88fdfdd52d
Change #pragma GCC macros in sp_int.c to PRAGMA_GCC macros to avoid calling them on unsupported toolchains.
2025-03-12 12:12:24 -07:00
d2fc77ae93
wolfcrypt/test/test.c: add missing PRIVATE_KEY_UNLOCK()s around pkcs7enveloped_test() and pkcs7authenveloped_test() exposed by "--enable-fips=ready --enable-pkcs7 --disable-harden".
2025-03-11 17:10:54 -05:00
96b8d72c4f
Add support for STM32WBA
2025-03-11 15:16:26 -06:00
2de3d46971
wolfcrypt/test/test.c: in cryptocb_test(), fix error code from
...
wc_CryptoCb_RegisterDevice(), and call wc_CryptoCb_UnRegisterDevice() at
cleanup.
2025-03-11 14:51:25 -05:00
8ff08740f8
Merge branch 'master' into ech-hello-retry
2025-03-10 03:37:27 -04:00
a7690ca24b
ML-KEM/Kyber: finish name change
2025-03-10 08:37:14 +10:00
e7ef3ab606
Digest tests: add more tests
...
Add testing of MD2 and Md4.
Add more tests of functions in hash.c.
Reformat data to match what is output by PRINT_DATA macro.
2025-03-10 08:13:06 +10:00
66376bed28
wolfcrypt/src/misc.c: in xorbufout() and xorbuf(), call XorWords() directly via a simplified path if all args are already aligned to WOLFSSL_WORD_SIZE (fixes performance regression from dc2e2631bc).
...
configure.ac: add a "Conflicting asm settings" error check at end, since our configuration currently blows up if --enable-intelasm and --disable-asm are combined.
2025-03-07 19:52:26 -06:00
c3f24568ff
Merge pull request #8520 from JacobBarthelmeh/pkcs7_verify_stream
...
PKCS7 verify and decode indefinite length support
2025-03-07 18:47:30 -06:00
09ffdeb897
fix for different reported conversion warnings
2025-03-07 11:52:01 -07:00
f8506c3e04
Allow critical alt and basic constraints extensions
...
Also properly track pathlen.
2025-03-07 13:06:06 -05:00
53fa4ffbaf
conversion warning fixes
2025-03-07 11:03:12 -07:00
932513a41e
fixes for various -W*conversions in sp_int.c, asn.c, fe_operations.c, fe_448.c, ge_448.c. also, add support for NO_INT128, and add .github/workflows/wolfCrypt-Wconversion.yml.
2025-03-06 16:08:38 -06:00
acc096c2ea
Merge pull request #8533 from dgarske/eccnb
...
Fixes for ECC non-blocking tests
2025-03-06 11:08:43 -07:00
8e98a41401
fix for build with NO_PKCS7_STREAM
2025-03-06 10:43:02 -07:00
547519265a
Merge pull request #8534 from douzzer/20250305-linuxkm-LKCAPI-AES-CBC-fixes
...
20250305-linuxkm-LKCAPI-AES-CBC-fixes
2025-03-06 08:44:05 -08:00
b039e055df
clang-tidy warning of garbage value used
2025-03-05 17:19:53 -07:00
1bd3bf1b66
Merge pull request #8531 from night1rider/zephyr-fs-rewind-fix
...
Fix for missing rewind function in zephyr
2025-03-05 16:04:36 -08:00
dfc6a52db5
Fixes for ECC non-blocking tests. Added example user_settings.h build test. Demonstrate ECC 256, 384 and 521 bit.
2025-03-05 15:58:51 -08:00
d82a7b10c5
wolfcrypt/src/evp.c: fix a name conflict around "cipherType" that provokes -Wshadow on gcc pre-4v8.
2025-03-05 17:56:08 -06:00
dc2e2631bc
linuxkm: various fixes for LKCAPI wrapper for AES-CBC (now passing kernel-native
...
self-test and crypto fuzzer), and de-experimentalize it.
wolfssl/wolfcrypt/types.h: add definitions for WOLFSSL_WORD_SIZE_LOG2.
wolfcrypt/src/misc.c: fix xorbuf() to make the XorWords() reachable; also,
refactor integer division and modulus ops as masks and shifts, and add pragma
to suppress linuxkm FORTIFY_SOURCE false positive -Wmaybe-uninitialized.
