Commit Graph

859 Commits

Author SHA1 Message Date
Daniel Pouzzner dc326f8c70 Merge pull request #10691 from julek-wolfssl/tls13-fragmented-sessionticket-defrag
TLS 1.3: reassemble fragmented post-handshake messages after FreeArrays
2026-07-03 00:50:10 -05:00
Daniel Pouzzner 47b7d6ff04 Merge pull request #10739 from JacobBarthelmeh/test
fix for nightly memory allocation test cases with LMS
2026-07-03 00:44:29 -05:00
David Garske d390a98f64 Merge pull request #10754 from SparkiDev/arm64_asm_c_fallback
Aarch64 asm: Have software fallback and CPU id checks
2026-07-02 09:30:19 -07:00
Daniel Pouzzner 076dc5a206 Merge pull request #10773 from rlm2002/coverity
24062026 Coverity fixes
2026-07-01 17:59:19 -05:00
Daniel Pouzzner fd3b489ea5 Merge pull request #10787 from stenslae/update-wolfssl-email
Updated email to facts@wolfssl.com
2026-07-01 17:52:20 -05:00
Daniel Pouzzner 7dd269fc52 Merge pull request #10793 from embhorn/gh10790
Restore error code from DecodeGeneralName
2026-07-01 17:49:37 -05:00
Daniel Pouzzner beca44b2fb Merge pull request #10795 from embhorn/gh10791
Fix to send record_overflow alert
2026-07-01 17:45:43 -05:00
Daniel Pouzzner 0703dc9c6e Merge pull request #10815 from SparkiDev/tls13_test_cv_sig_alg
TLSv1.3 test: CertificateVerify signature algorithm test
2026-07-01 17:27:48 -05:00
Daniel Pouzzner 7afcc3eef6 Merge pull request #10687 from rlm2002/zd-NameConstraints
Name Constraints cert chain walk
2026-07-01 17:24:52 -05:00
Daniel Pouzzner 9f48aef47f Merge pull request #10638 from rizlik/nc_uri_trailing_dot
NameConstraints fixes
2026-07-01 17:14:08 -05:00
Daniel Pouzzner 5a9a49d5d5 Merge pull request #10730 from rizlik/dtlsv13_interop
dtlsv13: fix: send correct CH2 when server do not send HRR
2026-07-01 16:40:29 -05:00
Daniel Pouzzner 323027d1d2 Merge pull request #10820 from lealem47/dh_min_sz
FIPS: Default to 2048 bit min DH crypto
2026-07-01 14:40:04 -05:00
JacobBarthelmeh 64a4c7a7ae Merge pull request #10750 from night1rider/SHAKE-Callbacks
SHAKE 128/256 callback wiring and tests, along with fix to devCTX initialization
2026-07-01 10:53:57 -06:00
Lealem Amedie 277bd66624 FIPS: Default to 2048 bit min DH crypto 2026-07-01 08:26:23 -06:00
Tobias Frauenschläger 9e71da21ac Merge pull request #10751 from aidangarske/tinytls13
Add --enable-tinytls13 TLS 1.3-only footprint profile.

Merging with PRB-master-job failing. Failures are unrelated to this PR.
2026-07-01 15:21:04 +02:00
Sean Parkinson 6315f95378 Aarch64 asm: Have software fallback and CPU id checks
cpuid.h — added CPUID_ASIMD flag + IS_AARCH64_ASIMD() macro (NEON detection).
cpuid.c — added NEON/ASIMD detection fixed FreeBSD/OpenBSD to use HWCAP_*
sha256.c — runtime dispatch SHA256-crypto → NEON → software
sha512.c — replaced the #error with the same crypto → NEON → software dispatch.
chacha.c: add AArch64 runtime fallback to C.
poly1305.c: add AArch64 runtime fallback to C.

