Commit Graph

29004 Commits

Author SHA1 Message Date
JacobBarthelmeh 72c7d12cfb exclude the trust anchor from prospective certification path with pathlen check 2026-04-23 16:23:07 -06:00
JacobBarthelmeh fe8541cc47 Merge pull request #10193 from padelsbach/set-hashtype-in-ports
Set hashType in ports
2026-04-23 15:02:30 -06:00
JacobBarthelmeh 6a0303e299 Merge pull request #10066 from dgarske/wc_puf
wolfCrypt SRAM PUF Support
2026-04-23 14:28:37 -06:00
JacobBarthelmeh 53e352181e Merge pull request #10058 from julek-wolfssl/hostap-ec-generate.sh
Re-enable hostap tests and remove some flaky tests
2026-04-23 14:09:09 -06:00
JacobBarthelmeh 5277556989 Merge pull request #10264 from JeremiahM37/fenrir-issues-5
Harden wolfCrypt input validation and zeroization
2026-04-23 14:06:29 -06:00
JacobBarthelmeh 2ba4d7e6c9 Merge pull request #10210 from ColtonWilley/fix-scr-dangling-ptr-after-tlsx-freeall
Fix dangling secure_renegotiation pointer after TLSX_FreeAll
2026-04-23 13:58:24 -06:00
JacobBarthelmeh 118c0ccb53 Merge pull request #10269 from LinuxJedi/repoint-se050
Move SE050 simulator under wolfSSL
2026-04-23 13:54:29 -06:00
JacobBarthelmeh 4fe2e7feb3 Merge pull request #10128 from kareem-wolfssl/zd21526_21530
PKCS7 Fixes
2026-04-23 13:29:28 -06:00
Daniel Pouzzner 9d46b57af3 Merge pull request #10246 from sameehj/aes-gcm-fix
Zero TLS 1.3 traffic keys after AES SE offload
2026-04-23 13:26:59 -05:00
Kareem b3c2877a14 Add additional checks for encryptedContentSz exceeding pkiMsgSz. 2026-04-22 15:22:36 -07:00
Kareem 3e04475875 Fix unused variable error 2026-04-22 15:22:36 -07:00
Kareem ebdcc03b71 Code review feedback 2026-04-22 15:22:36 -07:00
Kareem 1397268aa1 In wc_PKCS7_DecodeEnvelopedData, confirm encryptedContentTotalSz does not exceed the total message size before using it in the non-streaming case.
Thanks to Zou Dikai for the report.
2026-04-22 15:22:36 -07:00
Kareem 7f218574c4 Ensure esd->signedAttribsCount contains the correct count in case some are skipped by using the current idx rather than the total array size.
Thanks to Zou Dikai for the report.
2026-04-22 15:22:36 -07:00
JacobBarthelmeh b5738236d9 Merge pull request #10187 from embhorn/zd21587
Fixes in TLS ECH, handle empty records, and ASN len check
2026-04-22 14:44:15 -06:00
JacobBarthelmeh bc4bec63fc Merge pull request #10094 from sebastian-carpenter/GH-10068
Fixes: for GH #10068
2026-04-22 14:24:25 -06:00
Paul Adelsbach ea6af18bc1 Set hashType in ports 2026-04-22 13:17:28 -07:00
David Garske e05ce26fc9 wolfCrypt SRAM PUF Support
Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.

