Commit Graph

27397 Commits

Author SHA1 Message Date
David Garske 5c2c4599ed Merge pull request #9537 from SparkiDev/aarch64_darwin_addr_calc_fix
ARM64 ASM: Darwin specific address calc fix
2026-01-07 09:50:05 -08:00
Marco Oliverio 94dc7ae9ad asn: MatchBaseName fixes 2026-01-07 17:53:43 +01:00
David Garske cf9016b29f Merge pull request #9622 from SparkiDev/rsa_pkcs15_verify_bounds_check
RSA PKCS#1.5 verify: bounds check input
2026-01-07 08:26:24 -08:00
David Garske 84aeeb655f Merge pull request #9580 from SparkiDev/curve25519_smul_improv
Curve25519 improvements
2026-01-07 08:25:41 -08:00
David Garske 19f7b946f5 Merge pull request #9621 from SparkiDev/mlkem_check_pub
MLKEM: check public key when decoding
2026-01-07 08:24:51 -08:00
David Garske dd8d2a2d4d Merge pull request #9575 from SparkiDev/dilithium_16_bit_fixes
MLDSA/Dilithium: fix 16-bit int issues
2026-01-07 08:24:22 -08:00
David Garske b5d3c87876 Merge pull request #9603 from SparkiDev/ppc32_sha256_asm_reg
PPC32 ASM: alternative C code with registers prepended
2026-01-07 08:23:55 -08:00
David Garske 315ebf5be6 Merge pull request #9615 from SparkiDev/arm32_aes_block_inline
AES ARM32/Thumb2: option to inline block
2026-01-07 08:21:51 -08:00
Tobias Frauenschläger 87182992b8 Fix for PSK compile option
The derivation of the ResumptionSecret is only necessary in case SessionTickets are enabled.
2026-01-07 16:58:52 +01:00
Marco Oliverio 50b39c91da fixup! (d)tls13: check if early data is possible in write_early_data 2026-01-07 14:30:16 +01:00
Tobias Frauenschläger b8cb5bee87 Cleanup for DecodePrivateKey() functionality
* Create a new method DecodePrivateKey_ex() that gets the key to decode as parameters
* Adapt DecodePrivateKey() and DecodeAltPrivateKey() to use this new method
* Fix unblinding for TLS 1.3 Dual Algorithm Certificate alternative keys

This removes a lot of nearly duplicate code and simplifies maintenance.
2026-01-07 13:45:11 +01:00
Takashi Kojo 5f68ea087a Merge pull request #9562 from kojiws/sync_ja_doc_rsa
[JA] Sync Japanese RSA Part with English on API Document
2026-01-07 18:18:53 +09:00
Sean Parkinson 80a0f6bb32 RSA PKCS#1.5 verify: bounds check input
As long as NO_RSA_BOUNDS_CHECK is not defined, the input range is
checked for verification.
2026-01-07 17:49:50 +10:00
Sean Parkinson 2a08fbe3ed MLKEM: check public key when decoding
Check that the public key values are less than Q when decoding.
2026-01-07 13:11:15 +10:00
Hideki Miyazaki c6dd1a745e boundary check 2026-01-07 09:19:43 +09:00
Hideki Miyazaki c923c4c026 fix compile error 2026-01-07 07:16:28 +09:00
Hideki Miyazaki 30fe079763 Addressed review comments 2026-01-07 06:55:22 +09:00
Hideki Miyazaki 10d3e251fd fix qt jenkins nightly test failure 2026-01-07 06:55:22 +09:00
Sean Parkinson eab58ae226 Merge pull request #9599 from holtrop-wolfssl/rust-chacha20-poly1305
Rust wrapper: add wolfssl_wolfcrypt::chacha20_poly1305 module
2026-01-06 20:28:24 +10:00
Sean Parkinson b293a1cc5c Merge pull request #9591 from rlm2002/coverity
20251229 Coverity Dereference before Null check
2026-01-06 20:25:01 +10:00
Sean Parkinson 5343cb386a Merge pull request #9588 from kareem-wolfssl/ghAlerts
Fix incorrect alerts.
2026-01-06 20:22:51 +10:00
Sean Parkinson a1089ba9f2 AES ARM32/Thumb2: option to inline block
Branching to a common block encrypt/decrypt may work for assembly but
not always for C code.
Added option, for assembly and inline assembly, to inline block
encrypt/decrypt: WOLFSSL_ARMASM_AES_BLOCK_INLINE.
2026-01-06 11:24:21 +10:00
Sean Parkinson 38241227a2 Curve25519 improvements
Add non-constant time implemenations of mod_inv for x64 and Aarch64
assembly.