Fixes
test_tls.c: don't memcpy into buffer if length is too long.
sha256.c: even if data is not NULL, return immediately when length is 0.
2026-07-01 09:32:28 +10:00
Sean Parkinson 95e798e897 TLSv1.3 test: CertificateVerify signature algorithm test
F-2917
Added test for signature algorithms sent not matching available.
2026-06-30 15:51:51 +10:00
Daniel Pouzzner 8452f2b2e0 wolfssl/wolfcrypt/wc_port.h: keep #define INLINE WC_INLINE even for latest FIPS;
tests/api.c: use WOLFSSL_FILETYPE_PEM, not SSL_FILETYPE_PEM;

tests/api/test_dtls.c and tests/api/test_dtls13.c: use WOLFSSL_ERROR_WANT_READ, not SSL_ERROR_WANT_READ.
2026-06-27 22:31:48 -05:00
Emma Stensland 92e76d4667 updated email to facts@wolfssl.com 2026-06-26 14:44:16 -06:00
Eric Blankenhorn c18833f520 Fix to send record_overflow alert 2026-06-26 11:49:59 -05:00
Eric Blankenhorn e1a2ba3b02 Restore error code from DecodeGeneralName 2026-06-26 11:11:22 -05:00
Ruby Martin 720662e013 capture and free NULL peer to prevent resource leak false positive 2026-06-25 14:44:03 -06:00
Ruby Martin c26f22e9f9 Correct assignment to ssl->options.tls1_3 2026-06-25 14:44:03 -06:00
Ruby Martin 92ed948907 Ignore return from remove() function in tests with (void) 2026-06-25 14:44:03 -06:00
Ruby Martin 26625b7d5e Remove dead code. Dead XBADFILE check, remove() call 2026-06-25 14:44:03 -06:00
Ruby Martin 2c23f174ce FreePeerProtocol before freeing, clears potential resource leak (currently false positive) 2026-06-25 14:44:03 -06:00
David Garske 039e97df89 Merge pull request #10779 from lealem47/guard_rsa_modulus_test
Testing: Guard RSA OversizedModulus test result by FIPS version
2026-06-25 12:06:14 -07:00
David Garske cee4b2bb47 Merge pull request #10713 from SparkiDev/curve25519_hibit_mask
X25519: standard requires masking of top bit
2026-06-25 10:34:49 -07:00
Lealem Amedie b707c00f80 Testing: Guard RSA OversizedModulus test result by FIPS version 2026-06-25 08:16:06 -06:00
JacobBarthelmeh 0ff9278bd9 fix for ecc init flag being set 2026-06-24 16:04:53 -06:00
night1rider fed375fcea SHAKE 128/256 callback wiring and tests, along with fix to devCTX initialization. 2026-06-22 13:35:37 -06:00
aidan garske 8bce9f0ead Add --enable-tinytls13 TLS 1.3-only footprint profile (PSK+ECDHE floor + minimal X.509) 2026-06-19 15:22:59 -07:00
JacobBarthelmeh 67c7a11b8f fix for nightly memory allocation test cases with LMS 2026-06-18 17:23:11 -06:00
Ruby Martin 0052ec44dd add regression tests for name-constraint ancestor walk
- test_wolfSSL_CertManagerNameConstraint_valid_chain
  - test_wolfSSL_CertManagerNameConstraint_skid_disambiguates
  - Cert/key fixtures under certs/test/nc-ancestor/
  - gen-nc-ancestor.sh to regenerate from committed keys
2026-06-18 14:52:08 -06:00
JacobBarthelmeh 1001428637 adjust test case macro guard for ALLOW_INVALID_CERTSIGN builds 2026-06-18 08:20:33 -06:00
Marco Oliverio 9e7958c108 dtlsv13: fix: send correct CH2 when server do not send HRR 2026-06-18 13:46:08 +02:00
JacobBarthelmeh 506a8649e9 add macro guard around new test case for specific builds 2026-06-18 00:48:26 -06:00
JacobBarthelmeh 633784e91b Merge pull request #10714 from Frauschi/zd21992_2
Some more fixes
2026-06-17 17:34:15 -06:00
Tobias Frauenschläger dedba75ad4 Reject duplicate certificatePolicies extension in WOLFSSL_CERT_EXT builds
DecodeExtensionType() guarded the certificatePolicies duplicate check
(VERIFY_AND_SET_OID) under WOLFSSL_SEP only, because the extCertPolicySet
tracking bit was SEP-only. In a WOLFSSL_CERT_EXT-without-WOLFSSL_SEP build a
cert with two certificatePolicies extensions was accepted and the second
silently overwrote the first (RFC 5280 4.2 forbids repeats). Make the bit and
the guard available under WOLFSSL_CERT_EXT too, matching every other
non-repeatable extension.

