Commit Graph

30358 Commits

Author SHA1 Message Date
Daniel Pouzzner cba69093cc wolfcrypt/src/port/riscv/riscv-64-aes.c: in GHASH(), remove runtime nullness check for arg 1 (matching nonnull attribute to arg 1 added to prototype in earlier commit). 2026-06-27 14:41:17 -05:00
Daniel Pouzzner 649197d159 replace several nonconformant uses of __FUNCTION__ with __func__ (linuxkm/linuxkm_memory.c, wolfcrypt/src/random.c, wolfcrypt/test/test.c, wolfssl/wolfcrypt/mem_track.h, wolfssl/wolfcrypt/memory.h, wolfssl/wolfcrypt/settings.h). 2026-06-27 14:37:35 -05:00
Daniel Pouzzner bf088dfc3c linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c: on kernel >= 7.2, remove indirect symbol support for strncpy and add backward-compat implementation wc_linuxkm_strncpy(). 2026-06-27 14:34:06 -05:00
Daniel Pouzzner 538262a5dc linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c: add linuxkm-pie support for CheckOcspResponder() (WOLFSSL_NO_OCSP_ISSUER_CHECK is no longer implied by KERNEL_MODE_DEFAULTS). 2026-06-27 14:30:57 -05:00
Daniel Pouzzner 948ba6ec10 * add hard compile-time assert in settings.h for FIPS v7+ asserting that WOLFSSL_MIN_AUTH_TAG_SZ meets SP 800-38D Rev 1 requirements. 2026-06-27 14:29:06 -05:00
Daniel Pouzzner 7545798248 clean up setup code for kernel modules:
configure.ac:
* remove -DWC_SHA3_NO_ASM from ENABLED_LINUXKM AM_CFLAGS.
* refactor initial setup for KERNEL_MODE_DEFAULTS, adding generic --enable-kernel-settings while retaining legacy --enable-linuxkm-defaults.
* rename $DEF_SP_MATH to $DEF_SP_MATH_ALL.
* remove redundant and unneeded setup for KERNEL_MODE_DEFAULTS and ENABLED_LINUXKM (leverage existing setup in settings.h).
* move some still-needed KERNEL_MODE_DEFAULTS and ENABLED_LINUXKM setup from configure.ac to settings.h.
* set up -DWOLFSSL_KERNEL_MODE_DEFAULTS, so that settings.h can pivot on it.

