wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 16:52:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,898 Commits 12 Branches 184 Tags
658ea305d140a618b112e426e2f6aa825c7fab09
Commit Graph

10165 Commits

Author SHA1 Message Date
David Garske
658ea305d1 Fix issue with poorly written macros 2025-11-18 14:15:22 -08:00
JacobBarthelmeh
8e38e3bb5e Merge pull request #9433 from holtrop/rust-conditional-compilation 
Rust wrapper: enable conditional compilation based on C library build options
 2025-11-17 15:03:17 -07:00
Sean Parkinson
074a3dbcc1 ML-KEM: derive secret fix 
Fixes for deriving secret for ML-KEM.
 2025-11-17 10:01:19 +10:00
David Garske
46a2234c61 Merge pull request #9425 from JacobBarthelmeh/pkcs7_stream 
with decode enveloped data track total encrypted content size
 2025-11-14 12:59:09 -08:00
David Garske
4e1b719236 Improve wc_HmacUpdate to return early if input length == 0. Fixes QAT issue with HKDF test. 2025-11-14 09:40:56 -08:00
Josh Holtrop
c61ac22e89 Rust wrapper: enable conditional compilation based on C library build options 2025-11-14 10:44:25 -05:00
Daniel Pouzzner
135bb66352 wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: use stdatomic.h implementation as C default when available, as before, for proper type annotation in objects. 2025-11-14 07:54:14 -06:00
Daniel Pouzzner
7916db78e8 wolfcrypt/src/wc_port.c and wolfssl/wolfcrypt/wc_port.h: change precedence of atomic implementations, and don't use the stdatomic.h in C++ builds (not compatible); 
fix the name of the wolfSSL_Atomic_Ptr_CompareExchange() implementation in the _MSC_VER code path.
 2025-11-13 17:28:19 -06:00
Daniel Pouzzner
c430cc75ea src/ssl.c and wolfssl/ssl.h: fix signature on wolfSSL_CTX_get0_privatekey() -- ctx is not const; 
wolfcrypt/src/wc_port.c and wolfssl/wolfcrypt/wc_port.h: tweak gates on atomic implementations to maximize availability within currently supported targets;

