Commit Graph

27929 Commits

Author SHA1 Message Date
Eric Blankenhorn 296493acf0 f283 harden GeneratePrivateDh186 2026-03-05 15:43:10 -06:00
Daniel Pouzzner 178f96c483 Merge pull request #9854 from sameehj/rsa-pss-fix
Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
2026-03-05 15:03:46 -06:00
Daniel Pouzzner 26e2f05bfd Merge pull request #9848 from Frauschi/dtls_hrr_group
Fix for DTLS1.3 HRR group handling
2026-03-05 15:02:16 -06:00
Daniel Pouzzner 5fa18d9817 Merge pull request #9784 from dgarske/async_cryptocb
Fixes and tests for async and crypto callbacks
2026-03-05 14:59:27 -06:00
Daniel Pouzzner 91ea97ecdf Merge pull request #9712 from night1rider/max-32666-code-improvements
Fix Crash when using Sha224 Callback with MAX32666
2026-03-05 14:58:02 -06:00
Daniel Pouzzner b2913d27dd Merge pull request #9842 from rlm2002/coverity
20260227 Coverity changes
2026-03-05 14:53:14 -06:00
David Garske 36328e31a5 Merge pull request #9857 from douzzer/20260303-linuxkm-aarch64-fixes
20260303-linuxkm-aarch64-fixes
2026-03-05 07:53:00 -08:00
Daniel Pouzzner 67bcaff4b8 linuxkm/module_hooks.c: fix syntax error in wolfssl_init(). 2026-03-04 16:13:09 -06:00
Daniel Pouzzner f04e6e8718 tests/api.c and tests/api/test_pkcs7.c: fixes for CFLAGS="-Og" --enable-all (PRB-single-flag.txt line 3). 2026-03-04 14:46:20 -06:00
Daniel Pouzzner 1297a85b03 wolfcrypt/test/test.c:
* skip pkcs12_test() if NO_SHA;
* sha3_224_test(): fix error-path leak and possible uninited-read of shaCopy.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner fe93ec87b1 linuxkm/module_hooks.c: in dump_to_file(), accommodate mis-prototyped kernel_write() in kernels 3.9-4.13. 2026-03-04 13:14:07 -06:00
Daniel Pouzzner f67c29ae51 linuxkm/Kbuild:
* for aarch64/arm64, only add -mno-outline-atomics if the compiler supports it.
* in ENABLED_LINUXKM_PIE setup, avoid -fPIE on arm32 <5.11 (missing reloc support).

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: gate interception of alt_cb_patch_nops() on kernel >= 6.1.

linuxkm/linuxkm_wc_port.h: define WC_LINUXKM_SUPPORT_DUMP_TO_FILE implicitly when WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT.

linuxkm/module_hooks.c: fixes for text_dump_path and rodata_dump_path handler code.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner 8d1b825558 configure.ac:
* add --enable-wolfentropy as a synonym for --enable-wolfEntropy;
* avoid -Wno-deprecated-enum-enum-conversion when KERNEL_MODE_DEFAULTS, to work around old gcc with broken results from AX_CHECK_COMPILE_FLAG();
* rework help messages for several synonym options to refer to the canonical option (--enable-linuxkm-pie, --enable-kyber, --enable-dilithium, --enable-amdrand, --enable-entropy-memues).
2026-03-04 13:14:07 -06:00
Daniel Pouzzner 4a51ed4c26 wolfcrypt/test/test.c: add FIPS gates around "Copy cleanup test" exercises added by 4713ad5675 (#9829). 2026-03-04 13:14:07 -06:00
Daniel Pouzzner 1c8d593af7 Merge pull request #9860 from anhu/for_length
Fix for loop exit condition.
2026-03-04 12:18:31 -06:00
night1rider daf3b067d4 Add common SHA copy/free helpers with leak-safe msg buffer handling and copy/free crypto callbacks to replicate the non-callback code behavior when using MAX3266X_SHA_CB. 2026-03-04 10:27:22 -07:00
night1rider c3b329eb2e Refactor to use HASH_KEEP option instead of dedicated context for SHA, also add HASH_KEEP to sha1 context with correct init/free calls 2026-03-04 10:27:22 -07:00
Zackery Backman 2f2fca6a91 Remove stdio inclusion and then revert removal of null check for MXC free 2026-03-04 10:27:22 -07:00
night1rider 224ac9e2ff Add setting callback and MXC init when using arm asm with callbacks 2026-03-04 10:27:22 -07:00
Zackery Backman 4ef0492f23 Improve logic behind copy and free for sha, add copy and free callback functions, fix sha224 crashing when using callbacks for MAX32666 due to unitialized struct. 2026-03-04 10:27:22 -07:00
Anthony Hu 9d3cc6e30c Fix for loop exit condition.
size should be length.  s includes offset, so it must be compared against
length, not size because size is only what is after offset.
2026-03-04 10:17:33 -05:00
Tobias Frauenschläger 7842bf30f4 Fix for DTLS1.3 HRR group handling
When a server uses a HRR to negotiate the key exchange group to use, the
selected group is advertised in the HRR key share extension.
Furthermore, this group is also stored in the Cookie that is sent to the
client. When the server receives the second CH, the group used in the
key share extension MUST be the one of the HRR.

