Commit Graph

30513 Commits

Author SHA1 Message Date
Marco Oliverio 44a22af323 Handle wildcard DNS names in compat name-constraint checks
MatchNameConstraint() compared wildcard DNS SANs literally, so
*.example.com was not rejected by an excluded subtree covering
foo.example.com. Route WOLFSSL_GEN_DNS through
wolfssl_local_MatchDnsNameConstraint(), passing the subtree direction:
permitted subtrees require every wildcard expansion to stay inside the
subtree, excluded subtrees reject when any expansion can fall inside.
This matches what ConfirmNameConstraints() already does.
2026-06-15 12:10:40 +02:00
Marco Oliverio eb9cd6c9c5 Use the shared URI name-constraint matcher in the compat layer
Replace ExtractHostFromUri() plus DNS-style base matching in
MatchNameConstraint() with wolfssl_local_MatchUriNameConstraint(), and
make wolfSSL_NAME_CONSTRAINTS_check_name() fail closed like
ConfirmNameConstraints(): when URI subtrees are present, a URI name
without a DNS host is rejected instead of passing excluded-only
constraints as a plain non-match.

This aligns the compat layer with RFC 5280 URI constraint semantics: a
base without a leading dot now matches the host exactly instead of as a
DNS subtree, and IP hosts no longer match at all.
2026-06-15 12:10:20 +02:00
Marco Oliverio a39e8ae976 Route DNS name-constraint checks through one helper
Add wolfssl_local_MatchDnsNameConstraint() dispatching wildcard names
to the subtree matcher and literal names to plain base-name matching,
and use it for the ASN_DNS_TYPE branches of PermittedListOk() and
IsInExcludedList().

This also drops the outer name->len >= base len byte-length guard for
literal DNS names. That guard ran before MatchBaseName() could strip
the absolute-FQDN trailing dot, so a constraint base like
DNS:example.com. never matched the SAN example.com it denotes.
2026-06-15 12:09:56 +02:00
Tobias Frauenschläger d4eedf8af8 Add missing ForceZero call for ML-DSA 2026-06-15 12:07:00 +02:00
Tobias Frauenschläger e43281b2dc Add missing ForceZero calls for ML-KEM 2026-06-15 12:06:55 +02:00
Marco Oliverio ef8836a346 Handle the absolute-FQDN trailing dot in URI name constraints
One trailing dot marks an absolute FQDN and is not part of the host:
"host.com." and "host.com" denote the same host. Strip it from the
URI host before classification (so "12.31.2.3." is still recognized
as an IPv4 address) and from the constraint base before the exact-match
comparison, mirroring what wolfssl_local_MatchBaseName() already does
for DNS name constraints. Only a single dot is the marker: an empty
last label ("host.com..") is rejected.
2026-06-15 11:56:31 +02:00
Marco Oliverio 4b3bb49b27 NameConstraints: Require DNS reg-name host for URI name constraints
RFC 5280 4.2.1.10 defines URI name constraints in terms of a host that
is a fully qualified domain name; RFC 3986 IP-literal ([...]) and
IPv4address hosts are not DNS reg-names and cannot be meaningfully
matched against a DNS-style constraint base.

- Classify the host extracted by GetUriHost (IP-literal, IPv4address,
  reg-name) and validate that a reg-name has no empty labels.
- wolfssl_local_MatchUriNameConstraint() no longer matches URIs whose
  host is an IP address.
- ConfirmNameConstraints() fails closed: when URI constraints are
  present, a URI SAN without a DNS host is rejected. A plain non-match
  would otherwise let such names pass excluded-only constraints.
2026-06-15 11:04:27 +02:00
Juliusz Sosinowicz 7b2d19ca86 parallel-make-check: warn when a job runtime drifts >50% from "minutes"
The "minutes" field is only a scheduling estimate; when it goes stale it
just packs the schedule a little worse, and there was no signal that a
value needed updating. Emit a non-fatal warning when a config that
explicitly sets "minutes" finishes more than 50% above or below it (a
GitHub ::warning:: annotation in CI, a plain line locally) and flag the
row in the step-summary table with the value to copy over.

