wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 21:32:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,397 Commits 12 Branches 184 Tags
100d765b0c333ec00a111ce7c19be6f1bf4070a5
Commit Graph

10346 Commits

Author SHA1 Message Date
Daniel Pouzzner
019a420187 Merge pull request #9568 from kareem-wolfssl/zd20947 
Add a flag which allows requesting exactly SEED_SZ and using the full seed to instantiate the DRBG during RNG init.
 2025-12-24 17:03:26 -06:00
David Garske
18176392fa Merge pull request #9576 from douzzer/20251222-linuxkm-PK-initrng-optimize 
20251222-linuxkm-PK-initrng-optimize
 2025-12-23 15:02:53 -08:00
Kareem
06d8f69dac Separate new /dev/urandom opening logic into a new section in wc_GenerateSeed. 2025-12-23 14:52:52 -07:00
Kareem
cb81cc8ce6 Merge remote-tracking branch 'upstream/master' into gh7197 2025-12-23 14:43:57 -07:00
Daniel Pouzzner
b66f1b78a7 peer/Devin review: 
* in get_crypto_default_rng() (linuxkm/lkcapi_sha_glue.c), sanity check that crypto_default_rng isn't null;
* in wc_InitRsaKey_ex(), remove frivolous NULL/zero assignments (XMEMSET clears them implicitly);
* in wc_CheckRsaKey(), check ret from wc_InitRng() and short circuit return if failed.
 2025-12-23 13:05:40 -06:00
Daniel Pouzzner
cd88a8ae88 peer review -- add !WC_NO_RNG gates around WC_RNG changes in wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h. 2025-12-23 11:41:59 -06:00
David Garske
8f089cdcfe Merge pull request #9508 from SparkiDev/ppc32_sha256_asm_pic 
PPC32 SHA-256 ASM: support compiling for PIC
 2025-12-23 08:12:50 -08:00
Daniel Pouzzner
5030484bcf wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h: 
* add WC_DRBG_{NOT_INIT,OK,FAILED,CONT_FAILED} in public header file, and
* move setup for RNG_SECURITY_STRENGTH, ENTROPY_SCALE_FACTOR, SEED_BLOCK_SZ, SEED_SZ, MAX_SEED_SZ, and RNG_HEALTH_TEST_CHECK_SIZE from random.c to random.h, with public WC_DRBG_SEED_SZ and WC_DRBG_MAX_SEED_SZ.
 2025-12-22 22:58:29 -06:00
Daniel Pouzzner
b2ef89b2db wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h: make RsaKey.rng and wc_RsaSetRNG() available unconditionally, rather than only if WC_RSA_BLINDING, for use by wc_CheckRsaKey(). 2025-12-22 22:58:29 -06:00
Sean Parkinson
21c86682e0 MLDSA/Dilithium: fix 16-bit int issues 
Need to cast byte or number to ensure it is large enough to shift left
by required value.
 2025-12-23 09:51:38 +10:00
Sean Parkinson
59f84355a5 Merge pull request #9573 from night1rider/aes-free-callbacks 
Aes Free callback support
 2025-12-23 08:47:05 +10:00
Sean Parkinson
c8f2cc5b43 Merge pull request #9566 from dgarske/ca_skid_cert_akid 
Added build option to allow certificate CA matching using AKID with signers SKDI
 2025-12-23 08:40:14 +10:00
night1rider
afbc65a6c3 Aes Free callback support 2025-12-22 12:39:41 -07:00
Sean Parkinson
da06e1aeea Merge pull request #9558 from kareem-wolfssl/zd20944_2 
Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application.
 2025-12-22 19:38:42 +10:00
Sean Parkinson
7a326ef43f Merge pull request #9553 from julek-wolfssl/ed25519-export-key-check 
ed25519: validate presence of keys in export functions
 2025-12-22 19:31:14 +10:00
JacobBarthelmeh
0a0c43054f Merge pull request #9564 from douzzer/20251219-fixes 
20251219-fixes
 2025-12-19 16:24:20 -07:00
Kareem
3e59b83727 Only keep /dev/urandom open, close /dev/random after each use. 
Improve logic for opening RNG seed FD.
 2025-12-19 15:57:49 -07:00
Kareem
fe105d4b48 Add a flag which allows requesting exactly SEED_SZ and using the full seed to instantiate the DRBG during RNG init. 
This flag can not be used with FIPS.
 2025-12-19 15:25:15 -07:00
David Garske
1cb2231ff5 Added build option to allow certificate CA matching using AKID with signers SKID ( WOLFSSL_ALLOW_AKID_SKID_MATCH). Fixed issue with cert->extAuthKeyIdSz not being set with ASN template code. 2025-12-19 14:14:39 -08:00
Daniel Pouzzner
a7550346dd wolfcrypt/test/test.c: in rng_seed_test(), fix gates for FIPS 5.2.4. 2025-12-19 15:50:27 -06:00
Daniel Pouzzner
d3f74557fe wolfcrypt/src/wolfentropy.c: add volatile attribute to entropy_memuse_initialized declaration; in wc_Entropy_Get(), if HAVE_FIPS, call Entropy_Init() if necessary, to accommodate FIPS KATs; in Entropy_Init(), add thread safety. 2025-12-19 15:45:17 -06:00
