Commit Graph

28379 Commits

Author SHA1 Message Date
Daniel Pouzzner 262799dfbd wolfcrypt/src/evp.c: in wolfSSL_EVP_MD_type(), fix -Wswitch-enums for WC_HASH_TYPE_BLAKE2B and WC_HASH_TYPE_BLAKE2S exposed in default+opensslall configs. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner 799637689b configure.ac: fix stray tabs. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner d70839506b refactor wc_Hash* so that known wc_HashType values are unconditionally defined in enum wc_HashType, and always either succeed if used properly, or return HASH_TYPE_E if gated out or used improperly; add detailed error code tracing in wolfcrypt/src/hash.c. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner 29783dd2cf wolfssl/wolfcrypt/error-crypt.h: add do-nothing WC_ERR_TRACE() fallthrough definition to make WC_ERR_TRACE() safe to use ungated in code. 2026-03-23 13:01:37 -05:00
Daniel Pouzzner b2f1c5864d Merge pull request #10021 from dgarske/name_mismatches
Fixes for documentation typos on arguments
2026-03-23 12:26:23 -05:00
Daniel Pouzzner 6cd001800c Merge pull request #10022 from dgarske/nb_leak
Fix to make sure a double free cannot occur with non-blocking async
2026-03-23 12:21:26 -05:00
David Garske 02bd0753b1 Merge pull request #10006 from julek-wolfssl/zd/21329
DTLS 1.3 write dup support
2026-03-23 09:55:24 -07:00
David Garske 6bd1785925 Merge pull request #10004 from julek-wolfssl/zd/21318
Add custom BIO callback dispatching
2026-03-23 09:54:30 -07:00
David Garske 15fa0b7abe Merge pull request #10044 from SparkiDev/asm_gen_fixes_3
SP non-block ECC: correct mont_inv_order
2026-03-23 08:31:06 -07:00
Sean Parkinson b5ec204ca4 SP non-block ECC: correct mont_inv_order
Was not doing last bit but result still worked (likely because it was
the square root).
2026-03-23 23:18:37 +10:00
Juliusz Sosinowicz 1f9b999553 Consistently fail on mutex error 2026-03-23 12:21:40 +01:00
Juliusz Sosinowicz 9dbd35dc7c DTLS 1.3 write dup support
- Copy TLS 1.3 traffic secrets and DTLS 1.3 epoch/cipher state to the
  write-dup side in DupSSL so key updates can be performed.
- Delegate KeyUpdate responses from the read side to the write side via
  the shared WriteDup struct, for both peer-initiated and local key
  updates.
- Delegate DTLS 1.3 ACK sending from the read side to the write side.
- Track DTLS 1.3 KeyUpdate ACKs: write side records the in-flight
  KeyUpdate epoch/seq, read side sets keyUpdateAcked when the matching
  ACK arrives.
- Delegate post-handshake certificate authentication (CertificateRequest
  processing) from the read side to the write side, transferring
  transcript hashes, cert context, and signature parameters.
- Reset prevSent/plainSz to prevent stale values from SendData to think
  that data was already sent.
- Refactor FreeHandshakeHashes into Free_HS_Hashes for reuse.
- Move DTLS 1.3 epoch initialization earlier in InitSSL so the
  write-dup early-return path has valid epoch state.
- Add tests for write dup with all protocol versions, key update,
  post-handshake auth, and WANT_WRITE recovery.
- Add --enable-all --enable-writedup to CI os-check matrix.
2026-03-23 12:21:40 +01:00
Sean Parkinson 86db2d4a77 Merge pull request #10041 from douzzer/20260322-various-fixes
20260322-various-fixes
2026-03-23 21:16:19 +10:00
Daniel Pouzzner b8f9b06b5d wolfcrypt/src/logging.c: fix recursion in wc_backtrace_render(). 2026-03-22 13:22:27 -05:00
Daniel Pouzzner 678660e26d src/keys.c and src/tls13.c: add WC_NO_ERR_TRACE() annotations for various initializations.
wolfssl/ssl.h, examples/client/client.c, examples/server/server.c, src/bio.c, tests/api.c: add error tracing for WOLFSSL_SHUTDOWN_NOT_DONE.

