wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, #ifdef LINUXKM_LKCAPI_REGISTER, #define WOLFSSL_TEST_SUBROUTINE to nothing, and #define WC_TEST_EXPORT_SUBTESTS.
linuxkm/lkcapi_glue.c:
* add check_skcipher_driver_masking() and check_aead_driver_masking(),
* use _masking() checks in all linuxkm_test_*().
* add !WOLFSSL_AESGCM_STREAM implementation of linuxkm_test_aesgcm().
* add implementations of linuxkm_test_aesctr(), linuxkm_test_aesofb(), and linuxkm_test_aesecb()
* remove incomplete+disabled AES-CCM shim implementation.
linuxkm/module_hooks.c: pull in wolfcrypt/test/test.h if LINUXKM_LKCAPI_REGISTER.
linuxkm/Makefile: build wolfcrypt/test/test.o if ENABLED_LINUXKM_LKCAPI_REGISTER.
Makefile.am: add ENABLED_LINUXKM_LKCAPI_REGISTER to exports in BUILD_LINUXKM section.
configure.ac: add AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]); in ENABLED_LINUXKM_DEFAULTS set up, remove `-DWOLFSSL_TEST_SUBROUTINE=static` from AM_CFLAGS adds; fix whitespace.
.wolfssl_known_macro_extras: add WC_WANT_FLAG_DONT_USE_AESNI.
wolfcrypt/test/test.c: add `|| defined(WC_TEST_EXPORT_SUBTESTS)` to outermost gate, add wc_test_ prefix to render_error_message() and export it,
wolfcrypt/test/test.h: add prototype for wc_test_render_error_message(), and #ifdef WC_TEST_EXPORT_SUBTESTS, add prototypes for all the subtests.
-Wdeclaration-after-statement to .github/workflows/pq-all.yml.
rearrange code/gating in wolfcrypt/src/wc_mlkem.c:mlkemkey_encapsulate() for
clarity and to fix a -Wdeclaration-after-statement.
also, made mlkem_encapsulate_c() and mlkem_encapsulate() return error code
(currently always zero) rather than void, for consistency.
configure.ac: fix Kyber/ML-KEM option setup.
wolfcrypt/test/test.c: fix gating around modLen in rsa_test().
wolfssl/openssl/bn.h: remove superfluous WOLFSSL_SP_MATH gate around mp_int mpi
in struct WOLFSSL_BIGNUM definition.
wolfssl/wolfcrypt/wolfmath.h: add check for "Conflicting MPI settings.", add
initial check for WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_MATH to include sp_int.h,
and remove superfluous WOLFSSL_SP_MATH gate on "common math functions".
the FIPS boundary, just set up appropriate defaults.
wolfssl/wolfcrypt/wolfmath.h: if legacy math back ends aren't defined, and
NO_BIG_INT isn't defined, then always include sp_int.h, for backward compat.
defined, and issue a #error if no MPI backend gate is defined and NO_BIG_INT
is not defined either.
configure.ac:
* add support for FIPS lean-aesgcm[-{ready,dev}].
* implement handler for --enable-sha256.
* move setup for WOLFSSL_FIPS_DEV and WOLFSSL_FIPS_READY into the applicable
per-flavor sections.
* fix sensing of $ENABLED_AESGCM in FIPS setup clauses to pivot on `!= "no"`
rather than `= "yes"`, to accommodate "4bit" and other non-"yes" values.
* fix SNI_DEFAULT to be "no" if $ENABLED_TLS = no.
* fix ENABLED_DHDEFAULTPARAMS default to be $ENABLED_DH rather than yes.
wc_encrypt.c: add missing gates in wc_CryptKey() for NO_SHA256.
wolfcrypt/test/test.c: gating fixes for NO_SHA256.
wolfcrypt/benchmark/benchmark.c: basic fixes for building/running with
--disable-rng (-DWC_NO_RNG).
With the above additions and fixes, it's now a clean build, test, and benchmark,
with --disable-sha256 --enable-cryptonly --disable-hashdrbg --disable-rng
--disable-hmac, though RSA/DH/ECC benches are disabled.
as readonly in the encrypt/decrypt handlers -- clone them before setting the IV
-- for thread safety. also, remove the "experimental" designation of
--enable-linuxkm-lkcapi-register=all.
* sense assert.h and define WOLFSSL_HAVE_ASSERT_H accordingly.
* force off enable_aesgcm_stream if 32 bit armasm or riscv-asm (not yet implemented or buildable).
* add AM_CONDITIONAL([BUILD_CHACHA_NOASM, ...]) when --enable-chacha=noasm.
src/include.am: gate armasm/riscv_asm chacha files on !BUILD_CHACHA_NOASM.
tests/api.c: add missing HAVE_CHACHA&&HAVE_POLY1305 gate around test_TLSX_CA_NAMES_bad_extension().
wolfcrypt/src/chacha.c: tweak WOLFSSL_ARMASM and WOLFSSL_RISCV_ASM codepaths to also depend on !NO_CHACHA_ASM.
wolfssl/wolfcrypt/types.h: in setup for wc_static_assert(), #include <assert.h> if WOLFSSL_HAVE_ASSERT_H, >=C11, or >=C++11.
WOLFSSL_DEBUG_TRACE_ERROR_CODES support for EINVAL/ENOMEM/EBADMSG;
configure.ac: remove ENABLED_EXPERIMENTAL requirement for
--enable-linuxkm-lkcapi-register=cfb(aes);
linuxkm/module_hooks.c: omit "skipping full wolfcrypt_test" message if
wc_RunAllCast_fips() was run.
this now works, and uses armasm-accelerated _AesEcb{En,De}crypt() via
_AesXtsHelper(). also, add -DNO_CRYPT_TEST to CFLAGS in builds with
$ENABLED_CRYPT_TESTS = no.
configure.ac: add a "Conflicting asm settings" error check at end, since our configuration currently blows up if --enable-intelasm and --disable-asm are combined.
self-test and crypto fuzzer), and de-experimentalize it.
wolfssl/wolfcrypt/types.h: add definitions for WOLFSSL_WORD_SIZE_LOG2.
wolfcrypt/src/misc.c: fix xorbuf() to make the XorWords() reachable; also,
refactor integer division and modulus ops as masks and shifts, and add pragma
to suppress linuxkm FORTIFY_SOURCE false positive -Wmaybe-uninitialized.
Adding -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT flag to the default
compilation flags when --enable-jni is used.
Related PRs in other repositories:
- wolfSSL/wolfssljni#255
- wolfSSL/testing#845
ML-KEM/Kyber:
MakeKey call generate random once only for all data.
Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
Fix InvNTT assembly code for x64 - more reductions.
Split out ML-KEM/Kyber tests from api.c.
TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.
misc.c: when Intel x64 build, assume able to read/write unaligned
Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
The SE050 port won't compile in the latest wolfSSL. This patch:
* Updates the documentation
* Fixes a missing `#ifdef` that breaks the build
* Changes the use of `mp_int` to `MATH_INT_T`
* Fixes compiler error with `ecc.c`
* Adds a tiny bit of extra debugging info
jordan
JacobBarthelmeh
Daniel Pouzzner
Sean Parkinson
David Garske
Lealem Amedie
Kareem
Brett Nicholas
Reda Chouk
Chris Conlon
Marco Oliverio
Andrew Hutchings
Anthony Hu
Juliusz Sosinowicz