Commit Graph

2084 Commits

Author SHA1 Message Date
Daniel Pouzzner 8d1b825558 configure.ac:
* add --enable-wolfentropy as a synonym for --enable-wolfEntropy;
* avoid -Wno-deprecated-enum-enum-conversion when KERNEL_MODE_DEFAULTS, to work around old gcc with broken results from AX_CHECK_COMPILE_FLAG();
* rework help messages for several synonym options to refer to the canonical option (--enable-linuxkm-pie, --enable-kyber, --enable-dilithium, --enable-amdrand, --enable-entropy-memues).
2026-03-04 13:14:07 -06:00
Juliusz Sosinowicz 38b52d8079 nginx 1.28.1
### `wolfssl/internal.h`

- **`InternalTicket` struct gains a flexible array member**: A new `peerCert[]` field (with a preceding `peerCertLen[2]`) is added to `InternalTicket`. This allows the peer's DER-encoded certificate to be stored directly inside the session ticket.
- **`ExternalTicket` struct becomes variable-length**: The `enc_ticket` field is changed from a fixed-size array to a flexible array member (`byte enc_ticket[]`). The `mac` field is removed from the struct — the MAC is now placed dynamically after the encrypted data in `enc_ticket`.

### `src/internal.c`

- The `GetRecordHeader` function now only adds `MAX_COMP_EXTRA` to the maximum allowed record size when `ssl->options.usingCompression` is true, tightening the length validation. The max fragment length extension check is now much stricter.
- **Peer certificate is serialized into the ticket**: During ticket creation, the code attempts to find the peer certificate from `ssl->peerCert` or from `ssl->session->chain` (fallback). If found and within `MAX_TICKET_PEER_CERT_SZ`, it's copied into `it->peerCert`. DTLS is explicitly excluded (peer cert length set to 0) to keep ticket size small for MTU constraints. If `HAVE_MAX_FRAGMENT` is defined and max fragment is not `MAX_RECORD_SIZE` for TLS 1.3, the cert is also skipped since `SendTls13NewSessionTicket` doesn't support fragmentation yet.
- **Peer certificate restoration from ticket**: On successful ticket decryption, if the ticket contains a peer certificate (`peerCertLen > 0`), it is decoded back into `ssl->peerCert` via `ParseCertRelative`/`CopyDecodedToX509`, and also added to `ssl->session->chain` via `AddSessionCertToChain`.
- The `CLEAR_ASN_NO_PEM_HEADER_ERROR` macro was rewritten to loop and remove all consecutive PEM no-start-line errors (not just the last one), wrapped in a `do { ... } while(0)` for safety.
- The `SendTicket` function is simplified to use `SendHandshakeMsg` to support fragmenting the larger ticket.

---

### `src/x509.c`

- `loadX509orX509REQFromPemBio` now accepts `TRUSTED_CERT_TYPE` in addition to `CERT_TYPE` and `CERTREQ_TYPE`.
- **Streaming BIO support**: When `wolfSSL_BIO_get_len()` returns ≤ 0 (e.g., pipes/FIFOs), the function no longer returns an error. Instead, it sets an initial buffer of `MAX_X509_SIZE` and dynamically grows (doubling) up to `MAX_BIO_READ_BUFFER` (`MAX_X509_SIZE * 16`) as data is read byte-by-byte.
- **Alternate footer detection**: For `TRUSTED_CERT_TYPE`, the PEM reader also checks for the regular `CERT_TYPE` footer (`-----END CERTIFICATE-----`) in addition to the trusted cert footer (`-----END TRUSTED CERTIFICATE-----`), so it can parse either format.
- Removed two lines that set `cert->srcIdx` to `SIGALGO_SEQ` offset. This makes `cert->srcIdx` reflect the end of parsed certificate data. This is used by `loadX509orX509REQFromBuffer` to detect where auxiliary trust data begins in trusted certificates.

