Daniel Pouzzner
91ea97ecdf
Merge pull request #9712 from night1rider/max-32666-code-improvements
...
Fix Crash when using Sha224 Callback with MAX32666
2026-03-05 14:58:02 -06:00
Daniel Pouzzner
b2913d27dd
Merge pull request #9842 from rlm2002/coverity
...
20260227 Coverity changes
2026-03-05 14:53:14 -06:00
David Garske
36328e31a5
Merge pull request #9857 from douzzer/20260303-linuxkm-aarch64-fixes
...
20260303-linuxkm-aarch64-fixes
2026-03-05 07:53:00 -08:00
Daniel Pouzzner
67bcaff4b8
linuxkm/module_hooks.c: fix syntax error in wolfssl_init().
2026-03-04 16:13:09 -06:00
Daniel Pouzzner
f04e6e8718
tests/api.c and tests/api/test_pkcs7.c: fixes for CFLAGS="-Og" --enable-all (PRB-single-flag.txt line 3).
2026-03-04 14:46:20 -06:00
Daniel Pouzzner
1297a85b03
wolfcrypt/test/test.c:
...
* skip pkcs12_test() if NO_SHA;
* sha3_224_test(): fix error-path leak and possible uninited-read of shaCopy.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner
fe93ec87b1
linuxkm/module_hooks.c: in dump_to_file(), accommodate mis-prototyped kernel_write() in kernels 3.9-4.13.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner
f67c29ae51
linuxkm/Kbuild:
...
* for aarch64/arm64, only add -mno-outline-atomics if the compiler supports it.
* in ENABLED_LINUXKM_PIE setup, avoid -fPIE on arm32 <5.11 (missing reloc support).
linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: gate interception of alt_cb_patch_nops() on kernel >= 6.1.
linuxkm/linuxkm_wc_port.h: define WC_LINUXKM_SUPPORT_DUMP_TO_FILE implicitly when WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT.
linuxkm/module_hooks.c: fixes for text_dump_path and rodata_dump_path handler code.
2026-03-04 13:14:07 -06:00
Daniel Pouzzner
8d1b825558
configure.ac:
...
* add --enable-wolfentropy as a synonym for --enable-wolfEntropy;
* avoid -Wno-deprecated-enum-enum-conversion when KERNEL_MODE_DEFAULTS, to work around old gcc with broken results from AX_CHECK_COMPILE_FLAG();
* rework help messages for several synonym options to refer to the canonical option (--enable-linuxkm-pie, --enable-kyber, --enable-dilithium, --enable-amdrand, --enable-entropy-memues).
2026-03-04 13:14:07 -06:00
Daniel Pouzzner
4a51ed4c26
wolfcrypt/test/test.c: add FIPS gates around "Copy cleanup test" exercises added by 4713ad5675 ( #9829 ).
2026-03-04 13:14:07 -06:00
Daniel Pouzzner
1c8d593af7
Merge pull request #9860 from anhu/for_length
...
Fix for loop exit condition.
2026-03-04 12:18:31 -06:00
night1rider
daf3b067d4
Add common SHA copy/free helpers with leak-safe msg buffer handling and copy/free crypto callbacks to replicate the non-callback code behavior when using MAX3266X_SHA_CB.
2026-03-04 10:27:22 -07:00
night1rider
c3b329eb2e
Refactor to use HASH_KEEP option instead of dedicated context for SHA, also add HASH_KEEP to sha1 context with correct init/free calls
2026-03-04 10:27:22 -07:00
Zackery Backman
2f2fca6a91
Remove stdio inclusion and then revert removal of null check for MXC free
2026-03-04 10:27:22 -07:00
night1rider
224ac9e2ff
Add setting callback and MXC init when using arm asm with callbacks
2026-03-04 10:27:22 -07:00
Zackery Backman
4ef0492f23
Improve logic behind copy and free for sha, add copy and free callback functions, fix sha224 crashing when using callbacks for MAX32666 due to unitialized struct.
