Commit Graph

2084 Commits

Author SHA1 Message Date
David Garske a071426bc8 Migrate wolfAsyncCrypt repo into wolfSSL proper 2025-11-14 09:43:59 -08:00
David Garske 4c273a6f3f Merge pull request #9404 from cconlon/jniNoQuicEch
Fixes for "--enable-jni --enable-all" with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
2025-11-11 09:42:38 -08:00
Chris Conlon 0cf3728ca0 update "--enable-jni --enable-all" combo to exclude QUIC and ECH, not compatible with WOLFSSL_TLS13_MIDDLEBOX_COMPAT 2025-11-07 16:50:41 -07:00
Chris Conlon 88373d8cb5 add WOLFSSL_PUBLIC_MP to --enable-jni for wolfJCE RSA KeyFactory support 2025-11-07 14:14:51 -07:00
Lealem Amedie 2b8f83fd8d Fixes for getrandom detection 2025-11-06 14:16:38 -07:00
Lealem Amedie eecf82362e Check for getrandom declaration 2025-11-06 10:24:20 -07:00
Daniel Pouzzner 78ff20569e linuxkm:
globally rename+unify:
* HAVE_LINUXKM_PIE_SUPPORT and USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE under gate WC_PIE_RELOC_TABLES
* WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY as WC_PIE_INDIRECT_SYM_BY_FUNC_ONLY
* WC_LKM_INDIRECT_SYM_BY_DIRECT_TABLE_READ as WC_PIE_INDIRECT_SYM_BY_DIRECT_TABLE_READ
* WC_LKM_INDIRECT_SYM() as WC_PIE_INDIRECT_SYM;

linuxkm/linuxkm_wc_port.h:
* implement pointer-caching inline wolfssl_linuxkm_get_pie_redirect_table_local() for the WC_PIE_INDIRECT_SYM_BY_FUNC_ONLY path;
* for FIPS_VERSION3_GE(6,0,0), add wolfCrypt_FIPS_*_ro_sanity pointers to struct wolfssl_linuxkm_pie_redirect_table, and corresponding ad hoc prototypes;

linuxkm/Makefile and linuxkm/module_hooks.c: move wc_linuxkm_pie_reloc_tab into the wolfCrypt PIE container;

linuxkm/module_hooks.c and linuxkm/linuxkm_wc_port.h: harmonize the types of __wc_{text,rodata}_{start,end} with wolfCrypt_FIPS_{first,last,ro_start,ro_end} to allow drop-in use of the all-inclusive ELF fenceposts, activated by WC_USE_PIE_FENCEPOSTS_FOR_FIPS.
2025-10-31 16:03:51 -05:00
Daniel Pouzzner c145b7ee81 wolfcrypt/src/aes.c: define GCM_GMULT_LEN() when WOLFSSL_ARMASM, and fix gating on wolfCrypt_FIPS_AES_sanity (always gate in for FIPS v7+);
wolfcrypt/src/port/af_alg/afalg_aes.c: check for null key arg;

configure.ac: rename BUILD_FIPS_CURRENT to BUILD_FIPS_V2_PLUS (no functional change), and remove unused ARMASM_DIST_SOURCES set up code added in #9332;

src/include.am:
* set up $(ARMASM_SHA256_C), and use it to properly include wolfcrypt/src/sha256.c alongside armasm when appropriate;
* fix gating on Curved25519 armasm (BUILD_FIPS_V6_PLUS, not BUILD_FIPS_V6);

