Commit Graph

698 Commits

Author SHA1 Message Date
JacobBarthelmeh 9fa5db5606 Merge pull request #10509 from kareem-wolfssl/zd21863_5
Disallow matching URI type in CheckForAltNames.  NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.
2026-05-29 16:08:04 -06:00
JacobBarthelmeh 1f32365e45 Merge pull request #10547 from SparkiDev/api_c_split_4
api.c: move out tests into other files
2026-05-29 16:03:56 -06:00
JacobBarthelmeh beff858833 Merge pull request #10552 from julek-wolfssl/evp-x25519-x448
Add NID_X25519 and NID_X448 support to the EVP layer
2026-05-28 15:57:50 -06:00
JacobBarthelmeh fc12de010d Merge pull request #10513 from SparkiDev/tls13_aead_limit_fix
TLS 1.3: AEAD limit fixed
2026-05-28 09:30:43 -06:00
Juliusz Sosinowicz df8cc30cb8 Add NID_X25519 and NID_X448 support to the EVP layer 2026-05-28 14:40:36 +00:00
Sean Parkinson c674cec4ac api.c: move out tests into other files
Move out DTLS 1.3 specific tests into test_dtls13.c. (Also move out from
test_dtls.c)
Move out DTLS tests into test_dtls.c.
Move out LMS and XMSS tests into test_lms_xmss.c.
Move out SSL session tests into test_session.c.
Move out remaining ML-DSA/Dilithium tests in api.c into test_mldsa.c.
2026-05-28 19:34:09 +10:00
David Garske 2dd7947d27 Merge pull request #10483 from cconlon/pkcs8V1PublicKeyParse
ML-DSA: PKCS#8 parsing + EVP_PKCS82PKEY support
2026-05-27 17:41:30 -07:00
Kareem a28ea7ac1c NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.
Thanks to Zou Dikai for the report.
2026-05-27 16:54:14 -07:00
Kareem 872a03a056 Disallow matching URI type in CheckForAltNames.
Thanks to Haruki Oyama (Waseda University) for the report.
2026-05-27 16:54:14 -07:00
Sean Parkinson 713a220fc9 Merge pull request #10426 from JeremiahM37/fenrir-8
protocol correctness, OpenSSL-compat hardening, and sensitive-memory zeroization
2026-05-28 09:48:10 +10:00
Sean Parkinson 78a5740bac Merge pull request #10504 from miyazakh/f-2180_pbkdf
f-2180: fix clamp iterations <= 0 to 1 instead of returning an error
2026-05-28 09:32:01 +10:00
Sean Parkinson c92208076f Merge pull request #10374 from kareem-wolfssl/zd21699
Enable all-zero shared secret check for Curve448/25519 by default.  Ensure post_handshake_auth extension was sent before accepting post-handshake CertificateRequest message.
2026-05-28 09:29:49 +10:00
Sean Parkinson 70f8bd9831 Merge pull request #10492 from rizlik/legacy_session_id_bad_client
Add compatibility flag and tests for pre-5.9.0 DTLSv1.3 clients
2026-05-28 08:57:48 +10:00
Daniel Pouzzner f6d6ae687a tests/api/test_mldsa_legacy.c: fix bugprone-macro-parentheses in MLDSA_LEGACY_SIZE_ASSERT().
wolfssl/wolfcrypt/wc_mldsa.h: move WOLFSSL_MLDSA_NO_CTX setup to precede legacy dilithium.h header, so that the _NO_CTX remap macros are properly gated in.
2026-05-27 14:02:37 -05:00
David Garske 8199fda0a4 Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Marco Oliverio bc574f7930 dtls13: WOLFSSL_DTLS13_5_9_0_COMPAT -> WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID 2026-05-26 09:16:56 +02:00
Marco Oliverio e6fa789e68 test_dtls: remove non-ASCII chars 2026-05-26 09:15:58 +02:00
Marco Oliverio 7592b481e7 test: dtls: add WOLFSSL_DTLS13_5_9_0_COMPAT related tests 2026-05-26 09:15:58 +02:00
Chris Conlon 497de930fd evp: support ML-DSA in wolfSSL_EVP_PKCS82PKEY() and wolfSSL_X509_check_private_key() 2026-05-22 14:56:14 -06:00
Chris Conlon a9e15634db asn: parse RFC 5958 PKCS#8 (OneAsymmetricKey) publicKey trailer in ToTraditional_ex() 2026-05-22 14:55:38 -06:00
Roy Carter dc86dc34a8 Fix: change test string to the new format 2026-05-22 19:01:05 +03:00
Roy Carter 8f15bf6d10 fix : bad merge conflics leftovers. 2026-05-22 19:01:05 +03:00
Roy Carter f15c896551 Build_fix:
When building with --enable-opensslextra=x509small, only OPENSSL_EXTRA_X509_SMALL is defined, not OPENSSL_EXTRA, so these functions are not compiled into the library
2026-05-22 19:01:05 +03:00
Roy Carter 7561911cba fix: Fix build errors for some tests on pipeline 2026-05-22 19:01:05 +03:00
Roy Carter c1a507e175 Feature: allow the usage of
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify

