_lkcapi_registering_now to precede lkcapi glue inclusions.
2025-12-22 22:58:29 -06:00
Daniel Pouzzner 5030484bcf wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h:
* add WC_DRBG_{NOT_INIT,OK,FAILED,CONT_FAILED} in public header file, and
* move setup for RNG_SECURITY_STRENGTH, ENTROPY_SCALE_FACTOR, SEED_BLOCK_SZ, SEED_SZ, MAX_SEED_SZ, and RNG_HEALTH_TEST_CHECK_SIZE from random.c to random.h, with public WC_DRBG_SEED_SZ and WC_DRBG_MAX_SEED_SZ.
2025-12-22 22:58:29 -06:00
Daniel Pouzzner b2ef89b2db wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h: make RsaKey.rng and wc_RsaSetRNG() available unconditionally, rather than only if WC_RSA_BLINDING, for use by wc_CheckRsaKey(). 2025-12-22 22:58:29 -06:00
Sean Parkinson 21c86682e0 MLDSA/Dilithium: fix 16-bit int issues
Need to cast byte or number to ensure it is large enough to shift left
by required value.
2025-12-23 09:51:38 +10:00
Sean Parkinson b766f11e7b TLS 1.3, plaintext alert: ignore when expecting encrypted
In TLS 1.3, ignore valid unencrypted alerts that appear after encryption
has started.
Only ignore WOLFSSL_ALERT_COUNT_MAX-1 alerts.
2025-12-23 09:09:06 +10:00
Sean Parkinson 59f84355a5 Merge pull request #9573 from night1rider/aes-free-callbacks
Aes Free callback support
2025-12-23 08:47:05 +10:00
Sean Parkinson c8f2cc5b43 Merge pull request #9566 from dgarske/ca_skid_cert_akid
Added build option to allow certificate CA matching using AKID with signers SKDI
2025-12-23 08:40:14 +10:00
Anthony Hu cb2a80bf53 Guard a bit of DTLS code. 2025-12-22 17:05:47 -05:00
night1rider afbc65a6c3 Aes Free callback support 2025-12-22 12:39:41 -07:00
Kareem 8de470b436 Add new WOLFSSL_RNG_USE_FULL_SEED macro to known macros. 2025-12-22 11:49:27 -07:00
Kareem fe45b74921 Add trailing newline back to ssl.h. 2025-12-22 11:45:25 -07:00
Mattia Moffa ca78994298 Add missing length check in sniffer for AES-GCM/AES-CCM/ARIA-GCM 2025-12-22 16:13:27 +01:00
Marco Oliverio 29d8fa7cb6 tls13: fix indentation alignment 2025-12-22 13:45:34 +01:00
Marco Oliverio 540fae80ab test_dtls: test payload split when WOLFSSL_NO_DTLS_SIZE_CHECK 2025-12-22 13:41:33 +01:00
Marco Oliverio 8cbc4047df internal: rename to use wolfssl internal prefix 2025-12-22 13:41:33 +01:00
Marco Oliverio aa4fb5d3e5 internal: GetMaxPlainTextSize: precise pad size when adjusting for MTU 2025-12-22 13:41:33 +01:00
Marco Oliverio 1200efdeb3 internal: GetRecordSize: precise header computation on fallback path 2025-12-22 13:41:33 +01:00
Marco Oliverio 75e7d5e9bd fix: split message > MTU on WOLFSSL_NO_DTLS_SIZE_CHECK 2025-12-22 12:49:31 +01:00
Sean Parkinson da06e1aeea Merge pull request #9558 from kareem-wolfssl/zd20944_2
Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application.
2025-12-22 19:38:42 +10:00
Sean Parkinson 7a326ef43f Merge pull request #9553 from julek-wolfssl/ed25519-export-key-check
ed25519: validate presence of keys in export functions
2025-12-22 19:31:14 +10:00
Marco Oliverio 14b124769a use wolfssl internal prefix for MaybeCheckAlertOnErr 2025-12-22 10:04:50 +01:00
Marco Oliverio 12c2cdafaf rename wolfSSL_MaybeCheckAlertOnErr in wolfMaybeCheckAlertOnErr 2025-12-22 09:51:06 +01:00
Marco Oliverio f4c48c19c1 fix: abide unused arguments when WOLFSSL_CHECK_ALER_ON_ERR is disabled 2025-12-22 09:51:06 +01:00
Marco Oliverio 38d8eb6f0d address reviewer's comments 2025-12-22 09:51:06 +01:00
Marco Oliverio 950c074c25 test: fix typo in structure field 2025-12-22 09:51:06 +01:00
Marco Oliverio 8de68decd2 test: tls13_early_data: test WANT_WRITE in early data 2025-12-22 09:51:06 +01:00
Marco Oliverio 609e30a69c test: tls13_early_data: refactor splitEarlyData test option 2025-12-22 09:51:06 +01:00
Marco Oliverio 57282140a9 WOLFSSL_CHECK_ALERT_ON_ERR: ignore non fatal errors 2025-12-22 09:51:06 +01:00
Marco Oliverio 093d77727b early_data: avoid resetting ssl->earlyData after WANT_WRITE retry 2025-12-22 09:51:06 +01:00
Marco Oliverio a1c8790039 wolfssl: preserve early-data handling across WANT_WRITE retries
The early-data logic setups "early" exits in Accept/Connect state machine so
that the data exchanged during the handshake can be delivered to the
caller.

