Commit Graph

29160 Commits

Author SHA1 Message Date
gojimmypi ebeb95e47b Initialize Dilithium keyTypeTemp and keySizeTemp 2025-07-09 09:13:14 -07:00
Ruby Martin 6de2557748 check buflen is less than BLAKE2B_BLOCKBYTES * 2 2025-07-09 10:00:28 -06:00
Ruby Martin 7b7c658668 add null check to wc_Des_CbcEncrypt 2025-07-09 09:59:46 -06:00
David Garske 703bd6d0ba Merge pull request #8975 from JeremiahM37/mldsa_static_mem
ML-DSA Static Memory Fix
2025-07-09 08:22:51 -07:00
David Garske 0407ea131b Merge pull request #8970 from miyazakh/qt_jenkins_encryptedKey4PBKDF1
Fix Qt nightly Jenkins failure
2025-07-09 08:04:48 -07:00
Ruby Martin f62d0fa256 check sigAlgs.size against WOLFSSL_MAX_SIGALGO 2025-07-09 08:57:44 -06:00
Sean Parkinson d6a72e2480 PPC32 ARM ASM SHA-256: SPE impl, tidy up original
Implement using SPE instructions that allow for 64-bit registers as a
vector of 2 32-bit values.
Tidy up original implementation to not use stack.
2025-07-09 18:34:33 +10:00
JeremiahM37 88da86e900 ML DSA Static Memory Fix 2025-07-08 17:51:42 -06:00
David Garske f44178ca1b Merge pull request #8973 from embhorn/zd20192
Fix curl config to set HAVE_EX_DATA and HAVE_ALPN
2025-07-08 15:48:28 -07:00
Sean Parkinson 08ec3642f0 Merge pull request #8931 from julek-wolfssl/MAX_ENCODED_SIG_SZ-detected
Detect correct `MAX_ENCODED_SIG_SZ` based on max support in math lib
2025-07-08 09:38:52 +10:00
Sean Parkinson 9b92b4c902 Merge pull request #8962 from rlm2002/coverity
Coverity: Dereference after NULL check and Use after free
2025-07-08 08:30:35 +10:00
Eric Blankenhorn 0d14ec3547 Fix curl Cmake config to set HAVE_EX_DATA and HAVE_ALPN 2025-07-07 17:15:11 -05:00
Eric Blankenhorn de00bf259d Fix curl config to set HAVE_EX_DATA and HAVE_ALPN 2025-07-07 15:00:14 -05:00
Ruby Martin de59e9d25e change to BIO_free_all() on EXPECT_FAIL() 2025-07-07 09:17:29 -06:00
Ruby Martin 61e4142fe0 add null check for ssl before use in wc_DhGenerateKeyPair 2025-07-07 09:17:29 -06:00
Ruby Martin 65f9cdb498 free p2 before reassigning to reEncoded value 2025-07-07 09:17:29 -06:00
Juliusz Sosinowicz 51c9448aa1 Detect correct MAX_ENCODED_SIG_SZ based on max support in math lib 2025-07-07 16:42:33 +02:00
Sean Parkinson f0041cd761 SP int: fix 8 bit words and sp_clamp_ct
Need to cast to sp_size_t as it may be bigger than the word type
sp_int_digit.
2025-07-07 18:43:29 +10:00
Sean Parkinson e649e1047f API test ASN: must not have NO_ASN defined
Add testing of PSK only to workflows.
2025-07-07 16:24:10 +10:00
Hideki Miyazaki ee8be22a3f Fix Qt nightly jenkins failure
PBKDF1 encrpted key
2025-07-07 15:10:41 +09:00
Sean Parkinson 70e53d1a34 ALPN: don't use BIO
Fix wolfSSL_set_alpn_protos to not use BIO.
When compiling with -Os and newer gcc, the compiler gets confused with
the void* cast in the wolfSSL_BIO_get_mem_data call.
2025-07-07 12:59:42 +10:00
Daniel Pouzzner a40b56ccb5 Merge pull request #8964 from douzzer/20250703-linuxkm-fixes
20250703-linuxkm-fixes

Note, final commit reviewed by @SparkiDev, and earlier commit reviewed by @philljj.
2025-07-04 08:45:55 -05:00
Daniel Pouzzner ef3a1a28d9 linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: fixes for spinlocks on CONFIG_ARM64;
wolfcrypt/src/wc_port.c: include random.h, for Entropy_Init().
2025-07-03 22:09:34 -05:00
Sean Parkinson d1893dbdec ARM 32-bit ASM AES: fixup 32-bit code to not use B.EQ
Changes made for Green Hills Aarch64 got into the 32-bit code.
2025-07-04 11:37:06 +10:00
Daniel Pouzzner 688bc168de wolfcrypt/src/random.c: small stack refactor of noise[] in wc_Entropy_Get(). 2025-07-03 18:30:46 -05:00
David Garske fb691fac94 Merge pull request #8947 from SparkiDev/mldsa_openssl_der
ML-DSA/Dilithium: support OpenSSL format
2025-07-03 16:10:55 -07:00
Sean Parkinson 41eef2ef71 CodeQL: o is larger type and could cause issues
Make 'o' sp_size_t as the callers are passing 0 or explicit cast to
sp_size_t
2025-07-04 09:04:39 +10:00
Daniel Pouzzner 478bfafea3 linuxkm/lkcapi_sha_glue.c:
* add wc_linuxkm_drbg_ctx.n_rngs, and in wc_linuxkm_drbg_init_tfm(), set it to max(4, nr_cpu_ids), to avoid stalling on unicore targets;

* add explanatory comments re architecture to get_drbg() and get_drbg_n();

