Commit Graph

27782 Commits

Author SHA1 Message Date
Daniel Pouzzner 9ca32e23d4 linuxkm/linuxkm-fips-hash.c: cosmetic bikeshedding (AI-prompted);
linuxkm/linuxkm_memory.c and linuxkm/linuxkm_memory.h: set up and use WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ.
2026-02-20 15:45:27 -06:00
Daniel Pouzzner 10ba02fe40 linuxkm/lkcapi_sha_glue.c: add -wolfentropy and/or -rdseed to WOLFKM_STDRNG_DRIVER to advertise the seed source. 2026-02-20 15:44:54 -06:00
Daniel Pouzzner f84377ed69 linuxkm/linuxkm-fips-hash-wrapper.sh: make sure awk is gawk. 2026-02-20 11:35:47 -06:00
Daniel Pouzzner 70aa3dc5b1 20260204-linuxkm-fips-hash: more fixes+improvements from peer and AI review:
linuxkm/linuxkm_memory.c:
* fix straddle check in wc_reloc_normalize_text();
* fix seg_map bounds checks in wc_fips_generate_hash();

linuxkm/linuxkm_memory.h: fix initializer for wc_reloc_table_segments.bss_end;

wolfssl/wolfcrypt/settings.h: add WC_BITS_TO_BYTES() and WC_BITS_FULL_BYTES() and deploy opportunistically to wolfssl/internal.h, wolfssl/wolfcrypt/{asn.h,dh.h,rsa.h,types.h}, wolfcrypt/src/sakke.c, and wolfcrypt/test/test.c.
2026-02-20 11:09:37 -06:00
Daniel Pouzzner 9443f59db1 linuxkm/linuxkm-fips-hash.c: fix overlong lines;
.wolfssl_known_macro_extras: fix lexical order.
2026-02-20 11:09:37 -06:00
Daniel Pouzzner db7a04a626 improvements spurred by peer review for 20260204-linuxkm-fips-hash:
configure.ac: add --enable-kernel-verbose-debug and --enable-kernel-stack-debug;

linuxkm/Makefile:
* add QFLAG and VFLAG setup, and pass their values appropriately;
* add missing `@set -e` and `-Wall -Wextra` to the linuxkm-fips-hash recipe;
* use +$(MAKE), not @$(MAKE), for proper dry run recursion.

linuxkm/README.md: update to reflect new goodies, and generally revise+extend remarks.

linuxkm/linuxkm-fips-hash-wrapper.sh: add copyright header; pass through extra caller arguments to ./linuxkm-fips-hash.

linuxkm/linuxkm-fips-hash.c:
* add copyright header;
* fix code around user_coreKey;
* add explicit wolfCrypt_Cleanup() and cleanup of mod_fd and mod_map at end;
* remove unused reloc_tab_len
* fix a couple -Wsign-compares;
* add missing fprintf arguments
* properly set ret = -1 in a couple failure paths.

linuxkm/linuxkm_wc_port.h: set WOLFSSL_LINUXKM_VERBOSE_DEBUG when WOLFSSL_KERNEL_VERBOSE_DEBUG, and recognize WOLFSSL_KERNEL_STACK_DEBUG as a synonym for WC_LINUXKM_STACK_DEBUG.

linuxkm/linuxkm_memory.c and linuxkm/linuxkm_memory.h: add brief explanatory comments.
2026-02-20 11:09:37 -06:00
Daniel Pouzzner f376ae210e Implement Linux kernel module offline integrity hash calculation:
Add:

* linuxkm/linuxkm-fips-hash.c
* linuxkm/linuxkm-fips-hash-wrapper.sh
* linuxkm/linuxkm_memory.h

Move from linuxkm/module_hooks.c to linuxkm/linuxkm_memory.c:
* reloc_layouts[]
* find_reloc_tab_offset()
* the body of wc_linuxkm_normalize_relocations() as wc_reloc_normalize_text()
* most of updateFipsHash() as wc_fips_generate_hash()

