Commit Graph

30675 Commits

Author SHA1 Message Date
Daniel Pouzzner 5caa3565b8 Merge pull request #10858 from anhu/89compl
C89 compliance items
2026-07-09 10:14:16 -05:00
David Garske a03cd09dc0 Merge pull request #10868 from SparkiDev/tsp_staticmem_fix
Time-Stamping Protocol testing: fix CI loop static-memory
2026-07-08 20:26:39 -07:00
Sean Parkinson b3a9c18839 Time-Stamping Protocol testing: fix CI loop static-memory
Static-memory CI loop failed as tests were using too much memory.
Tests changed.
Name of loop change to tsp-staticmemory to make more sense.
2026-07-09 09:59:01 +10:00
Anthony Hu d52ff68832 bit of back and forth 2026-07-08 19:50:38 -04:00
David Garske a4aab71ffe Merge pull request #10861 from padelsbach/asn-integer-overflow-copy
Fix possible memcpy length overflow in wolfSSL_d2i_ASN1_INTEGER
2026-07-08 15:20:05 -07:00
Daniel Pouzzner a5dbbf80f5 Merge pull request #10864 from danielinux/riscv-port-null-checks
Riscv port bug fixes
2026-07-08 17:06:56 -05:00
David Garske 95f337ada4 Merge pull request #10831 from padelsbach/ci-json-dry
CI: unify repeated flags using existing python script
2026-07-08 14:00:05 -07:00
David Garske fdfba83c38 Merge pull request #10788 from aidangarske/fenrir-tls-batch-2026-06
Various hardening fixes across sniffer, QUIC, PKCS#11, TLS and tooling
2026-07-08 13:58:14 -07:00
David Garske 1e6f266e47 Merge pull request #10760 from Frauschi/pkcs7-server-encode
PKCS#7 improvements
2026-07-08 13:55:52 -07:00
Anthony Hu 93722d0aab whitespace 2026-07-08 15:51:19 -04:00
Anthony Hu 8ef5536cae Created the new macro W64LIT_FORCE_LONG_LONG 2026-07-08 15:48:52 -04:00
Anthony Hu 230278bcd8 Add WOLF_ENUM_DUMMY_LAST_ELEMENT to WOLF_STACK_TYPE 2026-07-08 15:26:25 -04:00
HAJA MOHIDEEN M c2b9cc55fb Merge pull request #10408 from hmohide/master
Add UDP support to NetX sockets for DTLS sessions
2026-07-08 12:24:31 -07:00
David Garske b4d51dbbda Merge pull request #10607 from julek-wolfssl/evp-pkey-encoded-public-key
Add EVP_PKEY encoded public key get/set compatibility functions
2026-07-08 12:20:33 -07:00
David Garske 4d3d2318f6 Merge pull request #10628 from yosuke-wolfssl/fix/f_4226
Reject CR/LF in OCSP/CRL URLs to block HTTP injection
2026-07-08 11:54:00 -07:00
David Garske 922e126423 Merge pull request #10693 from padelsbach/crl-use-after-free
Fix use-after-free possibility in GetCRLInfo
2026-07-08 11:37:41 -07:00
David Garske 9395547299 Merge pull request #10716 from padelsbach/crl-reentrancy-uaf
Address possible UAF in BufferLoadCRL
2026-07-08 11:35:29 -07:00
Anthony Hu 80d4c28c39 WC_FLEXIBLE_ARRAY_MEMBER to WC_FLEXIBLE_ARRAY_SIZE 2026-07-08 14:07:44 -04:00
David Garske b29e3a1a11 Merge pull request #10863 from holtrop-wolfssl/zd22109
Fix use-after-free in some TLS shutdown/ReceiveData sequences
2026-07-08 10:54:52 -07:00
David Garske 76491e6b60 Merge pull request #10661 from yosuke-wolfssl/fix/f_5808
Enable SCSV check unconditionally
2026-07-08 10:52:59 -07:00
David Garske 6b1bf6b81b Merge pull request #10551 from julek-wolfssl/dtls-perf-benchmark
Add DTLS throughput benchmark tool and optimize send path
2026-07-08 10:31:11 -07:00
David Garske 16a2681ca4 Merge pull request #10604 from AlexLanzano/cryptocb-getdevice
Expose wc_CryptoCb_GetDevice and add CryptoCb API test coverage
2026-07-08 10:30:59 -07:00
David Garske a6ee818b27 Merge pull request #10781 from julek-wolfssl/parallel-make-check-status-emoji
.github/scripts/parallel-make-check.py: emit literal status emoji, not :shortcodes:
2026-07-08 10:25:29 -07:00
David Garske 67ca317097 Merge pull request #10737 from kareem-wolfssl/zd21998
X509 validation fixes
2026-07-08 09:48:26 -07:00
JacobBarthelmeh 7c085837ae Merge pull request #10772 from dgarske/qat_review
Intel QuickAssist: multi-device utilization + software-fallback / Cavium fixes
2026-07-08 10:39:24 -06:00
Daniele Lacamera fc1bb6395d riscv: return KEYUSAGE_E for AES use without a key schedule
The generic wc_AesEncrypt/wc_AesDecrypt (aes.c) reject an AES object
whose key schedule was never set (rounds outside 1..7 after halving)
with KEYUSAGE_E, and every mode inherits that through their int return.
The RISC-V port's block helpers are void, so nothing reported unkeyed
use: wc_AesEncryptDirect and wc_AesCcmEncrypt/Decrypt silently
processed with a garbage schedule, and wc_AesCtrEncrypt classified it
as BAD_FUNC_ARG instead of KEYUSAGE_E.

