0adb6eb788
Merge pull request #8748 from ColtonWilley/pkcs7_x509_store_update
...
Update PKCS7 to use X509 STORE for internal verification
2025-05-09 11:22:53 -07:00
b6f6d8ffda
linuxkm/lkcapi_glue.c: reorder registration of AES and SHA algs to put composite first and primitive last, to prevent kernel dynamic synthesis of the composites.
2025-05-09 12:12:15 -05:00
76fd5319d4
Remove redefinition of MlKemKey
...
Removes the redundant typedef of MlKemKey which will break builds on
pre-C11 compilers. KyberKey is defined as a macro for MlKemKey.
2025-05-09 10:42:15 -04:00
9d1bf83a43
Merge pull request #8736 from JacobBarthelmeh/build
...
adjust default build with curve25519
2025-05-09 20:24:53 +10:00
707505d31d
linuxkm/lkcapi_glue.c: in linuxkm_lkcapi_register(), register PKCS1 algs before direct_rsa, to prevent kernel from synthesizing conflicting PKCS1 implementations. for good measure, move raw DH after FFDHE too.
2025-05-09 00:40:30 -05:00
82cb83abee
Improvements for portability using older gcc 4.8.2 and customer parsing tools.
2025-05-08 17:02:27 -07:00
4f07f6a9c1
Merge pull request #8750 from anhu/crl_RefFree
...
Add missing call to wolfSSL_RefFree in FreeCRL
2025-05-09 08:24:10 +10:00
96c15b3a87
Merge pull request #8751 from douzzer/20250508-linuxkm-lkcapi-ECDH-never-fips_enabled
...
20250508-linuxkm-lkcapi-ECDH-never-fips_enabled
2025-05-08 14:59:48 -05:00
77c0f79cbe
adjust ech get length only case
2025-05-08 13:50:42 -06:00
9fb34d76c2
adjust size of temporary buffer
2025-05-08 13:50:42 -06:00
6f1fe2e4b9
add sanity check on des cbc decrypt, CID 512990
2025-05-08 13:50:02 -06:00
f96e493790
help static analyzer out, CID 516263
2025-05-08 13:50:02 -06:00
ea03decf60
fix for --group argument test, CID 516265
2025-05-08 13:50:02 -06:00
ae4a4236cc
fix for index value with curve25519
2025-05-08 13:42:02 -06:00
b3d330258f
linuxkm aes: cleanup.
2025-05-08 14:32:42 -05:00
0532df5ce1
configure.ac: further fixes+cleanups for curve25519/ed25519 feature setup. now recognizes =asm as an override optionally preventing implicit noasm (linuxkm), and fixes wrong -DHAVE_CURVE25519 added to flags in FIPS builds.
2025-05-08 12:20:05 -05:00
ac7326d272
linuxkm/lkcapi_glue.c: for LINUXKM_LKCAPI_REGISTER_ECDH, always clear fips_enabled (see comment for details).
2025-05-08 12:13:06 -05:00
42fb041890
Add missing call to wolfSSL_RefFree in FreeCRL
2025-05-08 13:11:37 -04:00
49f1725620
linuxkm aes: add debug msgs.
2025-05-08 11:47:20 -05:00
9e7a4f6518
Update PKCS7 to use X509 STORE for internal verification instead of underlying CM
2025-05-08 09:45:58 -07:00
7ff4ada692
Merge pull request #8746 from douzzer/20250507-ed25519-noasm
...
20250507-ed25519-noasm
2025-05-08 08:29:04 -07:00
e044ec45b7
.github/workflows/codespell.yml: in skip section, add full paths for new artifacts in examples/asn1/.
2025-05-08 00:41:35 -05:00
2e0ada9836
configure.ac: implement support for --enable-ed25519=noasm, and refactor and improve existing support for --enable-curve25519=noasm.
2025-05-07 23:59:58 -05:00
c2528d48d7
Fix liboqs builds.
2025-05-07 14:36:55 -07:00
18818415d9
Merge pull request #8744 from douzzer/20250507-fips-all
...
20250507-fips-all
2025-05-07 13:56:31 -07:00
3f9fe491cc
adjust C# test and set rng with hpke case
2025-05-07 14:33:15 -06:00
d3ce45fbfb
clean up Curve25519/Curve448 dependencies in FIPS builds:
...
configure.ac:
* in FIPS setup, fix sensing of ENABLED_CURVE25519 and ENABLED_CURVE448 to prevent noasm sneaking through, and allow fips=dev to enable them via override;
* enable-all enables ECH only if !FIPS;
* enable-all-crypto enables curve25519/curve448 only if !FIPS;
* QUIC implication of ENABLED_CURVE25519 is inhibited if FIPS;
tests/quic.c: add !HAVE_CURVE25519 paths in test_quic_key_share() to allow FIPS QUIC.
2025-05-07 14:34:35 -05:00
cdeac13c87
Merge pull request #8742 from gojimmypi/pr-espressif-p4-and-hkdf
...
Espressif HAVE_HKDF for wolfssl_test, explicit ESP32P4
2025-05-07 12:30:54 -07:00
72bff7d01e
Lint and overlong.
