Commit Graph

9499 Commits

Author SHA1 Message Date
Kareem bfacbf9764 Update ASN original to also allow larger pathLen values in Basic Constraints. 2025-07-10 11:47:47 -07:00
Kareem f0459eb1cf Allow larger pathLen values in Basic Constraints. 2025-07-10 10:37:06 -07:00
Sebastian Carpenter a00cfcb55f improper access of sp_int_minimal using sp_int
related thread: https://bugzilla.redhat.com/show_bug.cgi?id=2047439

also found sp_uint8 that was not updated to sp_sign_t
2025-07-10 10:42:30 -06:00
Daniel Pouzzner b4137fe2f8 linuxkm/lkcapi_sha_glue.c: add interruptibility and additional relaxation where possible, and fix a leaked lock scenario, in get_drbg_n(), wc_linuxkm_drbg_seed(), wc_mix_pool_bytes(), and wc_crng_reseed();
wolfcrypt/src/asn.c: add a couple static attributes missed on the previous round of fixups.
2025-07-10 10:59:57 -05:00
philljj ed6d189f1a Merge pull request #8980 from douzzer/20250706-linuxkm-fixes
20250706-linuxkm-fixes
2025-07-10 10:34:59 -05:00
Josh Holtrop 6d51b73626 Shorten some wc_PKCS7_DecodeEncryptedKeyPackage() comment lines to less than 80 characters 2025-07-10 08:10:59 -04:00
David Garske b2143a815f Merge pull request #8965 from SparkiDev/ppc32_sha256_spe
PPC32 ARM ASM SHA-256: SPE impl, tidy up original
2025-07-09 17:00:26 -07:00
Sean Parkinson 98adb330ef Merge pull request #8981 from dgarske/mldsa
Fix build issue with ML-DSA 44 only
2025-07-10 09:41:36 +10:00
David Garske 7ba6f836c4 Merge pull request #8972 from SparkiDev/sp_int_8_bit_fix
SP int: fix 8 bit words and sp_clamp_ct
2025-07-09 16:30:33 -07:00
David Garske cf35abccb8 Merge pull request #8963 from SparkiDev/sp_int_type_fix
CodeQL: o is larger type and could cause issues
2025-07-09 16:30:01 -07:00
David Garske ae19c55182 Merge pull request #8966 from SparkiDev/arm32_aes_asm_fixup_bne
ARM 32-bit ASM AES: fixup 32-bit code to not use B.EQ
2025-07-09 16:29:46 -07:00
Daniel Pouzzner 01e8815762 wolfssl/wolfcrypt/settings.h: add #define WOLFSSL_NO_PUBLIC_FFDHE and #undef HAVE_PUBLIC_FFDHE to WOLFSSL_LINUXKM setup to avoid .data.rel.ro.local functions in dh.c;
linuxkm/linuxkm_wc_port.h: only use kvrealloc() on kernel >=6.11 -- the version in 5.15-6.10 is incompatible (oldsize arg).  also, restore use of kvmalloc on 4.12+, but with XREALLOC undefined, suitable for cryptonly modules; add #include <linux/sched.h> even on __PIE__ objects to make cond_sched() available;

wolfcrypt/src/asn.c: harmonize gate around definitions of BEGIN_DSA_PRIV and END_DSA_PRIV;

wolfcrypt/src/asn.c: in EccSpecifiedECDomainDecode(), work around "const char[]" types in WOLFSSL_ECC_CURVE_STATIC struct ecc_set_type on FIPS <6;

wolfcrypt/src/asn.c, wolfcrypt/src/wc_xmss.c, wolfssl/wolfcrypt/wc_lms.h: add comments to new WOLFSSL_NAMES_STATIC slots explaining where the size comes from.
2025-07-09 18:22:18 -05:00
Daniel Pouzzner 7c6afeb106 add linuxkm/wolfcrypt.lds module linker script, explicitly grouping wolfcrypt sections together;
linuxkm/Kbuild: add linker script flag, containerize several more previously-missed ELF sections, and add a test verifying no sections were missed;

