Commit Graph

28584 Commits

Author SHA1 Message Date
Juliusz Sosinowicz dcde00a1eb Add NULL parameter validation to wc_CryptKey F-1372 2026-04-03 10:34:55 +02:00
Juliusz Sosinowicz d6d439c6e6 Add NULL parameter validation to wc_Des_CbcEncryptWithKey/DecryptWithKey F-1371 2026-04-03 10:34:55 +02:00
Daniel Pouzzner d278da09df Merge pull request #10112 from embhorn/zd21470
Fix CertFromX509 copy length check
2026-04-02 23:21:11 -05:00
Daniel Pouzzner ed1f055116 Merge pull request #10119 from kareem-wolfssl/zd21512
Exit MatchDomainName if pattern or string length reach 0.
2026-04-02 22:54:53 -05:00
Daniel Pouzzner 7a6e37d697 Merge pull request #10064 from julek-wolfssl/master
Fixes for wolfclu
2026-04-02 22:54:10 -05:00
Daniel Pouzzner b6d8829ba9 Merge pull request #10114 from Frauschi/fenrir
Fenrir fixes
2026-04-02 22:52:48 -05:00
Daniel Pouzzner 2c41a7c5aa Merge pull request #10115 from julek-wolfssl/zd/21469
Fix multiple bugs in OCSP implementation
2026-04-02 22:50:28 -05:00
Daniel Pouzzner fb4c40170a Merge pull request #10090 from julek-wolfssl/zd/21421
Improve DTLS bucket logic
2026-04-02 22:49:41 -05:00
Daniel Pouzzner 14dbba7b21 armasm: in prototypes for fe_cmov_table(), declare the base arg as const fe*. 2026-04-02 14:14:16 -07:00
Eric Blankenhorn 2b1cde5bbb Fix test for FIPS config 2026-04-02 16:13:18 -05:00
Eric Blankenhorn 3893fd3c6e Fix feedback from review 2026-04-02 16:13:18 -05:00
Eric Blankenhorn 772cda3d48 Fix CertFromX509 copy length check 2026-04-02 16:13:18 -05:00
Kareem 90d6312323 Rework check to avoid changing existing logic. 2026-04-02 11:17:20 -07:00
Kareem 1274c7b5e7 Exit MatchDomainName if pattern or string length reach 0. 2026-04-02 11:17:19 -07:00
Daniel Pouzzner 84f9b20435 Merge pull request #10062 from anhu/vol
Volatile casting
2026-04-02 09:40:40 -05:00
Tobias Frauenschläger 22a2290972 Fix TOCTOU issues in SP math code 2026-04-02 15:06:35 +02:00
Tobias Frauenschläger 8b2c0f7cd2 Make sure ASCON is unusable on big endian 2026-04-02 11:55:41 +02:00
Tobias Frauenschläger da597e30db Fix SECO AES GCM return value 2026-04-02 11:55:41 +02:00
Tobias Frauenschläger 6e0624065f Make sure ECB decrypt function is called in EVP
This only makes an actual difference when FREESCALE_MMCAU is defined (otherwise encrypt and decrypt are the same), but better for clarity still.
2026-04-02 11:55:41 +02:00
Tobias Frauenschläger b6b8de1f59 Add bounds checks for Blake2 digest size 2026-04-02 11:55:41 +02:00
Juliusz Sosinowicz 4cf33849b8 Fix multiple bugs in OCSP implementation
- wolfSSL_i2d_OCSP_REQUEST_bio: save/restore pointer before i2d call
  that advances it, preventing BIO_write from wrong offset and heap
  corruption on free
- wolfSSL_d2i_OCSP_RESPONSE: remove (unsigned char) cast that truncated
  pointer advance to 8 bits, breaking responses larger than 255 bytes
- wolfSSL_OCSP_CERTID_dup: deep-copy CertStatus to prevent double-free
  when both original and duplicate are freed
- wolfSSL_i2d_OCSP_RESPONSE: add NULL check on response parameter
- wolfSSL_i2d_OCSP_REQUEST: advance *data pointer per i2d convention
- FreeOCSP: NULL-check ocsp->cm before dereferencing for heap
- Fix WOLFSSL_LEAVE strings to match actual function names in
  wc_CheckCertOcspResponse, GetOcspEntry, GetOcspStatus,
  CheckOcspResponse, CheckOcspRequest

