Commit Graph

11274 Commits

Author SHA1 Message Date
JacobBarthelmeh 8153ea6189 Merge pull request #9559 from cconlon/pkcs7SignedNonOctet
Fix PKCS#7 SignedData parsing for non-OCTET_STRING content types
2025-12-19 11:12:06 -07:00
Daniel Pouzzner 6f95a9c58e wolfcrypt/src/random.c: in _InitRng(), remove "drbg_instantiated" conditional cleanup logic (Coverity true-benign-positive: DEADCODE because drbg_instantiated is always false when ret != DRBG_SUCCESS). 2025-12-19 10:30:14 -06:00
Daniel Pouzzner fb26b2dfe1 wolfcrypt/test/test.c: in HMAC tests, initialize ret, to silence uninitvar from cppcheck-force-source. 2025-12-19 09:07:14 -06:00
Daniel Pouzzner 96c47cd18c wolfcrypt/test/test.c: in _rng_test(), inhibit the WC_RESEED_INTERVAL subtest if an rng callback is installed. 2025-12-19 08:55:35 -06:00
Juliusz Sosinowicz dd35f10b57 ed25519: validate presence of keys in export functions 2025-12-19 10:14:26 +01:00
Chris Conlon afe82b9512 Fix PKCS#7 degenerate detection based on signerInfos length 2025-12-18 16:28:03 -07:00
Chris Conlon d6dcd30736 Fix PKCS#7 streaming for non OCTET STRING content types 2025-12-18 16:28:01 -07:00
Kareem b0b840aa0f Rename fdOpen to seedFdOpen to avoid potential conflicts.
Gate keeping the seed FD open behind WOLFSSL_KEEP_RNG_SEED_FD_OPEN and only
enable by default for HAProxy.  It is causing issues on OS X and may
cause issues on other OSes, and is generally a major behavior change.
2025-12-18 15:55:35 -07:00
Kareem c238defe23 Add cast for public_size 2025-12-18 15:32:59 -07:00
Kareem 755097d512 Track if RNG seed FD was opened and only close it if it was already open. This fixes the case where wc_FreeRng is called when _InitRng was not called on the RNG. Since the FD value defaults to 0 before _InitRng was called, and 0 is potentially a valid FD, it was being closed. 2025-12-18 15:27:00 -07:00
JacobBarthelmeh 4162f24434 Merge pull request #9555 from embhorn/zd20964
Null deref check in Pkcs11ECDH
2025-12-18 15:14:35 -07:00
Kareem 81d32f4fe6 Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application. 2025-12-18 14:37:59 -07:00
Kareem 0420c942a0 Only use -1 for uninitialized fds as 0 is a valid fd. 2025-12-18 11:22:22 -07:00
Kareem 2e83b97909 Only attempt to close RNG file descriptor on platforms with XCLOSE. 2025-12-18 11:15:33 -07:00
Kareem fb880e943b Reset fd after closing it. 2025-12-18 11:15:33 -07:00
Kareem 6bcbfec200 Initalize RNG seed fd in _InitRng. 2025-12-18 11:15:33 -07:00
Kareem ea43bcba72 Keep RNG seed file descriptor open until the RNG is freed. 2025-12-18 11:15:33 -07:00
Daniel Pouzzner 83e9a0780f wolfcrypt/src/wc_lms.c: fix leak in wc_LmsKey_Reload(). 2025-12-18 11:09:37 -06:00
Daniel Pouzzner 59b3219c0f wolfcrypt/test/test.c: fix memory leaks in Hmac tests. 2025-12-18 10:47:21 -06:00
Eric Blankenhorn d1a4677a8a Null deref check in Pkcs11ECDH 2025-12-18 10:10:57 -06:00
Sean Parkinson a103f5af8b Merge pull request #9545 from douzzer/20251211-DRBG-SHA2-smallstackcache-prealloc
20251211-DRBG-SHA2-smallstackcache-prealloc
2025-12-18 10:07:37 +10:00
Sean Parkinson b7e69fb2f3 Merge pull request #9543 from kareem-wolfssl/zd20944
Check Curve25519 public key after generating one to avoid generating invalid keys.
2025-12-18 09:29:58 +10:00
JacobBarthelmeh 911e996a8d Merge pull request #9546 from SparkiDev/curve25519_base_smul_improv
Curve25519: improved smul
2025-12-17 15:28:56 -07:00
Daniel Pouzzner b23f59f137 Merge pull request #9540 from sameehj/linuxkm_tegra_fips_fixes
linuxkm: fix Tegra Yocto FIPS build issues (ARM64, RT, PIE)
2025-12-17 12:49:23 -06:00
JacobBarthelmeh e93835acd9 sanity checks on buffer size with AES and CAAM Integrity use 2025-12-17 10:15:32 -07:00
Daniel Pouzzner fc7d4ffad4 PR#9545 20251211-DRBG-SHA2-smallstackcache-prealloc addressing peer review: clear dest if necessary in InitHandshakeHashesAndCopy(), style tweaks in random.c, explanatory comments in sha512.c. 2025-12-17 11:07:22 -06:00
Daniel Pouzzner 33fc601011 tweaks from PRBs results:
tests/api.c:
* remove inapt SSL_library_init() in test_wolfSSL_EVP_Cipher_extra();
* move TEST_X509_DECLS to follow TEST_DECL(test_wolfSSL_Init);

