efd5405d0e
coverity: fix check_after_deref, assignment_where_comparison_intended, uninit vars, return values, etc.
2025-05-05 13:18:29 -05:00
baa7efa8af
Fix coverity uninit var warnings, add missing priv key ForceZero.
2025-05-05 13:14:39 -05:00
3acf3ef3c5
RISC-V 64-bit: fix raw hash when using crypto instructions
...
./configure CC=riscv64-linux-gnu-gcc --host=riscv64 --disable-shared LDFLAGS=--static --enable-riscv-asm=zvkned
Digest state is not always stored in a way that can be directly copied out.
2025-05-03 08:42:17 +10:00
4450167ab0
Merge pull request #8707 from philljj/register_dh
...
linuxkm: register dh and ffdhe.
2025-04-28 23:00:17 -05:00
f6f3b0a1ee
linuxkm: register dh and ffdhe.
2025-04-25 21:21:26 -05:00
3a1178f71c
Fix for STM32 Hash with NVIC (IRQ) enabled that can cause a DINIS interrupt that does not get cleared. If the HASH NVIC tab has Interrupts enabled it can cause an IRQ to be triggered that is not cleared. This is because the wolfSSL implementation of STM32 Hash does not call the HAL HASH API's and does not use interrupts yet. ZD 19778
2025-04-23 13:55:57 -07:00
c22505a71a
Merge pull request #8700 from embhorn/rel_fixes_cs
...
Fixes from CodeSonar report
2025-04-23 11:36:15 -06:00
5fe086b388
Skip PKCS8 header check in wc_CreatePKCS8Key with WOLFSSL_NO_ASN_STRICT
2025-04-22 16:58:04 -06:00
d4fc8c3791
linuxkm/: null out pointers with PTR_ERR()-encoded values before jumping to cleanup;
...
linuxkm/lkcapi_rsa_glue.c: in km_rsa_init(), implement error-path cleanup;
linuxkm/module_hooks.c: nix CONFIG_MODULE_SIG requirement in WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE builds;
wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM setup, define WOLFSSL_ASN_INT_LEAD_0_ANY if LINUXKM_LKCAPI_REGISTER (required for kernel 5.10 crypto manager);
wolfcrypt/src/memory.c: add WC_NO_ERR_TRACE() to mock error returns in SAVE_VECTOR_REGISTERS2_fuzzer().
2025-04-22 16:44:07 -05:00
66b9256f86
Fixes from CodeSonar report
2025-04-22 14:43:01 -05:00
25cd009a42
Merge pull request #8695 from JacobBarthelmeh/coverity
...
null derefernce sanity checks and control flow issue
2025-04-22 11:37:51 -05:00
9e5c064d5d
Merge pull request #8679 from kojiws/keep_header_on_pkcs12_parse
...
Add wc_PKCS12_parse_ex() to keep PKCS8 header
2025-04-19 01:57:21 -05:00
543ba268a4
Merge pull request #8558 from julek-wolfssl/openssh-9.9-fix
...
wolfSSL_EVP_PKEY_cmp: only compare the public keys
2025-04-19 01:51:49 -05:00
69a4607f84
null sanity check on arguments in wc_HpkeContextComputeNonce, CID 515543
2025-04-18 16:47:36 -06:00
8c0b931459
Merge pull request #8652 from kareem-wolfssl/zd19563_2
...
Add some FPKI test OIDs which are currently being used in DoD JITC certificates.
2025-04-18 14:04:29 -05:00
039ff1b460
Add wc_PKCS12_parse_ex()
2025-04-18 06:39:16 +09:00
645da33176
Fix unused function warning for wc_AesDecrypt when building with STM32.
...
This function is not needed for AES-CCM, as the AES-CCM decrypt function only calls wc_AesEncrypt.
2025-04-17 14:33:44 -07:00
038eab61d0
Add additional FPKI test OIDs.
2025-04-17 11:29:36 -07:00
00a6c3953c
Add some FPKI test OIDs which are currently being used in DoD JITC certificates.
2025-04-17 11:10:35 -07:00
5b3e19c1b6
Merge pull request #8686 from miyazakh/oid_collision
...
fix OID collision
2025-04-17 00:54:04 -05:00
90f30fd15e
Merge pull request #8623 from SparkiDev/lms_kid_from_privraw
...