tests/api/test_aes.c and wolfcrypt/test/test.c: gate out incompatible coverage for WOLFSSL_AFALG and WOLFSSL_KCAPI (test_wc_AesCbcEncryptDecrypt_MultiBlocks(), test_wc_AesCtrSetKey*(), test_wc_AesCtrEncrypt*(), test_wc_AesGcmEncryptDecrypt_Sizes()).
2025-10-24 15:08:56 -05:00
Chris Conlon 3e85b572f3 define HAVE_CTS for --enable-jni build, used by JCE AES/CTS/NoPadding mode 2025-10-23 12:46:59 -06:00
Daniel Pouzzner be301f93da fixes for autotools config around armasm AES/SHA refactor in #9284: in configure.ac, add BUILD_FIPS_V5_PLUS and BUILD_FIPS_V6_PLUS conditionals, and fix BUILD_FIPS_V6 conditional to match v6 only;
in src/include.am, add LEGACY_ARMASM_foo and NEW_ARMASM_foo helper variables, restore pre-PR9284 armasm clauses, and add or update several FIPS gates as needed;

add empty wolfcrypt/src/port/arm/{armv8-aes.c,armv8-sha256.c,armv8-sha512.c} to mollify autotools, and in wolfcrypt/src/include.am, restore them to EXTRA_DIST if FIPS v5 or v6.
2025-10-22 22:52:24 -05:00
JacobBarthelmeh 4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen
Aarch64 asm: convert to generated
2025-10-22 11:10:27 -06:00
Sean Parkinson 9c1462a9ec Aarch64 asm: convert to generated
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
2025-10-21 17:03:39 +10:00
night1rider f1faefed91 Added callbacks for copy and free to SHA, 224, 384, 512, and SHA3. Also split macros for FREE and COPY Callbacks, and add configure.ac option. 2025-10-20 11:09:35 -06:00
jordan 525c212d1c cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step. 2025-10-20 08:20:23 -05:00
Daniel Pouzzner 08f5c3e8b9 configure.ac: in linuxkm setup, use -g1 explicitly unless --enable-debug, whereupon use -g3. also, add -gdwarf-4 to AM_CCASFLAGS. 2025-10-18 01:56:48 -05:00
Daniel Pouzzner 6a0be6a7f7 configure.ac: remove -g0 from, and always add -DHAVE_REPRODUCIBLE_BUILD to, reproducible-build AM_CFLAGS, and always add -gdwarf-4 to AM_CFLAGS when ENABLED_LINUXKM;
.github/workflows/linuxkm.yml: restore as-was, but change from oldconfig to olddefconfig.
2025-10-17 18:24:32 -05:00
Daniel Pouzzner 9cf08afbbb fixes for --disable-tls. 2025-10-16 18:50:06 -05:00
Daniel Pouzzner f508b44f0f configure.ac: in setup for cryptonly, don't set enable_tls13=no or enable_tlsv12=no -- they're needed for crypto-layer KDFs. 2025-10-16 18:50:06 -05:00
Daniel Pouzzner d1ba8eb9d0 configure.ac: don't add PQC to --enable-all-crypto -- not ready yet.
.github/workflows/symbol-prefixes.yml: count and report total_public_symbols, and use a better pattern to classify refs as defs.
2025-10-09 16:36:14 -05:00
Daniel Pouzzner f1d014aecd add .github/workflows/symbol-prefixes.yml.
configure.ac:
* add ML-KEM, ML-DSA, XMSS, and LMS to --enable-all-crypto when !ENABLED_FIPS.
* swap order of --enable-kyber and --enable-mlkem handler code to put mlkem first.
* add --enable-mldsa hander code.
* remove setup code that was adding -DWOLFSSL_NO_TLS12 and -DNO_OLD_TLS to
  AM_CFLAGS when ENABLED_CRYPTONLY -- NO_OLD_TLS is already defined earlier for
  when ENABLED_CRYPTONLY, and WOLFSSL_NO_TLS12 breaks wc_PRF_TLS(), which is
  inside-the-FIPS-boundary crypto.

linuxkm/linuxkm_wc_port.h:
* adopt the WC_SANITIZE_DISABLE and WC_SANITIZE_ENABLE setup code from
  settings.h (where it didn't belong).
* fix FIPS remapping of wc_InitMutex&friends to InitMutex&friends -- inhibit
  when WOLFSSL_API_PREFIX_MAP.

wolfcrypt/src/ge_operations.c: add _wc_curve25519_dummy() to fix visibility of
curve25519().