wolfssl/wolfcrypt/settings.h:
* revise WOLFSSL_LINUXKM section of settings.h to require WOLFSSL_MIN_AUTH_TAG_SZ at least 8 for old FIPS and 12 for new FIPS.  still force down to 4 bytes if crypto fuzzer is enabled, otherwise force down to 8 to support legacy IPsec ESP.
* in the WOLFSSL_LINUXKM section, don't set WC_MLKEM_NO_ASM, and disable DEBUG_VECTOR_REGISTER_ACCESS_FUZZING in ML-KEM, ML-DSA, and SLH-DSA -- intelasm works right, but fuzzing doesn't (yet).
2026-06-27 14:26:56 -05:00
Daniel Pouzzner 7a402566b6 wolfcrypt/src/sha3.c: refactor WC_C_DYNAMIC_FALLBACK using SAVE_VECTOR_REGISTERS2(). 2026-06-27 14:21:36 -05:00
Daniel Pouzzner 8b5b6af44e linuxkm/x86_vector_register_glue.c, linuxkm/linuxkm_wc_port.h, wolfssl/wolfcrypt/memory.h: add WC_SVR_FLAG_FUZZ, implement support for DEBUG_VECTOR_REGISTER_ACCESS_FUZZING directly in the save/restore implementations, and properly reflect existing save state there and in the _FUZZING variants of SAVE_VECTOR_REGISTERS2(). 2026-06-27 14:21:00 -05:00
Daniel Pouzzner 4d46e1eb74 wolfcrypt/test/test.c:
* in slhdsa_keygen_kat() and slhdsa_id_label_test(), pass devId to wc_SlhDsaKey_Init*()
* in cryptocb_test(), inhibit the callback verification check for SLHDSA if FIPS (no crypto callbacks in FIPS-wrapped calls).
2026-06-27 14:14:31 -05:00
Daniel Pouzzner 5ae99fb03b wolfcrypt/src/aes.c, wolfcrypt/src/port/, wolfssl/wolfcrypt/aes.h, wolfcrypt/src/pkcs7.c, wolfcrypt/test/test.c:
* implement wc_local_AesGcmCheckTagSz() with pedantic checks for valid authtag size.  SP 800-38D restrictions are now uniformly imposed, unless WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH is defined (not allow with FIPS).
* refactor tag size checks in wc_AesGcmEncrypt(), wc_AesGcmDecrypt(), wc_AesGcmEncryptFinal(), wc_AesGcmDecryptFinal(), and wc_PKCS7_DecodeAuthEnvelopedData().
* in test.c, update aesgcm_non12iv_test() to skip tag sizes expected to fail.
2026-06-27 14:12:34 -05:00
Daniel Pouzzner 6d21d600f6 in all FIPS-relevant C sources, add a "#define _WC_BUILDING_foo" first (where foo is a stylization of the filename), before including libwolfssl_sources.h, to allow future file-specific suppressions or other settings without altering FIPS sources. 2026-06-27 14:06:52 -05:00
Daniel Pouzzner 300f58db6e src/include.am: remove wolfcrypt/src/aes_x86_64_asm.S from AESNI source lists in FIPS v2/v5/v6 sections. 2026-06-27 14:04:12 -05:00
Daniel Pouzzner 479a685199 wolfcrypt/src/aes.c: fix performance regressions on GMAC and AES-CFB decrypt:
* add WC_VAES_MIN_BLOCKS, WC_VAES_ECB_MIN_BLOCKS, and WC_VAES_GCM_MIN_BLOCKS, and check against them before using AVX512/VAES implementations.
* in AesCfbDecrypt_C(), enlarge the tmp[] buffer and parameterize its size with newly added WC_AES_CFB_DEC_BUF_BLOCKS.
2026-06-27 14:03:42 -05:00
Daniel Pouzzner d4eaeb1b2e linuxkm/lkcapi_sha_glue.c: refactor error code handling in wc_linuxkm_drbg_generate() (followup to 3c9996efe0 in #10688). 2026-06-26 14:25:48 -05:00
Daniel Pouzzner c38f11b9a7 fixes for false positives on linuxkm CONFIG_FORTIFY_SOURCE builds on gcc-16:
linuxkm/linuxkm_memory.c: use packed-struct intermediates rather than memcpy()s for wc_get_unaligned() and wc_put_unaligned().

linuxkm/linuxkm_wc_port.h: on old FIPS, retrofit nonnull attribute to GHASH() arg 1, so that it unconditionally writes out the hash.

wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: in GHASH(), add nonnull attribute to arg 1, and remove runtime nullness check for arg 1 in the implementations.
2026-06-26 14:25:48 -05:00
David Garske 0cecccdf6e Merge pull request #10756 from SparkiDev/aes_asm_ymm_zmm
Intel x64 ASM: Add new assembly for AES
2026-06-25 21:41:17 -07:00
David Garske 39c0336cb1 Merge pull request #10728 from SparkiDev/intel_asm_fixup
Intel x86/x64 assembly fixes
2026-06-25 21:41:08 -07:00
David Garske 23bfe9b65e Merge pull request #10775 from SparkiDev/regression_fixes_26
Regression testing fixes: ARM/PP64 asm fixes, plus more
2026-06-25 14:47:08 -07:00
David Garske c3366597b3 Merge pull request #10707 from SparkiDev/mlkem_mldsa_unaligned
ML-KEM/ML-DSA: unaligned reads
2026-06-25 13:00:18 -07:00
David Garske 039e97df89 Merge pull request #10779 from lealem47/guard_rsa_modulus_test
Testing: Guard RSA OversizedModulus test result by FIPS version
2026-06-25 12:06:14 -07:00
twcook86 6ef3df248a Merge pull request #10598 from twcook86/hkdf_cryptocb_split
Create individual crypto callbacks for hkdf extract and hkdf expand
2026-06-25 14:58:15 -04:00
David Garske cee4b2bb47 Merge pull request #10713 from SparkiDev/curve25519_hibit_mask
X25519: standard requires masking of top bit
2026-06-25 10:34:49 -07:00
David Garske 70dad95573 Merge pull request #10776 from julek-wolfssl/fix-sha512-w-cache-free-type
sha512: free SHA-512/384 W cache with its allocated memory type
2026-06-25 09:29:47 -07:00
David Garske 10444189d4 Merge pull request #10771 from julek-wolfssl/socat-parallel-shards
socat CI: run the test suite as parallel shards via parallel-make-check.py
2026-06-25 08:00:59 -07:00
Lealem Amedie b707c00f80 Testing: Guard RSA OversizedModulus test result by FIPS version 2026-06-25 08:16:06 -06:00
Juliusz Sosinowicz 044a477378 parallel-make-check.py: only require bwrap for an actual netns run
netns needs bwrap; without it commands silently share the host network
namespace and parallel network tests collide on ports. Skip the check for
--list (it inspects configs, runs nothing), hard-fail on CI so a missing-
bubblewrap misconfig can't silently degrade, and locally just warn and fall
back to the shared namespace.
2026-06-25 13:05:35 +00:00
Juliusz Sosinowicz f2fa741bad socat CI: run the test suite as parallel netns shards
The socat suite is sleep-bound and slow run serially. Drive it through
parallel-make-check.py as ~6 shards per CPU, 2 running per CPU at once: each
shard runs a round-robin slice of the tests in its own bwrap network
namespace (so parallel shards don't collide on ports) and its own build-dir
copy. The work is almost all waiting, so the oversubscription just overlaps
the waits.

Install bubblewrap so the netns isolation actually happens (without it the
runner silently shares one namespace and the shards collide). Each fresh
netns is IPv4-loopback only, so re-create IPv6 loopback (CAP_NET_ADMIN) for
the ::1 / dual-stack tests, and add non-loopback placeholders (fc00::1,
192.0.2.1) so glibc's AI_ADDRCONFIG still returns both families - without
them socat's getaddrinfo fails on numeric non-loopback addresses, e.g. the
multicast tests. Relax the AppArmor unprivileged-userns restriction so the
bwrap netns + CAP_NET_ADMIN work on ubuntu-24.04.
2026-06-25 09:35:13 +00:00
Juliusz Sosinowicz c9d71d52f8 parallel-make-check.py: add generic pool extensions for arbitrary commands
Let any command ride the build/check pool, not just wolfSSL builds:
  build  false skips configure/make/check (config is just prepare+run)
  netns  true runs each command under 'bwrap --unshare-net --cap-add
         CAP_NET_ADMIN' (its own network namespace) so parallel network
         tests can't collide on ports and can configure that namespace
  shards fan a config out into N instances, each with $SHARD (1..N) and
         $SHARDS=N in its env and its own build-<name>-<k> dir, so a
         command can split its work N ways (the pool load-balances them)