linuxkm/linuxkm_memory.c: remove obsolete lkm_realloc() shim and unneeded my__show_free_areas() wrapper;

linuxkm/linuxkm_wc_port.h: add new mapping from realloc() to native kvrealloc(), and gate out a slew of headers when __PIE__ to avoid polluting wolfCrypt objects with various unneeded header-implemented functions with associated awkward symbols references;

linuxkm/lkcapi_glue.c: harmonize gate for REGISTER_ALG_OPTIONAL();

linuxkm/module_hooks.c: add "ERROR:" prefixes on pr_err()s; add wc_RunAllCast_fips() at shutdown to send confidence verification to the kernel log; remove section bounds checks now that layout is unreliable;

wolfssl/wolfcrypt/settings.h: for WOLFSSL_LINUXKM && HAVE_LINUXKM_PIE_SUPPORT, #define WOLFSSL_ECC_CURVE_STATIC and WOLFSSL_NAMES_STATIC;

wolfssl/wolfcrypt/types.h: refactor the typedef for wcchar from a pointer to a char[];

wolfcrypt/src/wc_xmss.c and wolfssl/wolfcrypt/wc_lms.h: add WOLFSSL_NAMES_STATIC code paths for struct wc_XmssString and struct wc_LmsParamsMap;

wolfcrypt/src/asn.c: add WOLFSSL_NAMES_STATIC code paths for struct CertNameData, and add static attribute to a slew of wcchars not used or declared outside asn.c.
2025-07-09 18:22:18 -05:00
David Garske 3c00e26274 Merge pull request #8974 from rlm2002/coverity_fix
Coverity: Check values
2025-07-09 16:12:42 -07:00
David Garske 5d89ca6706 Fix build issue with ML-DSA 44 only. Fix --enable-mlkem=all to enable features (keygen/enc/dec) to match --enable-dilithium behavior and allow uses like: --enable-mlkem=all,512,small. Fix issue building mem track with missing PRINT_HEAP_ADDRESS (reproduced with --enable-trackmemory=verbose --enable-stacksize=verbose).
```
wolfcrypt/src/dilithium.c:6696:21: error: expected expression before '}' token
 6696 |                     }
      |
```
2025-07-09 15:06:41 -07:00
Josh Holtrop c83a452a3c Check for NULL pkiMsg in wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-09 14:41:58 -04:00
Josh Holtrop d2ab6edbab Add wc_PKCS7_DecodeEncryptedKeyPackage() 2025-07-09 13:38:11 -04:00
Ruby Martin 6de2557748 check buflen is less than BLAKE2B_BLOCKBYTES * 2 2025-07-09 10:00:28 -06:00
Ruby Martin 7b7c658668 add null check to wc_Des_CbcEncrypt 2025-07-09 09:59:46 -06:00
Sean Parkinson d6a72e2480 PPC32 ARM ASM SHA-256: SPE impl, tidy up original
Implement using SPE instructions that allow for 64-bit registers as a
vector of 2 32-bit values.
Tidy up original implementation to not use stack.
2025-07-09 18:34:33 +10:00
Sean Parkinson f0041cd761 SP int: fix 8 bit words and sp_clamp_ct
Need to cast to sp_size_t as it may be bigger than the word type
sp_int_digit.
2025-07-07 18:43:29 +10:00
Hideki Miyazaki ee8be22a3f Fix Qt nightly jenkins failure
PBKDF1 encrpted key
2025-07-07 15:10:41 +09:00
Daniel Pouzzner a40b56ccb5 Merge pull request #8964 from douzzer/20250703-linuxkm-fixes
20250703-linuxkm-fixes