2025-03-05 17:56:08 -06:00
624233fb98
update test case to account for NO_DES3 build and resolve clang tidy warnings
2025-03-05 16:28:26 -07:00
c1215aa93b
Fix wc_MlKemKey_Free to return int instead of void
...
Co-Authored-By: sean@wolfssl.com <sean@wolfssl.com>
2025-03-05 22:42:19 +00:00
f4b770c5ab
Update Kyber APIs to ML-KEM APIs
...
- Change struct KyberKey to struct MlKemKey
- Add backward compatibility typedef for KyberKey
- Add function declarations for new wc_MlKemKey_ functions
- Add backward compatibility #defines to map old wc_KyberKey APIs to new wc_MlKemKey APIs
- Update wc_MlKemKey_Init to take key first and type second
- Create new files wc_mlkem.h and wc_mlkem.c with updated content
- Update internal APIs with lowercase kyberkey to lowercase mlkemkey
Co-Authored-By: sean@wolfssl.com <sean@wolfssl.com>
2025-03-05 22:38:07 +00:00
68e483d196
refactor of decode envelop for edge cases
2025-03-05 15:24:02 -07:00
9fc7e42554
Merge pull request #8507 from SparkiDev/ct_fixes_3
...
Constant time code: improved implementations
2025-03-05 15:17:23 -06:00
7ea89a62ba
Fix for missing rewind function in zephyr
2025-03-05 12:49:58 -07:00
a073868cf0
Merge pull request #8527 from SparkiDev/sp_int_asm_fixes_1
...
SP int: inline asm improvements and mont reduce simplifications
2025-03-04 14:45:16 -08:00
b75976692e
spelling fix and code formatting
2025-03-04 14:31:23 -07:00
4124c824ca
refactor decrypt content init call
2025-03-04 09:29:36 -07:00
caf801f211
SP int: inline asm improvements and mont reduce simplifications
...
SP int inline asm:
- allow input variables to be either registers or memory for Intel
x86/x64 (minor performance improvement)
- don't have memory in clobber list if output variables are registers
- remove empty clobber line in arm32/thumb2 code for old versions of
gcc
_sp_mont_red():
- simplify the code by not using extra variables
- don't add to j in for loop check.
2025-03-04 16:16:26 +10:00
9b16ed5da4
Merge pull request #8518 from lealem47/evp_update_null_cipher
...
Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate
2025-03-03 14:03:57 -08:00
2b099daee0
Merge pull request #8511 from SparkiDev/intel_sha_not_avx1
...
SHA256: Intel flags has SHA but not AVX1 or AVX2
2025-03-03 13:59:10 -08:00
fcf88f16e6
spelling fixes and free decrypt structs on error case
2025-03-01 15:43:59 -07:00
b781ac6c29
asn to der macro gaurds and co-exist build fix
2025-02-28 15:42:24 -07:00
6020bf2368
initialize test variables and fix async build
2025-02-28 14:46:42 -07:00
ea9f044bcc
spelling fixes and return value fix
2025-02-28 14:34:51 -07:00
50a3be6df7
wolfcrypt/src/sp_int.c. src/ssl_asn1.c. src/internal.c: rename several declarations to avoid shadowing global functions, for the convenience of obsolete (pre-4v8) gcc -Wshadow.
2025-02-28 15:29:58 -06:00
638d9961d2
passing the rest of the PKCS7 unit tests
2025-02-28 14:23:24 -07:00
7c6cd1deea
passing a unit test
2025-02-28 14:23:24 -07:00
1e254c014d
application decryption successful
2025-02-28 14:23:24 -07:00
b1b1c15b35
add content stream output callback for VerifySignedData function
2025-02-28 14:23:24 -07:00
22221e5007
Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate
2025-02-28 11:44:30 -07:00
4f8a39cbcf
Merge pull request #8498 from rizlik/ocsp_fixes
...
