Commit Graph

28332 Commits

Author SHA1 Message Date
Sean Parkinson eab58ae226 Merge pull request #9599 from holtrop-wolfssl/rust-chacha20-poly1305
Rust wrapper: add wolfssl_wolfcrypt::chacha20_poly1305 module
2026-01-06 20:28:24 +10:00
Sean Parkinson b293a1cc5c Merge pull request #9591 from rlm2002/coverity
20251229 Coverity Dereference before Null check
2026-01-06 20:25:01 +10:00
Sean Parkinson 5343cb386a Merge pull request #9588 from kareem-wolfssl/ghAlerts
Fix incorrect alerts.
2026-01-06 20:22:51 +10:00
Sean Parkinson a1089ba9f2 AES ARM32/Thumb2: option to inline block
Branching to a common block encrypt/decrypt may work for assembly but
not always for C code.
Added option, for assembly and inline assembly, to inline block
encrypt/decrypt: WOLFSSL_ARMASM_AES_BLOCK_INLINE.
2026-01-06 11:24:21 +10:00
Sean Parkinson 38241227a2 Curve25519 improvements
Add non-constant time implemenations of mod_inv for x64 and Aarch64
assembly.

Generate base point table, with better formatting, for double smul with
a script.
Increase Bi table size to 32 entries for 64-bit asm.
Minor improvements to double smul.

WOLFSSL_CURVE25519_NOT_USE_ED25519 to not use ed25519 base smul in
curve25519 base smul.
2026-01-06 10:24:21 +10:00
Daniel Pouzzner 83f7204f99 Merge pull request #9597 from sameehj/rhel9_linuxkm_sign
linuxkm: handle RHEL9 disabled akcipher sign/decrypt ops
2026-01-05 17:23:45 -06:00
Sean Parkinson a20d5f7b9d Merge pull request #9613 from philljj/fix_ecc_test_name
wolfcrypt test: fix ecc521 err msg.
2026-01-06 08:49:01 +10:00
jordan 842511b0ef wolfcrypt test: fix ecc521 err msg. 2026-01-05 12:25:53 -06:00
Sameeh Jubran d27c04bbca linuxkm: handle RHEL9 disabled akcipher sign/decrypt ops
RHEL9 kernels (9.6+) disable RSA signing and decryption in the kernel
crypto API for security reasons (CVE-2023-6240). The kernel forcibly
overwrites akcipher sign/decrypt callbacks to return -ENOSYS, regardless
of what the driver provides.

Commit 3709c35c in the RHEL kernel:
"crypto: akcipher - Disable signing and decryption"

This affects our self-tests which call crypto_akcipher_sign() and
crypto_akcipher_decrypt(). On RHEL9, these operations return -ENOSYS
even though our driver correctly implements them.

Add compile-time checks for RHEL_RELEASE_CODE >= 9.6 to detect this
scenario and skip the affected self-tests gracefully. The tests pass
since the algorithms are registered correctly; the kernel simply
refuses to execute sign/decrypt operations as a matter of policy.

Note: encrypt and verify operations are unaffected and continue to be
tested normally.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-01-05 19:42:29 +02:00
Tobias Frauenschläger 116260762f Fix for WOLFSSL_BLIND_PRIVATE_KEY and WOLFSSL_DUAL_ALG_CERTS 2026-01-05 17:26:11 +01:00
Tobias Frauenschläger 62764d08e4 Remove PQC-based buffer size increase for PreMasterSecret
The size of the PreMasterSecret buffer is based on the ENCRYPT_LEN
constant, which has been increased to 5kB for PQC support (Dilithium and
Falcon, as their signatures are that large).

However, only in the TLS 1.2 case, the PreMasterSecret buffer is used to
store signatures. In the TLS 1.3 path, only actual symmetric secrets are
stored in that buffer, which are much smaller in size (the "old" size of
the constant without the PQC increase).