LMS: add API to get Key ID from raw private key
2025-04-17 00:49:08 -05:00
404fafd598
Merge pull request #8677 from SparkiDev/regression_fixes_17
...
Regression test fixes
2025-04-16 20:20:28 -07:00
a66fb123b4
Merge pull request #8684 from SparkiDev/lms_max_levels_1
...
LMS: fix for when WOLFSSL_LMS_MAX_LEVELS is 1
2025-04-16 20:19:40 -07:00
a9e2146f06
Merge pull request #8675 from SparkiDev/entropy_memuse_fix
...
Entropy MemUse: fix for when block size less than update bits
2025-04-16 20:18:22 -07:00
62f7ff9ec2
fix OID collision
...
fix qt jenkins failure
2025-04-17 11:55:03 +09:00
62f28759d8
LMS: fix for when WOLFSSL_LMS_MAX_LEVELS is 1
2025-04-17 11:19:41 +10:00
a34284e0a2
Entropy MemUse: support for custom hi res time
...
Call the custom high resolution time function when
CUSTOM_ENTROPY_TIMEHIRES is defined with the function name.
2025-04-17 09:30:29 +10:00
290dbaa18e
wolfSSL_EVP_PKEY_cmp: only compare the public keys
2025-04-16 18:14:09 +02:00
3ac05dea09
Regression test fixes
...
dtls13.c: LowResTimer() not available when NO_ASN_TIME is defined.
api.c: Add certificate and key to use for when only Ed25519 or Ed448.
asn.c: Casts needed for g++ compile.
mem_track.c: Casts needed for g++ compile.
2025-04-16 21:46:48 +10:00
5e8d018ff7
Merge pull request #8659 from kojiws/improve_mldsa_priv_key_import
...
Improve ML-DSA private key import and the test
2025-04-16 18:21:00 +10:00
1646a4b274
Reflect review
2025-04-16 13:46:39 +09:00
b1aa11d42e
Entropy MemUse: fix for when block size less than update bits
...
When the block size is less than the number of update bits, adding the
update value will make the index larger than ENTROPY_NUM_WORDS.
The update bits, ENTROPY_NUM_UPDATES_BITS, should be less than or equal
to ENTROPY_BLOCK_SZ but is not practical.
Add extra elements to the entropy state to accomadate this.
2025-04-16 10:30:37 +10:00
6bf93c93d4
Merge pull request #8594 from julek-wolfssl/nss
...
Implement AES-CTS in wolfCrypt
2025-04-15 18:35:52 -05:00
fbc6190752
Merge pull request #8160 from kaleb-himes/OE8-CHECK-IN
...
OE8 check in
2025-04-15 18:13:44 -05:00
d9fd1072a2
Merge pull request #8672 from SparkiDev/asm_fixes_1
...
Various fixes for Aarch64/ARM32/Thumb2 ASM
2025-04-15 14:56:32 -06:00
cf1f8e14ff
Various fixes for Aarch64/ARM32/Thumb2 ASM
...
cpuid.c: hwcaps not used.
thumb2-*: ldm -> LDM
sp_arm32.c: No register assignment, fix sp_*_from_bin
sp_armthumb.c: fix sp_*_from_bin
sp_cotexm.c: fix line lengths, fix sp_*_from_bin
2025-04-15 17:00:06 +10:00
b000d7382f
Merge pull request #8671 from SparkiDev/poly1305_aarch64_asm_fix
...
Poly1305 Aarch64 ASM: fix
2025-04-14 22:36:39 -05:00
10f0999c21
Poly1305 Aarch64 ASM: fix
...
r^2 may overflow after adding high bits - reduce again.
2025-04-15 11:04:47 +10:00
2ec8e72579
CURVE25519_MAX_KEY_TO_DER_SZ: refactor to macro like other CURVE25519_ constants, and add FIPS clause in curve255519_der_test() to accommodate FIPS v6.
2025-04-14 18:29:22 -05:00
9106d1275f
Merge pull request #8651 from billphipps/fix_curve25519_enums
...
Update to expose reasonable DER buffer sizes for Curve25519
2025-04-15 08:34:12 +10:00
6b66149edb
Merge branch 'master' into OE8-CHECK-IN
2025-04-14 15:24:28 -06:00
e320b3c90d
fixup! Implement AES-CTS in wolfCrypt
2025-04-14 17:45:34 +02:00
b77bd78b5c
Merge pull request #8664 from douzzer/20250411-more-libwolfssl_sources_h-2
...
