Commit Graph

27847 Commits

Author SHA1 Message Date
Paul Adelsbach ebda79fadb Fix OCSP->CRL fallback 2026-02-26 11:44:50 -08:00
JacobBarthelmeh ba859d21fa Merge pull request #9817 from LinuxJedi/static-fixes4
Static code analysis fixes
2026-02-26 12:03:24 -07:00
Andrew Hutchings 110f5cb442 Fix ECH error code: use BUFFER_ERROR for malformed peer input
Change innerClientHelloLen underflow guard in TLSX_ECH_Parse from
BAD_FUNC_ARG to BUFFER_ERROR to match the convention used throughout
tls.c for wire-protocol length/bounds validation.
2026-02-26 14:09:01 +00:00
JacobBarthelmeh 5a72a37b58 Merge pull request #9806 from julek-wolfssl/bind-9.20.11
Add bind 9.20.11 to the test matrix
2026-02-25 16:45:30 -07:00
JacobBarthelmeh 1b1b085290 Merge pull request #9822 from SparkiDev/mlkem_decap_h_set
ML-KEM decapsulate: check for H
2026-02-25 16:44:47 -07:00
Sean Parkinson 2064ff461c Merge pull request #9797 from douzzer/20260218-aes-prefetch-optimize
20260218-aes-prefetch-optimize
2026-02-26 08:27:08 +10:00
JacobBarthelmeh 76816a0e11 Merge pull request #9823 from embhorn/zd21242
Add sanity checks in key export
2026-02-25 14:38:46 -07:00
JacobBarthelmeh e317aa2b70 Merge pull request #9827 from embhorn/zd21241
Fix cert chain size issue
2026-02-25 14:30:58 -07:00
JacobBarthelmeh ee616b4774 Merge pull request #9828 from rizlik/sigalgofix
tls13: don't create a new suite in CertificateRequest, fallback to WOLFSSL_SUITES(sa->ssl)
2026-02-25 14:08:09 -07:00
JacobBarthelmeh b5b7dc89ac Merge pull request #9819 from holtrop-wolfssl/rust-ml-dsa
Rust wrapper: add dilithium module
2026-02-25 10:18:03 -07:00
JacobBarthelmeh b63f878300 Merge pull request #9742 from sameehj/pkcs7-rsa-pss
pkcs7: add RSA-PSS support for SignedData
2026-02-25 09:55:00 -07:00
Daniel Pouzzner c962b8cd8f Merge pull request #9832 from JacobBarthelmeh/arduino
reduce arduino coverage to avoid tests failing from external changes
2026-02-25 10:11:23 -06:00
Eric Blankenhorn 75b0808fe5 Update from review 2026-02-25 09:02:55 -06:00
Eric Blankenhorn 41ebc92fa5 Replace macros from stdint.h with literals to make code more generic 2026-02-25 09:00:57 -06:00
Eric Blankenhorn 4f8f11bcba Add test case 2026-02-25 09:00:57 -06:00
Eric Blankenhorn 67de2349da Add sanity checks in key export 2026-02-25 09:00:57 -06:00
Marco Oliverio 20eeba3d89 test: tls13: add wolfSSL_set1_sigalgs_list test 2026-02-25 12:10:48 +01:00
Sameeh Jubran deb668ca4b pkcs7: add RSA-PSS support for SignedData
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.

Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-25 11:02:47 +02:00
JacobBarthelmeh 3f3bf7501c reduce arduino coverage to avoid tests failing from external changes 2026-02-24 16:35:10 -07:00
JacobBarthelmeh 47033c4b3e Merge pull request #9826 from Frauschi/declaration-after-statement
Wdeclaration-after-statement fixes
2026-02-24 16:14:00 -07:00
Daniel Pouzzner 314da6d6bc wolfssl/wolfcrypt/types.h: work around limitations of Watcom and Windows preprocessors, re WC_ARG_NOT_NULL and friends. 2026-02-24 15:41:11 -06:00
Daniel Pouzzner 39987a9d53 wolfcrypt/src/aes.c, wolfcrypt/src/cmac.c, wolfssl/wolfcrypt/aes.h, wolfssl/wolfcrypt/types.h: optimizations to mitigate performance regressions from 299e7bd097 (#9783):
* add prefetch_ptr flag argument to AesEncrypt_C() and AesDecrypt_C(), and call PreFetchTe() and PreFetchSBox() only if *prefetch_ptr is zero, whereupon it is set to 1;
* when C implementations are available, add prefetch_ptr arg to wc_AesEncrypt() and wc_AesDecrypt(), and pass it through;
* in functions that directly call the AES block encryption methods, opportunistically inhibit prefetch on all but the first call;
* move AES-specific code in wc_CmacUpdate() in cmac.c to wc_local_CmacUpdateAes() in aes.c to let it use conditional prefetching;
* add WC_ARG_NOT_NULL(), WC_ARGS_NOT_NULL(), and WC_ALL_ARGS_NOT_NULL attribute abstractions.
2026-02-24 13:59:12 -06:00
Josh Holtrop 7af0fa497a Rust wrapper: update dilithium module after review 2026-02-24 14:23:59 -05:00
Eric Blankenhorn 5536ecf026 Fix issue from review 2026-02-24 12:43:46 -06:00
Eric Blankenhorn 8f787909da Fix from review 2026-02-24 11:17:42 -06:00
Marco Oliverio d72fcb1d27 tls13: avoid to create a new suite in CertificateRequest
This way the ssl object honour the HasSigAlgo list set by
wolfSSL_set1_sigalgs_list.
2026-02-24 18:02:26 +01:00
Eric Blankenhorn 2ae3164c6f Fix cert chain size issue 2026-02-24 09:27:42 -06:00
Tobias Frauenschläger 96fc896265 Wdeclaration-after-statement fixes 2026-02-24 16:20:10 +01:00
Daniel Pouzzner 66566955db wolfssl/wolfcrypt/wc_port.h, wolfssl/wolfcrypt/sha256.h, wolfssl/wolfcrypt/sha512.h, wolfssl/wolfcrypt/sp.h, wolfssl/wolfcrypt/wc_mlkem.h: add WC_NO_INLINE. 2026-02-23 23:03:08 -06:00
Sean Parkinson 8a75e7d1c7 ML-KEM decapsulate: check for H
Decapsulation needs H, hash of public key, and it is not present if you
have a new key made from a seed.
Code changed to check for and create H in decapsulate.
2026-02-24 10:11:05 +10:00
Kaleb Himes a08efc9b0a Merge pull request #9821 from douzzer/20260223-fix2-configure-kernel-mode-defaults
20260223-fix2-configure-kernel-mode-defaults
2026-02-23 16:33:03 -07:00
Daniel Pouzzner 1270733838 configure.ac: fix typo, $enabled_rng for $enable_rng, in KERNEL_MODE_DEFAULTS setup added in a21dad9555. 2026-02-23 16:05:24 -06:00
Kaleb Himes 9b10357e78 Merge pull request #9820 from douzzer/20260223-fix-configure-kernel-mode-defaults
20260223-fix-configure-kernel-mode-defaults
2026-02-23 14:46:45 -07:00
JacobBarthelmeh 505d170631 Merge pull request #9812 from rlm2002/coverity
02202026 Coverity changes
2026-02-23 14:42:48 -07:00
David Garske c3bc68806c Merge pull request #9811 from julek-wolfssl/ntp-4.2.8p18
Add changes for ntp 4.2.8p18
2026-02-23 10:46:11 -08:00
Daniel Pouzzner a21dad9555 configure.ac: fixes for 47dd864f32 (#9815) -- in KERNEL_MODE_DEFAULTS setup, add additional conditions for automatic activation of AES modes and CMAC, ECC options, and SHAKE, to avoid configuration conflicts in barebones configurations. 2026-02-23 12:31:37 -06:00
Andrew Hutchings 599eec673e Fix ImportKeyState wordAdj always-zero bug in DTLS session import
In ImportKeyState(), wordAdj was always zero because it was computed
after clamping wordCount, and the subtraction direction was reversed.
This caused misaligned parsing of all subsequent fields when importing
state from a peer compiled with a larger WOLFSSL_DTLS_WINDOW_WORDS.

Fix both window and prevWindow blocks to compute the adjustment before
clamping, with the correct subtraction direction.