Configs that omit "minutes" keep riding the 1.0 default and are left
alone. The warning never touches the exit status, so it cannot fail the
job.
2026-06-15 08:36:04 +00:00
Marco Oliverio 3dc729002a Extract GetUriHost from wolfssl_local_MatchUriNameConstraint
Pull the URI host extraction (scheme skip, userinfo skip, IP-literal
brackets, port/path delimiters) into a GetUriHost helper so it can be
reused by other URI name-constraint checks. No functional change.
2026-06-15 09:58:18 +02:00
David Garske 68381e0197 Merge pull request #10680 from michael-membrowse/skip_membrowse_comment
skip membrowse comment action on draft PRs
2026-06-13 19:18:23 -07:00
David Garske e8b88643ba Merge pull request #10681 from douzzer/20260613-linuxkm-fix-fips-random-seed
20260613-linuxkm-fix-fips-random-seed
2026-06-13 19:18:08 -07:00
Daniel Pouzzner 70e7bf5eab linuxkm/linuxkm_wc_port.h: fix entropy source setup for FIPS: use in-boundary wc_GenerateSeed() unless FIPS < 5.2.4 or explicit WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER / WC_LINUXKM_RDSEED_IN_GLUE_LAYER. 2026-06-13 10:48:02 -05:00
David Garske 6b9949ed4a Merge pull request #10676 from douzzer/20260610-linuxkm-fenrir
20260610-linuxkm-fenrir
2026-06-13 08:19:19 -07:00
Michael Rogov Papernov f30cbd4606 skip membrowse comment action on draft PRs 2026-06-13 11:59:58 +01:00
Daniel Pouzzner 4d77baff3b linuxkm/module_hooks.c: fix flub in IntelRDseed64_r() ForceZero() call;
linuxkm/lkcapi_aes_glue.c: fix typo in linuxkm_test_aesgcm() error message.
2026-06-12 19:24:32 -05:00
David Garske f42a698c59 Merge pull request #10668 from holtrop-wolfssl/f-5394
Force-zero wc_AesSivDecrypt*() output buffer on authentication failure
2026-06-12 16:35:31 -07:00
Daniel Pouzzner 1b22e4b502 fix F-4409: Integer Overflow in PKCS1 Sign Length Check Allows Heap Buffer Overflow 2026-06-12 18:14:55 -05:00
Daniel Pouzzner 8624bca5b5 fix F-3294: IntelRDseed64_r Stack Buffer Containing Entropy Cleared with Plain Assignment Instead of wc_ForceZero 2026-06-12 18:14:54 -05:00
Daniel Pouzzner 476cfd6c64 fix for F-3946: Missing ForceZero on Heap-Allocated HMAC State Buffer in km_hmac_init Error Path 2026-06-12 18:14:54 -05:00
Daniel Pouzzner d3279a825a fixes for
F-1433: AES CBC/CFB Self-Test Functions Silently Continue After enc2/dec2 Allocation Failure
F-1434: linuxkm_test_aesgcm Silently Returns Success on Kernel Crypto Allocation Failure
2026-06-12 18:14:54 -05:00
Daniel Pouzzner 503084629f fix F-1430: AES-GCM Non-Stream Path Returns -EINVAL Instead of Propagating skcipher_walk Error 2026-06-12 18:14:54 -05:00
Daniel Pouzzner ab69af541f fixes for
F-1428: Missing ForceZero on sg_buf Containing Decrypted Plaintext in AES-GCM Non-Stream Path
F-3293: AES-CCM Non-Contiguous SG Path Missing ForceZero on sg_buf Containing Decrypted Plaintext
2026-06-12 18:14:53 -05:00
Daniel Pouzzner c071c29eca fixes for Skoll-flagged linuxkm/ flubs in #10658:
in AesGcmCrypt_1() and AesCcmCrypt_1(), check for overflow on assoclen+cryptlen in both encrypt and decrypt modes;

in linuxkm_test_kpp_driver(), return MEMORY_E, not -ENOMEM;