2026-03-04 10:27:22 -07:00
Anthony Hu
9d3cc6e30c
Fix for loop exit condition.
...
size should be length. s includes offset, so it must be compared against
length, not size because size is only what is after offset.
2026-03-04 10:17:33 -05:00
Ruby Martin
682901e32e
return MP_VAL if n < 0. remove check for max int value
...
remove comment
2026-03-03 09:50:16 -07:00
Daniel Pouzzner
350706d2c8
Merge pull request #9847 from embhorn/gh9846
...
Fix DRBG_internal alloc in wc_RNG_HealthTestLocal
2026-03-03 00:23:10 -06:00
Ruby Martin
0ef8541b73
validate hashAlgSz is within bounds before calling XMEMCPY
2026-03-02 15:05:01 -07:00
Eric Blankenhorn
42e51701e1
Fix DRBG_internal alloc in wc_RNG_HealthTestLocal
2026-03-02 11:19:38 -06:00
Sean Parkinson
215fe1341c
Merge pull request #9829 from night1rider/tmpSha-fixes
...
Fix potential memory leak when copying into existing SHA contexts and zero init tmpSha
2026-03-02 21:18:55 +10:00
Sean Parkinson
cba9ffd703
Merge pull request #9782 from kareem-wolfssl/zd21204
...
Ensure length is at least ID_LEN in SetTicket.
2026-03-02 21:12:29 +10:00
David Garske
a4e2d851d7
Merge pull request #9845 from douzzer/20260228-linuxkm-missed-patch
...
20260228-linuxkm-missed-patch
2026-02-28 15:43:17 -08:00
Daniel Pouzzner
f1b65be0ca
linuxkm/Makefile: fix misplaced quotes in configure call in libwolfssl-user-build recipe.
2026-02-28 14:07:00 -06:00
Daniel Pouzzner
21f7fd8901
linuxkm/include.am: add WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch.
2026-02-28 12:29:21 -06:00
David Garske
5d6a23bd19
Merge pull request #9844 from douzzer/20260226-linuxkm-SUPPORT_DUMP_TO_FILE
...
20260226-linuxkm-SUPPORT_DUMP_TO_FILE
2026-02-28 08:54:02 -08:00
Daniel Pouzzner
d22175ae37
Makefile.am: for linuxkm module target, pass through "module" target as such, for compatibility with alt LIBWOLFSSL_NAME.
...
linuxkm/Makefile:
* don't use `readarray -d` -- it's a recent bashism;
* rework libwolfssl-user-build/src/.libs/libwolfssl.so recipe to better isolate sub-build settings.
* add support for HOSTCC and HOSTCFLAGS in libwolfssl.so build.
* deploy $(QFLAG) --no-print-directory --no-silent in several submakes for neatness and resilience.
* tweak $(LIBWOLFSSL_NAME).ko.signed recipe to add a "skipping" message and some consistency checking.
linuxkm/README.md: update FIPS DRBG /proc/crypto content to show seed source.
linuxkm/linuxkm_memory.c: fixes for format character portability in a RELOC_DEBUG_PRINTF() in wc_reloc_normalize_text).
linuxkm/linuxkm_wc_port.h: pull in linux/moduleparam.h, and if WC_LINUXKM_SUPPORT_DUMP_TO_FILE, pull in linux/fs.h and linux/uaccess.h.
linuxkm/module_hooks.c: implement WC_LINUXKM_SUPPORT_DUMP_TO_FILE: dump_to_file() and module args text_dump_path=... and rodata_dump_path=...
linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch: add to accommodate patch-breaking change in Linux 7dff99b354.
2026-02-28 00:25:06 -06:00
Daniel Pouzzner
76bc6e337b
wolfcrypt/src/hpke.c, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: implement RFC 9180 overflow checks on context->seq in wc_HpkeContextSealBase() and wc_HpkeContextOpenBase(), and add SEQ_OVERFLOW_E to wolfCrypt_ErrorCodes (Fenrir M-70).
