Commit Graph

28332 Commits

Author SHA1 Message Date
Juliusz Sosinowicz c14b1a0504 Validate cipher suite after HelloRetryRequest
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
2025-10-29 13:14:50 +01:00
David Garske df79b1062f Merge pull request #9359 from douzzer/20251028-fixes
20251028 fixes
2025-10-28 16:57:43 -07:00
Sean Parkinson d7807d39e0 Aarch64 ASM: missing push and pop of vector regs
Generated code wasn't pushing and poping vector registers when they were
64-bit.
Generation code fixed and SHA-256 ASM code fixed.
2025-10-29 09:15:32 +10:00
Daniel Pouzzner 8c60b7b250 src/internal.c and tests/api.c: fix clang-analyzer-core.NullPointerArithms. 2025-10-28 16:42:14 -05:00
Daniel Pouzzner 9b90ea83eb src/x509.c: in wolfSSL_X509_get_ext_by_OBJ() and wolfSSL_X509_load_cert_crl_file(), add local protection from null derefs (fixes -Wnull-dereferences);
wolfcrypt/src/chacha.c and wolfssl/wolfcrypt/chacha.h: implement USE_ARM_CHACHA_SPEEDUP gate;

wolfcrypt/src/kdf.c: in wc_SSH_KDF(), add early return if _HashInit() fails (fixes _HashFree() of uninited _hash);

wolfcrypt/src/sha256.c: initialize sha256->W in ARMASM variant of wc_InitSha256_ex(), and pass sha256->heap to XMALLOC/XFREE consistently.
2025-10-28 16:42:14 -05:00
Daniel Pouzzner 097cd576ff linuxkm/module_hooks.c: in wc_linuxkm_GenerateSeed_IntelRD(), log when RDSEED support is missing, and add verbose logging for generation failures. 2025-10-28 16:42:14 -05:00
Ruby Martin e546d319c1 Fix Coverity INTEGER_OVERFLOW in sp_to_unsigned_bin, avoid unsigned underflow 2025-10-28 11:12:19 -06:00
Ruby Martin 7aec2a8280 separate BAD_FUNC_ARG error from ASN_NO_PEM_HEADER 2025-10-28 10:01:10 -06:00
David Garske 1d64a4ed8f Merge pull request #9352 from holtrop/rust-wc-cmac
Rust wrapper: add wolfssl::wolfcrypt::cmac module
2025-10-28 08:58:06 -07:00
David Garske a4be322fd6 Merge pull request #9356 from SparkiDev/sp_asm_add_sub_p384_arm
SP ASM ARM32/Thumb2: inline asm for add and subs
2025-10-28 08:55:54 -07:00
effbiae 1c8e7885b4 refactor to EcMakeKey 2025-10-28 08:46:47 -07:00
Josh Holtrop bc72ac375e Rust wrapper: fix minor typo in srtcp_kdf_label example 2025-10-28 11:43:06 -04:00
Josh Holtrop ef92114347 Rust wrapper: cmac: consume CMAC in finalize() 2025-10-28 08:41:28 -04:00
Josh Holtrop bfa04ca5be Rust wrapper: cmac: fix "success" typo 2025-10-28 08:32:12 -04:00
Josh Holtrop 2e281ae2c6 Rust wrapper: add SRTP/SRTCP KDF functions to kdf module 2025-10-28 07:34:11 -04:00
Sean Parkinson 50521699af SP ASM ARM32/Thumb2: inline asm for add and subs
Implement add, sub, double and triple in assembly for P384.
2025-10-28 17:49:40 +10:00
effbiae 993ecad16a refactor to EcExportHsKey 2025-10-28 16:01:39 +11:00
Daniel Pouzzner 85bfc49711 Merge pull request #9355 from SparkiDev/aes_arm_asm_fix
AES ARM ASM: user data loaded 1 reg at a time
2025-10-27 23:06:17 -05:00
Sean Parkinson d883a950d2 ML-KEM SHA-3: fix r
Constant r wasn't being loaded into register in all assembly functions
that use it - it just got lucky most of the time.
2025-10-28 12:04:12 +10:00
Sean Parkinson 070923a373 AES ARM ASM: user data loaded 1 reg at a time
User key may not be aligned and need to use instructions that don't
require alignment. Change to use ldr instead of ldp or ldrd.
2025-10-28 11:03:58 +10:00
David Garske e6af5bcd4f Merge pull request #9353 from embhorn/gh9347
Build errors in memtest config and sniffer
2025-10-27 13:15:00 -07:00
JacobBarthelmeh a1d000cede Merge pull request #9343 from dgarske/silabs_aesdirect
Fixed issue with SiLibs AES Direct (required by DTLS v1.3)
2025-10-27 13:04:12 -06:00
David Garske 76abc43812 Put unused fix in correct location. 2025-10-27 10:25:31 -07:00
David Garske c825d0b34c Merge pull request #9345 from JacobBarthelmeh/devid
fix for passing devId from WOLFSSL_CTX down to hash operation
2025-10-27 08:47:51 -07:00
Eric Blankenhorn 7ef560c188 Fix build error with memtest and memorylog 2025-10-27 10:47:13 -05:00
David Garske 594a3bc963 Merge pull request #9350 from SparkiDev/split_ssl_sk
Stack API: Pull out implementation into separate file
2025-10-27 08:46:43 -07:00
David Garske 4669aaeaed Merge pull request #9342 from julek-wolfssl/filc
Adds fil-c workflow for testing
2025-10-27 08:46:31 -07:00
David Garske 7bbe15936d Merge pull request #9290 from effbiae/make-pre-master-secret
refactor to Make(Dhe)PSKPreMasterSecret
2025-10-27 08:39:17 -07:00
Eric Blankenhorn 2f2d5b37fd Fix undeclared var use in sniffer 2025-10-27 10:33:25 -05:00
Josh Holtrop a6cb6170b6 Rust wrapper: add wolfssl::wolfcrypt::cmac module 2025-10-27 10:41:26 -04:00
Sean Parkinson 91a526c218 fixup 2025-10-27 18:02:49 +10:00
Sean Parkinson 093cc04076 Stack API: Pull out implementation into separate file
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
2025-10-27 17:08:41 +10:00
David Garske d54f5e7c6a Merge pull request #9346 from douzzer/20251025-fix-clang-tidy-all-crypto-no-sha-1
20251025-fix-clang-tidy-all-crypto-no-sha-1
2025-10-25 08:46:31 -07:00
Daniel Pouzzner c9cc701097 src/internal.c: suppress clang-analyzer-deadcode.DeadStores in ImportPeerECCKey() introduced by 4964a1760a. 2025-10-25 08:55:23 -05:00
JacobBarthelmeh 1a779b3f73 fix for passing devId from WOLFSSL_CTX down to hash operation 2025-10-24 16:39:25 -06:00
David Garske 7524552b1a Merge pull request #9344 from douzzer/20251024-fixes
20251024-fixes
2025-10-24 14:45:44 -07:00
Daniel Pouzzner c145b7ee81 wolfcrypt/src/aes.c: define GCM_GMULT_LEN() when WOLFSSL_ARMASM, and fix gating on wolfCrypt_FIPS_AES_sanity (always gate in for FIPS v7+);
wolfcrypt/src/port/af_alg/afalg_aes.c: check for null key arg;

