Commit Graph

30513 Commits

Author SHA1 Message Date
Josh Holtrop 056d548467 Rust wrapper: add scrypt kdf support and scrypt_password_hash trait impl module 2026-05-29 14:51:50 -04:00
Reda Chouk 53e1db478b Require equal serial lengths before comparing serial bytes so a response serial that is only a prefix of the requested serial is not treated as a match 2026-05-29 10:07:29 -07:00
David Garske f41a9dc1e7 Fix FIPS v6 or older build with crypto callbacks and SHA512 2026-05-29 10:01:22 -07:00
Anthony Hu 6c5097e7ed Enforce only 1 protocolname in serverhello 2026-05-29 12:20:30 -04:00
David Garske ac1c727c66 Merge pull request #10538 from michael-membrowse/membrowse-report-path-filter
fix memory report and add path filter
2026-05-29 08:23:17 -07:00
Anthony Hu adac2aae7b Change macro name to avoid suspicion of typo 2026-05-29 09:38:58 -04:00
Sean Parkinson 018e937a91 RISC-V ASM unaligned read/writes: alternative assembly
Not all RISC-V chips allow unaligned reads and writes with basic
assembly instructions like lw/sw.
Add alternative assembly that is turned on with:
WOLFSSL_RISCV_ASM_NO_UNALIGNED.
2026-05-29 10:11:12 +10:00
JacobBarthelmeh beff858833 Merge pull request #10552 from julek-wolfssl/evp-x25519-x448
Add NID_X25519 and NID_X448 support to the EVP layer
2026-05-28 15:57:50 -06:00
JacobBarthelmeh a31ce6e981 Merge pull request #10546 from philljj/malloc_nowait
bsdkm: misc cleanup.
2026-05-28 15:55:46 -06:00
sebastian-carpenter fb3693ce50 send ECH on rejection 2026-05-28 14:50:00 -06:00
sebastian-carpenter 050e538ece change random handling in ECH 2026-05-28 14:19:20 -06:00
Juliusz Sosinowicz aff7885baf Guard test_wrong_cs_downgrade on SHA-384 cipher suite; enable SHA disables in minimal DTLS os-check build 2026-05-28 19:36:19 +00:00
Tobias Frauenschläger 25a1a20444 Reject small-order public keys for Ed25519 and Ed448
Add defense-in-depth checks to wc_ed{25519,448}_check_key() and
ed{25519,448}_verify_msg_final_with_sha() that reject the identity
point and other small-order public keys. Honest EdDSA key generation
never produces such keys, but wolfSSL previously accepted them on
import and verification. The guard runs at both entry points so it
holds even when a key is imported with trusted=1. New tests are gated
on !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0).
2026-05-28 19:53:19 +02:00
sebastian-carpenter 406365ec1c TLS ECH keylogging 2026-05-28 11:17:45 -06:00
Daniel Pouzzner 7467ce2173 Merge pull request #10531 from SparkiDev/kernel_sp_vector
SP x86_64: save and restore vector registers
2026-05-28 11:43:48 -05:00
Josh Holtrop e7f491a98a Check SNI/ALPN in TLS 1.3 session resumption 2026-05-28 12:10:16 -04:00
JacobBarthelmeh 8fb72de2e9 Merge pull request #10402 from holtrop-wolfssl/rust-crate-updates-2026-05-05
Rust wrapper: ensure memory safety for C RNG struct
2026-05-28 10:06:05 -06:00
JacobBarthelmeh fc12de010d Merge pull request #10513 from SparkiDev/tls13_aead_limit_fix
TLS 1.3: AEAD limit fixed
2026-05-28 09:30:43 -06:00
Juliusz Sosinowicz df8cc30cb8 Add NID_X25519 and NID_X448 support to the EVP layer 2026-05-28 14:40:36 +00:00
Juliusz Sosinowicz f3bdecf3f6 tests: skip RENEGOTIATION-INFO SCSV in record_size cipher loop
TLS_EMPTY_RENEGOTIATION_INFO_SCSV appears in GetCipherNames() when
HAVE_RENEGOTIATION_INDICATION is set. It is a signaling value, not a
real suite; set_cipher_list accepts it but the handshake rejects it
with UNSUPPORTED_SUITE. Add it to record_size_skip_cipher's deny list.
2026-05-28 16:19:51 +02:00
Juliusz Sosinowicz 6303af86ac Cache AEAD record overhead on WOLFSSL
wolfssl_local_GetRecordSize() runs BuildMessage(sizeOnly=1) on every
wolfSSL_write hot path. For AEAD ciphers the overhead is constant per
connection framing state, so cache (recordSz - payloadSz) on WOLFSSL
and invalidate in SetKeysSide(), at cidInfo->tx assignment, and in
wolfSSL_clear(). BuildMessage stays the single source of truth.