David Garske
1825bd86f5 Merge pull request #9550 from JacobBarthelmeh/caam 
sanity checks on buffer size with AES and CAAM Integrity use
 2025-12-19 11:03:40 -08:00
JacobBarthelmeh
8153ea6189 Merge pull request #9559 from cconlon/pkcs7SignedNonOctet 
Fix PKCS#7 SignedData parsing for non-OCTET_STRING content types
 2025-12-19 11:12:06 -07:00
Daniel Pouzzner
6f95a9c58e wolfcrypt/src/random.c: in _InitRng(), remove "drbg_instantiated" conditional cleanup logic (Coverity true-benign-positive: DEADCODE because drbg_instantiated is always false when ret != DRBG_SUCCESS). 2025-12-19 10:30:14 -06:00
Daniel Pouzzner
fb26b2dfe1 wolfcrypt/test/test.c: in HMAC tests, initialize ret, to silence uninitvar from cppcheck-force-source. 2025-12-19 09:07:14 -06:00
Daniel Pouzzner
96c47cd18c wolfcrypt/test/test.c: in _rng_test(), inhibit the WC_RESEED_INTERVAL subtest if an rng callback is installed. 2025-12-19 08:55:35 -06:00
Juliusz Sosinowicz
dd35f10b57 ed25519: validate presence of keys in export functions 2025-12-19 10:14:26 +01:00
Chris Conlon
afe82b9512 Fix PKCS#7 degenerate detection based on signerInfos length 2025-12-18 16:28:03 -07:00
Chris Conlon
d6dcd30736 Fix PKCS#7 streaming for non OCTET STRING content types 2025-12-18 16:28:01 -07:00
Kareem
b0b840aa0f Rename fdOpen to seedFdOpen to avoid potential conflicts. 
Gate keeping the seed FD open behind WOLFSSL_KEEP_RNG_SEED_FD_OPEN and only
enable by default for HAProxy.  It is causing issues on OS X and may
cause issues on other OSes, and is generally a major behavior change.
 2025-12-18 15:55:35 -07:00
Kareem
c238defe23 Add cast for public_size 2025-12-18 15:32:59 -07:00
Kareem
755097d512 Track if RNG seed FD was opened and only close it if it was already open. This fixes the case where wc_FreeRng is called when _InitRng was not called on the RNG. Since the FD value defaults to 0 before _InitRng was called, and 0 is potentially a valid FD, it was being closed. 2025-12-18 15:27:00 -07:00
JacobBarthelmeh
4162f24434 Merge pull request #9555 from embhorn/zd20964 
Null deref check in Pkcs11ECDH
 2025-12-18 15:14:35 -07:00
Kareem
81d32f4fe6 Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application. 2025-12-18 14:37:59 -07:00
Kareem
0420c942a0 Only use -1 for uninitialized fds as 0 is a valid fd. 2025-12-18 11:22:22 -07:00
Kareem
2e83b97909 Only attempt to close RNG file descriptor on platforms with XCLOSE. 2025-12-18 11:15:33 -07:00
Kareem
fb880e943b Reset fd after closing it. 2025-12-18 11:15:33 -07:00
Kareem
6bcbfec200 Initalize RNG seed fd in _InitRng. 2025-12-18 11:15:33 -07:00
Kareem
ea43bcba72 Keep RNG seed file descriptor open until the RNG is freed. 2025-12-18 11:15:33 -07:00
Daniel Pouzzner
83e9a0780f wolfcrypt/src/wc_lms.c: fix leak in wc_LmsKey_Reload(). 2025-12-18 11:09:37 -06:00
Daniel Pouzzner
59b3219c0f wolfcrypt/test/test.c: fix memory leaks in Hmac tests. 2025-12-18 10:47:21 -06:00
Eric Blankenhorn
d1a4677a8a Null deref check in Pkcs11ECDH 2025-12-18 10:10:57 -06:00
Sean Parkinson
a103f5af8b Merge pull request #9545 from douzzer/20251211-DRBG-SHA2-smallstackcache-prealloc 
20251211-DRBG-SHA2-smallstackcache-prealloc
 2025-12-18 10:07:37 +10:00
Sean Parkinson
b7e69fb2f3 Merge pull request #9543 from kareem-wolfssl/zd20944 
Check Curve25519 public key after generating one to avoid generating invalid keys.
 2025-12-18 09:29:58 +10:00
JacobBarthelmeh
911e996a8d Merge pull request #9546 from SparkiDev/curve25519_base_smul_improv 
Curve25519: improved smul
 2025-12-17 15:28:56 -07:00
Daniel Pouzzner
b23f59f137 Merge pull request #9540 from sameehj/linuxkm_tegra_fips_fixes 
linuxkm: fix Tegra Yocto FIPS build issues (ARM64, RT, PIE)
 2025-12-17 12:49:23 -06:00
JacobBarthelmeh
e93835acd9 sanity checks on buffer size with AES and CAAM Integrity use 2025-12-17 10:15:32 -07:00
Daniel Pouzzner
fc7d4ffad4 PR#9545 20251211-DRBG-SHA2-smallstackcache-prealloc addressing peer review: clear dest if necessary in InitHandshakeHashesAndCopy(), style tweaks in random.c, explanatory comments in sha512.c. 2025-12-17 11:07:22 -06:00
Daniel Pouzzner
33fc601011 tweaks from PRBs results: 
tests/api.c:
* remove inapt SSL_library_init() in test_wolfSSL_EVP_Cipher_extra();
* move TEST_X509_DECLS to follow TEST_DECL(test_wolfSSL_Init);

