Commit Graph

29626 Commits

Author SHA1 Message Date
David Garske 07ea48673a Merge pull request #10073 from anhu/certmgr
Ensure certificates are getting into cert manager
2026-04-29 09:58:45 -07:00
Lealem Amedie 7f7d28372b Configure.ac cleanup for demented AI logic 2026-04-29 09:53:03 -06:00
rizlik 74570a2d8a dtls13: fix don't reset nexthandshake num after being stateful 2026-04-29 17:37:12 +02:00
rizlik 2aa66d8410 dtls13: always remove CH from the RTX after SH/HRR message 2026-04-29 17:37:12 +02:00
rizlik 610fe743f3 dtls13: CH can't reset message seq after stateful 2026-04-29 17:37:12 +02:00
Eric Blankenhorn 60d6fbe3f5 Fix from review 2026-04-29 10:33:16 -05:00
Juliusz Sosinowicz b261ee6238 src/x509.c: handle streaming BIOs in PEM block reader
The CRL refactor broke nginx's ssl_cache.t (and the wolfSSL/wolfssl
nginx_check matrix on 1.24.0/1.25.0/1.28.1) because nginx loads the test
CRL through a FIFO. wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio() asks
wolfSSL_BIO_get_len() for the BIO size up front; for a FIFO the
underlying ftell() returns ESPIPE, wolfssl_file_len() reports
WOLFSSL_BAD_FILETYPE, and BIO_get_len() returns 0. The function then hit
the l <= pem_struct_min_sz guard and bailed with ASN_NO_PEM_HEADER
before reading a byte, so the caller's loop saw "no CRL" and nginx
emitted "PEM_read_bio_X509_CRL() failed".

Treat l == 0 as "streaming source, size unknown" and allocate up to
MAX_BIO_READ_BUFFER (the same cap ReadPemFromBioToBuffer used for this
case before the refactor). The existing byte-by-byte reader already
stops at the END marker or at EOF, so this is enough; if the upstream
short-reads we still surface ASN_NO_PEM_HEADER from the
pem_struct_min_sz read below. Keep rejecting tiny non-zero lengths
since those are real "buffer too small" cases.
2026-04-29 15:28:17 +00:00
Tobias Frauenschläger 71a8a55654 Merge pull request #10345 from douzzer/20260428-SLHDSA-fixes
20260428-SLHDSA-fixes
2026-04-29 16:44:02 +02:00
Eric Blankenhorn e0f753c0d6 Fix wolfSSL_X509_verify_cert permissiveness with compat layer 2026-04-29 09:40:15 -05:00
Daniel Pouzzner 468ee9e1be Merge pull request #10348 from Frauschi/hostap_fix
Fix race condition in hostap CI tests
2026-04-29 09:05:21 -05:00
Daniel Pouzzner 9c618177c9 Merge pull request #10347 from Frauschi/pq-all_timeout
Increase pq-all test timeout
2026-04-29 09:04:37 -05:00
Daniel Pouzzner 0f0348d505 Merge pull request #10341 from Frauschi/ci_optimization
Remove the amount of macOS based tests in CI
2026-04-29 09:04:00 -05:00
Jeremiah Mackey 9352fad4ac fix unreachable falcon level 5 detection 2026-04-29 13:56:17 +00:00
Jeremiah Mackey 584ded11d3 validate falcon level before check 2026-04-29 13:56:17 +00:00
Tobias Frauenschläger 46b47cb8ec Fix race conditions in hostap CI tests 2026-04-29 14:31:15 +02:00
Tobias Frauenschläger 4f3f40e1fb Increase pq-all test timeout to 10 minutes
Increase the timeout for PQC CI tests from 6 to 10 minutes. The new
SLH-DSA tests take more time than the previous tests due to the slow
signing. With the old timeout, some tests sometimes hit the timeout
before finishing successfully.
2026-04-29 09:21:14 +02:00
Tobias Frauenschläger 0dd6aa3704 Prevent ECC tmp key leak and UB in wc_ecc_mulmod_ex
ecc_key_tmp_final was guarded by `if (err == MP_OKAY)`, leaking
key->t1/t2 (and x/y/z under ALT_ECC_SIZE) whenever an allocation or
mulmod step after ecc_key_tmp_init failed.

Simply removing the guard is unsafe here: unlike wc_ecc_mulmod_ex2
(whose arg checks `return` directly), this function XMALLOC'd `key`
before the arg checks and used `goto exit`, so a bad-arg call would
hand uninitialized memory to ecc_key_tmp_final and XFREE garbage
pointers.

