Commit Graph

10611 Commits

Author SHA1 Message Date
Daniel Pouzzner b3f08f33b8 Merge pull request #9873 from miyazakh/fix_larger_crlnum
fix lareger(>57 octets) CRL number
2026-03-06 22:49:03 -06:00
Daniel Pouzzner 04e2adc799 Merge pull request #9916 from julek-wolfssl/fenrir/286
ecc.c: clear priv key with forcezero
2026-03-06 22:38:27 -06:00
Daniel Pouzzner 031c87407d Merge pull request #9892 from embhorn/f380-381-382
Hardening in wc_MakeDsaKey and wc_FreeDsaKey
2026-03-06 22:37:44 -06:00
Daniel Pouzzner 396b5ec1da Merge pull request #9896 from embhorn/f278-281-282
Fixes issues in SRP component:
2026-03-06 22:36:59 -06:00
Daniel Pouzzner f02f6d1d67 Merge pull request #9895 from embhorn/f283-287
Hardening in GeneratePrivateDh186 and wc_DhImportKeyPair
2026-03-06 22:36:14 -06:00
Daniel Pouzzner d4ac953ca5 Merge pull request #9893 from embhorn/f284-285
Hardening in wc_FreeRsaKey and wc_RsaPrivateKeyDecodeRaw
2026-03-06 22:35:39 -06:00
Daniel Pouzzner 2635315822 Merge pull request #9891 from embhorn/f194
Harden wc_ecc_shared_secret_gen_sync
2026-03-06 22:34:58 -06:00
Juliusz Sosinowicz cc079a3da8 ecc.c: clear priv key with forcezero
F-286
2026-03-06 17:48:38 +01:00
Juliusz Sosinowicz 14357576d8 wc_PKCS7_PwriKek_KeyUnWrap: use a ct cmp
F-378
2026-03-06 17:42:37 +01:00
Eric Blankenhorn 355081b123 Fix test with cast 2026-03-06 07:33:52 -06:00
Daniel Pouzzner 80938758ac Merge pull request #9879 from embhorn/f379
Fix wc_ecc_sign_hash_ex with Intel QA
2026-03-05 22:53:55 -06:00
Daniel Pouzzner cc2fdda54c Merge pull request #9734 from SparkiDev/mlkem_mldsa_harden
ML-KEM/ML-DSA: harden against fault attacks
2026-03-05 21:34:39 -06:00
Hideki Miyazaki 4877c0e579 fix PRB tests failures 2026-03-06 10:51:57 +09:00
Hideki Miyazaki cfb7f35e72 fix lareger(>57 octets) crlnum 2026-03-06 10:51:54 +09:00
Sean Parkinson 65a1a68877 ML-KEM/ML-DSA: harden against fault attacks
ML-DSA: check pointer to the y parameter has not be faulted.
ML-KEM: to harden against faultiong, use a different buffer for private
seed, sigma, and add a check that the buffer was copied correctly.
SHA-3: fix size of check variables.
2026-03-06 08:44:08 +10:00
Daniel Pouzzner 8a5c1c7af1 Merge pull request #9855 from SparkiDev/sp_rv32i_muldi3
RISC-V 32 no mul SP C: implement multiplication
2026-03-05 16:32:26 -06:00
Daniel Pouzzner 396b553c45 Merge pull request #9872 from SparkiDev/asn_improvements_1
ASN: improve handling of ASN.1 parsing/encoding
2026-03-05 16:18:12 -06:00
Eric Blankenhorn 25f8d6d54a f282 harden wc_SrpComputeKey 2026-03-05 16:14:16 -06:00
Eric Blankenhorn f28a660273 f281 harden wc_SrpInit 2026-03-05 16:13:10 -06:00
Eric Blankenhorn e21c4d71a6 f278 fix setting heap in wc_SrpInit_ex 2026-03-05 16:11:47 -06:00
Daniel Pouzzner 1866853073 Merge pull request #9883 from JacobBarthelmeh/f279
Fix to free RNG with SRP function in failure case
2026-03-05 16:10:35 -06:00
Eric Blankenhorn 203cce48ef f287 harden wc_DhImportKeyPair 2026-03-05 15:44:12 -06:00
Eric Blankenhorn 296493acf0 f283 harden GeneratePrivateDh186 2026-03-05 15:43:10 -06:00
Daniel Pouzzner b2454d183d Merge pull request #9880 from Frauschi/f-190
fix typo in PKCS#11 V3 init
2026-03-05 15:39:41 -06:00
Eric Blankenhorn c0a4b94cb7 Fix from review 2026-03-05 15:39:20 -06:00
Daniel Pouzzner 663187150e Merge pull request #9878 from embhorn/f377
Fix checkPad to test for zero padding
2026-03-05 15:38:54 -06:00
Daniel Pouzzner 1b25c46d35 Merge pull request #9877 from embhorn/f276
Add null check in wolfSSL_EVP_PKEY_encrypt_init / _decrypt_init
2026-03-05 15:37:26 -06:00
Daniel Pouzzner 13c02b92b2 Merge pull request #9839 from padelsbach/crl-enhancements-ossl
CRL enhancements for revoked entries
2026-03-05 15:35:53 -06:00
Eric Blankenhorn b03a732d92 Fix f285 harden wc_RsaPrivateKeyDecodeRaw 2026-03-05 15:27:05 -06:00
Eric Blankenhorn 9062b98319 Fix f284 harden wc_FreeRsaKey 2026-03-05 15:25:29 -06:00
Daniel Pouzzner 58f48a96bf Merge pull request #9836 from Frauschi/pkcs11_dilithium
Add support for ML-DSA in PKCS#11
2026-03-05 15:22:10 -06:00
Eric Blankenhorn d638824b63 Fix F382 to harden wc_FreeDsaKey 2026-03-05 15:16:55 -06:00
Daniel Pouzzner c65e3e50fd Merge pull request #9825 from embhorn/zd21240
Fix issue in TLS_hmac size calculation
2026-03-05 15:16:47 -06:00
Eric Blankenhorn f093268bb9 Fix F381 to harden wc_MakeDsaKey 2026-03-05 15:15:41 -06:00
Eric Blankenhorn 967aaa2c56 Fix F380 to harden wc_MakeDsaKey 2026-03-05 15:14:47 -06:00
Eric Blankenhorn fdec6d0a06 Harden wc_ecc_shared_secret_gen_sync 2026-03-05 15:09:06 -06:00
Daniel Pouzzner 178f96c483 Merge pull request #9854 from sameehj/rsa-pss-fix
Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
2026-03-05 15:03:46 -06:00
Daniel Pouzzner 5fa18d9817 Merge pull request #9784 from dgarske/async_cryptocb
Fixes and tests for async and crypto callbacks
2026-03-05 14:59:27 -06:00
Daniel Pouzzner 91ea97ecdf Merge pull request #9712 from night1rider/max-32666-code-improvements
Fix Crash when using Sha224 Callback with MAX32666
2026-03-05 14:58:02 -06:00
Daniel Pouzzner b2913d27dd Merge pull request #9842 from rlm2002/coverity
20260227 Coverity changes
2026-03-05 14:53:14 -06:00
JacobBarthelmeh 54816e8b18 Fix to free RNG with SRP function in failure case 2026-03-05 09:30:16 -07:00
Tobias Frauenschläger 4c5df4f2d9 fix typo in PKCS#11 V3 init 2026-03-05 16:41:05 +01:00
Eric Blankenhorn 0c2de309db Fix wc_ecc_sign_hash_ex with Intel QA 2026-03-05 09:35:23 -06:00
Eric Blankenhorn 7f487b9869 Fix checkPad to test for zero padding 2026-03-05 08:32:18 -06:00
Eric Blankenhorn 6dc4ba8a24 Fix from review 2026-03-05 08:23:02 -06:00
Eric Blankenhorn fe12395e61 Add null check in wolfSSL_EVP_PKEY_encrypt_init / _decrypt_init 2026-03-05 08:13:26 -06:00
Sean Parkinson 34916c80c8 ASN: improve handling of ASN.1 parsing/encoding
ToTraditionalInline_ex2 original ASN code:
  - Now return 0 when no OCTECT_STRING data found.
  - Change callers to accept 0 as a valid returnb value.