20250411-more-libwolfssl_sources_h-2
2025-04-14 07:38:02 -07:00
eca0318fe8
Rename to MAX_KEY_TO_DER_SZ, set to 130. Remove Curve448 changes.
2025-04-14 09:43:55 -04:00
1de73200ab
Remove unreachable test code
2025-04-13 09:45:08 +02:00
1252d69a9a
Remove trailing spaces
2025-04-12 17:09:36 +09:00
e7577bc2e9
wolfssl/wolfcrypt/libwolfssl_sources*.h: check if the other libwolfssl_sources*.h was included before concluding that "#error settings.h included before libwolfssl_sources.h.", and add WC_CONFIG_H_INCLUDED to inhibit multiple inclusions of config.h;
...
wolfcrypt/src/port/kcapi/kcapi_aes.c: restore #include <errno.h> removed incorrectly in ed5d8f8e6b;
wolfcrypt/src/port/liboqs/liboqs.c: include libwolfssl_sources.h;
wolfcrypt/src/port/riscv/*.c: include libwolfssl_sources.h;
wolfcrypt/test/test.c: fix use of WC_TEST_RET_ENC_I() where WC_TEST_RET_ENC_EC() was required.
2025-04-12 00:35:49 -05:00
770b6cb9e7
Fix too long lines
2025-04-12 10:58:13 +09:00
75501fd728
Merge pull request #8662 from douzzer/20250411-more-libwolfssl_sources_h
...
20250411-more-libwolfssl_sources_h
2025-04-11 13:39:06 -07:00
ed5d8f8e6b
update several files in wolfcrypt/src/port/arm to include libwolfssl_sources.h;
...
update wolfcrypt/src/port/af_alg, wolfcrypt/src/port/devcrypto, and wolfcrypt/src/port/kcapi to include libwolfssl_sources.h;
remove a slew of includes across lib sources made redundant by libwolfssl_sources.h.
2025-04-11 13:57:23 -05:00
fb4970b7e0
Fix debug logs (disabled in PR #8616 )
2025-04-11 11:19:24 -07:00
8ee7d381ec
Fix hash_test() memory leak in wolfcrypt/test/test.c ( #8506 )
...
* Fix hash_test() memory leak in wolfcrypt/test/test.c
* Escape HASH_TYPE_E comparisons
* Revised hash_test() in test.c
* Use ERROR_OUT and WC_NO_ERR_TRACE patterns, polish
* Remove placeholder init, no longer needed
* remove verbose hash_test() WOLFSSL_MSG and PRINT_HEAP_CHECKPOINT
2025-04-11 10:37:55 -07:00
704e97bca6
Merge pull request #8595 from dgarske/renesas_rx_tsip
...
Fixes for Renesas RX TSIP
2025-04-11 11:22:13 -06:00
11001c86f0
Merge pull request #8644 from lealem47/zd19343
...
CMSIS: Skip Mutex calls if OS isn't running
2025-04-11 09:58:10 -07:00
a3862f0e59
Improve ML-DSA private key import
2025-04-11 16:28:54 +09:00
e8656d0d22
Merge pull request #8616 from julek-wolfssl/zd/19589
...
openssl compat: Push/pop to/from the end of the list object
2025-04-10 16:02:23 -07:00
3919491a6a
Merge pull request #8589 from kareem-wolfssl/zd19572
...
Check if HWCAP_ASIMDRDM is defined.
2025-04-10 08:25:30 +10:00
e37dc29c1c
Fixed RX TSIP RSA key creation to populate the RsaKey public material.
...
Fixed issue with brace when using `WOLF_CRYPTO_CB_ONLY_RSA`.
Fixed mixed declaration in `wc_RsaFunction_ex`.
Fixed missing SetMyVersion with for RSA key gen with old ASN and no PKCS12.
Added gating on RSA 1024/2048 RX TSIP build macros.
2025-04-09 12:39:48 -07:00
7cbc71b024
Refactor *_push and *_pop compat API
2025-04-09 14:40:00 +02:00
75ca54889c
Implement AES-CTS in wolfCrypt
2025-04-09 12:11:08 +02:00
a2ca1fe31f
Merge pull request #8641 from gojimmypi/pr-espressif-examples-update
...