Add test for CERTID dup (double-free confirmed under ASAN without fix)
and pointer advancement assertions for d2i_OCSP_RESPONSE callers.

Reported in: ZD21469
2026-04-02 11:24:25 +02:00
Juliusz Sosinowicz 2f37ab38fd DTLS Bucket improvements
- test_wolfSSL_DTLS_fragment_buckets: rewrite to use Expect framework
- Correctly handle buckets between other buckets that don't touch
- Fix DTLS fragment combine when data overlaps cur from the left
2026-04-02 11:21:23 +02:00
Daniel Pouzzner 24f9981877 Merge pull request #10120 from douzzer/20260331-wolfcrypt-Wcast-qual
20260331-wolfcrypt-Wcast-qual

approved by @padelsbach
2026-04-02 00:25:13 -05:00
Daniel Pouzzner 661eb46d04 Merge pull request #10117 from gasbytes/2025-03-31-dtls-and-tls-focused-fixes
Multiple DTLS and TLS focused fixes.
2026-04-02 00:24:03 -05:00
Daniel Pouzzner 3c87500207 Merge pull request #10037 from JacobBarthelmeh/nightly
fix examples to follow options.h config
2026-04-02 00:22:40 -05:00
Daniel Pouzzner 49cbbab6b0 Merge pull request #10039 from anhu/pkcs7_oob
Add bounds check in PKCS7 streaming indefinite-length end-of-content parsing
2026-04-02 00:16:49 -05:00
Daniel Pouzzner 5701f5db32 Merge pull request #10083 from anhu/privkeyset
Add privKeySet checks to Ed25519, Ed448, ML-DSA, and ML-KEM
2026-04-02 00:15:12 -05:00
Daniel Pouzzner d6fa846615 Merge pull request #10096 from padelsbach/dilithium-oob-shift
Fix out of bounds shift in ML-DSA
2026-04-02 00:13:06 -05:00
Daniel Pouzzner f02f47b510 Merge pull request #10101 from embhorn/zd21478
Fix GCC 3.4.0 build error
2026-04-02 00:11:12 -05:00
Daniel Pouzzner 2cd4f1c69d Merge pull request #10111 from embhorn/zd21465
Fix ARIA build issue and FIPS guard
2026-04-02 00:09:06 -05:00
Daniel Pouzzner 4dc347082c Merge pull request #10071 from padelsbach/notbefore-notafter-bounds-check
Add bounds check on wolfSSL_X509_notBefore and wolfSSL_X509_notAfter
2026-04-02 00:08:32 -05:00
Daniel Pouzzner 6a04c03e4c Merge pull request #10113 from Frauschi/zd21464
Zeroize heap buffer after ML-DSA signing
2026-04-02 00:06:43 -05:00
Daniel Pouzzner 0c67d7a844 Merge pull request #10080 from JeremiahM37/fenrir-issues
Fenrir fixes
2026-04-02 00:06:02 -05:00
Daniel Pouzzner 7fd41b13de Merge pull request #10104 from padelsbach/cast-shift-slhdsa.c
Cast to unsigned prior to shift to avoid UB in SLH-DSA
2026-04-02 00:03:42 -05:00
Daniel Pouzzner 27aac0ac60 Merge pull request #10007 from julek-wolfssl/zd/21376
DTLS 1.3: don't echo legacy_session_id in ServerHello
2026-04-02 00:03:06 -05:00
JacobBarthelmeh c61f58d53a change character type in comments 2026-04-01 17:22:50 -06:00
Daniel Pouzzner 68eaf67767 Merge pull request #10061 from anhu/fips23
Not just FIPS 140-2, 3 as well.
2026-04-01 18:03:09 -05:00
Daniel Pouzzner 6e8b3e0fcf wolfcrypt/src/blake2b.c and wolfcrypt/src/blake2s.c: restore volatile-based workaround for ARM32 gcc optimizer bug. 2026-04-01 17:14:30 -05:00
JacobBarthelmeh 107cf61ab7 Merge pull request #10118 from padelsbach/crl-no-ecc-fix
Fix compile issue with --enable-crl and --disable-ecc
2026-04-01 15:32:23 -06:00
Daniel Pouzzner 4228bedbcf wolfcrypt/src/integer.c and wolfssl/wolfcrypt/integer.h: constify args to mp_cmp() and mp_cmp_mag(). 2026-04-01 16:32:15 -05:00
Daniel Pouzzner faf2ff26de move WC_BARRIER() definition from wolfssl/wolfcrypt/types.h to wolfssl/wolfcrypt/wc_port.h, and strengthen it. 2026-04-01 16:20:10 -05:00
Daniel Pouzzner e6713372ee fixes from CI testing and peer review:
wolfcrypt/src/tfm.c and wolfssl/wolfcrypt/tfm.h: fix for -Wdiscarded-qualifiers in ecc_check_order_minus_1().

