Commit Graph

27397 Commits

Author SHA1 Message Date
Kareem 2df674bd59 Correct RPK parsing. As per RFC7250 section 3, the algorithm parameters are optional. 2025-07-10 12:03:18 -07:00
David Garske 047d1bd69f Merge pull request #8986 from kareem-wolfssl/pskYml
Fix missing comma in psk.yml
2025-07-10 11:50:08 -07:00
Kareem bfacbf9764 Update ASN original to also allow larger pathLen values in Basic Constraints. 2025-07-10 11:47:47 -07:00
philljj c7ff47d5ee Merge pull request #8984 from douzzer/20250710-linuxkm-crng-fixes
20250710-linuxkm-crng-fixes
2025-07-10 13:32:17 -05:00
Kareem aa3a325add Fix missing comma in psk.yml 2025-07-10 10:52:11 -07:00
Kareem f0459eb1cf Allow larger pathLen values in Basic Constraints. 2025-07-10 10:37:06 -07:00
Kareem c9d451e857 Fix wolfSSL_BIO_new_connect's handling of IPV6 addresses. 2025-07-10 10:33:46 -07:00
Sebastian Carpenter a00cfcb55f improper access of sp_int_minimal using sp_int
related thread: https://bugzilla.redhat.com/show_bug.cgi?id=2047439

also found sp_uint8 that was not updated to sp_sign_t
2025-07-10 10:42:30 -06:00
Daniel Pouzzner b4137fe2f8 linuxkm/lkcapi_sha_glue.c: add interruptibility and additional relaxation where possible, and fix a leaked lock scenario, in get_drbg_n(), wc_linuxkm_drbg_seed(), wc_mix_pool_bytes(), and wc_crng_reseed();
wolfcrypt/src/asn.c: add a couple static attributes missed on the previous round of fixups.
2025-07-10 10:59:57 -05:00
philljj ed6d189f1a Merge pull request #8980 from douzzer/20250706-linuxkm-fixes
20250706-linuxkm-fixes
2025-07-10 10:34:59 -05:00
Anthony Hu 4bd2835cf1 Change suggested by SparkiDev 2025-07-10 10:40:12 -04:00
Daniel Pouzzner ae48ee408e Merge pull request #8983 from philljj/linuxkm_make_rsa_again
Linuxkm make rsa again
2025-07-10 09:29:29 -05:00
Josh Holtrop 6d51b73626 Shorten some wc_PKCS7_DecodeEncryptedKeyPackage() comment lines to less than 80 characters 2025-07-10 08:10:59 -04:00
Josh Holtrop 3f65846e67 Document BAD_FUNC_ARG return value for wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-10 08:07:32 -04:00
Sean Parkinson 783ab14afb Merge pull request #8982 from dgarske/x509_ref
Fix possible memory leak with X509 reference counter when using x509small
2025-07-10 20:37:57 +10:00
Daniel Pouzzner f49e583721 linuxkm/Kbuild: skip "section(s) missed by containerization" test unless KERNEL_ARCH_X86;
linuxkm/linuxkm_wc_port.h: fixes for legacy kernels, particularly: when building TLS stack (!WOLFCRYPT_ONLY), use the best heap with a functioning realloc(), else use kvmalloc() and friends if available, even if kvrealloc() is unavailable.  also, provide for XMALLOC_USER and XMALLOC_OVERRIDE;

linuxkm/lkcapi_glue.c: recognize the new CONFIG_CRYPTO_SELFTESTS_FULL alongside the old CONFIG_CRYPTO_MANAGER_EXTRA_TESTS;