Espressif updates. Kconfig, WOLFSSL_VIS_FOR_TESTS, ESP32P4
2025-04-08 15:09:18 -07:00
a221b5108b
Merge pull request #8647 from douzzer/20250408-libwolfssl_sources_h-fixes
...
20250408-libwolfssl_sources_h-fixes
2025-04-08 15:05:11 -07:00
a1442cf3a1
Merge pull request #8643 from kaleb-himes/KH-SRTP-REVIEW-rev1
...
Explicit API redirects for FIPS moving forward
2025-04-09 07:08:52 +10:00
1750325c0b
Check if HWCAP_ASIMDRDM is defined, old hwcap.h headers do not define this.
2025-04-08 13:42:05 -07:00
c3dbe29f21
Update to expose reasonable DER buffer sizes for Curve448/25519
2025-04-08 15:17:54 -04:00
831ea90c6d
fix typo in arm-thumb2 include of libwolfssl_sources_asm.h.
2025-04-08 16:19:57 +00:00
17953d064f
CMSIS: Skip Mutex calls if OS isn't running
2025-04-08 10:36:22 -04:00
6d299ea943
Merge pull request #8634 from JacobBarthelmeh/pkcs7_stream
...
account for edge case with pkcs7 streaming
2025-04-07 16:01:14 -07:00
18ed67a27d
Merge pull request #8640 from douzzer/20250404-WOLFSSL_SOURCES_H
...
20250404-WOLFSSL_SOURCES_H
2025-04-07 12:47:53 -07:00
8c0ef0b1f5
Explicit API redirects for FIPS moving forward
2025-04-07 11:06:52 -06:00
0e27b3e8c8
Merge pull request #8613 from SparkiDev/lms_iana
...
LMS: change identifiers to match standard
2025-04-07 10:00:35 -07:00
40c52bd844
Espressif updates. Kconfig, WOLFSSL_VIS_FOR_TESTS, ESP32P4
2025-04-06 16:01:35 +02:00
3465dde0bb
synchronize with scripts#480 (except wolfcrypt/src/sp_arm32.c and wolfcrypt/src/sp_cortexm.c, which have large unrelated desyncs).
2025-04-04 21:41:29 -05:00
c401f5caf2
move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files.
2025-04-04 18:44:12 -05:00
217440c885
Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
...
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
sources to include them at the top.
wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
conditionally, config.h. settings.h and wc_port.h are unconditionally
included at the top of types.h.
wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.
Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
files.
Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
wolfssl/wolfcrypt/settings.h to allow coverage testing.
In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.
Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.
Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
for clarity.
2025-04-04 16:51:04 -05:00
04dce0e223
cast for conversion warning
2025-04-04 12:18:14 -06:00
8b0650d0fb
account for edge case with pkcs7 streaming
2025-04-04 12:18:14 -06:00
10a1126624
Merge pull request #8635 from SparkiDev/asm_thumb2_fix
...
AES Thumb2 ASM: fix td4 variable declarations
2025-04-04 11:13:50 -05:00
b7af89acdb
Merge pull request #8619 from SparkiDev/mlkem_bigendian
...
ML-KEM/Kyber: fix for big-endian
2025-04-04 09:39:40 -06:00
0e8d3ad3d9
AES Thumb2 ASM: fix td4 variable declarations
...
td4 is an array of bytes and the type was wrong.
2025-04-04 09:47:59 +10:00
4f87a8980f
ML-KEM/Kyber: fix for big-endian
...
Don't pull apart the nibbles when big-endian in reject uniform C code.
2025-04-04 09:04:05 +10:00
b5d999779d
wolfcrypt/src/port/arm/thumb2-aes-asm_c.c: fix a pair of -Wpointer-to-int-casts in AES_ECB_decrypt() and AES_CBC_decrypt().
2025-04-03 14:30:22 -05:00
87aa6ec977
wolfcrypt/src/wc_mlkem_poly.c: move mlkem_ntt_add_to() implementation to resolve gating inconsistency (fixes armasm on arm32).
2025-04-03 14:30:22 -05:00
5ecacfd8eb
Merge pull request #8577 from SparkiDev/x64-branch-32b
...
Intel x86_64, gcc, icc: put branches on 32 byte boundary
2025-04-03 10:53:46 -06:00
c29fba5b7e
Merge pull request #8614 from douzzer/20250317-linuxkm-lkcapi-aes-ctr-ofb-ecb
...
