Commit Graph

28332 Commits

Author SHA1 Message Date
David Garske a98006eca9 Merge pull request #9105 from douzzer/20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
20250815-dilithium-dilithium_expand_s-UndefinedBinaryOperatorResult
2025-08-15 09:07:38 -07:00
Daniel Pouzzner 10a05ad839 wolfcrypt/src/dilithium.c: fix dilithium_expand_s() to fall through to dilithium_expand_s_c() for s1Len not implemented for USE_INTEL_SPEEDUP. 2025-08-15 09:48:55 -05:00
Juliusz Sosinowicz ffe3d80f8d Merge pull request #9097 from douzzer/20250812-atomic-cmpxchg
20250812-atomic-cmpxchg
2025-08-15 01:14:45 +02:00
Sean Parkinson 5b1302e4df Merge pull request #9094 from dgarske/zd20369
Fix to better detect sniffer invalid spurious re-transmissions
2025-08-15 09:01:02 +10:00
Sean Parkinson 228ede7495 Merge pull request #9102 from rlm2002/zd20212
Remove dead code and check return values.
2025-08-15 08:21:38 +10:00
Daniel Pouzzner c5bbf4c7e0 Merge pull request #9085 from effbiae/while-pending
`wolfSSL_AsyncPoll` calls refactor
2025-08-14 14:51:05 -05:00
David Garske e00fd2fd70 Fix to better detect invalid spurious retransmission. 2025-08-14 12:19:39 -07:00
Kareem c535e281c6 Skip unit test when using Apple native cert validation. 2025-08-14 11:34:15 -07:00
Kareem cb3f7de3f7 Fix issues found by CI/CD tests. 2025-08-14 11:34:15 -07:00
Kareem 3bcbbd2924 Fix issue with loading PEM certs. Address code review feedback.
Add tests.
2025-08-14 11:34:15 -07:00
Kareem a652b733e4 Fix conversion warning. 2025-08-14 11:34:15 -07:00
Kareem ab342978d7 Fix implicit conversion warning. 2025-08-14 11:34:14 -07:00
Kareem 61ccea55ac Allow setting the CA type when loading into cert manager
and unloading specific CA types from the cert manager.
2025-08-14 11:34:14 -07:00
Kareem cb623dc9ea Multiple fixes to wolfSSL_CIPHER_description to match documentation.
Add "any" value for TLS 1.3 cipher suites.
Fix key size comparison for enc bits.
Output AEAD as MAC if cipher suite is using it, otherwise output hash MAC.
2025-08-14 11:27:10 -07:00
Koji Takeda 0a9356e645 Improve original implementation on SetAsymKeyDer() and the test 2025-08-15 00:04:01 +09:00
Daniel Pouzzner cefeb4cd7e atomics/cpuid_flags fixes from peer review:
wolfcrypt/src/cpuid.c: cpuid_set_flag() and cpuid_clear_flag() thread safety;

wolfcrypt/src/wc_port.c: comments re __ATOMIC_SEQ_CST and __ATOMIC_ACQUIRE;

wolfssl/wolfcrypt/wc_port.h: single overrideable definitions for WOLFSSL_ATOMIC_COERCE_[U]INT(), and comment cleanup.

also added WOLFSSL_USER_DEFINED_ATOMICS.
2025-08-14 09:33:14 -05:00
Daniel Pouzzner bd4e723f9d add cpuid_flags_t, WC_CPUID_INITIALIZER, and cpuid_get_flags_ex();
refactor all static flag initializations to use cpuid_get_flags_ex() for race-free dynamics;

refactor cpuid_set_flags() to be race-free;

wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: add
* WOLFSSL_ATOMIC_COERCE_INT()
* WOLFSSL_ATOMIC_COERCE_UINT()
* wolfSSL_Atomic_Uint
* wolfSSL_Atomic_Uint_Init()
* wolfSSL_Atomic_Int_AddFetch()
* wolfSSL_Atomic_Int_SubFetch()
* wolfSSL_Atomic_Int_CompareExchange()
* wolfSSL_Atomic_Uint_FetchAdd()
* wolfSSL_Atomic_Uint_FetchSub()
* wolfSSL_Atomic_Uint_AddFetch()
* wolfSSL_Atomic_Uint_SubFetch()
* wolfSSL_Atomic_Uint_CompareExchange()

wolfcrypt/test/test.c: add to memory_test() tests for all atomic macros and APIs;