---

### `src/ssl_sk.c`

- Added a `STACK_TYPE_X509_CRL` case to `wolfssl_sk_dup_data` that calls `wolfSSL_X509_CRL_dup` for deep-copying CRL stack elements. Previously, `STACK_TYPE_X509_CRL` fell through to the unsupported default case.

---

### `wolfssl/openssl/ssl.h`

- `sk_X509_dup` now maps to `wolfSSL_shallow_sk_dup` (was `wolfSSL_sk_dup`/deep copy). This matches OpenSSL's behavior where `sk_X509_dup` does a shallow copy.
- `sk_SSL_CIPHER_dup` similarly changed to `wolfSSL_shallow_sk_dup`.

---

### `src/ssl_api_cert.c`

- When `ssl->ourCert` is `NULL` and the SSL owns its cert, the function now checks if `ssl->ctx->ourCert` points to the same certificate (by comparing DER buffers). If so, it returns the ctx's `X509` pointer directly. This maintains pointer compatibility for applications (like nginx OCSP stapling) that use the `X509*` from `SSL_CTX_use_certificate` as a lookup key.

### `src/bio.c`

- When `wolfssl_file_len` returns `WOLFSSL_BAD_FILETYPE` (now returned for pipes/FIFOs), `wolfSSL_BIO_get_len` treats it as length 0 instead of propagating the error.

---

### `tests/test-maxfrag.conf` and `tests/test-maxfrag-dtls.conf`

- Removed `DHE-RSA-AES256-GCM-SHA384` test entries because the ClientKeyExchange doesn't fit in the selected max fragment length.
2026-02-25 15:19:13 +01:00
Daniel Pouzzner 1270733838 configure.ac: fix typo, $enabled_rng for $enable_rng, in KERNEL_MODE_DEFAULTS setup added in a21dad9555. 2026-02-23 16:05:24 -06:00
Daniel Pouzzner a21dad9555 configure.ac: fixes for 47dd864f32 (#9815) -- in KERNEL_MODE_DEFAULTS setup, add additional conditions for automatic activation of AES modes and CMAC, ECC options, and SHAKE, to avoid configuration conflicts in barebones configurations. 2026-02-23 12:31:37 -06:00
Daniel Pouzzner 47dd864f32 configure.ac:
* add a kernel-appropriate subset of enable-all-crypto to enable whenever KERNEL_MODE_DEFAULTS (almost all of these overlap with FIPS v5/v6 settings);
* move ocspstapling features from enable-all-crypto to enable-all.
2026-02-21 15:09:30 -06:00
Daniel Pouzzner ff7bc11774 configure.ac: restore fpecc to enable-all-crypto, accidentally removed in f376ae210e. 2026-02-21 10:48:14 -06:00
Daniel Pouzzner db7a04a626 improvements spurred by peer review for 20260204-linuxkm-fips-hash:
configure.ac: add --enable-kernel-verbose-debug and --enable-kernel-stack-debug;

linuxkm/Makefile:
* add QFLAG and VFLAG setup, and pass their values appropriately;
* add missing `@set -e` and `-Wall -Wextra` to the linuxkm-fips-hash recipe;
* use +$(MAKE), not @$(MAKE), for proper dry run recursion.

linuxkm/README.md: update to reflect new goodies, and generally revise+extend remarks.

linuxkm/linuxkm-fips-hash-wrapper.sh: add copyright header; pass through extra caller arguments to ./linuxkm-fips-hash.

linuxkm/linuxkm-fips-hash.c:
* add copyright header;
* fix code around user_coreKey;
* add explicit wolfCrypt_Cleanup() and cleanup of mod_fd and mod_map at end;
* remove unused reloc_tab_len
* fix a couple -Wsign-compares;
* add missing fprintf arguments
* properly set ret = -1 in a couple failure paths.