Error out, rather than silently degrade, on two misconfigurations that
otherwise surface as confusing test failures: netns requested but bwrap
missing (commands would share the host namespace and collide on ports),
and config-name collisions after shard fan-out (two jobs would share a
build dir and race).
2026-06-25 09:35:13 +00:00
Sean Parkinson cb11e2ff28 Regression testing fixes: ARM/PP64 asm fixes, plus more
ARM64/ARM32/Thumb2:
  - Inline-asm use param names not registers.
  - Return value through first parameter and not first register
  - 32-bit values zero extended when loaded off stack
aes.c: Aligned-accedd GHASH for 32-bit CPUs.
test.c: #ifdef protection update.
sha3.h: make digest and block size constants defines for use in hash.h
sha512.h: internal Transform_Sha512* functions declared when only SHA-384.
sp_int.h: include WOLFSSL_SP_MATH_ALL in SP_INT_BITS selection
memory.c: fix printf format to be compatible with more platforms
2026-06-25 17:33:49 +10:00
Juliusz Sosinowicz dbd495dacb sha512: free SHA-512/384 W cache with its allocated memory type
With WOLFSSL_SMALL_STACK_CACHE, wc_Sha512Free and wc_Sha384Free freed the
cached W buffer as DYNAMIC_TYPE_TMP_BUFFER, but it is allocated as
DYNAMIC_TYPE_DIGEST in InitSha512_Family/InitSha384 and the Copy functions
(the in-Init error cleanup already frees it as DYNAMIC_TYPE_DIGEST).

The mismatch is flagged by the memusage test (DHE_RSA TLS1.2 reports
Errors: 2) and matters for type-bucketed static memory pools. SHA-256/224
already use DYNAMIC_TYPE_DIGEST consistently. Free W as DYNAMIC_TYPE_DIGEST.
2026-06-24 22:50:29 +00:00
JacobBarthelmeh ac01707f55 Merge pull request #10757 from philljj/release
prepare for release 5.9.2
2026-06-24 13:21:53 -06:00
jordan 0fe21bbcd5 prepare for release 5.9.2 2026-06-24 12:01:51 -05:00
philljj ad1cd4789b Merge pull request #10763 from douzzer/20260623-WC_16BIT_CPU-WC_ATOMIC_INT_ARG
20260623-WC_16BIT_CPU-WC_ATOMIC_INT_ARG
2026-06-23 17:51:11 -05:00
Daniel Pouzzner 18c2329167 wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: for 16 bit portability,
use target native int for WC_ATOMIC_INT_ARG, add user overrideability, and
  adjust WC_INIT_STATE_COUNT_BITS to depend on sizeof(WC_ATOMIC_UINT_ARG).  add
  a wc_static_assert to sanity-check WC_INIT_STATE_STATE_BITS, and use CHAR_BIT
  opportunistically in the other wc_static_assert to sanity check that CHAR_BIT
  is at least 8.
2026-06-23 11:24:51 -05:00
Sean Parkinson a342eba578 Intel x64 ASM: Add new assembly for AES
Support AES-XTS AVX512/VAES
Support AES-GCM AVX512/VAES
Support AES-ECB/CBC/CTR AVX512/VAES/AVX1/AES-NI.
Remove code from aes_asm.S/aes_asm.asm
Add CPU defines for AVX512 and VAES
Updated ASM files with new defines for AVX512.
Added support for printing out the new CPU Id flags in benchmark.
Added new files to Windows projects.
aes.c: Supports ECB/CBC/CTR in assembly. Supports calling AVX512/VAES assembly.
2026-06-23 20:54:59 +10:00
JacobBarthelmeh dd6da70d39 Merge pull request #10732 from douzzer/20260618-FORCE_FAILURE_RDSEED-fixes
20260618-FORCE_FAILURE_RDSEED-fixes
2026-06-18 15:30:54 -06:00
JacobBarthelmeh d379e833cf Merge pull request #10735 from douzzer/20260618-disable-errorstrings-test_wolfSSL_set_cipher_list_exclusions
20260618-disable-errorstrings-test_wolfSSL_set_cipher_list_exclusions
2026-06-18 14:23:17 -06:00
Daniel Pouzzner 0b20777315 tests/api.c: in test_wolfSSL_set_cipher_list_exclusions(), don't test IANA names if NO_ERROR_STRINGS. 2026-06-18 13:41:20 -05:00
Daniel Pouzzner 3876746500 Merge pull request #10726 from JacobBarthelmeh/test
add macro guard around new test case for specific builds
2026-06-18 13:01:27 -05:00
JacobBarthelmeh 8167d16b5f Merge pull request #10727 from SparkiDev/thumb2_x25519_fix
Thumb2 X25519: Fix to do full reduction
2026-06-18 11:43:42 -06:00
Daniel Pouzzner 296bfc8a83 wolfcrypt/src/random.c:
* in USE_WINDOWS_API wc_GenerateSeed(), recognize HAVE_AMD_RDSEED, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_LINUXKM wc_GenerateSeed(), initialize ret to RNG_FAILURE_E, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_BSDKM wc_GenerateSeed(), properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;
2026-06-18 11:53:44 -05:00
David Garske c2a8f77f38 Merge pull request #10731 from julek-wolfssl/ci-cache-save-on-master
CI: only save dependency caches on master, restore on PRs
2026-06-18 08:51:14 -07:00
David Garske 6fcf188aba Merge pull request #10700 from julek-wolfssl/parallel-make-check-annotation-link
.github: link parallel-make-check.py annotations to the workflow file
2026-06-18 08:48:52 -07:00
David Garske e95376c0a6 Merge pull request #10729 from julek-wolfssl/ci-deps-full-timeout
CI: harden ci-deps-image downloads against stalled mirror connections
2026-06-18 08:48:34 -07:00
Juliusz Sosinowicz 84d27741d5 CI: run PIC32MZ simulator test on ready_for_review
The draft guard skips the job on draft PRs, but the pull_request
trigger used the default types (no ready_for_review), so marking a
draft ready did not re-run the job and it stayed skipped. Add the
standard types, matching the other workflows, so it re-runs when the
PR becomes ready.
2026-06-18 14:21:35 +00:00
JacobBarthelmeh 1001428637 adjust test case macro guard for ALLOW_INVALID_CERTSIGN builds 2026-06-18 08:20:33 -06:00
Juliusz Sosinowicz 708837a599 CI: skip PIC32MZ simulator test on draft PRs
Add the same draft-PR guard the other workflows use so the job does
not run while a pull request is still a draft.
2026-06-18 13:04:41 +00:00
Juliusz Sosinowicz 3dd04c818c CI: hand off mbedtls/nss build via artifact on cache miss
With the cache save restricted to master, a cold-cache PR or release
run can no longer restore in the test job what the build job just built
(the per-PR cache scope is gone), so mbedtls/nss were compiled twice.

