Commit Graph

28434 Commits

Author SHA1 Message Date
Ruby Martin 75e6406cd3 upper bounds check for DSA signature 2026-03-26 11:28:36 -06:00
Ruby Martin d4b25d0ebc guard against heap buffer overflow 2026-03-26 11:28:36 -06:00
Ruby Martin 50448ef7c6 add guard for integer underflow in DecryptTls13 2026-03-25 10:22:10 -06:00
Daniel Pouzzner 7efc962d04 Merge pull request #10031 from holtrop-wolfssl/rust-cross-compile-support
Rust wrapper: update build.rs to support cross-compiling and bare-metal targets
2026-03-25 09:46:40 -05:00
Josh Holtrop 34afd28541 Rust wrapper: build.rs improvements from code review 2026-03-25 09:00:28 -04:00
Josh Holtrop a511e45d30 Rust wrapper: build.rs improvements per code review 2026-03-25 08:15:42 -04:00
David Garske cf6c1722ae Merge pull request #10027 from embhorn/zd21394
Remove FIPS guards in GetASN_BitString length check
2026-03-24 14:06:40 -07:00
David Garske 636f0e50a1 Merge pull request #10059 from douzzer/20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
20260324-wc_PKCS12_PBKDF_ex-bugprone-inc-dec-in-conditions
2026-03-24 13:13:42 -07:00
Daniel Pouzzner ec61e07d18 wolfcrypt/src/pwdbased.c: in wc_PKCS12_PBKDF_ex(), refactor the "Increment B by 1" loop to avoid bugprone-inc-dec-in-conditions. 2026-03-24 12:07:04 -05:00
David Garske c64fd4f132 Merge pull request #9905 from julek-wolfssl/WC_ALLOC_DO_ON_FAILURE-cleanup
Don't declare WC_ALLOC_DO_ON_FAILURE by default
2026-03-24 09:35:03 -07:00
David Garske 73bea906be Merge pull request #10034 from sebastian-carpenter/GH-10016
verify ciphersuite in CH2 matches HRR
2026-03-24 09:31:45 -07:00
David Garske 328822b447 Merge pull request #10047 from Frauschi/mldsa_no_ctx
Guard old non-ctx ML-DSA API by default
2026-03-24 09:26:24 -07:00
David Garske bddeac1d72 Merge pull request #9952 from julek-wolfssl/zd/21324
wolfSSL_X509_verify_cert: add host check from `ctx->param`
2026-03-24 09:26:12 -07:00
David Garske 0b119e225f Merge pull request #10056 from philljj/fix_bsdkm_benchmark
bsdkm benchmark: fix build.
2026-03-24 09:24:49 -07:00
David Garske 3cf4aeab5c Merge pull request #10025 from embhorn/zd21392
Fix DecodeObjectId unknown ext parse
2026-03-24 09:17:10 -07:00
David Garske 03beeae44e Merge pull request #10033 from embhorn/gh10028
Fix FillSigner to clear pubkeystored
2026-03-24 09:15:05 -07:00
Daniel Pouzzner d36ddf4063 Merge pull request #9920 from dgarske/asn_old
Split original ASN.1 code from asn.c into asn_orig.c
2026-03-24 10:52:15 -05:00
David Garske ab8cd6fc46 Merge pull request #9937 from douzzer/20260306-wc_Hash-refactor
20260306-wc_Hash-refactor
2026-03-24 08:48:08 -07:00
David Garske 051b83b517 Merge pull request #9999 from sebastian-carpenter/hpke-fix
Fix: Improved support for combinations of HPKE algos
2026-03-24 08:47:01 -07:00
David Garske 3b9084142d Merge pull request #10020 from SparkiDev/sp_int_ai_fixes_1
SP int: fixes from AI review
2026-03-24 08:43:50 -07:00
jordan 7016be9c29 bsdkm: clean up benchmark cflags. 2026-03-24 09:08:49 -05:00
jordan 019e6bca6f bsdkm benchmark: fix build. 2026-03-24 08:13:27 -05:00
Eric Blankenhorn 1d1d8ff41e Fix OCSP tests to use Alloc/FreeDer 2026-03-24 07:41:40 -05:00
Eric Blankenhorn e58b0d69b8 Fix test failure 2026-03-24 07:05:43 -05:00
Eric Blankenhorn 3a6ccc13a1 Fix FillSigner to clear pubkeystored 2026-03-24 07:05:43 -05:00
Tobias Frauenschläger 3fd13b819d Guard old non-ctx ML-DSA API by default 2026-03-24 11:16:22 +01:00
Sean Parkinson f15199906d SP int: fixes from AI review
Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to
unit.test.

