Commit Graph

11274 Commits

Author SHA1 Message Date
Tobias Frauenschläger 16e1d33f24 Fix invalid preprocessor guard in PKCS7 with SHA224
Also add missing ForceZero for ECDH shared secret on the heap.
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 5634cfd67c Fix PKCS#7 regression with --enable-all and NO_PKCS7_STREAM 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger e2167e4bbd add length check in PKCS#7 2026-04-23 09:36:32 +02:00
Tobias Frauenschläger 84fb0f694c Fix various range and size bugs in PKCS#7 code 2026-04-23 09:36:32 +02:00
night1rider d673b62143 Fix double-free of she2 in she_test 2026-04-22 17:33:21 -06:00
Kareem 9fef016106 Fix W560 "possible truncation at implicit conversion to type unsigned char" warnings raised by Tasking compiler. 2026-04-22 15:47:48 -07:00
Kareem b3c2877a14 Add additional checks for encryptedContentSz exceeding pkiMsgSz. 2026-04-22 15:22:36 -07:00
Kareem 3e04475875 Fix unused variable error 2026-04-22 15:22:36 -07:00
Kareem ebdcc03b71 Code review feedback 2026-04-22 15:22:36 -07:00
Kareem 1397268aa1 In wc_PKCS7_DecodeEnvelopedData, confirm encryptedContentTotalSz does not exceed the total message size before using it in the non-streaming case.
Thanks to Zou Dikai for the report.
2026-04-22 15:22:36 -07:00
Kareem 7f218574c4 Ensure esd->signedAttribsCount contains the correct count in case some are skipped by using the current idx rather than the total array size.
Thanks to Zou Dikai for the report.
2026-04-22 15:22:36 -07:00
JacobBarthelmeh b5738236d9 Merge pull request #10187 from embhorn/zd21587
Fixes in TLS ECH, handle empty records, and ASN len check
2026-04-22 14:44:15 -06:00
JacobBarthelmeh bc4bec63fc Merge pull request #10094 from sebastian-carpenter/GH-10068
Fixes: for GH #10068
2026-04-22 14:24:25 -06:00
Paul Adelsbach ea6af18bc1 Set hashType in ports 2026-04-22 13:17:28 -07:00
David Garske e05ce26fc9 wolfCrypt SRAM PUF Support
Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.

- **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`)
  - `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct`
  - `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint)
  - `wc_PufZeroize` (secure context cleanup)
  - `wc_PufSetTestData` (synthetic SRAM for testing without hardware)
- **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
- **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
- **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded)
- `./configure --enable-puf` (auto-enables HKDF dependency)
- CMake: `WOLFSSL_PUF=yes`
- `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM`
- See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
- Supports test mode (synthetic SRAM)
- Builds to ~13KB `.elf`
- Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
- `.github/workflows/puf.yml`: host build + test workflow for PUF feature
- Doxygen API docs for all 8 public functions
- PUF group added to `doxygen_groups.h`
2026-04-22 11:39:39 -07:00
Thomas Cook 3878271e35 nxp casper changes. turn off ecc and rsa hw accel 2026-04-21 19:37:24 -04:00
Paul Adelsbach 4ae2d284fe Add checks for ascii digits in time decode functions 2026-04-21 15:24:06 -07:00
Daniel Pouzzner 6733e4997d wolfcrypt/src/asn.c, wolfssl/wolfcrypt/asn.h: add wolfssl_local_IsValidFQDN()
tests/api/test_ossl_x509.c, tests/api/test_ossl_x509.h: add test_wolfssl_local_IsValidFQDN().

src/internal.c: in MatchDomainName(), when WOLFSSL_LEFT_MOST_WILDCARD_ONLY, do pattern matching and case folding only if target string validates as an FQDN.
2026-04-21 16:56:08 -05:00
Sean Parkinson 353a379bd7 Merge pull request #10262 from douzzer/20260420-test-fixes
20260420-test-fixes
2026-04-21 10:23:46 +10:00
Sean Parkinson 967780f1b7 Merge pull request #10239 from gasbytes/crl-idp-extension-fix
reject crls with unrecognized critical extensions
2026-04-21 10:21:31 +10:00
JacobBarthelmeh ad8b6dbc32 Merge pull request #10217 from ColtonWilley/null-checks-evp-ocsp-x509
Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
2026-04-20 17:27:19 -06:00
Colton Willey c950a6aa46 zephyr: changes needed for Zephyr 4.3 default TLS support
Follow-up to #7731 ("Changes needed for default TLS support in zephyr
kernel"). Zephyr 4.3's TLS socket integration uses three additional
wolfSSL features that were not needed by the 3.7 integration, plus an
extension to the native_sim time-source gates introduced in #7731.