OCSP openssl compat fixes
2025-02-28 13:42:50 +10:00
f7ddc49487
linuxkm/linuxkm_wc_port.h: add #error if the user tries to use the kernel crypto fuzzer with FIPS AES-XTS (kernel bug).
...
src/internal.c: fix shiftTooManyBitsSigned in DefTicketEncCb().
tests/api/test_sha256.c and wolfssl/wolfcrypt/sha256.h: gate raw transform APIs (wc_Sha256Transform(), wc_Sha256FinalRaw()) and tests on !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH).
move enum wc_HashFlags from wolfssl/wolfcrypt/hash.h to wolfssl/wolfcrypt/types.h to resolve circular dependency detected by cross-armv7m-armasm-thumb-fips-140-3-dev-sp-asm-all-crypto-only.
add FIPS_VERSION_GE(7,0) gates to new null-arg tests in test_wc_Shake{128,256}_*().
optimize ByteReverseWords() for cases where only one operand is unaligned, and add correct handling of unaligned data in ByteReverseWords64() to resolve unaligned access sanitizer report in cross-aarch64_be-all-sp-asm-unittest-sanitizer.
2025-02-26 20:55:56 -06:00
0a6a8516f9
Merge pull request #8488 from dgarske/stm32h7s
...
Support for STM32H7S (tested on NUCLEO-H7S3L8)
2025-02-27 10:34:41 +10:00
a0d6afbb04
Merge pull request #8505 from jmalak/ow-fixes
...
various fixes for Open Watcom build
2025-02-27 10:31:19 +10:00
183d9b44d1
Merge pull request #8509 from kaleb-himes/WCv6.0.0-RC4-CHECKIN
...
Disable XTS-384 as an allowed use in FIPS mode
2025-02-26 18:24:12 -06:00
99f25c6399
Merge pull request #8494 from Laboratory-for-Safe-and-Secure-Systems/various
...
Various fixes and improvements
2025-02-27 09:40:06 +10:00
b104887042
SHA256: Intel flags has SHA but not AVX1 or AVX2
...
Reversal of bytes when IS_INTEL_SHA only is same as when AVX1 or AVX2.
2025-02-27 09:25:13 +10:00
92ed003a58
Merge pull request #8502 from SparkiDev/pkcs_pad
...
PKCS Pad: public API to do PKCS padding
2025-02-26 15:17:50 -08:00
f204ac8363
PKCS Pad: public API to do PKCS padding
...
PKCS padding adds length of padding as repeated padding byte.
Use the new function in all places.
2025-02-27 08:28:53 +10:00
557abcf76a
Support for STM32H7S (tested on NUCLEO-H7S3L8). It supports hardware crypto for RNG, Hash, AES and PKA. Added future config option for DTLS v1.3. Support DTLS v1.3 only reduce code size (tested with: `./configure --enable-dtls13 --enable-dtls --disable-tlsv12 CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE"`).
2025-02-26 14:00:48 -08:00
738462a6f0
Remove redundent gates
2025-02-26 12:03:25 -07:00
b8a383469a
Disable 192-bit tests in FIPS mode
2025-02-26 11:09:31 -07:00
9063093993
Disable XTS-384 as an allowed use in FIPS mode
2025-02-26 07:38:45 -07:00
3d4ec1464b
Minor Dilithium fix
...
Fix compilation in case caching is enabled.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
af4017132d
LMS fixes
...
* Add support for CMake
* Add support for Zephyr
* Make sure the internal key state is properly handled in case a public
key is imported into a reloaded private key.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
9db5499dbd
Update CryptoCb API for Dilithium final standard
...
Add context and preHash metadata.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
be6888c589
Fixes for Dilithium in TLS handshake
...
Some fixes to better handle Dilithium keys and signatures in the TLS
handshake.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
17a0081261
correct line length to be shorter then 80 characters
2025-02-26 08:02:43 +01:00
9e9efeda28
ARM ASM: available for SHA-384 only too
...
Add HAVE_SHA384 to check for whether assembly code is available.
2025-02-26 16:10:21 +10:00
4752bd2125
Constant time code: improved implementations
...
Change constant time code to be faster.