tests/api/test_random.c: enlarge seed buffer in test_wc_RNG_TestSeed() to accommodate amdrand block size;

tests/quic.c: wrap exercises in wolfSSL_Init()...wolfSSL_Cleanup();

tests/unit.c: in unit_test(), add several more fflush(stdout)s, report error from wolfSSL_Cleanup(), and fix line length;

wolfcrypt/test/test.c: omit reseed test in _rng_test() if HAVE_INTEL_RDRAND or old FIPS, and use simplified random_test() if HAVE_INTEL_RDRAND;

wolfssl/wolfcrypt/mem_track.h: add memList pointer in struct memoryStats, and set it in InitMemoryTracker();

wolfssl/wolfcrypt/settings.h: undefine WOLFSSL_SMALL_STACK_CACHE if WOLFSSL_SMALL_STACK is undefined;

.github/workflows/trackmemory.yml: add --enable-intelrdseed scenario.
 2025-12-17 11:01:11 -06:00
Daniel Pouzzner
fb82bdbc35 wolfcrypt/test/test.c: 
* in wolfcrypt_test_main(), when WOLFSSL_TRACK_MEMORY, check and error if wc_MemStats_Ptr->currentBytes > 0;
  * don't call the hash initialization APIs for hash structs that are later copied over with the hash copy API (sha224_test(), sha256_test(), sha512_test(), etc)
  * in hash_test(), either wc_HashNew() or wc_HashInit(), not both (fixes leaks);
  * in hmac_*_test(), add test coverage for wc_HmacCopy();
  * in _rng_test(), when WOLFSSL_TRACK_MEMORY && WOLFSSL_SMALL_STACK_CACHE, check that wc_MemStats_Ptr->totalAllocs doesn't increase when wc_RNG_GenerateBlock() is called, and if HAVE_HASHDRBG) && !CUSTOM_RAND_GENERATE_BLOCK, check that forcing a reseed doesn't result in an increase.
  * add missing context cleanups in openSSL_evpMD_test().
 2025-12-17 11:01:10 -06:00