Commit Graph

28332 Commits

Author SHA1 Message Date
Marco Oliverio b767d8218a wolfcrypt: benchmark: use WC_USE_DEVID to benchmark ed25519 if defined 2026-02-11 15:25:28 +01:00
Sean Parkinson 895fb2936d ML-DSA/Dilithium: reduce vector when small build
Ensure the matrix multiplication result has values reduced to the
correct range. Only an issue for small builds.
2026-02-11 09:47:45 +10:00
Sean Parkinson 2ef096a21b Merge pull request #9754 from julek-wolfssl/zd/21171
Add check for KS in SH
2026-02-11 09:11:05 +10:00
David Garske bc12b7563f Peer review improvements 2026-02-10 14:51:51 -08:00
Reda Chouk 86212fd33f add test for session deserialization input validation 2026-02-10 20:37:02 +01:00
Andrew Hutchings 33abaca065 Fix test for AESGC_STREAM 2026-02-10 18:06:47 +00:00
Andrew Hutchings 54e8e80e81 Added integer overflow protection to PKCS12
PKCS12_ConcatenateContent() could overflow.
2026-02-10 15:53:29 +00:00
Andrew Hutchings 6b4fd431da Fix leak in PKCS12 error path 2026-02-10 15:47:10 +00:00
Andrew Hutchings a8d844003e Fix potential buffer overflow in EVP
It is potentially possible on a 32bit system to get realloc to overflow
with several of the EVP functions.
2026-02-10 14:49:20 +00:00
Juliusz Sosinowicz 5f755f6bd5 Fix compilation checks in test scripts
Correct the logic for checking if the client and server examples are compiled
in the test scripts. The previous logic was inverted, causing the tests to
always skip if the examples *were* compiled.
2026-02-10 13:14:55 +01:00
Juliusz Sosinowicz f810dc2a01 Add check for KeyShare in ServerHello
Fixes ZD21171
2026-02-10 12:39:27 +01:00
Sean Parkinson 7245ad02bb Merge pull request #9748 from gasbytes/wolfSSL_d2i_SSL_SESSION-fix
add missing checks in wolfSSL_d2i_SSL_SESSION
2026-02-10 21:22:16 +10:00
Sean Parkinson bf86450c01 Merge pull request #9749 from holtrop-wolfssl/rust-wolfssl-wolfcrypt-crate-1.1.0
Rust wrapper: update wolfssl-wolfcrypt crate to v1.1.0
2026-02-10 21:21:15 +10:00
Sean Parkinson 5bb39eb5c4 Merge pull request #9617 from julek-wolfssl/ada-testing
Ada Bindings and CI Improvements
2026-02-10 21:20:32 +10:00
Sean Parkinson 2b370f8ecb ARM assembly fixes
armv8-32-aes-asm*: Fix #define protection around L_AES_ARM32_ecb_td4.
armv8-curve25519_c.c: Fix definition of fe_invert_nct to match
prototype.
2026-02-10 16:20:20 +10:00
David Garske 2a18b7ee44 Fix non-blocking X25519/ECC with WOLFSSL_ASYNC_CRYPT_SW
The non-blocking setup for X25519 and ECC in TLS was unconditionally
setting up nbCtx, which caused functions to return FP_WOULDBLOCK. However,
with INVALID_DEVID (the default), TLS has no async loop to handle
FP_WOULDBLOCK, only WC_PENDING_E via the async framework.

The fix follows the pattern used in asn.c: only set up nbCtx when the async
device is active (devId != INVALID_DEVID). With INVALID_DEVID, the code now
uses the blocking fallback (WC_ECC_NONBLOCK_ONLY) instead.

This prevents unit test timeouts when built with --enable-curve25519=nonblock
or --enable-ecc=nonblock.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-09 09:22:36 -08:00
Juliusz Sosinowicz 40d3befa61 Extend Ada bindings
Add Ada bindings for SHA-256, RSA sign/verify, and AES-CBC from
wolfCrypt. Use XMALLOC/XFREE for dynamic allocation and add GNATprove
ownership annotations to enable static leak detection.

Refactor the Ada wrapper into a base package (wolfssl.ads) and a child
package (wolfssl-full_runtime) to separate code that depends on
Interfaces.C.Strings and GNAT.Sockets from zero-footprint-compatible
code.

Add standalone examples for SHA-256 hashing, RSA signature verification,
and AES encryption under wrapper/Ada/examples/.

Add AUnit test suites for SHA-256, RSA, and AES bindings under
wrapper/Ada/tests/ with Valgrind suppressions and Alire integration.

Move TLS client/server examples into wrapper/Ada/examples/src/ and
update build files (default.gpr, examples.gpr, include.am) accordingly.

Update CI (ada.yml) to build default.gpr, run AUnit tests, run the
client-server examples, and run GNATprove.

Co-authored-by: Joakim Strandberg <joakim@mequinox.se>
2026-02-09 13:44:35 +01:00
David Garske ca5b484e23 Merge pull request #9752 from douzzer/20260207-fixes
20260207-fixes
2026-02-07 12:43:22 -08:00
Daniel Pouzzner d36953948b src/ssl_api_pk.c: in wolfSSL_CTX_SetTmpEC_DHE_Sz(), fix gate-dependent syntax error in if construct;
src/ssl_p7p12.c: in wolfSSL_SMIME_read_PKCS7(), fix memleakOnRealloc.
2026-02-07 12:00:00 -06:00
David Garske fbc5502a58 Merge pull request #9750 from douzzer/20260206-fixes
20260206-fixes
2026-02-06 14:54:58 -08:00
Josh Holtrop fbed7e8553 Rust wrapper: update CHANGELOG for wolfssl-wolfcrypt v1.1.0 2026-02-06 14:44:44 -05:00
Daniel Pouzzner 872661186f Merge pull request #9746 from JacobBarthelmeh/wolfhsm
warning for 'type' may be used uninitialiized
2026-02-06 13:14:41 -06:00
Daniel Pouzzner 51f5f8799d src/ssl_api_pk.c: fix -Wmaybe-uninitialized in check_cert_key_dev() (defect introduced in #9723);
wolfcrypt/test/test.c: fix error-path memory leaks in srtpkdf_test(), and properly gate out incompatible SRTP_KDF_LONG_KEY test on old FIPS (defect introduced in #9733);