sp_int.c:
  Fixes to comments.
  Added more define build options documentation to top of file.
  Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined.
Fixes for when a->used is 0 and no underflow - not actually a problem
but cleaner code.
  sp_sub has different checks on a->used when values are only positive.
  sp_dic_2d  missing check for e less than zero.
sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i
to int to handle a->used of 0 and make code tidier.

Configuration testing fixes.
Fix formatting in test.c.
Added 128-bit types word128 and sword128 for cleaner PKCS#12 code.
2026-03-24 10:49:58 +10:00
David Garske 8cd9af3036 Peer review fixes 2026-03-23 15:27:47 -07:00
David Garske 99c089411c Fix memory leak after refactor 2026-03-23 15:27:47 -07:00
David Garske 44af0ab3c5 Group forward declarations by guard context
Forward declarations in asn.c and asn_orig.c now use guard transitions
(same mechanism as the function bodies) so consecutive declarations with
the same feature guard are grouped in a single #ifdef/#endif block rather
than each having its own open/close pair.

Also removed the now-redundant _find_func_outer_guards calls from
_emit_split_body_orig; outer feature guard context is emitted at the
generate_asn_orig loop level, not inside the per-block emitters.

Both modes still build and pass tests (5 PASS, 0 FAIL each).
2026-03-23 15:27:47 -07:00
David Garske 653aac2cd3 Fix guard context for forward declarations in asn split
Three fixes for guard-context correctness in the ASN.1 code split:

1. Strip WOLFSSL_ASN_ORIG_INCLUDED from forward declaration wrappers.
   The file-guard was being applied to fwd decls in asn.c, but at the
   fwd-decl site that macro is not yet defined, so #ifndef ... #else
   inverted the condition and hid all declarations.

2. Add outer feature guard tracking. Large feature sections (HAVE_OCSP,
   HAVE_CRL, WOLFSSL_CERT_GEN, etc.) that span many functions in asn.c
   are now tracked and re-emitted around the corresponding blocks in
   asn_orig.c, fixing 'unknown type name' errors in minimal builds.

3. Collect multi-line #if continuations in the outer guard map so that
   full guard conditions (e.g. #if !defined(NO_RSA) && \ continued
   across lines) are stored and compared as complete strings, preventing
   duplicate guard emission.

Both modes build and pass tests (5 PASS, 0 FAIL each):
  ./configure --enable-asn=original && make check
  ./configure && make check
2026-03-23 15:27:47 -07:00
David Garske 78a28d153a Fix async examples build for asn_orig.c
Add settings.h include before the compile guard in asn_orig.c so
WOLFSSL_IGNORE_FILE_WARN is available when compiled separately.
Add -Wno-pedantic for asn_orig.c in async examples Makefile to
suppress empty translation unit warning.
2026-03-23 15:27:47 -07:00
David Garske 6b1f5ddb92 Split original ASN.1 code from asn.c into asn_orig.c
Move non-template (WOLFSSL_ASN_ORIGINAL) code into asn_orig.c and include from asn.c.
2026-03-23 15:27:47 -07:00
David Garske 4b8c5247fe Merge pull request #10053 from douzzer/20260323-revert-9841
20260323-revert-9841
2026-03-23 15:27:36 -07:00
Daniel Pouzzner 812161cec2 Revert "Re-enable hostap tests and remove some flaky tests"
This reverts commit 4498e12805.