- **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`)
  - `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct`
  - `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint)
  - `wc_PufZeroize` (secure context cleanup)
  - `wc_PufSetTestData` (synthetic SRAM for testing without hardware)
- **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
- **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
- **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded)
- `./configure --enable-puf` (auto-enables HKDF dependency)
- CMake: `WOLFSSL_PUF=yes`
- `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM`
- See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
- Supports test mode (synthetic SRAM)
- Builds to ~13KB `.elf`
- Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
- `.github/workflows/puf.yml`: host build + test workflow for PUF feature
- Doxygen API docs for all 8 public functions
- PUF group added to `doxygen_groups.h`
2026-04-22 11:39:39 -07:00
JacobBarthelmeh c098e53948 Merge pull request #10247 from julek-wolfssl/fenrir/20260417
Fenrir fixes
2026-04-21 16:26:38 -06:00
JacobBarthelmeh c6f8e845ee Merge pull request #10267 from holtrop-wolfssl/rust-chacha20_poly1305-oneshot-buffer-length-check
Rust wrapper: add buffer size checks in Rust wrapper for ChaCha20_Poly1305 one-shot encrypt/decrypt wrappers
2026-04-21 16:19:29 -06:00
JacobBarthelmeh 98cd7fe404 Merge pull request #10265 from ejohnstown/qnx-fix
Tasking Warning
2026-04-21 16:18:38 -06:00
Andrew Hutchings ddacd6b822 Move SE050 simulator under wolfSSL
The simulator is now in the simulators repo instead of LinuxJedi's
private repo.
2026-04-21 06:31:42 +01:00
Mattia Moffa 389d15fa45 Fix compile error 2026-04-21 03:30:39 +02:00
Mattia Moffa 6f37b17757 Address Copilot suggestions 2026-04-21 02:56:36 +02:00
Sean Parkinson 353a379bd7 Merge pull request #10262 from douzzer/20260420-test-fixes
20260420-test-fixes
2026-04-21 10:23:46 +10:00
Sean Parkinson 967780f1b7 Merge pull request #10239 from gasbytes/crl-idp-extension-fix
reject crls with unrecognized critical extensions
2026-04-21 10:21:31 +10:00
JacobBarthelmeh ad8b6dbc32 Merge pull request #10217 from ColtonWilley/null-checks-evp-ocsp-x509
Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
2026-04-20 17:27:19 -06:00
Sean Parkinson a0bfcbba54 Merge pull request #10245 from Frauschi/small_stack
Make sure large buffers are on the heap with SMALL_STACK
2026-04-21 08:47:59 +10:00
Daniel Pouzzner 956f057e73 scripts/pem.test: correctly compute and use SRC_DIR, and fix whitespace. 2026-04-20 17:42:29 -05:00
Daniel Pouzzner 7e67274ebe scripts/pem.test: add more missing feature sensing and conditions. 2026-04-20 15:24:28 -05:00
Daniel Pouzzner eff2fcd513 scripts/pem.test: refactor to eliminate dependence on bash [[ -v foo ]] construct. 2026-04-20 13:49:53 -05:00
Josh Holtrop a2b1f580c6 Rust wrapper: add buffer size checks in Rust wrapper for ChaCha20_Poly1305 one-shot encrypt/decrypt wrappers 2026-04-20 13:58:36 -04:00
Daniel Pouzzner 8b6739296c examples/pem/pem.c: don't wolfCrypt_Cleanup() unless wolfcrypt_inited;
scripts/pem.test:
* add setup for WOLFSSL_NO_DER_TO_PEM,
* exit early with skip code if executable dependencies are missing or WOLFSSL_NO_PEM or NO_CODING, and
* add clean skip clauses to convert_to_pem(), compare_pem(), and pem_der_exp(), if WOLFSSL_NO_DER_TO_PEM.
2026-04-20 12:47:36 -05:00
Jeremiah Mackey d5312ba350 wc_MakeDsaKey: match tmpQ alloc and free 2026-04-20 17:20:54 +00:00
Jeremiah Mackey 9c1b8cf4f1 wc_rng_bank_init: fall through on size error 2026-04-20 17:20:54 +00:00
Jeremiah Mackey c417a1ce1e zero sensitive state before free 2026-04-20 17:20:54 +00:00
Jeremiah Mackey 4a103a1b4e AES: tighten AEAD input validation 2026-04-20 17:20:54 +00:00
Jeremiah Mackey 6596419cb0 add NULL validation to wolfCrypt APIs 2026-04-20 17:20:54 +00:00
Juliusz Sosinowicz a010825bb0 Address review comments on Fenrir zeroization fixes
Two follow-ups raised by Copilot review on PR #10247:

src/pk_rsa.c: Make derAllocSz a word32 instead of int and only assign
it after a successful XMALLOC, so the cleanup path can never call
ForceZero with a wrapped-around size derived from a negative derSz.