Add test_DecodeCertExtensions_dup_certpol (DecodeExtensionType now
WOLFSSL_TEST_VIS).
2026-06-17 19:14:21 +02:00
Tobias Frauenschläger 160b3179a1 Add regression tests for various d2i_* methods 2026-06-17 18:44:11 +02:00
Sean Parkinson e017e6cba7 X25519: standard requires masking of top bit
Instead of failing when top bit is set, the standard and current research says to mask it.
WOLFSSL_X25519_NO_MASK_PEER is added to allow the rejection when required.
2026-06-17 15:37:26 +10:00
JacobBarthelmeh e6f02ecf4d fix for clang-tidy warning on variable not read 2026-06-16 16:09:42 -06:00
Tobias Frauenschläger eaa563419e BIO: reject negative length in memory BIO read
Reject a negative read length in the memory BIO read path so it cannot bypass
the signed bounds checks and reach a wild copy. Adds a regression test.
2026-06-16 20:56:45 +02:00
Tobias Frauenschläger 8f55480a1d SP math: validate ECDH shared-secret output buffer against the field size
Regenerate the SP backends so the ECDH secret generators check the caller's
buffer against the number of bytes actually written. Adds a P-384/P-521
buffer-size regression test.
2026-06-16 20:56:45 +02:00
Tobias Frauenschläger f23544f094 TLS 1.3: fix for post-handshake authentication
Only exempt the missing-certificate check during the initial handshake; once a
post-handshake CertificateRequest is outstanding the server again requires the
client certificate (and its CertificateVerify). Adds a post-handshake auth
test.
2026-06-16 20:56:45 +02:00
Tobias Frauenschläger c929798460 TLS: validate negotiated certificate type for raw public keys
Ensure a peer's certificate form (X.509 vs raw public key) matches the
negotiated certificate type, defaulting to X.509 when none was negotiated,
on both the client and server. Adds RPK regression tests covering both
directions.
2026-06-16 20:31:36 +02:00
Tobias Frauenschläger 3e30e69c35 certman: enforce keyCertSign usage on chain-supplied intermediate CAs
Require the keyCertSign key usage on non-root intermediate CAs added during
path building when a KeyUsage extension is present, per RFC 5280. Adds a
regression test.
2026-06-16 20:31:36 +02:00
Tobias Frauenschläger d382439c7c PKCS7: tighten signature presence check in PKCS7_verify
Ensure a signer signature is actually verified before reporting a
PKCS7 SignedData object as verified, and add a regression test.
2026-06-16 20:19:22 +02:00
Juliusz Sosinowicz 0963541f3b TLS 1.3: reassemble fragmented post-handshake messages after FreeArrays
The handshake-message defragmentation buffer (pendingMsg/pendingMsgSz/
pendingMsgOffset/pendingMsgType) lived inside ssl->arrays, which
FreeHandshakeResources() releases once the handshake completes. For a
TLS 1.3 client the arrays are released whenever they are not being
retained for later use, e.g. when the library is built without
HAVE_SESSION_TICKET.

DoTls13HandShakeMsg() then took an "arrays == NULL" early path that
handed the record straight to DoTls13HandShakeMsgType() without any
reassembly. A post-handshake handshake message split across several
records -- such as a NewSessionTicket once a small max_fragment_length
has been negotiated -- was therefore rejected with INCOMPLETE_DATA (-310)
and the peer was reset. Fragmentation during the handshake was
unaffected because the arrays still existed at that point.

Move the defragmentation buffer fields out of Arrays and into the WOLFSSL
object so they survive FreeArrays(), and drop the now-unnecessary
arrays == NULL special case in DoTls13HandShakeMsg() so that
post-handshake messages are reassembled exactly like handshake messages.
The buffer is freed in wolfSSL_ResourceFree(). DoHandShakeMsg() (TLS 1.2)
is updated to use the relocated fields as well.

Add a regression test, test_tls13_fragmented_session_ticket, that
releases the client's handshake arrays after the handshake and injects a
NewSessionTicket fragmented across two records, confirming it is
reassembled and consumed instead of failing with INCOMPLETE_DATA.
2026-06-16 16:23:36 +00:00
Marco Oliverio 44a22af323 Handle wildcard DNS names in compat name-constraint checks
MatchNameConstraint() compared wildcard DNS SANs literally, so
*.example.com was not rejected by an excluded subtree covering
foo.example.com. Route WOLFSSL_GEN_DNS through
wolfssl_local_MatchDnsNameConstraint(), passing the subtree direction:
permitted subtrees require every wildcard expansion to stay inside the
subtree, excluded subtrees reject when any expansion can fall inside.
This matches what ConfirmNameConstraints() already does.
2026-06-15 12:10:40 +02:00