see #9841 and #10052.
2026-03-23 17:22:35 -05:00
Daniel Pouzzner 2c266156c8 wolfssl/wolfcrypt/types.h: add missing values in FIPS <=v2 enum wc_HashType definition;
wolfcrypt/src/hash.c: in wc_OidGetHash(), fix misplaced gate re case SHA3_512h.
2026-03-23 14:04:06 -05:00
David Garske 54d6555194 Merge pull request #9841 from julek-wolfssl/hostap-ec-generate.sh
Re-enable hostap tests and remove some flaky tests
2026-03-23 11:48:32 -07:00
Daniel Pouzzner cba5c172ed wolfcrypt/src/evp.c: in wolfSSL_EVP_init(), fix -Wswitch-enums for WC_HASH_TYPE_SHAKE128 and WC_HASH_TYPE_SHAKE256. 2026-03-23 13:15:52 -05:00
Daniel Pouzzner 262799dfbd wolfcrypt/src/evp.c: in wolfSSL_EVP_MD_type(), fix -Wswitch-enums for WC_HASH_TYPE_BLAKE2B and WC_HASH_TYPE_BLAKE2S exposed in default+opensslall configs. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner 799637689b configure.ac: fix stray tabs. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner d70839506b refactor wc_Hash* so that known wc_HashType values are unconditionally defined in enum wc_HashType, and always either succeed if used properly, or return HASH_TYPE_E if gated out or used improperly; add detailed error code tracing in wolfcrypt/src/hash.c. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner 29783dd2cf wolfssl/wolfcrypt/error-crypt.h: add do-nothing WC_ERR_TRACE() fallthrough definition to make WC_ERR_TRACE() safe to use ungated in code. 2026-03-23 13:01:37 -05:00
Daniel Pouzzner b2f1c5864d Merge pull request #10021 from dgarske/name_mismatches
Fixes for documentation typos on arguments
2026-03-23 12:26:23 -05:00
Daniel Pouzzner 6cd001800c Merge pull request #10022 from dgarske/nb_leak
Fix to make sure a double free cannot occur with non-blocking async
2026-03-23 12:21:26 -05:00
David Garske 02bd0753b1 Merge pull request #10006 from julek-wolfssl/zd/21329
DTLS 1.3 write dup support
2026-03-23 09:55:24 -07:00
David Garske 6bd1785925 Merge pull request #10004 from julek-wolfssl/zd/21318
Add custom BIO callback dispatching
2026-03-23 09:54:30 -07:00
Juliusz Sosinowicz 99ae809e08 Improve ctx->param handling
- wolfSSL_X509_verify_cert: add host check from `ctx->param`
- wolfSSL_X509_verify_cert: Set `ctx->error_depth` on error
- Use WOLFSSL_-prefixed error constants (always available) instead of
  OPENSSL_COEXIST-guarded macros, fixing error code mismatch in
  coexist builds
- Set ctx->current_cert = orig on hostname/IP mismatch so error
  reporting aligns with error_depth = 0 (leaf cert)
- Add IP address verification test cases (match + mismatch)
2026-03-23 16:55:07 +01:00
David Garske 15fa0b7abe Merge pull request #10044 from SparkiDev/asm_gen_fixes_3
SP non-block ECC: correct mont_inv_order
2026-03-23 08:31:06 -07:00
Josh Holtrop ffa466f463 Rust wrapper: minor build.rs improvements for cross-compiling 2026-03-23 11:22:47 -04:00
Juliusz Sosinowicz 4498e12805 Re-enable hostap tests and remove some flaky tests
Set suites->setSuites to 1 in ParseCipherList function
2026-03-23 15:28:04 +01:00