Commit Graph

9738 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 0b1b158fe2 Add a test for multi-message TLS records 2026-05-14 13:10:13 +02:00
Juliusz Sosinowicz b88eb32c1d Guard against unsigned underflow in inputLength calculation
Add bounds check before computing inputLength from curStartIdx + curSize
to prevent unsigned underflow if *inOutIdx ever exceeds the record
content boundary.
2026-05-14 13:10:13 +02:00
Juliusz Sosinowicz 38bd87591f Use curSize for content-only input length in handshake/ack handlers
Since ProcessReply already reduces curSize by padSz after decryption,
use curStartIdx + curSize to bound content data instead of recomputing
it from buffer.length - padSz. This removes three more padSz references
from message processing code.
2026-05-14 13:10:13 +02:00
Juliusz Sosinowicz 7fe8f4d5c6 Fix CI 2026-05-14 13:10:13 +02:00
Juliusz Sosinowicz 7a61b2e087 Refactor record padding handling to eliminate middle padding pattern
Move padSz index advancement from individual message handlers to a
single location at the end of record processing in ProcessReply.
Previously, each handler (DoFinished, DoApplicationData, DoAlert,
DoCertificate, DoServerHello, etc.) advanced the index by padSz,
which then had to be corrected when processing multiple messages
in one record. This "middle padding" pattern was error-prone.

Now curSize is reduced by padSz after decryption/verification so
it reflects content size only. Message handlers advance the index
by content size only. padSz is added once when the record is fully
processed. The correction code for multi-message records is removed.
2026-05-14 13:10:12 +02:00
Sean Parkinson 8d08ff8926 Merge pull request #10428 from kareem-wolfssl/gh10271_10313
tls13.c fixes + Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD.
2026-05-14 19:56:23 +10:00
David Garske 497ed9843e Merge pull request #10303 from julek-wolfssl/zd/21675
ocsp: bind responder authorization to CertID issuerKeyHash
2026-05-13 10:33:17 -07:00
Sean Parkinson 16132b4582 Merge pull request #10445 from embhorn/zd21742
Fix in ECC point conversion
2026-05-13 16:09:02 +10:00
Kareem 6aadfaa9ca Code review feedback 2026-05-12 10:30:24 -07:00
Kareem 2dc257834d Code review feedback 2026-05-12 10:30:24 -07:00
Kareem 75e38c360f NULL check wolfSSL_get_cipher_name_by_hash arguments.
Thanks to Cal Page for the report.
2026-05-12 10:30:24 -07:00
Kareem ef7671f664 In DoTls13CertificateRequest, avoid assigned the CertReqCtx to the SSL object until the function has finished.
This avoids ssl->certReqCtx being set when the function returns an error.
Thanks to Cal Page for the report.
2026-05-12 10:30:24 -07:00
Kareem 86d9a6f212 In Tls13_Exporter, check all length arguments before casting and using them.
Thanks to Cal Page for the report.
2026-05-12 10:30:24 -07:00
Juliusz Sosinowicz 49906319f6 ocsp: address review feedback on PR 10303
- Use KEYID_SIZE for Signer key-hash comparisons since
  Signer.{subject,issuer}KeyHash is sized KEYID_SIZE, not OCSP_DIGEST_SIZE.
- Rename subjectHash/issuerHash to subjectNameHash/issuerNameHash in
  CheckOcspResponder/CheckOcspResponderChain to make the name-vs-key
  hash distinction explicit.
- Expand the Signer.issuerKeyHash field comment to clarify it is the
  subject key hash of the immediate issuer CA.
- Add an imposter-root-ca cert (same DN as root-ca, different RSA key)
  for tests that need to exercise the new CertID issuerKeyHash binding.
