wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 15:02:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,655 Commits 12 Branches 184 Tags
9c3a0e3a67bc49fb062cee996b25916bfc3d70a1
Commit Graph

26655 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
9c3a0e3a67 Merge pull request #9324 from douzzer/20251020-coverity-WC_SAFE_foo 
20251020-coverity-WC_SAFE_foo
 2025-10-21 09:41:25 -07:00
JacobBarthelmeh
936e350c63 Merge pull request #9325 from LinuxJedi/zp-fixes 
Fix things found with ZeroPath
 2025-10-21 10:19:01 -06:00
Brett Nicholas
1134d246f7 Merge pull request #9309 from night1rider/CryptoCbCopy 
Add crypto callback support for copy/free operations (SHA-256)
 2025-10-21 09:45:18 -06:00
JacobBarthelmeh
818d1e37eb Merge pull request #9321 from anhu/no_conv_ems 
Prevent a conversion warning
 2025-10-21 09:38:00 -06:00
David Garske
c1339abc05 Merge pull request #9323 from philljj/fix_coverity_onestep 
KDF onestep: hashOutSz err check.
 2025-10-21 08:23:05 -07:00
David Garske
6f9ca6cb52 Merge pull request #9294 from LinuxJedi/benchmark-ram 
Benchmark memory tracking
 2025-10-21 08:15:28 -07:00
David Garske
0eb7ad0ead Merge pull request #9320 from holtrop/rust-wc-sha 
Rust wrapper: add wolfssl::wolfcrypt::sha module
 2025-10-21 08:15:01 -07:00
Andrew Hutchings
90e0857d2d Validate LinuxKM I/O lengths 
Reject negative lengths and normalize to size_t before calling kernel_sendmsg/kernel_recvmsg so the kernel transport can’t be tricked into huge or wrapped iov_len values.
 2025-10-21 14:40:36 +01:00
Andrew Hutchings
259670055a Bound buffered HTTP body size 
Clamp per-chunk and aggregated HTTP response sizes before allocating in wolfIO_HttpProcessResponseBuf so untrusted Content-Length or chunk headers can’t overflow the arithmetic or force giant buffers.
 2025-10-21 14:13:41 +01:00
Andrew Hutchings
be1428d108 Validate AF_ALG RSA inputs 
Require the ciphertext length to match the RSA modulus before copying into the AF_ALG Xilinx stack buffer, preventing oversized inputs from overflowing the aligned scratch space.
 2025-10-21 13:57:36 +01:00
Andrew Hutchings
11d2f4894e Guard ProcessKeyShare against truncated key shares 
Add bounds check before reading named_group so malformed TLS 1.3 key share data cannot read past the supplied buffer.
 2025-10-21 13:40:00 +01:00
Andrew Hutchings
8b4f816ae7 BioReceiveInternal: allow NULL write BIO 
Some callers, such as the OCSP request context, only supply a read BIO. Guard the write-BIO pending check so a read error or EOF does not dereference NULL.
 2025-10-21 13:12:52 +01:00
Andrew Hutchings
e6ca4d15e2 MicriumReceiveFrom: tighten peer validation 
Reject DTLS datagrams when the stored peer is missing, the address length changes, or the address bytes differ. The old check required both the length and byte comparisons to fail, letting spoofed peers through when only one mismatch occurred.
 2025-10-21 13:10:04 +01:00
Daniel Pouzzner
ca552cc345 src/internal.c: work around false positive "C4701: potentially uninitialized local variable" in GrowOutputBuffer(). 2025-10-20 23:54:15 -05:00
Daniel Pouzzner
279238ce63 wolfssl/wolfcrypt/types.h: 
* fix WC_MIN_SINT_OF().
* add outer cast back to target type in WC_MAX_UINT_OF() and WC_MAX_SINT_OF().
* rename WC_SAFE_SUM_*_NO_WUR to WC_SAFE_SUM_*_CLIP().
* remove clipping assignments from failure paths in WC_WUR_INT() variants.
* add WC_SAFE_SUB_UNSIGNED_CLIP(), WC_SAFE_SUB_UNSIGNED(), WC_SAFE_SUB_SIGNED_CLIP(), and WC_SAFE_SUB_SIGNED().
