wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 19:22:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,678 Commits 12 Branches 184 Tags
33b08ed136ef0e2a773255b38caaa1feff8ec3de
Commit Graph

26678 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JacobBarthelmeh
33b08ed136 Merge pull request #9328 from holtrop/rust-wc-hmac 
Rust wrapper: add wolfssl::wolfcrypt::hmac module
 2025-10-23 14:02:11 -06:00
JacobBarthelmeh
985a090adc Merge pull request #9334 from julek-wolfssl/wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio-len 
x509: make sure pem buffer will be large enough to hold pem header
 2025-10-23 09:36:46 -06:00
JacobBarthelmeh
7f5d02c36b Merge pull request #9317 from SparkiDev/benchmark_asym_cc 
Benchmark: add cycle counts for asym ops
 2025-10-23 09:31:30 -06:00
David Garske
f376512692 Merge pull request #9332 from douzzer/20251022-FIPS-armasm-autotools-fixup 
20251022-FIPS-armasm-autotools-fixup
 2025-10-23 07:45:32 -07:00
Josh Holtrop
27212312f1 Rust wrapper: Remove unnecessary double casts in hmac 2025-10-23 09:46:05 -04:00
Josh Holtrop
df4a2120c2 Rust wrapper: add wolfssl::wolfcrypt::hkdf module 2025-10-23 09:41:12 -04:00
Josh Holtrop
b801396d52 Rust wrapper: HMAC::get_hmac_size does not need mut ref 2025-10-23 09:32:37 -04:00
Juliusz Sosinowicz
36b64fb5ae x509: make sure pem buffer will be large enough to hold pem header 
Found with Fil-C compiler
 2025-10-23 13:28:07 +02:00
Daniel Pouzzner
3bd5a30a77 .wolfssl_known_macro_extras: snip out a couple no-longer-needed extras. 2025-10-22 22:54:51 -05:00
Daniel Pouzzner
b1f2ff73ed wolfcrypt/src/sha256.c: in wc_Sha256HashBlock(), use ByteReverseWords() rather than a series of ByteReverseWord32() to get WOLFSSL_USE_ALIGN. 2025-10-22 22:54:20 -05:00
Daniel Pouzzner
be301f93da fixes for autotools config around armasm AES/SHA refactor in #9284: in configure.ac, add BUILD_FIPS_V5_PLUS and BUILD_FIPS_V6_PLUS conditionals, and fix BUILD_FIPS_V6 conditional to match v6 only; 
in src/include.am, add LEGACY_ARMASM_foo and NEW_ARMASM_foo helper variables, restore pre-PR9284 armasm clauses, and add or update several FIPS gates as needed;

add empty wolfcrypt/src/port/arm/{armv8-aes.c,armv8-sha256.c,armv8-sha512.c} to mollify autotools, and in wolfcrypt/src/include.am, restore them to EXTRA_DIST if FIPS v5 or v6.
 2025-10-22 22:52:24 -05:00
Sean Parkinson
dc45a6f340 Benchmark: add cycle counts for asym ops 
Added million of cycles per op information.
Getting cycle count for Aarch64 now too.
 2025-10-23 08:43:05 +10:00
JacobBarthelmeh
4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen 
Aarch64 asm: convert to generated
 2025-10-22 11:10:27 -06:00
JacobBarthelmeh
520d9501af Merge pull request #9322 from SparkiDev/crldist_reason_fix 
X.509 cert: crl distribution point reasons is IMPLICIT
 2025-10-22 09:33:08 -06:00
JacobBarthelmeh
d60e4ddbd1 Merge pull request #9329 from SparkiDev/regression_fixes_20 
Regression testing fixes
 2025-10-22 09:12:58 -06:00
JacobBarthelmeh
58e37067ef Merge pull request #9315 from SparkiDev/aes_cfb_ofb_improv 
AES: Improve CFB and OFB and add tests
 2025-10-22 09:06:46 -06:00
Sean Parkinson
821dc5cb13 Regression testing fixes 
Adding protection to tests that use RSA and ECC.
 2025-10-22 18:33:44 +10:00
Sean Parkinson
8533bc803b AES: Improve CFB and OFB and add tests 
Improve performance of CFB and OFB.
Only have one implementation that is used by OFB encrypt and decrypt.