2025-02-26 11:52:09 +10:00
ddfbbc68ac
various fixes for Open Watcom build
...
- fix build for OS/2
- fix build for Open Watcom 1.9
2025-02-25 22:52:36 +01:00
3557cc764a
Merge pull request #8501 from SparkiDev/digest_test_rework
...
Digest testing: improve
2025-02-25 13:03:48 -08:00
dfc5e61508
asn: ocsp: refactor out CERT ID decoding
...
It will be reused in d2i_CERT_ID
2025-02-25 20:20:34 +00:00
4eda5e1f7f
Merge pull request #8491 from jmalak/winsock-guard
...
correct comment for _WINSOCKAPI_ macro manipulation
2025-02-25 09:51:23 -08:00
c24b7d1041
ocsp: use SHA-256 for responder name if no-sha
2025-02-25 15:42:27 +00:00
8b80cb10d6
ocsp: responderID.ByKey is SHA-1 Digest len
...
Check that responderID.ByKey is exactly WC_SHA_DIGEST_SIZE as per RFC
6960. KEYID_SIZE can change across build configuration.
2025-02-25 15:42:22 +00:00
9178c53f79
Fix: Address and clean up code conversion in various files.
2025-02-25 11:17:58 +01:00
6016cc0c97
Digest testing: improve
...
Make testing digests consistent.
Add KATs for all digests.
Check unaligned input and output works.
Perform chunking tests for all digests.
Fix Blake2b and Blake2s to checkout parameters in update and final
functions.
Fix Shake256 and Shake128 to checkout parameters in absorb and squeeze
blocks functions.
Add default digest size enums for Blake2b and Blake2s.
2025-02-25 19:07:20 +10:00
0116ab6ca2
Merge pull request #8484 from jmalak/offsetof
...
Rename OFFSETOF macro to WolfSSL specific WC_OFFSETOF name
2025-02-23 14:45:43 -06:00
d066e6b9a5
correct comment for _WINSOCKAPI_ macro manipulation
...
The issue is with MINGW winsock2.h header file which is not compatible
with Miscrosoft version and handle _WINSOCKAPI_ macro differently
2025-02-23 11:15:38 +01:00
1d1ab2d9ff
Rename OFFSETOF macro to WolfSSL specific WC_OFFSETOF name
...
There are the following reasons for this
- it conflicts with the OFFSETOF macro in the OS/2 header (Open Watcom)
- it is compiler-specific and should use the C standard offsetof definition in the header file stddef.h
- it is more transparent unique name
2025-02-22 09:44:54 +01:00
29c3ffb5ee
Merge pull request #8435 from JacobBarthelmeh/formatting
...
add else case to match with other statements
2025-02-21 17:21:10 -08:00
8ae122584c
Merge pull request #8482 from douzzer/20250220-misc-UnalignedWord64
...
20250220-misc-UnalignedWord64
2025-02-20 17:26:44 -07:00
a05436066d
wolfcrypt/test/test.c: fix return values in camellia_test() (also fixes some false positive -Wreturn-stack-addresses from clang++).
2025-02-20 16:50:24 -06:00
41b4ac5599
misc.c: undo changes in 82b50f19c6 "when Intel x64 build, assume able to read/write unaligned" -- provokes sanitizer on amd64, and is not portable (e.g. different behavior on Intel vs AMD). all performance-sensitive word64 reads/writes should be on known-aligned data.
2025-02-20 15:00:22 -06:00
e90e3aa7c6
Intel AVX1/SSE2 ASM: no ymm/zmm regs no vzeroupper
...
vzeroupper instruction not needed to be invoked unless ymm or zmm
registers are used.
2025-02-20 22:35:20 +10:00
82b50f19c6
ML-KEM/Kyber: improvements
...
ML-KEM/Kyber:
MakeKey call generate random once only for all data.
Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
Fix InvNTT assembly code for x64 - more reductions.
Split out ML-KEM/Kyber tests from api.c.
TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.
misc.c: when Intel x64 build, assume able to read/write unaligned
2025-02-20 08:14:15 +10:00
268326d875
Merge pull request #8408 from rizlik/ocsp-resp-refactor
...
