Commit Graph

30571 Commits

Author SHA1 Message Date
David Garske 3cc69f0fae Merge pull request #10839 from kojiws/fix_arm64_macro_name
ML-DSA: Fix misspelled `__arch64__` macro to `__aarch64__`
2026-07-07 21:55:46 -07:00
David Garske e0a8f3f475 Merge pull request #10706 from JacobBarthelmeh/dev
defense in depth hardening for x509 extension create by OBJ and EVP decode update
2026-07-07 16:41:15 -07:00
David Garske a296ac07fc Merge pull request #10842 from miyazakh/f6162_tsiphash
[Renesas RX72N] RX72N TSIP fixes and command-line build/flash/UART tooling
2026-07-07 16:17:30 -07:00
philljj 2f2ffbac04 Merge pull request #10856 from douzzer/20260702-linuxkm-various
20260702-linuxkm-various
2026-07-07 17:44:50 -05:00
David Garske 6d38bc12e8 Merge pull request #10854 from rlm2002/gi10846-7
IDE resource handling and error-path improvements
2026-07-07 15:13:28 -07:00
David Garske d805c804b9 Merge pull request #10733 from mattia-moffa/20260617-max32666-sha-streaming-old
MAX32666 fixes for old SDK
2026-07-07 14:54:34 -07:00
David Garske 7dd7ae86c0 Merge pull request #10770 from embhorn/zd22032
Fix wolfSSL_BUF_MEM_grow_ex with WOLFSSL_NO_REALLOC
2026-07-07 14:48:29 -07:00
David Garske bee18d122d Merge pull request #10801 from SparkiDev/windows_asm_1
Add Windows assembly files to the build
2026-07-07 14:26:31 -07:00
David Garske 926a50458b Merge pull request #10841 from SparkiDev/extract_funcs_ssl_1
internal.c: extract functions to make code cleaner
2026-07-07 14:26:16 -07:00
David Garske 5ebc44ee4e Merge pull request #10848 from SparkiDev/wycheproof_fixes_5
Wycheproof: fixes for various platforms
2026-07-07 14:10:07 -07:00
David Garske c635740d6e Merge pull request #10850 from holtrop-wolfssl/wolfssl-wolfcrypt-2.1.0
Rust wrapper: wolfssl-wolfcrypt v2.1.0
2026-07-07 14:07:57 -07:00
Aidan Garske e6567ac353 Merge pull request #10838 from cyberstormdotmu/loganaden-patch-wolfssl_quic_underflow
quic: Fix buffer underflow
2026-07-07 13:30:26 -07:00
Daniel Pouzzner 833e360ccd fixes for issues identified by CI tests and AI review:
tests/api/api.h: always use FIPS 186-4 settings if defined(HAVE_SELFTEST).

wolfssl/wolfcrypt/settings.h: if defined(HAVE_SELFTEST), #define WC_FIPS_186_4.
2026-07-07 02:35:51 -05:00
Daniel Pouzzner 3965993c6d wolfssl/wolfcrypt/types.h: in fallback definition of DISABLE_VECTOR_REGISTERS(), return NOT_COMPILED_IN rather than (-1), for clarity and traceability.
linuxkm/lkcapi_sha_glue.c: require defined(WOLFSSL_EXPERIMENTAL_SETTINGS) when defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES).
2026-07-07 00:19:48 -05:00
Daniel Pouzzner 5cee8bec39 wolfcrypt/src/rng_bank.c:
* refactor rng_bank.refcount management using wolfSSL_RefInc_IfAtLeast() and wolfSSL_RefDec_IfEquals(), to mitigate deallocation races.
* in wc_rng_bank_init(), fail fast for non-retryable errors.
* in wc_rng_bank_init(), wc_rng_bank_checkout(), and wc_rng_bank_inst_reinit(), consistently treat timeout_secs==0 as dont-wait, and timeout_secs<0 as wait-forever if wc_rng_bank_init() or flags & WC_RNG_BANK_FLAG_CAN_WAIT.
* in wc_rng_bank_checkout(), fix affinity dynamics to recompute after possible sleep, or drop affinity attempts entirely if using WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST strategy.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner 0fdceafe6b wolfcrypt/src/wc_port.c, wolfssl/wolfcrypt/wc_port.h:
* implement wolfSSL_RefInc_IfAtLeast() and wolfSSL_RefDec_IfEquals().
* implement wolfSSL_RefWithMutexInc_IfAtLeast() and wolfSSL_RefWithMutexDec_IfEquals().

