Commit Graph

30513 Commits

Author SHA1 Message Date
Daniel Pouzzner 323027d1d2 Merge pull request #10820 from lealem47/dh_min_sz
FIPS: Default to 2048 bit min DH crypto
2026-07-01 14:40:04 -05:00
Daniel Pouzzner ed4fb32c92 fixes from Fenrir review:
linuxkm/linuxkm_wc_port.h: strcpy() takes 2 args.

wolfcrypt/src/aes.c: add VECTOR_REGISTERS_PUSH2() and use it to free tmp in smallstack path if the push fails.
2026-07-01 13:46:11 -05:00
Josh Holtrop 1e73f8e387 0 memset kop in devcrypto_x25519 before use 2026-07-01 11:35:55 -07:00
Daniel Pouzzner 8b29a95da4 * add WC_MAYBE_UNUSED attribute to AesEcbEncryptBlocks(), AesEcbDecryptBlocks(),
AesCbcEncryptBlocks(), AesCbcDecryptBlocks(), and AesCtrEncryptBlocks(), to
  fix -Wunused-functions in default build with --enable-aesni under clang.

* in AesCfbDecrypt_C(), add smallstack implementation for fast inner loop on
  intelasm/armasm.
2026-07-01 12:54:35 -05:00
Daniel Pouzzner bb7b4ccc77 wolfcrypt/src/port/kcapi/kcapi_aes.c: add backward-compat code paths for authTagSz validation on old FIPS. 2026-07-01 12:48:02 -05:00
Daniel Pouzzner 41daf899b3 linuxkm/linuxkm_wc_port.h:
* when including kernel headers with gcc-17+, ignore -Wconstant-logical-operand.

* when CONFIG_KMSAN, explicitly map memcpy(), memset(), memmove(), strcpy(),
  strncpy(), and strncat(), to clang builtins, to get proper __msan
  interception.

* genericize WC_SANITIZE_DISABLE() and WC_SANITIZE_ENABLE() to cover both KASAN
  and KMSAN, and use the generic macros in wc_linuxkm_stack_hwm_prepare() and
  wc_linuxkm_stack_hwm_measure_rel().
2026-07-01 12:35:21 -05:00
JacobBarthelmeh 64a4c7a7ae Merge pull request #10750 from night1rider/SHAKE-Callbacks
SHAKE 128/256 callback wiring and tests, along with fix to devCTX initialization
2026-07-01 10:53:57 -06:00
Lealem Amedie f15681a6c1 Remove 9-bit prime generation testing, disallowed with DH_MIN_SIZE 2026-07-01 08:26:23 -06:00
Lealem Amedie 53fe0b3fc1 Adjust test.c for dh_min_sz 2026-07-01 08:26:23 -06:00
Lealem Amedie d6a8e387c8 Fix syntax issue 2026-07-01 08:26:23 -06:00
Lealem Amedie 277bd66624 FIPS: Default to 2048 bit min DH crypto 2026-07-01 08:26:23 -06:00
Tobias Frauenschläger 9e71da21ac Merge pull request #10751 from aidangarske/tinytls13
Add --enable-tinytls13 TLS 1.3-only footprint profile.

Merging with PRB-master-job failing. Failures are unrelated to this PR.
2026-07-01 15:21:04 +02:00
Kaleb Himes 6dae0c9dd4 Merge pull request #10818 from dgarske/dh_checkprivkey_prime
DH: honor explicit prime in wc_DhCheckPrivKey_ex (Fenrir F5317)
2026-07-01 05:34:47 -06:00
Sean Parkinson 9104a0d2d7 SP: fix function block comments 2026-07-01 19:35:30 +10:00
Koji Takeda b98e43eeca Fix wrong length on test message 2026-07-01 11:06:09 +09:00
Sean Parkinson 6315f95378 Aarch64 asm: Have software fallback and CPU id checks
cpuid.h — added CPUID_ASIMD flag + IS_AARCH64_ASIMD() macro (NEON detection).
cpuid.c — added NEON/ASIMD detection fixed FreeBSD/OpenBSD to use HWCAP_*
sha256.c — runtime dispatch SHA256-crypto → NEON → software
sha512.c — replaced the #error with the same crypto → NEON → software dispatch.
chacha.c: add AArch64 runtime fallback to C.
poly1305.c: add AArch64 runtime fallback to C.