in km_direct_rsa_dec(), only update req->dst_len for -EOVERFLOW, not for -EINVAL.
2026-06-12 18:14:53 -05:00
Daniel Pouzzner c84c44f62f fix F-1238: Integer Overflow in ECDSA Verify Allocation of sig_len + hash_len 2026-06-12 18:14:53 -05:00
Daniel Pouzzner 0272f0a506 fix F-709: AES-XTS Stream Finalize Returns Untranslated wolfCrypt Error Code to Kernel LKCAPI 2026-06-12 18:14:52 -05:00
Daniel Pouzzner 8110d567c8 fix F-708: DH km_dh_set_secret Missing Private Key Cleanup on Error Path 2026-06-12 18:14:52 -05:00
Daniel Pouzzner 591f52fb9b fix F-681: DH/FFDHE Init Error Paths Leak RNG Resource 2026-06-12 18:14:52 -05:00
Daniel Pouzzner ec4146a8e3 fix F-680: ECDH Init Error Paths Leak RNG Resource 2026-06-12 18:14:51 -05:00
Daniel Pouzzner cac0f231db fix F-679: HMAC Finup Memory Leak on Update Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 3057314f65 fix F-678: SHA3 Finup Memory Leak on Update Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 38c2477cbb fix F-677: SHA3 Init Memory Leak on wc_InitSha3 Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 85091c7d06 fix F-676: Missing ForceZero on RSA Decrypted Plaintext Buffer
also ForceZeros various other potentially sensitive allocations before freeing them, and uses unconditional free() per current libwolfssl best practice.
2026-06-12 18:14:50 -05:00
Daniel Pouzzner 1df8d453c9 fix F-3948: Missing KAT mismatch check in aes_xts_256_test partial block encrypt path 2026-06-12 18:14:50 -05:00
Daniel Pouzzner 21a57cf003 Fixes for Fenrir items:
F-1880: Unsigned word32 dec_len Silently Wraps Negative wc_RsaSSL_Verify Error Codes, Returning Wrong Errno on RSA Signature Verification Failure
F-1881: word32 sig_len Silently Wraps Negative wc_RsaSSL_Sign Error in Self-Test Functions, Bypassing <= 0 Guard
F-1882: word32 priv_len / pub_len Silently Wrap Negative wc_RsaKeyToDer / wc_RsaKeyToPublicDer Errors Across Three RSA Self-Test Functions
2026-06-12 18:14:50 -05:00
Daniel Pouzzner b3cb06e98a fix F-1426: PTR_ERR on malloc Results Always Yields 0 in AES-GCM Self-Test Error Messages 2026-06-12 18:14:50 -05:00
Daniel Pouzzner 8c1013ad52 fix F-1425: PTR_ERR on malloc Result Always Yields 0 in Error Message 2026-06-12 18:14:49 -05:00
Daniel Pouzzner 682a09d5a7 fix F-1424: Sysfs Node Resource Leak When Second Install Fails 2026-06-12 18:14:49 -05:00
Daniel Pouzzner f48efe5bfc fix F-705: Missing wc_RsaSetRNG in sig_alg km_pkcs1_set_pub After Key Re-Init 2026-06-12 18:14:49 -05:00
Daniel Pouzzner 9c1d9c164b fix F-673: Wrong sizeof Type in Allocation Failure Error Message 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 1c9abac6f5 fix F-672: Copy-Paste Duplicate: pkcs1_sha384 Unregistered Twice in Both RSA Paths 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 546ac0ac36 linuxkm/lkcapi_aes_glue.c: clean up pr_err()s on allocation failures. 2026-06-12 18:14:48 -05:00
JacobBarthelmeh 86ba8f7770 Merge pull request #10652 from SparkiDev/regression_fixes_25
Regression testing fixes - memory allocation failure testing
2026-06-12 16:30:57 -06:00
David Garske bfef92c343 Merge pull request #10656 from holtrop-wolfssl/f-4427
Ed448: check for public key presence on export
2026-06-12 15:30:07 -07:00
David Garske e4b7b67f06 Merge pull request #10674 from Frauschi/cert_chain_fix
Fixes for OpenSSL compatibility layer
2026-06-12 14:10:13 -07:00
Mattia Moffa 3b080b7e8b DTLS 1.3: receive-side support for RequestConnectionId/NewConnectionId
Implements the receive-side of RFC 9147 § 9. On NewConnectionId, if
usage is cid_immediate, switches our TX CID to the first usable CID;
if usage is cid_spare, discards it.

RequestConnectionId is parsed and ignored (responding is SHOULD in the
RFC).
2026-06-12 22:30:00 +02:00
Josh Holtrop 445b8b272c Document PUBLIC_KEY_E return value for wc_ed448_export_public() in source comment 2026-06-12 15:58:27 -04:00
Josh Holtrop 8c1e3a261f Fix Ed448/25519 export private-only key unit tests for FIPS pre-v7 2026-06-12 15:58:27 -04:00
Josh Holtrop daa22e9fb9 Document PUBLIC_KEY_E return for wc_ed448_export_public() 2026-06-12 15:58:27 -04:00
Josh Holtrop 955ffb92d3 Free RNG from updated Ed448/Ed25519 unit tests 2026-06-12 15:58:27 -04:00
Josh Holtrop 2914a85741 Document PUBLIC_KEY_E error return from wc_edXXX_export_key() 2026-06-12 15:58:27 -04:00