WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
24,991 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

24991 Commits (29482a3e4d17649c0b66e7c081d2ae05df6979b8)

Author SHA1 Message Date
Devin AI a911f70049 Add other federal PKI OIDs. 
Co-Authored-By: kareem@wolfssl.com <kareem@wolfssl.com>
 2025-03-27 12:20:02 -07:00
Devin AI 6910f80e3d Add all DoD PKI cert policy OIDs. 
Co-Authored-By: kareem@wolfssl.com <kareem@wolfssl.com>
 2025-03-27 12:19:49 -07:00
Sean Parkinson 1c56a2674a
Merge pull request #8521 from kaleb-himes/KH-SRTP-PORTING-OEs-phase4-rev3 
Checkin XCODE settings for v6.0.0 module
 2025-03-27 13:03:23 +10:00
Sean Parkinson 21c0d7803a Greenhills compiler: fix asm and volatile 
Greenhills compiler doesn't accept volatile and __asm__ needs to be
__asm.
 2025-03-27 10:54:19 +10:00
Sean Parkinson ea677dd30d ARM32 inline ASM: make all vars input when not assigning regs 
Compiler doesn't keep parameters in the same registers as passed if they
are output registers.
 2025-03-27 10:51:01 +10:00
David Garske a59075b908 Various improvements to iscacii and CMake key log: 
* Detect 'isascii' at configuration (tested with `./configure CFLAGS="-DNO_STDLIB_ISASCII" && make check`).
* Add mew CMake option `WOLFSSL_KEYLOG_EXPORT` (fixes #8165)
Replaces PR #8174 and #8158. Thank you @redbaron.
 2025-03-26 15:24:15 -07:00
Daniel Pouzzner 8b8873fb2c
Merge pull request #8553 from kareem-wolfssl/zd19458 
Check for whether librt is needed for clock_gettime.
 2025-03-26 12:44:24 -05:00
Daniel Pouzzner ddf7d5b6f1
Merge pull request #8584 from dgarske/stm32_aesgcm 
Fixes for STM32H7S AES GCM. Cleanups for STM32 AES GCM.
 2025-03-26 10:57:18 -05:00
Sean Parkinson cfab666369 ARM32/Thumb2 ASM: fix WOLFSSL_NO_VAR_ASSIGN_REG 
Thumb2 needed constants defined even with no register assignments.
ARM32 needed support added fo rnot having registers assigned to
variables.
 2025-03-26 12:46:32 +10:00
Daniel Pouzzner 61cdcd71e6
Merge pull request #8588 from SparkiDev/mlkem_encapsulte_no_return 
ML-KEM/Kyber: mlkem_encapsulate not to return a value
 2025-03-25 00:14:41 -05:00
Sean Parkinson 50304cfb1c Intel x86_64, gcc, icc: align loops to 64 byte boundary 
Improved security with compile flag.
 2025-03-25 09:40:01 +10:00
Sean Parkinson cfc774c152
Merge pull request #8581 from dgarske/no_ecc_check_public_order 
Add option to disable ECC public key order checking
 2025-03-25 09:13:56 +10:00
Sean Parkinson 66662bc399 ML-KEM/Kyber: mlkem_encapsulate not to return a value 
