Commit Graph

9535 Commits

Author SHA1 Message Date
Sean Parkinson 3c2a92d21d Merge pull request #10225 from kareem-wolfssl/zd21544
Fix uninitialized before use warning.  Fix unsupported #warning directive by Tasking compiler.
2026-04-16 08:55:49 +10:00
Sean Parkinson f286f62cb3 Merge pull request #10201 from gasbytes/quic_record_cap
add missing WOLFSSL_QUIC_MAX_RECORD_CAPACITY check on the early-data
2026-04-16 08:42:35 +10:00
Sean Parkinson 6be03a5dab Merge pull request #10182 from embhorn/zd21576
Fix TLSX_EchChangeSNI to check hostname termination
2026-04-16 08:37:42 +10:00
Sean Parkinson 0c93bf9e7c Merge pull request #10229 from mattia-moffa/20260415-zd21621
Fix regressions (fast math MAX_ENCODED_SIG_SZ; DTLS export IV buffer size)
2026-04-16 08:33:23 +10:00
Sean Parkinson 1fab25301f Merge pull request #10221 from julek-wolfssl/gh/10197
TLS 1.3: evict session from cache after accepted 0-RTT resumption
2026-04-16 08:16:31 +10:00
Daniel Pouzzner bfca39a97b src/ssl.c, src/ssl_sess.c, src/x509.c, wolfssl/internal.h: rename wolfssl_get_ex_new_index() to wolfssl_local_get_ex_new_index(). 2026-04-15 11:53:32 -05:00
Daniel Pouzzner d8085cc427 src/ssl_load.c, wolfssl/ssl.h, tests/api.c: rename wolfSSL*PrivateKey_id() to wolfSSL*PrivateKey_Id_ex(), and add missing WOLF_PRIVATE_KEY_ID gating. 2026-04-15 11:53:06 -05:00
Mattia Moffa bd3cf10270 DTLS export: cap IV size at buffer size
ExportKeyState was writing ssl->specs.iv_size bytes from
keys->aead_enc_imp_IV (always sized AEAD_MAX_IMP_SZ). ssl->specs.iv_size
carries a different meaning depending on the cipher suite: in AEAD
suites it's the implicit IV / nonce size, but in CBC it's the block
cipher's IV size (16). In CBC this overran the size of aead_enc_imp_IV
(12).
2026-04-15 12:39:49 +02:00
Daniel Pouzzner ebbab7ac45 src/crl.c: fix sequence in FreeCRL(): First decrement the refcount, then shut down the CRL monitor, then deallocate resources (fixes ASAN-detected read-after-free). 2026-04-14 23:09:20 -05:00
Sean Parkinson 6ac0f82b85 Merge pull request #10204 from mattia-moffa/20260413-fixes
SetSuitesHashSigAlgo fix
2026-04-15 11:39:26 +10:00
Sean Parkinson 5ad6097f15 Merge pull request #10168 from night1rider/zd-21534
Address bug fixes sent in by ZD 21534
2026-04-15 09:11:04 +10:00
Sean Parkinson 0b88017e20 Merge pull request #10181 from embhorn/zd21567
Fix ReqCertFromX509 to check bounds
2026-04-15 09:01:25 +10:00
Sean Parkinson 14ebd3d649 Merge pull request #10170 from embhorn/zd21566
Fix partial chain verification
2026-04-15 08:58:28 +10:00
Kareem 5defbc3219 Tasking compiler does not support #warning and needs the #pragma message case where available.
Fixes #10108.
2026-04-14 15:06:20 -07:00
Juliusz Sosinowicz e5f569ad7c TLS 1.3: evict session from cache after accepted 0-RTT resumption
Per RFC 8446 section 8, a server MUST ensure that any instance of it
would accept 0-RTT for the same 0-RTT handshake at most once. Without
this, the same ClientHello could be replayed to re-accept early data on
a subsequent connection.

After the PSK is authenticated (binder verified) in DoPreSharedKeys,
call wolfSSL_SSL_CTX_remove_session on ssl->session when the client
offered 0-RTT and the session permits it. That evicts the entry from
the internal cache (under the row's write lock) and invokes the
application's ctx->rem_sess_cb so any external cache can drop its copy
too. The session's timeout is also cleared so the live reference held
by the current handshake cannot be resumed again.