2026-05-12 14:36:00 +02:00
Juliusz Sosinowicz 0735a0a7b5 ocsp: bind responder authorization to CertID issuerKeyHash
Addresses ZD21675
2026-05-12 14:36:00 +02:00
Sean Parkinson d7bdfd3e90 Merge pull request #10349 from rizlik/dtls13_rtx_fixes
DTLS13:  Fixes unnecessary client rtx and increase server robustness
2026-05-12 22:19:56 +10:00
Sean Parkinson f436fb858e Merge pull request #10437 from gasbytes/CertManagerLoadCABufferType_MoveXMemset
zero-initialize DecodedCert immediately after allocation in wolfSSL_CertManagerCABufferType
2026-05-12 22:08:53 +10:00
Sean Parkinson 218ddb449e Merge pull request #10394 from dgarske/sp_nonblock_rsa_dh
Add RSA/DH SP non-blocking support for C/Small 2048/3072/4096
2026-05-12 13:25:43 +10:00
Eric Blankenhorn 05d73707ef Fixes from review 2026-05-11 15:06:32 -05:00
Eric Blankenhorn 29f3b30651 Fix in ECC point conversion 2026-05-11 15:06:32 -05:00
Reda Chouk 54bb2c2caf zero-initialize DecodedCert immediately after allocation in
wolfssl_certmanagerloadcabuffertype to prevent cleanup on an
uninitialized struct on the pem error path.
2026-05-11 20:12:19 +02:00
kaleb-himes afb90dd2da Fix private key lock issues in master 2026-05-08 17:08:38 -06:00
David Garske 3351eb429a Merge pull request #10354 from embhorn/zd21725
Fix IPSAN and registeredID handling
2026-05-08 12:15:37 -07:00
David Garske d465d8b130 Add RSA/DH SP non-blocking support for C/Small 2048/3072/4096 2026-05-08 10:36:28 -07:00
Sean Parkinson 5fce8025bb Merge pull request #10386 from JeremiahM37/fenrir-4
Harden TLS handshake validation, OpenSSL-compat defaults, and stale code paths
2026-05-08 10:50:55 +10:00
David Garske 7b34be3945 Merge pull request #10331 from embhorn/zd21706
Fix IDNA matching
2026-05-07 16:09:33 -07:00
David Garske bf6c870889 Merge pull request #10304 from JeremiahM37/fenrir-2
Zero DH keys, tighten SSL APIs, harden TLS extensions
2026-05-07 14:51:28 -07:00
David Garske e78418db95 Merge pull request #10306 from sebastian-carpenter/tls-ech-client-oe
Add OuterExtensions encoding for TLS ECH client
2026-05-07 14:14:50 -07:00
David Garske 8ac2a1ae1b Merge pull request #10418 from rlm2002/coverity
20260506 Coverity
2026-05-07 14:11:32 -07:00
sebastian-carpenter 15b8c88bf6 Write ECH last in HRR to promote interop 2026-05-07 10:10:00 -06:00
sebastian-carpenter 9d938c12ea supported_versions added to non-encode list 2026-05-07 10:10:00 -06:00
sebastian-carpenter e3b291589d TLS ECH outerExtensions (client-side) 2026-05-07 10:10:00 -06:00
Eric Blankenhorn c55b77b382 Fix handling of registeredID 2026-05-07 07:33:56 -05:00
Eric Blankenhorn df7a5e8a85 Fix in CheckForAltNames to handle IPSAN 2026-05-07 07:33:55 -05:00
Eric Blankenhorn 0f50c225e2 Fix IDNA matching 2026-05-07 07:31:25 -05:00
Daniel Pouzzner d86174cc50 src/ssl.c: in wolfSSL_check_domain_name(), use XSTRCMP(), not strcmp();
wolfcrypt/src/asn.c, wolfssl/wolfcrypt/asn.h, src/ssl.c, wolfssl/ssl.h: move wolfssl_local_IsValidFQDN() from ASN.1 layer (where it has no users and is gated out in lean PSK builds) to TLS layer (where its users are);

scripts/crl-revoked.test: use `cp --symbolic-link` opportunistically but fall back to `cp -p`.
