wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 19:59:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,397 Commits 12 Branches 184 Tags
100d765b0c333ec00a111ce7c19be6f1bf4070a5
Commit Graph

27397 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Hutchings
e6ca4d15e2 MicriumReceiveFrom: tighten peer validation 
Reject DTLS datagrams when the stored peer is missing, the address length changes, or the address bytes differ. The old check required both the length and byte comparisons to fail, letting spoofed peers through when only one mismatch occurred.
 2025-10-21 13:10:04 +01:00
Sean Parkinson
9c1462a9ec Aarch64 asm: convert to generated 
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
 2025-10-21 17:03:39 +10:00
Daniel Pouzzner
ca552cc345 src/internal.c: work around false positive "C4701: potentially uninitialized local variable" in GrowOutputBuffer(). 2025-10-20 23:54:15 -05:00
Daniel Pouzzner
279238ce63 wolfssl/wolfcrypt/types.h: 
* fix WC_MIN_SINT_OF().
* add outer cast back to target type in WC_MAX_UINT_OF() and WC_MAX_SINT_OF().
* rename WC_SAFE_SUM_*_NO_WUR to WC_SAFE_SUM_*_CLIP().
* remove clipping assignments from failure paths in WC_WUR_INT() variants.
* add WC_SAFE_SUB_UNSIGNED_CLIP(), WC_SAFE_SUB_UNSIGNED(), WC_SAFE_SUB_SIGNED_CLIP(), and WC_SAFE_SUB_SIGNED().
* add Coverity-specific annotations in WC_SAFE_*() to suppress false-positive overflow warnings.

wolfcrypt/test/test.c:
* implement macro_test().
* fix stray uint32_t's in crypto_ecc_verify() and crypto_ecc_sign() arg lists.

wolfssl/wolfcrypt/ext_xmss.h: fix stray uint32_t.
 2025-10-20 23:27:09 -05:00
jordan
c1032a8cb6 KDF onestep: hashOutSz err check. 2025-10-20 22:05:41 -05:00
Sean Parkinson
5adf392d56 Merge pull request #9281 from effbiae/tlsx-with-ech 
refactor to TLSX_ChangeSNIBegin/End
 2025-10-21 10:58:33 +10:00
Sean Parkinson
3f9e2e5baa X.509 cert: crl distribution point reasons is IMPLICIT 
The reasons field is IMPLICIT meaning that the value is directly under
the context-specific tag. That is context-specific tag is not
constructed.
 2025-10-21 09:30:45 +10:00
Andrew Hutchings
00c936c29e Only change WC_BENCH_MAX_LINE_LEN when we need to 2025-10-20 18:58:16 +01:00
night1rider
f1faefed91 Added callbacks for copy and free to SHA, 224, 384, 512, and SHA3. Also split macros for FREE and COPY Callbacks, and add configure.ac option. 2025-10-20 11:09:35 -06:00
Anthony Hu
26ba17b48e Prevent a conversion warning 2025-10-20 12:20:59 -04:00
David Garske
d86575c766 Merge pull request #9312 from night1rider/FixCallbackRngInit 
Refactor wc_rng_new to use wc_rng_new_ex, and to use WC_USE_DEVID as the devId if set at compile time
 2025-10-20 09:19:17 -07:00
night1rider
0dca3bc24d Setup to be opt-in for copy callback, and also added a outline for a free callback 2025-10-20 10:07:24 -06:00
night1rider
4d6418f31a Add crypto callback support for copy operations (SHA-256) 2025-10-20 10:06:30 -06:00
David Garske
7fa53c8c71 Merge pull request #9289 from philljj/cmac_kdf 
cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step.