Move from linuxkm/linuxkm_wc_port.h to linuxkm/linuxkm_memory.h:
* struct wc_linuxkm_pie_reloc_tab_ent
* enum wc_reloc_dest_segment
* enum wc_reloc_type

linuxkm/Makefile:
* Update GENERATE_RELOC_TAB recipe to populate new fields in struct wc_reloc_table_ent.
* Add targets:
  * libwolfssl-user-build/src/.libs/libwolfssl.so
  * linuxkm-fips-hash
  * module-with-matching-fips-hash
  * module-with-matching-fips-hash-no-sign
* Add support for alternate target module name, via LIBWOLFSSL_NAME make variable.

linuxkm/linuxkm_wc_port.h and linuxkm/module_hooks.c:
* Fixes to make linuxkm-pie work with CONFIG_KASAN.
* Implement WC_LINUXKM_STACK_DEBUG:
  * wc_linuxkm_stack_bottom()
  * wc_linuxkm_stack_top()
  * wc_linuxkm_stack_current()
  * wc_linuxkm_stack_left()
  * wc_linuxkm_stack_hwm_prepare()
  * wc_linuxkm_stack_hwm_measure_rel()
  * wc_linuxkm_stack_hwm_measure_total()

wolfssl/wolfcrypt/settings.h:
* When WOLFSSL_KERNEL_MODE, make sure WOLFSSL_GENERAL_ALIGNMENT is at least SIZEOF_LONG.
* When WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE, make sure WOLFSSL_BASE16 is defined.

configure.ac and wolfcrypt/benchmark/benchmark.c: Disable scrypt when KERNEL_MODE_DEFAULTS, due to excessive memory requirements.
2026-02-20 11:09:37 -06:00
Andrew Hutchings 0c19fb17d6 Merge pull request #9745 from dgarske/stm32_hmac
Support for STM32 HMAC hardware
2026-02-20 14:30:31 +00:00
David Garske 9e5d03b23e Merge pull request #9803 from holtrop-wolfssl/rust-fips-v5
Rust wrapper: add compatibility with older FIPS v5 package
2026-02-19 13:40:21 -08:00
Josh Holtrop 2ada1a3629 Rust wrapper: add compatibility with older FIPS v5 package 2026-02-19 12:50:05 -05:00
David Garske 41614d10ed Add STM32 hardware HMAC support 2026-02-19 09:11:02 -08:00
David Garske f1e8c1b886 Merge pull request #9787 from holtrop-wolfssl/fix-integrity-only-cipher-nonce-calculation
Fix integrity-only cipher nonce calculation
2026-02-19 09:05:24 -08:00
David Garske 936d20afbe Merge pull request #9799 from SparkiDev/arm64_aes_dec_fix
ARM64 AES ASM base: TD4 is only 256 bytes long
2026-02-19 08:50:48 -08:00
David Garske 1047aaa881 Merge pull request #9796 from JacobBarthelmeh/copyright
update Copyright year
2026-02-19 08:47:30 -08:00
David Garske 7e8b08179c Merge pull request #9798 from lealem47/arm32_kernel
Fix SIZEOF_LONG default for 32-bit Linux kernel modules
2026-02-19 08:45:57 -08:00
David Garske 69b28cd5e4 Merge pull request #9801 from LinuxJedi/static-fixes3
Fix things found in static analysis
2026-02-19 08:44:38 -08:00
Andrew Hutchings 17680a2359 Fix leak in PKCS7 RSA-OAEP 2026-02-19 11:42:21 +00:00
Andrew Hutchings 4551926dad Fix inverted logic in Sphincs and Falcon 2026-02-19 11:40:36 +00:00
Andrew Hutchings 66de1d6cdb Fix wolfSSL_CRYPTO_memcmp
This is used by the OpenSSL compatibility layer. If either parameter was
NULL, it would return as a match. We should return a non-match instead.