Defer the XMALLOC until after the arg/range checks so `key` is NULL
on the early-error paths, then call ecc_key_tmp_final unconditionally
to plug the leak on the late-error paths.
2026-04-29 09:19:58 +02:00
rizlik b580c05a1a dtls13: test that client do not rtx CH1 after HRR 2026-04-29 09:11:55 +02:00
Andrew Hutchings c75f8bebab Update blocking PR check
Matches patterns for Devin, Codex and Copilot.
2026-04-29 07:41:57 +01:00
Daniel Pouzzner d7a34d4e39 Merge pull request #10311 from dgarske/stm32_gmac
Fix for using STM32 AES hardware crypto with WOLFSSL_ARMASM set
2026-04-28 23:58:17 -05:00
Daniel Pouzzner 1d21858be1 linuxkm/module_hooks.c: in wolfssl_init() DEBUG_LINUXKM_PIE_SUPPORT hash_span() loops, reset cur_reloc_index before each loop (Fenrir review). 2026-04-28 18:12:25 -05:00
Daniel Pouzzner f81f8479d5 fixes for SLH-DSA verifyonly:
wolfssl/wolfcrypt/wc_slhdsa.h: implement WOLFSSL_SLHDSA_NO_SHAKE and WOLFSSL_SLHDSA_NO_SHA2, and fix WC_SLHDSA_MAX_SIG_LEN setup to reflect SHA2 variants;

wolfssl/wolfcrypt/settings.h: if WOLFSSL_KERNEL_MODE, set WOLFSSL_SLHDSA_VERIFY_ONLY unless WOLFSSL_SLHDSA_NO_VERIFY_ONLY;

wolfcrypt/src/wc_slhdsa.c: fix WOLFSSL_SLHDSA_VERIFY_ONLY to work with --enable-slhdsa=sha2,verifyonly;

fix -Wunused-variables in slhdsakey_wots_pk_from_sig_x4();

wolfcrypt/test/test.c: in slhdsa_test(), fix gating for compatibility with --enable-slhdsa=sha2,verifyonly;

tests/api/test_slhdsa.c: fix gating in test_wc_slhdsa() and test_wc_slhdsa_sizes().
2026-04-28 18:06:00 -05:00
Daniel Pouzzner 559b207506 linuxkm/lkcapi_*.c and linuxkm/module_hooks.c: add missing linefeed characters in format args to pr_*(), for proper line flushing. 2026-04-28 17:38:22 -05:00
Eric Blankenhorn d2c33cbc9f Fix from review 2026-04-28 15:34:26 -05:00
Daniel Pouzzner b7ed413571 wolfcrypt/src/wc_lms_impl.c: work around false-positive -Wmaybe-uninitialized in wc_lms_treehash_update(). 2026-04-28 15:05:30 -05:00
Eric Blankenhorn 98ffce9a69 Fix from review 2026-04-28 14:46:07 -05:00
Lealem Amedie 2a0a5cc610 Multi-test fixes 2026-04-28 13:25:14 -06:00
Daniel Pouzzner 29c5b02046 linuxkm/: finish support for stabilization of .rodata_wolfcrypt segment in WC_SYM_RELOC_TABLES (FIPS) kernel module builds:
linuxkm/Makefile: update the GENERATE_RELOC_TAB recipe to generate both wc_linuxkm_pie_text_reloc_tab[] and wc_linuxkm_pie_rodata_reloc_tab.

linuxkm/linuxkm-fips-hash-wrapper.sh: add handling for wc_linuxkm_pie_rodata_reloc_tab.

linuxkm/linuxkm-fips-hash.c: add handling for rodata_reloc_tab.*.

linuxkm/linuxkm_memory.c:
* refactor find_reloc_tab_offset() to be segment-agnostic and tolerate empty reloc tabs.
* refactor wc_reloc_normalize_segment():
  * to be segment-agnostic,
  * identify the src segment dynamically,
  * return BAD_FUNC_ARG where previously returning literal -1,
  * use seg_in_out_len arg to accommodate size skew between input and output (not currently used), and
  * rename working vars for better mnemonicitude.
* update wc_fips_generate_hash() to
  * handle seg_map->rodata_reloc_tab,
  * use new calling convention for wc_reloc_normalize_segment(), and
  * add wc_reloc_normalize_segment() loop for .rodata_wolfcrypt.

linuxkm/linuxkm_memory.h and linuxkm/linuxkm_wc_port.h: rename WOLFSSL_TEXT_SEGMENT_CANONICALIZER* to WOLFSSL_SEGMENT_CANONICALIZER*, with backward-compat provisions.