tests/api/test_random.c: enlarge seed buffer in test_wc_RNG_TestSeed() to accommodate amdrand block size;

tests/quic.c: wrap exercises in wolfSSL_Init()...wolfSSL_Cleanup();

tests/unit.c: in unit_test(), add several more fflush(stdout)s, report error from wolfSSL_Cleanup(), and fix line length;

wolfcrypt/test/test.c: omit reseed test in _rng_test() if HAVE_INTEL_RDRAND or old FIPS, and use simplified random_test() if HAVE_INTEL_RDRAND;

wolfssl/wolfcrypt/mem_track.h: add memList pointer in struct memoryStats, and set it in InitMemoryTracker();

wolfssl/wolfcrypt/settings.h: undefine WOLFSSL_SMALL_STACK_CACHE if WOLFSSL_SMALL_STACK is undefined;

.github/workflows/trackmemory.yml: add --enable-intelrdseed scenario.
2025-12-17 11:01:11 -06:00
Daniel Pouzzner fb82bdbc35 wolfcrypt/test/test.c:
* in wolfcrypt_test_main(), when WOLFSSL_TRACK_MEMORY, check and error if wc_MemStats_Ptr->currentBytes > 0;
  * don't call the hash initialization APIs for hash structs that are later copied over with the hash copy API (sha224_test(), sha256_test(), sha512_test(), etc)
  * in hash_test(), either wc_HashNew() or wc_HashInit(), not both (fixes leaks);
  * in hmac_*_test(), add test coverage for wc_HmacCopy();
  * in _rng_test(), when WOLFSSL_TRACK_MEMORY && WOLFSSL_SMALL_STACK_CACHE, check that wc_MemStats_Ptr->totalAllocs doesn't increase when wc_RNG_GenerateBlock() is called, and if HAVE_HASHDRBG) && !CUSTOM_RAND_GENERATE_BLOCK, check that forcing a reseed doesn't result in an increase.
  * add missing context cleanups in openSSL_evpMD_test().
2025-12-17 11:01:10 -06:00
Daniel Pouzzner 8bd0fb0e4b wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h: refactor WOLFSSL_SMALL_STACK_CACHE support to eliminate all heap calls after init and before cleanup.
* add DRBG_internal.{seed_scratch,digest_scratch}
  * add WC_RNG.{drbg_scratch,health_check_scratch,newSeed_buf}
  * refactor to implement new WOLFSSL_SMALL_STACK_CACHE dynamics:
    * wc_RNG_HealthTestLocal()
    * Hash_df()
    * Hash_gen()
    * Hash_DRBG_Generate()
    * Hash_DRBG_Instantiate()
    * _InitRng()
    * PollAndReSeed()
    * wc_FreeRng()
    * wc_RNG_HealthTest_ex_internal()
    * wc_RNG_HealthTest_ex()
    * wc_RNG_HealthTestLocal()
  * refactor out WOLFSSL_KERNEL_MODE gates (now all WOLFSSL_SMALL_STACK_CACHE)
2025-12-17 11:01:10 -06:00
Daniel Pouzzner 2b28931855 wolfcrypt/src/sha256.c and wolfcrypt/src/sha512.c: in WOLFSSL_SMALL_STACK_CACHE builds, allocate shafoo->W at init or context copy time, rather than in the transform function. for the SHA512 family, allocate additional space in W for "buffer" in wc_Sha512Transform(). 2025-12-17 11:01:10 -06:00
Daniel Pouzzner 525266c467 wolfssl/wolfcrypt/mem_track.h and wolfcrypt/src/memory.c: add WOLFSSL_API extern memoryStats *wc_MemStats_Ptr, set by InitMemoryTracker() and cleared by CleanupMemoryTracker(), allowing public access to the memory statistics.
tests/unit.c: at end of unit_test(), when WOLFSSL_TRACK_MEMORY, explicitly wolfSSL_Cleanup() then check and error if wc_MemStats_Ptr->currentBytes > 0.
2025-12-17 11:01:10 -06:00
Daniel Pouzzner 1e38a1011e wolfcrypt/src/wolfentropy.c: in wc_Entropy_Get():
* use a bss segment allocation for noise, to avoid a heap allocation (access is already mutex-protected), and
  * in the loop, WC_CHECK_FOR_INTR_SIGNALS() and WC_RELAX_LONG_LOOP().
2025-12-17 11:01:10 -06:00
Daniel Pouzzner 50b51adc93 wolfcrypt/src/hmac.c and wolfssl/wolfcrypt/hmac.h: implement WOLFSSL_API wc_HmacCopy(), and remove the WOLFSSL_HMAC_COPY_HASH gate on HmacKeyCopyHash(). 2025-12-17 11:01:10 -06:00
Daniel Pouzzner 2802e2d82b wolfcrypt/src/rsa.c: in RsaUnPad_OAEP(), refactor volatile-based constant time mitigation to fix "using value of assignment with ‘volatile’-qualified left operand is deprecated [-Werror=volatile]" (new warning from gcc-16.0.0_p20251207, not reported by gcc-16.0.0_p20251116-r1). 2025-12-17 11:01:10 -06:00
Sameeh Jubran a5f1fde955 linuxkm: fix Tegra Yocto FIPS build issues (ARM64, RT, PIE)
Fix multiple build and runtime issues when building wolfSSL LinuxKM FIPS
on NVIDIA Tegra (ARM64) kernels under Yocto.