OpenSSL Compat Layer: OCSP response improvments
2025-02-19 11:20:12 -08:00
597b839217
Merge pull request #8468 from jmalak/fix-test-c89
...
correct test source file to follow C89 standard
2025-02-19 11:23:48 -06:00
373a7d462a
Merge pull request #8472 from SparkiDev/ed25519_fix_tests
...
Ed25519: fix tests to compile with feature defines
2025-02-19 09:53:10 -07:00
331a713271
Ed25519: fix tests to compile with feature defines
...
ge_operations.c: USe WOLFSSL_NO_MALLOC rather than WOLFSSL_SP_NO_MALLOC.
2025-02-19 17:41:03 +10:00
3c74be333e
correct test source file to follow C89 standard
...
for OpenSSL interface
2025-02-18 22:12:11 +01:00
258afa5493
wolfcrypt/src/pkcs7.c: in PKCS7_EncodeSigned(), check for error from SetSerialNumber().
2025-02-17 18:05:04 -06:00
3e38bdcd2c
Merge pull request #8450 from dgarske/stm32_pka_ecc521
...
Fix for STM32 PKA ECC 521-bit support
2025-02-17 08:27:45 -08:00
a06a8b589c
ocsp: minors
2025-02-17 08:59:29 +00:00
c1c9af5cb6
minor: improve indentation of guards
2025-02-17 08:59:29 +00:00
2c2eb2a285
ocsp: improve OCSP response signature validation
...
- search for the signer in the CertificateManager if the embedded cert
verification fails in original asn template.
2025-02-17 08:59:29 +00:00
851d74fd69
ocsp-resp-refactor: address reviewer's comments
2025-02-17 08:59:29 +00:00
f782614e1e
clang tidy fixes
2025-02-17 08:59:28 +00:00
3a3238eb9f
ocsp: refactor wolfSSL_OCSP_response_get1_basic
...
The internal fields of OcspResponse refer to the resp->source buffer.
Copying these fields is complex, so it's better to decode the response again.
2025-02-17 08:58:03 +00:00
b7f08b81a6
ocsp: adapt ASN original to new OCSP response refactor
2025-02-17 08:58:03 +00:00
f526679ad5
ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify
...
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
decoding
2025-02-17 08:58:03 +00:00
dedbb2526c
ocsp: fix memory leaks in OpenSSL compat layer
2025-02-17 08:58:02 +00:00
60c1558142
Merge pull request #8447 from dgarske/memleak
...
Fixed possible memory leaks
2025-02-14 00:26:09 -06:00
e806bd76bb
Merge pull request #8445 from SparkiDev/perf_improv_1
...
Performance improvements
2025-02-13 23:25:47 -06:00
86c3ee1a9d
Fix for STM32 PKA ECC 521-bit support. Issue was 65 vs 66 buffer check. ZD 19379
2025-02-13 16:41:42 -08:00
746aa9b171
Merge pull request #8443 from ColtonWilley/add_cert_rel_prefix
...
Add a cert relative prefix option for tests
2025-02-13 14:48:06 -08:00
f943f6ff5c
Fixed possible memory leaks reported by nielsdos in PR 8415 and 8414.
2025-02-13 08:20:37 -08:00
db0fa304a8
Merge pull request #8436 from SparkiDev/mlkem_cache_a
...
ML-KEM/Kyber: cache A from key generation for decapsulation
2025-02-12 17:29:38 -08:00
846ba43a29
Merge pull request #8392 from SparkiDev/curve25519_blinding
...
Curve25519: add blinding when using private key
2025-02-12 16:20:51 -08:00
9253d1d3ac
ML-KEM/Kyber: cache A from key generation for decapsulation
...
Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
2025-02-13 10:12:05 +10:00
bfd52decb6
Performance improvements
...
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
2025-02-13 09:55:55 +10:00
bb84ebfd7a
Curve25519: add blinding when using private key
...
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.
Add new APIs to support passing in an RNG.
Old APIs create a new RNG.
Only needed for the C implementations that are not small.
Modified TLS and OpenSSL compat API implementations to pass in RNG.
Fixed tests and benchmark program to pass in RNG.