wolfssl/wolfcrypt/types.h: in WC_BARRIER(), use XFENCE() too, for best possible barrier.  fixes an ARM32 -Ofast -Wmaybe-uninitialized in blake2s_init_key().

wolfcrypt/src/asn_orig.c: set Stored flag after each allocation of a member that needs it.

wolfcrypt/src/signature.c: in wc_SignatureGetSize(), provide for legacy FIPS non-const-arg wc_ecc_sig_size() and wc_RsaEncryptSize().
2026-04-01 15:28:35 -05:00
Daniel Pouzzner 21c6568883 Fixes for -Wcast-qual hygiene in wolfCrypt.
.github/workflows/wolfCrypt-Wconversion.yml: Add -Wcast-qual to all scenarios.

wolfssl/wolfcrypt/signature.h, wolfcrypt/src/signature.c, doc/dox_comments/header_files/signature.h:

  Remove incorrect const qualifier on the key argument in

  * wc_SignatureVerifyHash()
  * wc_SignatureVerify()
  * wc_SignatureGenerateHash()
  * wc_SignatureGenerateHash_ex()
  * wc_SignatureGenerate()
  * wc_SignatureGenerate_ex()

  This fixes UB code patterns throughout signature.c.  key is inherently
  accessed readwrite by the underlying low level crypto.  Fortunately, wolfCrypt
  has no APIs/methods to allow actual const MPI key objects, therefore these
  seeming breaking API changes can't actually break any users.

globally:

  * Add const qualifiers to all struct pointer members that are assigned values
    computed from const pointers.

  * Add const qualifiers to intermediate casts for accessors and read-only
    dereference constructs, as needed for -Wcast-qual hygiene, e.g. for a macro
    GET_U16(a), use (*(const word16*)(a)) rather than (*(word16*)(a)).

  * Add const qualifiers to internal declarations, and remove illegal casts, as
    needed for -Wcast-qual hygiene.