- Disable ARM64 LSE atomics for out-of-tree modules to avoid jump_table
  asm constraints
- Handle PREEMPT_RT mutex and spinlock differences correctly
- Avoid alt_cb_patch_nops / queued_spin_lock_slowpath on Tegra
- Remove conflicting compiler auto-var-init flags for PIE objects
- Align PIE symbol redirection with RT and Tegra kernels

This restores successful LinuxKM FIPS builds on Tegra-based Yocto systems.

Signed-off-by: Sameeh Jubran <sameeh.j@gmail.com>
2025-12-17 14:32:26 +02:00
Sean Parkinson af2c6cc932 AES-GCM ARM32/Thumb2 ASM: don't change aes->reg in decrypt
OpenSSL compatability layer expects aes->reg to be unmodified by AES-GCM
decrypt call. ARM32/Thumb2 assembly implementation  modifies buffer.
Keep a copy and restore aes->reg after call.
2025-12-17 16:04:25 +10:00
Sean Parkinson f54266c2c6 Curve25519: improved smul
Use the Ed25519 base smul in Curve25519 base mul and covert to
Montogmery curve for a faster implementation.
Only when Ed25519 is compiled in or WOLFSSL_CURVE25519_USE_ED25519 is
defined.
When compiling Intel x64 assembly and Aarch64 assembly, always define
WOLFSSL_CURVE25519_USE_ED25519.
Can't use with blinding - normal C implementation.

Optimized the Curve25519 smul slightly for Intel x64 and Aarch64.
Improved the conditional table lookup on Intel x64 to use AVX2 when
available.
2025-12-17 13:25:36 +10:00
JacobBarthelmeh b42e9a9410 Merge pull request #9529 from SparkiDev/dsa_pg_sp_int_fix
DSA Parameter Generation: init g earlier
2025-12-16 14:52:45 -07:00
JacobBarthelmeh 75fdf959c1 Merge pull request #9514 from kareem-wolfssl/zd20936
Fix uninitialized variable, fix potentially undefined printf reference in HASH_DRBG_Generate.
2025-12-16 14:48:17 -07:00
Kareem 36eda9fb75 Check Curve25519 public key after generating one to avoid generating invalid keys.
Thanks to Kr0emer for the report.
2025-12-15 16:31:29 -07:00
Sean Parkinson 85d40c8e9b Merge pull request #9522 from JacobBarthelmeh/time
tie in use of check_time with x509 store
2025-12-16 08:24:49 +10:00
Kareem 968662063d Merge remote-tracking branch 'upstream/master' into zd20936 2025-12-15 14:06:18 -07:00
Daniel Pouzzner b9368d7a3d Merge pull request #9516 from embhorn/gh3665
Add checking of size param and clarify usage in doc
2025-12-15 10:49:57 -06:00
Sean Parkinson dacb3425cd DSA Parameter Generation: init g earlier
Ensure dsa->g is initialized with other mp_ints so that it can be
cleared at the end regardless of failures.

Don't clear tmp or tmp2 if allocation or initialization failed as you
will access uninitialized data.
2025-12-15 09:12:11 +10:00
Sean Parkinson 6e94381149 ARM64 ASM: Darwin specific address calc fix
Don't use ':lo12:' in Darwin specific address calculation code.
@PAGEOFF is indicating this.
2025-12-15 08:46:24 +10:00
JacobBarthelmeh 5099e6e315 add macro guard on use of time_t 2025-12-12 16:42:19 -07:00
Kareem 2d4e589a8d Merge remote-tracking branch 'upstream/master' into zd20936 2025-12-12 11:37:45 -07:00
Kareem 3797c03e6c Merge remote-tracking branch 'upstream/master' into zd20936 2025-12-12 11:37:34 -07:00
night1rider cf42d14e10 Fix wc_CmacFree() and wc_CMAC_Grow() to use correct heap pointer from internal Aes structure 2025-12-12 11:14:16 -07:00
JacobBarthelmeh e1bbb71878 tie in use of check_time with x509 store 2025-12-12 09:22:23 -07:00