Generate base point table, with better formatting, for double smul with
a script.
Increase Bi table size to 32 entries for 64-bit asm.
Minor improvements to double smul.

WOLFSSL_CURVE25519_NOT_USE_ED25519 to not use ed25519 base smul in
curve25519 base smul.
2026-01-06 10:24:21 +10:00
Daniel Pouzzner 83f7204f99 Merge pull request #9597 from sameehj/rhel9_linuxkm_sign
linuxkm: handle RHEL9 disabled akcipher sign/decrypt ops
2026-01-05 17:23:45 -06:00
Sean Parkinson a20d5f7b9d Merge pull request #9613 from philljj/fix_ecc_test_name
wolfcrypt test: fix ecc521 err msg.
2026-01-06 08:49:01 +10:00
jordan 842511b0ef wolfcrypt test: fix ecc521 err msg. 2026-01-05 12:25:53 -06:00
Sameeh Jubran d27c04bbca linuxkm: handle RHEL9 disabled akcipher sign/decrypt ops
RHEL9 kernels (9.6+) disable RSA signing and decryption in the kernel
crypto API for security reasons (CVE-2023-6240). The kernel forcibly
overwrites akcipher sign/decrypt callbacks to return -ENOSYS, regardless
of what the driver provides.

Commit 3709c35c in the RHEL kernel:
"crypto: akcipher - Disable signing and decryption"

This affects our self-tests which call crypto_akcipher_sign() and
crypto_akcipher_decrypt(). On RHEL9, these operations return -ENOSYS
even though our driver correctly implements them.

Add compile-time checks for RHEL_RELEASE_CODE >= 9.6 to detect this
scenario and skip the affected self-tests gracefully. The tests pass
since the algorithms are registered correctly; the kernel simply
refuses to execute sign/decrypt operations as a matter of policy.

Note: encrypt and verify operations are unaffected and continue to be
tested normally.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-01-05 19:42:29 +02:00
Tobias Frauenschläger 116260762f Fix for WOLFSSL_BLIND_PRIVATE_KEY and WOLFSSL_DUAL_ALG_CERTS 2026-01-05 17:26:11 +01:00
Tobias Frauenschläger 62764d08e4 Remove PQC-based buffer size increase for PreMasterSecret
The size of the PreMasterSecret buffer is based on the ENCRYPT_LEN
constant, which has been increased to 5kB for PQC support (Dilithium and
Falcon, as their signatures are that large).

However, only in the TLS 1.2 case, the PreMasterSecret buffer is used to
store signatures. In the TLS 1.3 path, only actual symmetric secrets are
stored in that buffer, which are much smaller in size (the "old" size of
the constant without the PQC increase).

As PQC is only allowed in TLS 1.3 and NOT in TLS 1.2, we can revert
that size increase, saving around 4,5kB of dynamic memory during the
handshake.
2026-01-05 15:58:53 +01:00
Tobias Frauenschläger 99bde324aa Build systems improvements
* Add `WOLFSSL_USER_SETTINGS` to CMake `options.h.in`
* Add CMake support for Dilithium
* Add user_settings.h support for aes_asm.S
* Add PKCS#11 support to CMake
* Minor ARM assembly port fixes
2026-01-05 15:46:58 +01:00
Josh Holtrop 9007d12d2a Rust wrapper: add wolfssl_wolfcrypt::chacha20_poly1305 module 2026-01-05 08:44:34 -05:00
Andrew Hutchings 4b606ebbeb Fix trailing whitespace and flush-left 2026-01-05 13:39:43 +00:00
Andrew Hutchings 0c4ca257a0 Add Renode GH Action for STM32H753
This adds bare metal wolfCrypt test with hardware RNG and AES-GCM for
STM32H753 using Renode.