.wolfssl_known_macro_extras: get into lexical order and remove unneeded WC_RSA_DIRECT.
2026-02-06 13:06:10 -06:00
David Garske 19bb7198a2 Peer review fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 10:24:31 -08:00
Josh Holtrop 70a7f4d5de Rust wrapper: update wolfssl-wolfcrypt crate to v1.1.0 2026-02-06 13:18:18 -05:00
Anthony Hu 6bc2c6f071 Merge branch 'master' into cmake_HSC 2026-02-06 13:11:55 -05:00
Reda Chouk f94eb68ea3 add missing checks in wolfSSL_d2i_SSL_SESSION 2026-02-06 17:00:42 +01:00
David Garske 78bba7e90f Fix for TLS with WOLFSSL_SMALL_CERT_VERIFY 2026-02-05 21:55:32 -08:00
JacobBarthelmeh 4fc778c8eb warning for 'type' may be used uninitialiized 2026-02-05 22:14:43 -07:00
Daniel Pouzzner 25db90afe7 Merge pull request #9741 from kareem-wolfssl/variousFixes
Various fixes
2026-02-05 20:32:12 -06:00
Daniel Pouzzner 8e6ebdb8ac Merge pull request #9723 from SparkiDev/ssl_split_cert
Split out code form ssl.c and pk.c
2026-02-05 18:21:36 -06:00
David Garske c3ef6afcfd Merge pull request #9743 from douzzer/20260205-fixes
20260205-fixes
2026-02-05 15:23:57 -08:00
Daniel Pouzzner 1d871879df Merge pull request #9726 from Frauschi/pkcs11_pqc_prep
PKCS#11 PQC preparation work
2026-02-05 16:50:25 -06:00
Daniel Pouzzner a6ee93c84c Merge pull request #9739 from holtrop-wolfssl/rust-crate-fips-support
Rust wrapper: add FIPS support
2026-02-05 16:49:58 -06:00
Daniel Pouzzner 88edcf6c96 Merge pull request #9736 from embhorn/gh9731
Exclude Config.cmake.in in .gitignore
2026-02-05 16:49:35 -06:00
Daniel Pouzzner da426d9c1d Merge pull request #9725 from Frauschi/cmake
CMake fixes and improvements
2026-02-05 16:49:03 -06:00
Daniel Pouzzner 681d09fc3c Merge pull request #9714 from philljj/bsdkm_crypto_accel
bsdkm: x86 crypto acceleration support.
2026-02-05 16:48:03 -06:00
Daniel Pouzzner 2a32e108d0 Merge pull request #9656 from jackctj117/PKCS7-signing
Add PKCS7 ECC raw sign callback support
2026-02-05 16:46:27 -06:00
Daniel Pouzzner 6d7cb87965 Merge pull request #9733 from SparkiDev/srtp_kdf_ctr_fix
SRTP-KDF: use two bytes of index
2026-02-05 16:21:38 -06:00
Paul Adelsbach 635832010e Use WOLFSSL_STACK methods in new AIA functions 2026-02-05 11:54:26 -08:00
jackctj117 cfcd384c4c Address copilot feedback 2026-02-05 12:12:16 -07:00
jackctj117 d581a409eb Delete tests/test_cert_sign_cb_no_malloc_simple.c 2026-02-05 11:58:38 -07:00
jackctj117 a61a5792b8 Delete tests/test_cert_sign_cb_no_malloc.c 2026-02-05 11:58:05 -07:00
jackctj117 d774825ab8 Address copilot feedback 2026-02-05 11:57:33 -07:00
David Garske 8c30cfb0da Add tests for async with static memory. Fix issue with mixed-declaration in SP ECC non-blocking. 2026-02-05 09:43:31 -08:00
David Garske 6a4415911b Merge pull request #9727 from miyazakh/tsip_rm_asn_original
Renesas RX72N : Remove WOLFSSL_ASN_ORIGINAL from user_settings.h
2026-02-05 08:42:59 -08:00
Daniel Pouzzner 0cc1dc29c4 src/x509.c: in x509_aia_append_string(), use heap pointer from supplied *head, and initialize WOLFSSL_STACK.type (fixes "Conditional jump or move depends on uninitialised value(s)" from 08c1397cc1);
wolfssl/wolfcrypt/asn.h: use WC_BITFIELD for extAuthInfoListSz and extAuthInfoListOverflow bitfields, for C89 compat (fixes -Wpedantic from 08c1397cc1).
2026-02-05 10:04:17 -06:00
David Garske e9b711e42b Tests for mutual authentication 2026-02-04 21:28:53 -08:00
David Garske 4d3925d526 Add X25519 non-blocking support for key gen and shared secret
## Summary
- Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`)
- Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply
- Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key
- Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`)
- Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`)
- Add X25519 async software dispatch cases in `async.c` and types in `async.h`
- Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms)
- Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync
- Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow
- Add wolfcrypt test and API test coverage for X25519 non-blocking
2026-02-04 21:28:52 -08:00
David Garske c7ed5ff179 Merge pull request #9740 from douzzer/20260204-linuxkm-with-global-replace-etc
20260204-linuxkm-with-global-replace-etc
2026-02-04 19:07:06 -08:00