Commit Graph

29626 Commits

Author SHA1 Message Date
Chris Conlon df8e2eedb3 x509: fix malformed AKID extension from wolfSSL_X509_set_authority_key_id 2026-05-01 10:04:31 -06:00
JacobBarthelmeh 5b4ad8690e update function comments 2026-05-01 09:43:52 -06:00
JacobBarthelmeh d9361e2d8c use INVALID_DEVID in benchmark and copy over heap hint with XMSS export pub 2026-05-01 09:43:51 -06:00
JacobBarthelmeh 78564f0c78 fix XMSS heap hint use 2026-05-01 09:43:25 -06:00
JacobBarthelmeh e5d27b61dc use heap hints where possible in benchmark 2026-05-01 09:43:24 -06:00
Ruby Martin c2d44b4359 Bound by curSz in PKCS12 ContentInfo parsing 2026-05-01 09:37:45 -06:00
Ruby Martin 3a799bd451 zeroize unicodePasswd before breaking 2026-05-01 09:21:04 -06:00
Josh Holtrop 3ca70e585a Allow SubjectInfoAccess extension without id-ad-caRepository entry
Previously parsing a SubjectInfoAccess certificate containing a
SubjectInfoAccess extension that did not contain an id-ad-caRepository
resulted in an error.
2026-05-01 07:57:04 -04:00
Tobias Frauenschläger 5151a695bc Merge pull request #10373 from douzzer/20260430-ecc_test_vector_item-WC_MIN_DIGEST_SIZE
20260430-ecc_test_vector_item-WC_MIN_DIGEST_SIZE
2026-05-01 08:57:53 +02:00
Andrew Hutchings a4b754ab5d Add STSAFE A120 CI support
Adds our STSAFE A120 simulator to the CI, adds STSAFE to configure.ac
and fix missing required header.
2026-05-01 07:12:55 +01:00
Daniel Pouzzner d8797f59c4 Merge pull request #10261 from Frauschi/slh-dsa
Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
2026-04-30 23:52:36 -05:00
Mark Atwood d48b0700af fix: update Ed448 DER Doxygen prototypes to match public header 2026-04-30 15:38:04 -07:00
Ruby Martin 1bf33bcc0b PKCS12 and unicode password size check improvement 2026-04-30 16:30:29 -06:00
lealem47 8541142a10 Merge pull request #10361 from dgarske/stm32u3
Add STM32U3 hardware crypto support
2026-04-30 16:30:26 -06:00
Daniel Pouzzner 70d5d86dda wolfcrypt/test/test.c: in ecc_test_vector_item(), don't attempt wc_ecc_verify_hash() if the test vector's message (hash) is shorter than WC_MIN_DIGEST_SIZE. 2026-04-30 17:00:40 -05:00
Mark Atwood 1caa444314 fix: add const to wc_Ed448 DER export function signatures 2026-04-30 14:53:06 -07:00
Ruby Martin 3ff02a7a95 Zero byte array buffer before free 2026-04-30 15:10:03 -06:00
JacobBarthelmeh fc51a38094 Merge pull request #10135 from lealem47/nid_ED
Add Ed25519/Ed448 support to EVP layer
2026-04-30 14:16:05 -06:00
Ruby Martin 3b00b054b3 initialize test variable regCiphertext 2026-04-30 14:00:15 -06:00
Ruby Martin fb69662262 consolidate duplicate shakeType classification, clears logically dead code 2026-04-30 14:00:15 -06:00
Ruby Martin d34ee11797 tests set null on EXPECT_SUCCESS 2026-04-30 14:00:15 -06:00
Lealem Amedie d7942f8e5e Allow custom time functions on STM32 2026-04-30 13:16:58 -06:00
Eric Blankenhorn fdac63cd29 Fix CUDA with WOLFSSL_AES_SMALL_TABLES 2026-04-30 14:06:18 -05:00
Eric Blankenhorn 0d392a6e61 Fix from review 2026-04-30 13:57:21 -05:00
Eric Blankenhorn 13afb8f8a0 Fix static / mem tracker build error 2026-04-30 13:57:21 -05:00
Mark Atwood 52fb6031ad fix: curve25519 clamp check missing rule 3 (bit6 of byte31) 2026-04-30 10:41:10 -07:00
Andrew Hutchings 9e7c2d19c7 Add ATECC608 CI tests
Also fix issues found with ATECC608
2026-04-30 18:01:42 +01:00
Andrew Hutchings 3720a9496c Restore IP_SOCK_getsockopt emNET error lookup
Merging TranslateReturnCode into wolfSSL_LastError dropped the
IP_SOCK_getsockopt(SO_ERROR) lookup emNET integrations need to retrieve
the canonical IP_ERR_* for a failed recv/send, leaving a broken branch
that returned the raw value and mishandled the POSIX-facade convention.

Restore the historic lookup (fixing the optlen pointer-vs-int typo
along the way) and add a CI test that builds wolfSSL with
-DWOLFSSL_EMNET against a clean-room shim providing an emNET-faithful
IP_SOCK_getsockopt (SO_ERROR-then-errno fallback, since Linux does not
stash EAGAIN in SO_ERROR); recv/send fall through to glibc.
2026-04-30 18:01:16 +01:00
Andrew Hutchings bf19d548bb Fix emNET support and add tests
The emNET `wolfSSL_LastError` branches were incorrect. The second one
was never hit and would never compile. The first one inverts error codes
that should not be inverted.