linuxkm/linuxkm_wc_port.h: set WOLFSSL_LINUXKM_VERBOSE_DEBUG when WOLFSSL_KERNEL_VERBOSE_DEBUG, and recognize WOLFSSL_KERNEL_STACK_DEBUG as a synonym for WC_LINUXKM_STACK_DEBUG.

linuxkm/linuxkm_memory.c and linuxkm/linuxkm_memory.h: add brief explanatory comments.
2026-02-20 11:09:37 -06:00
Daniel Pouzzner f376ae210e Implement Linux kernel module offline integrity hash calculation:
Add:

* linuxkm/linuxkm-fips-hash.c
* linuxkm/linuxkm-fips-hash-wrapper.sh
* linuxkm/linuxkm_memory.h

Move from linuxkm/module_hooks.c to linuxkm/linuxkm_memory.c:
* reloc_layouts[]
* find_reloc_tab_offset()
* the body of wc_linuxkm_normalize_relocations() as wc_reloc_normalize_text()
* most of updateFipsHash() as wc_fips_generate_hash()

Move from linuxkm/linuxkm_wc_port.h to linuxkm/linuxkm_memory.h:
* struct wc_linuxkm_pie_reloc_tab_ent
* enum wc_reloc_dest_segment
* enum wc_reloc_type

linuxkm/Makefile:
* Update GENERATE_RELOC_TAB recipe to populate new fields in struct wc_reloc_table_ent.
* Add targets:
  * libwolfssl-user-build/src/.libs/libwolfssl.so
  * linuxkm-fips-hash
  * module-with-matching-fips-hash
  * module-with-matching-fips-hash-no-sign
* Add support for alternate target module name, via LIBWOLFSSL_NAME make variable.

linuxkm/linuxkm_wc_port.h and linuxkm/module_hooks.c:
* Fixes to make linuxkm-pie work with CONFIG_KASAN.
* Implement WC_LINUXKM_STACK_DEBUG:
  * wc_linuxkm_stack_bottom()
  * wc_linuxkm_stack_top()
  * wc_linuxkm_stack_current()
  * wc_linuxkm_stack_left()
  * wc_linuxkm_stack_hwm_prepare()
  * wc_linuxkm_stack_hwm_measure_rel()
  * wc_linuxkm_stack_hwm_measure_total()

wolfssl/wolfcrypt/settings.h:
* When WOLFSSL_KERNEL_MODE, make sure WOLFSSL_GENERAL_ALIGNMENT is at least SIZEOF_LONG.
* When WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE, make sure WOLFSSL_BASE16 is defined.

configure.ac and wolfcrypt/benchmark/benchmark.c: Disable scrypt when KERNEL_MODE_DEFAULTS, due to excessive memory requirements.
2026-02-20 11:09:37 -06:00
David Garske 16ba668ebe Merge pull request #9632 from jackctj117/CSR-signing
Add wc_SignCert_cb API for external signing callbacks
2026-02-13 09:07:37 -08:00
Sean Parkinson 1847c6e778 Merge pull request #9721 from dgarske/x25519_nb
Add X25519 non-blocking support and async example improvements
2026-02-12 07:56:58 +10:00
Andrew Hutchings 0a1c40b365 Don't allow --enable-selftest with empty file
It probably won't compile anyway.
2026-02-11 15:32:45 +00:00
Daniel Pouzzner da426d9c1d Merge pull request #9725 from Frauschi/cmake
CMake fixes and improvements
2026-02-05 16:49:03 -06:00
Daniel Pouzzner 681d09fc3c Merge pull request #9714 from philljj/bsdkm_crypto_accel
bsdkm: x86 crypto acceleration support.
2026-02-05 16:48:03 -06:00
David Garske 4d3925d526 Add X25519 non-blocking support for key gen and shared secret
## Summary
- Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`)
- Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply
- Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key
- Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`)
- Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`)
- Add X25519 async software dispatch cases in `async.c` and types in `async.h`
- Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms)
- Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync
- Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow
- Add wolfcrypt test and API test coverage for X25519 non-blocking
2026-02-04 21:28:52 -08:00
Daniel Pouzzner 017ac97de0 configure.ac: remove prohibition on ARM32 --enable-armasm with --enable-aesgcm-stream (current code in aes.c falls back to C gracefully in that case). 2026-02-04 14:12:51 -06:00
jackctj117 8b5bd3b3b1 Add wc_SignCert_cb API for external signing callbacks 2026-02-03 12:58:12 -07:00
jordan 8ae27c75e4 bsdkm: x86 crypto acceleration support. 2026-02-02 12:00:22 -06:00
Tobias Frauenschläger 540b51eb28 CMake fixes and improvements
* Minor fixes to the CMakeLists.txt
* Add more options to the CMake infrastructure already present in the
  autoconf infrastructure
* An autoconf build now also generates and installs files required to
  consume the installed wolfssl library via CMake.
* Added test for autoconf-CMake interworking

