Commit Graph

27747 Commits

Author SHA1 Message Date
David Garske eceb55ebeb Merge pull request #9795 from LinuxJedi/static-fixes2
Static analysis fixes
2026-02-18 12:07:26 -08:00
David Garske 2971c7024b Merge pull request #9671 from SparkiDev/aes_gcm_arm32_hw_crypto_set_key_unaligned
ARM32 HW Crypto: AES-GCM set key unaligned key
2026-02-18 10:54:42 -08:00
David Garske 7efefc7b22 Merge pull request #9792 from SparkiDev/sp_c_rsa_pub_only
SP C - RSA public only build with DH
2026-02-18 10:01:53 -08:00
Andrew Hutchings 7248ca3592 Add SM2 to renewcerts.sh 2026-02-18 18:01:33 +00:00
Andrew Hutchings 2e8f9fe595 Fix SM2 certs to have the correct public key OID
OpenSSL 3.5+ handles the OIDs differently.
2026-02-18 18:01:33 +00:00
Andrew Hutchings 4e37d99d07 Fix OCSP key-based responder ID lookup when SM2/SM3 is enabled.
When WOLFSSL_SM2 and WOLFSSL_SM3 are both defined, KEYID_SIZE becomes 32
(WC_SM3_DIGEST_SIZE) but OCSP_RESPONDER_ID_KEY_SZ remains 20 (SHA-1 per
RFC 6960). The guard (int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ in
OcspFindSigner() and OcspRespIdMatch() evaluated to false (32 != 20),
completely disabling key-based OCSP responder ID matching. This caused
OCSP stapling to fail with BAD_CERTIFICATE_STATUS_ERROR (-406) against
any server using a key-based responder ID (e.g. login.live.com).

Fix by comparing only OCSP_RESPONDER_ID_KEY_SZ bytes for the responder
ID match, and zero-padding the 20-byte key hash to KEYID_SIZE before
passing to CA lookup functions that compare the full KEYID_SIZE.
2026-02-18 18:01:33 +00:00
Andrew Hutchings 730519211d Fix wrong flags read on BIO write 2026-02-18 18:01:33 +00:00
Andrew Hutchings 3ffa625fd4 Fix leak in Aria upon error 2026-02-18 18:01:33 +00:00
Andrew Hutchings 2d2efccf71 Add CI test for wolfSM + wolfSSL 2026-02-18 18:01:33 +00:00
Andrew Hutchings 5bb447dee6 Fix copy/paste error in SM4 CBC Decrypt Async 2026-02-18 18:01:33 +00:00
Andrew Hutchings 43aad1e4d7 Fix SM4 TLS 1.3 decrypt auth tag and SM2 cert verification
- Fix SM4 GCM/CCM TLS 1.3 decrypt to read auth tag from input buffer
  instead of output buffer, consistent with all other AEAD ciphers
  (src/tls13.c)

- Fix SM4_BLOCK_SIZE typo (was SM$_BLOCK_SIZE) in TicketEncDec SM4-GCM
  decrypt path (src/internal.c)

- Fix SM2 certificate signature verification for certs using
  id-ecPublicKey (ECDSAk) with SM2-with-SM3 signature algorithm.
  OpenSSL creates SM2 cert signatures without the standard
  distinguishing identifier in the ZA hash. The SM2k code path already
  handled this correctly (idSz=0), but the ECDSAk + CTC_SM3wSM2 path
  was incorrectly using CERT_SIG_ID_SZ (16), causing ASN_SIG_CONFIRM_E
  (-155) when verifying non-self-signed SM2 certs (wolfcrypt/src/asn.c)

- Regenerate expired SM2 test certificates via certs/sm2/gen-sm2-certs.sh
  They had expired.
2026-02-18 18:01:33 +00:00
Andrew Hutchings b7c3bbf101 Fixes to size checking
In `quic_record_transfer()`, the unsigned subtraction
`qr->end - qr->start` could wrap around if `end < start`, and the
subsequent `len <= 0` check was ineffective on a `word32`. Move the
comparison before the subtraction so the function returns `0` safely.

In `GetEchConfig()`, `XSTRLEN(config->publicName)` was assigned to a
single byte, silently truncating names longer than 255 characters while
`XMEMCPY` still copied the full string. Add a 255-byte length
validation in both `wolfSSL_CTX_GenerateEchConfig()` and
`GetEchConfig()`, and cache the length in a local variable to avoid
redundant `XSTRLEN` calls.
2026-02-18 18:01:33 +00:00
Daniel Pouzzner add60da56a Merge pull request #9794 from sameehj/vtest2-fix
Fix haproxy CI: VTest2 repo archived, use `last` tag
2026-02-18 10:30:01 -06:00
David Garske 0dd5009db0 Merge pull request #9768 from anhu/wc_CheckPrivateKey
wc_CheckPrivateKey returns NOT_COMPILED_IN for certain gating flags
2026-02-18 08:01:53 -08:00
Sameeh Jubran f19c563331 Fix haproxy CI: VTest2 repo archived, use last tag
The vtest/VTest2 GitHub repo was archived on 2026-02-18 and its main
branch Makefile now exits with "THIS REPOSITORY HAS MOVED". The
maintainers tagged the last buildable commit as `last`.