Update AES testing in unit.test.

Update benchmarking of CFB and OFb to include decrypt.
 2025-10-22 12:19:56 +10:00
Josh Holtrop
ce610db4e8 Rust wrapper: add wolfssl::wolfcrypt::hmac module 2025-10-21 16:59:32 -04:00
philljj
7e6c86a6c3 Merge pull request #9326 from douzzer/20251021-KDF-FIPS-gate-tweaks 
20251021-KDF-FIPS-gate-tweaks
 2025-10-21 12:49:21 -05:00
David Garske
9c3a0e3a67 Merge pull request #9324 from douzzer/20251020-coverity-WC_SAFE_foo 
20251020-coverity-WC_SAFE_foo
 2025-10-21 09:41:25 -07:00
JacobBarthelmeh
936e350c63 Merge pull request #9325 from LinuxJedi/zp-fixes 
Fix things found with ZeroPath
 2025-10-21 10:19:01 -06:00
Brett Nicholas
1134d246f7 Merge pull request #9309 from night1rider/CryptoCbCopy 
Add crypto callback support for copy/free operations (SHA-256)
 2025-10-21 09:45:18 -06:00
Daniel Pouzzner
b07bc74a71 wolfcrypt/test/test.c: skip nist_sp80056c_kdf_test() and nist_sp800108_cmac() on FIPS <7.0.0. 2025-10-21 10:38:55 -05:00
JacobBarthelmeh
818d1e37eb Merge pull request #9321 from anhu/no_conv_ems 
Prevent a conversion warning
 2025-10-21 09:38:00 -06:00
David Garske
c1339abc05 Merge pull request #9323 from philljj/fix_coverity_onestep 
KDF onestep: hashOutSz err check.
 2025-10-21 08:23:05 -07:00
David Garske
6f9ca6cb52 Merge pull request #9294 from LinuxJedi/benchmark-ram 
Benchmark memory tracking
 2025-10-21 08:15:28 -07:00
David Garske
0eb7ad0ead Merge pull request #9320 from holtrop/rust-wc-sha 
Rust wrapper: add wolfssl::wolfcrypt::sha module
 2025-10-21 08:15:01 -07:00
Andrew Hutchings
90e0857d2d Validate LinuxKM I/O lengths 
Reject negative lengths and normalize to size_t before calling kernel_sendmsg/kernel_recvmsg so the kernel transport can’t be tricked into huge or wrapped iov_len values.
 2025-10-21 14:40:36 +01:00
Andrew Hutchings
259670055a Bound buffered HTTP body size 
Clamp per-chunk and aggregated HTTP response sizes before allocating in wolfIO_HttpProcessResponseBuf so untrusted Content-Length or chunk headers can’t overflow the arithmetic or force giant buffers.
 2025-10-21 14:13:41 +01:00
Andrew Hutchings
be1428d108 Validate AF_ALG RSA inputs 
Require the ciphertext length to match the RSA modulus before copying into the AF_ALG Xilinx stack buffer, preventing oversized inputs from overflowing the aligned scratch space.
 2025-10-21 13:57:36 +01:00
Andrew Hutchings
11d2f4894e Guard ProcessKeyShare against truncated key shares 
Add bounds check before reading named_group so malformed TLS 1.3 key share data cannot read past the supplied buffer.
 2025-10-21 13:40:00 +01:00
Andrew Hutchings
8b4f816ae7 BioReceiveInternal: allow NULL write BIO 
Some callers, such as the OCSP request context, only supply a read BIO. Guard the write-BIO pending check so a read error or EOF does not dereference NULL.
 2025-10-21 13:12:52 +01:00
Andrew Hutchings
e6ca4d15e2 MicriumReceiveFrom: tighten peer validation 
Reject DTLS datagrams when the stored peer is missing, the address length changes, or the address bytes differ. The old check required both the length and byte comparisons to fail, letting spoofed peers through when only one mismatch occurred.
 2025-10-21 13:10:04 +01:00
Sean Parkinson
9c1462a9ec Aarch64 asm: convert to generated 
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
 2025-10-21 17:03:39 +10:00
Daniel Pouzzner
ca552cc345 src/internal.c: work around false positive "C4701: potentially uninitialized local variable" in GrowOutputBuffer(). 2025-10-20 23:54:15 -05:00
Daniel Pouzzner
279238ce63 wolfssl/wolfcrypt/types.h: 
* fix WC_MIN_SINT_OF().
* add outer cast back to target type in WC_MAX_UINT_OF() and WC_MAX_SINT_OF().
* rename WC_SAFE_SUM_*_NO_WUR to WC_SAFE_SUM_*_CLIP().
* remove clipping assignments from failure paths in WC_WUR_INT() variants.
* add WC_SAFE_SUB_UNSIGNED_CLIP(), WC_SAFE_SUB_UNSIGNED(), WC_SAFE_SUB_SIGNED_CLIP(), and WC_SAFE_SUB_SIGNED().
* add Coverity-specific annotations in WC_SAFE_*() to suppress false-positive overflow warnings.