 2025-10-20 08:33:30 -07:00
night1rider
bd4099d2d7 Update test.c tests to use global devId instead of INVALID_DEVID 2025-10-20 09:16:23 -06:00
night1rider
28c78b5c0c Use global devId for RNG initialization in tests: mlkem_test, dilithium_test, xmss_test, lms_test 2025-10-20 09:16:23 -06:00
night1rider
fba8cab200 Refactor wc_rng_new to use wc_rng_new_ex, and to use WC_USE_DEVID as the devId if set at compile time 2025-10-20 09:16:23 -06:00
jordan
525c212d1c cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step. 2025-10-20 08:20:23 -05:00
Josh Holtrop
987bf2fe2e Rust wrapper: fix test_ecc sig_to_rs() check 2025-10-20 09:09:53 -04:00
Josh Holtrop
714abfa1c0 Rust wrapper: add wolfssl::wolfcrypt::sha module 2025-10-20 08:44:07 -04:00
philljj
aba9ee4015 Merge pull request #9319 from douzzer/20251018-linuxkm-gdwarf-4-g1 
20251018-linuxkm-gdwarf-4-g1
 2025-10-18 14:35:46 -05:00
Daniel Pouzzner
9881c95c46 linuxkm/Kbuild: refactor RENAME_PIE_TEXT_AND_DATA_SECTIONS to automatically derive the list of all ELF sections to rename, rather than enumerating them staticly in the objcopy recipe (motivated by changes expected in kernel 6.19). 2025-10-18 12:07:35 -05:00
Daniel Pouzzner
a36dd35e59 linuxkm: rename FIPS container segments from foo.wolfcrypt to foo_wolfcrypt to avoid getting rearranged by kernel scripts/module.lds klp/kpatch clauses expected in kernel 6.19. 2025-10-18 03:23:38 -05:00
Daniel Pouzzner
2bbc3a0ae2 wolfcrypt/test/test.c: fixes for --disable-sha256, --disable-hmac, --disable-rng, and FIPS gating on RSA-PSS. 2025-10-18 02:05:55 -05:00
Daniel Pouzzner
08f5c3e8b9 configure.ac: in linuxkm setup, use -g1 explicitly unless --enable-debug, whereupon use -g3. also, add -gdwarf-4 to AM_CCASFLAGS. 2025-10-18 01:56:48 -05:00
Andrew Hutchings
d87ca70048 Fix mixed declaration / code 2025-10-18 06:18:29 +01:00
Andrew Hutchings
01dc28ad31 Seperate AES alloc / dealloc phases 2025-10-18 06:13:40 +01:00
Andrew Hutchings
65bb68b6c0 Move heap/stack tracking to before init phase 
Start tracking during the setup of the algo, so we can capture the
memory usage of the algo init functions.
 2025-10-18 06:13:36 +01:00
Andrew Hutchings
036c66c777 Benchmark memory tracking 
This adds heap and stack tracking to wolfCrypt bench so that it is
possible to see RAM usage. It also adds support for stack tracking in
microcontrollers (tested on STM32).
 2025-10-18 06:09:01 +01:00
philljj
c091c8b7ba Merge pull request #9318 from douzzer/20251017-linuxkm-signal-handling-tweaks 
20251017-linuxkm-signal-handling-tweaks
 2025-10-17 21:17:20 -05:00
Daniel Pouzzner
69f236be0a linuxkm/linuxkm_wc_port.h: suppress -Wformat-nonliteral while including kernel headers (needed for kernel <=4.9). 2025-10-17 19:31:17 -05:00
Daniel Pouzzner
6a0be6a7f7 configure.ac: remove -g0 from, and always add -DHAVE_REPRODUCIBLE_BUILD to, reproducible-build AM_CFLAGS, and always add -gdwarf-4 to AM_CFLAGS when ENABLED_LINUXKM; 
.github/workflows/linuxkm.yml: restore as-was, but change from oldconfig to olddefconfig.