src/pk.c: Capture allocSz at the XMALLOC call site (and clear it back
to 0 on allocation failure) so the relationship between the buffer
allocation and the recorded size is explicit and cannot drift if the
surrounding control flow changes.
2026-04-20 16:12:30 +00:00
Daniel Pouzzner e601e04444 fix examples/pem/ and scripts/pem.test:
examples/pem/pem.c:
* improve error messages,
* add wc_SetSeed_Cb() if WC_RNG_SEED_CB, and
* add wolfCrypt_Init() and wolfCrypt_Cleanup().

scripts/pem.test:
* fix exit code to unmask script failure,
* add configured feature detection,
* improve error messages and handling,
* add configuration gating around subtests, and
* comment out currently failing subtests.
2026-04-20 10:26:09 -05:00
Daniel Pouzzner 8c3d471ce1 linuxkm/module_hooks.c: in wolfssl_init() FIPS_OPTEST_FULL_RUN_AT_MODULE_INIT code path (currently unused), add missing declaration for i. 2026-04-20 10:19:33 -05:00
Daniel Pouzzner a7bf5e5989 wolfcrypt/test/test.c: add missing FIPS gating for backward-incompatible NULL arg tests in hkdf_test() and srtpkdf_test(). 2026-04-20 10:17:31 -05:00
Sameeh Jubran ba51fbd30b Zero TLS 1.3 traffic keys after AES SE offload
When WOLF_CRYPTO_CB_AES_SETKEY is enabled and a CryptoCB callback
imports the AES key into a Secure Element (aes->devCtx != NULL), the
TLS-layer copy in keys->{client,server}_write_key has no further
consumer: the software key schedule is not populated on offload.
ForceZero it in SetKeysSide() per provisioned side.

The static IVs (keys->{client,server}_write_IV and
keys->aead_{enc,dec}_imp_IV) are left intact because BuildTls13Nonce()
reads aead_{enc,dec}_imp_IV on every record (RFC 8446 Section 5.3).

Scope: TLS 1.3, non-DTLS, non-QUIC.  DTLS 1.3 needs the write keys
in Dtls13EpochCopyKeys; TLS 1.2 needs them for rehandshake; QUIC is
untouched pending audit.

Add two memio tests (test_wc_CryptoCb_Tls13_Key_{Zero_After_Offload,
No_Zero_Without_Offload}) that pin AES-GCM and check key / IV state
after the handshake and a KeyUpdate round.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-04-20 10:45:23 +03:00
Tobias Frauenschläger 847f3d6bab Make sure large buffers are on the heap with SMALL_STACK 2026-04-19 20:38:41 +02:00
Sean Parkinson fa9f24ff27 Merge pull request #10223 from rlm2002/zd21611
CN constraints fix
2026-04-19 21:28:29 +10:00
Sean Parkinson d577ea3228 Merge pull request #10238 from JeremiahM37/fenrir-issues-4
Fix UAF in Delete wrappers, harden KDF and LMS signing
2026-04-19 21:18:44 +10:00
Ruby Martin 797ba3f03b test DNS name constraints on CA are applied against Subject CN name when SAN name is unavailable
test correct CN with no SAN available is accepted
2026-04-17 12:10:25 -06:00
Mattia Moffa 7bf63e91ff Remove now useless check 2026-04-17 20:05:08 +02:00
Reda Chouk 857141da35 reject crls with unrecognized critical extensions per rfc 5280 section 5.2 2026-04-17 19:36:55 +02:00
Mattia Moffa 807214dc55 Avoid unneeded temporary stack buffer; remove redundant check 2026-04-17 19:32:23 +02:00