wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 04:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,333 Commits 12 Branches 184 Tags
c979f95648c4e11276c9b2e061bee56facb68ee4
Commit Graph

9117 Commits

Author SHA1 Message Date
David Garske
5c2c4599ed Merge pull request #9537 from SparkiDev/aarch64_darwin_addr_calc_fix 
ARM64 ASM: Darwin specific address calc fix
 2026-01-07 09:50:05 -08:00
David Garske
cf9016b29f Merge pull request #9622 from SparkiDev/rsa_pkcs15_verify_bounds_check 
RSA PKCS#1.5 verify: bounds check input
 2026-01-07 08:26:24 -08:00
David Garske
84aeeb655f Merge pull request #9580 from SparkiDev/curve25519_smul_improv 
Curve25519 improvements
 2026-01-07 08:25:41 -08:00
David Garske
19f7b946f5 Merge pull request #9621 from SparkiDev/mlkem_check_pub 
MLKEM: check public key when decoding
 2026-01-07 08:24:51 -08:00
David Garske
dd8d2a2d4d Merge pull request #9575 from SparkiDev/dilithium_16_bit_fixes 
MLDSA/Dilithium: fix 16-bit int issues
 2026-01-07 08:24:22 -08:00
David Garske
b5d3c87876 Merge pull request #9603 from SparkiDev/ppc32_sha256_asm_reg 
PPC32 ASM: alternative C code with registers prepended
 2026-01-07 08:23:55 -08:00
David Garske
315ebf5be6 Merge pull request #9615 from SparkiDev/arm32_aes_block_inline 
AES ARM32/Thumb2: option to inline block
 2026-01-07 08:21:51 -08:00
Sean Parkinson
80a0f6bb32 RSA PKCS#1.5 verify: bounds check input 
As long as NO_RSA_BOUNDS_CHECK is not defined, the input range is
checked for verification.
 2026-01-07 17:49:50 +10:00
Sean Parkinson
2a08fbe3ed MLKEM: check public key when decoding 
Check that the public key values are less than Q when decoding.
 2026-01-07 13:11:15 +10:00
Sean Parkinson
b293a1cc5c Merge pull request #9591 from rlm2002/coverity 
20251229 Coverity Dereference before Null check
 2026-01-06 20:25:01 +10:00
Sean Parkinson
a1089ba9f2 AES ARM32/Thumb2: option to inline block 
Branching to a common block encrypt/decrypt may work for assembly but
not always for C code.
Added option, for assembly and inline assembly, to inline block
encrypt/decrypt: WOLFSSL_ARMASM_AES_BLOCK_INLINE.
 2026-01-06 11:24:21 +10:00
Sean Parkinson
38241227a2 Curve25519 improvements 
Add non-constant time implemenations of mod_inv for x64 and Aarch64
assembly.

Generate base point table, with better formatting, for double smul with
a script.
Increase Bi table size to 32 entries for 64-bit asm.
Minor improvements to double smul.

WOLFSSL_CURVE25519_NOT_USE_ED25519 to not use ed25519 base smul in
curve25519 base smul.
 2026-01-06 10:24:21 +10:00
Sean Parkinson
99692003d4 PPC32 ASM: alternative C code with registers prepended 
C implementation with registers prepended with letter 'r'.
 2026-01-05 21:12:10 +10:00
Daniel Pouzzner
cb78341886 Merge pull request #7586 from kareem-wolfssl/gh7197 
Keep RNG seed file descriptor open until the RNG is freed.