.github/workflows/pq-all.yml: don't use -Wpedantic for CC=c++ scenario.
2025-08-14 08:44:28 -05:00
Sean Parkinson a1dd7dae6f Merge pull request #9095 from miyazakh/add_sha512_typeproperty
Add hashtype property to wc_Sha512 structure
2025-08-14 21:43:06 +10:00
Sean Parkinson 102525c9c9 Merge pull request #9100 from dgarske/cryptocb_only
Improve some of the build cases around crypto callback only
2025-08-14 21:41:26 +10:00
Sean Parkinson 034df3d28f Merge pull request #9101 from dgarske/asm_introspection
Add assembly introspection for RISC-V and PPC32
2025-08-14 21:38:42 +10:00
Daniel Pouzzner a64c719fd2 Merge pull request #9092 from douzzer/20250812-Base64_Decode-outLen-bounds-fix
20250812-Base64_Decode-outLen-bounds-fix

reviewed+approved by @dgarske and @SparkiDev
2025-08-13 23:15:04 -05:00
effbiae 0e3f877326 WOLFSSL_ASYNC_WHILE_PENDING refactor 2025-08-14 12:03:13 +10:00
JacobBarthelmeh 8458b5ec1d Merge pull request #9053 from rlm2002/sessionTickets
update wolfSSL_get_SessionTicket to be able to return ticket length
2025-08-13 17:19:52 -06:00
Ruby Martin 18f3f22a7e add option for WOLFSSL_ARMASM_INLINE to CMake 2025-08-13 17:05:48 -06:00
Daniel Pouzzner 7fe890d5e7 wolfcrypt/src/coding.c: clean up comment in Base64_Decode(), per peer review. 2025-08-13 18:00:36 -05:00
Daniel Pouzzner 344db9d7f7 wolfcrypt/src/coding.c: in Base64_Decode_nonCT() and Base64_Decode(), remove overly restrictive preamble check on outLen; return BUFFER_E, not BAD_FUNC_ARG, when output buffer is too short (similarly fixed in Base16_Decode());
wolfcrypt/test/test.c: add N_BYTE_TEST() and test vectors to test all input and output length scenarios.
2025-08-13 17:43:33 -05:00
Ruby Martin dc18f404ca remove dead code in fe_operations.c 2025-08-13 16:34:14 -06:00
Ruby Martin 71c2878780 verify previously unchecked return values 2025-08-13 16:28:36 -06:00
David Garske 53c36f8529 Add assembly introspection for RISC-V and PPC32. 2025-08-13 22:30:15 +01:00
David Garske d79ca8a746 Improve some of the build cases around crypto callback only 2025-08-13 21:58:53 +01:00
Hideki Miyazaki b67e063535 add hashtype property to wc_Sha512 2025-08-14 05:37:40 +09:00
Daniel Pouzzner 22b221a8be Merge pull request #9099 from gojimmypi/pr-cert-test-sizeof
Change certs_test sizeof const to define for Watcom
2025-08-13 14:41:21 -05:00
gojimmypi f279f9cd71 Change certs_test sizeof const to define for Watcom 2025-08-13 11:58:59 -07:00
Ruby Martin a725f4d7ac update wolfSSL_get_SessionTicket() function dox comment 2025-08-13 08:29:30 -06:00
Ruby Martin a02025d0c9 add session ticket length return check to api tests 2025-08-13 08:29:30 -06:00
Ruby Martin 31bf1b90b4 update wolfSSL_get_SessionTicket to be able to return ticket length 2025-08-13 08:29:30 -06:00
Daniel Pouzzner 8d24a30996 Merge pull request #9096 from julek-wolfssl/libssh2-tests-fix
Fix libssh2 tests
2025-08-13 08:42:24 -05:00
Juliusz Sosinowicz c8c93d2218 Fix libssh2 tests 2025-08-13 14:44:40 +02:00
David Garske 3289b6b3da Merge pull request #9089 from douzzer/20250811-linuxkm-and-other-fixes
20250811-linuxkm-and-other-fixes
2025-08-12 11:40:36 -07:00
Daniel Pouzzner e24f76bb1e Merge pull request #9057 from SparkiDev/mldsa_x64_asm
ML-DSA/Dilithium: Intel x64 ASM
2025-08-11 23:12:44 -05:00
Daniel Pouzzner 2d1c797b64 fixes from cppcheck-force-source: in src/bio.c:wolfSSL_BIO_vprintf() and
wolfcrypt/src/logging.c:WOLFSSL_MSG_CERT_EX(), add missing gating on
  defined(XVSNPRINTF);

in src/crl.c:CRL_Entry_new(), fix true-positive nullPointerRedundantCheck;

