Commit Graph

38 Commits

Author SHA1 Message Date
Daniel Pouzzner 7dd269fc52 Merge pull request #10793 from embhorn/gh10790
Restore error code from DecodeGeneralName
2026-07-01 17:49:37 -05:00
Daniel Pouzzner 9f48aef47f Merge pull request #10638 from rizlik/nc_uri_trailing_dot
NameConstraints fixes
2026-07-01 17:14:08 -05:00
Eric Blankenhorn e1a2ba3b02 Restore error code from DecodeGeneralName 2026-06-26 11:11:22 -05:00
Tobias Frauenschläger dedba75ad4 Reject duplicate certificatePolicies extension in WOLFSSL_CERT_EXT builds
DecodeExtensionType() guarded the certificatePolicies duplicate check
(VERIFY_AND_SET_OID) under WOLFSSL_SEP only, because the extCertPolicySet
tracking bit was SEP-only. In a WOLFSSL_CERT_EXT-without-WOLFSSL_SEP build a
cert with two certificatePolicies extensions was accepted and the second
silently overwrote the first (RFC 5280 4.2 forbids repeats). Make the bit and
the guard available under WOLFSSL_CERT_EXT too, matching every other
non-repeatable extension.

Add test_DecodeCertExtensions_dup_certpol (DecodeExtensionType now
WOLFSSL_TEST_VIS).
2026-06-17 19:14:21 +02:00
Marco Oliverio ef8836a346 Handle the absolute-FQDN trailing dot in URI name constraints
One trailing dot marks an absolute FQDN and is not part of the host:
"host.com." and "host.com" denote the same host. Strip it from the
URI host before classification (so "12.31.2.3." is still recognized
as an IPv4 address) and from the constraint base before the exact-match
comparison, mirroring what wolfssl_local_MatchBaseName() already does
for DNS name constraints. Only a single dot is the marker: an empty
last label ("host.com..") is rejected.
2026-06-15 11:56:31 +02:00
Marco Oliverio 4b3bb49b27 NameConstraints: Require DNS reg-name host for URI name constraints
RFC 5280 4.2.1.10 defines URI name constraints in terms of a host that
is a fully qualified domain name; RFC 3986 IP-literal ([...]) and
IPv4address hosts are not DNS reg-names and cannot be meaningfully
matched against a DNS-style constraint base.