linuxkm/linuxkm_memory.c: restore my__show_free_areas() in case it's still needed.
2025-07-10 00:57:51 -05:00
jordan e73fa74f14 linuxkm: misc cleanup. 2025-07-09 21:43:02 -05:00
jordan 0aacffd6a2 linuxkm rsa: retry wc_MakeRsaKey if not prime. 2025-07-09 20:55:50 -05:00
David Garske b2143a815f Merge pull request #8965 from SparkiDev/ppc32_sha256_spe
PPC32 ARM ASM SHA-256: SPE impl, tidy up original
2025-07-09 17:00:26 -07:00
David Garske 2b07b9143b Fix issue with X509 reference counter with --enable-opensslextra=x509small or OPENSSL_EXTRA_X509_SMALL. Thank you Mohre. 2025-07-09 16:51:48 -07:00
Sean Parkinson 98adb330ef Merge pull request #8981 from dgarske/mldsa
Fix build issue with ML-DSA 44 only
2025-07-10 09:41:36 +10:00
David Garske 7ba6f836c4 Merge pull request #8972 from SparkiDev/sp_int_8_bit_fix
SP int: fix 8 bit words and sp_clamp_ct
2025-07-09 16:30:33 -07:00
David Garske c3518e473b Merge pull request #8971 from SparkiDev/psk_build_fix
API test ASN: must not have NO_ASN defined
2025-07-09 16:30:22 -07:00
David Garske b0a5d2fdf0 Merge pull request #8969 from SparkiDev/alpn_gcc_Os_fix
ALPN: don't use BIO
2025-07-09 16:30:12 -07:00
David Garske cf35abccb8 Merge pull request #8963 from SparkiDev/sp_int_type_fix
CodeQL: o is larger type and could cause issues
2025-07-09 16:30:01 -07:00
David Garske ae19c55182 Merge pull request #8966 from SparkiDev/arm32_aes_asm_fixup_bne
ARM 32-bit ASM AES: fixup 32-bit code to not use B.EQ
2025-07-09 16:29:46 -07:00
Daniel Pouzzner 01e8815762 wolfssl/wolfcrypt/settings.h: add #define WOLFSSL_NO_PUBLIC_FFDHE and #undef HAVE_PUBLIC_FFDHE to WOLFSSL_LINUXKM setup to avoid .data.rel.ro.local functions in dh.c;
linuxkm/linuxkm_wc_port.h: only use kvrealloc() on kernel >=6.11 -- the version in 5.15-6.10 is incompatible (oldsize arg).  also, restore use of kvmalloc on 4.12+, but with XREALLOC undefined, suitable for cryptonly modules; add #include <linux/sched.h> even on __PIE__ objects to make cond_sched() available;

wolfcrypt/src/asn.c: harmonize gate around definitions of BEGIN_DSA_PRIV and END_DSA_PRIV;

wolfcrypt/src/asn.c: in EccSpecifiedECDomainDecode(), work around "const char[]" types in WOLFSSL_ECC_CURVE_STATIC struct ecc_set_type on FIPS <6;

wolfcrypt/src/asn.c, wolfcrypt/src/wc_xmss.c, wolfssl/wolfcrypt/wc_lms.h: add comments to new WOLFSSL_NAMES_STATIC slots explaining where the size comes from.
2025-07-09 18:22:18 -05:00
Daniel Pouzzner 7c6afeb106 add linuxkm/wolfcrypt.lds module linker script, explicitly grouping wolfcrypt sections together;
linuxkm/Kbuild: add linker script flag, containerize several more previously-missed ELF sections, and add a test verifying no sections were missed;

linuxkm/linuxkm_memory.c: remove obsolete lkm_realloc() shim and unneeded my__show_free_areas() wrapper;

linuxkm/linuxkm_wc_port.h: add new mapping from realloc() to native kvrealloc(), and gate out a slew of headers when __PIE__ to avoid polluting wolfCrypt objects with various unneeded header-implemented functions with associated awkward symbols references;

linuxkm/lkcapi_glue.c: harmonize gate for REGISTER_ALG_OPTIONAL();

linuxkm/module_hooks.c: add "ERROR:" prefixes on pr_err()s; add wc_RunAllCast_fips() at shutdown to send confidence verification to the kernel log; remove section bounds checks now that layout is unreliable;

wolfssl/wolfcrypt/settings.h: for WOLFSSL_LINUXKM && HAVE_LINUXKM_PIE_SUPPORT, #define WOLFSSL_ECC_CURVE_STATIC and WOLFSSL_NAMES_STATIC;

wolfssl/wolfcrypt/types.h: refactor the typedef for wcchar from a pointer to a char[];

wolfcrypt/src/wc_xmss.c and wolfssl/wolfcrypt/wc_lms.h: add WOLFSSL_NAMES_STATIC code paths for struct wc_XmssString and struct wc_LmsParamsMap;