wolfssl/wolfcrypt/wc_port.h: for old FIPS when __GNUC__ or __clang__, always map __FUNCTION__ to __func__ for pedantic conformance.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner bd977dc0b9 linuxkm/lkcapi_ecdsa_glue.c and linuxkm/lkcapi_glue.c: implement support for ECDSA verify on kernel 6.13+ (struct sig_alg API). 2026-07-07 00:19:48 -05:00
Daniel Pouzzner 09db3a6410 linuxkm/linuxkm_wc_port.h:
* set up WC_LINUXKM_HAVE_SELFTEST and WC_LINUXKM_HAVE_SELFTEST_FULL early.
* replace the forced-downgrade from FIPS 186-5 to 186-4 for SHA-1 support, with a #error if configuration is incompatible.

linuxkm/linuxkm_wc_port.h, linuxkm/lkcapi_glue.c, linuxkm/module_exports.c.template, linuxkm/module_hooks.c, wolfcrypt/src/random.c: consolidate into the warning-masked span of linuxkm_wc_port.h, the #includes for kernel headers linux/fips.h, linux/vmalloc.h, and linux/random.h.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner 12272e1c06 wolfssl/wolfcrypt/hash.h, src/internal.c, src/pk_ec.c, tests/api/api.h, wolfcrypt/src/dsa.c, wolfcrypt/src/ecc.c, wolfcrypt/src/pkcs7.c, wolfcrypt/test/test.c:
* remove FIPS 186-5 sign-mode restrictions from WC_HASH_CUSTOM_MIN_DIGEST_SIZE.
* set up WC_MIN_DIGEST_SIZE_FOR_SIGN and WC_MIN_DIGEST_SIZE_FOR_VERIFY, derived from WC_HASH_CUSTOM_MIN_DIGEST_SIZE, but enforcing FIPS 186-5 sign-mode restrictions only for WC_MIN_DIGEST_SIZE_FOR_SIGN.
* replace all uses of WC_MIN_DIGEST_SIZE with WC_MIN_DIGEST_SIZE_FOR_SIGN or WC_MIN_DIGEST_SIZE_FOR_VERIFY as appropriate.

wolfcrypt/test/test.c: in cryptocb_test(), don't expect callback execution in FIPS builds.

wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, if defined(NO_SHA) while registering ECDSA handlers, force WC_MIN_DIGEST_SIZE_FOR_VERIFY to 20 for SHA-1 verify support.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner d7a29f58b4 wolfcrypt/src/aes.c: activate USE_INTEL_SPEEDUP when defined(USE_INTEL_SPEEDUP_FOR_AES) in the WOLFSSL_X86_64_BUILD build path too.
linuxkm/lkcapi_aes_glue.c: tweak WOLFKM_AES_DRIVER_ISA_EXT to reflect AVX512 and VAES capabilities.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner 42a9983e05 tests/api.c: appropriately pivot expected result code on minDhKeySz in test_wolfSSL_CTX_SetTmpDH_file() and test_wolfSSL_SetTmpDH_file().
tests/api/test_evp_pkey.c and tests/api/test_ossl_rsa.c: for FIPS, use WC_RSA_EXPONENT as the exponent for RSA_generate_key(), not 3.
2026-07-07 00:19:47 -05:00
Loganaden Velvindron 0cdc7ab583 Fix whitespaces 2026-07-07 08:51:12 +04:00
Loganaden Velvindron 98c48a43b7 move check earlier 2026-07-07 08:47:50 +04:00
David Garske 675d5df2cd Merge pull request #10833 from kareem-wolfssl/zd22079
Add some missing PKCS7 length checks and bound DTLS 1.3 ACK list.
2026-07-06 17:28:22 -07:00
Sean Parkinson 649054f7b8 Wycheproof: fixes for various platforms
Fixes for C, Intel x64, Aarch64, ARM32, Thumb2, Thumb.
2026-07-07 09:06:00 +10:00
Ruby Martin 3cc906f5d1 Rework fail cleanup (GCC-ARM) 2026-07-06 16:27:01 -06:00
Ruby Martin 1cad9fb5b6 IDE examples: fix ssl double-free and unsafe connd close in servers 2026-07-06 16:27:01 -06:00
Ruby Martin e54ef44870 Fix ssl double-free and accepted-socket leak in Azure Sphere server
Set ssl = NULL after the per-connection free so the final util_Cleanup
no longer double-frees it; close(connd) on post-accept error paths.
2026-07-06 16:27:01 -06:00
Ruby Martin f5610a8a76 Jump to exit on error paths to free resources before returning
iotsafe-raspberrypi: goto exit on cert-load failure (was return -1).
MQX server: replace bare return -1 with goto exit + guarded cleanup.
QNX client: correct cleanup-ladder jump targets to unwind properly.
initialize ctx and ssl to NULL
validate wolfIoTSafe_GetCert's int return before casting to uint32_t
2026-07-06 16:27:01 -06:00
Sean Parkinson 9918a1177a internal.c: extract functions to make code cleaner 2026-07-07 08:11:10 +10:00
Sean Parkinson bcef8f4f6d Add Windows assembly files to the build
Windows ASM files generated along side the ATT assembly files.
Adding them to the build so they can be used.
2026-07-07 08:02:20 +10:00
JacobBarthelmeh f1b700180c Merge pull request #10738 from dgarske/zd_ecc_nonblock_certchain
Add WOLFSSL_ASYNC_CERT_YIELD: per-certificate non-blocking yield
2026-07-06 14:21:08 -06:00
Josh Holtrop a29a882a3a Rust wrapper: wolfssl-wolfcrypt v2.1.0 2026-07-06 12:07:39 -04:00
Josh Holtrop 19f6f01c61 Rust wrapper: update CHANGELOG for v2.1.0 2026-07-06 12:05:45 -04:00
Josh Holtrop 0a85d07ab3 Rust wrapper: update crate dependencies 2026-07-06 12:03:14 -04:00
David Garske e79c581105 Merge pull request #10712 from kareem-wolfssl/gh10679
Configure.ac updates
2026-07-06 08:16:17 -07:00
David Garske b560973780 Merge pull request #10825 from SparkiDev/aes_x64_perf_1
AES Intel x64: improve performance
2026-07-06 08:04:19 -07:00
Hideki Miyazaki 954c342c53 trailing whitespace 2026-07-05 12:09:47 +09:00
Hideki Miyazaki a53c660be9 ignore mot post-fix 2026-07-04 08:24:25 +09:00
Hideki Miyazaki 0910472a34 addressed review comments 2026-07-03 18:41:59 +09:00
Daniel Pouzzner 38a4143a48 Merge pull request #10843 from Frauschi/test_fix
Fix ret check in test.c
2026-07-03 02:20:23 -05:00
Tobias Frauenschläger d40aeeabc0 Fix ret check in test.c 2026-07-03 09:15:26 +02:00
Hideki Miyazaki d4762ef138 addressed review comments 2026-07-03 15:30:26 +09:00
Daniel Pouzzner 326f40d032 Merge pull request #10626 from mattia-moffa/20260605-dtls-cid-check-newest
DTLS bugfixes
2026-07-03 01:18:38 -05:00
Daniel Pouzzner 8c7ab8eb4f Merge pull request #10686 from Frauschi/openssl_group_align
Align wolfSSL_set1_groups_list() arg handling with OpenSSL
2026-07-03 01:17:33 -05:00
Daniel Pouzzner a543bc4d78 Merge pull request #10745 from Frauschi/mandatory_psk
Enable support for mandatory PSKs
2026-07-03 01:16:45 -05:00
Daniel Pouzzner 8847cf2aa4 Merge pull request #10768 from Frauschi/altNames_API
Add public alt-name list APIs
2026-07-03 01:14:57 -05:00
Daniel Pouzzner f22ec4ccae Merge pull request #10804 from Frauschi/pkcs7_no_eContent
PKCS#7: support SignedData with absent eContent
2026-07-03 01:14:05 -05:00
Daniel Pouzzner cce3f2571e Merge pull request #10803 from Frauschi/fenrir
Fenrir fixes
2026-07-03 01:11:03 -05:00
Daniel Pouzzner d638d2afd7 Merge pull request #10209 from ColtonWilley/harden-chain-depth-and-parser-bounds
Harden chain depth bounds and parser input validation
2026-07-03 01:03:36 -05:00