Renode does not support HASH HAL at this time.
2026-01-05 13:39:43 +00:00
Sean Parkinson 99692003d4 PPC32 ASM: alternative C code with registers prepended
C implementation with registers prepended with letter 'r'.
2026-01-05 21:12:10 +10:00
Marco Oliverio 7b9d3748cf tls13: early_data: prevent earlyData reset on re-entry
Avoid resetting ssl->earlyData in wolfSSL_write_early_data when the
function is re-entered due to WC_PENDING_E, WANT_WRITE, or WANT_READ.
2026-01-05 10:40:34 +01:00
Marco Oliverio 29941d5645 (d)tls13: check if early data is possible in write_early_data 2026-01-05 10:35:02 +01:00
Marco Oliverio d9bba72b8c tls13: merge guarded code in a single section 2026-01-05 09:04:36 +01:00
David Garske 80c1228a38 Merge pull request #9594 from holtrop-wolfssl/rust-curve25519
Rust wrapper: add wolfssl_wolfcrypt::curve25519 module
2025-12-31 12:45:43 -08:00
Daniel Pouzzner bbd3d4f55d Merge pull request #9579 from dgarske/coding_standard_20251223
Add new coding standard for local (internal) function names
2025-12-31 11:55:58 -06:00
philljj 776512846f Merge pull request #9598 from fabiankeil/unbreak-freebsd-build
tests: Unbreak the build on FreeBSD-based systems
2025-12-31 10:31:52 -06:00
Fabian Keil 21f35137a1 tests: Unbreak the build on FreeBSD-based systems
... by using the same additional includes as on Linux.

Fixes:

      CC       tests/api/unit_test-test_rsa.o
    tests/api.c:19554:9: error: call to undeclared function 'waitpid'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration]
     19554 |         waitpid(pid, &waitstatus, 0);
	   |         ^

Tested on ElectroBSD amd64 14.3-STABLE.
2025-12-31 14:48:06 +01:00
Daniel Pouzzner cb78341886 Merge pull request #7586 from kareem-wolfssl/gh7197
Keep RNG seed file descriptor open until the RNG is freed.
2025-12-30 15:57:25 -06:00
philljj 5fa06818c0 Merge pull request #9595 from douzzer/20251229-linuxkm-rng-wolfentropy
20251229-linuxkm-rng-wolfentropy
2025-12-30 14:50:53 -06:00
Daniel Pouzzner 0621615b15 wolfcrypt/src/random.c: remove WC_VERBOSE_RNG messaging from wc_RNG_TestSeed(), which is called by test code with expected failure, and move it to _InitRng() and PollAndReSeed(), where it's always expected to succeed. 2025-12-30 13:27:31 -06:00
Daniel Pouzzner 299ca1cfef fixes from peer review: added comments for clarity, and remove errant condition added in _InitRng(). 2025-12-30 12:13:15 -06:00
JacobBarthelmeh 7a2e1c1dd0 Merge pull request #9585 from dgarske/add-missing-api-docs
Add missing API documentation
2025-12-30 09:37:22 -07:00
Josh Holtrop 8c125df85e Rust wrapper: ensure curve25519_key struct will have free called after init 2025-12-30 10:46:44 -05:00
Daniel Pouzzner d504baaf3a linuxkm/lkcapi_sha_glue.c and .wolfssl_known_macro_extras: fixes from check-source-text. 2025-12-29 20:55:36 -06:00
Daniel Pouzzner 450b0b46c6 wolfcrypt/src/random.c and wolfssl/wolfcrypt/settings.h: add WC_VERBOSE_RNG messages, and activate by default when WOLFSSL_KERNEL_MODE. 2025-12-29 20:55:36 -06:00
Daniel Pouzzner fecc1cffe7 linuxkm/lkcapi_sha_glue.c: add retry loop around wc_InitRng(), and allow interrupt in preemptible threads, in wc_linuxkm_drbg_init_tfm(). 2025-12-29 20:55:36 -06:00