wolfcrypt/src/poly1305.c: fix visibility of several unprefixed helper routines.

wolfcrypt/test/test.c: fix gating on tls12_kdf_test() and prf_test() (both
  require !WOLFSSL_NO_TLS12).

wolfssl/internal.h, wolfssl/wolfio.h: add several WOLFSSL_API_PREFIX_MAPs.

wolfssl/wolfcrypt/ge_operations.h: fix visibility of several internal asm
  functions.

wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM setup, add gates to avoid redef
  warnings for various settings, and remove the setup for
  WC_SANITIZE_{DISABLE,ENABLE} (moved to linuxkm_wc_port.h as noted above).

wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API_PREFIX_MAPs for InitMutex() and
  friends.
2025-10-09 15:34:08 -05:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
Daniel Pouzzner 56524a3169 Merge pull request #9226 from philljj/tiny_curl_config
curl: document tiny-curl config a bit more.
2025-09-30 20:45:15 -05:00
Daniel Pouzzner f869daafa2 Merge pull request #9037 from night1rider/issue-9009-cmake-options
Updating configure/Cmake to track Apple options for resulting wolfssl.pc file that is generated
2025-09-30 20:32:52 -05:00
Lealem Amedie 224dbb75d0 Enable base16 & 64 encoding when wolfGuard is enabled 2025-09-26 14:49:51 -06:00
Daniel Pouzzner 8516411ff2 configure.ac: add --enable-wolfguard, --enable-intelrdseed, --enable-fips=v5.2.3, and --enable-fips=v5.2.4;
remove obsolete/wrong linuxkm incompatible-feature tests and errors for enable_compkey/ENABLED_COMPKEY/HAVE_COMP_KEY;

tweak ENABLED_ENTROPY_MEMUSE_DEFAULT logic to check for RDRAND/RDSEED.
2025-09-24 22:39:12 -05:00
Andrew Hutchings b8df4d84e9 Cleanup debian build
* CFLAGS get pulled in anyway with configure options, or part of the
  env, we don't need to add them
* Path handling went wrong in one specific platform test run
2025-09-23 06:39:04 +01:00
night1rider 4dfa75fbfa Updating support/wolfssl.pc.in, CMakelist.txt, and configure.ac to track missing apple options in the resulting wolfssl.pc file by adding new PC_LIBS_PRIVATE to track options 2025-09-22 12:00:33 -06:00
jordan fa4312edef curl: document tiny-curl config a bit more. 2025-09-19 15:56:51 -05:00
David Garske f0b35d18a0 Merge pull request #9174 from philljj/tiny_curl
curl: support --enable-curl=tiny option.
2025-09-11 10:39:56 -07:00
jordan c60553da66 curl: support --enable-curl=tiny option. 2025-09-08 17:03:35 -05:00
Andrew Hutchings 0a4ce40eb8 Make Debian packaging more Debian-like
When you do `./configure`, the options are stored in the rules file.
This then means you can use the normal Debian packaging methods.

`make deb` also now uses `dpkg-buildpackage`.
2025-09-06 06:22:54 +01:00
Daniel Pouzzner a67d1a84f5 configure.ac: for linuxkm with PIE, don't include enable-fpcc in enable-all-crypto (the compiler generates a weird out-of-bounds bss reference for find_hole());
linuxkm/Makefile: in recipe (awk script) for wc_linuxkm_pie_reloc_tab.c, report and error on unexpected relocation types;

linuxkm/module_hooks.c: in wc_linuxkm_normalize_relocations():
* fix bounds checking on the input,
* recognize references pointing at the first byte after the end of the segment,
* and mask out pad bytes when rendering the 32 bit addresses;

