wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 07:42:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,185 Commits 12 Branches 184 Tags
8f089cdcfe984e18cefb083747e44ff1d3670fdc
Commit Graph

27185 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
8f089cdcfe Merge pull request #9508 from SparkiDev/ppc32_sha256_asm_pic 
PPC32 SHA-256 ASM: support compiling for PIC
 2025-12-23 08:12:50 -08:00
Sean Parkinson
59f84355a5 Merge pull request #9573 from night1rider/aes-free-callbacks 
Aes Free callback support
 2025-12-23 08:47:05 +10:00
Sean Parkinson
c8f2cc5b43 Merge pull request #9566 from dgarske/ca_skid_cert_akid 
Added build option to allow certificate CA matching using AKID with signers SKDI
 2025-12-23 08:40:14 +10:00
night1rider
afbc65a6c3 Aes Free callback support 2025-12-22 12:39:41 -07:00
Sean Parkinson
da06e1aeea Merge pull request #9558 from kareem-wolfssl/zd20944_2 
Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application.
 2025-12-22 19:38:42 +10:00
Sean Parkinson
7a326ef43f Merge pull request #9553 from julek-wolfssl/ed25519-export-key-check 
ed25519: validate presence of keys in export functions
 2025-12-22 19:31:14 +10:00
JacobBarthelmeh
0a0c43054f Merge pull request #9564 from douzzer/20251219-fixes 
20251219-fixes
 2025-12-19 16:24:20 -07:00
David Garske
1cb2231ff5 Added build option to allow certificate CA matching using AKID with signers SKID ( WOLFSSL_ALLOW_AKID_SKID_MATCH). Fixed issue with cert->extAuthKeyIdSz not being set with ASN template code. 2025-12-19 14:14:39 -08:00
Daniel Pouzzner
a7550346dd wolfcrypt/test/test.c: in rng_seed_test(), fix gates for FIPS 5.2.4. 2025-12-19 15:50:27 -06:00
Daniel Pouzzner
d3f74557fe wolfcrypt/src/wolfentropy.c: add volatile attribute to entropy_memuse_initialized declaration; in wc_Entropy_Get(), if HAVE_FIPS, call Entropy_Init() if necessary, to accommodate FIPS KATs; in Entropy_Init(), add thread safety. 2025-12-19 15:45:17 -06:00
JacobBarthelmeh
d5723d0d89 Merge pull request #9544 from julek-wolfssl/gh/9362 
Check KeyShare after HRR
 2025-12-19 14:36:31 -07:00
David Garske
1825bd86f5 Merge pull request #9550 from JacobBarthelmeh/caam 
sanity checks on buffer size with AES and CAAM Integrity use
 2025-12-19 11:03:40 -08:00
JacobBarthelmeh
d26c11c626 Merge pull request #9551 from josepho0918/iar 
Add IAR support to WC_OFFSETOF macro
 2025-12-19 11:36:33 -07:00
JacobBarthelmeh
8153ea6189 Merge pull request #9559 from cconlon/pkcs7SignedNonOctet 
Fix PKCS#7 SignedData parsing for non-OCTET_STRING content types
 2025-12-19 11:12:06 -07:00
Daniel Pouzzner
6f95a9c58e wolfcrypt/src/random.c: in _InitRng(), remove "drbg_instantiated" conditional cleanup logic (Coverity true-benign-positive: DEADCODE because drbg_instantiated is always false when ret != DRBG_SUCCESS). 2025-12-19 10:30:14 -06:00
Daniel Pouzzner
fb26b2dfe1 wolfcrypt/test/test.c: in HMAC tests, initialize ret, to silence uninitvar from cppcheck-force-source. 2025-12-19 09:07:14 -06:00
Daniel Pouzzner
96c47cd18c wolfcrypt/test/test.c: in _rng_test(), inhibit the WC_RESEED_INTERVAL subtest if an rng callback is installed. 2025-12-19 08:55:35 -06:00
Juliusz Sosinowicz
dd35f10b57 ed25519: validate presence of keys in export functions 2025-12-19 10:14:26 +01:00
Chris Conlon
afe82b9512 Fix PKCS#7 degenerate detection based on signerInfos length 2025-12-18 16:28:03 -07:00
Chris Conlon
d6dcd30736 Fix PKCS#7 streaming for non OCTET STRING content types 2025-12-18 16:28:01 -07:00
JacobBarthelmeh