OpenSSL itself has no safety checks here.
2026-02-19 11:01:52 +00:00
Sean Parkinson 88451a71b3 ARM64 AES ASM base: TD4 is only 256 bytes long
Pre-fetch fewer entries of TD4, than TD, as it is only 256 bytes long.
2026-02-19 09:31:00 +10:00
Sean Parkinson 3a1aa8310e Merge pull request #9780 from mattia-moffa/20260216-pkcs-ecdh-fixes
Fix PKCS11 object leak in Pkcs11ECDH
2026-02-19 08:46:30 +10:00
David Garske c5bbe798ec Merge pull request #9760 from SparkiDev/mldsa_small_matrix_mul_reduce
ML-DSA/Dilithium: reduce vector when small build
2026-02-18 14:40:40 -08:00
David Garske 2aa9f991f8 Merge pull request #9738 from anhu/cmake_HSC
Add HAVE_SECRET_CALLBACK to cmake.
2026-02-18 13:56:19 -08:00
Lealem Amedie 63c4b29638 Add __SIZEOF_LONG__ to .wolfssl_known_macro_extras 2026-02-18 14:30:39 -07:00
David Garske eceb55ebeb Merge pull request #9795 from LinuxJedi/static-fixes2
Static analysis fixes
2026-02-18 12:07:26 -08:00
Lealem Amedie 4e6d9ea02b Fix SIZEOF_LONG default for 32-bit Linux kernel modules 2026-02-18 12:23:29 -07:00
David Garske 2971c7024b Merge pull request #9671 from SparkiDev/aes_gcm_arm32_hw_crypto_set_key_unaligned
ARM32 HW Crypto: AES-GCM set key unaligned key
2026-02-18 10:54:42 -08:00
David Garske 7efefc7b22 Merge pull request #9792 from SparkiDev/sp_c_rsa_pub_only
SP C - RSA public only build with DH
2026-02-18 10:01:53 -08:00
Andrew Hutchings 7248ca3592 Add SM2 to renewcerts.sh 2026-02-18 18:01:33 +00:00
Andrew Hutchings 2e8f9fe595 Fix SM2 certs to have the correct public key OID
OpenSSL 3.5+ handles the OIDs differently.
2026-02-18 18:01:33 +00:00
Andrew Hutchings 4e37d99d07 Fix OCSP key-based responder ID lookup when SM2/SM3 is enabled.
When WOLFSSL_SM2 and WOLFSSL_SM3 are both defined, KEYID_SIZE becomes 32
(WC_SM3_DIGEST_SIZE) but OCSP_RESPONDER_ID_KEY_SZ remains 20 (SHA-1 per
RFC 6960). The guard (int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ in
OcspFindSigner() and OcspRespIdMatch() evaluated to false (32 != 20),
completely disabling key-based OCSP responder ID matching. This caused
OCSP stapling to fail with BAD_CERTIFICATE_STATUS_ERROR (-406) against
any server using a key-based responder ID (e.g. login.live.com).

Fix by comparing only OCSP_RESPONDER_ID_KEY_SZ bytes for the responder
ID match, and zero-padding the 20-byte key hash to KEYID_SIZE before
passing to CA lookup functions that compare the full KEYID_SIZE.
2026-02-18 18:01:33 +00:00
Andrew Hutchings 730519211d Fix wrong flags read on BIO write 2026-02-18 18:01:33 +00:00
Andrew Hutchings 3ffa625fd4 Fix leak in Aria upon error 2026-02-18 18:01:33 +00:00
Andrew Hutchings 2d2efccf71 Add CI test for wolfSM + wolfSSL 2026-02-18 18:01:33 +00:00
Andrew Hutchings 5bb447dee6 Fix copy/paste error in SM4 CBC Decrypt Async 2026-02-18 18:01:33 +00:00
Andrew Hutchings 43aad1e4d7 Fix SM4 TLS 1.3 decrypt auth tag and SM2 cert verification
- Fix SM4 GCM/CCM TLS 1.3 decrypt to read auth tag from input buffer
  instead of output buffer, consistent with all other AEAD ciphers
  (src/tls13.c)

- Fix SM4_BLOCK_SIZE typo (was SM$_BLOCK_SIZE) in TicketEncDec SM4-GCM
  decrypt path (src/internal.c)