The mutation is paid only when the client actually included the
early_data extension on a 0-RTT-capable session, so normal resumptions
are unaffected and the existing remove-callback counts in
test_wolfSSL_CTX_add_session_ext_{tls13,dtls13} stay correct.

wolfSSL_SSL_CTX_remove_session was previously declared and defined only
under the OpenSSL compatibility layer. Because it is now called from
the core TLS 1.3 PSK path, the declaration in wolfssl/ssl.h and the
definition in src/ssl_sess.c are moved out of that block to match the
existing !NO_SESSION_CACHE gate under which the function is meaningful.
wolfSSL_SSL_get0_session stays in the compat block.

test_tls13_early_data_0rtt_replay verifies the behaviour. It does a
full TLS 1.3 handshake with stateful tickets (SSL_OP_NO_TICKET) and
max_early_data > 0, then tries to resume the saved session twice while
offering 0-RTT each time. A minimal single-slot external session cache
is wired up via wolfSSL_CTX_sess_set_{new,get,remove}_cb to confirm
both caches are cleared. Round 0 must resume and deliver the early
data, and rem_calls must hit 1 (the fix's single eviction). Round 1
must fall back to a full handshake (session_reused == 0), deliver no
early data, and leave rem_calls at 1.

Verified against multiple configurations (incl. --enable-all
--enable-earlydata, the no-compat -DHAVE_EXT_CACHE build, and the
os-check.yml combo). Valgrind under -g2 -O0 with OPENSSL_EXTRA +
HAVE_EXT_CACHE + HAVE_EX_DATA reports no errors and no
definitely-lost bytes.

Refs wolfSSL/wolfssl#10197
2026-04-14 15:35:50 +00:00
Eric Blankenhorn c873f3f77d Fix from review 2026-04-14 07:58:43 -05:00
Eric Blankenhorn a6fd25b94e Fix partial chain verification 2026-04-14 07:25:11 -05:00
Reda Chouk ef4e11b016 add missing WOLFSSL_QUIC_MAX_RECORD_CAPACITY check on the early-data path in quic_record_make() and added a unit test for it 2026-04-14 12:43:19 +02:00
Daniel Pouzzner c4c2d8fafe src/include.am, wolfcrypt/src/aes.c, wolfcrypt/src/port/riscv/riscv-64-aes.c: initial buildability of fips-dev with --enable-riscv-asm. 2026-04-13 18:57:20 -05:00
Sean Parkinson 649a32fd6e Merge pull request #10169 from embhorn/zd21565
Fix for peer cert verify with IP address
2026-04-14 08:21:23 +10:00
Eric Blankenhorn 33310010a9 Fix wolfSSL_sk_X509_OBJECT_deep_copy to check bounds 2026-04-13 17:02:51 -05:00
Mattia Moffa f540bb3ddf SetSuitesHashSigAlgo fix
ZD#21599
2026-04-13 22:25:15 +02:00
Eric Blankenhorn ff7a32d022 Fix TLSX_EchChangeSNI to check hostname length 2026-04-13 14:53:06 -05:00
David Garske b17755b63f Merge pull request #10164 from rizlik/bio
BIO improvements and fixes
2026-04-13 12:40:02 -07:00
David Garske a143369522 Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
Zackery Backman 0ab5401edf Fix cast-away-const in ws_ctx_ssl_set_tmp_dh: allocate DerBuffer with actual size and copy data instead of pointing at caller's const buffer, which caused FreeDer to free non-owned memory. 2026-04-13 11:32:51 -06:00
Zackery Backman 4594f3f275 Copy-paste error in ProcessBufferCertPublicKey and ProcessBufferCertAltPublicKey, Fix #endif comments closing WOLFSSL_SM2/SM3 blocks, not HAVE_ED25519 2026-04-13 11:32:51 -06:00
Zackery Backman 2a0d76cf63 Fix DH encoding check in wolfSSL_CTX_set_tmp_dh: && to || and < to <= to catch single-param failure and zero-length, matching wolfSSL_set_tmp_dh. 2026-04-13 11:32:51 -06:00
Zackery Backman 886ca031d0 Fix == vs = in wolfSSL_add1_chain_cert so ret captures up_ref result instead of comparing against it, matching wolfSSL_CTX_add1_chain_cert 2026-04-13 11:32:51 -06:00
Zackery Backman 0a152dd482 Fix inverted AllocDer success check in wolfSSL_use_AltPrivateKey_Label 2026-04-13 11:32:51 -06:00
Zackery Backman 72c1dd7290 Fix inverted AllocDer success check in wolfSSL_use_AltPrivateKey_Id 2026-04-13 11:32:51 -06:00
Sean Parkinson 0434139967 Merge pull request #10186 from Frauschi/f-159
Error out in case of unknown extensions in response message in TLS 1.3
2026-04-13 09:18:46 +10:00
Paul Adelsbach 6f7e5d030b Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit 2026-04-10 10:48:17 -07:00
Tobias Frauenschläger b0763ea4d1 Error out in case of unknown extensions in response message in TLS 1.3 2026-04-10 17:43:35 +02:00
Tobias Frauenschläger 21f1587c26 PKCS#11: add ML-KEM support
Add PKCS#11 integration for ML-KEM with key generation,
encapsulation and decapsulation support through the crypto
callback path.