2025-02-13 08:52:35 +10:00
0e474fc673
Merge pull request #8437 from LinuxJedi/SE050-changes
...
Minor SE050 improvements
2025-02-12 14:50:36 -08:00
ddf7bfcb8f
Add a cert relative prefix option for tests
2025-02-12 13:59:23 -08:00
3856d55d9b
Revert "Performance improvements"
...
This reverts commit ce679ef057
2025-02-12 12:32:47 -06:00
bcd89b0592
Merge pull request #8388 from julek-wolfssl/BN_CTX_get
...
Implement BN_CTX_get
2025-02-12 08:08:58 +10:00
92e222b1ab
Merge pull request #8429 from SparkiDev/perf_improv_1
...
Performance improvements AES-GCM and HMAC (in/out hash copy)
2025-02-11 08:32:30 -08:00
cb42f18a47
Minor SE050 improvements
...
Adds two features for SE050:
1. `WOLFSSL_SE050_AUTO_ERASE`. When enabled, this will automatically
erase a key from the SE050 when `wc_ecc_free()` and friends are
called.
2. `WOLFSSL_SE050_NO_RSA`. This stops RSA offloading onto the SE050,
useful for the SE050E which does not have RSA support.
2025-02-11 16:25:06 +00:00
ce679ef057
Performance improvements
...
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
2025-02-11 10:26:51 +10:00
be5f203274
Merge pull request #8425 from philljj/ecdsa_mldsa_test_api
...
dual alg: add ML-DSA test, and misc cleanup.
2025-02-10 15:05:44 -08:00
96d9ebcfee
add else case to match with other statements
2025-02-10 14:53:15 -07:00
4373e551e7
Merge pull request #8431 from LinuxJedi/SE050-fixes
...
Fix SE050 Port
2025-02-10 11:33:46 -08:00
557e43bcd7
dual alg: peer review cleanup, and more function comments.
2025-02-10 10:08:35 -05:00
8870b76c26
Fix SE050 Port
...
The SE050 port won't compile in the latest wolfSSL. This patch:
* Updates the documentation
* Fixes a missing `#ifdef` that breaks the build
* Changes the use of `mp_int` to `MATH_INT_T`
* Fixes compiler error with `ecc.c`
* Adds a tiny bit of extra debugging info
2025-02-10 14:27:28 +00:00
937d6d404a
dual alg: clean up comments and line lengths.
2025-02-07 09:22:16 -05:00
e2d40288ee
Remove internal use of wolfSSL_BN_CTX_new()
2025-02-07 14:45:42 +01:00
1e17d737c8
"#undef _WINSOCKAPI_" after defining it to "block inclusion of winsock.h header file", to fix #warning in /usr/x86_64-w64-mingw32/usr/include/winsock2.h.
2025-02-06 18:41:20 -06:00
035d4022fb
dual alg: add ML-DSA test, and misc cleanup.
2025-02-06 15:50:37 -05:00
e6ceb40187
Merge pull request #8391 from dgarske/cmake_watcom
...
Fixes for Watcom compiler and new CI test
2025-02-06 08:51:51 +10:00
f061e19ecb
Merge pull request #8403 from miyazakh/keytype_tsip
...
Revert TSIP_KEY_TYPE as TSIP TLS definition
2025-02-04 15:21:27 -08:00
60c5a0ac7f
Peer review feedback. Thank you @jmalak
2025-02-04 14:32:24 -08:00
743655b9ce
Merge pull request #8402 from gojimmypi/pr-espressif-build-improvement
...
Improve Espressif make and cmake for ESP8266 and ESP32 series
2025-02-04 14:05:32 -08:00
345c969164
Fixes for Watcom compiler and new CI test
...
* Correct cmake script to support Open Watcom toolchain (#8167 )
* Fix thread start callback prototype for Open Watcom toolchain (#8175 )
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
2025-02-04 12:38:52 -08:00
f0b3c2955e
Merge pull request #8412 from SparkiDev/mlkem_kyber_small_mem
...
ML-KEM/Kyber: small memory usage
2025-02-04 11:45:01 -08:00
316177a7f1
ML-KEM/Kyber: small memory usage
...