tests/api.c: in test_wolfSSL_read_write_ex(), use WOLFSSL_SUCCESS rather than 1 for expected-success wolfSSL_shutdown()s, and add note that the wrong value is being returned (the test currently always fails, which is masked by an always-success retval).
2026-03-22 13:17:47 -05:00
Daniel Pouzzner b7fd9cb002 wolfssl/wolfcrypt/error-crypt.h: add __extension__ to __GNUC__&&!__STRICT_ANSI__ variant of wc_debug_trace_error_codes_enabled(), to inhibit false positive "error: ISO C forbids braced-groups within expressions" with -pedantic. 2026-03-22 13:11:08 -05:00
David Garske 20f640a19f Merge pull request #10035 from night1rider/allow-0-len-input-hash-update
Allow zero-length input in _wc_Hash_Grow and fix SHA Copy MAX32666
2026-03-21 15:20:53 -07:00
David Garske 6f23de44e6 Merge pull request #10036 from douzzer/20260319-trace-errocde-runtime-control-and-various-fixes
20260319-trace-errcode-runtime-control-and-various-fixes
2026-03-21 15:05:39 -07:00
Daniel Pouzzner 5175bc10e7 wolfssl/wolfcrypt/error-crypt.h: fix "error: ISO C forbids braced-groups within expressions [-Werror=pedantic]". 2026-03-20 17:28:19 -05:00
night1rider 92e3647a32 Fix wc_MXC_TPU_SHA_Copy to deep copy src msg buffer instead of freed dst pointer 2026-03-20 16:11:09 -06:00
night1rider 5b3750c39f Allow zero length inputs to _wc_Hash_Grow to be a succesful no-op
Added '--enable-all CPPFLAGS=-DWOLFSSL_HASH_KEEP' to the make_check matrix in os-check.yml.
2026-03-20 14:06:55 -06:00
Daniel Pouzzner 15dcd1e3bd src/ssl.c: fixes for -Wsign-compares in wolfSSL_ERR_GET_REASON(). 2026-03-20 14:53:05 -05:00
Daniel Pouzzner 2b47453800 configure.ac: add SHAKE_DEFAULT, following ENABLED_SHA3, with a FIPS v6 threshold. 2026-03-20 14:53:05 -05:00
Daniel Pouzzner a98499866d wolfcrypt/src/wc_mlkem.c, wolfcrypt/src/wc_mlkem_poly.c, wolfssl/wolfcrypt/mlkem.h, wolfssl/wolfcrypt/wc_mlkem.h: fixes for C89 compliance and aarch64-FIPS-linuxkm compatibility. 2026-03-20 14:53:05 -05:00
Daniel Pouzzner b68991195f configure.ac:
* don't default-enable ML-KEM if SHA3/SHAKE are explicitly disabled at user request, or if FIPS <7.
* move ML-KEM flag setup after FIPS setup (like SHA3 and SHAKE flag setup) to allow FIPS overrides.
* remove the unused and misleading "v6-ready" FIPS flavor, and fix v6-dev to get the v6 version triplet.
2026-03-20 14:53:05 -05:00
Daniel Pouzzner 1fc7949225 linuxkm/lkcapi_aes_glue.c: don't log wc_AesSetKey failures for invalid keylens, to avoid log noise on expected-failure kernel native crypto self-test. 2026-03-20 14:53:05 -05:00
Daniel Pouzzner ba743ccd5b wolfcrypt/src/logging.c, wolfssl/wolfcrypt/error-crypt.h, and wolfssl/wolfcrypt/logging.h: implement WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE, wc_debug_trace_error_codes_enabled(), and wc_debug_trace_error_codes_set(), to allow runtime control of error tracing. 2026-03-20 14:53:05 -05:00
Daniel Pouzzner 84a4abfaa8 wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: implement wolfSSL_Atomic_Int_Exchange(). 2026-03-20 14:53:05 -05:00
David Garske 0f41e99c34 Merge pull request #10024 from embhorn/zd21390
Fix DecodeAltNames length check
2026-03-20 12:13:02 -07:00
David Garske 994a1fbacc Merge pull request #9970 from JacobBarthelmeh/bench
use heap hint with dilithium benchmark
2026-03-20 09:46:56 -07:00
David Garske 9877bec7b7 Merge pull request #9997 from JacobBarthelmeh/qt
add back WOLFSSL_QT macro guard for get cipher name behavior
2026-03-20 09:46:40 -07:00
Juliusz Sosinowicz 431ee9e2d8 Implement wolfSSL_BIO_set_init 2026-03-20 17:03:35 +01:00
David Garske 45b31a1828 Merge pull request #10003 from SparkiDev/port_ai_review_1
Fixes from AI review
2026-03-20 08:36:30 -07:00
David Garske d49df869d9 Merge pull request #9935 from padelsbach/padelsbach/san-ip-addr-test
Add IP SAN matching
2026-03-20 08:15:00 -07:00
David Garske 82b6b9cb22 Merge pull request #10018 from embhorn/zd21389
Fix GetSafeContent to check length
2026-03-20 08:08:16 -07:00
David Garske 2c030ddb0d Merge pull request #10017 from embhorn/zd21388
Fix ssl_DecodePacketInternal chain processing
2026-03-20 08:07:54 -07:00
David Garske 440fb7092f Merge pull request #10023 from SparkiDev/asm_gen_fixes_2
ASM generation fixes
2026-03-20 08:00:57 -07:00
David Garske 3e820e591b Merge pull request #9946 from LinuxJedi/lms-xmss-flags
Automatically turn on LMS / XMSS full hash
2026-03-20 08:00:12 -07:00
Juliusz Sosinowicz 84da6d22c8 Address code review 2026-03-20 15:42:50 +01:00
Eric Blankenhorn 8ffb096fc5 Fix from review 2026-03-20 09:06:22 -05:00
Eric Blankenhorn 6446bb2115 Fix DecodeAltNames length check 2026-03-20 08:16:47 -05:00
Andrew Hutchings 4cdb979920 Remove unneeded entries from known macro extras 2026-03-20 11:12:15 +00:00
Andrew Hutchings dca9951355 Fixup code comments in XMSS and LMS 2026-03-20 10:22:46 +00:00
Sean Parkinson ec958de649 ASM generation fixes
Many comment fixes, label renaming and non-functional changes.

