Commit Graph

28135 Commits

Author SHA1 Message Date
Daniel Pouzzner fc7c19bb07 Merge pull request #9934 from SparkiDev/tls_length_fixes_1
TLS: Better handling of parsing TLS extensions
2026-03-10 22:34:10 -05:00
Daniel Pouzzner 2db5fbb04e Merge pull request #9933 from rlm2002/coverity
20260309 Coverity changes for Sunday build
2026-03-10 22:32:23 -05:00
Daniel Pouzzner bfe0b21829 Merge pull request #9765 from night1rider/zephyr-4_3_0-posix-fix
Add Zephyr 4.1+ build compatibility for wolfssl_tls_sock sample.
2026-03-10 22:28:43 -05:00
Daniel Pouzzner ad21c89ba8 Merge pull request #9944 from JacobBarthelmeh/revert-pr9909
revert PR 9909
2026-03-10 19:38:57 -05:00
Daniel Pouzzner be6e088f46 Merge pull request #9942 from padelsbach/padelsbach/crl-gen-script-fix
Generate CRLs from unit test script
2026-03-10 19:38:29 -05:00
Daniel Pouzzner 8246fa2900 Merge pull request #9910 from holtrop-wolfssl/rust-lms
Rust wrapper: add lms module
2026-03-10 19:37:41 -05:00
Daniel Pouzzner e8a53c2e6d Merge pull request #9941 from kaleb-himes/v6-wolfentropy-combofix
Ensure user-space wolfentropy builds of the v6 module compile the cor…
2026-03-10 19:36:52 -05:00
Daniel Pouzzner e4dea8f261 Merge pull request #9885 from Frauschi/missing_force_zero
Add missing ForceZero calls
2026-03-10 19:36:07 -05:00
Daniel Pouzzner f9b15210d9 Merge pull request #9921 from Frauschi/zd21310
Zeroize preMasterSecret in hybrid PQ/T error cases
2026-03-10 19:35:12 -05:00
Daniel Pouzzner 51693156fe Merge pull request #9939 from SparkiDev/mlkem_comments_fixes
ML-KEM: Fixes for comments plus bug fixes
2026-03-10 19:34:39 -05:00
Daniel Pouzzner 3203610249 Merge pull request #9925 from sameehj/fix-compilation
Fix undefined variable tls1 in InitSuites for PSK cipher suite
2026-03-10 19:34:05 -05:00
Daniel Pouzzner 4e84c7e05a Merge pull request #9931 from aidangarske/fix-wolfcrypt-fenrir-1
Fix Fenrir 376
2026-03-10 19:33:32 -05:00
Daniel Pouzzner f1508c910a Merge pull request #9930 from julek-wolfssl/fenrir/260903
Fenrir fixes
2026-03-10 19:32:56 -05:00
Daniel Pouzzner 7af6decbf3 Merge pull request #9856 from anhu/rsa_guard
Macro guard parameter null check.
2026-03-10 19:32:19 -05:00
Daniel Pouzzner f18d5ba359 Merge pull request #9928 from philljj/fix_f_451
ascon: don't skip wc_AsconAEAD128_Clear on auth error.
2026-03-10 19:31:20 -05:00
Daniel Pouzzner e3e5179cf8 Merge pull request #9869 from JacobBarthelmeh/f356
fix for sanity checks on serial input
2026-03-10 19:30:46 -05:00
Daniel Pouzzner df504300db Merge pull request #9863 from JacobBarthelmeh/f361
Fix for setting curve using all caps with wolfSSL_set1_curves_list
2026-03-10 19:29:46 -05:00
Daniel Pouzzner 65092ab5eb Merge pull request #9838 from SparkiDev/slhdsa_1
FIPS 205, SLH-DSA: implementation
2026-03-10 19:28:59 -05:00
Daniel Pouzzner 2ad5afaf4d wolfcrypt/src/wc_slhdsa.c: fixes for uninited data reads in slhdsakey_wots_sign_chain_x4_*() and slhdsakey_wots_pk_from_sig_x4;
CMakeLists.txt, cmake/functions.cmake, cmake/options.h.in: fixes for -DWOLFSSL_SLHDSA.
2026-03-10 17:51:18 -05:00
Sean Parkinson 0683dab9ac TLS: Better handling of parsing TLS extensions
TLSX_CSR2_Parse: check didn't include length bytes