bbc3a72ea8 Merge pull request #9556 from julek-wolfssl/rng-tools-timeout-fix 
rng-tools: increase jitter timeout
 2025-12-18 15:59:42 -07:00
Kareem
c238defe23 Add cast for public_size 2025-12-18 15:32:59 -07:00
JacobBarthelmeh
4162f24434 Merge pull request #9555 from embhorn/zd20964 
Null deref check in Pkcs11ECDH
 2025-12-18 15:14:35 -07:00
Chris Conlon
5eef52c6fa Add test for PKCS#7 SignedData with non-OCTET_STRING content 2025-12-18 15:02:02 -07:00
Kareem
81d32f4fe6 Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application. 2025-12-18 14:37:59 -07:00
David Garske
4e96b11cce Merge pull request #9557 from douzzer/20251218-fixes 
20251218-fixes
 2025-12-18 12:35:44 -08:00
Daniel Pouzzner
8a8ef3512e src/internal.c: in FreeSSL_Ctx(), use wolfSSL_RefWithMutexFree(&ctx->ref), matching refactor in #8187. 2025-12-18 11:48:31 -06:00
Juliusz Sosinowicz
4e15ccec35 rng-tools: increase jitter timeout 2025-12-18 18:40:54 +01:00
Daniel Pouzzner
83e9a0780f wolfcrypt/src/wc_lms.c: fix leak in wc_LmsKey_Reload(). 2025-12-18 11:09:37 -06:00
Daniel Pouzzner
59b3219c0f wolfcrypt/test/test.c: fix memory leaks in Hmac tests. 2025-12-18 10:47:21 -06:00
Eric Blankenhorn
d1a4677a8a Null deref check in Pkcs11ECDH 2025-12-18 10:10:57 -06:00
Joseph Chen
1484fb5069 Add IAR support to WC_OFFSETOF macro 2025-12-18 15:46:35 +08:00
Sean Parkinson
a103f5af8b Merge pull request #9545 from douzzer/20251211-DRBG-SHA2-smallstackcache-prealloc 
20251211-DRBG-SHA2-smallstackcache-prealloc
 2025-12-18 10:07:37 +10:00
Sean Parkinson
b7e69fb2f3 Merge pull request #9543 from kareem-wolfssl/zd20944 
Check Curve25519 public key after generating one to avoid generating invalid keys.
 2025-12-18 09:29:58 +10:00
JacobBarthelmeh
911e996a8d Merge pull request #9546 from SparkiDev/curve25519_base_smul_improv 
Curve25519: improved smul
 2025-12-17 15:28:56 -07:00
JacobBarthelmeh
498b86fabd Merge pull request #9542 from holtrop-wolfssl/rust-wolfssl-wolfcrypt-crate 
Create wolfssl-wolfcrypt Rust crate
 2025-12-17 12:17:51 -07:00
Daniel Pouzzner
b23f59f137 Merge pull request #9540 from sameehj/linuxkm_tegra_fips_fixes 
linuxkm: fix Tegra Yocto FIPS build issues (ARM64, RT, PIE)
 2025-12-17 12:49:23 -06:00
JacobBarthelmeh
04a06fee0f Merge pull request #9535 from philljj/kernel_readme 
linuxkm: add a readme.
 2025-12-17 11:32:58 -07:00
JacobBarthelmeh
a2ab7b3e80 Merge pull request #9548 from julek-wolfssl/fix-os-check-cflags 
Fix incorrect use of CFLAGS in os-check
 2025-12-17 10:37:44 -07:00
JacobBarthelmeh
39a903b30c Merge pull request #9549 from embhorn/zd20965 
Fix MQX example null deref
 2025-12-17 10:35:43 -07:00
JacobBarthelmeh
16e035d692 Merge pull request #9547 from SparkiDev/aesgcm_ossl_arm32_asm_fix 
AES-GCM ARM32/Thumb2 ASM: don't change aes->reg in decrypt
 2025-12-17 10:33:38 -07:00
JacobBarthelmeh
393dab2151 Merge pull request #9524 from julek-wolfssl/zephyr-cpp 
Updates for latest zephyr with cpp
 2025-12-17 10:30:18 -07:00
JacobBarthelmeh
e93835acd9 sanity checks on buffer size with AES and CAAM Integrity use 2025-12-17 10:15:32 -07:00
Daniel Pouzzner
fc7d4ffad4 PR#9545 20251211-DRBG-SHA2-smallstackcache-prealloc addressing peer review: clear dest if necessary in InitHandshakeHashesAndCopy(), style tweaks in random.c, explanatory comments in sha512.c. 2025-12-17 11:07:22 -06:00
Daniel Pouzzner
33fc601011 tweaks from PRBs results: 
tests/api.c:
* remove inapt SSL_library_init() in test_wolfSSL_EVP_Cipher_extra();
* move TEST_X509_DECLS to follow TEST_DECL(test_wolfSSL_Init);

