Commit Graph

482 Commits

Author SHA1 Message Date
Daniel Pouzzner 649197d159 replace several nonconformant uses of __FUNCTION__ with __func__ (linuxkm/linuxkm_memory.c, wolfcrypt/src/random.c, wolfcrypt/test/test.c, wolfssl/wolfcrypt/mem_track.h, wolfssl/wolfcrypt/memory.h, wolfssl/wolfcrypt/settings.h). 2026-06-27 14:37:35 -05:00
Daniel Pouzzner bf088dfc3c linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c: on kernel >= 7.2, remove indirect symbol support for strncpy and add backward-compat implementation wc_linuxkm_strncpy(). 2026-06-27 14:34:06 -05:00
Daniel Pouzzner 538262a5dc linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c: add linuxkm-pie support for CheckOcspResponder() (WOLFSSL_NO_OCSP_ISSUER_CHECK is no longer implied by KERNEL_MODE_DEFAULTS). 2026-06-27 14:30:57 -05:00
Daniel Pouzzner 8b5b6af44e linuxkm/x86_vector_register_glue.c, linuxkm/linuxkm_wc_port.h, wolfssl/wolfcrypt/memory.h: add WC_SVR_FLAG_FUZZ, implement support for DEBUG_VECTOR_REGISTER_ACCESS_FUZZING directly in the save/restore implementations, and properly reflect existing save state there and in the _FUZZING variants of SAVE_VECTOR_REGISTERS2(). 2026-06-27 14:21:00 -05:00
Daniel Pouzzner d4eaeb1b2e linuxkm/lkcapi_sha_glue.c: refactor error code handling in wc_linuxkm_drbg_generate() (followup to 3c9996efe0 in #10688). 2026-06-26 14:25:48 -05:00
Daniel Pouzzner c38f11b9a7 fixes for false positives on linuxkm CONFIG_FORTIFY_SOURCE builds on gcc-16:
linuxkm/linuxkm_memory.c: use packed-struct intermediates rather than memcpy()s for wc_get_unaligned() and wc_put_unaligned().

linuxkm/linuxkm_wc_port.h: on old FIPS, retrofit nonnull attribute to GHASH() arg 1, so that it unconditionally writes out the hash.

wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: in GHASH(), add nonnull attribute to arg 1, and remove runtime nullness check for arg 1 in the implementations.
2026-06-26 14:25:48 -05:00
Sean Parkinson a342eba578 Intel x64 ASM: Add new assembly for AES
Support AES-XTS AVX512/VAES
Support AES-GCM AVX512/VAES
Support AES-ECB/CBC/CTR AVX512/VAES/AVX1/AES-NI.
Remove code from aes_asm.S/aes_asm.asm
Add CPU defines for AVX512 and VAES
Updated ASM files with new defines for AVX512.
Added support for printing out the new CPU Id flags in benchmark.
Added new files to Windows projects.
aes.c: Supports ECB/CBC/CTR in assembly. Supports calling AVX512/VAES assembly.
2026-06-23 20:54:59 +10:00
Daniel Pouzzner 296bfc8a83 wolfcrypt/src/random.c:
* in USE_WINDOWS_API wc_GenerateSeed(), recognize HAVE_AMD_RDSEED, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_LINUXKM wc_GenerateSeed(), initialize ret to RNG_FAILURE_E, and properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;

* in WOLFSSL_BSDKM wc_GenerateSeed(), properly enforce FORCE_FAILURE_RDSEED when CPU support is missing;
2026-06-18 11:53:44 -05:00
Daniel Pouzzner 5aad1447b6 fix F-1236: Copy-Paste Error in #endif Comment: AESCBC Instead of AESCFB Info Assigned
fix F-3291: Copy-paste error in linuxkm_test_aesgcm error message uses WOLFKM_AESCBC_DRIVER
fix F-1431: AES-GCM RFC4106 SetKey Uses memcpy Instead of XMEMCPY for Nonce Copy

