Commit Graph

11274 Commits

Author SHA1 Message Date
Thomas Cook 30fc5887ee Address PR comments 2026-05-05 10:20:21 -04:00
Thomas Cook 9605d96ccb Fix rsa acceleration exponent issue, turn back on. 2026-05-05 10:20:21 -04:00
Thomas Cook 83799e3767 Fix multi-test issues 2026-05-05 10:20:21 -04:00
Thomas Cook 1e2ab2c7c8 more pr fixes 2026-05-05 10:20:21 -04:00
Jeremiah Mackey 6a1b737dae PKCS7 PWRI decrypt: parse PBKDF2 prf 2026-05-05 04:36:16 +00:00
Jeremiah Mackey 9f79f79d86 wc_Entropy_GetRawEntropy: hold entropy_mutex 2026-05-05 04:36:16 +00:00
Jeremiah Mackey 19ff338be9 mp_cond_swap_ct: branchless masked XOR 2026-05-05 04:36:16 +00:00
David Garske 02dfd12466 Merge pull request #10376 from rlm2002/coverity
20260501 Coverity Fixes
2026-05-04 15:15:11 -07:00
Jeremiah Mackey f3c3687efc wc_hash2sz: fix SHA-224 size to 28 2026-05-04 17:18:39 +00:00
Jeremiah Mackey cf9f852db6 validate preconditions at public API boundary 2026-05-04 17:18:39 +00:00
Chris Conlon fe4473fbea Add ML-DSA SPKI/PKCS#8 DER support to d2i_PUBKEY and d2i_PrivateKey. 2026-05-04 09:24:02 -06:00
Tobias Frauenschläger bbcfa97144 SLH-DSA Wconversion fixes 2026-05-04 13:58:00 +02:00
Takashi Kojo 1a6dee2bb3 Add ML-DSA to X509_get_pubkey and EVP_PKEY_base_id 2026-05-02 08:13:08 +09:00
Takashi Kojo 4c04ba306b fix error case in d2iTryAltDhKey 2026-05-02 08:13:08 +09:00
JacobBarthelmeh da440d19a8 account for FIPS ready build and SE050 test 2026-05-01 16:00:19 -06:00
Daniel Pouzzner 7b5330391b Merge pull request #10051 from anhu/mp_int_bounds
Add bounds checks for MP integer size in SizeASN_Items
2026-05-01 15:32:18 -05:00
Ruby Martin 3137d62cf3 fix issue where ToTraditional_ex may assign negative value to *pkeySz 2026-05-01 14:06:51 -06:00
Ruby Martin 00e1fa651f Adds tmpSz so int is not cast to word32 in wc_d2i_PKCS12 2026-05-01 13:36:33 -06:00
Ruby Martin 001939d663 Call ForceZero on sensitive buffers 2026-05-01 13:36:33 -06:00
JacobBarthelmeh b3e9e51967 extra sanity check for hash of all 0's 2026-05-01 13:27:39 -06:00
JacobBarthelmeh 5b4ad8690e update function comments 2026-05-01 09:43:52 -06:00
JacobBarthelmeh d9361e2d8c use INVALID_DEVID in benchmark and copy over heap hint with XMSS export pub 2026-05-01 09:43:51 -06:00
JacobBarthelmeh 78564f0c78 fix XMSS heap hint use 2026-05-01 09:43:25 -06:00
JacobBarthelmeh e5d27b61dc use heap hints where possible in benchmark 2026-05-01 09:43:24 -06:00
Ruby Martin c2d44b4359 Bound by curSz in PKCS12 ContentInfo parsing 2026-05-01 09:37:45 -06:00
Ruby Martin 3a799bd451 zeroize unicodePasswd before breaking 2026-05-01 09:21:04 -06:00
Josh Holtrop 3ca70e585a Allow SubjectInfoAccess extension without id-ad-caRepository entry
Previously parsing a SubjectInfoAccess certificate containing a
SubjectInfoAccess extension that did not contain an id-ad-caRepository
resulted in an error.
2026-05-01 07:57:04 -04:00
Tobias Frauenschläger 5151a695bc Merge pull request #10373 from douzzer/20260430-ecc_test_vector_item-WC_MIN_DIGEST_SIZE
20260430-ecc_test_vector_item-WC_MIN_DIGEST_SIZE
2026-05-01 08:57:53 +02:00
Andrew Hutchings a4b754ab5d Add STSAFE A120 CI support
Adds our STSAFE A120 simulator to the CI, adds STSAFE to configure.ac
and fix missing required header.