 2025-10-17 18:24:32 -05:00
Daniel Pouzzner
d2f819a2f6 linuxkm/module_hooks.c and linuxkm/lkcapi_glue.c: check retval from WC_SIG_IGNORE_BEGIN(). 2025-10-17 18:23:25 -05:00
David Garske
d475985062 Merge pull request #9306 from holtrop/rust-wc-dh 
Rust wrapper: add wolfssl::wolfcrypt::dh module
 2025-10-17 15:41:58 -07:00
Daniel Pouzzner
e142a9629f linuxkm/linuxkm_wc_port.h and linuxkm/module_hooks.c: tweak gating for verifyCore and my_kallsyms_lookup_name, and use the latter to reach verifyCore on old FIPS. also tweak the In-core integrity hash check failure." message to supply module-update-fips-hash instructions. 2025-10-17 17:12:37 -05:00
Daniel Pouzzner
354c576c96 .github/workflows/linuxkm.yml: comment out --enable-linuxkm-pie config, pending resolution of "dwarf_get_units failed" on Azure kernel 6.14 image. 2025-10-17 15:00:04 -05:00
Daniel Pouzzner
7a43732daa linuxkm/linuxkm_wc_port.h, wolfssl/wolfcrypt/types.h, linuxkm/module_hooks.c, linuxkm/lkcapi_glue.c: 
* add WC_SIG_IGNORE_BEGIN(), WC_SIG_IGNORE_END(), wc_linuxkm_sig_ignore_begin(), wc_linuxkm_sig_ignore_end();
* move WC_CHECK_FOR_INTR_SIGNALS() and WC_RELAX_LONG_LOOP() definitions outside the BUILDING_WOLFSSL gate;
* refactor linuxkm_lkcapi_registering_now as a wolfSSL_Atomic_Int and use it as a mutex for linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister();
* add WC_SIG_IGNORE_BEGIN()...WC_SIG_IGNORE_END() wrappers around all relevant critical spans in linuxkm glue.
 2025-10-17 14:58:21 -05:00
Josh Holtrop
4faa21a74a Rust wrapper: Fix DH::FFDHE_* constant values 2025-10-17 14:46:15 -04:00
Josh Holtrop
8e7f77db76 Rust wrapper: add wolfssl::wolfcrypt::dh module 2025-10-17 14:46:15 -04:00
lealem47
5280bfb89a Merge pull request #9297 from douzzer/20251011-more-fips-optest-tweaks 
20251011-more-fips-optest-tweaks
 2025-10-17 12:44:25 -06:00
David Garske
f492abfe9e Merge pull request #9314 from SparkiDev/silabs_no_hash_raw 
SHA-2: No hash raw
 2025-10-17 10:19:01 -07:00
effbiae
8969e5f36a refactor to TLSX_EchChangeSNI 2025-10-17 13:51:42 +11:00
Daniel Pouzzner
9cf08afbbb fixes for --disable-tls. 2025-10-16 18:50:06 -05:00
Daniel Pouzzner
f508b44f0f configure.ac: in setup for cryptonly, don't set enable_tls13=no or enable_tlsv12=no -- they're needed for crypto-layer KDFs. 2025-10-16 18:50:06 -05:00
Daniel Pouzzner
b924e9a905 linuxkm/module_hooks.c: add sanity check for compiled-in verifyCore, and fix linuxkm_op_test_1() call to use argc==3 arg list. 2025-10-16 18:50:06 -05:00
Daniel Pouzzner
5ee42402ae wolfssl/wolfcrypt/types.h: fix whitespace around WC_SAFE_SUM_*(). 2025-10-16 18:50:06 -05:00
Daniel Pouzzner
6fb547a1ae linuxkm/module_hooks.c: purge fipsMode override (fipsEntry() takes care of this), and add explicit fipsCastStatus[] reset code. 2025-10-16 18:50:06 -05:00
Daniel Pouzzner
e8d9f91868 linuxkm/module_hooks.c and linuxkm/linuxkm_wc_port.h: finish implementation of 
FIPS_OPTEST glue code, including /sys/module/libwolfssl/FIPS_optest_run_code
(FIPS_optest_trig_handler(), plus my_kallsyms_lookup_name() helper).
 2025-10-16 18:50:05 -05:00
Daniel Pouzzner
581e86c178 wolfcrypt/test/test.c: fix error-path uninitialized access defect in ecc_test_buffers(). 2025-10-16 18:50:05 -05:00
Zackery
0d588b446c Merge pull request #9313 from douzzer/20251016-Wnull-dereference 
20251016-Wnull-dereference
 2025-10-16 17:47:23 -06:00