For stateless DTLS servers, the handling of this check had a bug. The
key share group of the HRR is stored in the ssl->hrr_keyshare_group
variable and is checked against the received key share of the second CH.
However, in the stateless server case, another CH message may be
received inbetween the two CH message of the desired client, potentially
overwriting the ssl->hrr_keyshare_group variable. This then causes
handshake failures when the ssl->hrr_keyshare_group variable contains
another group than the second CH message of the desired client.

To fix this, the following changes are conducted:
1. Disable the ssl->hrr_keyshare_group check for stateless DTLS 1.3
   servers. As long as the server is stateless, CHs from multiple
   clients may be received that individually cause HRRs with different
   groups. For each of these clients, the HRR group is properly stored
   in the cookie.
2. When a valid cookie is received from the client, the server becomes
   stateful. In this case, we now parse the cookie for a stored HRR
   group in the RestartHandshakeHashWithCookie() method. If present,
   we restore the ssl->hrr_keyshare_group variable to this group to
   ensure the error checks succeed.
3. Move the check of ssl->hrr_keyshare_group of the the KeyShare
   extension parsing logic into the general TLS1.3 ClientHello parsing
   after extension handling. This ensures that the order of the cookie
   and key share extensions does not matter.

A new test is added to check for this behavior.
2026-03-04 15:58:45 +01:00
Sameeh Jubran 441bcbb680 Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI
RSA-PSS signed certificates contain a valid RSA public key that can be
used for key transport, but wc_PKCS7_AddRecipient_KTRI and the
EnvelopedData/AuthEnvelopedData encode paths rejected them because they
only checked for RSAk. Allow RSAPSSk to fall through to the RSAk key
transport path, and always use RSAk as the KeyEncryptionAlgorithmIdentifier
since the operation is RSA encryption, not RSA-PSS signing.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-03-04 12:24:08 +02:00
Ruby Martin 682901e32e return MP_VAL if n < 0. remove check for max int value
remove comment
2026-03-03 09:50:16 -07:00
Daniel Pouzzner 350706d2c8 Merge pull request #9847 from embhorn/gh9846
Fix DRBG_internal alloc in wc_RNG_HealthTestLocal
2026-03-03 00:23:10 -06:00
Ruby Martin 0ef8541b73 validate hashAlgSz is within bounds before calling XMEMCPY 2026-03-02 15:05:01 -07:00
Eric Blankenhorn 42e51701e1 Fix DRBG_internal alloc in wc_RNG_HealthTestLocal 2026-03-02 11:19:38 -06:00
David Garske 238e8effd7 Fix code comment - peer review 2026-03-02 08:16:53 -08:00
Sean Parkinson 215fe1341c Merge pull request #9829 from night1rider/tmpSha-fixes
Fix potential memory leak when copying into existing SHA contexts and zero init tmpSha
2026-03-02 21:18:55 +10:00
Sean Parkinson cba9ffd703 Merge pull request #9782 from kareem-wolfssl/zd21204
Ensure length is at least ID_LEN in SetTicket.
2026-03-02 21:12:29 +10:00
David Garske a4e2d851d7 Merge pull request #9845 from douzzer/20260228-linuxkm-missed-patch
20260228-linuxkm-missed-patch
2026-02-28 15:43:17 -08:00
Daniel Pouzzner f1b65be0ca linuxkm/Makefile: fix misplaced quotes in configure call in libwolfssl-user-build recipe. 2026-02-28 14:07:00 -06:00
Daniel Pouzzner 21f7fd8901 linuxkm/include.am: add WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch. 2026-02-28 12:29:21 -06:00
David Garske 5d6a23bd19 Merge pull request #9844 from douzzer/20260226-linuxkm-SUPPORT_DUMP_TO_FILE
20260226-linuxkm-SUPPORT_DUMP_TO_FILE
2026-02-28 08:54:02 -08:00
Daniel Pouzzner d22175ae37 Makefile.am: for linuxkm module target, pass through "module" target as such, for compatibility with alt LIBWOLFSSL_NAME.
linuxkm/Makefile:

