Commit Graph

708 Commits

Author SHA1 Message Date
Hideki Miyazaki 7d74caac6d Addressed review comments 2026-06-10 07:02:46 +09:00
Hideki Miyazaki 2e34433c52 enforce trailerField==1 in DecodeRsaPssParams 2026-06-04 10:32:27 +09:00
David Garske 70da83972b Merge pull request #10536 from SparkiDev/curve25519_x64_red_fix
X25519 x64 ASM: fix full reduction
2026-06-03 09:24:48 -07:00
Daniel Pouzzner 768cdc39d3 wolfcrypt/src/asn.c: in DecodeGeneralName() and DecodeAcertGeneralName(),
* don't disable URI validation when defined(WOLFSSL_FPKI).
* return immediately with ASN_ALT_NAME_E when URI contains an unexpected '/', as in asn_orig.c DecodeAltNames(), fixing OOB read defect.

wolfcrypt/src/asn_orig.c: fix URI validation gating (ignore WOLFSSL_FPKI) in DecodeAltNames().

tests/api/test_certman.c: fix uriSan in test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match() (make it a URI).

tests/api.c: align gating in test_wolfSSL_URI() with new dynamics (URIs validated regardless of defined(WOLFSSL_FPKI)).
2026-06-02 22:16:40 -05:00
Josh Holtrop 7f3d589c12 Support importing/exporting DTLS sessions with encrypt-then-mac options 2026-06-02 09:34:14 -04:00
Daniel Pouzzner d037bd1eed tests/api/test_pkcs12.c, tests/api/test_pwdbased.c: add missing FIPS version gates to test_wc_PKCS12_PBKDF(), test_wc_PKCS12_PBKDF_ex(), and test_wc_PBKDF1_ex_iterations();
wolfcrypt/src/evp_pk.c: fix identicalInnerCondition in wolfSSL_d2i_PKCS8_PKEY().
2026-06-01 14:23:38 -05:00
David Garske 71ca579ef2 Merge pull request #10317 from Roy-Carter/feature/pem_write_enhancement
Implementation for PEM_write_PrivateKey & PEM_write_PUBKEY
2026-06-01 10:10:39 -07:00
Sean Parkinson 14b55a0bc4 X25519 x64 ASM: fix full reduction
The last add was overflowing into the top bit.
Must mask the last word to clear top bit.

Add test vectors from Wycheproof.
2026-06-01 09:14:57 +10:00
JacobBarthelmeh 9fa5db5606 Merge pull request #10509 from kareem-wolfssl/zd21863_5
Disallow matching URI type in CheckForAltNames.  NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.
2026-05-29 16:08:04 -06:00
JacobBarthelmeh 1f32365e45 Merge pull request #10547 from SparkiDev/api_c_split_4
api.c: move out tests into other files
2026-05-29 16:03:56 -06:00
JacobBarthelmeh beff858833 Merge pull request #10552 from julek-wolfssl/evp-x25519-x448
Add NID_X25519 and NID_X448 support to the EVP layer
2026-05-28 15:57:50 -06:00
JacobBarthelmeh fc12de010d Merge pull request #10513 from SparkiDev/tls13_aead_limit_fix
TLS 1.3: AEAD limit fixed
2026-05-28 09:30:43 -06:00
Juliusz Sosinowicz df8cc30cb8 Add NID_X25519 and NID_X448 support to the EVP layer 2026-05-28 14:40:36 +00:00
Sean Parkinson c674cec4ac api.c: move out tests into other files
Move out DTLS 1.3 specific tests into test_dtls13.c. (Also move out from
test_dtls.c)
Move out DTLS tests into test_dtls.c.
Move out LMS and XMSS tests into test_lms_xmss.c.
Move out SSL session tests into test_session.c.
Move out remaining ML-DSA/Dilithium tests in api.c into test_mldsa.c.
2026-05-28 19:34:09 +10:00
David Garske 2dd7947d27 Merge pull request #10483 from cconlon/pkcs8V1PublicKeyParse
ML-DSA: PKCS#8 parsing + EVP_PKCS82PKEY support
2026-05-27 17:41:30 -07:00
Kareem a28ea7ac1c NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.
Thanks to Zou Dikai for the report.
2026-05-27 16:54:14 -07:00
Kareem 872a03a056 Disallow matching URI type in CheckForAltNames.
Thanks to Haruki Oyama (Waseda University) for the report.
2026-05-27 16:54:14 -07:00
Sean Parkinson 713a220fc9 Merge pull request #10426 from JeremiahM37/fenrir-8
protocol correctness, OpenSSL-compat hardening, and sensitive-memory zeroization
2026-05-28 09:48:10 +10:00
Sean Parkinson 78a5740bac Merge pull request #10504 from miyazakh/f-2180_pbkdf
f-2180: fix clamp iterations <= 0 to 1 instead of returning an error
2026-05-28 09:32:01 +10:00
Sean Parkinson c92208076f Merge pull request #10374 from kareem-wolfssl/zd21699
Enable all-zero shared secret check for Curve448/25519 by default.  Ensure post_handshake_auth extension was sent before accepting post-handshake CertificateRequest message.
2026-05-28 09:29:49 +10:00
Sean Parkinson 70f8bd9831 Merge pull request #10492 from rizlik/legacy_session_id_bad_client
Add compatibility flag and tests for pre-5.9.0 DTLSv1.3 clients
2026-05-28 08:57:48 +10:00
Daniel Pouzzner f6d6ae687a tests/api/test_mldsa_legacy.c: fix bugprone-macro-parentheses in MLDSA_LEGACY_SIZE_ASSERT().
wolfssl/wolfcrypt/wc_mldsa.h: move WOLFSSL_MLDSA_NO_CTX setup to precede legacy dilithium.h header, so that the _NO_CTX remap macros are properly gated in.
2026-05-27 14:02:37 -05:00
David Garske 8199fda0a4 Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Marco Oliverio bc574f7930 dtls13: WOLFSSL_DTLS13_5_9_0_COMPAT -> WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID 2026-05-26 09:16:56 +02:00
Marco Oliverio e6fa789e68 test_dtls: remove non-ASCII chars 2026-05-26 09:15:58 +02:00
Marco Oliverio 7592b481e7 test: dtls: add WOLFSSL_DTLS13_5_9_0_COMPAT related tests 2026-05-26 09:15:58 +02:00
Chris Conlon 497de930fd evp: support ML-DSA in wolfSSL_EVP_PKCS82PKEY() and wolfSSL_X509_check_private_key() 2026-05-22 14:56:14 -06:00
Chris Conlon a9e15634db asn: parse RFC 5958 PKCS#8 (OneAsymmetricKey) publicKey trailer in ToTraditional_ex() 2026-05-22 14:55:38 -06:00
Roy Carter 5403298327 Refactor - Split test to two different functions 2026-05-22 19:24:53 +03:00
Roy Carter 96e966e779 Feat: Allow for a wrapper for pem write privatekey & PUBKEY 2026-05-22 19:24:53 +03:00
Roy Carter dc86dc34a8 Fix: change test string to the new format 2026-05-22 19:01:05 +03:00
Roy Carter 8f15bf6d10 fix : bad merge conflics leftovers. 2026-05-22 19:01:05 +03:00
Roy Carter f15c896551 Build_fix:
When building with --enable-opensslextra=x509small, only OPENSSL_EXTRA_X509_SMALL is defined, not OPENSSL_EXTRA, so these functions are not compiled into the library
2026-05-22 19:01:05 +03:00
Roy Carter 7561911cba fix: Fix build errors for some tests on pipeline 2026-05-22 19:01:05 +03:00
Roy Carter c1a507e175 Feature: allow the usage of
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify

in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson 8dae4b34bb TLS 1.3: AEAD limit fixed
Values were 16-bit each when they are 32-bit each.
Add tests for KeyUpdate limits for TLS 1.3.
2026-05-22 16:41:23 +10:00
HIDEKI MIYAZAKI afb3ca4b77 fix prb failures 2026-05-20 17:31:08 -07:00
HIDEKI MIYAZAKI 319f1d699d fix clamp iterations <= 0 to 1 instead of returning an error 2026-05-20 07:25:35 -07:00
David Garske be67bf88f7 Merge pull request #10436 from Frauschi/mldsa_rename
Rename Dilithium to canonical ML-DSA (FIPS 204) names
2026-05-18 11:44:21 -07:00
David Garske 1ccd462ea1 Merge pull request #10482 from rlm2002/coverity
13052026 Coverity Fixes
2026-05-18 10:35:42 -07:00
David Garske bc2e842234 Merge pull request #10460 from JacobBarthelmeh/static_analysis
Static analysis fixes/improvements for SECO, devcrypto, ARIA, MD4, MD2
2026-05-18 10:31:37 -07:00
David Garske 9096bcc8fa Merge pull request #10393 from JacobBarthelmeh/opensslextra
support build --enable-opensslextra with NO_BIO and NO_FILESYSTEM
2026-05-17 22:33:23 -07:00
David Garske 4c9116c743 Merge pull request #10462 from kareem-wolfssl/zd21507
Fix alert type for missing cert.  Prevent building with RNG disabled and blinding enabled by default.  Enforce bounds for AES CMAC size in verify.
2026-05-17 22:25:09 -07:00
David Garske e7f5c99115 Merge pull request #10398 from julek-wolfssl/fenrir/20260430
Fenrir fixes
2026-05-17 22:21:06 -07:00
Daniel Pouzzner a5e79d3b1c wolfssl/wolfcrypt/dilithium.h: use macros, not inlines, for all legacy (!WOLFSSL_NO_DILITHIUM_LEGACY_NAMES) wrappers;
tests/api/test_mldsa.c: suppress -Wunreachable-code around wc_mldsa_canonical_api_check() and wc_mldsa_legacy_alias_check().
2026-05-16 09:51:36 -05:00
Tobias Frauenschläger 2832df2139 Update C# wrapper to new ML-DSA names 2026-05-16 09:48:35 -05:00
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
JacobBarthelmeh c0ba788cb1 support of NO_BIO and NO_FILESYSTEM build with opensslextra 2026-05-15 10:37:46 -06:00
Kareem 213bcb3e94 Gate out all of the newly added AES-CMAC tests for FIPS as none of them will apply to the old FIPS AES-CMAC code. 2026-05-14 15:19:56 -07:00