Commit Graph

9912 Commits

Author SHA1 Message Date
Daniel Pouzzner d86174cc50 src/ssl.c: in wolfSSL_check_domain_name(), use XSTRCMP(), not strcmp();
wolfcrypt/src/asn.c, wolfssl/wolfcrypt/asn.h, src/ssl.c, wolfssl/ssl.h: move wolfssl_local_IsValidFQDN() from ASN.1 layer (where it has no users and is gated out in lean PSK builds) to TLS layer (where its users are);

scripts/crl-revoked.test: use `cp --symbolic-link` opportunistically but fall back to `cp -p`.
2026-05-06 21:40:33 -05:00
David Garske 490c1062e4 Merge pull request #10274 from gasbytes/crl-idp-extension-fix-follow-up
Reject CRLs with unrecognized critical entry extensions per RFC 5280 section 5.3
2026-05-06 12:13:28 -07:00
Juliusz Sosinowicz 061311d6ca zd/21661: harden X.509 chain validation, session ticket identity binding, and peer cert restore
- x509_str: require CA:TRUE unconditionally in wolfSSL_X509_verify_cert;
  verify leaf signature even when verify_cb overrides INVALID_CA
- x509_str: align WOLFSSL_X509_V_ERR_INVALID_CA with OpenSSL value (79)
  so OPENSSL_COEXIST builds compile; bump WC_OSSL_V509_V_ERR_MAX to 80
  and extend error_test() missing-value table for the new gaps
- asn: reject embedded NUL in dNSName / rfc822Name / URI SAN entries
- internal: re-verify restored ticket peer cert against trust store with
  CRL/OCSP checks; clear stale state from session cache on verification
  failure
- ticket: bind SNI and ALPN into session ticket via compile-time selected
  hash (TICKET_BINDING_HASH_TYPE); reject resumption on mismatch in both
  TLS 1.3 and TLS 1.2 paths
- ticket: defer SNI/ALPN binding check until after extensions are parsed
  by consolidating into VerifyTicketBinding(), called once after
  ALPN_Select in DoTls13ClientHello and DoClientHello; the early
  per-call sites ran before extensions were parsed and rejected valid
  resumptions in nginx, haproxy, grpc, and CPython integration tests
- ssl_sess: free previous session in wolfSSL_d2i_SSL_SESSION before
  overwrite
- examples/client: increase SESSION_TICKET_LEN fallback from 256 to 2048
  to support larger tickets
- tests: update SAN NUL fixtures and add parse-time rejection coverage;
  add test_tls13_ticket_peer_cert_reverify for CA-removal scenario; skip
  it under WOLFSSL_NO_DEF_TICKET_ENC_CB
2026-05-06 16:45:58 +02:00
Daniel Pouzzner 50da0c0a26 Merge pull request #10390 from Frauschi/lms_Wconversion
LMS Wconversion fixes
2026-05-06 09:16:23 -05:00
Daniel Pouzzner 29343708df Merge pull request #10391 from Frauschi/xmss_Wconversion
XMSS Wconversion fixes
2026-05-06 09:15:59 -05:00
Tobias Frauenschläger 2833a4b1e8 ML-DSA Wconversion fixes 2026-05-06 15:33:17 +02:00
Tobias Frauenschläger 40b583fbcb Wconversion fixes for LMS 2026-05-06 15:31:00 +02:00
Tobias Frauenschläger fe353af409 XMSS Wconversion fixes 2026-05-06 15:29:08 +02:00
David Garske 13f459127c Merge pull request #10372 from MarkAtwood/fix/ed448-der-const
fix: add const to wc_Ed448 DER export function key parameters
2026-05-05 12:49:30 -07:00
David Garske 44564dd5fd Merge pull request #10368 from holtrop-wolfssl/gh10359
Allow SubjectInfoAccess extension without id-ad-caRepository entry
2026-05-05 12:49:19 -07:00
David Garske c73f431687 Merge pull request #10392 from JeremiahM37/fenrir-5
wolfCrypt input validation and side-channel hardening
2026-05-05 12:24:17 -07:00
Daniel Pouzzner c1b2660a08 Merge pull request #10396 from douzzer/20260501-fips-v7-fixes