linuxkm/wolfcrypt.lds: add 4k alignment directives just before the segment end fenceposts, to make the fenceposts more inclusive.
2025-08-23 17:21:24 -05:00
Daniel Pouzzner b9cc060340 configure.ac: tweaks for ENABLED_LINUXKM_DEFAULTS and FIPS v5. 2025-08-18 18:21:57 -05:00
David Garske 3289b6b3da Merge pull request #9089 from douzzer/20250811-linuxkm-and-other-fixes
20250811-linuxkm-and-other-fixes
2025-08-12 11:40:36 -07:00
Daniel Pouzzner e24f76bb1e Merge pull request #9057 from SparkiDev/mldsa_x64_asm
ML-DSA/Dilithium: Intel x64 ASM
2025-08-11 23:12:44 -05:00
Daniel Pouzzner f4fefcbd5e configure.ac: for linuxkm, don't set ENABLED_ENTROPY_MEMUSE_DEFAULT to yes on FIPS v5-;
linuxkm/linuxkm_wc_port.h: add WC_SVR_FLAG_NONE;

wolfssl/wolfcrypt/settings.h: for WOLFSSL_LINUXKM setup for WC_RESEED_INTERVAL,
  use UINT_MAX if FIPS v5-;

wolfssl/wolfcrypt/types.h: add definitions for SAVE_NO_VECTOR_REGISTERS2, and
  map no-op SAVE_VECTOR_REGISTERS2() to it.
2025-08-11 16:14:32 -05:00
Albert Ribes e36daf41a4 Store in extensions the full octet string (#8967)
* Store in extensions the full octet string

Store in WOLFSSL_X509_EXTENSION.value always the full contents of the
OCTET STRING of the extension, instead of different type of data
depending on the type of extension. Previously this was only done for
unknown extensions.

* Avoid local variables in 'DecodeExtKeyUsageInternal'

There is a great performance loss on configs using 'WOLFSSL_NO_MALLOC',
'WOLFSSL_STATIC_MEMORY' and 'USE_FAST_MATH' if function
'DecodeExtKeyUsageInternal' uses intermediate variables. This can be
observed running the Zephyr test 'wolfssl_test/prj-no-malloc.conf'.

Avoid using intermediate variables, and use raw pointers to the final
destination instead.

* Add missing calls to 'FreeDecodedCert'

* Return error code from 'wolfSSL_ASN1_STRING_into_old_ext_fmt'

* Fix lines larger than 80

* Allow NULL parameters for 'DecodeAuthKeyId'

* Add comment explaining build option '--enable-old-extdata-fmt'

* Test full OCTET STRING in tests/api.c

* wolfSSL_X509V3_EXT_d2i: Honor 'WOLFSSL_SMALL_STACK'

* zephyr/wolfssl_test_no_malloc: Increase test timeout

* wolfSSL_X509V3_EXT_d2i: Extract repeated code into common part

* wolfcrypt: Remove 'WOLFSSL_LOCAL' from .c files

* wolfcrypt: Change location of functions to make diff easier
2025-08-11 10:33:15 -07:00
Sean Parkinson 648a057147 ML-DSA/Dilithium: Intel x64 ASM
Optimize code knowing it is for Intel x64.
Change signing to calculate one polynomial at a time so that if it isn't
valid then we fail early.
Other minor improvements.
Move the SHA-3 4 blocks at a time assembly into SHA-3 asm file.
Make constants in assembly the same length (front pad with zeros).
2025-08-07 14:01:50 +10:00
JacobBarthelmeh c34e6ab8d9 prepare for release 5.8.2 2025-07-17 10:26:19 -06:00
Daniel Pouzzner 01313cc0c8 linuxkm/x86_vector_register_glue.c:
* refactor the save_vector_registers_x86() algorithm to depend directly on preempt_count(), and use local_bh_enable() and preempt_disable() directly, to mitigate glitchiness around irq_fpu_usable() and crypto_simd_usable();

* eliminate the WC_FPU_ALREADY_FLAG kludge.