Patch build-vtest.sh for both haproxy versions in the matrix:
- v3.1.0 still references wlallemand/VTest (removed long ago)
- v3.2.0 references vtest/VTest2 main branch (now broken)

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-18 15:53:05 +02:00
Sean Parkinson 63b9d13db8 Merge pull request #9790 from bigbrett/sp-rsa-unused-var
Fix macro protection in SP code for RSA_LOW_MEM
2026-02-18 16:36:04 +10:00
Sean Parkinson 6b46754800 SP C - RSA public only build with DH
Fix build to compile when RSA public only but DH included.
2026-02-18 12:26:00 +10:00
Brett Nicholas 140f9aafe2 test-fix 2026-02-17 15:54:12 -07:00
Brett Nicholas 2c7eb9bc12 fix macro protection for sp_*_cond_add_* in ARM SP asm to prevent unused function warning when used with RSA_LOW_MEM 2026-02-17 15:33:14 -07:00
Anthony Hu 50fbf7f721 wc_CheckPrivateKey() returns NOT_COMPILED_IN for certain gating flags 2026-02-17 17:02:08 -05:00
David Garske 5960a365de Merge pull request #9776 from Pushyanth-Infineon/fix_psoc6_sha_includes
Fix missing header includes and conditional compilation issue for PSoC6 port.
2026-02-17 10:12:00 -08:00
David Garske 40bb3e7c4a Merge pull request #9773 from petertorelli/master
cyignore sslSniffer due to main() conflicts
2026-02-17 10:11:54 -08:00
David Garske a0a76254a5 Merge pull request #9783 from SparkiDev/aes_clang_volatile
AES clang: make x volatile in pre-fetch functions
2026-02-17 10:10:56 -08:00
David Garske 90d0ea1ee2 Merge pull request #9788 from LinuxJedi/static-fixes
Fix issues found in static analysis
2026-02-17 10:02:19 -08:00
David Garske 03260bf478 Merge pull request #9786 from LinuxJedi/quick-fixes
Fixes found when trying a new static analysis method
2026-02-17 09:57:21 -08:00
Andrew Hutchings 8042f767ed Fix issues found in static analysis
- Fix missing cleanup on error in wc_XChaCha20Poly1305_crypt_oneshot:
  change early return to goto out so ForceZero and free are called
- Fix memory leak in wc_DeCompressDynamic: free tmp buffer before
  early return on avail_out size check failure
- Fix unconditional mutex unlock in PQC sign functions (falcon,
  sphincs, dilithium): only call unlock when lock was acquired
- Remove dead oqssig NULL checks in falcon sign/verify that are
  unreachable after the preceding SIG_TYPE_E assignment
2026-02-17 15:20:36 +00:00
Andrew Hutchings 565c6aad49 Fix test building 2026-02-17 10:46:33 +00:00
Andrew Hutchings 060a2b3395 Fix DTLS 1.3 unified header fixed bits mask
DTLS13_FIXED_BITS_MASK used 0x111 (hex 273) instead of 0x7 (decimal 7,
binary 111). Per RFC 9147 Section 4, the top 3 bits of the unified
header flags byte must be 001. The incorrect hex value caused the mask
to only check bit 5 instead of bits 5, 6, and 7, allowing bytes with
bits 6 or 7 set to be misidentified as unified DTLS 1.3 headers.
2026-02-17 10:39:41 +00:00
Andrew Hutchings 00de3f3918 Use XMEMSET instead of memset in QUIC 2026-02-17 10:36:47 +00:00
Andrew Hutchings f31ed0d0cd Fix logic bug in TLSX_TCA_Find causing incorrect Trusted CA matching
The while loop conditions in TLSX_TCA_Find were inverted, causing two
bugs: the loop short-circuited on type match alone without checking the
id content, and the XMEMCMP sense was reversed (continuing on match,
stopping on mismatch). This meant any TCA entry with a matching type
would be returned as a match regardless of whether the identifier
actually matched.

Restructure the loop to correctly require both type and id (size +
content) to match before returning an entry, and to match any entry
immediately for PRE_AGREED type.