- Classify the host extracted by GetUriHost (IP-literal, IPv4address,
  reg-name) and validate that a reg-name has no empty labels.
- wolfssl_local_MatchUriNameConstraint() no longer matches URIs whose
  host is an IP address.
- ConfirmNameConstraints() fails closed: when URI constraints are
  present, a URI SAN without a DNS host is rejected. A plain non-match
  would otherwise let such names pass excluded-only constraints.
2026-06-15 11:04:27 +02:00
Sean Parkinson 63fd322382 Merge pull request #10641 from rlm2002/zd21890
Fixes for SM2/3 and FindMultiAttrib
2026-06-11 08:01:20 +10:00
David Garske 10e2afa20a Merge pull request #10595 from miyazakh/f5381_RSASSA-PSS_trailerField
f5381 enforce trailerField==1 in DecodeRsaPssParams
2026-06-10 10:05:22 -07:00
Hideki Miyazaki 7d74caac6d Addressed review comments 2026-06-10 07:02:46 +09:00
Ruby Martin fa5247b516 add regression test for sm builds 2026-06-09 15:40:16 -06:00
Hideki Miyazaki 2e34433c52 enforce trailerField==1 in DecodeRsaPssParams 2026-06-04 10:32:27 +09:00
Marco Oliverio c4b4e6cd14 NameConstraints: support wildcard SAN 2026-05-28 15:19:20 +02:00
David Garske 2dd7947d27 Merge pull request #10483 from cconlon/pkcs8V1PublicKeyParse
ML-DSA: PKCS#8 parsing + EVP_PKCS82PKEY support
2026-05-27 17:41:30 -07:00
Chris Conlon 497de930fd evp: support ML-DSA in wolfSSL_EVP_PKCS82PKEY() and wolfSSL_X509_check_private_key() 2026-05-22 14:56:14 -06:00
Chris Conlon a9e15634db asn: parse RFC 5958 PKCS#8 (OneAsymmetricKey) publicKey trailer in ToTraditional_ex() 2026-05-22 14:55:38 -06:00
Sean Parkinson 58c41b6d57 Merge pull request #10458 from philljj/fix_GetShortInt
asn: fix GetShortInt for asn original.
2026-05-13 16:44:38 +10:00
David Garske 3e6efbac52 Merge pull request #9567 from jackctj117/serial-0
Allow serial number 0 for root CA certificates
2026-05-12 09:19:56 -07:00
jordan 333aaaa3a9 asn: fix GetShortInt for asn original. 2026-05-11 14:50:48 -05:00
Chris Conlon 7cc84d38fb fix SetAsymKeyDer to set PKCS#8 version=1 when bundling publicKey (RFC 5958) 2026-05-07 14:05:51 -06:00
Juliusz Sosinowicz 061311d6ca zd/21661: harden X.509 chain validation, session ticket identity binding, and peer cert restore
- x509_str: require CA:TRUE unconditionally in wolfSSL_X509_verify_cert;
  verify leaf signature even when verify_cb overrides INVALID_CA
- x509_str: align WOLFSSL_X509_V_ERR_INVALID_CA with OpenSSL value (79)
  so OPENSSL_COEXIST builds compile; bump WC_OSSL_V509_V_ERR_MAX to 80
  and extend error_test() missing-value table for the new gaps
- asn: reject embedded NUL in dNSName / rfc822Name / URI SAN entries
- internal: re-verify restored ticket peer cert against trust store with
  CRL/OCSP checks; clear stale state from session cache on verification
  failure
- ticket: bind SNI and ALPN into session ticket via compile-time selected
  hash (TICKET_BINDING_HASH_TYPE); reject resumption on mismatch in both
  TLS 1.3 and TLS 1.2 paths
- ticket: defer SNI/ALPN binding check until after extensions are parsed
  by consolidating into VerifyTicketBinding(), called once after
  ALPN_Select in DoTls13ClientHello and DoClientHello; the early
  per-call sites ran before extensions were parsed and rejected valid
  resumptions in nginx, haproxy, grpc, and CPython integration tests
- ssl_sess: free previous session in wolfSSL_d2i_SSL_SESSION before
  overwrite
- examples/client: increase SESSION_TICKET_LEN fallback from 256 to 2048
  to support larger tickets
- tests: update SAN NUL fixtures and add parse-time rejection coverage;
  add test_tls13_ticket_peer_cert_reverify for CA-removal scenario; skip
  it under WOLFSSL_NO_DEF_TICKET_ENC_CB
2026-05-06 16:45:58 +02:00
jackctj117 2cd42c9e16 Skoll review 2026-05-05 13:46:05 -06:00
jackctj117 ee744b1f0b Allow serial number 0 for root CA certificates 2026-05-05 13:44:47 -06:00
Eric Blankenhorn 2b7e96614a Rebase conflicts 2026-03-20 16:19:11 -05:00
Eric Blankenhorn cff1a3cfdd Fix from review 2026-03-20 16:16:24 -05:00
Eric Blankenhorn 1a5090a582 Rebase conflicts 2026-03-20 16:16:21 -05:00
Eric Blankenhorn 8ffb096fc5 Fix from review 2026-03-20 09:06:22 -05:00
Eric Blankenhorn 6446bb2115 Fix DecodeAltNames length check 2026-03-20 08:16:47 -05:00
Sameeh Jubran deb668ca4b pkcs7: add RSA-PSS support for SignedData
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.

Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-25 11:02:47 +02:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Marco Oliverio 94dc7ae9ad asn: MatchBaseName fixes 2026-01-07 17:53:43 +01:00
Josh Holtrop 98b6b92a76 Error from GetShortInt with negative INTEGER values 2025-08-19 12:40:48 -04:00
Koji Takeda 0a9356e645 Improve original implementation on SetAsymKeyDer() and the test 2025-08-15 00:04:01 +09:00
Josh Holtrop 15c8730ef7 Use wc_ prefix for IndexSequenceOf() 2025-07-22 14:50:42 -04:00
Josh Holtrop 77bace5010 Update style per code review comments 2025-07-22 14:47:22 -04:00
Josh Holtrop 06d86af67c Add API to decode SymmetricKeyPackage and OneSymmetricKey CMS objects 2025-07-19 18:28:06 -04:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Sean Parkinson e649e1047f API test ASN: must not have NO_ASN defined
Add testing of PSK only to workflows.
2025-07-07 16:24:10 +10:00
Koji Takeda d76386f38c Add tests 2025-06-25 11:27:12 +09:00