Daniel Pouzzner
15fcf7095f
linuxkm/lkcapi_{dh,ecdh,ecdsa,rsa,aes}_glue.c: when LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG, don't "#error Config conflict" if explicit LINUXKM_LKCAPI_DONT_REGISTER_foo is defined for the missing algorithm.
2025-12-17 11:01:10 -06:00
Daniel Pouzzner
dc0fe803a5
src/internal.c: in InitHandshakeHashesAndCopy(), don't call InitHandshakeHashes(), to avoid leaking in the later wc_FooCopy() operation.
2025-12-17 11:01:10 -06:00
Daniel Pouzzner
918b6973bd
tests/api.c: in test_wolfSSL_dtls_stateless_HashWOLFSSL(), when WOLFSSL_SMALL_STACK_CACHE, omit ssl->hsHashes from the comparison (init-time heap pointers destabilize its bit signature).
2025-12-17 11:01:10 -06:00
Daniel Pouzzner
2802e2d82b
wolfcrypt/src/rsa.c: in RsaUnPad_OAEP(), refactor volatile-based constant time mitigation to fix "using value of assignment with ‘volatile’-qualified left operand is deprecated [-Werror=volatile]" (new warning from gcc-16.0.0_p20251207, not reported by gcc-16.0.0_p20251116-r1).
2025-12-17 11:01:10 -06:00
Daniel Pouzzner
cd3e81a656
src/ssl_load.c: in ProcessBufferCert(), check ctx for nullness before accessing ctx->verifyNone (fixes -Wnull-dereference reported by multi-test dtls-no-rsa-no-dh after merge of 36e66eb763).
2025-12-17 11:01:10 -06:00
Eric Blankenhorn
d5691fe849
Fix MQX example null deref
2025-12-17 09:35:01 -06:00
Eric Blankenhorn
5aa2840bed
Fix MQX example null deref
2025-12-17 09:33:21 -06:00
Sameeh Jubran
a5f1fde955
linuxkm: fix Tegra Yocto FIPS build issues (ARM64, RT, PIE)
...
Fix multiple build and runtime issues when building wolfSSL LinuxKM FIPS
on NVIDIA Tegra (ARM64) kernels under Yocto.
- Disable ARM64 LSE atomics for out-of-tree modules to avoid jump_table
asm constraints
- Handle PREEMPT_RT mutex and spinlock differences correctly
- Avoid alt_cb_patch_nops / queued_spin_lock_slowpath on Tegra
- Remove conflicting compiler auto-var-init flags for PIE objects
- Align PIE symbol redirection with RT and Tegra kernels
This restores successful LinuxKM FIPS builds on Tegra-based Yocto systems.
Signed-off-by: Sameeh Jubran <sameeh.j@gmail.com >
2025-12-17 14:32:26 +02:00
Juliusz Sosinowicz
432f0e33f6
Fix incorrect use of CFLAGS in os-check
2025-12-17 10:28:43 +01:00
Juliusz Sosinowicz
f61bfd7805
Check KeyShare after HRR
2025-12-17 10:27:04 +01:00
Sean Parkinson
af2c6cc932
AES-GCM ARM32/Thumb2 ASM: don't change aes->reg in decrypt
...
OpenSSL compatability layer expects aes->reg to be unmodified by AES-GCM
decrypt call. ARM32/Thumb2 assembly implementation modifies buffer.
Keep a copy and restore aes->reg after call.
2025-12-17 16:04:25 +10:00
Sean Parkinson
f54266c2c6
Curve25519: improved smul
...
Use the Ed25519 base smul in Curve25519 base mul and covert to
Montogmery curve for a faster implementation.
Only when Ed25519 is compiled in or WOLFSSL_CURVE25519_USE_ED25519 is
defined.
When compiling Intel x64 assembly and Aarch64 assembly, always define
WOLFSSL_CURVE25519_USE_ED25519.
Can't use with blinding - normal C implementation.
Optimized the Curve25519 smul slightly for Intel x64 and Aarch64.
Improved the conditional table lookup on Intel x64 to use AVX2 when
available.
2025-12-17 13:25:36 +10:00
JacobBarthelmeh
b42e9a9410
Merge pull request #9529 from SparkiDev/dsa_pg_sp_int_fix
...
DSA Parameter Generation: init g earlier
2025-12-16 14:52:45 -07:00
JacobBarthelmeh
75fdf959c1
Merge pull request #9514 from kareem-wolfssl/zd20936
...
Fix uninitialized variable, fix potentially undefined printf reference in HASH_DRBG_Generate.
2025-12-16 14:48:17 -07:00
JacobBarthelmeh
9156b50bbc
Merge pull request #9538 from SparkiDev/tls13_dup_ext_alert_code_fix
...
TLS 1.3: duplicate extension alert code fix
2025-12-16 14:43:19 -07:00
JacobBarthelmeh
95afe9ca06
Merge pull request #9539 from julek-wolfssl/APP_DATA_READY-docs
...