in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson 8dae4b34bb TLS 1.3: AEAD limit fixed
Values were 16-bit each when they are 32-bit each.
Add tests for KeyUpdate limits for TLS 1.3.
2026-05-22 16:41:23 +10:00
HIDEKI MIYAZAKI afb3ca4b77 fix prb failures 2026-05-20 17:31:08 -07:00
HIDEKI MIYAZAKI 319f1d699d fix clamp iterations <= 0 to 1 instead of returning an error 2026-05-20 07:25:35 -07:00
David Garske be67bf88f7 Merge pull request #10436 from Frauschi/mldsa_rename
Rename Dilithium to canonical ML-DSA (FIPS 204) names
2026-05-18 11:44:21 -07:00
David Garske 1ccd462ea1 Merge pull request #10482 from rlm2002/coverity
13052026 Coverity Fixes
2026-05-18 10:35:42 -07:00
David Garske bc2e842234 Merge pull request #10460 from JacobBarthelmeh/static_analysis
Static analysis fixes/improvements for SECO, devcrypto, ARIA, MD4, MD2
2026-05-18 10:31:37 -07:00
David Garske 9096bcc8fa Merge pull request #10393 from JacobBarthelmeh/opensslextra
support build --enable-opensslextra with NO_BIO and NO_FILESYSTEM
2026-05-17 22:33:23 -07:00
David Garske 4c9116c743 Merge pull request #10462 from kareem-wolfssl/zd21507
Fix alert type for missing cert.  Prevent building with RNG disabled and blinding enabled by default.  Enforce bounds for AES CMAC size in verify.
2026-05-17 22:25:09 -07:00
David Garske e7f5c99115 Merge pull request #10398 from julek-wolfssl/fenrir/20260430
Fenrir fixes
2026-05-17 22:21:06 -07:00
Daniel Pouzzner a5e79d3b1c wolfssl/wolfcrypt/dilithium.h: use macros, not inlines, for all legacy (!WOLFSSL_NO_DILITHIUM_LEGACY_NAMES) wrappers;
tests/api/test_mldsa.c: suppress -Wunreachable-code around wc_mldsa_canonical_api_check() and wc_mldsa_legacy_alias_check().
2026-05-16 09:51:36 -05:00
Tobias Frauenschläger 2832df2139 Update C# wrapper to new ML-DSA names 2026-05-16 09:48:35 -05:00
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
JacobBarthelmeh c0ba788cb1 support of NO_BIO and NO_FILESYSTEM build with opensslextra 2026-05-15 10:37:46 -06:00
Kareem 213bcb3e94 Gate out all of the newly added AES-CMAC tests for FIPS as none of them will apply to the old FIPS AES-CMAC code. 2026-05-14 15:19:56 -07:00
Kareem d7af80dc93 Update new AES-CMAC bounds test to account for FIPS still using the old code. 2026-05-14 12:46:25 -07:00
Kareem 3300d0834e Code review feedback. Don't error out if WOLFSSL_RSA_PUBLIC_ONLY or WOLFSSL_RSA_VERIFY_ONLY are defined as they don't use blinding. 2026-05-14 12:45:17 -07:00
Kareem 02306592be Require that the AES CMAC mac size is inside of the range [WC_CMAC_TAG_MIN_SZ, WC_AES_BLOCK_SIZE].
Fixes F-3084.
2026-05-14 12:45:17 -07:00
David Garske 460a87119e Merge pull request #10351 from rizlik/cryptocbonly
CRYPTOCB_ONLY: add test infra + SHA256 + AES
2026-05-14 10:37:39 -07:00
Jeremiah Mackey c61fa7d633 honor OpenSSL fail-open contracts 2026-05-14 16:59:12 +00:00
Jeremiah Mackey 88fde0fff7 fix copy-paste constant mismatches 2026-05-14 16:59:12 +00:00
Juliusz Sosinowicz 3234f66cf3 Test TLS 1.3 NewSessionTicket MAX_LIFETIME bound check
DoTls13NewSessionTicket rejects a ticket lifetime greater than
MAX_LIFETIME (RFC 8446 Section 4.6.1, 7 days), but no test
exercised the rejection: every server in the suite stays well
within the limit, so a mutation deleting that bound check would
go unnoticed.

Add a manual memio test that pokes ctx_s->ticketHint to
MAX_LIFETIME + 1 (the public setter clamps to 604800), runs a
full TLS 1.3 handshake, and reads the post-handshake
NewSessionTicket on the client. The test confirms the over-limit
lifetime surfaces from wolfSSL_read as SERVER_HINT_ERROR.

F-2121
2026-05-14 14:07:53 +02:00
Juliusz Sosinowicz 130f683d8c Validate minDowngrade in wolfSSL_SetSession before reusing version
When resuming a session wolfSSL_SetSession unconditionally
overwrote ssl->version with the version stored in the cached
session, even if that version was below the WOLFSSL's configured
minDowngrade. The overwritten version then fed straight into
SendClientHello, so a client configured to require TLS 1.2 or
higher could still emit a ClientHello advertising e.g. TLS 1.0
when resuming an old cached session. The ServerHello path catches
the actual downgrade, but the ClientHello version is already a
protocol-conformance issue and can confuse middleboxes.

Reject the session if its stored minor version is below
ssl->options.minDowngrade. The check is DTLS-aware: DTLS minor
versions decrease as the protocol version increases, so the
direction of the comparison is flipped for DTLS.

F-2105
2026-05-14 14:07:53 +02:00
Sean Parkinson 31a76d333b Merge pull request #10468 from JeremiahM37/fenrir-wolfcrypt-api-hardening
wolfCrypt API hardening: input validation, key zeroization, hardware ports
2026-05-14 20:00:39 +10:00
Kareem 775af7d967 Fix unit test failures with --enable-all. 2026-05-13 17:36:21 -07:00