2026-05-01 07:12:55 +01:00
Daniel Pouzzner d8797f59c4 Merge pull request #10261 from Frauschi/slh-dsa
Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
2026-04-30 23:52:36 -05:00
Ruby Martin 1bf33bcc0b PKCS12 and unicode password size check improvement 2026-04-30 16:30:29 -06:00
Daniel Pouzzner 70d5d86dda wolfcrypt/test/test.c: in ecc_test_vector_item(), don't attempt wc_ecc_verify_hash() if the test vector's message (hash) is shorter than WC_MIN_DIGEST_SIZE. 2026-04-30 17:00:40 -05:00
Mark Atwood 1caa444314 fix: add const to wc_Ed448 DER export function signatures 2026-04-30 14:53:06 -07:00
Ruby Martin 3ff02a7a95 Zero byte array buffer before free 2026-04-30 15:10:03 -06:00
JacobBarthelmeh fc51a38094 Merge pull request #10135 from lealem47/nid_ED
Add Ed25519/Ed448 support to EVP layer
2026-04-30 14:16:05 -06:00
Ruby Martin fb69662262 consolidate duplicate shakeType classification, clears logically dead code 2026-04-30 14:00:15 -06:00
Eric Blankenhorn fdac63cd29 Fix CUDA with WOLFSSL_AES_SMALL_TABLES 2026-04-30 14:06:18 -05:00
Eric Blankenhorn 0d392a6e61 Fix from review 2026-04-30 13:57:21 -05:00
Eric Blankenhorn 13afb8f8a0 Fix static / mem tracker build error 2026-04-30 13:57:21 -05:00
Mark Atwood 52fb6031ad fix: curve25519 clamp check missing rule 3 (bit6 of byte31) 2026-04-30 10:41:10 -07:00
Andrew Hutchings 9e7c2d19c7 Add ATECC608 CI tests
Also fix issues found with ATECC608
2026-04-30 18:01:42 +01:00
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
lealem47 d00a137de0 Merge pull request #10344 from douzzer/20260416-linuxkm-fips-rodata-canonify
20260416-linuxkm-fips-rodata-canonify
2026-04-30 10:19:43 -06:00
JacobBarthelmeh a478029083 change call to GetSigAlg in ASN original to sanity check length 2026-04-30 09:03:52 -06:00
Reda Chouk 6111c60ea6 reject crls with unrecognized critical entry extensions per rfc 5280 section 5.3 2026-04-30 16:58:47 +02:00
Daniel Pouzzner a057975347 Merge pull request #10293 from Frauschi/liboqs_removal
Remove liboqs for ML-KEM and ML-DSA, update for Falcon
2026-04-30 09:04:11 -05:00
Daniel Pouzzner 76080d0b19 Merge pull request #10292 from Frauschi/liblms_libxmss_removal
Remove deprecated liblms and libxmss
2026-04-30 09:01:24 -05:00
Juliusz Sosinowicz a012a8f3ec DTLS 1.3 client-only minimum: WOLFSSL_DTLS_ONLY + autoconf cascade
* configure.ac: --enable-dtls13 auto-enables --enable-dtls and TLS 1.3,
  with a targeted error if either is explicitly --disabled, plus a
  post-finalization sanity check that errors out if a later
  prerequisite test forces ENABLED_TLS13 back to "no" while
  ENABLED_DTLS13 is yes.
* src/internal.c, src/wolfio.c, wolfssl/wolfio.h: new WOLFSSL_DTLS_ONLY
  compile-time flag elides the EmbedReceive / EmbedSend default
  callbacks. The DTLS_MAJOR runtime check stays in SetSSL_CTX so a
  TLS-method ctx in a DTLS-only build doesn't get datagram callbacks
  by default, and WriteSEQ keeps its ssl->options.dtls branch. A
  #error in settings.h refuses WOLFSSL_DTLS_ONLY without WOLFSSL_DTLS.
* wolfcrypt/src/aes.c: add HAVE_AES_DECRYPT to the inv_col_mul
  definition gate to match its only caller; without it the function is
  emitted dead under WOLFSSL_AES_DIRECT && NO_AES_DECRYPT and
  -Werror=unused-function fails the build.
* .github/workflows/os-check.yml: matrix entry for a minimal DTLS 1.3
  client-only build.
2026-04-30 11:40:22 +00:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
Tobias Frauenschläger e1fefcca4f Remove deprecated liblms and libxmss 2026-04-29 19:52:09 +02:00