20260501-fips-v7-fixes -- reviewed+approved by @Frauschi
2026-05-05 14:20:49 -05:00
David Garske b47f71678d Merge pull request #10363 from MarkAtwood/fix/curve25519-clamp-check-rule3
fix: curve25519 clamp check missing rule 3 (bit 6 of byte 31) (ZD-21731)
2026-05-05 12:16:06 -07:00
David Garske 00abce3474 Merge pull request #10310 from cconlon/d2iMLDSA
Add ML-DSA SPKI/PKCS#8 DER support to d2i_PUBKEY and d2i_PrivateKey
2026-05-05 12:11:49 -07:00
David Garske 7de26312e6 Merge pull request #10378 from rlm2002/fenrir
Various PKCS12 Fixes
2026-05-05 12:07:17 -07:00
David Garske 3a1f51d2e6 Merge pull request #10388 from Frauschi/slh-dsa_Wconversion
SLH-DSA Wconversion fixes
2026-05-05 12:04:22 -07:00
David Garske 15b10454bc Merge pull request #10340 from JeremiahM37/fenrir-3
harden falcon key handling
2026-05-05 11:57:41 -07:00
David Garske c3cd71ea02 Merge pull request #9965 from kojo1/mldsa
Add ML-DSA to X509_get_pubkey and EVP_PKEY_base_id
2026-05-05 11:57:06 -07:00
David Garske 519c08ae32 Merge pull request #10121 from JacobBarthelmeh/bench
use heap hints where possible in benchmark
2026-05-05 11:56:04 -07:00
David Garske d4d1f03fef Merge pull request #10333 from JacobBarthelmeh/oss-fuzz
change call to GetSigAlg in ASN original to sanity check length
2026-05-05 11:55:21 -07:00
David Garske 87536214bf Merge pull request #10375 from LinuxJedi/STSAFEA120Sim
Add STSAFE A120 CI support
2026-05-05 11:53:29 -07:00
David Garske 5074cf3726 Merge pull request #10366 from embhorn/zd21744
Fix CUDA with WOLFSSL_AES_SMALL_TABLES
2026-05-05 11:51:01 -07:00
David Garske 5266329c9a Merge pull request #10352 from embhorn/zd21724
Fix static / mem tracker build error
2026-05-05 11:48:16 -07:00
David Garske 9b1167772d Merge pull request #10350 from LinuxJedi/ATECC608Sim
Add ATECC608 CI tests
2026-05-05 11:45:45 -07:00
David Garske 678ddd6c73 Merge pull request #10339 from embhorn/zd21707
Fix handling of otherName in ConfirmNameConstraints
2026-05-05 11:41:28 -07:00
David Garske b0fca9df10 Merge pull request #10276 from padelsbach/asn1-time-chars-check
Add checks for ascii digits in time decode functions
2026-05-05 11:38:47 -07:00
David Garske aaca0948e8 Merge pull request #10335 from julek-wolfssl/pkcs11-hmac-session
wolfcrypt/src/wc_pkcs11.c: cache PKCS#11 session across multi-call HMAC
2026-05-05 11:33:10 -07:00
David Garske 04984a5d5e Merge pull request #10346 from Frauschi/ecc_leak_fix
Prevent ECC tmp key leak and UB
2026-05-05 11:32:48 -07:00
David Garske 7e9635df19 Merge pull request #10208 from ColtonWilley/bio-io-negative-length-checks
Guard against negative length in BIO, I/O callbacks and PKCS12 PBKDF
2026-05-05 11:32:21 -07:00
David Garske d793452264 Merge pull request #10353 from julek-wolfssl/dtls-13-client-only
DTLS 1.3 client-only minimum: WOLFSSL_DTLS_ONLY + autoconf cascade
2026-05-05 11:24:44 -07:00
David Garske 80c9d3f048 Merge pull request #10183 from douzzer/20260409-IsValidFQDN
20260409-IsValidFQDN
2026-05-05 11:22:51 -07:00
David Garske c0bc5efe31 Merge pull request #10307 from padelsbach/nxp-aes-multiblock
Fix AES multiblock issues for NXP DCP
2026-05-05 10:56:21 -07:00
Daniel Pouzzner 610b109241 fixes for fips#379 and related:
linuxkm/Makefile, linuxkm/linuxkm-fips-hash-wrapper.sh, linuxkm/linuxkm_memory.c: refactor coreKey extraction to use ELF tools rather than WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE and user_settings.h.