SizeASN_Items:
  - Change encoded size to word32 as won't be negative.
- Change callers to supply a pointer to a word32 instead of integer.
Fix casting due to change of parameter type.

ASN_LEN_ENC_LEN: Function to calculate the length of the encoded ASN.1
length.

GetLength_ex:
  - Change minLen to word32
- Change length to word32 and change negative check appropriately for
different type.

GetASNHeader_ex:
  - If not checking lengths in GetLength_ex, check it here.
DecodeObjectId:
  - Ensure no overflow in calculation.

_RsaPrivateKeyDecode (original)
  - Clear RSA integers on failure (will be done in free anyway).

wc_CreatePKCS8Key (original):
  - safe check of overflow.

DecryptContent (templare):
- Parse will fail if OID not recognized, and recognized OIDs are 9/10
bytes long - but check idx is 9/10 anyway so we know we can read 2 end
bytes of data.

wc_RsaPublicKeyDecode_ex (original):
- Fix calculation of seqEndIdx and use it to bound modulus and
exponent.

DecodePolicyOID
  - enusre inSz is not too long.
  - Ensure no overflow in calculation.

SetOidValue (orginal):
  - Safe check of inSz and oidSz.

SetAltNames (original):
  - Improve length checks

FlattenAltNames:
  - Check for overflow.
  - Better length check.

ParseCRL_CertList (original):
  - overflow check
2026-03-05 13:11:30 +10:00
Paul Adelsbach 22d7550f8e CRL enhancements for revoked entries 2026-03-04 14:53:28 -08:00
Daniel Pouzzner 1297a85b03 wolfcrypt/test/test.c:
* skip pkcs12_test() if NO_SHA;
* sha3_224_test(): fix error-path leak and possible uninited-read of shaCopy.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner f67c29ae51 linuxkm/Kbuild:
* for aarch64/arm64, only add -mno-outline-atomics if the compiler supports it.
* in ENABLED_LINUXKM_PIE setup, avoid -fPIE on arm32 <5.11 (missing reloc support).

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: gate interception of alt_cb_patch_nops() on kernel >= 6.1.

linuxkm/linuxkm_wc_port.h: define WC_LINUXKM_SUPPORT_DUMP_TO_FILE implicitly when WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT.

linuxkm/module_hooks.c: fixes for text_dump_path and rodata_dump_path handler code.
2026-03-04 13:14:07 -06:00