Jeremiah Mackey
584ded11d3
validate falcon level before check
2026-04-29 13:56:17 +00:00
Juliusz Sosinowicz
31278ee8bd
Merge pull request #10296 from JacobBarthelmeh/hostap
2026-04-24 14:13:02 +02:00
JacobBarthelmeh
29f674e5b6
avoid glitch hardening false positive byte collision with small messages and adjust test case
2026-04-24 01:08:00 -06:00
Sean Parkinson
936f8e5423
Merge pull request #10203 from Frauschi/pkcs7_fixes
...
PKCS#7 fixes
2026-04-24 10:13:43 +10:00
JacobBarthelmeh
20c1b91914
Merge pull request #10286 from LinuxJedi/git-action
...
ci: add PR commit message sanity check workflow
2026-04-23 17:16:26 -06:00
JacobBarthelmeh
d9beec2e81
Merge pull request #10283 from night1rider/SHE-test-double-free-fix
...
Fix double-free of she2 in she_test()
2026-04-23 16:59:52 -06:00
JacobBarthelmeh
90366b747f
Merge pull request #10142 from kareem-wolfssl/variousFixes2
...
Various fixes
2026-04-23 16:47:21 -06:00
JacobBarthelmeh
72c7d12cfb
exclude the trust anchor from prospective certification path with pathlen check
2026-04-23 16:23:07 -06:00
JacobBarthelmeh
fe8541cc47
Merge pull request #10193 from padelsbach/set-hashtype-in-ports
...
Set hashType in ports
2026-04-23 15:02:30 -06:00
JacobBarthelmeh
6a0303e299
Merge pull request #10066 from dgarske/wc_puf
...
wolfCrypt SRAM PUF Support
2026-04-23 14:28:37 -06:00
JacobBarthelmeh
53e352181e
Merge pull request #10058 from julek-wolfssl/hostap-ec-generate.sh
...
Re-enable hostap tests and remove some flaky tests
2026-04-23 14:09:09 -06:00
JacobBarthelmeh
5277556989
Merge pull request #10264 from JeremiahM37/fenrir-issues-5
...
Harden wolfCrypt input validation and zeroization
2026-04-23 14:06:29 -06:00
JacobBarthelmeh
2ba4d7e6c9
Merge pull request #10210 from ColtonWilley/fix-scr-dangling-ptr-after-tlsx-freeall
...
Fix dangling secure_renegotiation pointer after TLSX_FreeAll
2026-04-23 13:58:24 -06:00
JacobBarthelmeh
118c0ccb53
Merge pull request #10269 from LinuxJedi/repoint-se050
...
Move SE050 simulator under wolfSSL
2026-04-23 13:54:29 -06:00
JacobBarthelmeh
4fe2e7feb3
Merge pull request #10128 from kareem-wolfssl/zd21526_21530
...
PKCS7 Fixes
2026-04-23 13:29:28 -06:00
Daniel Pouzzner
9d46b57af3
Merge pull request #10246 from sameehj/aes-gcm-fix
...
Zero TLS 1.3 traffic keys after AES SE offload
2026-04-23 13:26:59 -05:00
Tobias Frauenschläger
22d1441331
Bounds-check the RecipientInfo SET length in wc_PKCS7_ParseToRecipientInfoSet()
2026-04-23 11:03:24 +02:00
Tobias Frauenschläger
97b82b5087
Add nonce length validation for PKCS#7
2026-04-23 11:03:19 +02:00
Tobias Frauenschläger
b7f6e77a95
Reject PKCS#7 SignedData signer-identity forgery
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
589feabc0c
Harden PKCS#7 EnvelopedData key unwrap
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
3fd4060458
Add more PKCS#7 tests
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
4e423fde17
More PKCS#7 bounds checks
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
46f3ebb0c6
Add missing ForceZero calls in PKCS#7
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
16e1d33f24
Fix invalid preprocessor guard in PKCS7 with SHA224
...
Also add missing ForceZero for ECDH shared secret on the heap.
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
5634cfd67c
Fix PKCS#7 regression with --enable-all and NO_PKCS7_STREAM
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
e2167e4bbd
add length check in PKCS#7
2026-04-23 09:36:32 +02:00
Tobias Frauenschläger
84fb0f694c
Fix various range and size bugs in PKCS#7 code
2026-04-23 09:36:32 +02:00
Andrew Hutchings
8810160da7
ci: add PR commit message sanity check workflow
...
Adds a GitHub Actions workflow that scans every commit in a pull
request and fails if any commit message carries a Co-authored-by
or Signed-off-by trailer pointing at noreply@anthropic.com .