* add Coverity-specific annotations in WC_SAFE_*() to suppress false-positive overflow warnings.

wolfcrypt/test/test.c:
* implement macro_test().
* fix stray uint32_t's in crypto_ecc_verify() and crypto_ecc_sign() arg lists.

wolfssl/wolfcrypt/ext_xmss.h: fix stray uint32_t.
 2025-10-20 23:27:09 -05:00
jordan
c1032a8cb6 KDF onestep: hashOutSz err check. 2025-10-20 22:05:41 -05:00
Sean Parkinson
5adf392d56 Merge pull request #9281 from effbiae/tlsx-with-ech 
refactor to TLSX_ChangeSNIBegin/End
 2025-10-21 10:58:33 +10:00
Andrew Hutchings
00c936c29e Only change WC_BENCH_MAX_LINE_LEN when we need to 2025-10-20 18:58:16 +01:00
night1rider
f1faefed91 Added callbacks for copy and free to SHA, 224, 384, 512, and SHA3. Also split macros for FREE and COPY Callbacks, and add configure.ac option. 2025-10-20 11:09:35 -06:00
Anthony Hu
26ba17b48e Prevent a conversion warning 2025-10-20 12:20:59 -04:00
David Garske
d86575c766 Merge pull request #9312 from night1rider/FixCallbackRngInit 
Refactor wc_rng_new to use wc_rng_new_ex, and to use WC_USE_DEVID as the devId if set at compile time
 2025-10-20 09:19:17 -07:00
night1rider
0dca3bc24d Setup to be opt-in for copy callback, and also added a outline for a free callback 2025-10-20 10:07:24 -06:00
night1rider
4d6418f31a Add crypto callback support for copy operations (SHA-256) 2025-10-20 10:06:30 -06:00
David Garske
7fa53c8c71 Merge pull request #9289 from philljj/cmac_kdf 
cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step.
 2025-10-20 08:33:30 -07:00
night1rider
bd4099d2d7 Update test.c tests to use global devId instead of INVALID_DEVID 2025-10-20 09:16:23 -06:00
night1rider
28c78b5c0c Use global devId for RNG initialization in tests: mlkem_test, dilithium_test, xmss_test, lms_test 2025-10-20 09:16:23 -06:00
night1rider
fba8cab200 Refactor wc_rng_new to use wc_rng_new_ex, and to use WC_USE_DEVID as the devId if set at compile time 2025-10-20 09:16:23 -06:00
jordan
525c212d1c cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step. 2025-10-20 08:20:23 -05:00
Josh Holtrop
987bf2fe2e Rust wrapper: fix test_ecc sig_to_rs() check 2025-10-20 09:09:53 -04:00
Josh Holtrop
714abfa1c0 Rust wrapper: add wolfssl::wolfcrypt::sha module 2025-10-20 08:44:07 -04:00
philljj
aba9ee4015 Merge pull request #9319 from douzzer/20251018-linuxkm-gdwarf-4-g1 
20251018-linuxkm-gdwarf-4-g1
 2025-10-18 14:35:46 -05:00
Daniel Pouzzner
9881c95c46 linuxkm/Kbuild: refactor RENAME_PIE_TEXT_AND_DATA_SECTIONS to automatically derive the list of all ELF sections to rename, rather than enumerating them staticly in the objcopy recipe (motivated by changes expected in kernel 6.19). 2025-10-18 12:07:35 -05:00
Daniel Pouzzner
a36dd35e59 linuxkm: rename FIPS container segments from foo.wolfcrypt to foo_wolfcrypt to avoid getting rearranged by kernel scripts/module.lds klp/kpatch clauses expected in kernel 6.19. 2025-10-18 03:23:38 -05:00
Daniel Pouzzner
2bbc3a0ae2 wolfcrypt/test/test.c: fixes for --disable-sha256, --disable-hmac, --disable-rng, and FIPS gating on RSA-PSS. 2025-10-18 02:05:55 -05:00
Daniel Pouzzner
08f5c3e8b9 configure.ac: in linuxkm setup, use -g1 explicitly unless --enable-debug, whereupon use -g3. also, add -gdwarf-4 to AM_CCASFLAGS. 2025-10-18 01:56:48 -05:00
Andrew Hutchings
d87ca70048 Fix mixed declaration / code 2025-10-18 06:18:29 +01:00
Andrew Hutchings
01dc28ad31 Seperate AES alloc / dealloc phases 2025-10-18 06:13:40 +01:00
Andrew Hutchings
65bb68b6c0 Move heap/stack tracking to before init phase 
Start tracking during the setup of the algo, so we can capture the
memory usage of the algo init functions.