fix some whitespace.
 2025-11-13 17:11:52 -06:00
Daniel Pouzzner
26ba6344f2 add wolfSSL_Atomic_Ptr_CompareExchange(); mitigate race on ctx->privateKeyPKey in wolfSSL_CTX_get0_privatekey(). 2025-11-13 16:25:49 -06:00
JacobBarthelmeh
c63ca04228 convert to type int for return value 2025-11-13 12:17:04 -07:00
JacobBarthelmeh
d06221c16e with decode enveloped data track total encrypted content size 2025-11-13 12:08:46 -07:00
David Garske
4f3586fe58 Merge pull request #9421 from SparkiDev/mlkem_to_bytes_fix 
ML-KEM to bytes C: not reducing all values
 2025-11-13 08:57:31 -08:00
Sean Parkinson
6c30186168 ECC sign hash: only allow up to max digest size 
Validate that the hash passed in is of an appropriate length - not
greater than the maximum digest size.
 2025-11-13 11:53:51 +10:00
Sean Parkinson
b272f784ec ML-KEM to bytes C: not reducing all values 
Call to mlkem_csubq_c was only called on first array.
Fixed to do it for all.
 2025-11-13 10:42:07 +10:00
gojimmypi
ca920edbd0 Fix LMS C4146 unary minus warning in MSVC, new param check 2025-11-11 19:26:52 -08:00
JacobBarthelmeh
4da365214a Merge pull request #9412 from SparkiDev/regression_fixes_21 
Regression testing fixes
 2025-11-11 09:32:43 -07:00
Sean Parkinson
d84564217c Regression testing fixes 
Fix #ifdef protection for AES tests.
 2025-11-11 21:46:04 +10:00
Sean Parkinson
b7ade58c52 SP label noinline: function inlined even when asked not to 
The label L_521_mont_reduce_9_nomask is therefore appearing more than
once in the compiled code.
Adding '%=' to the end of the label ensure it has a unique number
appended to it even when inlined.
 2025-11-10 20:05:41 +10:00
David Garske
b45217db00 Merge pull request #9402 from anhu/stsafe_doc 
Correction about how to get interface files.
 2025-11-07 13:59:45 -08:00
Anthony Hu
22ab16df97 Correction about how to get interface files. 2025-11-07 16:53:30 -05:00
Sean Parkinson
f376c8d910 Merge pull request #9388 from lealem47/scan_build 
Various fixes for nightly tests
 2025-11-07 09:30:08 +10:00
Sean Parkinson
3416a0f70e Merge pull request #9393 from rlm2002/zd20756 
Integer overflow and dead code removal
 2025-11-07 09:27:05 +10:00
JacobBarthelmeh
ca51fda3bb Merge pull request #9372 from SparkiDev/curve25519_no_lshift_neg_val 
Curve25519: lshift of a negative value is undefined in C
 2025-11-06 15:22:38 -07:00
Ruby Martin
ec60d88f82 remove deadcode else statement when computing kid_type 2025-11-06 15:04:37 -07:00
Ruby Martin
9b2f7a371f remove duplicate keylen check (deadcode) 
wrap if statement in macro guard
 2025-11-06 15:04:37 -07:00
Ruby Martin
78f2e65da6 add cast to int64_t 2025-11-06 14:58:37 -07:00
Lealem Amedie
2b8f83fd8d Fixes for getrandom detection 2025-11-06 14:16:38 -07:00
Lealem Amedie
d3de6305e8 Exit wolfcrypt test if wolfCrypt_Init fails 2025-11-06 10:24:44 -07:00
Lealem Amedie
08db159c5d Fixes for minor scan-build warnings 2025-11-05 21:27:06 -07:00
Sean Parkinson
b0a7f5938c Merge pull request #9379 from holtrop/rust-wc-ed448 
Rust wrapper: add wolfssl::wolfcrypt::ed448 module
 2025-11-06 09:38:32 +10:00
Sean Parkinson
aa0b37a7e5 Merge pull request #9384 from night1rider/crypto-callback-return-fix 
Reset Return to Success if fallback to software Copy Callbacks Sha
 2025-11-06 08:50:00 +10:00
Daniel Pouzzner
3d99090bcb Merge pull request #9374 from philljj/spelling_cleanup 
wolfcrypt test: tiny spelling correction.
 2025-11-05 13:44:44 -06:00
night1rider
572776e685 Reset return value to success when copy callback requests to use software function instead 2025-11-04 13:25:16 -07:00
Daniel Pouzzner
54dc060579 implement WC_MUTEX_OPS_INLINE and WC_RWLOCK_OPS_INLINE gates. 2025-11-04 12:01:58 -06:00
Daniel Pouzzner
abec842c59 wolfcrypt/src/asn.c: in wc_Ed25519PublicKeyToDer(), when old FIPS, cast "key" arg to wc_ed25519_export_public(). 2025-11-04 09:38:50 -06:00
Josh Holtrop
b82cccce21 Rust wrapper: add wolfssl::wolfcrypt::ed448 module 2025-11-04 08:34:46 -05:00
Daniel Pouzzner
d47108c97f Merge pull request #9368 from holtrop/rust-wc-ed25519 
Rust wrapper: add wolfssl::wolfcrypt::ed25519 module
 2025-11-03 22:40:43 -06:00
Sean Parkinson
e4d47fb5c7 Curve25519/448: lshift of negative is undefined in C 
Change all left shifts to be of unsigned values.
In some cases the values were negative.

Changed 128-bit variable implementation of Curve25519. (generated)
Changed Ed25519 C implementation.
Changed Curve448 C implementation. (generated)
Changed Ed448 C implementation. (generated)
 2025-11-04 10:40:23 +10:00
jordan
720b8e117c wolfcrypt test: tiny spelling correction. 2025-11-03 10:06:47 -06:00
Sean Parkinson
574067e204 Curve25519: lshift of a negative value is undefined in C 
Change all left shifts to be of unsigned values.
In some cases the values were negative.