* improve the error and warning messages, and add some additional checks and messages for unexpected states; add VRG_PR_ERR_X and VRG_PR_WARN_X for pr_*_once() semantics on regular builds, but unlimited messages when WOLFSSL_LINUXKM_VERBOSE_DEBUG.

linuxkm/linuxkm_wc_port.h and linuxkm/module_hooks.c:

* move the spinlock-based implementation of wc_LockMutex() from linuxkm_wc_port.h to module_hooks.c, due to numerous stuboorn direct external symbol references;

* extensively refactor the kernel header #include strategy, keeping many more superfluous headers out of __PIE__ objects, and fixing unavoidable static header functions with grafted __always_inline attributes;

* add version exceptions for RHEL 9.5.

linuxkm/Kbuild:

* on x86 with CONFIG_MITIGATION_{RETPOLINE,RETHUNK}, use inline rethunks rather than none;

* refactor check for "Error: section(s) missed by containerization." using `readelf --sections --syms`, for 100% coverage, more informative error output, and suppression of false positives on printk-related cruft;

configure.ac and linuxkm/lkcapi_sha_glue.c: use LINUXKM_LKCAPI_[DONT_]REGISTER_{SHA,HMAC}_ALL to represent --enable-linuxkm-lkcapi-register=[-]all-{sha,hmac}, which allows alg families (notably SHA1) to be masked out piecemeal;

linuxkm/lkcapi_rsa_glue.c: in linuxkm_test_pkcs1pad_driver(), mitigate unused args when LINUXKM_AKCIPHER_NO_SIGNVERIFY.
2025-07-16 13:09:03 -05:00
Daniel Pouzzner 80c9212dd9 linuxkm/linuxkm_wc_port.h, linuxkm/lkcapi_aes_glue.c, configure.ac: fix LKCAPI on kernel 5.4 (sunrise version for LKCAPI), and add all-aes, all-sha, all-hmac, and their negations, to --enable-linuxkm-lkcapi-register. 2025-07-14 12:39:41 -05:00
David Garske b2143a815f Merge pull request #8965 from SparkiDev/ppc32_sha256_spe
PPC32 ARM ASM SHA-256: SPE impl, tidy up original
2025-07-09 17:00:26 -07:00
David Garske 5d89ca6706 Fix build issue with ML-DSA 44 only. Fix --enable-mlkem=all to enable features (keygen/enc/dec) to match --enable-dilithium behavior and allow uses like: --enable-mlkem=all,512,small. Fix issue building mem track with missing PRINT_HEAP_ADDRESS (reproduced with --enable-trackmemory=verbose --enable-stacksize=verbose).
```
wolfcrypt/src/dilithium.c:6696:21: error: expected expression before '}' token
 6696 |                     }
      |
```
2025-07-09 15:06:41 -07:00
Sean Parkinson d6a72e2480 PPC32 ARM ASM SHA-256: SPE impl, tidy up original
Implement using SPE instructions that allow for 64-bit registers as a
vector of 2 32-bit values.
Tidy up original implementation to not use stack.
2025-07-09 18:34:33 +10:00
Eric Blankenhorn de00bf259d Fix curl config to set HAVE_EX_DATA and HAVE_ALPN 2025-07-07 15:00:14 -05:00
Daniel Pouzzner 3a43109208 configure.ac: remove automatic --enable-hmac-copy, due to unit test failures when defined(WOLFSSL_HMAC_COPY_HASH), not previously detected because of broken option processing. 2025-07-02 14:25:05 -05:00
Daniel Pouzzner b3944a73c2 linuxkm/lkcapi_sha_glue.c:
* implement interception of _get_random_bytes() and get_random_bytes_user() (implicitly intercepts /dev/random and /dev/urandom):

    * get_crypto_default_rng()
    * get_default_drbg_ctx()
    * wc__get_random_bytes()
    * wc_get_random_bytes_user()
    * wc_extract_crng_user()
    * wc_mix_pool_bytes()
    * wc_crng_reseed()
    * wc_get_random_bytes_by_kprobe()
    * wc_get_random_bytes_user_kretprobe_enter()
    * wc_get_random_bytes_user_kretprobe_exit()

    * add LINUXKM_DRBG_GET_RANDOM_BYTES sections to wc_linuxkm_drbg_startup() and wc_linuxkm_drbg_cleanup()

    * add linuxkm/patches/*/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-*.patch, initially for versions:
      * 5.10.17
      * 5.10.236
      * 5.15
      * 5.17
      * 6.1.73
      * 6.12
      * 6.15

    * remove "*.patch" from .gitignore.