wolfcrypt/src/asn.c: add WOLFSSL_NAMES_STATIC code paths for struct CertNameData, and add static attribute to a slew of wcchars not used or declared outside asn.c.
2025-07-09 18:22:18 -05:00
Daniel Pouzzner f733ade6a2 linuxkm/{linuxkm_wc_port.h,module_hooks.c}: add feature gates around wolfCrypt_FIPS_*_sanity() references matching those in fips_test.c. 2025-07-09 18:22:18 -05:00
David Garske 3f83ed2815 Merge pull request #8960 from ribes96/certwrite-custext
When creating a Cert from a WOLFSSL_X509, account for custom extensions
2025-07-09 16:13:07 -07:00
David Garske 3c00e26274 Merge pull request #8974 from rlm2002/coverity_fix
Coverity: Check values
2025-07-09 16:12:42 -07:00
David Garske 5d89ca6706 Fix build issue with ML-DSA 44 only. Fix --enable-mlkem=all to enable features (keygen/enc/dec) to match --enable-dilithium behavior and allow uses like: --enable-mlkem=all,512,small. Fix issue building mem track with missing PRINT_HEAP_ADDRESS (reproduced with --enable-trackmemory=verbose --enable-stacksize=verbose).
```
wolfcrypt/src/dilithium.c:6696:21: error: expected expression before '}' token
 6696 |                     }
      |
```
2025-07-09 15:06:41 -07:00
David Garske e37082e496 Merge pull request #8978 from gojimmypi/pr-init-var
Initialize Dilithium keyTypeTemp and keySizeTemp
2025-07-09 15:03:22 -07:00
Bridger Voss 97b3364720 FREESCALE forced algs moved to IDE/MQX/user_settings.h 2025-07-09 15:04:06 -06:00
Josh Holtrop c83a452a3c Check for NULL pkiMsg in wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-09 14:41:58 -04:00
Josh Holtrop d2ab6edbab Add wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-09 13:38:11 -04:00
Anthony Hu 57e2ae5a21 Abort TLS connection if legacy version field indicates TLS 1.3 or higher. 2025-07-09 12:45:04 -04:00
gojimmypi ebeb95e47b Initialize Dilithium keyTypeTemp and keySizeTemp 2025-07-09 09:13:14 -07:00
Ruby Martin 6de2557748 check buflen is less than BLAKE2B_BLOCKBYTES * 2 2025-07-09 10:00:28 -06:00
Ruby Martin 7b7c658668 add null check to wc_Des_CbcEncrypt 2025-07-09 09:59:46 -06:00
David Garske 703bd6d0ba Merge pull request #8975 from JeremiahM37/mldsa_static_mem
ML-DSA Static Memory Fix
2025-07-09 08:22:51 -07:00
David Garske 0407ea131b Merge pull request #8970 from miyazakh/qt_jenkins_encryptedKey4PBKDF1
Fix Qt nightly Jenkins failure
2025-07-09 08:04:48 -07:00
Ruby Martin f62d0fa256 check sigAlgs.size against WOLFSSL_MAX_SIGALGO 2025-07-09 08:57:44 -06:00
Sean Parkinson d6a72e2480 PPC32 ARM ASM SHA-256: SPE impl, tidy up original
Implement using SPE instructions that allow for 64-bit registers as a
vector of 2 32-bit values.
Tidy up original implementation to not use stack.
2025-07-09 18:34:33 +10:00
JeremiahM37 88da86e900 ML DSA Static Memory Fix 2025-07-08 17:51:42 -06:00
David Garske f44178ca1b Merge pull request #8973 from embhorn/zd20192
Fix curl config to set HAVE_EX_DATA and HAVE_ALPN
2025-07-08 15:48:28 -07:00
Sean Parkinson 08ec3642f0 Merge pull request #8931 from julek-wolfssl/MAX_ENCODED_SIG_SZ-detected
Detect correct `MAX_ENCODED_SIG_SZ` based on max support in math lib
2025-07-08 09:38:52 +10:00
Sean Parkinson 9b92b4c902 Merge pull request #8962 from rlm2002/coverity
Coverity: Dereference after NULL check and Use after free
2025-07-08 08:30:35 +10:00
Eric Blankenhorn 0d14ec3547 Fix curl Cmake config to set HAVE_EX_DATA and HAVE_ALPN 2025-07-07 17:15:11 -05:00
Eric Blankenhorn de00bf259d Fix curl config to set HAVE_EX_DATA and HAVE_ALPN 2025-07-07 15:00:14 -05:00