Add support for X25519 and X448 based hybrid PQC + ECC key exchange
groups. Furthermore, two new combinations with SECP curves are added to
match OQS combinations.
This also incorporates the changed order of X25519 and X448 based
combinations to place the PQC material before the ECDH material. This is
motivated by the necessity to always have material of a FIPS approved
algorithm first.
Also, codepoints are updated to reflect the latest draft standards for
pure ML-KEM and some of the hybrids. With these changes and based on the
recent additions to both enable ML-KEM final and draft versions
simultaneously, a WolfSSL TLS server is now compatible with all recent
browsers that support either the draft version of ML-KEM (Chromium based
browsers and Firefox < version 132; only when the draft version is
enabled in the build) or the final version already (Firefox > version 132).
In the process of extending support, some code and logic cleanup
happened. Furthermore, some memory leaks within the hybrid code path have
been fixed.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
Make Kyber and ML-KEM individually available as well as at the same
time.
Modified TLS layer to support both Kyber and ML-KEM.
Added new identifiers in TLS layer for ML-KEM.
configure.ac:
* add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST).
* fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "".
* move enable_rsapss=yes from enable-all to enable-all-crypto.
examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
No functional changes.
Several compat symbols that were formerly enums are now macros.
All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.
wolfcrypt/test/test.c is similarly refactored to use only native symbols.
examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().
wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().
add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
add wolfCrypt error codes IO_FAILED_E "Input/output failure" and SYSLIB_FAILED_E "System/library call failed";
tests/api.c and tests/unit.c: flush stdout for error message in Fail() macro, add fflush(stdout) after printf()s, print success message at end of unit_test(), and send several error messages to stderr instead of stdout;
wolfcrypt/test/test.c: add fallthrough macro definition of printf() that pairs it with fflush(stdout);
unit.h: in definition of macro AssertPtr(), add PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"");
sp_int.c: refactor several lingering instances of "if (0) { ... }" code pattern to #if 0 ... #endif.
Also fixed some small errors during shutdown in benchmarks.
Tested with:
./configure --enable-psk CFLAGS=-DWOLFSSL_STATIC_PSK
make all check
./examples/benchmark/tls_bench
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
as a default callback.
2. Modify all the tests and examples to use the default seed callback if
the seed callback is enabled.
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