Don't return a value from mlkem_encapsulate() to ensure code is just the
maths.
 2025-03-25 08:11:03 +10:00
David Garske 8635014249 Fix to enable SHA384/SHA512 crypto hardware on STM32H7S. 2025-03-24 14:30:35 -07:00
David Garske a709b16ed2 Adding option for `NO_ECC_CHECK_PUBKEY_ORDER`. ZD 19422 2025-03-24 14:00:23 -07:00
David Garske 0cc0bb0afe
Merge pull request #8586 from douzzer/20250321-siphash-armasm 
20250321-siphash-armasm
 2025-03-23 14:00:17 -07:00
Daniel Pouzzner 0cea9c09f7 src/internal.c: fix -Wdeclaration-after-statement in ProcessCSR_ex(). 2025-03-22 23:51:59 -05:00
Daniel Pouzzner 29a0992ed5 wolfssl/wolfcrypt/settings.h: for WOLFCRYPT_FIPS_RAND, don't define USE_FAST_MATH, and make sure NO_BIG_INT is defined. 2025-03-22 22:21:23 -05:00
Daniel Pouzzner 3cad38a1ca wolfcrypt/test/test.c: gate wc_CmacFree()s in cmac_test() on !HAVE_FIPS || FIPS_VERSION3_GE(6,0,0); fix some return codes in hash_test(). 2025-03-22 17:19:37 -05:00
Daniel Pouzzner 60ffde6d7c wolfcrypt/test/test.c: fix error-path various uninitialized data uses and memory leaks. 2025-03-22 13:40:31 -05:00
Daniel Pouzzner 190f46ef23 wolfcrypt/test/test.c: fix -Wdeclaration-after-statement in sm3_test(). 2025-03-22 01:22:19 -05:00
Daniel Pouzzner 1587f21938 fix a couple -Wdeclaration-after-statements. 2025-03-21 22:33:45 -05:00
Daniel Pouzzner 777d42fabe wolfcrypt/src/siphash.c: gate armasm on defined(WOLFSSL_ARMASM), not !defined(WOLFSSL_NO_ASM). 2025-03-21 21:12:41 -05:00
Daniel Pouzzner 576c489b0f
Merge pull request #8583 from lealem47/fips_linuxkm 
Remove linuxkm-pie dependency for FIPS linuxkm
 2025-03-21 21:09:04 -05:00
David Garske defcaa192f
Merge pull request #8582 from douzzer/20250321-Wdeclaration-after-statements-and-Kyber-fixes 
20250321-Wdeclaration-after-statements-and-Kyber-fixes
 2025-03-21 16:40:38 -07:00
David Garske 93c8d7df0d Fixes for STM32H7S AES GCM. Cleanups for STM32 AES GCM. 2025-03-21 16:17:36 -07:00
Daniel Pouzzner e3fe575720 tests/api/test_evp.c: fix gating in test_wolfSSL_EVP_CIPHER_type_string(). 2025-03-21 17:52:33 -05:00
Daniel Pouzzner a57326d500 fix whitespace in tests/api/test_evp.c. 2025-03-21 16:56:48 -05:00
Daniel Pouzzner b0a16a3d94 configure.ac: remove PWDBASED and PBKDF2 from fips=lean-aesgcm. 2025-03-21 16:56:24 -05:00
Lealem Amedie 2fdac57a69 Remove linuxkm-pie dependency for FIPS linuxkm 2025-03-21 15:36:31 -06:00
Daniel Pouzzner 1e89002762 fix various -Wdeclaration-after-statements, and add 
-Wdeclaration-after-statement to .github/workflows/pq-all.yml.