configure.ac: rename BUILD_FIPS_CURRENT to BUILD_FIPS_V2_PLUS (no functional change), and remove unused ARMASM_DIST_SOURCES set up code added in #9332;

src/include.am:
* set up $(ARMASM_SHA256_C), and use it to properly include wolfcrypt/src/sha256.c alongside armasm when appropriate;
* fix gating on Curved25519 armasm (BUILD_FIPS_V6_PLUS, not BUILD_FIPS_V6);

tests/api/test_aes.c and wolfcrypt/test/test.c: gate out incompatible coverage for WOLFSSL_AFALG and WOLFSSL_KCAPI (test_wc_AesCbcEncryptDecrypt_MultiBlocks(), test_wc_AesCtrSetKey*(), test_wc_AesCtrEncrypt*(), test_wc_AesGcmEncryptDecrypt_Sizes()).
2025-10-24 15:08:56 -05:00
David Garske d62b1068d2 Fixed issue with SiLibs AES Direct (required by DTLS v1.3). ZD 20695 2025-10-24 11:58:56 -07:00
Juliusz Sosinowicz 1ed1b83aa5 Adds fil-c workflow for testing 2025-10-24 20:14:57 +02:00
JacobBarthelmeh a28e107722 Merge pull request #9336 from holtrop/rust-wc-kdf-prf
Rust wrapper: add wolfssl::wolfcrypt::kdf, wolfssl::wolfcrypt::prf
2025-10-24 09:27:56 -06:00
JacobBarthelmeh 62deeedb52 Merge pull request #9335 from cconlon/jniAesCts
Define HAVE_CTS for JNI build, used by JCE AES/CTS/NoPadding
2025-10-24 09:20:02 -06:00
David Garske 4282ad38ec Merge pull request #9300 from effbiae/ImportPeerECCKey
refactor to ImportPeerECCKey
2025-10-24 08:17:54 -07:00
David Garske c354202f11 Merge pull request #9341 from holtrop/rust-dh-test-fix
Rust wrapper: fix intermittent test_dh failure
2025-10-24 08:17:35 -07:00
Josh Holtrop 2127365559 Rust wrapper: fix intermittent test_dh failure 2025-10-24 09:05:19 -04:00
effbiae f087b1300c refactor to MakePSKPreMasterSecret 2025-10-24 12:03:16 +11:00
David Garske 67c2d80470 Merge pull request #9337 from douzzer/20251023-FIPS-autotools-fix
20251023-FIPS-autotools-fix
2025-10-23 15:44:53 -07:00
Daniel Pouzzner 6ff47a7a4c src/include.am: fix gate flub, !BUILD_FIPS_V6 -> !BUILD_FIPS_V6_PLUS, around sp-asm files (covered earlier for FIPS). 2025-10-23 16:57:39 -05:00
Josh Holtrop 61a277c262 Rust wrapper: Use core::ptr instead of std::ptr 2025-10-23 16:30:03 -04:00
Josh Holtrop b75be94f0d Rust wrapper: use SHA256::DIGEST_SIZE instead of WC_SHA256_DIGEST_SIZE 2025-10-23 16:24:09 -04:00
Josh Holtrop 5b8115ed8f Rust wrapper: add wolfssl::wolfcrypt::kdf, wolfssl::wolfcrypt::prf 2025-10-23 16:05:07 -04:00