Commit Graph

29160 Commits

Author SHA1 Message Date
JacobBarthelmeh c61f58d53a change character type in comments 2026-04-01 17:22:50 -06:00
Daniel Pouzzner 68eaf67767 Merge pull request #10061 from anhu/fips23
Not just FIPS 140-2, 3 as well.
2026-04-01 18:03:09 -05:00
Daniel Pouzzner 6e8b3e0fcf wolfcrypt/src/blake2b.c and wolfcrypt/src/blake2s.c: restore volatile-based workaround for ARM32 gcc optimizer bug. 2026-04-01 17:14:30 -05:00
JacobBarthelmeh 107cf61ab7 Merge pull request #10118 from padelsbach/crl-no-ecc-fix
Fix compile issue with --enable-crl and --disable-ecc
2026-04-01 15:32:23 -06:00
Daniel Pouzzner 4228bedbcf wolfcrypt/src/integer.c and wolfssl/wolfcrypt/integer.h: constify args to mp_cmp() and mp_cmp_mag(). 2026-04-01 16:32:15 -05:00
Daniel Pouzzner faf2ff26de move WC_BARRIER() definition from wolfssl/wolfcrypt/types.h to wolfssl/wolfcrypt/wc_port.h, and strengthen it. 2026-04-01 16:20:10 -05:00
Daniel Pouzzner e6713372ee fixes from CI testing and peer review:
wolfcrypt/src/tfm.c and wolfssl/wolfcrypt/tfm.h: fix for -Wdiscarded-qualifiers in ecc_check_order_minus_1().

wolfssl/wolfcrypt/types.h: in WC_BARRIER(), use XFENCE() too, for best possible barrier.  fixes an ARM32 -Ofast -Wmaybe-uninitialized in blake2s_init_key().

wolfcrypt/src/asn_orig.c: set Stored flag after each allocation of a member that needs it.

wolfcrypt/src/signature.c: in wc_SignatureGetSize(), provide for legacy FIPS non-const-arg wc_ecc_sig_size() and wc_RsaEncryptSize().
2026-04-01 15:28:35 -05:00
Daniel Pouzzner 21c6568883 Fixes for -Wcast-qual hygiene in wolfCrypt.
.github/workflows/wolfCrypt-Wconversion.yml: Add -Wcast-qual to all scenarios.

wolfssl/wolfcrypt/signature.h, wolfcrypt/src/signature.c, doc/dox_comments/header_files/signature.h:

  Remove incorrect const qualifier on the key argument in

  * wc_SignatureVerifyHash()
  * wc_SignatureVerify()
  * wc_SignatureGenerateHash()
  * wc_SignatureGenerateHash_ex()
  * wc_SignatureGenerate()
  * wc_SignatureGenerate_ex()

  This fixes UB code patterns throughout signature.c.  key is inherently
  accessed readwrite by the underlying low level crypto.  Fortunately, wolfCrypt
  has no APIs/methods to allow actual const MPI key objects, therefore these
  seeming breaking API changes can't actually break any users.

globally:

  * Add const qualifiers to all struct pointer members that are assigned values
    computed from const pointers.

  * Add const qualifiers to intermediate casts for accessors and read-only
    dereference constructs, as needed for -Wcast-qual hygiene, e.g. for a macro
    GET_U16(a), use (*(const word16*)(a)) rather than (*(word16*)(a)).

  * Add const qualifiers to internal declarations, and remove illegal casts, as
    needed for -Wcast-qual hygiene.

  * Add missing const qualifiers to all casts for argument, operand, and
    assignment type agreement, as needed for -Wcast-qual hygiene, e.g.
    "*data = (const byte*)dataASN->data.ref.data" rather than
    "*data = (byte*)dataASN->data.ref.data".

wolfssl/wolfcrypt/asn.h, wolfssl/wolfcrypt/asn_public.h, wolfcrypt/src/asn.c, wolfcrypt/src/asn_orig.c:

  * Add additional lifecycle management for object members that are only sometimes locally allocated:

    DNS_entry.nameStored
    DNS_entry.ipStringStored
    DNS_entry.ridStringStored

wolfssl/wolfcrypt/types.h: add WC_BARRIER() macro -- a portable construct that
   prevents compiler optimizers from reordering operations across the barrier.

wolfssl/wolfcrypt/blake2-impl.h, wolfcrypt/src/blake2s.c, wolfcrypt/src/blake2b.c:

  * In blake2b_init(), blake2b_init_key(), blake2s_init(), and
    blake2s_init_key(), refactor blake2b_param initialization using WC_BARRIER()
    (fixes volatile abuse that triggered -Wcast-qual).