native_sim timer gates (src/internal.c, wolfcrypt/src/wc_port.c):
  Extend the !CONFIG_BOARD_NATIVE_POSIX gate in LowResTimer() and the
  CONFIG_BOARD_NATIVE_POSIX RTC path in z_time() to also cover
  CONFIG_BOARD_NATIVE_SIM. Zephyr 4.3 renamed the simulator board from
  native_posix to native_sim; without this, k_cpu_idle() on native_sim
  advances simulated time during DTLS retransmit loops and the RTC path
  falls through to uptime-since-boot. Behavior on native_posix is
  unchanged.

New Kconfig options (zephyr/Kconfig, zephyr/user_settings.h):
  CONFIG_WOLFSSL_SESSION_EXPORT   -> HAVE_EXT_CACHE
    Required by consumers that serialize TLS session state across
    connections via wolfSSL_i2d_SSL_SESSION / wolfSSL_d2i_SSL_SESSION.
  CONFIG_WOLFSSL_KEEP_PEER_CERT   -> KEEP_PEER_CERT
    Retain the peer certificate after handshake so the application
    layer can inspect it via wolfSSL_get_peer_certificate.
  CONFIG_WOLFSSL_ALWAYS_VERIFY_CB -> WOLFSSL_ALWAYS_VERIFY_CB
    Invoke an application-set verify callback on successful chain
    validation in addition to validation failures.

All three are default-off; customers opt in the same way they do for
the existing CONFIG_WOLFSSL_DTLS / ALPN / PSK feature options.

.wolfssl_known_macro_extras: register HAVE_EXT_CACHE.
2026-04-20 12:29:26 -07:00
Jeremiah Mackey d5312ba350 wc_MakeDsaKey: match tmpQ alloc and free 2026-04-20 17:20:54 +00:00
Jeremiah Mackey 9c1b8cf4f1 wc_rng_bank_init: fall through on size error 2026-04-20 17:20:54 +00:00
Jeremiah Mackey c417a1ce1e zero sensitive state before free 2026-04-20 17:20:54 +00:00
Jeremiah Mackey 4a103a1b4e AES: tighten AEAD input validation 2026-04-20 17:20:54 +00:00
Jeremiah Mackey 6596419cb0 add NULL validation to wolfCrypt APIs 2026-04-20 17:20:54 +00:00
Lealem Amedie 8b762301ef Add EVP_PKEY_new_raw_public_key and EVP_PKEY_new_raw_private_key 2026-04-20 09:31:42 -06:00
Daniel Pouzzner a7bf5e5989 wolfcrypt/test/test.c: add missing FIPS gating for backward-incompatible NULL arg tests in hkdf_test() and srtpkdf_test(). 2026-04-20 10:17:31 -05:00
Eric Blankenhorn 1b5d77e53f Fix from review 2026-04-20 08:22:53 -05:00
Tobias Frauenschläger 847f3d6bab Make sure large buffers are on the heap with SMALL_STACK 2026-04-19 20:38:41 +02:00
Sean Parkinson fa9f24ff27 Merge pull request #10223 from rlm2002/zd21611
CN constraints fix
2026-04-19 21:28:29 +10:00
Sean Parkinson d577ea3228 Merge pull request #10238 from JeremiahM37/fenrir-issues-4
Fix UAF in Delete wrappers, harden KDF and LMS signing
2026-04-19 21:18:44 +10:00
Thomas Cook b6106ffae1 Add hw accel for aes ecb, cbc, ofb, cfb, ctr. Turn them on. 2026-04-17 16:17:50 -04:00
Mattia Moffa 7bf63e91ff Remove now useless check 2026-04-17 20:05:08 +02:00
Reda Chouk 857141da35 reject crls with unrecognized critical extensions per rfc 5280 section 5.2 2026-04-17 19:36:55 +02:00
Mattia Moffa 807214dc55 Avoid unneeded temporary stack buffer; remove redundant check 2026-04-17 19:32:23 +02:00
David Garske 1f271855fc Merge pull request #10241 from SparkiDev/asm_gen_refactor_1
ASM files: generation script refactor output
2026-04-17 09:35:03 -07:00
Eric Blankenhorn e26ab427a5 Use O_CLOEXEC to avoid race conditions 2026-04-17 11:14:31 -05:00
Reda Chouk fb64844924 Merge pull request #10205 from holtrop-wolfssl/rust-fenrir-fixes
Rust fenrir fixes
2026-04-17 10:32:26 +02:00
Sean Parkinson 318cd62d44 Merge pull request #10231 from JeremiahM37/fenrir-issues-3
Fix PEM input validation and zeroize sensitive key buffers
2026-04-17 10:44:55 +10:00
Lealem Amedie 56b2017405 Save heap before *_free in *_delete to avoid XFREE with zeroed memory after ForceZero 2026-04-16 18:42:19 -06:00
Lealem Amedie e0be9777f6 Leverage wc constructors for ED* 2026-04-16 18:39:32 -06:00
Sean Parkinson fc433b2596 ASM files: generation script refactor output
Refactors the output format of generated assembly files across all
platforms
(x86_64, ARM AArch64, ARMv8-32, Thumb2, PowerPC) for consistency and
  correctness.