20250317-linuxkm-lkcapi-aes-ctr-ofb-ecb
2025-04-03 10:45:04 +10:00
13c73a9691
linuxkm/lkcapi_glue.c: add LINUXKM_LKCAPI_NEED_AES_COMMON_FUNCS and
...
LINUXKM_LKCAPI_NEED_AES_SKCIPHER_COMMON_FUNCS helper macros (peer review
suggestion).
wolfcrypt/src/aes.c: add lengthy comment in software wc_AesSetKeyLocal()
explaining the dynamics of aes->use_aesni (peer review suggestion), and in the
!haveAESNI && WC_C_DYNAMIC_FALLBACK case, return with immediate success rather
than following through to the redundant AesSetKey_C().
2025-04-02 17:30:19 -05:00
e0a74420f1
wolfcrypt/src/coding.c: restore support for BASE64_NO_TABLE builds.
2025-04-02 17:14:09 -05:00
c2b486ce53
fix some misindentation in wolfcrypt/src/coding.c.
...
force lower CMAKE_POLICY_VERSION_MINIMUM to try to work around obsolete cmake config syntax in several OSP workflows.
2025-04-02 17:08:20 -05:00
51c6848340
wolfcrypt/src/coding.c, wolfssl/wolfcrypt/coding.h, wolfcrypt/src/asn.c,
...
wolfcrypt/test/test.c: refactor Base64_Decode() with separate always-CT
Base64_Decode() and never-CT Base64_Decode_nonCT(), and use the latter only to
decode known-public PEM objects, otherwise use always-CT Base64_Decode().
2025-04-02 17:08:20 -05:00
8705d28d48
wolfcrypt/src/aes.c: in wc_AesSetKeyLocal(), rework support for WC_FLAG_DONT_USE_AESNI (fixes WC_C_DYNAMIC_FALLBACK).
...
wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, #ifdef LINUXKM_LKCAPI_REGISTER, #define WOLFSSL_TEST_SUBROUTINE to nothing, and #define WC_TEST_EXPORT_SUBTESTS.
linuxkm/lkcapi_glue.c:
* add check_skcipher_driver_masking() and check_aead_driver_masking(),
* use _masking() checks in all linuxkm_test_*().
* add !WOLFSSL_AESGCM_STREAM implementation of linuxkm_test_aesgcm().
* add implementations of linuxkm_test_aesctr(), linuxkm_test_aesofb(), and linuxkm_test_aesecb()
* remove incomplete+disabled AES-CCM shim implementation.
linuxkm/module_hooks.c: pull in wolfcrypt/test/test.h if LINUXKM_LKCAPI_REGISTER.
linuxkm/Makefile: build wolfcrypt/test/test.o if ENABLED_LINUXKM_LKCAPI_REGISTER.
Makefile.am: add ENABLED_LINUXKM_LKCAPI_REGISTER to exports in BUILD_LINUXKM section.
configure.ac: add AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]); in ENABLED_LINUXKM_DEFAULTS set up, remove `-DWOLFSSL_TEST_SUBROUTINE=static` from AM_CFLAGS adds; fix whitespace.
.wolfssl_known_macro_extras: add WC_WANT_FLAG_DONT_USE_AESNI.
wolfcrypt/test/test.c: add `|| defined(WC_TEST_EXPORT_SUBTESTS)` to outermost gate, add wc_test_ prefix to render_error_message() and export it,
wolfcrypt/test/test.h: add prototype for wc_test_render_error_message(), and #ifdef WC_TEST_EXPORT_SUBTESTS, add prototypes for all the subtests.
2025-04-02 17:00:48 -05:00
3c16722538
wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: add support for WC_FLAG_DONT_USE_AESNI in wc_AesSetKeyLocal(); add support for USE_INTEL_SPEEDUP_FOR_AES.
...
linuxkm/lkcapi_glue.c: finish implementation of WC_LINUXKM_C_FALLBACK_IN_SHIMS and add TEST_WC_LINUXKM_C_FALLBACK_IN_SHIMS.
use "WC_C_DYNAMIC_FALLBACK" consistently (remove/replace uses of "WC_AES_C_DYNAMIC_FALLBACK").
2025-04-02 17:00:48 -05:00
6d92dae632
configure.ac: add support for --enable-aesni-with-avx/USE_INTEL_SPEEDUP_FOR_AES (AESNI+AVX, but only for AES modes).
