Commit Graph

29160 Commits

Author SHA1 Message Date
Jeremiah Mackey b85e500ffa Fix sz==0 buffer underflow in devcrypto AES-CBC 2026-03-18 17:22:44 +00:00
Sean Parkinson 30cb25e498 Fixes from AI review 2026-03-18 22:08:58 +10:00
Juliusz Sosinowicz 141662edfb Ignore CLAUDE.md 2026-03-18 12:57:27 +01:00
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
JacobBarthelmeh 816978050a Merge pull request #10000 from douzzer/20260317-ecc_point_test-FIPS-gate
20260317-ecc_point_test-FIPS-gate
2026-03-17 19:41:38 -06:00
JacobBarthelmeh e30923678a Merge pull request #9998 from douzzer/20260317-wc_linuxkm_rng_is_wolfcrypt
20260317-wc_linuxkm_rng_is_wolfcrypt
2026-03-17 18:59:07 -06:00
JacobBarthelmeh c952b694f7 add back WOLFSSL_QT macro guard for order of cipher suites 2026-03-17 17:46:13 -06:00
Daniel Pouzzner df7b67ba27 wolfcrypt/test/test.c: fix FIPS gate in ecc_point_test() for "Test compressed point with missing x coordinate bytes". 2026-03-17 18:15:39 -05:00
Daniel Pouzzner 87125c49e1 wolfcrypt/src/rng_bank.c and wolfssl/wolfcrypt/rng_bank.h: add !WC_NO_CONSTRUCTORS gate around wc_rng_new_bankref(). 2026-03-17 17:45:09 -05:00
Daniel Pouzzner 7c0d64ade5 linuxkm/lkcapi_sha_glue.c and linuxkm/linuxkm_wc_port.h: add wc_linux_kernel_rng_is_wolfcrypt(), and remove incorrect crypto_put_default_rng() in get_crypto_default_rng(). 2026-03-17 17:44:45 -05:00
sebastian-carpenter 7e9f9dc140 refactor openssl-ech workflow + add suite testing 2026-03-17 16:29:58 -06:00
sebastian-carpenter 8445493dd9 hpke snake_case to camelCase 2026-03-17 14:43:06 -06:00
sebastian-carpenter 36580b0ae8 move hpke-esque code out of tls 2026-03-17 14:43:06 -06:00
sebastian-carpenter 5acdcf6ad7 hpke uses wrong kdf/kem digest 2026-03-17 14:42:57 -06:00
JacobBarthelmeh 668d69b73a Merge pull request #9988 from kareem-wolfssl/zd21356
Check raw pubkey length in wc_ecc_import_x963 before copying to it for KCAPI case.
2026-03-17 14:12:11 -06:00
David Garske a98cb451c5 Merge pull request #9948 from SparkiDev/sp_int_comment_fixes_1
sp_int.c: comment fixes
2026-03-17 07:38:48 -07:00
JacobBarthelmeh 6f386fd6b2 Merge pull request #9981 from julek-wolfssl/fenrir/260316
Fenrir fixes
2026-03-17 08:36:11 -06:00
Juliusz Sosinowicz 0644369456 Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType
ZD21341
2026-03-17 14:59:04 +01:00
David Garske a51b40bd01 Merge pull request #9968 from Frauschi/mlkem_fixes
ML-KEM fixes
2026-03-17 06:53:38 -07:00
David Garske e023c1793d Merge pull request #9989 from JacobBarthelmeh/ecc
add sanity check on keysize found with ECC point import
2026-03-17 06:14:40 -07:00
Sameeh Jubran e96dc3690f linuxkm/lkcapi_aes_glue.c: fix scatterwalk_map error handling in AesGcmCrypt_1
When scatterwalk_map fails in either the stream or non-stream path, the
code jumped to cleanup without setting err, causing the function to
return 0 (success) despite the failure. This could cause the kernel
crypto layer to treat uninitialized data as valid ciphertext/plaintext.