linuxkm/module_hooks.c: add stack measurement for wc_RunAllCast_fips().

tests/api/test_slhdsa.c: frivolous initialization to work around a false positive -Wmaybe-uninitialized in slhdsa_der_roundtrip_one().

wolfcrypt/src/wc_slhdsa.c,  wolfssl/wolfcrypt/wc_slhdsa.h:
* refactor lifecycle management for SHA-2 objects to fix a leak via wc_SlhDsaKey_CheckKey().
* add support for WC_SLHDSA_NO_ASM.
* add WOLFSSL_SLHDSA_VERIFY_ONLY gates around prototypes, to get compile-time failures for misuse.

wolfcrypt/test/test.c:
* clean up myFipsCb() and restore usability of TEST_ALWAYS_RUN_TO_END with bad FIPS hash (useful test coverage).
* add wc_RunAllCast_fips() to wolfcrypt_test().
* when WOLFSSL_KERNEL_MODE or BENCH_EMBEDDED, force on WOLFSSL_SLHDSA_VERIFY_ONLY unless WOLFSSL_SLHDSA_FORCE_FULL_TESTS is defined.

wolfssl/wolfcrypt/settings.h:
* add WC_MLKEM_NO_ASM to WOLFSSL_LINUXKM section to work around asm bug.
* remove clause in WOLFSSL_KERNEL_MODE section that forced on WOLFSSL_SLHDSA_VERIFY_ONLY.
2026-05-05 11:02:13 -05:00
Jeremiah Mackey 6a1b737dae PKCS7 PWRI decrypt: parse PBKDF2 prf 2026-05-05 04:36:16 +00:00
Jeremiah Mackey 9f79f79d86 wc_Entropy_GetRawEntropy: hold entropy_mutex 2026-05-05 04:36:16 +00:00
Jeremiah Mackey 19ff338be9 mp_cond_swap_ct: branchless masked XOR 2026-05-05 04:36:16 +00:00
David Garske 02dfd12466 Merge pull request #10376 from rlm2002/coverity
20260501 Coverity Fixes
2026-05-04 15:15:11 -07:00
Jeremiah Mackey f3c3687efc wc_hash2sz: fix SHA-224 size to 28 2026-05-04 17:18:39 +00:00
Jeremiah Mackey cf9f852db6 validate preconditions at public API boundary 2026-05-04 17:18:39 +00:00
Chris Conlon fe4473fbea Add ML-DSA SPKI/PKCS#8 DER support to d2i_PUBKEY and d2i_PrivateKey. 2026-05-04 09:24:02 -06:00
Tobias Frauenschläger bbcfa97144 SLH-DSA Wconversion fixes 2026-05-04 13:58:00 +02:00
Takashi Kojo 1a6dee2bb3 Add ML-DSA to X509_get_pubkey and EVP_PKEY_base_id 2026-05-02 08:13:08 +09:00
Takashi Kojo 4c04ba306b fix error case in d2iTryAltDhKey 2026-05-02 08:13:08 +09:00
Daniel Pouzzner 7b5330391b Merge pull request #10051 from anhu/mp_int_bounds
Add bounds checks for MP integer size in SizeASN_Items
2026-05-01 15:32:18 -05:00
Ruby Martin 3137d62cf3 fix issue where ToTraditional_ex may assign negative value to *pkeySz 2026-05-01 14:06:51 -06:00
Ruby Martin 00e1fa651f Adds tmpSz so int is not cast to word32 in wc_d2i_PKCS12 2026-05-01 13:36:33 -06:00
Ruby Martin 001939d663 Call ForceZero on sensitive buffers 2026-05-01 13:36:33 -06:00
JacobBarthelmeh 5b4ad8690e update function comments 2026-05-01 09:43:52 -06:00
JacobBarthelmeh d9361e2d8c use INVALID_DEVID in benchmark and copy over heap hint with XMSS export pub 2026-05-01 09:43:51 -06:00
JacobBarthelmeh 78564f0c78 fix XMSS heap hint use 2026-05-01 09:43:25 -06:00