Note, final commit reviewed by @SparkiDev, and earlier commit reviewed by @philljj.
2025-07-04 08:45:55 -05:00
Daniel Pouzzner ef3a1a28d9 linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: fixes for spinlocks on CONFIG_ARM64;
wolfcrypt/src/wc_port.c: include random.h, for Entropy_Init().
2025-07-03 22:09:34 -05:00
Sean Parkinson d1893dbdec ARM 32-bit ASM AES: fixup 32-bit code to not use B.EQ
Changes made for Green Hills Aarch64 got into the 32-bit code.
2025-07-04 11:37:06 +10:00
Daniel Pouzzner 688bc168de wolfcrypt/src/random.c: small stack refactor of noise[] in wc_Entropy_Get(). 2025-07-03 18:30:46 -05:00
David Garske fb691fac94 Merge pull request #8947 from SparkiDev/mldsa_openssl_der
ML-DSA/Dilithium: support OpenSSL format
2025-07-03 16:10:55 -07:00
Sean Parkinson 41eef2ef71 CodeQL: o is larger type and could cause issues
Make 'o' sp_size_t as the callers are passing 0 or explicit cast to
sp_size_t
2025-07-04 09:04:39 +10:00
Sean Parkinson 519d1430d0 ML-DSA/Dilithium: support OpenSSL format
Support DER private key format.
2025-07-04 07:54:26 +10:00
David Garske 3fe84bf3c0 Merge pull request #8961 from douzzer/20250703-fixes-for-multi-test-reports
20250703-fixes-for-multi-test-reports
2025-07-03 11:07:46 -07:00
JacobBarthelmeh 01de7cc04b Merge pull request #8955 from anhu/signed
Explicitly declare dilithium_coeff_eta2[] as signed
2025-07-03 10:25:46 -06:00
JacobBarthelmeh 7abaa131d3 Merge pull request #8954 from dgarske/asm_introspection
Added introspection for Intel and ARM assembly speedups
2025-07-03 10:22:19 -06:00
philljj c0837cb073 Merge pull request #8943 from douzzer/20250617-linuxkm-get_random_bytes
20250617-linuxkm-get_random_bytes
2025-07-03 11:22:08 -05:00
Daniel Pouzzner a1fa897572 wolfcrypt/src/dilithium.c: fix cast flubs in dilithium_encode_gamma1_19_bits() (fixes quantum-safe-wolfssl-all-gcc-latest-m32). 2025-07-03 10:17:51 -05:00
David Garske 6be8a3710d Merge pull request #8937 from miyazakh/tsip_cryptcb_ut
Fix TSIP port using crypto callback
2025-07-02 17:42:51 -07:00
Hideki Miyazaki b60a05f45e Fix TSIP port using crypto callback
- Add unit test using cb
2025-07-03 08:23:24 +09:00
Anthony Hu f7ea8fca67 Explicitly declare dilithium_coeff_eta2[] as signed 2025-07-02 15:50:51 -04:00
Daniel Pouzzner dc05c4c01b wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h: refactor DRBG_internal.reseedCtr as a word64 if WORD64_AVAILABLE, to accommodate max reseed count per NIST SP 800-90A Rev. 1;
wolfssl/wolfcrypt/settings.h: if WOLFSSL_LINUXKM && LINUXKM_LKCAPI_REGISTER && WORD64_AVAILABLE, set default WC_RESEED_INTERVAL to max allowed (2^48);

linuxkm/lkcapi_sha_glue.c: handle NO_LINUXKM_DRBG_GET_RANDOM_BYTES, for build-time override control of LINUXKM_DRBG_GET_RANDOM_BYTES, and handle WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE, for separate opt-in control of the buggy wc_get_random_bytes_user_kretprobe_enter().
2025-07-02 14:25:05 -05:00
Daniel Pouzzner b3944a73c2 linuxkm/lkcapi_sha_glue.c:
* implement interception of _get_random_bytes() and get_random_bytes_user() (implicitly intercepts /dev/random and /dev/urandom):