...
linuxkm/lkcapi_glue.c: implement WC_LINUXKM_C_FALLBACK_IN_SHIMS, km_AesGet(), and km_AesFree().
src/include.am: add missing gates for AES-GCM and AES-XTS asm.
wolfcrypt/src/aes_xts_asm.S and wolfssl/wolfcrypt/sp_int.h: don't redefine HAVE_INTEL_AVX2.
2025-04-02 17:00:48 -05:00
a3d0ffb1ed
Merge pull request #8622 from SparkiDev/kyber_improv_3
...
ML-KEM/Kyber: minor improvements
2025-04-02 09:56:32 -06:00
0a4599133c
Merge pull request #8599 from kareem-wolfssl/zd19563
...
Add support for DoD certificate policy OIDs.
2025-04-02 09:44:25 -06:00
fafc333e93
LMS: add API to get Key ID from raw private key
...
Always last 16 bytes of private key.
2025-04-02 16:05:11 +10:00
8a9e125756
ML-KEM/Kyber: minor improvements
...
Minor improvement to SHA-3 x64 code.
Minor improvement to performance of ML-KEM/Kyber x64 code.
Minor improvement to performance of C code.
2025-04-02 13:10:44 +10:00
83e1cfcf01
LMS: change identifiers to match standard
...
Use the identifiers from IANA for LMS.
2025-04-01 12:15:20 +10:00
c5dadd6f8d
Merge pull request #8600 from JacobBarthelmeh/microchip
...
random implementation does not require PIC32 build macro
2025-04-01 08:36:45 +10:00
8e9a986e0b
Add comment clarifying that DoD certificate policy OIDs are not currently being parsed in the code, they are just recognized as valid OIDs.
2025-03-31 14:37:19 -07:00
307d746653
Merge pull request #8590 from SparkiDev/arm32_no_assign_reg
...
ARM32/Thumb2 ASM: fix WOLFSSL_NO_VAR_ASSIGN_REG
2025-03-31 10:04:51 -06:00
b803a03ddd
Add support for ISRG domain validated certificate policy OID (used by Let's Encrypt). Fixes libspdm test failure.
2025-03-28 12:41:52 -07:00
a8384bb426
Merge pull request #8602 from dgarske/cryptocb_no_hmac
...
Fix for crypto callback macro guards with `DEBUG_CRYPTOCB`
2025-03-28 10:51:45 -06:00
04a3f1c206
Merge pull request #8604 from LinuxJedi/STM32MP2
...
Add instructions for STM32MP25 with OpenSTLinux
2025-03-28 09:37:13 -07:00
5d0c3f7c27
Add instructions for STM32MP25 with OpenSTLinux
2025-03-28 09:28:49 +00:00
e1ec90a886
Fix for crypto callback without HMAC and `DEBUG_CRYPTOCB`. Fix guards on crypto cb hashing.
2025-03-27 16:42:24 -07:00
d235013fe9
Fix for STM32 PKA with P521 and shared secret. ZD 19422
2025-03-27 15:30:37 -07:00
25dc3f08e9
random implementation does not require PIC32 build macro
2025-03-27 15:53:39 -06:00
f313edb4cf
Add a test certificate for all of the FPKI certificate policy OIDs.
2025-03-27 12:20:36 -07:00
eb3b4751ac
Handle collisions in FPKI cert policy OID sums.
2025-03-27 12:20:36 -07:00
ac2df1420b
Checked and corrected all OIDs and OID sums.
2025-03-27 12:20:36 -07:00
53f30b3c47
Add remaining FPKI cert policy OIDs.
...
Co-Authored-By: kareem@wolfssl.com <kareem@wolfssl.com>
2025-03-27 12:20:29 -07:00
6daaaec6e2
WIP: clean up Devin's work, remove duplicate OIDs, handle OID sum collisions
2025-03-27 12:20:28 -07:00
a911f70049
Add other federal PKI OIDs.
...
Co-Authored-By: kareem@wolfssl.com <kareem@wolfssl.com>
2025-03-27 12:20:02 -07:00
6910f80e3d
Add all DoD PKI cert policy OIDs.
...
Co-Authored-By: kareem@wolfssl.com <kareem@wolfssl.com>
2025-03-27 12:19:49 -07:00
21c0d7803a
Greenhills compiler: fix asm and volatile
...