Work is mostly done by Codex and Curser.
2026-02-02 10:26:58 +01:00
Sean Parkinson 5924524920 SHA-3: harden against glitch attack
Check loop counts to ensure glitching didn't change number of times loop
was performed.
2026-02-02 15:54:55 +10:00
Sean Parkinson 27df554e99 Merge pull request #9701 from Frauschi/brainpool-tls13
Add support for TLS 1.3 Brainpool curves
2026-01-23 10:42:32 +10:00
Tobias Frauenschläger bde1bf6ce7 Fix user_settings ASM multiple define 2026-01-22 14:14:15 +01:00
Daniel Pouzzner 142f493964 configure.ac: if ENABLED_32BIT, add -DWC_32BIT_CPU to AM_CFLAGS, and don't add WOLFSSL_X86_64_BUILD to AM_CFLAGS; fix handling for --enable-bump;
wolfssl/wolfcrypt/settings.h: classify OPENSSL_EXTRA as "desktop type system" in bump up of default FP_MAX_BITS and SP_INT_BITS;

wolfssl/wolfcrypt/types.h: if WC_32BIT_CPU, don't define WC_64BIT_CPU.
2026-01-21 18:21:16 -06:00
Daniel Pouzzner 627f51632b configure.ac: add -Wno-deprecated-enum-enum-conversion to CFLAGS to suppress C++20 default if applicable. 2026-01-13 12:41:53 -06:00
Daniel Pouzzner a091ed9151 Merge pull request #9590 from philljj/fips_bsdkm
Fips bsdkm
2026-01-09 17:51:11 -06:00
Daniel Pouzzner 0059f1647e move WC_RNG_BANK_SUPPORT implementation from wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h to new files wolfcrypt/src/rng_bank.c and wolfssl/wolfcrypt/rng_bank.h;
wolfcrypt/src/rng_bank.c:

  * add wc_local_rng_bank_checkout_for_bankref, wc_BankRef_Release(), wc_rng_bank_new(), and wc_rng_bank_free();

  * in wc_rng_bank_checkin(), take a struct wc_rng_bank_inst **rng_inst and NULL it before return;

  * in wc_rng_bank_init(), add a devId arg, and handle devId in wc_rng_bank_inst_reinit();

  * add WC_RNG_BANK_INST_LOCK_* and use them in wc_rng_bank_checkout() and wc_rng_bank_checkin();

  * fix order of operations in wc_rng_bank_checkout() re DISABLE_VECTOR_REGISTERS();

wolfcrypt/src/random.c:

  * refactor per-instance salting for wc_rng_bank_inst: remove changes in Hash_df(), Hash_DRBG_Instantiate(), and _InitRng(), and in wc_rng_bank_init() and wc_rng_bank_inst_reinit(), use wc_InitRngNonce_ex() and pass the wc_rng_bank_inst pointer as the nonce;

