wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 22:12:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,696 Commits 12 Branches 184 Tags
bfa04ca5be592df73057ff2c25995ecad6616ec1
Commit Graph

26696 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Josh Holtrop
bfa04ca5be Rust wrapper: cmac: fix "success" typo 2025-10-28 08:32:12 -04:00
Josh Holtrop
a6cb6170b6 Rust wrapper: add wolfssl::wolfcrypt::cmac module 2025-10-27 10:41:26 -04:00
David Garske
d54f5e7c6a Merge pull request #9346 from douzzer/20251025-fix-clang-tidy-all-crypto-no-sha-1 
20251025-fix-clang-tidy-all-crypto-no-sha-1
 2025-10-25 08:46:31 -07:00
Daniel Pouzzner
c9cc701097 src/internal.c: suppress clang-analyzer-deadcode.DeadStores in ImportPeerECCKey() introduced by 4964a1760a. 2025-10-25 08:55:23 -05:00
David Garske
7524552b1a Merge pull request #9344 from douzzer/20251024-fixes 
20251024-fixes
 2025-10-24 14:45:44 -07:00
Daniel Pouzzner
c145b7ee81 wolfcrypt/src/aes.c: define GCM_GMULT_LEN() when WOLFSSL_ARMASM, and fix gating on wolfCrypt_FIPS_AES_sanity (always gate in for FIPS v7+); 
wolfcrypt/src/port/af_alg/afalg_aes.c: check for null key arg;

configure.ac: rename BUILD_FIPS_CURRENT to BUILD_FIPS_V2_PLUS (no functional change), and remove unused ARMASM_DIST_SOURCES set up code added in #9332;

src/include.am:
* set up $(ARMASM_SHA256_C), and use it to properly include wolfcrypt/src/sha256.c alongside armasm when appropriate;
* fix gating on Curved25519 armasm (BUILD_FIPS_V6_PLUS, not BUILD_FIPS_V6);