Align the port with the generic error contract:
* wc_AesEncryptDirect / wc_AesDecryptDirect: add the generic rounds
  check (also fixes wc_CmacUpdate error reporting, which goes through
  wc_AesEncryptDirect on this port)
* wc_AesCcmEncrypt / wc_AesCcmDecrypt: same check after the argument
  sanity block
* wc_AesCtrEncrypt (both variants): the existing rounds switch now
  returns KEYUSAGE_E instead of BAD_FUNC_ARG

Found by the ISO 26262 MC/DC campaign argument-matrix tests
(test_wc_AesSetKeyArgMcdc, test_wc_AesModesArgMcdc, test_wc_AesCcmArgMcdc,
test_wc_CmacArgMcdc) under qemu-riscv64.
2026-07-08 18:29:52 +02:00
David Garske 59e942b07a Merge pull request #10844 from SparkiDev/windows_arm64_1
ARM64 Windows: Add assembly
2026-07-08 09:28:41 -07:00
David Garske 0d02f2fe2f Merge pull request #10816 from kojiws/fix_mem_cast_on_mldsa
Fix unaligned memory access in ML-DSA
2026-07-08 09:28:28 -07:00
David Garske 60085b0e48 Merge pull request #10837 from rlm2002/zd-NameConstraints
DNS name constraint fix
2026-07-08 09:21:52 -07:00
Tobias Frauenschläger 673d8d00bb Merge pull request #10778 from SparkiDev/time_stamp_protocol
Time-Stamp Protocol (RFC 3161)
2026-07-08 17:43:38 +02:00
David Garske b19f00a736 Merge pull request #10807 from SparkiDev/aes_gcm_siv_asm
AES-GCM-SIV: Add implementation in C and assembly
2026-07-08 08:30:02 -07:00
David Garske a8d223b308 Merge pull request #10834 from SparkiDev/cmake_update_1
cmake: add more build options in line with automake
2026-07-08 08:29:11 -07:00
David Garske 7f441a687a Merge pull request #10748 from night1rider/AES-Callbacks
AES callbacks for CFB and OFB
2026-07-08 08:25:23 -07:00
Daniele Lacamera 7b72cf6acf riscv: add missing argument checks in AES port
Align the RISC-V AES port's argument validation with the generic aes.c
implementations (and with the port's own vector/scalar-crypto siblings):

* wc_AesSetKey (base assembly variant, i.e. neither
  WOLFSSL_RISCV_VECTOR_CRYPTO_ASM nor WOLFSSL_RISCV_SCALAR_CRYPTO_ASM):
  reject key == NULL. The vector and scalar-crypto variants of the same
  function already check it; the base variant passed NULL through to the
  key expansion and wc_AesGcmSetKey then dereferenced the uninitialized
  schedule, crashing on e.g. wc_AesGcmSetKey(aes, NULL, 16).