Fixes
test_tls.c: don't memcpy into buffer if length is too long.
sha256.c: even if data is not NULL, return immediately when length is 0.
2026-07-01 09:32:28 +10:00
philljj 3fa342a76c Merge pull request #10812 from douzzer/20260629-linuxkm-fixes
20260629-linuxkm-fixes
2026-06-30 13:36:04 -05:00
philljj b5636ffaf9 Merge pull request #10696 from douzzer/20260615-linuxkm-fixes
20260615-linuxkm-fixes
2026-06-30 12:00:25 -05:00
Daniel Pouzzner 8820b810f2 Merge pull request #10725 from SparkiDev/aes_x25519_arm32_thumb2_fixes
ARM32/Thumb2: generated asm fixes
2026-06-30 10:47:03 -05:00
David Garske 07b677edba Merge pull request #10744 from SparkiDev/arm64_asm_opt
ARM64 ASM: optimizations
2026-06-30 08:42:23 -07:00
David Garske 5fa08e767b DH: honor explicit prime in wc_DhCheckPrivKey_ex (Fenrir F5317) 2026-06-30 07:49:00 -07:00
David Garske 8d63afab99 Merge pull request #10767 from SparkiDev/ppc64_ppc32_asm_1
PPC64/PPC32 ASM: AES, SHA-2, SHA-3
2026-06-30 07:13:35 -07:00
Sean Parkinson 95e798e897 TLSv1.3 test: CertificateVerify signature algorithm test
F-2917
Added test for signature algorithms sent not matching available.
2026-06-30 15:51:51 +10:00
Daniel Pouzzner 2af2a2967f fix F-3085 "Base64_Decode silently returns success with outLen=0 when input is a 1-3 byte truncated base64 fragment, violating decode(encode(x)) roundtrip for inputs producing 2-3 base64 chars without padding"
wolfcrypt/src/coding.c: in Base64_Decode() and Base64_Decode_nonCT(), check for non-whitespace characters past the end and return ASN_INPUT_E if found;

wolfcrypt/test/test.c: in base64_test(), remove ';' from goodChar[], and add trailing*[] test strings and N_BYTE_TRAILING_TEST(), for positive and negative testing of new checks.
2026-06-29 23:48:36 -05:00
Daniel Pouzzner 6560777d05 linuxkm/linuxkm_wc_port.h: fix F-6395 "WC_LINUXKM_ROUND_UP_P_OF_2(1) invokes undefined behavior via __builtin_clzl(0)".
linuxkm/lkcapi_rsa_glue.c: fix F-6120 "RSA PKCS#1 verify paths omit the digest-encode bounds check present in the sign paths (potential heap overflow with sub-default RSA key sizes)".
2026-06-29 19:09:20 -05:00
Daniel Pouzzner 155e5822a7 wolfssl/wolfcrypt/settings.h: move ML-KEM/ML-DSA/SLH-DSA inhibition of
DEBUG_VECTOR_REGISTER_ACCESS_FUZZING from the WOLFSSL_LINUXKM section to top
  level (the exceptions are generally applicable, and needed for user-mode SVR
  fuzzing).  also add a DEBUG_FORCE_VECTOR_REGISTER_ACCESS_FUZZING flag.
2026-06-29 19:06:13 -05:00
aidan garske 2124a1075f F-6558 - Reject name constraint subtree with non-zero minimum or maximum 2026-06-29 16:10:15 -07:00
Sean Parkinson 3e99430671 PPC64/PPC32 ASM: AES, SHA-2, SHA-3
PPC64:
  - Added AES-ECB/CBC/CTR/GCM/XTS using crypto instructions
  - Added SHA-256/512 using base scalar and crypto instructions
  - Added SHA-3 using base scalar and POWER8 VSX
  - Added SHA-3 x2/x3 but disabled compilation.
  - Added CPU id flags.
  - Changed the constant data format to be consistent with other platforms.
PPC32:
  - Added AES-ECB/CBC/CTR/GCM/XTS using base scalar
  - Added SHA-256/512 using base scalar
  - Added SHA-3 using base scalar
2026-06-30 08:52:45 +10:00
aidan garske fef29abf0e certs: regenerate ecc-leaf-mldsa44 and ecc-leaf-rsapss from renew scripts 2026-06-29 13:46:14 -07:00
Sean Parkinson 5956da84c2 ARM32/Thumb2: generated asm fixes
Fix Thumb2 Curve25519 asm to do full reduce.
Change ARM32 to simpler carry/overflow processing.
Minor optimizations - use ubfx, no need to move register into temporary, cache value instead of loading again later.
Reduce the register push and pops in Thumb2 generated code.
Fix Thumb2 to have values less than 64 in decimal.
2026-06-30 06:25:51 +10:00
aidan garske aa32abc556 Address tls13_memio review: build-time MEM_BUF_SZ/HS_MAX_ITERS/CERT_DIR, drop snprintf, doc PSK 2026-06-29 12:58:55 -07:00
Tobias Frauenschläger 9a4b5f02c9 asn: add public alt-name list APIs
Expose the internal SAN-list helpers as public wc_ APIs so callers can build a
DNS_entry list, encode it into a DER GeneralNames SEQUENCE, and populate a Cert
directly:

- wc_SetDNSEntry()         - append a typed alt-name entry to a list
- wc_FlattenAltNames()     - encode a list into a buffer (thin wrapper)
- wc_SetAltNamesFromList() - encode a list straight into cert->altNames/Sz

Declarations live in asn.h (they use the DNS_entry type) and are gated by the
existing WOLFSSL_ASN_API export macro; doxygen notes the WOLFSSL_PUBLIC_ASN/
OPENSSL_EXTRA export requirement. Adds a wolfCrypt test covering the success,
NULL-list, NULL-output, BUFFER_E, and Cert paths.
2026-06-29 21:09:09 +02:00
David Garske 18c9684c9d Merge pull request #10740 from SparkiDev/ppc32_cond_reg
PPC32 ASM: Use condition register
2026-06-29 10:41:46 -07:00
Daniel Pouzzner 8452f2b2e0 wolfssl/wolfcrypt/wc_port.h: keep #define INLINE WC_INLINE even for latest FIPS;
tests/api.c: use WOLFSSL_FILETYPE_PEM, not SSL_FILETYPE_PEM;

tests/api/test_dtls.c and tests/api/test_dtls13.c: use WOLFSSL_ERROR_WANT_READ, not SSL_ERROR_WANT_READ.
2026-06-27 22:31:48 -05:00
Daniel Pouzzner 568c660bf5 wolfcrypt/src/pkcs7.c: in wc_PKCS7_DecodeAuthEnvelopedData(), accommodate old FIPS using old authTagSz check. 2026-06-27 19:50:52 -05:00
Daniel Pouzzner d69d49cc68 wolfcrypt/src/aes.c: don't use explicit inline attribute on wc_local_AesGcmCheckTagSz() with C++ (namespace breakage). 2026-06-27 16:14:59 -05:00
Daniel Pouzzner 47cf8d066c wolfcrypt/src/pkcs7.c: in wc_PKCS7_DecodeAuthEnvelopedData(), accommodate AES*GCMb with !HAVE_AESGCM, and add AES-CCM authTagSz check. 2026-06-27 16:13:23 -05:00
Daniel Pouzzner 262b0ed3b8 tweaks for linuxkm targeting clang-built kernels:
linuxkm/: when logging PTR_ERR(), cast it to int, and use "%d" as the format.  Globally, `#define PTR_ERR(x) ((int)PTR_ERR(x))` in linuxkm_wc_port.h to fix clang warnings on kernel headers.

linuxkm/lkcapi_aes_glue.c: add casts in linuxkm_test_aesgcm() to mollify clang.

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c:
* add __clang__ compat code to allow including clang stdatomic.h while masking out kernel-incompatible __CLANG_STDINT_H.
* add clang-specific suppressions for kernel headers (-Wshorten-64-to-32, -Wframe-address).

linuxkm/lkcapi_sha_glue.c:
* in wc__get_random_bytes(), add bounds-checking for len.
* in wc_extract_crng_user(), fix type conflicts.

wolfssl/wolfcrypt/wc_port.h and wolfssl/wolfcrypt/types.h:
* move the old-FIPS compatibility mapping from INLINE to WC_INLINE from types.h to wc_port.h.
* activate stdatomic.h for clang kernel module builds.

linuxkm/Kbuild:
* add clang-specific flags.
* add gcc gate around gcc-specific flags.
* allow override value for MAX_STACK_FRAME_SIZE.