    * get_crypto_default_rng()
    * get_default_drbg_ctx()
    * wc__get_random_bytes()
    * wc_get_random_bytes_user()
    * wc_extract_crng_user()
    * wc_mix_pool_bytes()
    * wc_crng_reseed()
    * wc_get_random_bytes_by_kprobe()
    * wc_get_random_bytes_user_kretprobe_enter()
    * wc_get_random_bytes_user_kretprobe_exit()

    * add LINUXKM_DRBG_GET_RANDOM_BYTES sections to wc_linuxkm_drbg_startup() and wc_linuxkm_drbg_cleanup()

    * add linuxkm/patches/*/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-*.patch, initially for versions:
      * 5.10.17
      * 5.10.236
      * 5.15
      * 5.17
      * 6.1.73
      * 6.12
      * 6.15

    * remove "*.patch" from .gitignore.

    * add linuxkm/patches/regen-patches.sh.

  * in wc_linuxkm_drbg_ctx_clear(), check lock count before freeing.

  * in get_drbg() and put_drbg(), use migrate_disable(), not DISABLE_VECTOR_REGISTERS().

  * in wc_linuxkm_drbg_generate(), explicitly DISABLE_VECTOR_REGISTERS() for the crypto_default_rng.

  * in wc_linuxkm_drbg_generate(), add DRBG reinitialization code to handle RNG_FAILURE_E.  This handles the situation where a DRBG was instantiated in a vector-ops-allowed context, caching a vectorized SHA256 ethod, but later used in a no-vector-ops-allowed context.

  * in wc_linuxkm_drbg_seed(), add DISABLE_VECTOR_REGISTERS() wrapper around wc_RNG_DRBG_Reseed() for crypto_default_rng.

linuxkm/x86_vector_register_glue.c:

  * add crash recovery logic to wc_linuxkm_fpu_state_assoc_unlikely()

  * in wc_linuxkm_fpu_state_assoc(), when wc_linuxkm_fpu_states is null, don't call wc_linuxkm_fpu_state_assoc_unlikely() if !assume_fpu_began.

  * in can_save_vector_registers_x86(), save_vector_registers_x86(), and restore_vector_registers_x86(), check for hard interrupt context first, to return early failure if current->pid is unusable.

  * in save_vector_registers_x86(), tweak logic around WC_FPU_INHIBITED_FLAG, adding local_bh_disable()...local_bh_enable() to provide for safe recursion.

wolfcrypt/src/random.c: optimization: in Hash_df(), for WOLFSSL_LINUXKM, don't put digest[WC_SHA256_DIGEST_SIZE] in the heap, keep it on the stack.

wolfssl/wolfcrypt/types.h: add WOLFSSL_NO_ASM no-op definitions for DISABLE_VECTOR_REGISTERS() and REENABLE_VECTOR_REGISTERS().

configure.ac:

* move --enable-linuxkm and --enable-linuxkm-defaults initial detection early, so that HMAC_COPY_DEFAULT picks it up.

* add ENABLED_ENTROPY_MEMUSE_DEFAULT, and enable it by default when ENABLED_LINUXKM_DEFAULTS.

* update linuxkm-lkcapi-register help message.

linuxkm/linuxkm_wc_port.h:

* add my_kallsyms_lookup_name().

* add preempt_count, _raw_spin_lock_irqsave, _raw_spin_trylock, _raw_spin_unlock_irqrestore, and _cond_resched, to wolfssl_linuxkm_pie_redirect_table, and add spin_unlock_irqrestore() macro to mask native inline.

* move linuxkm mutex wrappers from wolfcrypt/src/wc_port.c to linuxkm_wc_port.h, make them inlines, and add new default spinlock-based implementation, with old method now gated on WOLFSSL_LINUXKM_USE_MUTEXES.

