Reda Chouk
f94eb68ea3
add missing checks in wolfSSL_d2i_SSL_SESSION
2026-02-06 17:00:42 +01:00
Daniel Pouzzner
25db90afe7
Merge pull request #9741 from kareem-wolfssl/variousFixes
...
Various fixes
2026-02-05 20:32:12 -06:00
Daniel Pouzzner
8e6ebdb8ac
Merge pull request #9723 from SparkiDev/ssl_split_cert
...
Split out code form ssl.c and pk.c
2026-02-05 18:21:36 -06:00
David Garske
c3ef6afcfd
Merge pull request #9743 from douzzer/20260205-fixes
...
20260205-fixes
2026-02-05 15:23:57 -08:00
Daniel Pouzzner
1d871879df
Merge pull request #9726 from Frauschi/pkcs11_pqc_prep
...
PKCS#11 PQC preparation work
2026-02-05 16:50:25 -06:00
Daniel Pouzzner
a6ee93c84c
Merge pull request #9739 from holtrop-wolfssl/rust-crate-fips-support
...
Rust wrapper: add FIPS support
2026-02-05 16:49:58 -06:00
Daniel Pouzzner
88edcf6c96
Merge pull request #9736 from embhorn/gh9731
...
Exclude Config.cmake.in in .gitignore
2026-02-05 16:49:35 -06:00
Daniel Pouzzner
da426d9c1d
Merge pull request #9725 from Frauschi/cmake
...
CMake fixes and improvements
2026-02-05 16:49:03 -06:00
Daniel Pouzzner
681d09fc3c
Merge pull request #9714 from philljj/bsdkm_crypto_accel
...
bsdkm: x86 crypto acceleration support.
2026-02-05 16:48:03 -06:00
Daniel Pouzzner
2a32e108d0
Merge pull request #9656 from jackctj117/PKCS7-signing
...
Add PKCS7 ECC raw sign callback support
2026-02-05 16:46:27 -06:00
Daniel Pouzzner
6d7cb87965
Merge pull request #9733 from SparkiDev/srtp_kdf_ctr_fix
...
SRTP-KDF: use two bytes of index
2026-02-05 16:21:38 -06:00
Paul Adelsbach
635832010e
Use WOLFSSL_STACK methods in new AIA functions
2026-02-05 11:54:26 -08:00
jackctj117
cfcd384c4c
Address copilot feedback
2026-02-05 12:12:16 -07:00
David Garske
6a4415911b
Merge pull request #9727 from miyazakh/tsip_rm_asn_original
...
Renesas RX72N : Remove WOLFSSL_ASN_ORIGINAL from user_settings.h
2026-02-05 08:42:59 -08:00
Daniel Pouzzner
0cc1dc29c4
src/x509.c: in x509_aia_append_string(), use heap pointer from supplied *head, and initialize WOLFSSL_STACK.type (fixes "Conditional jump or move depends on uninitialised value(s)" from 08c1397cc1);
...
wolfssl/wolfcrypt/asn.h: use WC_BITFIELD for extAuthInfoListSz and extAuthInfoListOverflow bitfields, for C89 compat (fixes -Wpedantic from 08c1397cc1 ).
2026-02-05 10:04:17 -06:00
David Garske
c7ed5ff179
Merge pull request #9740 from douzzer/20260204-linuxkm-with-global-replace-etc
...
20260204-linuxkm-with-global-replace-etc
2026-02-04 19:07:06 -08:00
Kareem
a429eb7191
Add prefix for SetLength/Sequence when WOLFSSL_API_PREFIX_MAP is defined.
2026-02-04 16:39:29 -07:00
Kareem
eae22ab37d
Send illegal_parameter alert rather than handshake_failure when the server tries to use a cipher suite that the client does not support. Fixes #9639 .
2026-02-04 15:44:16 -07:00
Kareem
1e770e1a0f
Send decode_error alert rather than illegal_parameter when receiving an empty/malformed keyshare extension. Fixes #9640 .
2026-02-04 15:40:30 -07:00
Kareem
4bb4648282
Ensure lru_count does not overflow.
2026-02-04 15:33:15 -07:00
Kareem
f94489b66d
Fix issues in documentation of wc_LoadStaticMemory's return code.
2026-02-04 15:25:03 -07:00
Kareem
59c14cdc6c
Allow setting SetLength and SetSequence to public APIs by adding them to ASN APIs.