- Capture the error code (PTR_ERR) into err before goto out
- Fix PTR_ERR arguments that incorrectly used assoc instead of
  in_map/out_map (assoc was NULL or pointed to the wrong mapping)
- Make in_map/out_map NULL assignments unconditional (previously
  gated behind < 6.15, but the cleanup at out: checks these
  pointers on all kernel versions)
- Remove bogus scatterwalk_unmap of a failed walk in the stream
  path on >= 6.15

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-03-17 14:01:50 +02:00
Tobias Frauenschläger 10b98733f2 Add tests for individual ML-KEM levels (based on #9777)
Also fix minor problems found with these tests
2026-03-17 12:43:15 +01:00
Tobias Frauenschläger 76b1300adb ML-KEM fixes
* DTLS 1.3 cookie and CH frag handling
* static memory handling
* Fix memory leak in TLS server PQC handling in case of ECH
* Make sure hybrids are actually tested in testsuite
2026-03-17 12:43:15 +01:00
Takashi Kojo 8354eb71ca Brainpool to set1_sigalgs_list 2026-03-17 11:22:14 +09:00
David Garske 4c75a866d9 Add inline documentation for missing macros and fix spelling errors 2026-03-16 17:09:13 -07:00
Ruby Martin f55afbd5f1 fix more null derefs 2026-03-16 17:22:51 -06:00
Kareem 76c52c31fb Disallow wildcard partial domains when using MatchDomainName. 2026-03-16 16:21:47 -07:00
JacobBarthelmeh 44de734fa3 add sanity check on keysize found with ECC point import 2026-03-16 16:57:50 -06:00
Kareem ddc177b669 Check raw pubkey length in wc_ecc_import_x963 before copying to it for KCAPI case. 2026-03-16 15:34:18 -07:00
Juliusz Sosinowicz 7c92fb204d Use constant-time PKCS#7 padding check in EVP
F-763
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz fac08427e5 Fix missing op validation in EVP_PKEY_decrypt
F-747
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz 5f7bc0f3a6 Clear sensitive stack buffers in ed448 signing
F-765
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz 109e765b5b Clear sensitive stack buffers in ed25519 signing
F-764
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz e4b55be65a Use mp_forcezero for DH private key in async path
F-766
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz 643427040b Clear seed buffer after dilithium key generation
F-767
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz 4ee9a263f0 Fix resource leak in wc_InitEccsiKey_ex error path
F-752
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz b168bfaa6a Check wc_ecc_init_ex return value in wc_GetKeyOID
F-749
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz 265fbdb3dd Check wc_InitRsaKey return value in wc_GetKeyOID
F-748
2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz f56356a9b4 test_lms_write_key: check fwrite return 2026-03-16 15:15:11 -07:00
Juliusz Sosinowicz 43a36a17d4 Upgrade deprecated GitHub Actions to v4
F-876
2026-03-16 15:14:26 -07:00
Juliusz Sosinowicz c6f41bce2f Fix memory leak on hash failure in LoadCertByIssuer
F-721
2026-03-16 15:14:26 -07:00
Juliusz Sosinowicz 4596e9e1a7 Fix error return in InitSSL verify param path
F-720
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz a9a9eae4d9 Fix error propagation in InitSSL QUIC path
F-719
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz 3ff051f3e4 Use secure wipe for RSA temporary
F-718
2026-03-16 15:14:25 -07:00
Juliusz Sosinowicz 0d7ef87f09 Fix bounds check in session deserialization
F-717
2026-03-16 15:14:25 -07:00
David Garske b5c532703a Merge pull request #9954 from kareem-wolfssl/gh9951
Fix potential overflows in used size calculation in generic, TI and SE050 hash functions.
2026-03-16 15:09:22 -07:00
David Garske da635c9004 Merge pull request #9980 from anhu/sphincs_no_elseif
Fixes SPHINCS else-if chain key detection
2026-03-16 15:03:59 -07:00
David Garske 90377e10c5 Merge pull request #9979 from anhu/falcon_no_elseif
Fixes Falcon else-if chain key detection
2026-03-16 15:03:43 -07:00
David Garske 96661a5dab Merge pull request #9977 from JacobBarthelmeh/multi-test
Minor fixes for nightly multi-test tool
2026-03-16 14:31:39 -07:00
JacobBarthelmeh 57f416fc43 Merge pull request #9961 from sebastian-carpenter/tls-ech-coverity
minor coverity fixes for tls ech code
2026-03-16 15:27:27 -06:00