Commit Graph

30621 Commits

Author SHA1 Message Date
David Garske 76491e6b60 Merge pull request #10661 from yosuke-wolfssl/fix/f_5808
Enable SCSV check unconditionally
2026-07-08 10:52:59 -07:00
David Garske 6b1bf6b81b Merge pull request #10551 from julek-wolfssl/dtls-perf-benchmark
Add DTLS throughput benchmark tool and optimize send path
2026-07-08 10:31:11 -07:00
David Garske 16a2681ca4 Merge pull request #10604 from AlexLanzano/cryptocb-getdevice
Expose wc_CryptoCb_GetDevice and add CryptoCb API test coverage
2026-07-08 10:30:59 -07:00
David Garske a6ee818b27 Merge pull request #10781 from julek-wolfssl/parallel-make-check-status-emoji
.github/scripts/parallel-make-check.py: emit literal status emoji, not :shortcodes:
2026-07-08 10:25:29 -07:00
David Garske 67ca317097 Merge pull request #10737 from kareem-wolfssl/zd21998
X509 validation fixes
2026-07-08 09:48:26 -07:00
JacobBarthelmeh 7c085837ae Merge pull request #10772 from dgarske/qat_review
Intel QuickAssist: multi-device utilization + software-fallback / Cavium fixes
2026-07-08 10:39:24 -06:00
David Garske 59e942b07a Merge pull request #10844 from SparkiDev/windows_arm64_1
ARM64 Windows: Add assembly
2026-07-08 09:28:41 -07:00
David Garske 0d02f2fe2f Merge pull request #10816 from kojiws/fix_mem_cast_on_mldsa
Fix unaligned memory access in ML-DSA
2026-07-08 09:28:28 -07:00
David Garske 60085b0e48 Merge pull request #10837 from rlm2002/zd-NameConstraints
DNS name constraint fix
2026-07-08 09:21:52 -07:00
Tobias Frauenschläger 673d8d00bb Merge pull request #10778 from SparkiDev/time_stamp_protocol
Time-Stamp Protocol (RFC 3161)
2026-07-08 17:43:38 +02:00
David Garske b19f00a736 Merge pull request #10807 from SparkiDev/aes_gcm_siv_asm
AES-GCM-SIV: Add implementation in C and assembly
2026-07-08 08:30:02 -07:00
David Garske a8d223b308 Merge pull request #10834 from SparkiDev/cmake_update_1
cmake: add more build options in line with automake
2026-07-08 08:29:11 -07:00
David Garske 7f441a687a Merge pull request #10748 from night1rider/AES-Callbacks
AES callbacks for CFB and OFB
2026-07-08 08:25:23 -07:00
Tobias Frauenschläger dcc2b23b1a Merge pull request #10852 from stenslae/fix-mldsa-privkeydecode-no-asn1
Fix ML-DSA level auto-detection in WOLFSSL_MLDSA_NO_ASN1 builds
2026-07-08 10:03:34 +02:00
Tobias Frauenschläger 3b07f7df34 Merge pull request #10855 from philljj/misc_fixes
wolfcrypt: fix several redefinition of typedef errors.
2026-07-08 09:56:45 +02:00
David Garske 3cc69f0fae Merge pull request #10839 from kojiws/fix_arm64_macro_name
ML-DSA: Fix misspelled `__arch64__` macro to `__aarch64__`
2026-07-07 21:55:46 -07:00
David Garske e0a8f3f475 Merge pull request #10706 from JacobBarthelmeh/dev
defense in depth hardening for x509 extension create by OBJ and EVP decode update
2026-07-07 16:41:15 -07:00
Sean Parkinson ae023a5643 Time-Stamp Protocol (RFC 3161)
Implementation in wolfCrypt
OpenSSL compatibility layer in wolfSSL
Added tests, certificates, examples.
2026-07-08 09:33:47 +10:00
David Garske a296ac07fc Merge pull request #10842 from miyazakh/f6162_tsiphash
[Renesas RX72N] RX72N TSIP fixes and command-line build/flash/UART tooling
2026-07-07 16:17:30 -07:00
Sean Parkinson 7a1513468d cmake: add more build options in line with automake
Updates
  - ~100 individual options added (ciphers, TLS features, debug/test, caches,
  kernel-module, key-size numerics, asm) + fixed WOLFSSL_32BIT's missing define.