tests/api/test_aes.c and wolfcrypt/test/test.c: gate out incompatible coverage for WOLFSSL_AFALG and WOLFSSL_KCAPI (test_wc_AesCbcEncryptDecrypt_MultiBlocks(), test_wc_AesCtrSetKey*(), test_wc_AesCtrEncrypt*(), test_wc_AesGcmEncryptDecrypt_Sizes()).
 2025-10-24 15:08:56 -05:00
JacobBarthelmeh
a28e107722 Merge pull request #9336 from holtrop/rust-wc-kdf-prf 
Rust wrapper: add wolfssl::wolfcrypt::kdf, wolfssl::wolfcrypt::prf
 2025-10-24 09:27:56 -06:00
JacobBarthelmeh
62deeedb52 Merge pull request #9335 from cconlon/jniAesCts 
Define HAVE_CTS for JNI build, used by JCE AES/CTS/NoPadding
 2025-10-24 09:20:02 -06:00
David Garske
4282ad38ec Merge pull request #9300 from effbiae/ImportPeerECCKey 
refactor to ImportPeerECCKey
 2025-10-24 08:17:54 -07:00
David Garske
c354202f11 Merge pull request #9341 from holtrop/rust-dh-test-fix 
Rust wrapper: fix intermittent test_dh failure
 2025-10-24 08:17:35 -07:00
Josh Holtrop
2127365559 Rust wrapper: fix intermittent test_dh failure 2025-10-24 09:05:19 -04:00
David Garske
67c2d80470 Merge pull request #9337 from douzzer/20251023-FIPS-autotools-fix 
20251023-FIPS-autotools-fix
 2025-10-23 15:44:53 -07:00
Daniel Pouzzner
6ff47a7a4c src/include.am: fix gate flub, !BUILD_FIPS_V6 -> !BUILD_FIPS_V6_PLUS, around sp-asm files (covered earlier for FIPS). 2025-10-23 16:57:39 -05:00
Josh Holtrop
61a277c262 Rust wrapper: Use core::ptr instead of std::ptr 2025-10-23 16:30:03 -04:00
Josh Holtrop
b75be94f0d Rust wrapper: use SHA256::DIGEST_SIZE instead of WC_SHA256_DIGEST_SIZE 2025-10-23 16:24:09 -04:00
Josh Holtrop
5b8115ed8f Rust wrapper: add wolfssl::wolfcrypt::kdf, wolfssl::wolfcrypt::prf 2025-10-23 16:05:07 -04:00
JacobBarthelmeh
33b08ed136 Merge pull request #9328 from holtrop/rust-wc-hmac 
Rust wrapper: add wolfssl::wolfcrypt::hmac module
 2025-10-23 14:02:11 -06:00
Chris Conlon
3e85b572f3 define HAVE_CTS for --enable-jni build, used by JCE AES/CTS/NoPadding mode 2025-10-23 12:46:59 -06:00
JacobBarthelmeh
985a090adc Merge pull request #9334 from julek-wolfssl/wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio-len 
x509: make sure pem buffer will be large enough to hold pem header
 2025-10-23 09:36:46 -06:00
JacobBarthelmeh
7f5d02c36b Merge pull request #9317 from SparkiDev/benchmark_asym_cc 
Benchmark: add cycle counts for asym ops
 2025-10-23 09:31:30 -06:00
David Garske
f376512692 Merge pull request #9332 from douzzer/20251022-FIPS-armasm-autotools-fixup 
20251022-FIPS-armasm-autotools-fixup
 2025-10-23 07:45:32 -07:00
Josh Holtrop
27212312f1 Rust wrapper: Remove unnecessary double casts in hmac 2025-10-23 09:46:05 -04:00
Josh Holtrop
df4a2120c2 Rust wrapper: add wolfssl::wolfcrypt::hkdf module 2025-10-23 09:41:12 -04:00
Josh Holtrop
b801396d52 Rust wrapper: HMAC::get_hmac_size does not need mut ref 2025-10-23 09:32:37 -04:00
Juliusz Sosinowicz
36b64fb5ae x509: make sure pem buffer will be large enough to hold pem header 
Found with Fil-C compiler
 2025-10-23 13:28:07 +02:00
Daniel Pouzzner
3bd5a30a77 .wolfssl_known_macro_extras: snip out a couple no-longer-needed extras. 2025-10-22 22:54:51 -05:00
Daniel Pouzzner
b1f2ff73ed wolfcrypt/src/sha256.c: in wc_Sha256HashBlock(), use ByteReverseWords() rather than a series of ByteReverseWord32() to get WOLFSSL_USE_ALIGN. 2025-10-22 22:54:20 -05:00
Daniel Pouzzner
be301f93da fixes for autotools config around armasm AES/SHA refactor in #9284: in configure.ac, add BUILD_FIPS_V5_PLUS and BUILD_FIPS_V6_PLUS conditionals, and fix BUILD_FIPS_V6 conditional to match v6 only; 
in src/include.am, add LEGACY_ARMASM_foo and NEW_ARMASM_foo helper variables, restore pre-PR9284 armasm clauses, and add or update several FIPS gates as needed;

add empty wolfcrypt/src/port/arm/{armv8-aes.c,armv8-sha256.c,armv8-sha512.c} to mollify autotools, and in wolfcrypt/src/include.am, restore them to EXTRA_DIST if FIPS v5 or v6.
 2025-10-22 22:52:24 -05:00
Sean Parkinson
dc45a6f340 Benchmark: add cycle counts for asym ops 
Added million of cycles per op information.
Getting cycle count for Aarch64 now too.
 2025-10-23 08:43:05 +10:00
JacobBarthelmeh
4daab8a813 Merge pull request #9284 from SparkiDev/aarch64_asm_gen 
Aarch64 asm: convert to generated
 2025-10-22 11:10:27 -06:00
JacobBarthelmeh
520d9501af Merge pull request #9322 from SparkiDev/crldist_reason_fix 
X.509 cert: crl distribution point reasons is IMPLICIT
 2025-10-22 09:33:08 -06:00
JacobBarthelmeh
d60e4ddbd1 Merge pull request #9329 from SparkiDev/regression_fixes_20 
Regression testing fixes
 2025-10-22 09:12:58 -06:00
JacobBarthelmeh
58e37067ef Merge pull request #9315 from SparkiDev/aes_cfb_ofb_improv 
AES: Improve CFB and OFB and add tests
 2025-10-22 09:06:46 -06:00
Sean Parkinson
821dc5cb13 Regression testing fixes 
Adding protection to tests that use RSA and ECC.
 2025-10-22 18:33:44 +10:00
Sean Parkinson
8533bc803b AES: Improve CFB and OFB and add tests 
Improve performance of CFB and OFB.
Only have one implementation that is used by OFB encrypt and decrypt.