2026-02-04 15:24:13 -07:00
Chris Conlon
3753f69a50
Merge pull request #9728 from padelsbach/aia-updates
...
Extend AIA interface
2026-02-04 15:11:02 -07:00
Daniel Pouzzner
5fca3786c6
.wolfssl_known_macro_extras: remove WC_SHA3_HARDEN (unneeded because --enable-faultharden defines it).
2026-02-04 14:30:31 -06:00
Daniel Pouzzner
0364a348b5
linuxkm/lkcapi_sha_glue.c and linuxkm/linuxkm_wc_port.h: when LINUXKM_DRBG_GET_RANDOM_BYTES, add "-with-global-replace" to the DRBG driver name, to advertise that /dev/[u]random and getrandom() are FIPS PRNGs; when NO_LINUXKM_DRBG_GET_RANDOM_BYTES, don't implicitly define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT.
2026-02-04 14:30:08 -06:00
Daniel Pouzzner
10d4b1dd92
wolfcrypt/src/aes.c: fix -Wunused-variable in wc_AesSetKey().
2026-02-04 14:14:57 -06:00
Daniel Pouzzner
017ac97de0
configure.ac: remove prohibition on ARM32 --enable-armasm with --enable-aesgcm-stream (current code in aes.c falls back to C gracefully in that case).
2026-02-04 14:12:51 -06:00
Josh Holtrop
f9cea09f5b
Rust wrapper: add FIPS support
2026-02-04 14:32:05 -05:00
Paul Adelsbach
08c1397cc1
Enable 8 combined OCSP and URLs instead of 1 of each
2026-02-04 11:04:46 -08:00
Hideki Miyazaki
c74a95c8d0
rm WOLFSSL_ASN_ORIGINAL from user_settings.h
...
- update signed ca cert (rsa/ecc)
- update compiler options for v3.06.00
2026-02-05 00:08:35 +09:00
Daniel Pouzzner
492ff386dc
Merge pull request #9658 from sameehj/aes-offload
...
cryptocb: add AES CryptoCB key import support and tests
2026-02-03 12:23:42 -06:00
Eric Blankenhorn
808896e82f
Exclude Config.cmake.in in .gitignore
2026-02-03 11:29:34 -06:00
Sameeh Jubran
425dc1372d
cryptocb: add AES CryptoCB key import support and tests
...
Add CryptoCB-based AES key import support to enable Secure Element
offload without exposing raw AES key material to wolfCrypt.
When WOLF_CRYPTO_CB_AES_SETKEY is defined, wolfCrypt invokes a CryptoCB
callback during AES key setup. Behavior is determined by the callback
return value:
- If callback returns 0: Key is imported to the device (aes->devCtx).
Key is NOT copied to wolfCrypt RAM; GCM H/M tables are NOT generated.
Full hardware offload is assumed.
- If callback returns CRYPTOCB_UNAVAILABLE: Device does not support
SetKey. Normal software path is used; key is copied to devKey for
optional encrypt/decrypt acceleration.
- Any other error: Propagated to the caller.
Key points:
- Add wc_CryptoCb_AesSetKey() callback for AES key import
- Update AES SetKey paths to call CryptoCB and branch on return value
- Skip GCM H/M table generation when callback succeeded (devCtx set)
- Preserve existing behavior when devId is INVALID_DEVID or
WOLF_CRYPTO_CB_AES_SETKEY is not defined
Testing:
- Add unit test for CryptoCB AES SetKey (verifies key isolation when
callback succeeds)
- Add end-to-end AES-GCM offload test (SetKey, Encrypt, Decrypt, Free
via CryptoCB)
- Tests use a mock SE with software AES to validate routing
Enable with: CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-02-03 16:59:02 +02:00
Sean Parkinson
b1d3529419
SRTP-KDF: use two bytes of index
...
One byte of index creates up to 4096 bytes for a key.
Increase output size to match specification.
2026-02-03 11:01:11 +10:00
jordan
8ae27c75e4
bsdkm: x86 crypto acceleration support.
2026-02-02 12:00:22 -06:00
Paul Adelsbach
aa020f39c4
Extend AIA interface
2026-02-02 08:48:40 -08:00
JacobBarthelmeh
c807903088
Merge pull request #9722 from SparkiDev/sha3-harden
...
SHA-3: harden against glitch attack
2026-02-02 09:21:35 -07:00
Tobias Frauenschläger
540b51eb28
CMake fixes and improvements
...