Update APP_DATA_READY doc string
2025-12-16 14:42:39 -07:00
Juliusz Sosinowicz
ac84464140
Updates for latest zephyr with cpp
2025-12-16 17:25:18 +01:00
Josh Holtrop
9020373405
Rust crate: update CHANGELOG for v1.0.0
2025-12-16 10:08:10 -05:00
Josh Holtrop
37fa1581d3
Rust crate: bump version to 1.0.0
2025-12-16 10:04:32 -05:00
Josh Holtrop
95e8276d55
Rust crate: add CHANGELOG.md
2025-12-16 09:06:07 -05:00
Josh Holtrop
52e7801939
Rust crate: bump version
2025-12-16 09:03:10 -05:00
Josh Holtrop
357b8952c6
Rust crate: only set link-search and link-arg for local repo build
2025-12-16 09:02:34 -05:00
Marco Oliverio
0fa0fd2317
(d)tls: refactor wolfSSL_GetMaxFragSize(), simplify length computations
2025-12-16 10:46:29 +01:00
Marco Oliverio
e9f3bd5ddd
dtls: test precise header headroom computation
2025-12-16 10:00:30 +01:00
Kareem
36eda9fb75
Check Curve25519 public key after generating one to avoid generating invalid keys.
...
Thanks to Kr0emer for the report.
2025-12-15 16:31:29 -07:00
Sean Parkinson
5512c2d0b4
Merge pull request #9541 from jackctj117/empty-hash-comment
...
Added comment with empty hash use
2025-12-16 08:34:16 +10:00
Sean Parkinson
85d40c8e9b
Merge pull request #9522 from JacobBarthelmeh/time
...
tie in use of check_time with x509 store
2025-12-16 08:24:49 +10:00
Josh Holtrop
a3cc7214e7
Update include.am for Rust crate rename
2025-12-15 16:28:26 -05:00
Kareem
968662063d
Merge remote-tracking branch 'upstream/master' into zd20936
2025-12-15 14:06:18 -07:00
Josh Holtrop
447ba11379
Add README.md in wolfssl-wolfcrypt crate directory
2025-12-15 15:22:44 -05:00
Josh Holtrop
0a469d4a4d
Avoid unused variable warning in ECCPoint test
2025-12-15 13:02:55 -05:00
Sean Parkinson
d3863e5fa3
TLS 1.3: duplicate extension alert code fix
...
The specification states to return illegal_parameter when a message is
syntactically correct but semantically invalid. (RFC 8446 section 6,
Paragraph 5)
2025-12-15 10:00:56 -08:00
Josh Holtrop
8cd0c9bd11
Rust wrapper: rename wolfssl crate to wolfssl-wolfcrypt
2025-12-15 13:00:51 -05:00
jackctj117
585a8d22aa
Added comment with empty hash imofrmation
2025-12-15 10:52:24 -07:00
Daniel Pouzzner
52ee00132d
Merge pull request #9528 from SparkiDev/tls13_missing_ext_fix
...
TLS 1.3 missing extension: return correct alert code
2025-12-15 11:05:02 -06:00
Daniel Pouzzner
901ddab007
Merge pull request #9534 from rlm2002/coverity
...
20251212 Coverity fix for CID 524467
2025-12-15 11:03:18 -06:00
Daniel Pouzzner
b9368d7a3d
Merge pull request #9516 from embhorn/gh3665
...
Add checking of size param and clarify usage in doc
2025-12-15 10:49:57 -06:00
Daniel Pouzzner
7e5d1d3d6d
Merge pull request #9523 from JacobBarthelmeh/bio
...
remove unimplemented function macro
2025-12-15 10:39:55 -06:00
Daniel Pouzzner
61c72d2406
Merge pull request #9525 from JacobBarthelmeh/docs
...
public disclosure of CVE-2025-13912
2025-12-15 10:34:39 -06:00
Daniel Pouzzner
a379797482
Merge pull request #9526 from holtrop/rust-wrapper-notes
...
Rust wrapper: update crate metadata and README
2025-12-15 09:58:25 -06:00
Juliusz Sosinowicz
c73de0d133
Update APP_DATA_READY doc string
2025-12-15 12:18:10 +01:00
Sean Parkinson
dacb3425cd
DSA Parameter Generation: init g earlier
...
Ensure dsa->g is initialized with other mp_ints so that it can be
cleared at the end regardless of failures.
Don't clear tmp or tmp2 if allocation or initialization failed as you
will access uninitialized data.
2025-12-15 09:12:11 +10:00
Sean Parkinson
44be44a509
TLS 1.3 missing extension: return correct alert code
...
Change TLS 1.3 handling to return missing_extension alert code when
- KeyShare is present but SupportedGroups is missing and
- SupportedGroups is present but KeyShare is missing
Added tests for this.
2025-12-15 09:07:13 +10:00
Sean Parkinson
6e94381149
ARM64 ASM: Darwin specific address calc fix
...
Don't use ':lo12:' in Darwin specific address calculation code.
@PAGEOFF is indicating this.
2025-12-15 08:46:24 +10:00
Sean Parkinson
19cba1c462
Merge pull request #9527 from night1rider/CMAC-Compile-Issue
...
Fix wc_CmacFree() to use correct heap pointer from internal Aes structure
2025-12-15 08:34:11 +10:00
jordan
d52eb8f4d0
linuxkm: readme patch description.
2025-12-12 18:58:10 -06:00
JacobBarthelmeh
5099e6e315
add macro guard on use of time_t
2025-12-12 16:42:19 -07:00
jordan
9736427e7a
linuxkm: add a readme.
2025-12-12 17:07:07 -06:00
Kaleb Himes
6475106ce7
Merge pull request #9449 from lealem47/hash_script
...
Use only the first 64 bytes of hash output in fips-hash.sh
2025-12-12 14:47:12 -07:00
Ruby Martin
27b5ac9f84
sanitize loop bound in tls_multi_handshakes_one_record() unit test
...
add additional check for breaking while loop
2025-12-12 14:18:25 -07:00