  * simplify the WC_RNG_BANK_SUPPORT variant of wc_RNG_GenerateBlock() -- delegate to wc_local_rng_bank_checkout_for_bankref() and remove supplementary error checking;

  * in wc_FreeRng(), call wc_BankRef_Release() when WC_DRBG_BANKREF, and in wc_BankRef_Release(), fix refcount flub (not wolfSSL_RefFree, rather wolfSSL_RefDec);

  * streamline the WOLFSSL_LINUXKM wc_GenerateSeed();

wolfcrypt/test/test.c: add random_bank_test();

linuxkm/lkcapi_sha_glue.c: use WC_RNG_BANK_INST_TO_RNG() opportunistically;

configure.ac: add --enable-amdrdseed as a synonym for --enable-amdrand;

linuxkm/linuxkm_wc_port.h: when LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT, don't include get_random_bytes() in struct wolfssl_linuxkm_pie_redirect_table;

add various comments for clarity.
2026-01-07 22:54:07 -06:00
Daniel Pouzzner b87af914bc configure.ac: add handling for --enable-rng-bank, and add it to the all-crypto feature set. 2026-01-07 22:54:07 -06:00
David Garske 84aeeb655f Merge pull request #9580 from SparkiDev/curve25519_smul_improv
Curve25519 improvements
2026-01-07 08:25:41 -08:00
David Garske b5d3c87876 Merge pull request #9603 from SparkiDev/ppc32_sha256_asm_reg
PPC32 ASM: alternative C code with registers prepended
2026-01-07 08:23:55 -08:00
David Garske 315ebf5be6 Merge pull request #9615 from SparkiDev/arm32_aes_block_inline
AES ARM32/Thumb2: option to inline block
2026-01-07 08:21:51 -08:00
Sean Parkinson a1089ba9f2 AES ARM32/Thumb2: option to inline block
Branching to a common block encrypt/decrypt may work for assembly but
not always for C code.
Added option, for assembly and inline assembly, to inline block
encrypt/decrypt: WOLFSSL_ARMASM_AES_BLOCK_INLINE.
2026-01-06 11:24:21 +10:00
Sean Parkinson 38241227a2 Curve25519 improvements
Add non-constant time implemenations of mod_inv for x64 and Aarch64
assembly.

Generate base point table, with better formatting, for double smul with
a script.
Increase Bi table size to 32 entries for 64-bit asm.
Minor improvements to double smul.

WOLFSSL_CURVE25519_NOT_USE_ED25519 to not use ed25519 base smul in
curve25519 base smul.
2026-01-06 10:24:21 +10:00
Sean Parkinson 99692003d4 PPC32 ASM: alternative C code with registers prepended
C implementation with registers prepended with letter 'r'.
2026-01-05 21:12:10 +10:00
jordan e4996c317e bsdkm: fips support. 2025-12-28 10:16:53 -06:00
Kareem cb81cc8ce6 Merge remote-tracking branch 'upstream/master' into gh7197 2025-12-23 14:43:57 -07:00
Kareem a1999d29ed Only enforce !NO_FILESYSTEM for WOLFSSL_SYS_CA_CERTS on non Windows/Mac systems.
wolfSSL's support for WOLFSSL_SYS_CA_CERTS uses APIs which don't depend on !NO_FILESYSTEM
on Windows/Mac.