* wc_AesCcmEncrypt / wc_AesCcmDecrypt: reject authIn == NULL when
  authInSz > 0, as the generic implementation does. The port otherwise
  walks the NULL authIn buffer while computing the CBC-MAC.

Found by the ISO 26262 per-module MC/DC campaign's argument-matrix tests
(test_wc_AesGcmSetKey, test_wc_AesCcmArgMcdc) running the RISC-V port
under qemu-riscv64: upstream CI only exercises this port with the KAT
suite, which never passes invalid arguments.
2026-07-08 16:37:08 +02:00
Josh Holtrop 07d41740de Fix use-after-free in some TLS shutdown/ReceiveData sequences 2026-07-08 08:14:39 -04:00
Tobias Frauenschläger 366000eec2 PKCS#7: support degenerate certs-only encode and harden signed-attribute handling
Server-side PKCS#7 encode improvements that let downstream EST/SCEP enrollment
code (wolfCert) drive the existing encoder through the public API rather than
hand-rolling DER. Everything is gated under the existing HAVE_PKCS7 — no new
build options and no new public functions; the convenience wrappers live
caller-side.

Allow degenerate (certs-only) SignedData encode
  Relax the hashOID != 0 requirement in PKCS7_EncodeSigned() when
  sidType == DEGENERATE_SID, so a caller can produce a certs-only bundle (no
  signer, attributes, or eContent — the form used by EST /cacerts and SCEP
  GetCACert) by selecting DEGENERATE_SID via wc_PKCS7_SetSignerIdentifierType()
  and calling wc_PKCS7_EncodeSignedData(). The output round-trips through
  wc_PKCS7_VerifySignedData().

Size the signed-attribute array to the actual count
  The SignerInfo attribute working array is now sized to the real attribute
  count instead of a fixed [7] array. An inline buffer (sized
  MAX_SIGNED_ATTRIBS_SZ, the historical footprint) covers the common
  allocation-free case; a heap buffer is used only when the count exceeds it.
  The default-attribute count comes from a single helper
  (wc_PKCS7_GetDefaultSignedAttribCount) so the sizing matches the emission
  logic exactly, and the canned-attribute write is bound-checked against the
  array capacity. This also fixes a latent overflow where the backing array was
  hardcoded [7] while the bound check used MAX_SIGNED_ATTRIBS_SZ. The macro is
  retained for source compatibility but no longer caps the count.

Document the decoded-attribute value shape
  Documented the stable shape of PKCS7DecodedAttrib.value (the contents of the
  SET OF AttributeValue, outer SET tag stripped) so callers can rely on it. No
  behavior change.

Fix multi-certificate decode in non-streaming builds
  Bound the additional-certificate loop in wc_PKCS7_VerifySignedData against the
  absolute end of the certificate set (idx + length) rather than the relative
  length. In NO_PKCS7_STREAM builds the old bound dropped trailing certificates
  (all but the first when a large eContent preceded the set), failing
  verification when the signer cert was among those dropped. Streaming builds
  were unaffected.