in src/pk.c:_DH_compute_key(), add bounds checking to ForceZero(priv).
2025-08-11 18:12:44 -05:00
Daniel Pouzzner 11d84bea86 wolfcrypt/src/rsa.c: fix improperly handled SAVE_VECTOR_REGISTERS() retval in
wc_CheckProbablePrime_ex(), and in wc_MakeRsaKey(), make sure not to
  RESTORE_VECTOR_REGISTERS() if SAVE_VECTOR_REGISTERS() failed.
2025-08-11 16:14:32 -05:00
Daniel Pouzzner 7b077737a9 src/crl.c: fix nullPointerRedundantCheck in CRL_Entry_free(). 2025-08-11 16:14:32 -05:00
Daniel Pouzzner 29dd6cce98 wolfssl/wolfcrypt/logging.h: add WOLFSSL_MSG_CERT_LOG_EX, give
WOLFSSL_DEBUG_CERTS definitions priority when defining WOLFSSL_MSG_CERT_LOG()
  and WOLFSSL_MSG_CERT_LOG_EX, update documentation in preamble, and fix the
  WOLFSSL_ANDROID_DEBUG definition of WOLFSSL_DEBUG_PRINTF_FIRST_ARGS and the
  WOLFSSL_ESPIDF definition of WOLFSSL_DEBUG_PRINTF();

src/ssl_load.c: use WOLFSSL_MSG_CERT_LOG_EX(), not WOLFSSL_DEBUG_PRINTF(), in
  ProcessFile().
2025-08-11 16:14:32 -05:00
Daniel Pouzzner f4fefcbd5e configure.ac: for linuxkm, don't set ENABLED_ENTROPY_MEMUSE_DEFAULT to yes on FIPS v5-;
linuxkm/linuxkm_wc_port.h: add WC_SVR_FLAG_NONE;

wolfssl/wolfcrypt/settings.h: for WOLFSSL_LINUXKM setup for WC_RESEED_INTERVAL,
  use UINT_MAX if FIPS v5-;

wolfssl/wolfcrypt/types.h: add definitions for SAVE_NO_VECTOR_REGISTERS2, and
  map no-op SAVE_VECTOR_REGISTERS2() to it.
2025-08-11 16:14:32 -05:00
Daniel Pouzzner 6617f2edf8 wolfcrypt/src/memory.c, wolfcrypt/src/misc.c, and wolfssl/wolfcrypt/misc.h: move
the new implementation of wc_ForceZero from wolfcrypt/src/memory.c to inline in
  wolfcrypt/src/misc.c replacing old ForceZero() implementation, and add a wrapper
  wc_ForceZero() to wolfcrypt/src/memory.c.
2025-08-11 16:14:32 -05:00
Albert Ribes e36daf41a4 Store in extensions the full octet string (#8967)
* Store in extensions the full octet string

Store in WOLFSSL_X509_EXTENSION.value always the full contents of the
OCTET STRING of the extension, instead of different type of data
depending on the type of extension. Previously this was only done for
unknown extensions.

* Avoid local variables in 'DecodeExtKeyUsageInternal'

There is a great performance loss on configs using 'WOLFSSL_NO_MALLOC',
'WOLFSSL_STATIC_MEMORY' and 'USE_FAST_MATH' if function
'DecodeExtKeyUsageInternal' uses intermediate variables. This can be
observed running the Zephyr test 'wolfssl_test/prj-no-malloc.conf'.

Avoid using intermediate variables, and use raw pointers to the final
destination instead.

* Add missing calls to 'FreeDecodedCert'

* Return error code from 'wolfSSL_ASN1_STRING_into_old_ext_fmt'

* Fix lines larger than 80

* Allow NULL parameters for 'DecodeAuthKeyId'

* Add comment explaining build option '--enable-old-extdata-fmt'

* Test full OCTET STRING in tests/api.c

* wolfSSL_X509V3_EXT_d2i: Honor 'WOLFSSL_SMALL_STACK'

* zephyr/wolfssl_test_no_malloc: Increase test timeout

* wolfSSL_X509V3_EXT_d2i: Extract repeated code into common part

* wolfcrypt: Remove 'WOLFSSL_LOCAL' from .c files

* wolfcrypt: Change location of functions to make diff easier
2025-08-11 10:33:15 -07:00
JacobBarthelmeh 9ad7e79dfc initial SAES and DHUK support 2025-08-11 08:46:29 -06:00
Sean Parkinson 55f30adb3e Merge pull request #9077 from douzzer/20250807-wc_ForceZero-and-linuxkm-RHEL9v6
20250807-wc_ForceZero-and-linuxkm-RHEL9v6
2025-08-11 21:06:51 +10:00
Daniel Pouzzner 5a402b2254 Merge pull request #9076 from gojimmypi/pr-fence-atomics
Disallow atomics during fence & WOLFSSL_NO_ATOMIC
2025-08-08 23:46:30 -05:00