Commit Graph

27920 Commits

Author SHA1 Message Date
Daniel Pouzzner 91ea97ecdf Merge pull request #9712 from night1rider/max-32666-code-improvements
Fix Crash when using Sha224 Callback with MAX32666
2026-03-05 14:58:02 -06:00
Daniel Pouzzner b2913d27dd Merge pull request #9842 from rlm2002/coverity
20260227 Coverity changes
2026-03-05 14:53:14 -06:00
David Garske 36328e31a5 Merge pull request #9857 from douzzer/20260303-linuxkm-aarch64-fixes
20260303-linuxkm-aarch64-fixes
2026-03-05 07:53:00 -08:00
Daniel Pouzzner 67bcaff4b8 linuxkm/module_hooks.c: fix syntax error in wolfssl_init(). 2026-03-04 16:13:09 -06:00
Daniel Pouzzner f04e6e8718 tests/api.c and tests/api/test_pkcs7.c: fixes for CFLAGS="-Og" --enable-all (PRB-single-flag.txt line 3). 2026-03-04 14:46:20 -06:00
Daniel Pouzzner 1297a85b03 wolfcrypt/test/test.c:
* skip pkcs12_test() if NO_SHA;
* sha3_224_test(): fix error-path leak and possible uninited-read of shaCopy.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner fe93ec87b1 linuxkm/module_hooks.c: in dump_to_file(), accommodate mis-prototyped kernel_write() in kernels 3.9-4.13. 2026-03-04 13:14:07 -06:00
Daniel Pouzzner f67c29ae51 linuxkm/Kbuild:
* for aarch64/arm64, only add -mno-outline-atomics if the compiler supports it.
* in ENABLED_LINUXKM_PIE setup, avoid -fPIE on arm32 <5.11 (missing reloc support).

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: gate interception of alt_cb_patch_nops() on kernel >= 6.1.

linuxkm/linuxkm_wc_port.h: define WC_LINUXKM_SUPPORT_DUMP_TO_FILE implicitly when WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT.