  - 37 app-integration bundles (openssh, nginx, haproxy, openvpn, wpas,
  apachehttpd, jni, wolfclu, wolfsentry, ...) - each force-enables its
  sub-options and emits its defines; all build clean and match ./configure
  --enable-X exactly (miss=0/extra=0).
  - Each option wired in 3 places: add_option + define in CMakeLists.txt,
  #cmakedefine in options.h.in, source selection where needed. Verified by real
  libwolfssl.so builds.
2026-07-08 09:11:14 +10:00
philljj 2f2ffbac04 Merge pull request #10856 from douzzer/20260702-linuxkm-various
20260702-linuxkm-various
2026-07-07 17:44:50 -05:00
David Garske 6d38bc12e8 Merge pull request #10854 from rlm2002/gi10846-7
IDE resource handling and error-path improvements
2026-07-07 15:13:28 -07:00
Sean Parkinson 2bcb4efb5b ARM64 Windows: Add assembly
Add assembly generated for Windows ARM64.
Add build option to project files.
Add CI loops.
2026-07-08 08:04:24 +10:00
David Garske d805c804b9 Merge pull request #10733 from mattia-moffa/20260617-max32666-sha-streaming-old
MAX32666 fixes for old SDK
2026-07-07 14:54:34 -07:00
Sean Parkinson af3befef80 ARM66 Windows: Add assembly
Add assembly generated for Windows ARM64.
Add build option to project files.
Add CI loops.
2026-07-08 07:53:53 +10:00
Sean Parkinson cf7319062b Add Windows assembly files to the build
Windows ASM files generated along side the ATT assembly files.
Adding them to the build so they can be used.
2026-07-08 07:53:53 +10:00
David Garske 7dd7ae86c0 Merge pull request #10770 from embhorn/zd22032
Fix wolfSSL_BUF_MEM_grow_ex with WOLFSSL_NO_REALLOC
2026-07-07 14:48:29 -07:00
David Garske bee18d122d Merge pull request #10801 from SparkiDev/windows_asm_1
Add Windows assembly files to the build
2026-07-07 14:26:31 -07:00
David Garske 926a50458b Merge pull request #10841 from SparkiDev/extract_funcs_ssl_1
internal.c: extract functions to make code cleaner
2026-07-07 14:26:16 -07:00
Sean Parkinson 2c0e235bd1 AES-GCM-SIV: Add implementation in C and assembly
Added assembly for Intel x64, ARM64, ARM32, Thumb2.
2026-07-08 07:15:26 +10:00
David Garske 5ebc44ee4e Merge pull request #10848 from SparkiDev/wycheproof_fixes_5
Wycheproof: fixes for various platforms
2026-07-07 14:10:07 -07:00
David Garske c635740d6e Merge pull request #10850 from holtrop-wolfssl/wolfssl-wolfcrypt-2.1.0
Rust wrapper: wolfssl-wolfcrypt v2.1.0
2026-07-07 14:07:57 -07:00
Aidan Garske e6567ac353 Merge pull request #10838 from cyberstormdotmu/loganaden-patch-wolfssl_quic_underflow
quic: Fix buffer underflow
2026-07-07 13:30:26 -07:00
night1rider 2c6261d1a8 Add testing for cryptocb only for aes ofb and cfb 2026-07-07 14:20:29 -06:00
night1rider d09803154b Adding callbacks for AES mode OFB and CFB, along with callback testing/coverage for the callback paths 2026-07-07 14:20:26 -06:00
David Garske e1ff608876 Intel QAT: add async hybrid PQC server key share regression test 2026-07-07 09:54:04 -07:00
David Garske d929c9b88a Intel QAT: serialize build/check under --with-intelqa; update port README 2026-07-07 09:54:04 -07:00
David Garske 673a6703b1 Intel QAT: interleave instances across devices for multi-device utilization 2026-07-07 09:54:04 -07:00
David Garske f7c5256d36 Intel QAT: fix heap argument in RSA public free 2026-07-07 09:54:04 -07:00
David Garske fa9dd0a671 Intel QAT: fall back to regular memory when crypto service not started 2026-07-07 09:54:04 -07:00
David Garske cf8048baab Fix Cavium async event queue req_count buffer overflow 2026-07-07 09:54:03 -07:00
David Garske 0041fa430e Fix TLS 1.3 hybrid PQC server key share dropped under async crypt 2026-07-07 09:54:03 -07:00
Tobias Frauenschläger 1a144b69bd x509_str.c: gate pathLen decrement on isCa
X509StoreCheckPathLen() consumed a unit of the issuer's path length budget
for any non-self-issued intermediate. Gate the RFC 5280 sec. 6.1.4 (l)
decrement on cert->isCa so only CA certificates count, matching
ParseCertRelative() (wolfcrypt/src/asn.c) and the (m) tightening step. This
prevents a false PATH_LENGTH_EXCEEDED when a non-CA intermediate is tolerated
via verify_cb.