Greenhills compiler doesn't accept volatile and __asm__ needs to be
__asm.
2025-03-27 10:54:19 +10:00
ea677dd30d
ARM32 inline ASM: make all vars input when not assigning regs
...
Compiler doesn't keep parameters in the same registers as passed if they
are output registers.
2025-03-27 10:51:01 +10:00
ddf7d5b6f1
Merge pull request #8584 from dgarske/stm32_aesgcm
...
Fixes for STM32H7S AES GCM. Cleanups for STM32 AES GCM.
2025-03-26 10:57:18 -05:00
cfab666369
ARM32/Thumb2 ASM: fix WOLFSSL_NO_VAR_ASSIGN_REG
...
Thumb2 needed constants defined even with no register assignments.
ARM32 needed support added fo rnot having registers assigned to
variables.
2025-03-26 12:46:32 +10:00
61cdcd71e6
Merge pull request #8588 from SparkiDev/mlkem_encapsulte_no_return
...
ML-KEM/Kyber: mlkem_encapsulate not to return a value
2025-03-25 00:14:41 -05:00
cfc774c152
Merge pull request #8581 from dgarske/no_ecc_check_public_order
...
Add option to disable ECC public key order checking
2025-03-25 09:13:56 +10:00
66662bc399
ML-KEM/Kyber: mlkem_encapsulate not to return a value
...
Don't return a value from mlkem_encapsulate() to ensure code is just the
maths.
2025-03-25 08:11:03 +10:00
8635014249
Fix to enable SHA384/SHA512 crypto hardware on STM32H7S.
2025-03-24 14:30:35 -07:00
a709b16ed2
Adding option for `NO_ECC_CHECK_PUBKEY_ORDER`. ZD 19422
2025-03-24 14:00:23 -07:00
3cad38a1ca
wolfcrypt/test/test.c: gate wc_CmacFree()s in cmac_test() on !HAVE_FIPS || FIPS_VERSION3_GE(6,0,0); fix some return codes in hash_test().
2025-03-22 17:19:37 -05:00
60ffde6d7c
wolfcrypt/test/test.c: fix error-path various uninitialized data uses and memory leaks.
2025-03-22 13:40:31 -05:00
190f46ef23
wolfcrypt/test/test.c: fix -Wdeclaration-after-statement in sm3_test().
2025-03-22 01:22:19 -05:00
1587f21938
fix a couple -Wdeclaration-after-statements.
2025-03-21 22:33:45 -05:00
777d42fabe
wolfcrypt/src/siphash.c: gate armasm on defined(WOLFSSL_ARMASM), not !defined(WOLFSSL_NO_ASM).
2025-03-21 21:12:41 -05:00
93c8d7df0d
Fixes for STM32H7S AES GCM. Cleanups for STM32 AES GCM.
2025-03-21 16:17:36 -07:00
1e89002762
fix various -Wdeclaration-after-statements, and add
...
-Wdeclaration-after-statement to .github/workflows/pq-all.yml.
rearrange code/gating in wolfcrypt/src/wc_mlkem.c:mlkemkey_encapsulate() for
clarity and to fix a -Wdeclaration-after-statement.
also, made mlkem_encapsulate_c() and mlkem_encapsulate() return error code
(currently always zero) rather than void, for consistency.
configure.ac: fix Kyber/ML-KEM option setup.
2025-03-21 15:46:44 -05:00
9a3ea6fd73
Merge pull request #8568 from embhorn/msvs_pqc_build
...
Fix MSVS build issues with PQC config
2025-03-21 12:41:19 -07:00
294e4c79a8
Merge pull request #8578 from philljj/coverity_unchecked_ret
...
Coverity unchecked return value
2025-03-21 10:05:29 -07:00
9258fde02f
Merge pull request #8570 from wolfSSL/devin/1742405136-cipherType-to-string
...
Add wolfSSL_EVP_CIPHER_type_string function and test
2025-03-21 10:04:41 -07:00
f663ed28b6
Fix MSVS build issues with PQC config
2025-03-21 11:49:55 -05:00
7c9ecd39fe
Merge pull request #8550 from lealem47/STM32WBA
...
Add support for STM32WBA
2025-03-21 09:58:17 -06:00
b9aeeac58b
Merge pull request #8576 from douzzer/20250319-FIPS-lean-aesgcm
...