Upload the build as an artifact on a cache miss and download it in the
test job instead of recompiling, matching the handoff hostap-vm already
uses. master still restores from the shared cache, so it never uses the
artifact.
2026-06-18 12:53:57 +00:00
Juliusz Sosinowicz 058f506407 CI: factor threadx NetXDuo version into NETXDUO_REF env var
The v6.4.3_rel version was repeated in the cache path, cache key,
download URL and extract command. Define it once as a workflow-level
env var and reference it everywhere.
2026-06-18 12:30:24 +00:00
Juliusz Sosinowicz 6c211be5b9 CI: only save dependency caches on master, restore on PRs
GitHub Actions caches are branch-scoped: an entry written by a
pull_request run lives under refs/pull/<N>/merge and is invisible to
other PRs. The haproxy, mbedtls, nss, ntp, threadx and hostap-vm
workflows used combined actions/cache with fixed keys, so every PR
re-saved its own copy of the same dependency, yielding one duplicate
cache entry per PR.

Split each into actions/cache/restore (always) plus actions/cache/save
gated to refs/heads/master, and add a daily schedule so a master run
reseeds the single shared entry that all PRs restore. mbedtls/nss save
in their build job only; the test jobs restore-only.

Disable the setup-msys2 package cache: the action only toggles caching
on/off and cannot save on master while restoring on PRs.
2026-06-18 11:37:29 +00:00