Commit Graph

4539 Commits

Author SHA1 Message Date
JacobBarthelmeh beff858833 Merge pull request #10552 from julek-wolfssl/evp-x25519-x448
Add NID_X25519 and NID_X448 support to the EVP layer
2026-05-28 15:57:50 -06:00
JacobBarthelmeh fc12de010d Merge pull request #10513 from SparkiDev/tls13_aead_limit_fix
TLS 1.3: AEAD limit fixed
2026-05-28 09:30:43 -06:00
Juliusz Sosinowicz df8cc30cb8 Add NID_X25519 and NID_X448 support to the EVP layer 2026-05-28 14:40:36 +00:00
David Garske 2dd7947d27 Merge pull request #10483 from cconlon/pkcs8V1PublicKeyParse
ML-DSA: PKCS#8 parsing + EVP_PKCS82PKEY support
2026-05-27 17:41:30 -07:00
Sean Parkinson 713a220fc9 Merge pull request #10426 from JeremiahM37/fenrir-8
protocol correctness, OpenSSL-compat hardening, and sensitive-memory zeroization
2026-05-28 09:48:10 +10:00
Sean Parkinson 78a5740bac Merge pull request #10504 from miyazakh/f-2180_pbkdf
f-2180: fix clamp iterations <= 0 to 1 instead of returning an error
2026-05-28 09:32:01 +10:00
Sean Parkinson c92208076f Merge pull request #10374 from kareem-wolfssl/zd21699
Enable all-zero shared secret check for Curve448/25519 by default.  Ensure post_handshake_auth extension was sent before accepting post-handshake CertificateRequest message.
2026-05-28 09:29:49 +10:00
Sean Parkinson 70f8bd9831 Merge pull request #10492 from rizlik/legacy_session_id_bad_client
Add compatibility flag and tests for pre-5.9.0 DTLSv1.3 clients
2026-05-28 08:57:48 +10:00
JacobBarthelmeh b0d61c5e44 Merge pull request #10545 from douzzer/20260527-fixes
20260527-fixes
2026-05-27 16:14:21 -06:00
Daniel Pouzzner f6d6ae687a tests/api/test_mldsa_legacy.c: fix bugprone-macro-parentheses in MLDSA_LEGACY_SIZE_ASSERT().
wolfssl/wolfcrypt/wc_mldsa.h: move WOLFSSL_MLDSA_NO_CTX setup to precede legacy dilithium.h header, so that the _NO_CTX remap macros are properly gated in.
2026-05-27 14:02:37 -05:00
JacobBarthelmeh 39a3546b64 Merge pull request #10519 from sebastian-carpenter/flaky-ech-test
CI Fix: fix flaky ECH test
2026-05-27 11:09:18 -06:00
JacobBarthelmeh 3fa4ebcaec Merge pull request #10527 from mattia-moffa/20260525-writedup-no-dtls
Allow --enable-writedup when DTLS is disabled
2026-05-27 11:02:55 -06:00
David Garske 8199fda0a4 Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
David Garske a3f5260260 Merge pull request #10500 from rizlik/sha224_only
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Marco Oliverio bc574f7930 dtls13: WOLFSSL_DTLS13_5_9_0_COMPAT -> WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID 2026-05-26 09:16:56 +02:00
Marco Oliverio e6fa789e68 test_dtls: remove non-ASCII chars 2026-05-26 09:15:58 +02:00
Marco Oliverio 7592b481e7 test: dtls: add WOLFSSL_DTLS13_5_9_0_COMPAT related tests 2026-05-26 09:15:58 +02:00
Mattia Moffa 1f619a9f50 Allow --enable-writedup when DTLS is disabled 2026-05-25 17:34:32 +02:00
Chris Conlon 497de930fd evp: support ML-DSA in wolfSSL_EVP_PKCS82PKEY() and wolfSSL_X509_check_private_key() 2026-05-22 14:56:14 -06:00
Chris Conlon a9e15634db asn: parse RFC 5958 PKCS#8 (OneAsymmetricKey) publicKey trailer in ToTraditional_ex() 2026-05-22 14:55:38 -06:00
sebastian-carpenter d4ed43853f flaky ECH test: fix method for finding ECH extension 2026-05-22 10:48:56 -06:00
Roy Carter dc86dc34a8 Fix: change test string to the new format 2026-05-22 19:01:05 +03:00
Roy Carter 8f15bf6d10 fix : bad merge conflics leftovers. 2026-05-22 19:01:05 +03:00
Roy Carter f15c896551 Build_fix:
When building with --enable-opensslextra=x509small, only OPENSSL_EXTRA_X509_SMALL is defined, not OPENSSL_EXTRA, so these functions are not compiled into the library
2026-05-22 19:01:05 +03:00
Roy Carter 7561911cba fix: Fix build errors for some tests on pipeline 2026-05-22 19:01:05 +03:00
Roy Carter c1a507e175 Feature: allow the usage of
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify

in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson b1e04464fc Merge pull request #10469 from sebastian-carpenter/tls-ech-server-improvements
Enhancement (ECH): Trial decryption and ECH connection status
2026-05-23 00:07:40 +10:00
Sean Parkinson 8dae4b34bb TLS 1.3: AEAD limit fixed
Values were 16-bit each when they are 32-bit each.
Add tests for KeyUpdate limits for TLS 1.3.
2026-05-22 16:41:23 +10:00
HIDEKI MIYAZAKI afb3ca4b77 fix prb failures 2026-05-20 17:31:08 -07:00
HIDEKI MIYAZAKI 319f1d699d fix clamp iterations <= 0 to 1 instead of returning an error 2026-05-20 07:25:35 -07:00
Marco Oliverio 0c8cabedff crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256 2026-05-19 10:22:06 +02:00
David Garske be67bf88f7 Merge pull request #10436 from Frauschi/mldsa_rename
Rename Dilithium to canonical ML-DSA (FIPS 204) names
2026-05-18 11:44:21 -07:00
David Garske 1ccd462ea1 Merge pull request #10482 from rlm2002/coverity
13052026 Coverity Fixes
2026-05-18 10:35:42 -07:00
David Garske bc2e842234 Merge pull request #10460 from JacobBarthelmeh/static_analysis
Static analysis fixes/improvements for SECO, devcrypto, ARIA, MD4, MD2
2026-05-18 10:31:37 -07:00
David Garske 9096bcc8fa Merge pull request #10393 from JacobBarthelmeh/opensslextra
support build --enable-opensslextra with NO_BIO and NO_FILESYSTEM
2026-05-17 22:33:23 -07:00
David Garske 4c9116c743 Merge pull request #10462 from kareem-wolfssl/zd21507
Fix alert type for missing cert.  Prevent building with RNG disabled and blinding enabled by default.  Enforce bounds for AES CMAC size in verify.
2026-05-17 22:25:09 -07:00
David Garske e7f5c99115 Merge pull request #10398 from julek-wolfssl/fenrir/20260430
Fenrir fixes
2026-05-17 22:21:06 -07:00
Daniel Pouzzner a5e79d3b1c wolfssl/wolfcrypt/dilithium.h: use macros, not inlines, for all legacy (!WOLFSSL_NO_DILITHIUM_LEGACY_NAMES) wrappers;
tests/api/test_mldsa.c: suppress -Wunreachable-code around wc_mldsa_canonical_api_check() and wc_mldsa_legacy_alias_check().
2026-05-16 09:51:36 -05:00
Tobias Frauenschläger 2832df2139 Update C# wrapper to new ML-DSA names 2026-05-16 09:48:35 -05:00
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
JacobBarthelmeh c0ba788cb1 support of NO_BIO and NO_FILESYSTEM build with opensslextra 2026-05-15 10:37:46 -06:00
Kareem 213bcb3e94 Gate out all of the newly added AES-CMAC tests for FIPS as none of them will apply to the old FIPS AES-CMAC code. 2026-05-14 15:19:56 -07:00
Kareem d7af80dc93 Update new AES-CMAC bounds test to account for FIPS still using the old code. 2026-05-14 12:46:25 -07:00
Kareem 3300d0834e Code review feedback. Don't error out if WOLFSSL_RSA_PUBLIC_ONLY or WOLFSSL_RSA_VERIFY_ONLY are defined as they don't use blinding. 2026-05-14 12:45:17 -07:00
Kareem 02306592be Require that the AES CMAC mac size is inside of the range [WC_CMAC_TAG_MIN_SZ, WC_AES_BLOCK_SIZE].
Fixes F-3084.
2026-05-14 12:45:17 -07:00
David Garske 460a87119e Merge pull request #10351 from rizlik/cryptocbonly
CRYPTOCB_ONLY: add test infra + SHA256 + AES
2026-05-14 10:37:39 -07:00
Jeremiah Mackey c61fa7d633 honor OpenSSL fail-open contracts 2026-05-14 16:59:12 +00:00
Jeremiah Mackey 88fde0fff7 fix copy-paste constant mismatches 2026-05-14 16:59:12 +00:00
David Garske d0073d9e5c Merge pull request #10326 from sebastian-carpenter/tls-ech-maxnamelen
Add maximum_name_length to TLS ECH padding
2026-05-14 09:15:38 -07:00