2026-04-23 07:08:36 +01:00
night1rider
d673b62143
Fix double-free of she2 in she_test
2026-04-22 17:33:21 -06:00
Kareem
b3c2877a14
Add additional checks for encryptedContentSz exceeding pkiMsgSz.
2026-04-22 15:22:36 -07:00
Kareem
3e04475875
Fix unused variable error
2026-04-22 15:22:36 -07:00
Kareem
ebdcc03b71
Code review feedback
2026-04-22 15:22:36 -07:00
Kareem
1397268aa1
In wc_PKCS7_DecodeEnvelopedData, confirm encryptedContentTotalSz does not exceed the total message size before using it in the non-streaming case.
...
Thanks to Zou Dikai for the report.
2026-04-22 15:22:36 -07:00
Kareem
7f218574c4
Ensure esd->signedAttribsCount contains the correct count in case some are skipped by using the current idx rather than the total array size.
...
Thanks to Zou Dikai for the report.
2026-04-22 15:22:36 -07:00
JacobBarthelmeh
b5738236d9
Merge pull request #10187 from embhorn/zd21587
...
Fixes in TLS ECH, handle empty records, and ASN len check
2026-04-22 14:44:15 -06:00
JacobBarthelmeh
bc4bec63fc
Merge pull request #10094 from sebastian-carpenter/GH-10068
...
Fixes: for GH #10068
2026-04-22 14:24:25 -06:00
Paul Adelsbach
ea6af18bc1
Set hashType in ports
2026-04-22 13:17:28 -07:00
David Garske
e05ce26fc9
wolfCrypt SRAM PUF Support
...
Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.
- **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`)
- `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct`
- `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint)
- `wc_PufZeroize` (secure context cleanup)
- `wc_PufSetTestData` (synthetic SRAM for testing without hardware)
- **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
- **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
- **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded)
- `./configure --enable-puf` (auto-enables HKDF dependency)
- CMake: `WOLFSSL_PUF=yes`
- `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM`
- See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
- Supports test mode (synthetic SRAM)
- Builds to ~13KB `.elf`
- Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
- `.github/workflows/puf.yml`: host build + test workflow for PUF feature
- Doxygen API docs for all 8 public functions
- PUF group added to `doxygen_groups.h`
2026-04-22 11:39:39 -07:00
JacobBarthelmeh
c098e53948
Merge pull request #10247 from julek-wolfssl/fenrir/20260417
...
Fenrir fixes
2026-04-21 16:26:38 -06:00
JacobBarthelmeh
c6f8e845ee
Merge pull request #10267 from holtrop-wolfssl/rust-chacha20_poly1305-oneshot-buffer-length-check
...
Rust wrapper: add buffer size checks in Rust wrapper for ChaCha20_Poly1305 one-shot encrypt/decrypt wrappers
2026-04-21 16:19:29 -06:00
JacobBarthelmeh
98cd7fe404
Merge pull request #10265 from ejohnstown/qnx-fix
...
Tasking Warning
2026-04-21 16:18:38 -06:00
Andrew Hutchings
ddacd6b822
Move SE050 simulator under wolfSSL
...
The simulator is now in the simulators repo instead of LinuxJedi's
private repo.
2026-04-21 06:31:42 +01:00
Mattia Moffa
389d15fa45
Fix compile error
2026-04-21 03:30:39 +02:00
Mattia Moffa
6f37b17757
Address Copilot suggestions
2026-04-21 02:56:36 +02:00
Sean Parkinson
353a379bd7
Merge pull request #10262 from douzzer/20260420-test-fixes
...
20260420-test-fixes
2026-04-21 10:23:46 +10:00
Sean Parkinson
967780f1b7
Merge pull request #10239 from gasbytes/crl-idp-extension-fix
...
reject crls with unrecognized critical extensions
2026-04-21 10:21:31 +10:00
JacobBarthelmeh
ad8b6dbc32
Merge pull request #10217 from ColtonWilley/null-checks-evp-ocsp-x509
...
Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
2026-04-20 17:27:19 -06:00
Sean Parkinson
a0bfcbba54
Merge pull request #10245 from Frauschi/small_stack
...
Make sure large buffers are on the heap with SMALL_STACK
2026-04-21 08:47:59 +10:00
Daniel Pouzzner
956f057e73
scripts/pem.test: correctly compute and use SRC_DIR, and fix whitespace.
2026-04-20 17:42:29 -05:00
Daniel Pouzzner
7e67274ebe
scripts/pem.test: add more missing feature sensing and conditions.
2026-04-20 15:24:28 -05:00