Fixes #8152.
2025-12-19 16:37:50 -07:00
Kareem b0b840aa0f Rename fdOpen to seedFdOpen to avoid potential conflicts.
Gate keeping the seed FD open behind WOLFSSL_KEEP_RNG_SEED_FD_OPEN and only
enable by default for HAProxy.  It is causing issues on OS X and may
cause issues on other OSes, and is generally a major behavior change.
2025-12-18 15:55:35 -07:00
Sean Parkinson a103f5af8b Merge pull request #9545 from douzzer/20251211-DRBG-SHA2-smallstackcache-prealloc
20251211-DRBG-SHA2-smallstackcache-prealloc
2025-12-18 10:07:37 +10:00
Daniel Pouzzner 8090817c11 configure.ac: when KERNEL_MODE_DEFAULTS, set ENABLED_SMALL_STACK_CACHE_DEFAULT=yes regardless of FIPS/version. 2025-12-17 11:01:10 -06:00
Sean Parkinson f54266c2c6 Curve25519: improved smul
Use the Ed25519 base smul in Curve25519 base mul and covert to
Montogmery curve for a faster implementation.
Only when Ed25519 is compiled in or WOLFSSL_CURVE25519_USE_ED25519 is
defined.
When compiling Intel x64 assembly and Aarch64 assembly, always define
WOLFSSL_CURVE25519_USE_ED25519.
Can't use with blinding - normal C implementation.

Optimized the Curve25519 smul slightly for Intel x64 and Aarch64.
Improved the conditional table lookup on Intel x64 to use AVX2 when
available.
2025-12-17 13:25:36 +10:00
David Garske 1dfa4d1bcf Merge pull request #9488 from SparkiDev/aes_gcm_4bit_be
AES-GCM, 4-bit table, Big Endian: fast impl of GMULT
2025-12-04 10:06:06 -08:00
Sean Parkinson bff29a8535 ARM32/Thumb2 ASM SHA-256: provide small code size option
WOLFSSL_ARMASM_SHA256_SMALL for Thumb2 and ARM32 using base instructions
compiles implementations that are smaller but slower.
2025-12-04 16:44:37 +10:00
Sean Parkinson 697bc47d8e AES-GCM, 4-bit table, Big Endian: fast impl of GMULT
Add fast implementation GMULT for big-endian platforms like PowerPC and
PowerPC64.
Speeds up AES-GCM.
2025-12-03 11:22:49 +10:00
Daniel Pouzzner 4fda0883a4 globally rename WC_PIE_RELOC_TABLES to WC_SYM_RELOC_TABLES;
globally replace defined(__PIE__) with defined(WC_CONTAINERIZE_THIS) to decouple containerization from -fPIE;

configure.ac:
* add --enable-kernel-reloc-tables as an alias for --enable-linuxkm-pie;
* always activate ENABLED_ENTROPY_MEMUSE_DEFAULT when KERNEL_MODE_DEFAULTS and not RDSEED/RDRAND, regardless of FIPS presence/version;

linuxkm/Kbuild:
* add -DWC_CONTAINERIZE_THIS to PIE_FLAGS;
* add support for NO_PIE_FLAG, which inhibits -fPIE on ENABLED_LINUXKM_PIE builds, and adds -DWC_NO_PIE_FLAG to PIE_FLAGS;

linuxkm/linuxkm_wc_port.h: add setup for WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER;

linuxkm/module_hooks.c: add wc_linuxkm_GenerateSeed_wolfEntropy().
2025-11-25 18:01:25 -06:00
Sean Parkinson ea0793f0af Merge pull request #9428 from dgarske/qat_v5.8.4
Migrate wolfAsyncCrypt repo into wolfSSL proper
2025-11-25 09:33:31 +10:00
Sean Parkinson c6ecafced2 Merge pull request #9451 from kaleb-himes/ESV-DRBG-Decouple
Esv drbg decouple
2025-11-25 09:19:52 +10:00
JacobBarthelmeh ab98c150c6 prepare for release 5.8.4 2025-11-20 10:57:50 -07:00
kaleb-himes dc6fa0ad4e De-couple ESV from DRBG 2025-11-20 09:38:13 -07:00
jordan 631a28fccc bsdkm: better with-bsd-export-syms description in configure.ac. 2025-11-18 12:59:51 -06:00
jordan 551f90414c bsdkm: review cleanup. 2025-11-18 09:02:45 -06:00
jordan 28e4fe3b6c bsdkm: initial wolfcrypt FreeBSD kernel module support. 2025-11-18 01:28:08 -06:00