This fixes that code and adds a test with a shim layer to test emNET
calls without using emNET.
2026-04-30 18:01:16 +01:00
David Garske 31ae5d3efd Add STM32U3 hardware crypto support for AES, Hash and TRNG. Tested on NUCLEO-U385RG-Q. 2026-04-30 09:45:44 -07:00
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
lealem47 d00a137de0 Merge pull request #10344 from douzzer/20260416-linuxkm-fips-rodata-canonify
20260416-linuxkm-fips-rodata-canonify
2026-04-30 10:19:43 -06:00
JacobBarthelmeh a478029083 change call to GetSigAlg in ASN original to sanity check length 2026-04-30 09:03:52 -06:00
Reda Chouk eace4f29b1 dtls13: free and null the cipher slot on init failure in Dtls13InitAesCipher and ChaCha equivalent 2026-04-30 16:59:42 +02:00
Reda Chouk 6111c60ea6 reject crls with unrecognized critical entry extensions per rfc 5280 section 5.3 2026-04-30 16:58:47 +02:00
Daniel Pouzzner a057975347 Merge pull request #10293 from Frauschi/liboqs_removal
Remove liboqs for ML-KEM and ML-DSA, update for Falcon
2026-04-30 09:04:11 -05:00
Daniel Pouzzner 76080d0b19 Merge pull request #10292 from Frauschi/liblms_libxmss_removal
Remove deprecated liblms and libxmss
2026-04-30 09:01:24 -05:00
Juliusz Sosinowicz a012a8f3ec DTLS 1.3 client-only minimum: WOLFSSL_DTLS_ONLY + autoconf cascade
* configure.ac: --enable-dtls13 auto-enables --enable-dtls and TLS 1.3,
  with a targeted error if either is explicitly --disabled, plus a
  post-finalization sanity check that errors out if a later
  prerequisite test forces ENABLED_TLS13 back to "no" while
  ENABLED_DTLS13 is yes.
* src/internal.c, src/wolfio.c, wolfssl/wolfio.h: new WOLFSSL_DTLS_ONLY
  compile-time flag elides the EmbedReceive / EmbedSend default
  callbacks. The DTLS_MAJOR runtime check stays in SetSSL_CTX so a
  TLS-method ctx in a DTLS-only build doesn't get datagram callbacks
  by default, and WriteSEQ keeps its ssl->options.dtls branch. A
  #error in settings.h refuses WOLFSSL_DTLS_ONLY without WOLFSSL_DTLS.
* wolfcrypt/src/aes.c: add HAVE_AES_DECRYPT to the inv_col_mul
  definition gate to match its only caller; without it the function is
  emitted dead under WOLFSSL_AES_DIRECT && NO_AES_DECRYPT and
  -Werror=unused-function fails the build.
* .github/workflows/os-check.yml: matrix entry for a minimal DTLS 1.3
  client-only build.
2026-04-30 11:40:22 +00:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
Sameeh Jubran 75dc3e13fd linuxkm/x86_vector_register_glue.c: fix struct pid refcount leak from find_get_pid() in wc_linuxkm_fpu_state_assoc_unlikely().
find_get_pid() returns a struct pid * with the refcount bumped via
get_pid(); callers must release it with put_pid().  The probe here is
purely a liveness check on the slot's previous owner, and the returned
pointer was discarded -- leaking one struct pid reference every time
the unlikely contested-slot path was hit with a still-live owner.

Capture the pointer and put_pid() it on the live-owner branch;
behavior on the orphaned-slot branch is unchanged.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-04-30 10:57:34 +03:00
Sameeh Jubran 2f660a3f7b linuxkm/linuxkm_wc_port.h: in my_memmove(), early-return when n == 0 to avoid size_t underflow
The backward-copy branches compute (n - 1) as size_t, which wraps to SIZE_MAX for n == 0 and, with src below dest, drives the loop backward through kernel memory until it oopses; matches glibc / musl / kernel memmove().

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-04-30 10:57:27 +03:00
Sameeh Jubran 7ca42d1e55 bsdkm: return 0 from wolfkdriv_process() to comply with opencrypto(9)
cryptodev_process must return 0 once crypto_done() has fired; errors are reported via crp_etype, otherwise the framework may re-dispatch an already-completed request.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-04-30 10:56:54 +03:00
S-P Chan 8ecaf8ad6a rpm packaging: RHEL10 + LTO needs gcc-toolset-15 2026-04-30 14:52:22 +08:00
Hideki Miyazaki 3725f139ff Fix SP_MATH and SP_MATH_ALL conflict 2026-04-30 15:42:05 +09:00
Daniel Pouzzner 43e44cb418 Merge pull request #10270 from space88man/fix-spec
Update RPM spec for changes in examples and cmake
2026-04-29 18:33:41 -05:00
Daniel Pouzzner c782db3cc9 Merge pull request #10158 from Roy-Carter/feature/libevent_integration
Libevent integration for OpenSSL compatibility layer
2026-04-29 18:22:07 -05:00
Daniel Pouzzner 5dbf2e7382 linuxkm/linuxkm_memory.c: in wc_fips_generate_hash(), fix handling of failed hmac_update() in text segment loop;
linuxkm/module_hooks.c: in wolfssl_init() DEBUG_LINUXKM_PIE_SUPPORT section, render stabilized_rodata_hash;

in my_kallsyms_lookup_name(), gate kprobe failure messages behind WOLFSSL_LINUXKM_VERBOSE_DEBUG.
2026-04-29 17:35:11 -05:00
Tobias Frauenschläger e1fefcca4f Remove deprecated liblms and libxmss 2026-04-29 19:52:09 +02:00
Daniel Pouzzner 9aec51d00b Merge pull request #10334 from lealem47/acme
Add TLS-ALPN-01 challenge cert support (RFC 8737 acmeId extension)
2026-04-29 12:16:15 -05:00
Lealem Amedie e7297493d4 --enable-compkey allowed with v5 2026-04-29 11:09:33 -06:00