Add test_record_size_matches_build_message (cross-checks every built
cipher over TLS/DTLS +/- CID against BuildMessage) and
test_record_size_cache_invalidated_on_renegotiation.
2026-05-28 16:19:44 +02:00
Marco Oliverio c4b4e6cd14 NameConstraints: support wildcard SAN 2026-05-28 15:19:20 +02:00
Sean Parkinson c674cec4ac api.c: move out tests into other files
Move out DTLS 1.3 specific tests into test_dtls13.c. (Also move out from
test_dtls.c)
Move out DTLS tests into test_dtls.c.
Move out LMS and XMSS tests into test_lms_xmss.c.
Move out SSL session tests into test_session.c.
Move out remaining ML-DSA/Dilithium tests in api.c into test_mldsa.c.
2026-05-28 19:34:09 +10:00
jordan 5547e608b2 bsdkm: fix comment typo. 2026-05-28 00:56:57 -05:00
jordan 4bf539095d bsdkm: misc cleanup. 2026-05-27 23:26:00 -05:00
Kareem a1b71a6f34 Rework added test 2026-05-27 18:20:20 -07:00
David Garske 2dd7947d27 Merge pull request #10483 from cconlon/pkcs8V1PublicKeyParse
ML-DSA: PKCS#8 parsing + EVP_PKCS82PKEY support
2026-05-27 17:41:30 -07:00
Colton Willey 359fb7ecbd Remove DTLS oversized cert chain test superseded by load-time depth cap
test_dtls13_oversized_cert_chain (added upstream in 1653ecd07) loaded a >9-cert chain to exercise SendTls13Certificate's word16 overflow guard. This PR now rejects over-MAX_CHAIN_DEPTH chains at load in ProcessUserChain, so the chain never reaches the send path; the load-time rejection is covered by test_wolfSSL_CTX_use_certificate_chain_buffer_max_depth. The word16 send guard remains as defense-in-depth (now only reachable via large PQC chains).
2026-05-27 17:20:18 -07:00
Colton Willey eb180dbee2 Add test cases for max chain depth fixes 2026-05-27 17:16:30 -07:00
Colton Willey 94b36c9092 Harden chain depth bounds and parser input validation
Enforce MAX_CHAIN_DEPTH limits in OCSP chain processing
(SendCertificateStatus, ProcessChainOCSPRequest), certificate loading
(ProcessUserChain), and TLS 1.3 certificate sending
(SendTls13Certificate). Add idx bounds checks to chain accessors
in ssl.c.

Harden SNI extension parser (TLSX_SNI_GetFromBuffer) with length
checks preventing buffer overreads on malformed ClientHello.

Fix off-by-one in TLSX_CSR_Free where <= should be < since
csr->requests is a count, not a max index.