tests/api/test_random.c: enlarge seed buffer in test_wc_RNG_TestSeed() to accommodate amdrand block size;

tests/quic.c: wrap exercises in wolfSSL_Init()...wolfSSL_Cleanup();

tests/unit.c: in unit_test(), add several more fflush(stdout)s, report error from wolfSSL_Cleanup(), and fix line length;

wolfcrypt/test/test.c: omit reseed test in _rng_test() if HAVE_INTEL_RDRAND or old FIPS, and use simplified random_test() if HAVE_INTEL_RDRAND;

wolfssl/wolfcrypt/mem_track.h: add memList pointer in struct memoryStats, and set it in InitMemoryTracker();

wolfssl/wolfcrypt/settings.h: undefine WOLFSSL_SMALL_STACK_CACHE if WOLFSSL_SMALL_STACK is undefined;

.github/workflows/trackmemory.yml: add --enable-intelrdseed scenario.
 2025-12-17 11:01:11 -06:00
Daniel Pouzzner
e159c650ea .wolfssl_known_macro_extras: add CONFIG_CRYPTO_DRBG. 2025-12-17 11:01:10 -06:00
Daniel Pouzzner
79d1e6b295 .github/workflows/trackmemory.yml: new workflow testing various configs with -DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY. 2025-12-17 11:01:10 -06:00
Daniel Pouzzner
fb82bdbc35 wolfcrypt/test/test.c: 
* in wolfcrypt_test_main(), when WOLFSSL_TRACK_MEMORY, check and error if wc_MemStats_Ptr->currentBytes > 0;
  * don't call the hash initialization APIs for hash structs that are later copied over with the hash copy API (sha224_test(), sha256_test(), sha512_test(), etc)
  * in hash_test(), either wc_HashNew() or wc_HashInit(), not both (fixes leaks);
  * in hmac_*_test(), add test coverage for wc_HmacCopy();
  * in _rng_test(), when WOLFSSL_TRACK_MEMORY && WOLFSSL_SMALL_STACK_CACHE, check that wc_MemStats_Ptr->totalAllocs doesn't increase when wc_RNG_GenerateBlock() is called, and if HAVE_HASHDRBG) && !CUSTOM_RAND_GENERATE_BLOCK, check that forcing a reseed doesn't result in an increase.
  * add missing context cleanups in openSSL_evpMD_test().
 2025-12-17 11:01:10 -06:00
Daniel Pouzzner
8bd0fb0e4b wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h: refactor WOLFSSL_SMALL_STACK_CACHE support to eliminate all heap calls after init and before cleanup. 
* add DRBG_internal.{seed_scratch,digest_scratch}
  * add WC_RNG.{drbg_scratch,health_check_scratch,newSeed_buf}
  * refactor to implement new WOLFSSL_SMALL_STACK_CACHE dynamics:
    * wc_RNG_HealthTestLocal()
    * Hash_df()
    * Hash_gen()
    * Hash_DRBG_Generate()
    * Hash_DRBG_Instantiate()
    * _InitRng()
    * PollAndReSeed()
    * wc_FreeRng()
    * wc_RNG_HealthTest_ex_internal()
    * wc_RNG_HealthTest_ex()
    * wc_RNG_HealthTestLocal()
  * refactor out WOLFSSL_KERNEL_MODE gates (now all WOLFSSL_SMALL_STACK_CACHE)
 2025-12-17 11:01:10 -06:00
Daniel Pouzzner
2b28931855 wolfcrypt/src/sha256.c and wolfcrypt/src/sha512.c: in WOLFSSL_SMALL_STACK_CACHE builds, allocate shafoo->W at init or context copy time, rather than in the transform function. for the SHA512 family, allocate additional space in W for "buffer" in wc_Sha512Transform(). 2025-12-17 11:01:10 -06:00