Added macros to make the code easier to be consistent.
 2025-11-03 22:08:52 +10:00
Daniel Pouzzner
78ff20569e linuxkm: 
globally rename+unify:
* HAVE_LINUXKM_PIE_SUPPORT and USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE under gate WC_PIE_RELOC_TABLES
* WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY as WC_PIE_INDIRECT_SYM_BY_FUNC_ONLY
* WC_LKM_INDIRECT_SYM_BY_DIRECT_TABLE_READ as WC_PIE_INDIRECT_SYM_BY_DIRECT_TABLE_READ
* WC_LKM_INDIRECT_SYM() as WC_PIE_INDIRECT_SYM;

linuxkm/linuxkm_wc_port.h:
* implement pointer-caching inline wolfssl_linuxkm_get_pie_redirect_table_local() for the WC_PIE_INDIRECT_SYM_BY_FUNC_ONLY path;
* for FIPS_VERSION3_GE(6,0,0), add wolfCrypt_FIPS_*_ro_sanity pointers to struct wolfssl_linuxkm_pie_redirect_table, and corresponding ad hoc prototypes;

linuxkm/Makefile and linuxkm/module_hooks.c: move wc_linuxkm_pie_reloc_tab into the wolfCrypt PIE container;

linuxkm/module_hooks.c and linuxkm/linuxkm_wc_port.h: harmonize the types of __wc_{text,rodata}_{start,end} with wolfCrypt_FIPS_{first,last,ro_start,ro_end} to allow drop-in use of the all-inclusive ELF fenceposts, activated by WC_USE_PIE_FENCEPOSTS_FOR_FIPS.
 2025-10-31 16:03:51 -05:00
Josh Holtrop
7cbcd0b00d Rust wrapper: add wolfssl::wolfcrypt::ed25519 module 2025-10-31 11:03:15 -04:00
Daniel Pouzzner
9273c00566 Merge pull request #9364 from dgarske/silabs_ecb 
Fixed issue with AES ECB offloading to hardware to use full size
 2025-10-30 23:55:31 -05:00
Daniel Pouzzner
643cbe127d Merge pull request #9354 from rlm2002/coverity 
20251027 Coverity fixes
 2025-10-30 23:54:18 -05:00
Daniel Pouzzner
299257eae9 Merge pull request #9360 from SparkiDev/aarch64_sha256_vreg_fix 
Aarch64 ASM: missing push and pop of vector regs
 2025-10-30 23:46:11 -05:00
David Garske
c5ae76e40d Fixed issue with AES ECB offloading to hardware to use full size, not 
just block
 2025-10-29 15:52:33 -07:00
Sean Parkinson
d7807d39e0 Aarch64 ASM: missing push and pop of vector regs 
Generated code wasn't pushing and poping vector registers when they were
64-bit.
Generation code fixed and SHA-256 ASM code fixed.
 2025-10-29 09:15:32 +10:00
Daniel Pouzzner
9b90ea83eb src/x509.c: in wolfSSL_X509_get_ext_by_OBJ() and wolfSSL_X509_load_cert_crl_file(), add local protection from null derefs (fixes -Wnull-dereferences); 
wolfcrypt/src/chacha.c and wolfssl/wolfcrypt/chacha.h: implement USE_ARM_CHACHA_SPEEDUP gate;

wolfcrypt/src/kdf.c: in wc_SSH_KDF(), add early return if _HashInit() fails (fixes _HashFree() of uninited _hash);

wolfcrypt/src/sha256.c: initialize sha256->W in ARMASM variant of wc_InitSha256_ex(), and pass sha256->heap to XMALLOC/XFREE consistently.
 2025-10-28 16:42:14 -05:00
Ruby Martin
e546d319c1 Fix Coverity INTEGER_OVERFLOW in sp_to_unsigned_bin, avoid unsigned underflow 2025-10-28 11:12:19 -06:00