Add remaining-buffer bounds checks to PKCS7 decoders:
DecodeEnvelopedData, DecodeAuthEnvelopedData (encryptedContentSz
and authTagSz), DecodeEncryptedData, SignedData null signature tag,
and PwriKek_KeyUnWrap cekLen validation.
2026-05-27 17:16:30 -07:00
Kareem 4472980738 Code review feedback and minor fixes.
Remove outdated RFC, refactor into single error case, guard against negative/0 len and NULL *data pointer, don't set ownStatus until status is confirmed non-NULL.
2026-05-27 16:54:14 -07:00
Kareem 1e338487db Code review feedback 2026-05-27 16:54:14 -07:00
Kareem a28ea7ac1c NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.
Thanks to Zou Dikai for the report.
2026-05-27 16:54:14 -07:00
Kareem 872a03a056 Disallow matching URI type in CheckForAltNames.
Thanks to Haruki Oyama (Waseda University) for the report.
2026-05-27 16:54:14 -07:00
Sean Parkinson 713a220fc9 Merge pull request #10426 from JeremiahM37/fenrir-8
protocol correctness, OpenSSL-compat hardening, and sensitive-memory zeroization
2026-05-28 09:48:10 +10:00
Sean Parkinson 971d2b051a Merge pull request #10401 from night1rider/Early-heap-delcare-cmac
plumb caller heap into Cmac before cryptocb fires
2026-05-28 09:46:10 +10:00
Sean Parkinson 78a5740bac Merge pull request #10504 from miyazakh/f-2180_pbkdf
f-2180: fix clamp iterations <= 0 to 1 instead of returning an error
2026-05-28 09:32:01 +10:00
Sean Parkinson c92208076f Merge pull request #10374 from kareem-wolfssl/zd21699
Enable all-zero shared secret check for Curve448/25519 by default.  Ensure post_handshake_auth extension was sent before accepting post-handshake CertificateRequest message.
2026-05-28 09:29:49 +10:00
Sean Parkinson eaadfb12ed Merge pull request #10508 from JacobBarthelmeh/static_analysis_3
devcrypto fixes, forcezero on memory after use, RX64 GetHash port fix, blake2 stor64 alignment
2026-05-28 09:24:56 +10:00
Kareem 903fd97dbe Fix issues with newly added check when using fast/integer math.
Simplify logic by using single macro for ECC & RSA.
2026-05-27 16:24:47 -07:00
Sean Parkinson 7bcc613bb0 Merge pull request #10478 from embhorn/zd21821
Fixes in SP int and DH
2026-05-28 09:00:41 +10:00
Sean Parkinson 70f8bd9831 Merge pull request #10492 from rizlik/legacy_session_id_bad_client
Add compatibility flag and tests for pre-5.9.0 DTLSv1.3 clients
2026-05-28 08:57:48 +10:00
Kareem d942fe47d5 Fix issue in ECC test from size mismatch. Code review feedback. 2026-05-27 15:57:00 -07:00
Kareem 5b2569e321 Fix potential mismatch in size between DECL_MP_INT_SIZE_DYN and NEW_MP_INT_SIZE. In some configurations DECL_MP_INT_SIZE_DYN will set the size to max while NEW_MP_INT_SIZE will memset bits. 2026-05-27 15:57:00 -07:00
Kareem de9d0fded8 Fix unused variable warning in random.c when building with CUSTOM_RAND_GENERATE_BLOCK.
Fixes #10499.
2026-05-27 15:57:00 -07:00
Colton Willey 3ffe25f783 Add d2i NULL-deref guards and regression tests
Add `*pp == NULL` checks to three d2i wrappers to prevent NULL deref
on public OpenSSL-compat APIs:
- d2i_evp_pkey (reachable via wolfSSL_d2i_PublicKey/PrivateKey)
- wolfSSL_d2i_OCSP_RESPONSE
- wolfSSL_d2i_ECDSA_SIG (template-ASN crash)

Also add regression tests for the existing PR fixes: ProcessBuffer
negative-size, PemToDer family negative-pemSz, GetCRLInfo negative-sz,
wc_Set*Buffer derSz<0, and d2i_ECDSA_SIG negative-length / *pp==NULL.
2026-05-27 15:38:30 -07:00
JacobBarthelmeh b0d61c5e44 Merge pull request #10545 from douzzer/20260527-fixes
20260527-fixes
2026-05-27 16:14:21 -06:00
Chris Conlon 815d48c65a Merge pull request #10533 from JacobBarthelmeh/wolfclu_flag
set MD5 min hash size when using --enable-wolfclu
2026-05-27 16:05:52 -06:00
kaleb-himes adc8d8fe53 Add PQ documentation
Co-Pilot feedback
2026-05-27 15:57:53 -06:00
JacobBarthelmeh b28cbc7666 Merge pull request #10521 from philljj/kernel_fcntl
wc_port: guard fcntl behind WOLFSSL_KERNEL_MODE.
2026-05-27 15:10:50 -06:00