Add test_TLSX_TCA_Find unit test exercising exact match, mismatched id,
and PRE_AGREED cases via memio handshake.
2026-02-17 10:35:54 +00:00
Sean Parkinson 299e7bd097 AES clang: make x volatile in pre-fetch functions
Latest version of clang with optimization turned right up will make the
pre-fetch functions return 0.
The pre-fetch functions are there to ensure tables are all in cache not
to calculate a value.
2026-02-17 08:44:24 +10:00
David Garske d81bb7234a Merge pull request #9778 from LinuxJedi/exp-fixes
Fixes to big-endian bugs found in Curve448 and Blake2S
2026-02-16 14:30:47 -08:00
Chris Conlon 36a28ac08c Merge pull request #9713 from padelsbach/crl-generation-cert-updates
Add cert/CRL capabilities: skid, akid, dist point, netscape
2026-02-16 15:29:18 -07:00
David Garske cf4bf83ab2 Merge pull request #9762 from rizlik/bench_ed25519_use_devid
wolfcrypt: benchmark: use WC_USE_DEVID to benchmark ed25519 if defined
2026-02-16 13:49:53 -08:00
Peter Torelli c4ef0e5cd2 Update .cyignore
Also need to ignore MLDSA and MLKEM Intel assembly source files.
2026-02-16 13:44:33 -08:00
David Garske db82c3ef59 Merge pull request #9777 from Pushyanth-Infineon/fix_TLSX_IsGroupSupported_switch_case_handling
Fix switch case handling in TLSX_IsGroupSupported function
2026-02-16 13:13:46 -08:00
David Garske be9f3853fa Merge pull request #9764 from lealem47/wolfEntropy_arm32
wolfEntropy: Add ARM Generic Timer virtual counter as time src
2026-02-16 13:00:26 -08:00
Pushyanth Kamatham b395eef455 Fix missing header includes and conditional compilation issue in PSoC6 crypto hardware acceleration port.
Guard the `aes->left = 0` assignment to enable when WOLFSSL_AES_CFB is defined.
2026-02-17 02:26:52 +05:30
David Garske 2111249508 Merge pull request #9759 from gasbytes/test_wolfSSL_d2i_SSL_SESSION
add test for session deserialization input validation
2026-02-16 12:35:58 -08:00
David Garske 10ca06cebe Merge pull request #9769 from anhu/midbox
Middle box compatibility compliance.
2026-02-16 12:27:07 -08:00
David Garske 1b05b26604 Merge pull request #9779 from LinuxJedi/src-fixes
Fix issues found during src/ code review
2026-02-16 10:45:40 -08:00
Andrew Hutchings 8b44b00317 Fix issues found during src/ code review
- ECH: add bounds check on hpkePubkeyLen against HPKE_Npk_MAX to
  prevent heap buffer overflow from untrusted ECH config data

- Sniffer: fix reassembly memory limit check typo, MaxRecoveryMemory -1
  should be MaxRecoveryMemory != -1

- Sniffer: add bounds check in IPv6 extension header parsing loop to
  prevent OOB read when next_header never matches TCP or NO_NEXT_HEADER

- Sniffer: validate tlsFragOffset + rhSize against tlsFragSize before
  XMEMCPY in both TLS handshake fragment reassembly paths

- Internal: use WC_SAFE_SUM_WORD32 in GrowAnOutputBuffer to prevent
  integer overflow on allocation size, matching existing pattern in
  GrowOutputBuffer
2026-02-16 17:27:10 +00:00
Andrew Hutchings 451cb45670 Fix Blake2s overlapping writes
We are copying from a 32bit buffer, so are overlapping writes. This
could cause damage the hash on big-endian platforms.
2026-02-16 16:08:27 +00:00
Andrew Hutchings 180c66ba70 Fix curve448
`wc_curve448_check_public` can get into an infinite loop in the
big-endian code path.
2026-02-16 15:56:41 +00:00
Sean Parkinson 4fe05d7fe0 Merge pull request #9771 from padelsbach/pk-ec-fix-null-check
Fix null check in ECDSA encode
2026-02-16 22:07:29 +10:00
Pushyanth Kamatham 33c14ead5c Fix switch case handling in TLSX_IsGroupSupported function 2026-02-16 15:59:34 +05:30
Daniel Pouzzner 2c0c28d999 Merge pull request #9770 from padelsbach/sort-known-macros
Fix sorting in .wolfssl_known_macro_extras
2026-02-14 11:17:45 -06:00
Paul Adelsbach aafc876759 Add cert/CRL capabilities: skid, akid, dist point, netscape 2026-02-13 20:35:44 -08:00
Daniel Pouzzner 1c92c74116 Merge pull request #9631 from padelsbach/crl-generation
Add CRL generation code
2026-02-13 21:59:52 -06:00
Peter Torelli 654e102e4b cyignore sslSniffer due to main conflicts 2026-02-13 15:48:59 -08:00