    * add linuxkm/patches/regen-patches.sh.

  * in wc_linuxkm_drbg_ctx_clear(), check lock count before freeing.

  * in get_drbg() and put_drbg(), use migrate_disable(), not DISABLE_VECTOR_REGISTERS().

  * in wc_linuxkm_drbg_generate(), explicitly DISABLE_VECTOR_REGISTERS() for the crypto_default_rng.

  * in wc_linuxkm_drbg_generate(), add DRBG reinitialization code to handle RNG_FAILURE_E.  This handles the situation where a DRBG was instantiated in a vector-ops-allowed context, caching a vectorized SHA256 ethod, but later used in a no-vector-ops-allowed context.

  * in wc_linuxkm_drbg_seed(), add DISABLE_VECTOR_REGISTERS() wrapper around wc_RNG_DRBG_Reseed() for crypto_default_rng.

linuxkm/x86_vector_register_glue.c:

  * add crash recovery logic to wc_linuxkm_fpu_state_assoc_unlikely()

  * in wc_linuxkm_fpu_state_assoc(), when wc_linuxkm_fpu_states is null, don't call wc_linuxkm_fpu_state_assoc_unlikely() if !assume_fpu_began.

  * in can_save_vector_registers_x86(), save_vector_registers_x86(), and restore_vector_registers_x86(), check for hard interrupt context first, to return early failure if current->pid is unusable.

  * in save_vector_registers_x86(), tweak logic around WC_FPU_INHIBITED_FLAG, adding local_bh_disable()...local_bh_enable() to provide for safe recursion.

wolfcrypt/src/random.c: optimization: in Hash_df(), for WOLFSSL_LINUXKM, don't put digest[WC_SHA256_DIGEST_SIZE] in the heap, keep it on the stack.

wolfssl/wolfcrypt/types.h: add WOLFSSL_NO_ASM no-op definitions for DISABLE_VECTOR_REGISTERS() and REENABLE_VECTOR_REGISTERS().

configure.ac:

* move --enable-linuxkm and --enable-linuxkm-defaults initial detection early, so that HMAC_COPY_DEFAULT picks it up.

* add ENABLED_ENTROPY_MEMUSE_DEFAULT, and enable it by default when ENABLED_LINUXKM_DEFAULTS.

* update linuxkm-lkcapi-register help message.

linuxkm/linuxkm_wc_port.h:

* add my_kallsyms_lookup_name().

* add preempt_count, _raw_spin_lock_irqsave, _raw_spin_trylock, _raw_spin_unlock_irqrestore, and _cond_resched, to wolfssl_linuxkm_pie_redirect_table, and add spin_unlock_irqrestore() macro to mask native inline.

* move linuxkm mutex wrappers from wolfcrypt/src/wc_port.c to linuxkm_wc_port.h, make them inlines, and add new default spinlock-based implementation, with old method now gated on WOLFSSL_LINUXKM_USE_MUTEXES.

* change malloc() and realloc() wrappers from GFP_KERNEL to GFP_ATOMIC.

linuxkm/lkcapi_glue.c: make misc.h/misc.c inclusion unconditional, and trim now-redundant inclusions out of lkcapi_dh_glue.c and lkcapi_ecdh_glue.c.
2025-07-02 14:25:05 -05:00
David Garske 8b61cd6c4a Merge pull request #8895 from AlexLanzano/disable-md5
Disable MD5 by default
2025-06-27 08:45:28 -07:00
Mattia Moffa e9e00c47ab Allow CA:FALSE on wolftpm
The Intel CSME fTFM sets this basic constraint on their EK certificates
and by default wolfSSL fails to parse because of this.
2025-06-25 22:48:53 +02:00
Alex Lanzano 9ae221444c Enable MD5 when --enable-opensslall is set 2025-06-25 15:16:02 -04:00