Add test that imports a state buffer with wordCount > WOLFSSL_DTLS_WINDOW_WORDS
to verify the fix.
2026-02-23 16:52:52 +00:00
Andrew Hutchings 10325b4587 Fix integer underflow in ECH innerClientHelloLen parsing
Add bounds check before subtracting WC_AES_BLOCK_SIZE from the
attacker-controlled innerClientHelloLen field in TLSX_ECH_Parse().
Values 0-15 caused a word16 underflow to ~65K, leading to a heap
buffer overflow write via XMEMSET and heap buffer over-read via
wc_AesGcmDecrypt. Return BAD_FUNC_ARG if the field is too small.
2026-02-23 16:52:52 +00:00
Andrew Hutchings af329b38a8 Fix heap buffer over-read in wolfSSL_select_next_proto
Add missing bounds validation in wolfSSL_select_next_proto. Three
issues fixed:

1. Outer loop: no check that length byte + position stays within inLen,
   allowing XMEMCMP to read past the server protocol list buffer.

2. Inner loop: same missing check for clientNames/clientLen boundary.

3. No-overlap fallback unconditionally dereferences clientNames[0] even
   when clientLen is 0, and returns an outLen that may exceed the buffer.

Also reject zero-length protocol entries (invalid per RFC 7301) to
prevent infinite loops.

Add unit test test_wolfSSL_select_next_proto with 8 cases covering NULL
params, normal match, no overlap, malformed length overruns, zero-length
entries, and empty client lists.
2026-02-23 16:52:52 +00:00
Andrew Hutchings 558ae34f68 Fix CRL_STATIC_REVOKED_LIST binary search bugs in FindRevokedSerial
The CRL_STATIC_REVOKED_LIST code path stored revoked certificates in a
fixed array but never sorted it after parsing, causing binary search to
silently miss revoked serials when entries arrived in non-sorted wire
order. Additionally, comparisons used rc[0].serialSz instead of
rc[mid].serialSz, omitted the length-equality check before XMEMCMP,
and ignored the serialHash lookup path entirely (causing a NULL
dereference when hash-based lookup was used).

Fixes:
- Sort the revoked cert array in InitCRL_Entry after populating it
- Use rc[mid].serialSz instead of rc->serialSz in binary search
- Add serialSz equality check before XMEMCMP, matching linked-list path
- Implement serialHash-based linear scan for hash lookup callers

Add unit test that loads a CRL with serials in unsorted wire order and
verifies that a revoked certificate is correctly detected.
2026-02-23 16:52:52 +00:00
Josh Holtrop 504617bbe9 Rust wrapper: add dilithium module 2026-02-23 10:54:21 -05:00
Kaleb Himes 9ed2f4bad1 Merge pull request #9815 from douzzer/20260221-configure-kernel-mode-defaults
20260221-configure-kernel-mode-defaults
2026-02-22 11:19:07 -07:00
Daniel Pouzzner 47dd864f32 configure.ac:
* add a kernel-appropriate subset of enable-all-crypto to enable whenever KERNEL_MODE_DEFAULTS (almost all of these overlap with FIPS v5/v6 settings);
* move ocspstapling features from enable-all-crypto to enable-all.
2026-02-21 15:09:30 -06:00
David Garske f9572880bf Merge pull request #9813 from embhorn/tlsanvil-fixes
Extend timeout for tls13-client
2026-02-21 12:13:27 -08:00
Kaleb Himes f60beb6c7c Merge pull request #9814 from douzzer/20260221-configure-all-crypto-fpecc
20260221-configure-all-crypto-fpecc
2026-02-21 11:16:19 -07:00
Daniel Pouzzner ff7bc11774 configure.ac: restore fpecc to enable-all-crypto, accidentally removed in f376ae210e. 2026-02-21 10:48:14 -06:00
philljj 1a0549fe5a Merge pull request #9800 from douzzer/20260204-linuxkm-fips-hash
20260204-linuxkm-fips-hash
2026-02-20 18:39:25 -06:00
Ruby Martin d85387b84c set s = NULL to prevent use object after free error 2026-02-20 15:44:47 -07:00
Ruby Martin c17217ce31 add null check in test_wolfSSL_X509_CRL_sign_large()
init revoked
2026-02-20 15:44:45 -07:00
Eric Blankenhorn 4f8fc76d9d Extend timeout for tls13-client 2026-02-20 16:35:52 -06:00