  Bug Fixes

x86_64 (aes_xts_asm.S/.asm)

- Removed a spurious movl %edx, %eax that was clobbering a register,
then
fixed two comparisons to use %edx instead of the now-stale %eax. This
was a
functional bug in AES-XTS key-rounds selection.

x86_64 (fe_x25519_asm.S)

- Changed xor %rbx, %rbx → xorq %rbx, %rbx (explicit 64-bit operand
size
suffix).

ARM32 (sp_arm32.c, sp_cortexm.c)

- Fixed typo in assembly label names: sub_in_pkace → sub_in_place
(both label
definitions and branch targets). Affected 2048-bit and 3072-bit SP
functions.
- Fixed wrong source register in multiply/accumulate sequences: r11 →
r7 and
r3 → r4 (functional register-use bugs).

ARM32 ChaCha (armv8-32-chacha-asm.S/_c.c)

- Fixed label typo: same_keyb_ytes → same_key_bytes
- Fixed NEON instruction syntax: vrev32.i16 → vrev32.16 (invalid
mnemonic →
correct ARM NEON form, affects multiple sites)

ARM32 SHA3 (armv8-32-sha3-asm_c.c, .S)

- Fixed symbol name typo: L_sha3_arm2_neon_rt / L_sha3_arm2_rt →
L_sha3_arm32_neon_rt / L_sha3_arm32_rt

ARM32 AES (armv8-32-aes-asm_c.c, thumb2-aes-asm_c.c, .S variants)

- Fixed #endif comment: WOLFSSL_ARMASM_AES_BLOCK_INLINE →
  !WOLFSSL_ARMASM_AES_BLOCK_INLINE (logic inversion was missing from the
comment)

ARM64 ChaCha (armv8-chacha-asm_c.c/.S)

- Fixed label typo: arm64loop_lt_8 → arm64_loop_lt_8

ARM32 ML-KEM (armv8-32-mlkem-asm.S/_c.c)

- Fixed #endif comment typo: WOLFSLS_ARM_ARCH → WOLFSSL_ARM_ARCH
(across many
  occurrences)

SHA-512 (sha512_asm.S)

- Corrected off-by-one in comments: msg_sched done: 0-3 → 0-1, 2-5 →
2-3, etc.
   (only 2 entries scheduled per block, not 4)
2026-03-20 11:56:25 +10:00
David Garske 5fdf32dec6 Fix to make sure a double free cannot occur (ZD 21093) 2026-03-19 17:03:09 -07:00
David Garske 43f6512e0c Fixes for documentation typos on arguments 2026-03-19 16:39:08 -07:00
JacobBarthelmeh 5b9d0a13bf Merge pull request #9992 from dgarske/macro_docs
Add inline documentation for missing macros and fix spelling errors
2026-03-19 17:08:33 -06:00
Paul Adelsbach 041bb185c6 Add IP SAN matching 2026-03-19 15:10:21 -07:00
Eric Blankenhorn b4d2cd6d9c Fix feedback from review 2026-03-19 15:22:39 -05:00
Chris Conlon 8b388ba3e3 Merge pull request #10011 from mattia-moffa/20260319-jni-no-md5
Don't force enable MD5 with --enable-jni
2026-03-19 14:16:18 -06:00