linuxkm/module_hooks.c: fixes for text_dump_path and rodata_dump_path handler code.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner 8d1b825558 configure.ac:
* add --enable-wolfentropy as a synonym for --enable-wolfEntropy;
* avoid -Wno-deprecated-enum-enum-conversion when KERNEL_MODE_DEFAULTS, to work around old gcc with broken results from AX_CHECK_COMPILE_FLAG();
* rework help messages for several synonym options to refer to the canonical option (--enable-linuxkm-pie, --enable-kyber, --enable-dilithium, --enable-amdrand, --enable-entropy-memues).
2026-03-04 13:14:07 -06:00
Daniel Pouzzner 4a51ed4c26 wolfcrypt/test/test.c: add FIPS gates around "Copy cleanup test" exercises added by 4713ad5675 (#9829). 2026-03-04 13:14:07 -06:00
Daniel Pouzzner 1c8d593af7 Merge pull request #9860 from anhu/for_length
Fix for loop exit condition.
2026-03-04 12:18:31 -06:00
night1rider daf3b067d4 Add common SHA copy/free helpers with leak-safe msg buffer handling and copy/free crypto callbacks to replicate the non-callback code behavior when using MAX3266X_SHA_CB. 2026-03-04 10:27:22 -07:00
night1rider c3b329eb2e Refactor to use HASH_KEEP option instead of dedicated context for SHA, also add HASH_KEEP to sha1 context with correct init/free calls 2026-03-04 10:27:22 -07:00
Zackery Backman 2f2fca6a91 Remove stdio inclusion and then revert removal of null check for MXC free 2026-03-04 10:27:22 -07:00
night1rider 224ac9e2ff Add setting callback and MXC init when using arm asm with callbacks 2026-03-04 10:27:22 -07:00
Zackery Backman 4ef0492f23 Improve logic behind copy and free for sha, add copy and free callback functions, fix sha224 crashing when using callbacks for MAX32666 due to unitialized struct. 2026-03-04 10:27:22 -07:00
Anthony Hu 9d3cc6e30c Fix for loop exit condition.
size should be length.  s includes offset, so it must be compared against
length, not size because size is only what is after offset.
2026-03-04 10:17:33 -05:00
Ruby Martin 682901e32e return MP_VAL if n < 0. remove check for max int value
remove comment
2026-03-03 09:50:16 -07:00
Daniel Pouzzner 350706d2c8 Merge pull request #9847 from embhorn/gh9846
Fix DRBG_internal alloc in wc_RNG_HealthTestLocal
2026-03-03 00:23:10 -06:00
Ruby Martin 0ef8541b73 validate hashAlgSz is within bounds before calling XMEMCPY 2026-03-02 15:05:01 -07:00
Eric Blankenhorn 42e51701e1 Fix DRBG_internal alloc in wc_RNG_HealthTestLocal 2026-03-02 11:19:38 -06:00
Sean Parkinson 215fe1341c Merge pull request #9829 from night1rider/tmpSha-fixes
Fix potential memory leak when copying into existing SHA contexts and zero init tmpSha
2026-03-02 21:18:55 +10:00
Sean Parkinson cba9ffd703 Merge pull request #9782 from kareem-wolfssl/zd21204
Ensure length is at least ID_LEN in SetTicket.
2026-03-02 21:12:29 +10:00
David Garske a4e2d851d7 Merge pull request #9845 from douzzer/20260228-linuxkm-missed-patch
20260228-linuxkm-missed-patch
2026-02-28 15:43:17 -08:00
Daniel Pouzzner f1b65be0ca linuxkm/Makefile: fix misplaced quotes in configure call in libwolfssl-user-build recipe. 2026-02-28 14:07:00 -06:00
Daniel Pouzzner 21f7fd8901 linuxkm/include.am: add WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch. 2026-02-28 12:29:21 -06:00
David Garske 5d6a23bd19 Merge pull request #9844 from douzzer/20260226-linuxkm-SUPPORT_DUMP_TO_FILE
20260226-linuxkm-SUPPORT_DUMP_TO_FILE
2026-02-28 08:54:02 -08:00
Daniel Pouzzner d22175ae37 Makefile.am: for linuxkm module target, pass through "module" target as such, for compatibility with alt LIBWOLFSSL_NAME.
linuxkm/Makefile:

* don't use `readarray -d` -- it's a recent bashism;
* rework libwolfssl-user-build/src/.libs/libwolfssl.so recipe to better isolate sub-build settings.
* add support for HOSTCC and HOSTCFLAGS in libwolfssl.so build.
* deploy $(QFLAG) --no-print-directory --no-silent in several submakes for neatness and resilience.
* tweak $(LIBWOLFSSL_NAME).ko.signed recipe to add a "skipping" message and some consistency checking.

linuxkm/README.md: update FIPS DRBG /proc/crypto content to show seed source.

linuxkm/linuxkm_memory.c: fixes for format character portability in a RELOC_DEBUG_PRINTF() in wc_reloc_normalize_text).

linuxkm/linuxkm_wc_port.h: pull in linux/moduleparam.h, and if WC_LINUXKM_SUPPORT_DUMP_TO_FILE, pull in linux/fs.h and linux/uaccess.h.

linuxkm/module_hooks.c: implement WC_LINUXKM_SUPPORT_DUMP_TO_FILE: dump_to_file() and module args text_dump_path=... and rodata_dump_path=...

linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch: add to accommodate patch-breaking change in Linux 7dff99b354.
2026-02-28 00:25:06 -06:00
Daniel Pouzzner 76bc6e337b wolfcrypt/src/hpke.c, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: implement RFC 9180 overflow checks on context->seq in wc_HpkeContextSealBase() and wc_HpkeContextOpenBase(), and add SEQ_OVERFLOW_E to wolfCrypt_ErrorCodes (Fenrir M-70). 2026-02-27 23:40:37 -06:00
Daniel Pouzzner 4110887871 wolfcrypt/src/aes.c: in AesSivCipher(), burn sivTmp before return (Fenrir M-69). 2026-02-27 23:40:19 -06:00
Daniel Pouzzner 616a6a5789 wolfcrypt/src/ecc.c: in wc_ecc_import_point_der_ex() and wc_ecc_import_x963_ex2(), add missing retval capture for sp_ecc_uncompress_sm2_256() (Fenrir M-68). 2026-02-27 23:39:57 -06:00
Daniel Pouzzner bdea01a931 src/x509.c: in loadX509orX509REQFromPemBio(), fix an identicalInnerCondition. 2026-02-27 23:39:38 -06:00
night1rider 69ddefb099 Zero-initialize stack-declared hash contexts in GetHash functions before passing to Copy, which now calls Free(dst) and requires valid fields. 2026-02-27 16:13:21 -07:00
night1rider 4c5e321dfb Add missing error check for wc_Sha512Final in unaligned memory test. 2026-02-27 14:31:33 -07:00
night1rider 70ccda7619 Free the reused struct before reiniting it for new test 2026-02-27 12:56:58 -07:00
night1rider d4f8f0d0a5 Revert XMEMSET 0 after free in copy process for digest/hashing functions 2026-02-27 12:56:58 -07:00
night1rider 39ab81bdda Use WC_DECLARE_VAR/WC_ALLOC_VAR for shaCopy in SHA3/Shake tests to avoid stack frame overflow on small-stack builds. 2026-02-27 12:56:58 -07:00
night1rider ca150724b3 Revert "Fix SHA3/Shake copy cleanup tests to heap-allocate shaCopy to avoid exceeding stack frame limit."
This reverts commit d99fe3bbfd.
2026-02-27 12:56:58 -07:00
night1rider b87cb3e1cd Fix SHA3/Shake copy cleanup tests to heap-allocate shaCopy to avoid exceeding stack frame limit. 2026-02-27 12:56:58 -07:00
night1rider 4713ad5675 Add Free(dst) + XMEMSET before XMEMCPY in all wc_ hash Copy functions (MD5, SHA, SHA2, SHA3, SHAKE) and add copy cleanup tests to prevent resource leaks when copying into previously-used contexts. 2026-02-27 12:56:58 -07:00
night1rider 60573a3782 memset 0 the temp contexts 2026-02-27 12:56:57 -07:00
night1rider 4c9b980c72 Fix potential memory leak in SHA Copy and zero-initialize temp GetHash contexts; zero HMAC dst hash before copy to prevent shared pointers 2026-02-27 12:56:57 -07:00
night1rider 1f3bea4907 Fix potential memory leak when copying into existing SHA contexts and zero-initialize temp GetHash contexts 2026-02-27 12:56:57 -07:00
David Garske 9102df3c83 Merge pull request #9837 from jackctj117/PKCS7-unused-variable
Fix unused variable warning in PKCS7 without WC_RSA_PSS
2026-02-27 11:27:13 -08:00
JacobBarthelmeh 080b46dfc1 Merge pull request #9840 from embhorn/zd21243
Fix prefix for WC_ALL_ARGS_NOT_NULL
2026-02-27 10:48:45 -07:00
Ruby Martin d6c8e7bced add tmp variable to satisfy coverity before casting and assigning to word32 variable 2026-02-27 09:32:01 -07:00
Ruby Martin 5c257e15bb remove redundant NULL check 2026-02-27 09:32:01 -07:00
Ruby Martin 7a8550c217 compare to original type when searching private key headers, prevent deadcode when WOLF_PRIVATE_KEY_ID enabled 2026-02-27 09:32:01 -07:00
jackctj117 e6d4c5561c Move paramsStart declaration inside WC_RSA_PSS guard 2026-02-27 09:20:54 -07:00
Eric Blankenhorn 2243133572 Fix prefix for WC_ALL_ARGS_NOT_NULL 2026-02-27 07:29:41 -06:00