- Fix SM2 certificate signature verification for certs using
  id-ecPublicKey (ECDSAk) with SM2-with-SM3 signature algorithm.
  OpenSSL creates SM2 cert signatures without the standard
  distinguishing identifier in the ZA hash. The SM2k code path already
  handled this correctly (idSz=0), but the ECDSAk + CTC_SM3wSM2 path
  was incorrectly using CERT_SIG_ID_SZ (16), causing ASN_SIG_CONFIRM_E
  (-155) when verifying non-self-signed SM2 certs (wolfcrypt/src/asn.c)

- Regenerate expired SM2 test certificates via certs/sm2/gen-sm2-certs.sh
  They had expired.
2026-02-18 18:01:33 +00:00
Andrew Hutchings b7c3bbf101 Fixes to size checking
In `quic_record_transfer()`, the unsigned subtraction
`qr->end - qr->start` could wrap around if `end < start`, and the
subsequent `len <= 0` check was ineffective on a `word32`. Move the
comparison before the subtraction so the function returns `0` safely.

In `GetEchConfig()`, `XSTRLEN(config->publicName)` was assigned to a
single byte, silently truncating names longer than 255 characters while
`XMEMCPY` still copied the full string. Add a 255-byte length
validation in both `wolfSSL_CTX_GenerateEchConfig()` and
`GetEchConfig()`, and cache the length in a local variable to avoid
redundant `XSTRLEN` calls.
2026-02-18 18:01:33 +00:00
JacobBarthelmeh 4d3463cccd addjust ESP-IDF comment to match expected pattern 2026-02-18 10:08:14 -07:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Daniel Pouzzner add60da56a Merge pull request #9794 from sameehj/vtest2-fix
Fix haproxy CI: VTest2 repo archived, use `last` tag
2026-02-18 10:30:01 -06:00
David Garske 0dd5009db0 Merge pull request #9768 from anhu/wc_CheckPrivateKey
wc_CheckPrivateKey returns NOT_COMPILED_IN for certain gating flags
2026-02-18 08:01:53 -08:00
Sameeh Jubran f19c563331 Fix haproxy CI: VTest2 repo archived, use last tag
The vtest/VTest2 GitHub repo was archived on 2026-02-18 and its main
branch Makefile now exits with "THIS REPOSITORY HAS MOVED". The
maintainers tagged the last buildable commit as `last`.

Patch build-vtest.sh for both haproxy versions in the matrix:
- v3.1.0 still references wlallemand/VTest (removed long ago)
- v3.2.0 references vtest/VTest2 main branch (now broken)

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-18 15:53:05 +02:00
Sean Parkinson 63b9d13db8 Merge pull request #9790 from bigbrett/sp-rsa-unused-var
Fix macro protection in SP code for RSA_LOW_MEM
2026-02-18 16:36:04 +10:00
Mattia Moffa 817523df72 Adjust execution flow 2026-02-18 03:52:47 +01:00
Sean Parkinson 6b46754800 SP C - RSA public only build with DH
Fix build to compile when RSA public only but DH included.
2026-02-18 12:26:00 +10:00
Brett Nicholas 140f9aafe2 test-fix 2026-02-17 15:54:12 -07:00
Brett Nicholas 2c7eb9bc12 fix macro protection for sp_*_cond_add_* in ARM SP asm to prevent unused function warning when used with RSA_LOW_MEM 2026-02-17 15:33:14 -07:00
Anthony Hu 50fbf7f721 wc_CheckPrivateKey() returns NOT_COMPILED_IN for certain gating flags 2026-02-17 17:02:08 -05:00
Josh Holtrop b4427dd7fd Do not attempt to run integrity-only OpenSSL interop tests with OpenSSL < 3.4 2026-02-17 14:20:52 -05:00
David Garske 5960a365de Merge pull request #9776 from Pushyanth-Infineon/fix_psoc6_sha_includes
Fix missing header includes and conditional compilation issue for PSoC6 port.
2026-02-17 10:12:00 -08:00