As PQC is only allowed in TLS 1.3 and NOT in TLS 1.2, we can revert
that size increase, saving around 4,5kB of dynamic memory during the
handshake.
2026-01-05 15:58:53 +01:00
Tobias Frauenschläger 99bde324aa Build systems improvements
* Add `WOLFSSL_USER_SETTINGS` to CMake `options.h.in`
* Add CMake support for Dilithium
* Add user_settings.h support for aes_asm.S
* Add PKCS#11 support to CMake
* Minor ARM assembly port fixes
2026-01-05 15:46:58 +01:00
Josh Holtrop 9007d12d2a Rust wrapper: add wolfssl_wolfcrypt::chacha20_poly1305 module 2026-01-05 08:44:34 -05:00
Andrew Hutchings 4b606ebbeb Fix trailing whitespace and flush-left 2026-01-05 13:39:43 +00:00
Andrew Hutchings 0c4ca257a0 Add Renode GH Action for STM32H753
This adds bare metal wolfCrypt test with hardware RNG and AES-GCM for
STM32H753 using Renode.

Renode does not support HASH HAL at this time.
2026-01-05 13:39:43 +00:00
Sean Parkinson 99692003d4 PPC32 ASM: alternative C code with registers prepended
C implementation with registers prepended with letter 'r'.
2026-01-05 21:12:10 +10:00
Marco Oliverio 7b9d3748cf tls13: early_data: prevent earlyData reset on re-entry
Avoid resetting ssl->earlyData in wolfSSL_write_early_data when the
function is re-entered due to WC_PENDING_E, WANT_WRITE, or WANT_READ.
2026-01-05 10:40:34 +01:00
Marco Oliverio 29941d5645 (d)tls13: check if early data is possible in write_early_data 2026-01-05 10:35:02 +01:00
Marco Oliverio d9bba72b8c tls13: merge guarded code in a single section 2026-01-05 09:04:36 +01:00
David Garske 80c1228a38 Merge pull request #9594 from holtrop-wolfssl/rust-curve25519
Rust wrapper: add wolfssl_wolfcrypt::curve25519 module
2025-12-31 12:45:43 -08:00
Daniel Pouzzner bbd3d4f55d Merge pull request #9579 from dgarske/coding_standard_20251223
Add new coding standard for local (internal) function names
2025-12-31 11:55:58 -06:00
philljj 776512846f Merge pull request #9598 from fabiankeil/unbreak-freebsd-build
tests: Unbreak the build on FreeBSD-based systems
2025-12-31 10:31:52 -06:00
Fabian Keil 21f35137a1 tests: Unbreak the build on FreeBSD-based systems
... by using the same additional includes as on Linux.

Fixes:

      CC       tests/api/unit_test-test_rsa.o
    tests/api.c:19554:9: error: call to undeclared function 'waitpid'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration]
     19554 |         waitpid(pid, &waitstatus, 0);
	   |         ^