Update AES testing in unit.test.

Update benchmarking of CFB and OFb to include decrypt.
 2025-10-22 12:19:56 +10:00
effbiae
4964a1760a refactor to ImportPeerECCKey 2025-10-22 13:03:55 +11:00
Josh Holtrop
ce610db4e8 Rust wrapper: add wolfssl::wolfcrypt::hmac module 2025-10-21 16:59:32 -04:00
philljj
7e6c86a6c3 Merge pull request #9326 from douzzer/20251021-KDF-FIPS-gate-tweaks 
20251021-KDF-FIPS-gate-tweaks
 2025-10-21 12:49:21 -05:00
David Garske
9c3a0e3a67 Merge pull request #9324 from douzzer/20251020-coverity-WC_SAFE_foo 
20251020-coverity-WC_SAFE_foo
 2025-10-21 09:41:25 -07:00
JacobBarthelmeh
936e350c63 Merge pull request #9325 from LinuxJedi/zp-fixes 
Fix things found with ZeroPath
 2025-10-21 10:19:01 -06:00
Brett Nicholas
1134d246f7 Merge pull request #9309 from night1rider/CryptoCbCopy 
Add crypto callback support for copy/free operations (SHA-256)
 2025-10-21 09:45:18 -06:00
Daniel Pouzzner
b07bc74a71 wolfcrypt/test/test.c: skip nist_sp80056c_kdf_test() and nist_sp800108_cmac() on FIPS <7.0.0. 2025-10-21 10:38:55 -05:00
JacobBarthelmeh
818d1e37eb Merge pull request #9321 from anhu/no_conv_ems 
Prevent a conversion warning
 2025-10-21 09:38:00 -06:00
David Garske
c1339abc05 Merge pull request #9323 from philljj/fix_coverity_onestep 
KDF onestep: hashOutSz err check.
 2025-10-21 08:23:05 -07:00
David Garske
6f9ca6cb52 Merge pull request #9294 from LinuxJedi/benchmark-ram 
Benchmark memory tracking
 2025-10-21 08:15:28 -07:00
David Garske
0eb7ad0ead Merge pull request #9320 from holtrop/rust-wc-sha 
Rust wrapper: add wolfssl::wolfcrypt::sha module
 2025-10-21 08:15:01 -07:00
Andrew Hutchings
90e0857d2d Validate LinuxKM I/O lengths 
Reject negative lengths and normalize to size_t before calling kernel_sendmsg/kernel_recvmsg so the kernel transport can’t be tricked into huge or wrapped iov_len values.
 2025-10-21 14:40:36 +01:00
Andrew Hutchings
259670055a Bound buffered HTTP body size 
Clamp per-chunk and aggregated HTTP response sizes before allocating in wolfIO_HttpProcessResponseBuf so untrusted Content-Length or chunk headers can’t overflow the arithmetic or force giant buffers.
 2025-10-21 14:13:41 +01:00
Andrew Hutchings
be1428d108 Validate AF_ALG RSA inputs 
Require the ciphertext length to match the RSA modulus before copying into the AF_ALG Xilinx stack buffer, preventing oversized inputs from overflowing the aligned scratch space.
 2025-10-21 13:57:36 +01:00
Andrew Hutchings
11d2f4894e Guard ProcessKeyShare against truncated key shares 
Add bounds check before reading named_group so malformed TLS 1.3 key share data cannot read past the supplied buffer.
 2025-10-21 13:40:00 +01:00