(note, for F-1431, changed all relevant memset() and memcpy() calls in linuxkm/ to XMEMSET() and XMEMCPY() respectively.)
2026-06-15 12:28:23 -05:00
Daniel Pouzzner 3c9996efe0 fix F-5958: wc_linuxkm_drbg_generate returns untranslated wolfCrypt RNG_FAILURE_E on the slen>0 reseed-failure path 2026-06-15 12:28:23 -05:00
Daniel Pouzzner bd804c632c fix F-5957: atomic_t fallback of wc_lkm_refcount_to_int reads address of pointer parameter instead of the refcount 2026-06-15 12:28:23 -05:00
Daniel Pouzzner ea5e86d967 fix F-5956: Heap buffer overflow in DH/FFDHE shared-secret computation when peer public key is shorter than the modulus 2026-06-15 12:28:23 -05:00
Daniel Pouzzner 70e7bf5eab linuxkm/linuxkm_wc_port.h: fix entropy source setup for FIPS: use in-boundary wc_GenerateSeed() unless FIPS < 5.2.4 or explicit WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER / WC_LINUXKM_RDSEED_IN_GLUE_LAYER. 2026-06-13 10:48:02 -05:00
Daniel Pouzzner 4d77baff3b linuxkm/module_hooks.c: fix flub in IntelRDseed64_r() ForceZero() call;
linuxkm/lkcapi_aes_glue.c: fix typo in linuxkm_test_aesgcm() error message.
2026-06-12 19:24:32 -05:00
Daniel Pouzzner 1b22e4b502 fix F-4409: Integer Overflow in PKCS1 Sign Length Check Allows Heap Buffer Overflow 2026-06-12 18:14:55 -05:00
Daniel Pouzzner 8624bca5b5 fix F-3294: IntelRDseed64_r Stack Buffer Containing Entropy Cleared with Plain Assignment Instead of wc_ForceZero 2026-06-12 18:14:54 -05:00
Daniel Pouzzner 476cfd6c64 fix for F-3946: Missing ForceZero on Heap-Allocated HMAC State Buffer in km_hmac_init Error Path 2026-06-12 18:14:54 -05:00
Daniel Pouzzner d3279a825a fixes for
F-1433: AES CBC/CFB Self-Test Functions Silently Continue After enc2/dec2 Allocation Failure
F-1434: linuxkm_test_aesgcm Silently Returns Success on Kernel Crypto Allocation Failure
2026-06-12 18:14:54 -05:00
Daniel Pouzzner 503084629f fix F-1430: AES-GCM Non-Stream Path Returns -EINVAL Instead of Propagating skcipher_walk Error 2026-06-12 18:14:54 -05:00
Daniel Pouzzner ab69af541f fixes for
F-1428: Missing ForceZero on sg_buf Containing Decrypted Plaintext in AES-GCM Non-Stream Path
F-3293: AES-CCM Non-Contiguous SG Path Missing ForceZero on sg_buf Containing Decrypted Plaintext
2026-06-12 18:14:53 -05:00
Daniel Pouzzner c071c29eca fixes for Skoll-flagged linuxkm/ flubs in #10658:
in AesGcmCrypt_1() and AesCcmCrypt_1(), check for overflow on assoclen+cryptlen in both encrypt and decrypt modes;

in linuxkm_test_kpp_driver(), return MEMORY_E, not -ENOMEM;

in km_direct_rsa_dec(), only update req->dst_len for -EOVERFLOW, not for -EINVAL.
2026-06-12 18:14:53 -05:00
Daniel Pouzzner c84c44f62f fix F-1238: Integer Overflow in ECDSA Verify Allocation of sig_len + hash_len 2026-06-12 18:14:53 -05:00
Daniel Pouzzner 0272f0a506 fix F-709: AES-XTS Stream Finalize Returns Untranslated wolfCrypt Error Code to Kernel LKCAPI 2026-06-12 18:14:52 -05:00
Daniel Pouzzner 8110d567c8 fix F-708: DH km_dh_set_secret Missing Private Key Cleanup on Error Path 2026-06-12 18:14:52 -05:00
Daniel Pouzzner 591f52fb9b fix F-681: DH/FFDHE Init Error Paths Leak RNG Resource 2026-06-12 18:14:52 -05:00
Daniel Pouzzner ec4146a8e3 fix F-680: ECDH Init Error Paths Leak RNG Resource 2026-06-12 18:14:51 -05:00
Daniel Pouzzner cac0f231db fix F-679: HMAC Finup Memory Leak on Update Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 3057314f65 fix F-678: SHA3 Finup Memory Leak on Update Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 38c2477cbb fix F-677: SHA3 Init Memory Leak on wc_InitSha3 Failure 2026-06-12 18:14:51 -05:00
Daniel Pouzzner 85091c7d06 fix F-676: Missing ForceZero on RSA Decrypted Plaintext Buffer
also ForceZeros various other potentially sensitive allocations before freeing them, and uses unconditional free() per current libwolfssl best practice.
2026-06-12 18:14:50 -05:00
Daniel Pouzzner 1df8d453c9 fix F-3948: Missing KAT mismatch check in aes_xts_256_test partial block encrypt path 2026-06-12 18:14:50 -05:00
Daniel Pouzzner 21a57cf003 Fixes for Fenrir items:
F-1880: Unsigned word32 dec_len Silently Wraps Negative wc_RsaSSL_Verify Error Codes, Returning Wrong Errno on RSA Signature Verification Failure
F-1881: word32 sig_len Silently Wraps Negative wc_RsaSSL_Sign Error in Self-Test Functions, Bypassing <= 0 Guard
F-1882: word32 priv_len / pub_len Silently Wrap Negative wc_RsaKeyToDer / wc_RsaKeyToPublicDer Errors Across Three RSA Self-Test Functions
2026-06-12 18:14:50 -05:00
Daniel Pouzzner b3cb06e98a fix F-1426: PTR_ERR on malloc Results Always Yields 0 in AES-GCM Self-Test Error Messages 2026-06-12 18:14:50 -05:00
Daniel Pouzzner 8c1013ad52 fix F-1425: PTR_ERR on malloc Result Always Yields 0 in Error Message 2026-06-12 18:14:49 -05:00
Daniel Pouzzner 682a09d5a7 fix F-1424: Sysfs Node Resource Leak When Second Install Fails 2026-06-12 18:14:49 -05:00
Daniel Pouzzner f48efe5bfc fix F-705: Missing wc_RsaSetRNG in sig_alg km_pkcs1_set_pub After Key Re-Init 2026-06-12 18:14:49 -05:00
Daniel Pouzzner 9c1d9c164b fix F-673: Wrong sizeof Type in Allocation Failure Error Message 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 1c9abac6f5 fix F-672: Copy-Paste Duplicate: pkcs1_sha384 Unregistered Twice in Both RSA Paths 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 546ac0ac36 linuxkm/lkcapi_aes_glue.c: clean up pr_err()s on allocation failures. 2026-06-12 18:14:48 -05:00
Daniel Pouzzner 0097739dd8 fixes for F-3325:
wolfcrypt/src/aes.c: enforce AES-XTS K1!=K2 constraint in wc_AesXtsSetKeyNoInit() unless WC_AES_XTS_ALLOW_DUPLICATE_KEYS and !HAVE_FIPS:

tests/api/test_aes.c: add negative tests to test_wc_AesXtsSetKey() for K1==K2;

wolfcrypt/test/test.c: fix keys in aes_xts_128_inplace_test() and aes_xts_192_inplace_test() so that K1!=K2, update test vectors, and remove associated !HAVE_FIPS gating;

linuxkm/lkcapi_aes_glue.c: synchronize aes_xts_128_test() test of ciphertext stealing in-place with wolfcrypt/test/test.c.

wrapper/rust/wolfssl-wolfcrypt/src/aes.rs: synchronize XTS streaming test with wolfcrypt/test/test.c.

linuxkm/: refactor self-test sensing with version-gated setup in linuxkm_wc_port.h and refactored gates in lkcapi_glue.c.
2026-06-11 15:38:28 -05:00
Daniel Pouzzner 0f3d3bedb0 fix F-5334: AEAD decrypt accepts ciphertext shorter than authentication tag before unsigned length subtraction 2026-06-10 17:28:06 -05:00
Daniel Pouzzner e98a03b80e fix F=3524: Heap Buffer Overflow in km_direct_rsa_dec When req->dst_len < ctx->key_len 2026-06-10 17:28:06 -05:00
Daniel Pouzzner 1e888383bb fix F-3025: Missing buffer-length validation in km_ecdh_decode_secret enables out-of-bounds read 2026-06-10 17:28:06 -05:00
Daniel Pouzzner 9b723b9e11 fix F-3024: Missing buffer-length validation in km_dh_decode_secret enables out-of-bounds read 2026-06-10 17:28:05 -05:00
Daniel Pouzzner b4139b1a90 fix F-706: AES-CTR and AES-OFB Encrypt Leak Aes Context Containing Key Schedule on skcipher_walk_done Error 2026-06-10 17:28:05 -05:00
Daniel Pouzzner afc2137351 fix F-682: Incorrect tolower/toupper Macros Produce Wrong Results for Non-Alpha Characters 2026-06-10 17:28:05 -05:00
Daniel Pouzzner c9cc79f9ae cleanup inspired by false positive F-675: AES-CTR and AES-OFB Modes Bypass WC_C_DYNAMIC_FALLBACK Selection Logic 2026-06-10 17:28:05 -05:00
Daniel Pouzzner da1b7fe236 fixes for F-674: Non-Constant-Time memcmp in RSA PKCS#1 v1.5 Signature Verification 2026-06-10 17:28:05 -05:00
Daniel Pouzzner ad98438baa fixes for
F-5335: ECDH overflow paths do not report the required output length
F-5336: RSA PKCS#1 overflow paths do not report the required output length
2026-06-10 17:28:05 -05:00
Daniel Pouzzner 67c1d65ef7 fixes for
F-2554 Missing wc_ecc_free Before free in km_ecdh_init When wc_ecc_set_rng Fails
F-2555 Missing wc_FreeDhKey Before free in km_ffdhe_init When wc_DhSetNamedKey Fails
2026-06-10 17:28:05 -05:00