 2025-12-30 15:57:25 -06:00
philljj
5fa06818c0 Merge pull request #9595 from douzzer/20251229-linuxkm-rng-wolfentropy 
20251229-linuxkm-rng-wolfentropy
 2025-12-30 14:50:53 -06:00
Daniel Pouzzner
0621615b15 wolfcrypt/src/random.c: remove WC_VERBOSE_RNG messaging from wc_RNG_TestSeed(), which is called by test code with expected failure, and move it to _InitRng() and PollAndReSeed(), where it's always expected to succeed. 2025-12-30 13:27:31 -06:00
Daniel Pouzzner
299ca1cfef fixes from peer review: added comments for clarity, and remove errant condition added in _InitRng(). 2025-12-30 12:13:15 -06:00
JacobBarthelmeh
7a2e1c1dd0 Merge pull request #9585 from dgarske/add-missing-api-docs 
Add missing API documentation
 2025-12-30 09:37:22 -07:00
Daniel Pouzzner
450b0b46c6 wolfcrypt/src/random.c and wolfssl/wolfcrypt/settings.h: add WC_VERBOSE_RNG messages, and activate by default when WOLFSSL_KERNEL_MODE. 2025-12-29 20:55:36 -06:00
Anthony Hu
48ebe99372 Validate asn date based on position of Z (#8603) 2025-12-29 16:01:22 -06:00
Ruby Martin
39056bb262 move null check to prevent dereference before null check issue 
add new scope, whitespace
 2025-12-29 10:55:13 -07:00
David Garske
5b5686c53c Peer review improvements. 2025-12-29 08:37:51 -08:00
Daniel Pouzzner
7bbd28d369 wolfcrypt/src/aes.c: fix clang-diagnostic-unreachable-code in AesSetKey_C(). 2025-12-26 18:13:44 -06:00
Daniel Pouzzner
3b3ddd1fb4 wolfcrypt/src/random.c: in wc_GenerateSeed(), move the gate closures for !FORCE_FAILURE_RDSEED and !ENTROPY_MEMUSE_FORCE_FAILURE to follow the /dev/urandom fallback method. 2025-12-26 14:16:11 -06:00
Kareem
0a02f5ef6b Code review feedback 2025-12-24 17:12:40 -07:00
Kareem
496d124736 Merge remote-tracking branch 'upstream/master' into gh7197 2025-12-24 17:05:04 -07:00
Daniel Pouzzner
a944575e4b wolfcrypt/src/random.c: fix clang-diagnostic-unreachable-code in wc_GenerateSeed(). 2025-12-24 17:48:37 -06:00
Daniel Pouzzner
019a420187 Merge pull request #9568 from kareem-wolfssl/zd20947 
Add a flag which allows requesting exactly SEED_SZ and using the full seed to instantiate the DRBG during RNG init.
 2025-12-24 17:03:26 -06:00
David Garske
18176392fa Merge pull request #9576 from douzzer/20251222-linuxkm-PK-initrng-optimize 
20251222-linuxkm-PK-initrng-optimize
 2025-12-23 15:02:53 -08:00
Kareem
06d8f69dac Separate new /dev/urandom opening logic into a new section in wc_GenerateSeed. 2025-12-23 14:52:52 -07:00
Kareem
cb81cc8ce6 Merge remote-tracking branch 'upstream/master' into gh7197 2025-12-23 14:43:57 -07:00
Daniel Pouzzner
b66f1b78a7 peer/Devin review: 
* in get_crypto_default_rng() (linuxkm/lkcapi_sha_glue.c), sanity check that crypto_default_rng isn't null;
* in wc_InitRsaKey_ex(), remove frivolous NULL/zero assignments (XMEMSET clears them implicitly);
* in wc_CheckRsaKey(), check ret from wc_InitRng() and short circuit return if failed.
 2025-12-23 13:05:40 -06:00
Daniel Pouzzner
cd88a8ae88 peer review -- add !WC_NO_RNG gates around WC_RNG changes in wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h. 2025-12-23 11:41:59 -06:00
David Garske
8f089cdcfe Merge pull request #9508 from SparkiDev/ppc32_sha256_asm_pic 
PPC32 SHA-256 ASM: support compiling for PIC
 2025-12-23 08:12:50 -08:00
Daniel Pouzzner
5030484bcf wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h: 
* add WC_DRBG_{NOT_INIT,OK,FAILED,CONT_FAILED} in public header file, and
* move setup for RNG_SECURITY_STRENGTH, ENTROPY_SCALE_FACTOR, SEED_BLOCK_SZ, SEED_SZ, MAX_SEED_SZ, and RNG_HEALTH_TEST_CHECK_SIZE from random.c to random.h, with public WC_DRBG_SEED_SZ and WC_DRBG_MAX_SEED_SZ.