Tests
  Added coverage in pkcs7signed_test: degenerate certs-only encode via the
  public API, nine-attribute encode (beyond the inline capacity), decoded
  attribute value shape for PrintableString and OCTET STRING, and a
  multi-certificate decode regression with large content that triggers the
  bound bug under NO_PKCS7_STREAM. Added a signed-attribute selection
  round-trip covering a messageDigest-only subset and the no-attributes case
  via wc_PKCS7_SetDefaultSignedAttribs/wc_PKCS7_NoDefaultSignedAttribs, a
  WOLFSSL_NO_MALLOC over-capacity case that must return BUFFER_E instead of
  overrunning the inline buffer, and a malformed certificate-set length that
  exercises the certSetEnd clamp in the verifier. Config-sensitive cases are
  guarded.
2026-07-08 12:33:38 +02:00
Tobias Frauenschläger dcc2b23b1a Merge pull request #10852 from stenslae/fix-mldsa-privkeydecode-no-asn1
Fix ML-DSA level auto-detection in WOLFSSL_MLDSA_NO_ASN1 builds
2026-07-08 10:03:34 +02:00
Tobias Frauenschläger 3b07f7df34 Merge pull request #10855 from philljj/misc_fixes
wolfcrypt: fix several redefinition of typedef errors.
2026-07-08 09:56:45 +02:00
David Garske 3cc69f0fae Merge pull request #10839 from kojiws/fix_arm64_macro_name
ML-DSA: Fix misspelled `__arch64__` macro to `__aarch64__`
2026-07-07 21:55:46 -07:00
Paul Adelsbach f842e33145 Fix possible memcpy length overflow in wolfSSL_d2i_ASN1_INTEGER 2026-07-07 17:41:49 -07:00
David Garske e0a8f3f475 Merge pull request #10706 from JacobBarthelmeh/dev
defense in depth hardening for x509 extension create by OBJ and EVP decode update
2026-07-07 16:41:15 -07:00
Sean Parkinson ae023a5643 Time-Stamp Protocol (RFC 3161)
Implementation in wolfCrypt
OpenSSL compatibility layer in wolfSSL
Added tests, certificates, examples.
2026-07-08 09:33:47 +10:00
David Garske a296ac07fc Merge pull request #10842 from miyazakh/f6162_tsiphash
[Renesas RX72N] RX72N TSIP fixes and command-line build/flash/UART tooling
2026-07-07 16:17:30 -07:00
Sean Parkinson 7a1513468d cmake: add more build options in line with automake
Updates
  - ~100 individual options added (ciphers, TLS features, debug/test, caches,
  kernel-module, key-size numerics, asm) + fixed WOLFSSL_32BIT's missing define.
  - 37 app-integration bundles (openssh, nginx, haproxy, openvpn, wpas,
  apachehttpd, jni, wolfclu, wolfsentry, ...) - each force-enables its
  sub-options and emits its defines; all build clean and match ./configure
  --enable-X exactly (miss=0/extra=0).
  - Each option wired in 3 places: add_option + define in CMakeLists.txt,
  #cmakedefine in options.h.in, source selection where needed. Verified by real
  libwolfssl.so builds.
2026-07-08 09:11:14 +10:00
philljj 2f2ffbac04 Merge pull request #10856 from douzzer/20260702-linuxkm-various
20260702-linuxkm-various
2026-07-07 17:44:50 -05:00
David Garske 6d38bc12e8 Merge pull request #10854 from rlm2002/gi10846-7
IDE resource handling and error-path improvements
2026-07-07 15:13:28 -07:00
Sean Parkinson 2bcb4efb5b ARM64 Windows: Add assembly
Add assembly generated for Windows ARM64.
Add build option to project files.
Add CI loops.
2026-07-08 08:04:24 +10:00
David Garske d805c804b9 Merge pull request #10733 from mattia-moffa/20260617-max32666-sha-streaming-old
MAX32666 fixes for old SDK
2026-07-07 14:54:34 -07:00
Sean Parkinson af3befef80 ARM66 Windows: Add assembly
Add assembly generated for Windows ARM64.
Add build option to project files.
Add CI loops.
2026-07-08 07:53:53 +10:00
Sean Parkinson cf7319062b Add Windows assembly files to the build
Windows ASM files generated along side the ATT assembly files.
Adding them to the build so they can be used.
2026-07-08 07:53:53 +10:00