Tested on ElectroBSD amd64 14.3-STABLE.
2025-12-31 14:48:06 +01:00
Daniel Pouzzner cb78341886 Merge pull request #7586 from kareem-wolfssl/gh7197
Keep RNG seed file descriptor open until the RNG is freed.
2025-12-30 15:57:25 -06:00
philljj 5fa06818c0 Merge pull request #9595 from douzzer/20251229-linuxkm-rng-wolfentropy
20251229-linuxkm-rng-wolfentropy
2025-12-30 14:50:53 -06:00
Kareem ddb2fb628e Add a runtime option to enable or disable the secure renegotation check. 2025-12-30 13:19:04 -07:00
Kareem 1773a4ab41 Send no_renegotiation alert when rejecting renegotation attempt as defined in RFC 5246 section 7.2.2. 2025-12-30 13:18:48 -07:00
Daniel Pouzzner 0621615b15 wolfcrypt/src/random.c: remove WC_VERBOSE_RNG messaging from wc_RNG_TestSeed(), which is called by test code with expected failure, and move it to _InitRng() and PollAndReSeed(), where it's always expected to succeed. 2025-12-30 13:27:31 -06:00
Daniel Pouzzner 299ca1cfef fixes from peer review: added comments for clarity, and remove errant condition added in _InitRng(). 2025-12-30 12:13:15 -06:00
JacobBarthelmeh 7a2e1c1dd0 Merge pull request #9585 from dgarske/add-missing-api-docs
Add missing API documentation
2025-12-30 09:37:22 -07:00
Josh Holtrop 8c125df85e Rust wrapper: ensure curve25519_key struct will have free called after init 2025-12-30 10:46:44 -05:00
Daniel Pouzzner d504baaf3a linuxkm/lkcapi_sha_glue.c and .wolfssl_known_macro_extras: fixes from check-source-text. 2025-12-29 20:55:36 -06:00
Daniel Pouzzner 450b0b46c6 wolfcrypt/src/random.c and wolfssl/wolfcrypt/settings.h: add WC_VERBOSE_RNG messages, and activate by default when WOLFSSL_KERNEL_MODE. 2025-12-29 20:55:36 -06:00
Daniel Pouzzner fecc1cffe7 linuxkm/lkcapi_sha_glue.c: add retry loop around wc_InitRng(), and allow interrupt in preemptible threads, in wc_linuxkm_drbg_init_tfm(). 2025-12-29 20:55:36 -06:00
Daniel Pouzzner 1844b8e3ac linuxkm/Makefile: fix bash cleanup in recipe for libwolfssl.ko -- new trap for an event replaces previous trap rather than adding to it. 2025-12-29 20:55:36 -06:00
David Garske d39b0e6f82 Fixes from peer review. 2025-12-29 17:30:23 -08:00
David Garske 0d44018627 Merge pull request #9593 from julek-wolfssl/copilot/changes-20251229
Add AGENTS.md to .gitignore
2025-12-29 17:22:39 -08:00
Anthony Hu 48ebe99372 Validate asn date based on position of Z (#8603) 2025-12-29 16:01:22 -06:00
Josh Holtrop e971cb6942 Rust wrapper: avoid warning when neither blake2b nor blake2s is enabled 2025-12-29 14:33:25 -05:00
Josh Holtrop 0a834bed7a Rust wrapper: add wolfssl_wolfcrypt::curve25519 module 2025-12-29 14:33:25 -05:00
Juliusz Sosinowicz 730b0d3e38 Add AGENTS.md to .gitignore 2025-12-29 19:01:50 +01:00
David Garske 5dee8ddfcb Merge pull request #9586 from holtrop-wolfssl/rust-blake2
Rust wrapper: add wolfssl_wolfcrypt::blake2 module
2025-12-29 09:55:58 -08:00
Ruby Martin 39056bb262 move null check to prevent dereference before null check issue
add new scope, whitespace
2025-12-29 10:55:13 -07:00
David Garske ea8af7ae71 Merge pull request #9592 from julek-wolfssl/fix/coverity-tls-frag
Fix Coverity (D)TLS fragmentation size checks
2025-12-29 09:54:32 -08:00
David Garske 17e992ab3f Merge pull request #9589 from douzzer/20251226-fixes
20251226-fixes
2025-12-29 09:20:16 -08:00
David Garske 8bcac03086 Fix duplicated wc_rng_free and wc_rng_new 2025-12-29 08:52:17 -08:00
David Garske 5b5686c53c Peer review improvements. 2025-12-29 08:37:51 -08:00
Juliusz Sosinowicz f2d24404c8 Fix Coverity (D)TLS fragmentation size checks
Add MAX_RECORD_SIZE-based bounds checks in SendHandshakeMsg and Dtls13SendFragmentedInternal to prevent negative/overflowed fragment sizes from reaching memcpy/BuildMessage/DtlsMsgPoolSave.
2025-12-29 17:16:04 +01:00
jordan b33a8568c3 bsdkm: small cleanup. 2025-12-28 10:32:18 -06:00
jordan e4996c317e bsdkm: fips support. 2025-12-28 10:16:53 -06:00