* add opportunistic cond_sched() to get_drbg_n();

* add runtime asserts in get_drbg(), wc_linuxkm_drbg_seed(), and get_default_drbg_ctx(), checking that we have the right tfm with an allocated DRBG array;

* wc_linuxkm_drbg_startup(): return failure if registering the random_bytes handlers fails;

linuxkm/patches/6.1.73/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v1v73.patch: fix flub.
2025-07-03 17:35:37 -05:00
David Garske d8caa8493f Merge pull request #8959 from SparkiDev/disable_pk_algs
Testing disabling various PK algs
2025-07-03 15:20:57 -07:00
Sean Parkinson 519d1430d0 ML-DSA/Dilithium: support OpenSSL format
Support DER private key format.
2025-07-04 07:54:26 +10:00
David Garske 3fe84bf3c0 Merge pull request #8961 from douzzer/20250703-fixes-for-multi-test-reports
20250703-fixes-for-multi-test-reports
2025-07-03 11:07:46 -07:00
Albert Ribes 5615993f48 Add missing option checks 2025-07-03 19:01:50 +02:00
JacobBarthelmeh 01de7cc04b Merge pull request #8955 from anhu/signed
Explicitly declare dilithium_coeff_eta2[] as signed
2025-07-03 10:25:46 -06:00
JacobBarthelmeh 7abaa131d3 Merge pull request #8954 from dgarske/asm_introspection
Added introspection for Intel and ARM assembly speedups
2025-07-03 10:22:19 -06:00
philljj c0837cb073 Merge pull request #8943 from douzzer/20250617-linuxkm-get_random_bytes
20250617-linuxkm-get_random_bytes
2025-07-03 11:22:08 -05:00
Albert Ribes 2ddd98927f When creating a Cert from a WOLFSSL_X509, account for custom extensions
Function 'CertFromX509' is used to convert a WOLFSSL_X509 to a Cert
structure for writing out. It didn't copy custom extensions.
2025-07-03 17:28:57 +02:00
Daniel Pouzzner 1d1a87b0a2 wolfssl/wolfcrypt/tfm.h: fix arg names in fp_to_unsigned_bin_len_ct() prototype to match tfm.c (fixes readability-inconsistent-declaration-parameter-name in clang-tidy-fips-140-3-defaults etc.). 2025-07-03 10:21:30 -05:00
Daniel Pouzzner bdd2056645 wolfcrypt/test/test.c: fix gate in dh_test() (fixes disable-sha256). 2025-07-03 10:19:07 -05:00
Daniel Pouzzner a1fa897572 wolfcrypt/src/dilithium.c: fix cast flubs in dilithium_encode_gamma1_19_bits() (fixes quantum-safe-wolfssl-all-gcc-latest-m32). 2025-07-03 10:17:51 -05:00
Sean Parkinson c925ba2fe1 Testing disabling various PK algs
Fix api.c: disable test_EccSigFailure_cm and test_RsaSigFailure_cm when
the PK algorithm they use is disabled.
2025-07-03 16:38:54 +10:00
David Garske 6be8a3710d Merge pull request #8937 from miyazakh/tsip_cryptcb_ut
Fix TSIP port using crypto callback
2025-07-02 17:42:51 -07:00
Hideki Miyazaki b60a05f45e Fix TSIP port using crypto callback
- Add unit test using cb
2025-07-03 08:23:24 +09:00
JacobBarthelmeh c48dd28741 Merge pull request #8957 from dgarske/bench_help
Fix issue with benchmark help options and descriptions not lining up
2025-07-02 17:17:42 -06:00
David Garske 7f50cd537e Merge pull request #8956 from gojimmypi/pr-workflow-owner
Remove duplicate repository_owner check
2025-07-02 15:01:29 -07:00
David Garske 59061aebec Fix issue with benchmark help options and descriptions not lining up due to new -aead_set_key added in #8160 on April 14, 2025. 2025-07-02 14:58:11 -07:00
Daniel Pouzzner dd69d56e33 linuxkm/linuxkm_wc_port.h: in malloc/realloc, use GFP_KERNEL if it's safe to sleep;
linuxkm/lkcapi_sha_glue.c:

* in wc_linuxkm_drbg_init_tfm(), sleep if it's safe, and observe a wc_linuxkm_drbg_init_tfm_disable_vector_registers flag;

* in wc_crng_reseed(), preemptively execute the reseed if it's safe to sleep;

* in wc_linuxkm_drbg_startup(), in LINUXKM_DRBG_GET_RANDOM_BYTES section, add reseed test sequence if defined(DEBUG_DRBG_RESEEDS).
2025-07-02 16:46:27 -05:00
gojimmypi adc3f1b3d7 Remove duplicate repository_owner check 2025-07-02 14:32:21 -07:00
Anthony Hu f7ea8fca67 Explicitly declare dilithium_coeff_eta2[] as signed 2025-07-02 15:50:51 -04:00
Daniel Pouzzner 0160af0a0d linuxkm/patches/: update patches to reseed the wolfCrypt DRBG array only on explicit RNDRESEEDCRNG ioctl;
linuxkm/lkcapi_sha_glue.c: add error msg in wc_linuxkm_drbg_generate() if wc_InitRng() fails, and add "libwolfssl: " prefixes in pr_info() messages.
2025-07-02 14:25:05 -05:00
Daniel Pouzzner d2083db6de wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM && LINUXKM_LKCAPI_REGISTER setup for default WC_RESEED_INTERVAL, ignore WORD64_AVAILABLE because it isn't available at this stage of inclusion. 2025-07-02 14:25:05 -05:00