rearrange code/gating in wolfcrypt/src/wc_mlkem.c:mlkemkey_encapsulate() for
  clarity and to fix a -Wdeclaration-after-statement.

also, made mlkem_encapsulate_c() and mlkem_encapsulate() return error code
  (currently always zero) rather than void, for consistency.

configure.ac: fix Kyber/ML-KEM option setup.
 2025-03-21 15:46:44 -05:00
David Garske 9a3ea6fd73
Merge pull request #8568 from embhorn/msvs_pqc_build 
Fix MSVS build issues with PQC config
 2025-03-21 12:41:19 -07:00
Kareem 91239dc42d Only search for clock_gettime when using RNG with wolfEntropy. 2025-03-21 11:05:24 -07:00
Kareem 17bb8c4c84 Check for whether librt is needed for clock_gettime. 2025-03-21 11:01:37 -07:00
David Garske 294e4c79a8
Merge pull request #8578 from philljj/coverity_unchecked_ret 
Coverity unchecked return value
 2025-03-21 10:05:29 -07:00
David Garske 9258fde02f
Merge pull request #8570 from wolfSSL/devin/1742405136-cipherType-to-string 
Add wolfSSL_EVP_CIPHER_type_string function and test
 2025-03-21 10:04:41 -07:00
Eric Blankenhorn f663ed28b6 Fix MSVS build issues with PQC config 2025-03-21 11:49:55 -05:00
Chris Conlon 7c9ecd39fe
Merge pull request #8550 from lealem47/STM32WBA 
Add support for STM32WBA
 2025-03-21 09:58:17 -06:00
David Garske b9aeeac58b
Merge pull request #8576 from douzzer/20250319-FIPS-lean-aesgcm 
20250319-FIPS-lean-aesgcm
 2025-03-21 08:55:34 -07:00
jordan 8d0931df9d coverity: check mp radix ret values. 2025-03-21 10:08:13 -04:00
jordan 15ac07c9ef coverity: check correct ret value. 2025-03-21 09:25:28 -04:00
jordan 3a02ab286c coverity: unchecked return value with mp_copy. 2025-03-21 08:59:31 -04:00
jordan 7c831263c8 coverity: unchecked return value in EchHashHelloInner. 2025-03-21 08:48:45 -04:00
Sean Parkinson 295ba3b416 Intel x86_64, gcc, icc: put branches on 32 byte boundary 
Improved security with compile flag.
 2025-03-21 17:50:31 +10:00
Daniel Pouzzner f14498ea6b fix a couple broken configs in examples/configs/ - simultaneous SP and NO_BIG_INT. 2025-03-20 22:40:08 -05:00
Daniel Pouzzner 57ecd4b246 configure.ac: fix -DNO_BIG_INT setup to recognize $ENABLED_SP_MATH. 
wolfcrypt/test/test.c: fix gating around modLen in rsa_test().

wolfssl/openssl/bn.h: remove superfluous WOLFSSL_SP_MATH gate around mp_int mpi
  in struct WOLFSSL_BIGNUM definition.

wolfssl/wolfcrypt/wolfmath.h: add check for "Conflicting MPI settings.", add
  initial check for WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_MATH to include sp_int.h,
  and remove superfluous WOLFSSL_SP_MATH gate on "common math functions".
 2025-03-20 22:18:22 -05:00
Daniel Pouzzner e870e7f6d2 configure.ac: in FIPS lean-aesgcm setup, don't lock features that are outside 
the FIPS boundary, just set up appropriate defaults.

wolfssl/wolfcrypt/wolfmath.h: if legacy math back ends aren't defined, and
   NO_BIG_INT isn't defined, then always include sp_int.h, for backward compat.
 2025-03-20 21:07:15 -05:00
David Garske 5f013c735e
Merge pull request #8575 from ColtonWilley/fix_cryptocb_rsa_pad_ret_len 
Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD
 2025-03-20 19:03:25 -07:00
Daniel Pouzzner 27a582829f .wolfssl_known_macro_extras: get macros back in C-lexical order. 2025-03-20 20:10:16 -05:00
Daniel Pouzzner b544354306 wolfssl/wolfcrypt/wolfmath.h: don't include an MPI header if NO_BIG_INT is 
defined, and issue a #error if no MPI backend gate is defined and NO_BIG_INT
   is not defined either.

configure.ac:
* add support for FIPS lean-aesgcm[-{ready,dev}].
* implement handler for --enable-sha256.
* move setup for WOLFSSL_FIPS_DEV and WOLFSSL_FIPS_READY into the applicable
    per-flavor sections.
* fix sensing of $ENABLED_AESGCM in FIPS setup clauses to pivot on `!= "no"`
    rather than `= "yes"`, to accommodate "4bit" and other non-"yes" values.
* fix SNI_DEFAULT to be "no" if $ENABLED_TLS = no.
* fix ENABLED_DHDEFAULTPARAMS default to be $ENABLED_DH rather than yes.

wc_encrypt.c: add missing gates in wc_CryptKey() for NO_SHA256.

wolfcrypt/test/test.c: gating fixes for NO_SHA256.

wolfcrypt/benchmark/benchmark.c: basic fixes for building/running with
  --disable-rng (-DWC_NO_RNG).

With the above additions and fixes, it's now a clean build, test, and benchmark,
  with --disable-sha256 --enable-cryptonly --disable-hashdrbg --disable-rng
  --disable-hmac, though RSA/DH/ECC benches are disabled.
 2025-03-20 20:03:34 -05:00