2026-07-07 16:02:27 +02:00
Tobias Frauenschläger 54e20016cd x509_str.c: fix partial-chain double-push and rework pathLen tests
- Break out of the chain-build loop after the partial-chain fallback accepts
  a caller-trusted terminus, so it is pushed to ctx->chain once instead of
  twice; X509StoreCheckPathLen's anchor-skip is now defensive, not load-bearing.
- Drop the now-dead cert == anchor guard and refresh the comment.
- Rework the pathLen regression tests: reuse the existing certs/test-pathlen
  chains (chainF rejects, chainB verifies) instead of inlined report certs.
2026-07-07 16:02:27 +02:00
Kareem 3143ae0d75 Refactor to allow maxPathLen set to WOLFSSL_MAX_PATH_LEN. 2026-07-07 16:02:27 +02:00
Tobias Frauenschläger cc78d130c4 X509 validation fixes 2026-07-07 16:02:27 +02:00
Daniel Pouzzner 833e360ccd fixes for issues identified by CI tests and AI review:
tests/api/api.h: always use FIPS 186-4 settings if defined(HAVE_SELFTEST).

wolfssl/wolfcrypt/settings.h: if defined(HAVE_SELFTEST), #define WC_FIPS_186_4.
2026-07-07 02:35:51 -05:00
Daniel Pouzzner 3965993c6d wolfssl/wolfcrypt/types.h: in fallback definition of DISABLE_VECTOR_REGISTERS(), return NOT_COMPILED_IN rather than (-1), for clarity and traceability.
linuxkm/lkcapi_sha_glue.c: require defined(WOLFSSL_EXPERIMENTAL_SETTINGS) when defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES).
2026-07-07 00:19:48 -05:00
Daniel Pouzzner 5cee8bec39 wolfcrypt/src/rng_bank.c:
* refactor rng_bank.refcount management using wolfSSL_RefInc_IfAtLeast() and wolfSSL_RefDec_IfEquals(), to mitigate deallocation races.
* in wc_rng_bank_init(), fail fast for non-retryable errors.
* in wc_rng_bank_init(), wc_rng_bank_checkout(), and wc_rng_bank_inst_reinit(), consistently treat timeout_secs==0 as dont-wait, and timeout_secs<0 as wait-forever if wc_rng_bank_init() or flags & WC_RNG_BANK_FLAG_CAN_WAIT.
* in wc_rng_bank_checkout(), fix affinity dynamics to recompute after possible sleep, or drop affinity attempts entirely if using WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST strategy.
2026-07-07 00:19:48 -05:00
Daniel Pouzzner 0fdceafe6b wolfcrypt/src/wc_port.c, wolfssl/wolfcrypt/wc_port.h:
* implement wolfSSL_RefInc_IfAtLeast() and wolfSSL_RefDec_IfEquals().
* implement wolfSSL_RefWithMutexInc_IfAtLeast() and wolfSSL_RefWithMutexDec_IfEquals().

wolfssl/wolfcrypt/wc_port.h: for old FIPS when __GNUC__ or __clang__, always map __FUNCTION__ to __func__ for pedantic conformance.
2026-07-07 00:19:48 -05:00