  * Add missing const qualifiers to all casts for argument, operand, and
    assignment type agreement, as needed for -Wcast-qual hygiene, e.g.
    "*data = (const byte*)dataASN->data.ref.data" rather than
    "*data = (byte*)dataASN->data.ref.data".

wolfssl/wolfcrypt/asn.h, wolfssl/wolfcrypt/asn_public.h, wolfcrypt/src/asn.c, wolfcrypt/src/asn_orig.c:

  * Add additional lifecycle management for object members that are only sometimes locally allocated:

    DNS_entry.nameStored
    DNS_entry.ipStringStored
    DNS_entry.ridStringStored

wolfssl/wolfcrypt/types.h: add WC_BARRIER() macro -- a portable construct that
   prevents compiler optimizers from reordering operations across the barrier.

wolfssl/wolfcrypt/blake2-impl.h, wolfcrypt/src/blake2s.c, wolfcrypt/src/blake2b.c:

  * In blake2b_init(), blake2b_init_key(), blake2s_init(), and
    blake2s_init_key(), refactor blake2b_param initialization using WC_BARRIER()
    (fixes volatile abuse that triggered -Wcast-qual).

  * Remove the residual and unused WOLFSSL_BLAKE2[BS]_INIT_EACH_FIELD code.

wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h:

  Remove incorrect const qualifier on curve arg to wc_ecc_free_curve() (internal function).
2026-04-01 14:12:02 -05:00
Paul Adelsbach 2d8e853c74 Fix compile issue with --enable-crl and --disable-ecc 2026-04-01 10:10:35 -07:00
Reda Chouk d3ce5b8537 DTLS 1.3 and TLS 1.3 focused fixes
dtls13.c:
- Fix wrong return value in Dtls13SendFragmentedInternal error path (return outputSz instead of recordLength)
- Fix incomplete bounds check in Dtls13SendFragmented to account for DTLS_HANDSHAKE_HEADER_SZ
- Fix wrong WOLFSSL_ENTER trace string in Dtls13EpochCopyKeys

tls13.c:
- Remove wrong (byte) cast on cookie->len passed to TlsCheckCookie
- Add missing bounds check on PSK identityLen in SetupPskKey before copying to client_identity
- Fix data race on static header array in ExpectedResumptionSecret
- Add defensive underflow check in EncryptTls13 for consistency with DecryptTls13
- Fix wrong return variable in DTLS 1.3 Finished send error path (return dtlsRet instead of ret)
- Add missing SM3 case and default in Tls13_Exporter hash switch to prevent NULL dereference
- Initialize *outSz to 0 in wolfSSL_write_early_data to match wolfSSL_read_early_data
- Add bounds check for bindersLen against helloSz in CheckPreSharedKeys
- Fix resource leak and hash state corruption in ExpectedResumptionSecret error paths
- Fix memory leak of rsaSigBuf in dual-alg RSA+RSA CertificateVerify
- Guard against word32 underflow in inputLength - HANDSHAKE_HEADER_SZ in DoTls13HandShakeMsg
- Fix swapped side parameter in DeriveFinishedSecret for server-side Finished processing
- Fix no_mac fall-through in ssl_handshake_md to return NULL instead of wrong digest
- Fix strict aliasing violation in FindPsk PSK key size check
- Remove duplicate !ssl->options.dtls check in TLS 1.3 middlebox compat condition

tests:
- Add regression tests for wolfSSL_write_early_data outSz initialization and DTLS 1.3 Finished send error propagation
2026-04-01 18:36:45 +02:00
Anthony Hu c51cbe149b Get rid of a data file. 2026-04-01 09:00:43 -04:00
Juliusz Sosinowicz ed5eac1c7d wc_EncryptedInfoGet: add AES-CTR support 2026-04-01 14:00:27 +02:00
Juliusz Sosinowicz 6a1db27bae Fix type casting for psk_keySz in MakePSKPreMasterSecret and initialize newSz in PKCS12_ConcatenateContent 2026-04-01 14:00:27 +02:00
Juliusz Sosinowicz 829fbbc702 Fix namespace collision on CRL reasons 2026-04-01 14:00:27 +02:00
JacobBarthelmeh 96fc1e6078 use native WOLFSSL_BIO_NOCLOSE instead of BIO_NOCLOSE in client example 2026-03-31 13:28:05 -06:00