 2025-12-22 22:58:29 -06:00
Daniel Pouzzner
b2ef89b2db wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h: make RsaKey.rng and wc_RsaSetRNG() available unconditionally, rather than only if WC_RSA_BLINDING, for use by wc_CheckRsaKey(). 2025-12-22 22:58:29 -06:00
Sean Parkinson
21c86682e0 MLDSA/Dilithium: fix 16-bit int issues 
Need to cast byte or number to ensure it is large enough to shift left
by required value.
 2025-12-23 09:51:38 +10:00
Sean Parkinson
59f84355a5 Merge pull request #9573 from night1rider/aes-free-callbacks 
Aes Free callback support
 2025-12-23 08:47:05 +10:00
Sean Parkinson
c8f2cc5b43 Merge pull request #9566 from dgarske/ca_skid_cert_akid 
Added build option to allow certificate CA matching using AKID with signers SKDI
 2025-12-23 08:40:14 +10:00
night1rider
afbc65a6c3 Aes Free callback support 2025-12-22 12:39:41 -07:00
Sean Parkinson
da06e1aeea Merge pull request #9558 from kareem-wolfssl/zd20944_2 
Move Curve25519 public key check to make_pub/make_pub_blind to cover the case where they are called directly by an application.
 2025-12-22 19:38:42 +10:00
Sean Parkinson
7a326ef43f Merge pull request #9553 from julek-wolfssl/ed25519-export-key-check 
ed25519: validate presence of keys in export functions
 2025-12-22 19:31:14 +10:00
JacobBarthelmeh
0a0c43054f Merge pull request #9564 from douzzer/20251219-fixes 
20251219-fixes
 2025-12-19 16:24:20 -07:00
Kareem
3e59b83727 Only keep /dev/urandom open, close /dev/random after each use. 
Improve logic for opening RNG seed FD.
 2025-12-19 15:57:49 -07:00
Kareem
fe105d4b48 Add a flag which allows requesting exactly SEED_SZ and using the full seed to instantiate the DRBG during RNG init. 
This flag can not be used with FIPS.
 2025-12-19 15:25:15 -07:00
David Garske
1cb2231ff5 Added build option to allow certificate CA matching using AKID with signers SKID ( WOLFSSL_ALLOW_AKID_SKID_MATCH). Fixed issue with cert->extAuthKeyIdSz not being set with ASN template code. 2025-12-19 14:14:39 -08:00
Daniel Pouzzner
d3f74557fe wolfcrypt/src/wolfentropy.c: add volatile attribute to entropy_memuse_initialized declaration; in wc_Entropy_Get(), if HAVE_FIPS, call Entropy_Init() if necessary, to accommodate FIPS KATs; in Entropy_Init(), add thread safety. 2025-12-19 15:45:17 -06:00
David Garske
1825bd86f5 Merge pull request #9550 from JacobBarthelmeh/caam 
sanity checks on buffer size with AES and CAAM Integrity use
 2025-12-19 11:03:40 -08:00
JacobBarthelmeh
8153ea6189 Merge pull request #9559 from cconlon/pkcs7SignedNonOctet 
Fix PKCS#7 SignedData parsing for non-OCTET_STRING content types
 2025-12-19 11:12:06 -07:00
Daniel Pouzzner
6f95a9c58e wolfcrypt/src/random.c: in _InitRng(), remove "drbg_instantiated" conditional cleanup logic (Coverity true-benign-positive: DEADCODE because drbg_instantiated is always false when ret != DRBG_SUCCESS). 2025-12-19 10:30:14 -06:00