Options to compile ML-KEM/Kyber to use less dynamic memory.
Only available with C code and has small performance trade-off.
2025-02-04 10:51:56 +10:00
71a982e6b7
sync with upstream
2025-02-03 16:13:05 -08:00
4891d1c471
Merge pull request #8400 from ColtonWilley/add_trusted_cert_pem_parsing
...
Add support for parsing trusted PEM certs
2025-01-31 10:53:51 -07:00
6555da9448
revert TSIP_KEY_TYPE as TSIP TLS definition
2025-01-31 14:13:36 +09:00
e7a0340eea
Merge pull request #8395 from SparkiDev/asm32_asm_older_opt
...
ARM32 ASM: optimize older platform alternatives
2025-01-30 15:47:25 -08:00
3f47963802
Merge pull request #8396 from douzzer/20250129-CT-tweaks
...
20250129-CT-tweaks
2025-01-31 09:10:22 +10:00
3a6b33c180
tests/api.c and wolfcrypt/benchmark/benchmark.c: fixes for building with HAVE_FFDHE_3072 and/or HAVE_FFDHE_4096 but without HAVE_FFDHE_2048.
2025-01-30 15:02:02 -06:00
c4288cc334
Add support for parsing PEM certificates with begin trusted cert header/footer, needed for wolfProvider.
2025-01-30 11:34:02 -08:00
9641dc79d9
Merge pull request #8398 from douzzer/20250130-ASCON-unit-test-fixes
...
20250130-ASCON-unit-test-fixes
2025-01-30 10:57:05 -07:00
49d2beed1a
fixes for gating/tooling around ASCON.
2025-01-30 10:48:23 -06:00
b62f5ab722
ML-KEM/Kyber: build with no malloc
...
ML-KEM/Kyber van now be built with WOLFSSL_NO_MALLOC and all data is on
the stack.
2025-01-30 18:11:55 +10:00
0de38040f4
CT tweaks:
...
in wolfcrypt/src/coding.c, add ALIGN64 to hexDecode[], and add hexEncode[] for use by Base16_Encode();
in wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h:
move ctMask*() up so that min() and max() can use them, and add ctMaskWord32GTE();
add ALIGN64 to kHexChar[];
add CT implementation of CharIsWhiteSpace();
remove min_size_t() and max_size_t() recently added, but only one user (refactored).
2025-01-30 01:24:40 -06:00
dd7ec129af
fixes for gating/tooling around ASCON.
2025-01-30 01:23:26 -06:00
2d06e67a64
ARM32 ASM: optimize older platform alternatives
...
Make the alternative instructions for architectures less than 7 more
optimal.
2025-01-30 16:58:13 +10:00
25c8869541
Merge pull request #8390 from SparkiDev/lms_sha256_192_l1_h20
...
LMS: Fix SHA-256-192 level 1, height 20
2025-01-29 18:20:50 -05:00
bcde4bdebb
ascon: move tests to api.c and introduce framework to split up api.c
2025-01-29 15:50:00 +01:00
cd047a35f2
fixup! Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 ipd
2025-01-29 12:21:28 +01:00
b0ab7f0d26
ascon: use individual word64 to help compiler
2025-01-29 11:49:09 +01:00
78a7d12955
ascon: use lowercase first letters for members
2025-01-29 11:38:31 +01:00
f47bbfc174
ascon: error out when word64 not available
2025-01-29 11:36:33 +01:00
76e29be1a9
ascon: remove 6 round perm as its not used
2025-01-29 11:33:11 +01:00
028b5b3cda
Fix references to match NIST draft
2025-01-29 11:31:34 +01:00
Kareem
Daniel Pouzzner
Lealem Amedie
John Bland
Sean Parkinson
JacobBarthelmeh
Anthony Hu
David Garske
Devin AI
msi-debian
kaleb-himes
Tobias Frauenschläger
Jiri Malak
Marco Oliverio
Reda Chouk
Colton Willey
Andrew Hutchings
jordan
Juliusz Sosinowicz
gojimmypi
Hideki Miyazaki
Anthony Hu