Includes ML-KEM PKCS#11 constants/types, key store handling,
token object lifecycle management, and ML-KEM key init helpers
for private-key ID/label workflows.

Align implementation details with current upstream conventions
and review feedback:
- internal wolfCrypt ML-KEM path only for PKCS#11
- inline ML-KEM key-type/flag checks in PKCS#11 code
- proper key template formatting and enum placement
- ensure TLS ML-KEM object storage behavior is compatible with
  PKCS#11 ephemeral-key decapsulation flow
2026-04-10 12:23:37 +02:00
Marco Oliverio b30e0f679c bio: update stale comment 2026-04-10 08:50:30 +02:00
Sean Parkinson abfff1ec2f Merge pull request #10167 from embhorn/zd21571
Fix ETM on resumption
2026-04-10 07:45:20 +10:00
Marco Oliverio 6b74ae5fc5 bio: simplify BIO_gets null-termination, improve ossl compat 2026-04-09 15:18:22 +02:00
Eric Blankenhorn 1e1e34ce8c Fix for peer cert verify with IP address 2026-04-08 15:47:57 -05:00
Eric Blankenhorn af5369636a Fix ETM on resumption 2026-04-08 15:06:11 -05:00
Marco Oliverio c07d8634b3 bio: ABI breaking change: use int instead of byte for type 2026-04-08 18:49:40 +02:00
Marco Oliverio 7802a75acd bio: various fixes and improvements
* simplify wolfSSL_BIO_set_conn_hostname, fixing OOB read
* restructure wolfSSL_BIO_ctrl_pending, fixing inverted check and
* ctrlCB checking
* return WOLFSSL_FAILURE in wolfSSL_BIO_up_ref when refInc fails,
  updated test to reflect this
* check arguments for NULL in wolfSSL_BIO_ADDR_size
* replace non-portable type long usigned int with size_t
* wolfSSL_BIO_MEMORY_write: return WOLFSSL_BIO_ERROR on failure instead
  of WOLFSSL_FAILURE, return 0 when len is 0
* wolfSSL_BIO_get_fp: fix type mismatch comparing XFILE* pointer against
  XBADFILE
* wolfSSL_BIO_ctrl: add NULL check on bio before switch
* wolfSSL_BIO_pop: clear bio prev and next pointers after unlinking
* wolfSSL_BIO_gets: place null terminator after actual bytes read from
  BIO_BIO nread
2026-04-08 18:49:40 +02:00
Tobias Frauenschläger 178d2f61f4 Fix build with WOLFSSL_DUAL_ALG_CERTS and HAVE_PK_CALLBACKS 2026-04-08 10:18:00 +02:00
Daniel Pouzzner 750f3b119e Merge pull request #10088 from anhu/new_various
Various security fixes and tests
2026-04-07 22:13:18 -05:00
JacobBarthelmeh ecfd1174bb refactor sanity pointer set of session and clean up macro guards 2026-04-07 14:10:25 -06:00
Daniel Pouzzner 60d1e222b2 globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
Paul Adelsbach c335f7dd6f Remove UTF-8 chars
Get rid of weird character

Fix warning found by CI

Style changes

Addressed 1 and 2.
2026-04-07 10:07:12 -06:00
Anthony Hu 985cceaa97 Fix session cache restore dangling pointer (ZD 21423)
Reinitialize pointer fields in WOLFSSL_SESSION after raw XMEMCPY or
XFREAD in wolfSSL_memrestore_session_cache and
wolfSSL_restore_session_cache. After restore, ticket is reset to
staticTicket, ticketLenAlloc to 0, and peer to NULL.
2026-04-07 10:05:31 -06:00
Anthony Hu e0421828ff Fix TLS 1.3 PQC key share over heap read (ZD 21413)
Validate that the received key share data length (keLen) is at least
as large as the expected ciphertext size (ctSz) before passing it to
wc_KyberKey_Decapsulate. A malicious TLS 1.3 server could send a
short ML-KEM key share.
2026-04-07 10:04:19 -06:00
Daniel Pouzzner efe6ad4bd6 Merge pull request #10116 from Frauschi/zd21457
Additional fixes
2026-04-06 20:23:25 -05:00