After the caller process the data, it usually calls Accept/Connect again
to cotinue the handshake.

Under non-blocking I/O there is the chance that these early exits are
skipped, this commit fixes that.

Server-side accept (TLS 1.3/DTLS 1.3) could skip the early-data shortcut
whenever sending the Finished flight first hit WANT_WRITE: when Accept
is called again and the data is eventually flushed into the I/O layer
the accept state is advanced past TLS13_ACCEPT_FINISHED_SENT, so the
next wolfSSL_accept() call skipped the block that marks
SERVER_FINISHED_COMPLETE and lets the application drain 0-RTT data. By
keeping the FALL_THROUGH into TLS13_ACCEPT_FINISHED_SENT and only
returning early while that handshake flag is still unset, we revisit the
shortcut immediately after the buffered flight is delivered, preserving
the intentional behaviour even under non-blocking I/O.

On the client, the same pattern showed up after SendTls13ClientHello()
buffered due to WANT_WRITE: after flushing, the connect state is already
CLIENT_HELLO_SENT so the early-data exit is no longer executed. We now
fall through into the CLIENT_HELLO_SENT case and only short-circuit once
per handshake, ensuring the reply-processing loop still executes on the
retry.
2025-12-22 09:51:05 +01:00
Hideki Miyazaki fc583d068f add SK-S7G2 support
Update README based on copilot suggestion
2025-12-20 10:32:09 +09:00
Kareem adf38007f4 Document wolfSSL_CTX_New's behavior on failure around WOLFSSL_METHOD.
Fixes #9517.
2025-12-19 17:19:45 -07:00
Kareem ac98505204 Document wolfSSL_CTX_set_default_passwd_cb and wolfSSL_CTX_set_default_passwd_cb_userdata.
Fixes #6008.
2025-12-19 17:18:45 -07:00
Kareem 7c4feb5e87 Improve the error message returned by BAD_KEY_SHARE_DATA.
Fixes #9084.
2025-12-19 17:17:33 -07:00
Kareem 5b473f6b9b Add SSL_get_rfd and SSL_get_wfd.
Fixes https://github.com/wolfSSL/wolfssl-nginx/issues/25.
2025-12-19 17:16:35 -07:00
Kareem b6766106c8 Add documentation for Base16_Encode and Base64_Encode's behavior of adding a NULL terminator byte.
Fixes #5602
2025-12-19 17:15:44 -07:00
Kareem a1999d29ed Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
wolfSSL's support for WOLFSSL_SYS_CA_CERTS uses APIs which don't depend on !NO_FILESYSTEM
on Windows/Mac.

Fixes #8152.
2025-12-19 16:37:50 -07:00
JacobBarthelmeh 0a0c43054f Merge pull request #9564 from douzzer/20251219-fixes
20251219-fixes
2025-12-19 16:24:20 -07:00
Kareem 3e59b83727 Only keep /dev/urandom open, close /dev/random after each use.
Improve logic for opening RNG seed FD.
2025-12-19 15:57:49 -07:00
Kareem fe105d4b48 Add a flag which allows requesting exactly SEED_SZ and using the full seed to instantiate the DRBG during RNG init.
This flag can not be used with FIPS.
2025-12-19 15:25:15 -07:00
David Garske 1cb2231ff5 Added build option to allow certificate CA matching using AKID with signers SKID ( WOLFSSL_ALLOW_AKID_SKID_MATCH). Fixed issue with cert->extAuthKeyIdSz not being set with ASN template code. 2025-12-19 14:14:39 -08:00
Daniel Pouzzner a7550346dd wolfcrypt/test/test.c: in rng_seed_test(), fix gates for FIPS 5.2.4. 2025-12-19 15:50:27 -06:00
Daniel Pouzzner d3f74557fe wolfcrypt/src/wolfentropy.c: add volatile attribute to entropy_memuse_initialized declaration; in wc_Entropy_Get(), if HAVE_FIPS, call Entropy_Init() if necessary, to accommodate FIPS KATs; in Entropy_Init(), add thread safety. 2025-12-19 15:45:17 -06:00
JacobBarthelmeh d5723d0d89 Merge pull request #9544 from julek-wolfssl/gh/9362
Check KeyShare after HRR
2025-12-19 14:36:31 -07:00
David Garske 1825bd86f5 Merge pull request #9550 from JacobBarthelmeh/caam
sanity checks on buffer size with AES and CAAM Integrity use
2025-12-19 11:03:40 -08:00
JacobBarthelmeh d26c11c626 Merge pull request #9551 from josepho0918/iar
Add IAR support to WC_OFFSETOF macro
2025-12-19 11:36:33 -07:00
JacobBarthelmeh 8153ea6189 Merge pull request #9559 from cconlon/pkcs7SignedNonOctet
Fix PKCS#7 SignedData parsing for non-OCTET_STRING content types
2025-12-19 11:12:06 -07:00
Daniel Pouzzner 6f95a9c58e wolfcrypt/src/random.c: in _InitRng(), remove "drbg_instantiated" conditional cleanup logic (Coverity true-benign-positive: DEADCODE because drbg_instantiated is always false when ret != DRBG_SUCCESS). 2025-12-19 10:30:14 -06:00
Daniel Pouzzner fb26b2dfe1 wolfcrypt/test/test.c: in HMAC tests, initialize ret, to silence uninitvar from cppcheck-force-source. 2025-12-19 09:07:14 -06:00