  * Remove the residual and unused WOLFSSL_BLAKE2[BS]_INIT_EACH_FIELD code.

wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h:

  Remove incorrect const qualifier on curve arg to wc_ecc_free_curve() (internal function).
2026-04-01 14:12:02 -05:00
Paul Adelsbach 2d8e853c74 Fix compile issue with --enable-crl and --disable-ecc 2026-04-01 10:10:35 -07:00
Reda Chouk d3ce5b8537 DTLS 1.3 and TLS 1.3 focused fixes
dtls13.c:
- Fix wrong return value in Dtls13SendFragmentedInternal error path (return outputSz instead of recordLength)
- Fix incomplete bounds check in Dtls13SendFragmented to account for DTLS_HANDSHAKE_HEADER_SZ
- Fix wrong WOLFSSL_ENTER trace string in Dtls13EpochCopyKeys

tls13.c:
- Remove wrong (byte) cast on cookie->len passed to TlsCheckCookie
- Add missing bounds check on PSK identityLen in SetupPskKey before copying to client_identity
- Fix data race on static header array in ExpectedResumptionSecret
- Add defensive underflow check in EncryptTls13 for consistency with DecryptTls13
- Fix wrong return variable in DTLS 1.3 Finished send error path (return dtlsRet instead of ret)
- Add missing SM3 case and default in Tls13_Exporter hash switch to prevent NULL dereference
- Initialize *outSz to 0 in wolfSSL_write_early_data to match wolfSSL_read_early_data
- Add bounds check for bindersLen against helloSz in CheckPreSharedKeys
- Fix resource leak and hash state corruption in ExpectedResumptionSecret error paths
- Fix memory leak of rsaSigBuf in dual-alg RSA+RSA CertificateVerify
- Guard against word32 underflow in inputLength - HANDSHAKE_HEADER_SZ in DoTls13HandShakeMsg
- Fix swapped side parameter in DeriveFinishedSecret for server-side Finished processing
- Fix no_mac fall-through in ssl_handshake_md to return NULL instead of wrong digest
- Fix strict aliasing violation in FindPsk PSK key size check
- Remove duplicate !ssl->options.dtls check in TLS 1.3 middlebox compat condition

tests:
- Add regression tests for wolfSSL_write_early_data outSz initialization and DTLS 1.3 Finished send error propagation
2026-04-01 18:36:45 +02:00
Anthony Hu c51cbe149b Get rid of a data file. 2026-04-01 09:00:43 -04:00
Juliusz Sosinowicz ed5eac1c7d wc_EncryptedInfoGet: add AES-CTR support 2026-04-01 14:00:27 +02:00
Juliusz Sosinowicz 6a1db27bae Fix type casting for psk_keySz in MakePSKPreMasterSecret and initialize newSz in PKCS12_ConcatenateContent 2026-04-01 14:00:27 +02:00
Juliusz Sosinowicz 829fbbc702 Fix namespace collision on CRL reasons 2026-04-01 14:00:27 +02:00
Ruby Martin 8df8e4a87a prevent out of bounds read in loadX509orX509REQFromPemBio() 2026-03-31 14:47:19 -06:00
JacobBarthelmeh 96fc1e6078 use native WOLFSSL_BIO_NOCLOSE instead of BIO_NOCLOSE in client example 2026-03-31 13:28:05 -06:00
Daniel Pouzzner 6fc93ac412 Merge pull request #10107 from danielinux/vde-license-exception
Added approved license exception for vde
2026-03-31 12:27:15 -05:00
Anthony Hu 7be3d1f18d Better macro gating 2026-03-31 12:48:12 -04:00
Paul Adelsbach 4aac31bf09 Cast to unsigned prior to shift to avoid UB in SLH-DSA 2026-03-31 09:43:58 -07:00
Paul Adelsbach 73c6f2a91f Fix out of bounds shift in ML-DSA 2026-03-31 09:39:45 -07:00
Paul Adelsbach ec9b6cf469 Add test cases 2026-03-31 09:29:46 -07:00
Paul Adelsbach 452652bbce Add bounds check on wolfSSL_X509_notBefore and wolfSSL_X509_notAfter 2026-03-31 09:29:46 -07:00
Daniel Pouzzner ef3ba4906b Merge pull request #10109 from julek-wolfssl/openvpn-master
Fix GetLength return value check in ASN1_INTEGER functions
2026-03-31 11:23:11 -05:00
Eric Blankenhorn 9d316fc234 Fix GCC 3.4.0 build error 2026-03-31 11:06:40 -05:00
Tobias Frauenschläger b7684c1bcc Zeroize heap buffer after ML-DSA signing
Ensure that the heap buffer used (among others) to store sensitive data
during ML-DSA signing is zeroized before freeing the memory.