TLSX_UseSRTP_Parse: validate profile_len

TLSX_CA_Names_Parse: fix for integer overflow

TLSX_SignatureAlgorithms_Parse: set new length before checking

TLSX_ECH_Parse: better parsing
2026-03-11 07:41:13 +10:00
JacobBarthelmeh 528b22140b revert PR 9909 2026-03-10 14:47:21 -06:00
Paul Adelsbach 5bcb9d4966 Generate CRLs from unit test script 2026-03-10 13:25:12 -07:00
night1rider 0442918391 Add Zephyr 4.1+ build compatibility for wolfssl_tls_sock sample. Replace removed Kconfig options (PTHREAD_IPC, POSIX_CLOCK, NET_SOCKETS_POSIX_NAMES) with version-conditional config fragments and fix min/max macro collision with Zephyr's sys/util.h. 2026-03-10 14:23:47 -06:00
Kaleb Himes 4d1b603587 Implement peer review feedback. 2026-03-10 14:15:42 -06:00
kaleb-himes b2520f120f Ensure user-space wolfentropy builds of the v6 module compile the correct resource 2026-03-10 10:48:43 -06:00
JacobBarthelmeh cbf5264d1c replace comment character with allowed character 2026-03-10 10:23:10 -06:00
Sean Parkinson b180a279b0 ML-KEM: Fixes for comments plus bug fixes
wc_MlKemKey_SharedSecretSize: Check len is not NULL before use.
wc_MlKemKey_DecodePrivateKey:
  Don't set flags when public key hash fails.
  ForceZero the private key on failure if copied.
2026-03-10 21:09:08 +10:00
Juliusz Sosinowicz afed9d4b79 fixup! ProcessServerHello: verify extension lengths 2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz ae3fcb5601 Update setup-msbuild action
F-534
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz 62fca11726 Dockerfile: use https instead of http
F-532
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz 3a8e4a34ce ProcessSessionTicket: verify nonce length 2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz 2febc1c7f2 ProcessServerHello: verify extension lengths
F-428
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz 186aaadf87 Pin actions/checkout version
F-529
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz 9c4e77d47d DoTls13ClientHello: session length is a sender side requirement
F-433
2026-03-10 09:52:06 +01:00
Juliusz Sosinowicz 8a57ca84c3 CheckCertCRL_ex: check cbRet after callback
F-432
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz 8696d0d2d8 QuicTransportParam_new: update len check
F-431
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz 15dbd61dbe Remove dead code
`ticket->lifetime` is never set to 0xfffffff anywhere

F-430
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz 7a264162b8 wc_ChaCha20Poly1305_Decrypt: clear unauthed plaintext
F-452
2026-03-10 09:52:05 +01:00
Juliusz Sosinowicz 0b03d56127 wc_GetKeyOID: Clean up logging in mldsa case
F-449
2026-03-10 09:52:05 +01:00
Daniel Pouzzner b02ddde4f2 Merge pull request #9886 from philljj/fix_f_193
wc_encrypt: add missing ForceZero for Des, Arc4, Rc2.
2026-03-09 23:43:26 -05:00
Daniel Pouzzner 18d1190e82 Merge pull request #9924 from Frauschi/f-426
Fix potential underflow in sniffer
2026-03-09 23:42:32 -05:00
Daniel Pouzzner f5902bd29a Merge pull request #9862 from embhorn/zd21243
Fix DeriveTls13Keys with no_key
2026-03-09 23:41:52 -05:00
Daniel Pouzzner 2cb1781b9a Merge pull request #9922 from Frauschi/f-450
Fix memory leak in error case within RsaMGF1
2026-03-09 23:39:30 -05:00
Daniel Pouzzner cd2386c87e Merge pull request #9894 from philljj/fix_f_280
hpke: add missing ForceZero for eae_prk, key_schedule_context, secret.
2026-03-09 23:38:37 -05:00
Daniel Pouzzner 3386e40453 Merge pull request #9890 from philljj/fix_f_hmac
hmac: add missing ForceZero for tmp, prk.
2026-03-09 23:38:04 -05:00
Daniel Pouzzner 3736352b24 Merge pull request #9888 from philljj/fix_f_383
pwdbased: add missing ForceZero for blocks, v, y.
2026-03-09 23:37:24 -05:00
Daniel Pouzzner 8f485a5b7d Merge pull request #9929 from douzzer/20260309-nullPointerOutOfMemory
20260309-nullPointerOutOfMemory
(reviewed+approved by @philljj)
2026-03-09 23:36:44 -05:00
Daniel Pouzzner 23f62bceb5 linuxkm/module_exports.c.template: add wolfssl/wolfcrypt/wc_slhdsa.h.
wolfcrypt/src/wc_slhdsa.c:

  * refactor SAVE_VECTOR_REGISTERS2() in slhdsakey_fors_sign() as
    CAN_SAVE_VECTOR_REGISTERS(), with local save-restore wrappers around the
    rest of the vector calls deeper in the call stack, to avoid failing
    GFP_ATOMIC allocations and long spans with interrupts disabled.

  * fix numerous bugprone-macro-parentheses and bugprone-signed-char-misuses.

  * use readUnalignedWord64() in SHAKE256_SET_SEED_HA_X4_*() and
    slhdsakey_shake256_set_seed_ha_x4() to avoid benign unaligned access warnings
    from sanitizers.

wolfcrypt/test/test.c:

  * in TestDumpData(), use WOLFSSL_DEBUG_PRINTF(), not fprintf(stderr, ...), for
    portability.

  * in slhdsa_test_param() and slhdsa_test(), use WC_DECLARE_VAR() and friends
    for SlhDsaKey allocations, and use ERROR_OUT() and single-return-point
    refactors to fix error path memory leaks.
2026-03-09 23:08:42 -05:00
Ruby Martin 66caf5ad55 free enc and dec before returning MEMORY_E 2026-03-09 13:03:54 -06:00
aidan garske 832af2164b Fix copy-paste error in EncodeCertReq guard check where falconKey was checked twice instead of including dilithiumKey and sphincsKey 2026-03-09 11:43:41 -07:00