 2025-10-18 06:13:36 +01:00
Andrew Hutchings
036c66c777 Benchmark memory tracking 
This adds heap and stack tracking to wolfCrypt bench so that it is
possible to see RAM usage. It also adds support for stack tracking in
microcontrollers (tested on STM32).
 2025-10-18 06:09:01 +01:00
philljj
c091c8b7ba Merge pull request #9318 from douzzer/20251017-linuxkm-signal-handling-tweaks 
20251017-linuxkm-signal-handling-tweaks
 2025-10-17 21:17:20 -05:00
Daniel Pouzzner
69f236be0a linuxkm/linuxkm_wc_port.h: suppress -Wformat-nonliteral while including kernel headers (needed for kernel <=4.9). 2025-10-17 19:31:17 -05:00
Daniel Pouzzner
6a0be6a7f7 configure.ac: remove -g0 from, and always add -DHAVE_REPRODUCIBLE_BUILD to, reproducible-build AM_CFLAGS, and always add -gdwarf-4 to AM_CFLAGS when ENABLED_LINUXKM; 
.github/workflows/linuxkm.yml: restore as-was, but change from oldconfig to olddefconfig.
 2025-10-17 18:24:32 -05:00
Daniel Pouzzner
d2f819a2f6 linuxkm/module_hooks.c and linuxkm/lkcapi_glue.c: check retval from WC_SIG_IGNORE_BEGIN(). 2025-10-17 18:23:25 -05:00
David Garske
d475985062 Merge pull request #9306 from holtrop/rust-wc-dh 
Rust wrapper: add wolfssl::wolfcrypt::dh module
 2025-10-17 15:41:58 -07:00
Daniel Pouzzner
e142a9629f linuxkm/linuxkm_wc_port.h and linuxkm/module_hooks.c: tweak gating for verifyCore and my_kallsyms_lookup_name, and use the latter to reach verifyCore on old FIPS. also tweak the In-core integrity hash check failure." message to supply module-update-fips-hash instructions. 2025-10-17 17:12:37 -05:00
Daniel Pouzzner
354c576c96 .github/workflows/linuxkm.yml: comment out --enable-linuxkm-pie config, pending resolution of "dwarf_get_units failed" on Azure kernel 6.14 image. 2025-10-17 15:00:04 -05:00
Daniel Pouzzner
7a43732daa linuxkm/linuxkm_wc_port.h, wolfssl/wolfcrypt/types.h, linuxkm/module_hooks.c, linuxkm/lkcapi_glue.c: 
* add WC_SIG_IGNORE_BEGIN(), WC_SIG_IGNORE_END(), wc_linuxkm_sig_ignore_begin(), wc_linuxkm_sig_ignore_end();
* move WC_CHECK_FOR_INTR_SIGNALS() and WC_RELAX_LONG_LOOP() definitions outside the BUILDING_WOLFSSL gate;
* refactor linuxkm_lkcapi_registering_now as a wolfSSL_Atomic_Int and use it as a mutex for linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister();
* add WC_SIG_IGNORE_BEGIN()...WC_SIG_IGNORE_END() wrappers around all relevant critical spans in linuxkm glue.
 2025-10-17 14:58:21 -05:00
Josh Holtrop
4faa21a74a Rust wrapper: Fix DH::FFDHE_* constant values 2025-10-17 14:46:15 -04:00
Josh Holtrop
8e7f77db76 Rust wrapper: add wolfssl::wolfcrypt::dh module 2025-10-17 14:46:15 -04:00
lealem47
5280bfb89a Merge pull request #9297 from douzzer/20251011-more-fips-optest-tweaks 
20251011-more-fips-optest-tweaks
 2025-10-17 12:44:25 -06:00