2025-05-07 12:06:11 -07:00
760178c7dc
Improvements to no malloc support in ConfirmSignature for async and non-blocking. Refactor DSA ASN.1 decode in ConfirmSignature. Cleanup indent in types.h. Move `struct CertSignCtx` to types.h. Move `WC_ENABLE_ASYM_KEY_IMPORT` and `WC_ENABLE_ASYM_KEY_EXPORT` to settings.h.
2025-05-07 12:06:09 -07:00
bc6b5598c5
Add NO_MALLOC support for wc_CheckCertSigPugKey
2025-05-07 12:04:38 -07:00
1e3718ea7b
Merge pull request #8655 from SparkiDev/asn1_oid_update
...
ASN.1 OIDs and sum: Change algorithm for sum
2025-05-07 11:43:54 -07:00
36d8298602
Merge pull request #8743 from douzzer/20250807-linuxkm-lkcapi-ecdh-fips-5v15
...
20250807-linuxkm-lkcapi-ecdh-fips-5v15
2025-05-07 12:47:03 -05:00
cbc4cba263
set rng when making a curve25519 key and cast type after shift
2025-05-07 11:45:55 -06:00
060d4d5ecc
linuxkm/lkcapi_glue.c: on FIPS kernels <5.15, suspend fips_enabled when registering ecdh-nist-p256 and ecdh-nist-p384 to work around wrong/missing attributes/items in kernel crypto manager.
2025-05-07 11:14:24 -05:00
eae4005884
Merge pull request #8717 from dgarske/renesas_rx_api
...
Make wc_tsip_* API's public
2025-05-07 09:29:05 -06:00
ed2c20a3b2
Espressif HAVE_HKDF for wolfssl_test, explicit ESP32P4
2025-05-07 16:38:05 +02:00
5e5f486a4c
Merge pull request #8732 from dgarske/stm32_hash_status
...
Fix for STM32 hash status check logic (also fix NO_AES_192 and NO_AES_256)
2025-05-07 20:56:18 +10:00
4b73e70515
Merge pull request #8706 from dgarske/win_crypt_rng
...
New build option to allow reuse of the windows crypt provider handle …
2025-05-07 20:55:07 +10:00
a69039b40d
Merge pull request #8740 from douzzer/20250506-linuxkm-lkcapi-default-priority-100000
...
20250506-linuxkm-lkcapi-default-priority-100000
2025-05-06 20:04:19 -05:00
112351667a
ASN.1 OIDs and sum: Change algorithm for sum
...
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.
Added bunch of OID names into asn1 example.
2025-05-07 08:32:08 +10:00
d100898e92
Merge pull request #8737 from julek-wolfssl/wc_HKDF_Expand_ex-fix
...
wc_HKDF_Expand_ex: correctly advance the index
2025-05-07 08:23:33 +10:00
8a3a5929b8
linuxkm/lkcapi_glue.c: change WOLFSSL_LINUXKM_LKCAPI_PRIORITY from INT_MAX to 100000 to avoid overflows in kernel calculation of priority on constructed algs.
2025-05-06 17:21:35 -05:00
6eb8dfb769
Merge pull request #8668 from gojimmypi/pr-arduino-print
...
Fix Arduino progmem print, AVR WOLFSSL_USER_IO
2025-05-06 14:51:12 -07:00
213c43b0fc
Merge pull request #8715 from padelsbach/ssl-certman-codesonar
...
Speculative fix for CodeSonar overflow issue in ssl_certman.c
2025-05-06 14:49:57 -07:00
1ee954a38c
Merge pull request #8738 from kaleb-himes/refine-module-boundary
...
Refine module boundary based on lab feedback [IG C.K.]
2025-05-06 14:42:57 -07:00
05a3557b2b
Merge pull request #8703 from lealem47/zd19592
...
Attempt wolfssl_read_bio_file in read_bio even when XFSEEK is available
2025-05-06 14:42:19 -07:00
d04ab3757e
New build option `WIN_REUSE_CRYPT_HANDLE` to allow reuse of the windows crypt provider handle. Seeding happens on any new RNG or after `WC_RESEED_INTERVAL`. If using threads make sure wolfSSL_Init() or wolfCrypt_Init() is called before spinning up threads. ZD 19754. Fixed minor implicit cast warnings in internal.c. Add missing `hpke.c` to wolfssl VS project.
2025-05-06 14:38:02 -07:00
602f4a7b05
Merge pull request #8739 from douzzer/20250506-fixes-and-test-coverage
...
20250506-fixes-and-test-coverage
2025-05-06 14:27:38 -07:00
982a7600c2
src/tls13.c: in DoTls13ServerHello() WOLFSSL_ASYNC_CRYPT path, fix -Wdeclaration-after-statement caused by fallthrough definition;
...
.github/workflows: update async.yml, multi-arch.yml, multi-compiler.yml, no-malloc.yml, opensslcoexist.yml, and os-check.yml, with -pedantic and related flags, and add --enable-riscv-asm to multi-arch.yml RISC-V scenario;
configure.ac: clarify error message for "SP ASM not available for CPU."
2025-05-06 14:49:32 -05:00
David Garske
Daniel Pouzzner
Alex Lanzano
Sean Parkinson
philljj
JacobBarthelmeh
Anthony Hu
Colton Willey
gojimmypi