* change malloc() and realloc() wrappers from GFP_KERNEL to GFP_ATOMIC.

linuxkm/lkcapi_glue.c: make misc.h/misc.c inclusion unconditional, and trim now-redundant inclusions out of lkcapi_dh_glue.c and lkcapi_ecdh_glue.c.
2025-07-02 14:25:05 -05:00
Daniel Pouzzner b25d484a4e linuxkm/lkcapi_sha_glue.c: implement mutex-free sync mechanism for wc_linuxkm_drbg_ctx in new get_drbg(), get_drbg_n(), and put_drbg();
linuxkm/x86_vector_register_glue.c: implement support for WC_FPU_INHIBITED_FLAG, and an `int inhibit_p` argument to save_vector_registers_x86();

wolfcrypt/src/random.c: implement linuxkm support for RDSEED and HAVE_ENTROPY_MEMUSE;

wolfssl/wolfcrypt/error-crypt.h and wolfcrypt/src/error.c: add WC_ACCEL_INHIBIT_E "Crypto acceleration is currently inhibited";

linuxkm/module_hooks.c and linuxkm/x86_vector_register_glue.c: remove broken and bit-rotten WOLFSSL_COMMERCIAL_LICENSE and LINUXKM_FPU_STATES_FOLLOW_THREADS code paths.
2025-07-02 14:25:05 -05:00
David Garske 221330df0b Added introspection for Intel and ARM assembly speedups (useful for benchmarking output). Added STM32F439ZI benchmarks.
`--enable-armasm` : `Assembly Speedups: ARMASM ALIGN`
`--enable-intelasm` : `Assembly Speedups: INTELASM ALIGN X86_64_BUILD`
2025-07-02 10:57:24 -07:00
jordan 9e811b5bd5 wolfcrypt misc: avoid frivolous initialization. 2025-07-02 10:46:38 -05:00
jordan 9ac480a60d linuxkm fedora: fix uninitialized build errors. 2025-07-02 10:00:28 -05:00
Daniel Pouzzner a8fc68d81b wolfcrypt/src/random.c: in Hash_DRBG_Generate(), gate the verbose reseed message on DEBUG_WOLFSSL or DEBUG_DRBG_RESEEDS, use WOLFSSL_MSG_EX(), and refactor the condition from drbg->reseedCtr == RESEED_INTERVAL to drbg->reseedCtr >= WC_RESEED_INTERVAL.
also some unrelated cleanup in .wolfssl_known_macro_extras.
2025-07-01 13:05:00 -05:00
JacobBarthelmeh 8fa0f6b3df Merge pull request #8944 from SparkiDev/evp_hmac_copy_hash_fix
EVP HMAC: get working with WOLFSSL_HMAC_COPY_HASH
2025-07-01 09:50:53 -06:00
Sean Parkinson 7c4de54e73 EVP HMAC: get working with WOLFSSL_HMAC_COPY_HASH
Get the EVP layer working with the wolfSSL HMAC implementation when
WOLFSSL_HMAC_COPY_HASH is defined.
This define hashes the ipad and opad into temporary hashes and copies
the required hash into the working hash when needed. Uses more memory
but is faster when starting a new hash with the same key.
2025-07-01 13:14:26 +10:00
Sean Parkinson 574de4b234 Memory allocation failure testing fixes
Fixes for test code to cleanup on failure properly.
pkcs7.c: when streaming, free the decrypting content when adding data to
the stream fails.
2025-07-01 11:50:42 +10:00
Daniel Pouzzner 018ee9754f Merge pull request #8608 from anhu/2akid
Check for duplicate extensions in a CRL
2025-06-27 22:25:27 -05:00
Daniel Pouzzner d1c1bca9e4 Merge pull request #8914 from dgarske/stm32n6
Added support for STM32N6
2025-06-27 22:19:01 -05:00
Daniel Pouzzner 4421f8bd84 Merge pull request #8934 from dgarske/macos_typo
Fix minor code typos for macos signal and types.h max block size
2025-06-27 14:11:31 -05:00