wolfcrypt/src/asn.c: add casts in GetFormattedTime_ex() to mollify clang build of linuxkm.
2026-06-27 14:48:17 -05:00
Daniel Pouzzner 3811ec0aa7 linuxkm-related loose ends:
* wolfssl/ocsp.h: gate out the CheckOcspResponder() prototype if defined(CheckOcspResponder) (for linuxkm-pie).
* wolfcrypt/src/wc_mldsa.c: add support for WC_MLDSA_NO_ASM.
* .wolfssl_known_macro_extras: add new macros.
2026-06-27 14:47:32 -05:00
Daniel Pouzzner ac5f2b98e7 wolfcrypt/src/wc_slhdsa.c:
* disable asm accelerations if WC_SHA3_NO_ASM is set.
* fix an uninited-data warning in slhdsakey_wots_pkgen_chain_c().
2026-06-27 14:41:44 -05:00
Daniel Pouzzner cba69093cc wolfcrypt/src/port/riscv/riscv-64-aes.c: in GHASH(), remove runtime nullness check for arg 1 (matching nonnull attribute to arg 1 added to prototype in earlier commit). 2026-06-27 14:41:17 -05:00
Daniel Pouzzner 649197d159 replace several nonconformant uses of __FUNCTION__ with __func__ (linuxkm/linuxkm_memory.c, wolfcrypt/src/random.c, wolfcrypt/test/test.c, wolfssl/wolfcrypt/mem_track.h, wolfssl/wolfcrypt/memory.h, wolfssl/wolfcrypt/settings.h). 2026-06-27 14:37:35 -05:00
Daniel Pouzzner bf088dfc3c linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c: on kernel >= 7.2, remove indirect symbol support for strncpy and add backward-compat implementation wc_linuxkm_strncpy(). 2026-06-27 14:34:06 -05:00
Daniel Pouzzner 538262a5dc linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c: add linuxkm-pie support for CheckOcspResponder() (WOLFSSL_NO_OCSP_ISSUER_CHECK is no longer implied by KERNEL_MODE_DEFAULTS). 2026-06-27 14:30:57 -05:00
Daniel Pouzzner 948ba6ec10 * add hard compile-time assert in settings.h for FIPS v7+ asserting that WOLFSSL_MIN_AUTH_TAG_SZ meets SP 800-38D Rev 1 requirements. 2026-06-27 14:29:06 -05:00
Daniel Pouzzner 7545798248 clean up setup code for kernel modules:
configure.ac:
* remove -DWC_SHA3_NO_ASM from ENABLED_LINUXKM AM_CFLAGS.
* refactor initial setup for KERNEL_MODE_DEFAULTS, adding generic --enable-kernel-settings while retaining legacy --enable-linuxkm-defaults.
* rename $DEF_SP_MATH to $DEF_SP_MATH_ALL.
* remove redundant and unneeded setup for KERNEL_MODE_DEFAULTS and ENABLED_LINUXKM (leverage existing setup in settings.h).
* move some still-needed KERNEL_MODE_DEFAULTS and ENABLED_LINUXKM setup from configure.ac to settings.h.
* set up -DWOLFSSL_KERNEL_MODE_DEFAULTS, so that settings.h can pivot on it.

wolfssl/wolfcrypt/settings.h:
* revise WOLFSSL_LINUXKM section of settings.h to require WOLFSSL_MIN_AUTH_TAG_SZ at least 8 for old FIPS and 12 for new FIPS.  still force down to 4 bytes if crypto fuzzer is enabled, otherwise force down to 8 to support legacy IPsec ESP.
* in the WOLFSSL_LINUXKM section, don't set WC_MLKEM_NO_ASM, and disable DEBUG_VECTOR_REGISTER_ACCESS_FUZZING in ML-KEM, ML-DSA, and SLH-DSA -- intelasm works right, but fuzzing doesn't (yet).
2026-06-27 14:26:56 -05:00
Daniel Pouzzner 7a402566b6 wolfcrypt/src/sha3.c: refactor WC_C_DYNAMIC_FALLBACK using SAVE_VECTOR_REGISTERS2(). 2026-06-27 14:21:36 -05:00
Daniel Pouzzner 8b5b6af44e linuxkm/x86_vector_register_glue.c, linuxkm/linuxkm_wc_port.h, wolfssl/wolfcrypt/memory.h: add WC_SVR_FLAG_FUZZ, implement support for DEBUG_VECTOR_REGISTER_ACCESS_FUZZING directly in the save/restore implementations, and properly reflect existing save state there and in the _FUZZING variants of SAVE_VECTOR_REGISTERS2(). 2026-06-27 14:21:00 -05:00
Daniel Pouzzner 4d46e1eb74 wolfcrypt/test/test.c:
* in slhdsa_keygen_kat() and slhdsa_id_label_test(), pass devId to wc_SlhDsaKey_Init*()
* in cryptocb_test(), inhibit the callback verification check for SLHDSA if FIPS (no crypto callbacks in FIPS-wrapped calls).
2026-06-27 14:14:31 -05:00
Daniel Pouzzner 5ae99fb03b wolfcrypt/src/aes.c, wolfcrypt/src/port/, wolfssl/wolfcrypt/aes.h, wolfcrypt/src/pkcs7.c, wolfcrypt/test/test.c:
* implement wc_local_AesGcmCheckTagSz() with pedantic checks for valid authtag size.  SP 800-38D restrictions are now uniformly imposed, unless WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH is defined (not allow with FIPS).
* refactor tag size checks in wc_AesGcmEncrypt(), wc_AesGcmDecrypt(), wc_AesGcmEncryptFinal(), wc_AesGcmDecryptFinal(), and wc_PKCS7_DecodeAuthEnvelopedData().
* in test.c, update aesgcm_non12iv_test() to skip tag sizes expected to fail.
2026-06-27 14:12:34 -05:00