2026-02-27 23:40:37 -06:00
Daniel Pouzzner
4110887871
wolfcrypt/src/aes.c: in AesSivCipher(), burn sivTmp before return (Fenrir M-69).
2026-02-27 23:40:19 -06:00
Daniel Pouzzner
616a6a5789
wolfcrypt/src/ecc.c: in wc_ecc_import_point_der_ex() and wc_ecc_import_x963_ex2(), add missing retval capture for sp_ecc_uncompress_sm2_256() (Fenrir M-68).
2026-02-27 23:39:57 -06:00
Daniel Pouzzner
bdea01a931
src/x509.c: in loadX509orX509REQFromPemBio(), fix an identicalInnerCondition.
2026-02-27 23:39:38 -06:00
night1rider
69ddefb099
Zero-initialize stack-declared hash contexts in GetHash functions before passing to Copy, which now calls Free(dst) and requires valid fields.
2026-02-27 16:13:21 -07:00
night1rider
4c5e321dfb
Add missing error check for wc_Sha512Final in unaligned memory test.
2026-02-27 14:31:33 -07:00
night1rider
70ccda7619
Free the reused struct before reiniting it for new test
2026-02-27 12:56:58 -07:00
night1rider
d4f8f0d0a5
Revert XMEMSET 0 after free in copy process for digest/hashing functions
2026-02-27 12:56:58 -07:00
night1rider
39ab81bdda
Use WC_DECLARE_VAR/WC_ALLOC_VAR for shaCopy in SHA3/Shake tests to avoid stack frame overflow on small-stack builds.
2026-02-27 12:56:58 -07:00
night1rider
ca150724b3
Revert "Fix SHA3/Shake copy cleanup tests to heap-allocate shaCopy to avoid exceeding stack frame limit."
...
This reverts commit d99fe3bbfd .
2026-02-27 12:56:58 -07:00
night1rider
b87cb3e1cd
Fix SHA3/Shake copy cleanup tests to heap-allocate shaCopy to avoid exceeding stack frame limit.
2026-02-27 12:56:58 -07:00
night1rider
4713ad5675
Add Free(dst) + XMEMSET before XMEMCPY in all wc_ hash Copy functions (MD5, SHA, SHA2, SHA3, SHAKE) and add copy cleanup tests to prevent resource leaks when copying into previously-used contexts.
2026-02-27 12:56:58 -07:00
night1rider
60573a3782
memset 0 the temp contexts
2026-02-27 12:56:57 -07:00
night1rider
4c9b980c72
Fix potential memory leak in SHA Copy and zero-initialize temp GetHash contexts; zero HMAC dst hash before copy to prevent shared pointers
2026-02-27 12:56:57 -07:00
night1rider
1f3bea4907
Fix potential memory leak when copying into existing SHA contexts and zero-initialize temp GetHash contexts
2026-02-27 12:56:57 -07:00
David Garske
9102df3c83
Merge pull request #9837 from jackctj117/PKCS7-unused-variable
...
Fix unused variable warning in PKCS7 without WC_RSA_PSS
2026-02-27 11:27:13 -08:00
JacobBarthelmeh
080b46dfc1
Merge pull request #9840 from embhorn/zd21243
...
Fix prefix for WC_ALL_ARGS_NOT_NULL
2026-02-27 10:48:45 -07:00
Ruby Martin
d6c8e7bced
add tmp variable to satisfy coverity before casting and assigning to word32 variable
2026-02-27 09:32:01 -07:00
Ruby Martin
5c257e15bb
remove redundant NULL check
2026-02-27 09:32:01 -07:00
Ruby Martin
7a8550c217
compare to original type when searching private key headers, prevent deadcode when WOLF_PRIVATE_KEY_ID enabled
2026-02-27 09:32:01 -07:00
jackctj117
e6d4c5561c
Move paramsStart declaration inside WC_RSA_PSS guard
2026-02-27 09:20:54 -07:00
Eric Blankenhorn
2243133572
Fix prefix for WC_ALL_ARGS_NOT_NULL
2026-02-27 07:29:41 -06:00