* Minor fixes to the CMakeLists.txt
* Add more options to the CMake infrastructure already present in the
autoconf infrastructure
* An autoconf build now also generates and installs files required to
consume the installed wolfssl library via CMake.
* Added test for autoconf-CMake interworking
Work is mostly done by Codex and Curser.
2026-02-02 10:26:58 +01:00
Sean Parkinson
5924524920
SHA-3: harden against glitch attack
...
Check loop counts to ensure glitching didn't change number of times loop
was performed.
2026-02-02 15:54:55 +10:00
Sean Parkinson
b56eeb91aa
Merge pull request #9730 from douzzer/20251126-linuxkm-full-reloc-support
...
20251126-linuxkm-full-reloc-support
2026-02-02 15:52:15 +10:00
Daniel Pouzzner
f2f9d5bbe7
src/internal.c: in SanityCheckMsgReceived(), gate "TLS 1.2 message order check: certificate before CKE" from 5b6f86bc8e on !WOLFSSL_NO_CLIENT_AUTH.
2026-01-30 22:38:44 -06:00
Daniel Pouzzner
64bdcce08d
linuxkm/linuxkm_wc_port.h: move implementation of wc_linuxkm_inet_pton() and definition of XINET_PTON() inside BUILDING_WOLFSSL guard.
2026-01-30 22:35:31 -06:00
Daniel Pouzzner
6123febd3f
src/ssl_sk.c, src/x509.c, wolfssl/ssl.h: tweaks and fixes to from #9705 : remove !WOLFSSL_LINUXKM gates, and fix nullPointerArithmeticRedundantCheck in ExtractHostFromUri().
2026-01-30 17:34:37 -06:00
Daniel Pouzzner
0b91a0e913
linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, linuxkm/Makefile: refactor wc_linuxkm_normalize_relocations() and associated types and objects:
...
* change wc_linuxkm_pie_reloc_tab from unsigned int[] to struct wc_linuxkm_pie_reloc_tab_ent[], with dest_segment and reloc_type members;
* add enum wc_reloc_dest_segment and enum wc_reloc_type;
* update GENERATE_RELOC_TAB recipe in Makefile to render the dest segment and reloc type;
* add struct reloc_layout_ent, and reloc_layouts[] fully populated for x86 and ARM relocations;
* refactor find_reloc_tab_offset() and wc_linuxkm_normalize_relocations() to reflect the above;
linuxkm/module_hooks.c: tweak various printf format characters and arguments for compatibility with ARM32;
linuxkm/linuxkm_wc_port.h: include linux/inet.h and define wc_linuxkm_inet_pton() and XINET_PTON(), unless WOLFCRYPT_ONLY.
2026-01-30 17:34:02 -06:00
Daniel Pouzzner
8719df2666
wolfcrypt/src/aes.c: in wc_AesGcmSetKey(), don't VECTOR_REGISTERS_POP() until after GCM_generate_m0_*().
2026-01-30 17:33:30 -06:00
Daniel Pouzzner
e48663248c
wolfssl/wolfcrypt/types.h: in setup for wc_static_assert, include assert.h if __STDC_VERSION__ or __cplusplus denotes presence, even if WOLFSSL_HAVE_ASSERT_H is unset.
2026-01-30 17:33:13 -06:00
Daniel Pouzzner
1feb7d247d
.github/workflows/linuxkm.yml: in first scenario, remove --disable-opensslextra (i.e. retain opensslextra implicit to --enable-all), remove -DWOLFSSL_LINUXKM_VERBOSE_DEBUG, and use --enable-all-asm rather than --enable-intelasm --disable-sp-asm; in second secnario, add -DDEBUG_LINUXKM_PIE_SUPPORT.
2026-01-30 17:32:55 -06:00
JacobBarthelmeh
ff28a114b3
Merge pull request #9724 from holtrop-wolfssl/rust-ecc-allow-empty-pub_buf_slice-on-import-private
...
Rust wrapper: ECC: Allow import_private_*() calls with empty pub_buf slice
2026-01-30 10:54:01 -07:00
JacobBarthelmeh
1dc177fdbe
Merge pull request #9718 from SparkiDev/tls12_msg_order_checks
...
TLS 1.2 message order check: certificate before CKE
2026-01-30 10:50:33 -07:00
JacobBarthelmeh
9ca379f3bb
Merge pull request #9719 from dgarske/usersettings_expand
...
Improve user_settings.h examples and add validation rules
2026-01-29 15:35:12 -07:00