wolfcrypt/test/test.c:
* implement macro_test().
* fix stray uint32_t's in crypto_ecc_verify() and crypto_ecc_sign() arg lists.

wolfssl/wolfcrypt/ext_xmss.h: fix stray uint32_t.
 2025-10-20 23:27:09 -05:00
jordan
c1032a8cb6 KDF onestep: hashOutSz err check. 2025-10-20 22:05:41 -05:00
Sean Parkinson
5adf392d56 Merge pull request #9281 from effbiae/tlsx-with-ech 
refactor to TLSX_ChangeSNIBegin/End
 2025-10-21 10:58:33 +10:00
Sean Parkinson
3f9e2e5baa X.509 cert: crl distribution point reasons is IMPLICIT 
The reasons field is IMPLICIT meaning that the value is directly under
the context-specific tag. That is context-specific tag is not
constructed.
 2025-10-21 09:30:45 +10:00
Andrew Hutchings
00c936c29e Only change WC_BENCH_MAX_LINE_LEN when we need to 2025-10-20 18:58:16 +01:00
night1rider
f1faefed91 Added callbacks for copy and free to SHA, 224, 384, 512, and SHA3. Also split macros for FREE and COPY Callbacks, and add configure.ac option. 2025-10-20 11:09:35 -06:00
Anthony Hu
26ba17b48e Prevent a conversion warning 2025-10-20 12:20:59 -04:00
David Garske
d86575c766 Merge pull request #9312 from night1rider/FixCallbackRngInit 
Refactor wc_rng_new to use wc_rng_new_ex, and to use WC_USE_DEVID as the devId if set at compile time
 2025-10-20 09:19:17 -07:00
night1rider
0dca3bc24d Setup to be opt-in for copy callback, and also added a outline for a free callback 2025-10-20 10:07:24 -06:00
night1rider
4d6418f31a Add crypto callback support for copy operations (SHA-256) 2025-10-20 10:06:30 -06:00
David Garske
7fa53c8c71 Merge pull request #9289 from philljj/cmac_kdf 
cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step.
 2025-10-20 08:33:30 -07:00
night1rider
bd4099d2d7 Update test.c tests to use global devId instead of INVALID_DEVID 2025-10-20 09:16:23 -06:00
night1rider
28c78b5c0c Use global devId for RNG initialization in tests: mlkem_test, dilithium_test, xmss_test, lms_test 2025-10-20 09:16:23 -06:00
night1rider
fba8cab200 Refactor wc_rng_new to use wc_rng_new_ex, and to use WC_USE_DEVID as the devId if set at compile time 2025-10-20 09:16:23 -06:00