2026-05-06 21:40:33 -05:00
Jeremiah Mackey 0e08253b0d fix logic errors in stale code 2026-05-07 02:34:41 +00:00
Jeremiah Mackey 81b66c9cd8 harden SSL config defaults 2026-05-07 02:34:41 +00:00
Jeremiah Mackey b5cff8dcca harden TLS handshake validation 2026-05-07 02:34:41 +00:00
Jeremiah Mackey 3d489d1c10 tests 2026-05-07 02:33:58 +00:00
Jeremiah Mackey 4c76eae0aa zeroize DH private keys on free 2026-05-07 02:31:51 +00:00
Jeremiah Mackey 88664f7224 guard zero length in DES ncbc 2026-05-07 02:31:51 +00:00
Jeremiah Mackey 31c69bfdbc harden SSL config and session 2026-05-07 02:31:51 +00:00
Jeremiah Mackey a5670d7e49 harden TLS extension processing 2026-05-07 02:31:51 +00:00
Daniel Pouzzner b6de2d3cbc src/ssl.c: in wolfSSL_check_domain_name(), call wolfssl_local_IsValidFQDN() to validate the argument, with allowance for "localhost".
scripts/crl-revoked.test: improve "Workaround to not pollute the certs folder" (don't copy whole source tree, and don't copy file contents).
2026-05-06 18:29:27 -05:00
Ruby Martin 80f971cd6d clears dereference before null check 2026-05-06 11:22:47 -06:00
Ruby Martin 682b628eed remove redundant, always true, checks 2026-05-06 10:51:00 -06:00
Juliusz Sosinowicz 061311d6ca zd/21661: harden X.509 chain validation, session ticket identity binding, and peer cert restore
- x509_str: require CA:TRUE unconditionally in wolfSSL_X509_verify_cert;
  verify leaf signature even when verify_cb overrides INVALID_CA
- x509_str: align WOLFSSL_X509_V_ERR_INVALID_CA with OpenSSL value (79)
  so OPENSSL_COEXIST builds compile; bump WC_OSSL_V509_V_ERR_MAX to 80
  and extend error_test() missing-value table for the new gaps
- asn: reject embedded NUL in dNSName / rfc822Name / URI SAN entries
- internal: re-verify restored ticket peer cert against trust store with
  CRL/OCSP checks; clear stale state from session cache on verification
  failure
- ticket: bind SNI and ALPN into session ticket via compile-time selected
  hash (TICKET_BINDING_HASH_TYPE); reject resumption on mismatch in both
  TLS 1.3 and TLS 1.2 paths
- ticket: defer SNI/ALPN binding check until after extensions are parsed
  by consolidating into VerifyTicketBinding(), called once after
  ALPN_Select in DoTls13ClientHello and DoClientHello; the early
  per-call sites ran before extensions were parsed and rejected valid
  resumptions in nginx, haproxy, grpc, and CPython integration tests
- ssl_sess: free previous session in wolfSSL_d2i_SSL_SESSION before
  overwrite
- examples/client: increase SESSION_TICKET_LEN fallback from 256 to 2048
  to support larger tickets
- tests: update SAN NUL fixtures and add parse-time rejection coverage;
  add test_tls13_ticket_peer_cert_reverify for CA-removal scenario; skip
  it under WOLFSSL_NO_DEF_TICKET_ENC_CB
2026-05-06 16:45:58 +02:00
David Garske 6a3eb6f0a8 Merge pull request #10360 from gasbytes/cipher-init-dtls13-fix
dtls13: free and null the cipher slot on init failure in Dtls13InitAesCipher and ChaCha equivalent
2026-05-05 13:08:06 -07:00
David Garske e3a195d394 Merge pull request #10075 from josepho0918/mqx
Improve compatibility for XINET_PTON
2026-05-05 12:47:45 -07:00