* don't use `readarray -d` -- it's a recent bashism;
* rework libwolfssl-user-build/src/.libs/libwolfssl.so recipe to better isolate sub-build settings.
* add support for HOSTCC and HOSTCFLAGS in libwolfssl.so build.
* deploy $(QFLAG) --no-print-directory --no-silent in several submakes for neatness and resilience.
* tweak $(LIBWOLFSSL_NAME).ko.signed recipe to add a "skipping" message and some consistency checking.

linuxkm/README.md: update FIPS DRBG /proc/crypto content to show seed source.

linuxkm/linuxkm_memory.c: fixes for format character portability in a RELOC_DEBUG_PRINTF() in wc_reloc_normalize_text).

linuxkm/linuxkm_wc_port.h: pull in linux/moduleparam.h, and if WC_LINUXKM_SUPPORT_DUMP_TO_FILE, pull in linux/fs.h and linux/uaccess.h.

linuxkm/module_hooks.c: implement WC_LINUXKM_SUPPORT_DUMP_TO_FILE: dump_to_file() and module args text_dump_path=... and rodata_dump_path=...

linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch: add to accommodate patch-breaking change in Linux 7dff99b354.
2026-02-28 00:25:06 -06:00
Daniel Pouzzner 76bc6e337b wolfcrypt/src/hpke.c, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: implement RFC 9180 overflow checks on context->seq in wc_HpkeContextSealBase() and wc_HpkeContextOpenBase(), and add SEQ_OVERFLOW_E to wolfCrypt_ErrorCodes (Fenrir M-70). 2026-02-27 23:40:37 -06:00
Daniel Pouzzner 4110887871 wolfcrypt/src/aes.c: in AesSivCipher(), burn sivTmp before return (Fenrir M-69). 2026-02-27 23:40:19 -06:00
Daniel Pouzzner 616a6a5789 wolfcrypt/src/ecc.c: in wc_ecc_import_point_der_ex() and wc_ecc_import_x963_ex2(), add missing retval capture for sp_ecc_uncompress_sm2_256() (Fenrir M-68). 2026-02-27 23:39:57 -06:00
Daniel Pouzzner bdea01a931 src/x509.c: in loadX509orX509REQFromPemBio(), fix an identicalInnerCondition. 2026-02-27 23:39:38 -06:00
night1rider 69ddefb099 Zero-initialize stack-declared hash contexts in GetHash functions before passing to Copy, which now calls Free(dst) and requires valid fields. 2026-02-27 16:13:21 -07:00
David Garske 0dffc8abff Fixes for async and crypto callbacks 2026-02-27 14:35:03 -08:00
David Garske 41137eed10 Add tests for async with crypto callbacks 2026-02-27 14:35:02 -08:00
night1rider 4c5e321dfb Add missing error check for wc_Sha512Final in unaligned memory test. 2026-02-27 14:31:33 -07:00
night1rider 70ccda7619 Free the reused struct before reiniting it for new test 2026-02-27 12:56:58 -07:00
night1rider d4f8f0d0a5 Revert XMEMSET 0 after free in copy process for digest/hashing functions 2026-02-27 12:56:58 -07:00
night1rider 39ab81bdda Use WC_DECLARE_VAR/WC_ALLOC_VAR for shaCopy in SHA3/Shake tests to avoid stack frame overflow on small-stack builds. 2026-02-27 12:56:58 -07:00
night1rider ca150724b3 Revert "Fix SHA3/Shake copy cleanup tests to heap-allocate shaCopy to avoid exceeding stack frame limit."
This reverts commit d99fe3bbfd.
2026-02-27 12:56:58 -07:00
night1rider b87cb3e1cd Fix SHA3/Shake copy cleanup tests to heap-allocate shaCopy to avoid exceeding stack frame limit. 2026-02-27 12:56:58 -07:00
night1rider 4713ad5675 Add Free(dst) + XMEMSET before XMEMCPY in all wc_ hash Copy functions (MD5, SHA, SHA2, SHA3, SHAKE) and add copy cleanup tests to prevent resource leaks when copying into previously-used contexts. 2026-02-27 12:56:58 -07:00
night1rider 60573a3782 memset 0 the temp contexts 2026-02-27 12:56:57 -07:00