20250319-FIPS-lean-aesgcm
2025-03-21 08:55:34 -07:00
8d0931df9d
coverity: check mp radix ret values.
2025-03-21 10:08:13 -04:00
15ac07c9ef
coverity: check correct ret value.
2025-03-21 09:25:28 -04:00
3a02ab286c
coverity: unchecked return value with mp_copy.
2025-03-21 08:59:31 -04:00
295ba3b416
Intel x86_64, gcc, icc: put branches on 32 byte boundary
...
Improved security with compile flag.
2025-03-21 17:50:31 +10:00
57ecd4b246
configure.ac: fix -DNO_BIG_INT setup to recognize $ENABLED_SP_MATH.
...
wolfcrypt/test/test.c: fix gating around modLen in rsa_test().
wolfssl/openssl/bn.h: remove superfluous WOLFSSL_SP_MATH gate around mp_int mpi
in struct WOLFSSL_BIGNUM definition.
wolfssl/wolfcrypt/wolfmath.h: add check for "Conflicting MPI settings.", add
initial check for WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_MATH to include sp_int.h,
and remove superfluous WOLFSSL_SP_MATH gate on "common math functions".
2025-03-20 22:18:22 -05:00
5f013c735e
Merge pull request #8575 from ColtonWilley/fix_cryptocb_rsa_pad_ret_len
...
Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD
2025-03-20 19:03:25 -07:00
b544354306
wolfssl/wolfcrypt/wolfmath.h: don't include an MPI header if NO_BIG_INT is
...
defined, and issue a #error if no MPI backend gate is defined and NO_BIG_INT
is not defined either.
configure.ac:
* add support for FIPS lean-aesgcm[-{ready,dev}].
* implement handler for --enable-sha256.
* move setup for WOLFSSL_FIPS_DEV and WOLFSSL_FIPS_READY into the applicable
per-flavor sections.
* fix sensing of $ENABLED_AESGCM in FIPS setup clauses to pivot on `!= "no"`
rather than `= "yes"`, to accommodate "4bit" and other non-"yes" values.
* fix SNI_DEFAULT to be "no" if $ENABLED_TLS = no.
* fix ENABLED_DHDEFAULTPARAMS default to be $ENABLED_DH rather than yes.
wc_encrypt.c: add missing gates in wc_CryptKey() for NO_SHA256.
wolfcrypt/test/test.c: gating fixes for NO_SHA256.
wolfcrypt/benchmark/benchmark.c: basic fixes for building/running with
--disable-rng (-DWC_NO_RNG).
With the above additions and fixes, it's now a clean build, test, and benchmark,
with --disable-sha256 --enable-cryptonly --disable-hashdrbg --disable-rng
--disable-hmac, though RSA/DH/ECC benches are disabled.
2025-03-20 20:03:34 -05:00
2cf4997d0f
Merge pull request #8565 from res0nance/correct-debug-info
...
random: correct debug messages
2025-03-20 17:04:47 -07:00
18268a5ea9
Merge pull request #8551 from kareem-wolfssl/zd19541
...
Change #pragma GCC macros in sp_int.c to PRAGMA_GCC macros to avoid calling them on unsupported toolchains.
2025-03-20 16:44:10 -07:00
7ba179f50f
Merge pull request #8560 from SparkiDev/test_api_c_split_1
...
Split out tests: random, wolfmath, public key
2025-03-20 16:42:41 -07:00
01910a60aa
Merge pull request #8542 from anhu/dual_alg_crit_ext
...
Allow critical alt and basic constraints extensions
2025-03-20 16:15:42 -07:00
4967738044
Delete dupe line
2025-03-20 17:41:14 -04:00
4290bfb9a6
Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD defined
2025-03-20 13:46:13 -07:00
2c36ae268f
Merge pull request #8536 from SparkiDev/kyber_to_mlkem
...
Update Kyber APIs to ML-KEM APIs
2025-03-20 11:07:53 -07:00
jordan
Sean Parkinson
Daniel Pouzzner
David Garske
JacobBarthelmeh
Lealem Amedie
Eric Blankenhorn
Koji Takeda
Kareem
Hideki Miyazaki
Juliusz Sosinowicz
Kaleb Himes
Bill Phipps
gojimmypi
Brett Nicholas
Andrew Hutchings
Devin AI
Chris Conlon
Anthony Hu
Colton Willey