Follow-up for zd21464

Reported by: Abhinav Agarwal (GitHub: @abhinavagarwal07)
2026-03-31 16:44:49 +02:00
Eric Blankenhorn a3fad2af91 Fix feedback from review 2026-03-31 09:35:43 -05:00
Jeremiah Mackey 9c3895332e fix lost error in SE050 ECC key insert 2026-03-31 14:34:49 +00:00
Eric Blankenhorn 6495e8e941 Fix ARIA build issue and FIPS guard 2026-03-31 08:31:14 -05:00
Juliusz Sosinowicz 4c2a90c8ef Fix GetLength return value check in ASN1_INTEGER functions
Change GetLength() return check from > 0 to >= 0 in wolfSSL_ASN1_INTEGER_get_length
and wolfSSL_ASN1_INTEGER_get0_data. GetLength returns the decoded length (≥ 0) on
success and negative error codes on failure, so checking > 0 incorrectly excluded
zero-length values, making the DER-stripping logic dead code.
2026-03-31 12:44:30 +02:00
Juliusz Sosinowicz 9cbdf04359 fixup! Refactor: Use dynamic allocation for RSA test buffers 2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz 8b378bcfd1 fixup! DTLS1.3: Implement RFC 9147 legacy_session_id_echo requirements 2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz 362a374e73 fixup! Refactor: Use dynamic allocation for RSA test buffers 2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz 3b0b50e392 DTLS1.3: Implement RFC 9147 legacy_session_id_echo requirements 2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz c9c2376068 TLS1.3: Improve session version handling for resumption 2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz fb4600bf54 Core: Unconditionally expose WOLFSSL_SESSION::version 2026-03-31 12:42:16 +02:00
Juliusz Sosinowicz 003c0147d0 Refactor: Use XFILE for test memory I/O dumps 2026-03-31 12:42:15 +02:00
Juliusz Sosinowicz 1a4f327d11 Refactor: Use dynamic allocation for RSA test buffers 2026-03-31 12:42:15 +02:00
Daniele Lacamera 18332faa05 Added approved license exception for vde 2026-03-31 08:49:29 +02:00
Daniel Pouzzner b36a9ca80e Merge pull request #10032 from JacobBarthelmeh/changelog
minor formatting fixes to changelog
2026-03-30 23:01:35 -05:00
Daniel Pouzzner a2298dde9c Merge pull request #10105 from padelsbach/lms-sign-external
Add buffer size and callback checks to external wc_LmsKey_Sign
2026-03-30 23:01:00 -05:00
Daniel Pouzzner 5f54de0577 Merge pull request #10076 from rizlik/dtls13_ack_improvements
Dtls13: ack management improvements
2026-03-30 22:59:54 -05:00
Daniel Pouzzner 1a3daf0148 Merge pull request #10087 from padelsbach/crl-num-negative
Reject negative CRL numbers when decoding
2026-03-30 22:58:34 -05:00
Daniel Pouzzner adf70b1629 Merge pull request #10089 from julek-wolfssl/openvpn-master
openssl compat: fix ASN1_STRING_{length,get0_data} for ASN1_INTEGER
2026-03-30 22:52:36 -05:00
Daniel Pouzzner 8e54eb9364 Merge pull request #10048 from anhu/constraints
Enforce URI name constraints in ConfirmNameConstraints
2026-03-30 22:51:52 -05:00
Daniel Pouzzner 74a407939b Merge pull request #10093 from lealem47/ocsp_hang
Fix hang in OCSP Stapling test
2026-03-30 22:50:44 -05:00
Daniel Pouzzner c8415c407f Merge pull request #10100 from Frauschi/zd21464
Zeroize sensitive buffers for ML-DSA
2026-03-30 22:34:53 -05:00
Brian Aker dd84a70bee Remove unused m4 macros and update AX_PTHREAD
Remove the unused AX_CHECK_LIBRARY and REQUIRE_CANONICAL macros from m4/, and stop calling AC_CANONICAL_TARGET from configure.ac since this tree no longer needs target canonicalization.

Update m4/ax_pthread.m4 to the latest AX_PTHREAD macro from the autoconf archive, which brings the host-based canonicalization checks used by the current upstream macro.
2026-03-30 19:02:12 -07:00
Daniel Pouzzner b5a835abed Merge pull request #10054 from kojo1/Csharp
fix for Csharp user_settings.h
2026-03-30 18:32:19 -05:00
Paul Adelsbach 18494e154f Reject negative CRL numbers when decoding 2026-03-30 16:09:32 -07:00
Paul Adelsbach 2ac3020bb6 Add buffer size and callback checks to external wc_LmsKey_Sign 2026-03-30 15:02:13 -07:00