linuxkm/module_hooks.c:
* add wc_linuxkm_normalize_relocations_noresize() backward-compat wrapper.
* wolfssl_init(): add .rodata_wolfcrypt relocation handling alongside existing .text_wolfcrypt handling, and update for new wc_reloc_normalize_segment() calling convention.
* add seg_map.rodata_reloc_tab initialization.
* update wc_linuxkm_normalize_relocations() to be segment-agnostic and use new wc_reloc_normalize_segment() calling convention.
2026-04-28 12:58:32 -05:00
Daniel Pouzzner 8b98f7f8ea linuxkm/: refactor wc_reloc_table_segments.reloc_tab_* as wc_reloc_table_segments.text_reloc_tab.* (using the new struct wc_reloc_table_fenceposts and WC_RELOC_TABLE_FENCEPOSTS_INITIALIZER), and add wc_reloc_table_segments.rodata_reloc_tab (allocated but not yet implemented). 2026-04-28 12:58:32 -05:00
Daniel Pouzzner d218d3fbdd wolfcrypt/src/ge_operations.c and wolfssl/wolfcrypt/ge_operations.h: when ge_tobytes_nct and ge_tobytes have identical definitions, map the former to the latter using a macro and omit the latter definition, to avoid problematic R_ARM_THM_JUMP11 tail call. 2026-04-28 12:58:32 -05:00
Daniel Pouzzner 00b65a9e00 linuxkm/Kbuild: define NO_PIE_FLAG to 1, not empty, to satisfy gnu make criteria for ifdef. 2026-04-28 12:58:31 -05:00
Lealem Amedie 82b15efebc Add acmeIdentifier to asn=original 2026-04-28 11:51:40 -06:00
Josh Holtrop b38d7bf630 Rust wrapper: guard sha384 pbkdf2 unit test 2026-04-28 13:49:16 -04:00
Tobias Frauenschläger b59ff436f3 Remove the amount of macos based tests in os-check
Reduce the number of tests running on macos in os-check.yml to the
minimum required number to cover all mac os specific features. All other
platform-agnostic configs and setups are only tested on Linux, which is
much faster in GitHub CI.
2026-04-28 19:34:05 +02:00
Eric Blankenhorn 262737d63f Fixes from review 2026-04-28 11:54:46 -05:00
Mattia Moffa bfd8834b31 Additional minor fixes 2026-04-28 18:34:32 +02:00
Colton Willey 37d66b8be9 Guard against negative length in BIO, I/O callbacks and PKCS12 PBKDF
- src/bio.c: Add BIO self-cycle UAF guard and negative nread/nwrite checks
- src/wolfio.c: Add negative sz guards to EmbedSend/EmbedReceive
- wolfcrypt/src/pwdbased.c: Add pLen/sLen/totalLen overflow checks in
  wc_PKCS12_PBKDF_ex
2026-04-28 18:34:32 +02:00
Eric Blankenhorn 6fdd0de0ca Fix handling of otherName in ConfirmNameConstraints 2026-04-28 11:05:37 -05:00
Reda Chouk 8d9af257ac reject extensions in a TLS 1.3 Certificate message that were not offered in the prior ClientHello/CertificateRequest
per rfc 8446 4.4.2
2026-04-28 17:50:09 +02:00
Josh Holtrop 1e35f94f04 Rust wrapper: guard a couple unit tests that require sha512 2026-04-28 11:08:09 -04:00
Josh Holtrop 81435c8a01 Rust wrapper: restrict RNG generic type parameters to be integers
Fixes F-3350
2026-04-28 11:08:09 -04:00
Josh Holtrop 6bb8f8f5cd Rust wrapper: address Copilot review comments 2026-04-28 11:08:09 -04:00
Josh Holtrop ca3c779182 Rust wrapper: use consistent rc check in ECC::shared_secret
Fixes F-2676
2026-04-28 11:08:09 -04:00
Josh Holtrop cf199c9ab8 Rust wrapper: replace Lms::sigs_left() with Lms::has_sigs_left()
Fixes F-3094
2026-04-28 11:08:08 -04:00
Josh Holtrop 135110232f Rust wrapper: make ECC::verify_hash C result check more strict
Fixes F-1989
2026-04-28 11:08:08 -04:00
Josh Holtrop 40bc5d09f7 Rust wrapper: remove return value from MlKem::encode_{public,private}_key()
Fixes F-3093
2026-04-28 11:08:08 -04:00
Josh Holtrop 0cddbb25b2 Rust wrapper: check for NUL-terminated slice in ECC::rs_hex_to_sig
Fixes F-3092
2026-04-28 11:08:08 -04:00
Josh Holtrop 79358fea80 Rust wrapper: add mac feature and implement digest/mac traits 2026-04-28 11:08:08 -04:00
Josh Holtrop 84f8b5fa13 Rust wrapper: implement kem traits 2026-04-28 11:08:08 -04:00
Josh Holtrop c08c16ee8f Rust wrapper: implement password-hash traits 2026-04-28 11:08:08 -04:00