  Changes

  Data constant consolidation
- Pack multiple values per directive line (e.g., 4× .long or 8× .short
per
line) instead of one value per line, reducing file sizes significantly
- Normalize hex literal formatting: 64-bit values use full 8-byte
zero-padded
form (e.g., 0x0000000003ffffff instead of 0x3ffffff)

  x86_64 assembly
- Use decimal immediate values for shift counts (e.g., $1 instead of
$0x01)
- .asm (MASM): use hex notation consistently for data constants;
update ALIGN
values to match data width (e.g., ALIGN 32 for 256-bit aligned data)

  ARM .S files
- Move .type directive before .section for data objects (correct
ordering per
ELF convention)

ARM/Thumb2 inline C (_c.c) files
  - Replace asm( with __asm__( for register variable constraints (better
portability)
- Add XALIGNED(8) attribute to constant lookup tables used in inline
asm
- Remove redundant #include <stdint.h> and
<wolfssl/wolfcrypt/libwolfssl_sources.h> headers

Files affected: 71 assembly and companion C files across
wolfcrypt/src/,
wolfcrypt/src/port/arm/, covering AES, ChaCha, Poly1305,
SHA-256/512/3,
  Curve25519, ML-KEM, ML-DSA, and SP math routines.
2026-04-17 09:38:57 +10:00
Brett Nicholas 4bf334c299 Merge pull request #10009 from night1rider/SHE-update
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-16 16:49:00 -06:00
Jeremiah Mackey 4ce11fa5f5 zero LMS signature on write failure 2026-04-16 17:35:50 +00:00
Jeremiah Mackey 3175c3387f add NULL validation to KDF APIs 2026-04-16 17:35:50 +00:00
Jeremiah Mackey 625ea89284 save heap before Free in Delete wrappers 2026-04-16 17:14:05 +00:00
Sean Parkinson c119a21931 SP int: fixes from review by Claude
1. sp_cond_swap_ct_ex (line ~5524) — XOR typo: b->sign ^= b->sign always
zeroed the sign. Fixed to b->sign ^= t->sign to correctly swap signs.
2. sp_mod_d (line ~7271) — Negative modulo correction was applied even
when the remainder was 0. Added (*r != 0) guard to avoid producing d
instead of 0.
3. sp_lshb (line ~8444) — Left-shift size check was off. Refactored to
correctly distinguish between pure-digit shifts and bit-within-digit
shifts when checking if the result fits, using separate overflow checks
for each case.
4. _sp_mulmod_tmp (line ~12160) — Zero inputs caused an allocation of
size 0, which is problematic. Added an early path: if either operand is
zero, set result to zero and skip the allocation/multiply entirely.
5. sp_mod_2d — copy path (line ~14762) — XMEMCPY copied digits *
SP_WORD_SIZEOF bytes but a may have fewer than digits used digits. Fixed
to copy min(a->used, digits) digits to avoid reading uninitialized
memory.
6. sp_mod_2d — negation loop (line ~14782) — Negation loop iterated
over r->used, which could exceed digits. Fixed to loop over min(r->used,
digits).
7. _sp_sqrmod (line ~17314) — Same zero-input issue as _sp_mulmod_tmp.
Added early zero path to skip the allocation/squaring when input is
zero.
8. sp_lcm (line ~19838) — Typo in sign check: b->sign >= MP_NEG
(comparing against a value that is 1, so >= 1 would also match MP_ZPOS)
changed to b->sign == MP_NEG.
2026-04-16 19:01:53 +10:00
Daniel Pouzzner 0f0dab0105 wolfcrypt/src/logging.c and wolfssl/wolfcrypt/logging.h: add wc_backtrace_set_fp(). 2026-04-15 21:28:43 -05:00