Commit Graph

1340 Commits

Author SHA1 Message Date
kaleb-himes 08fd7bde58 PQ FIPS v7.0.0 Phase 2 & 3: All changes
Implement peer review feedback
2026-04-24 06:52:49 -06:00
JacobBarthelmeh 719e98f717 prepare for release 5.9.1 2026-04-08 07:34:41 -06:00
Daniel Pouzzner 60d1e222b2 globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
David Garske 255f14bab9 Merge pull request #9732 from Frauschi/pqc_first
Enable and use ML-KEM by default
2026-03-19 12:38:36 -07:00
JacobBarthelmeh a08fa98adc prepare for release 5.9.0 2026-03-18 16:18:12 -06:00
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
Juliusz Sosinowicz 9a9eb2bf1d Add ocsp responder test to testsuite.c and tested on windows 2026-03-11 10:21:16 +01:00
JacobBarthelmeh 4d3463cccd addjust ESP-IDF comment to match expected pattern 2026-02-18 10:08:14 -07:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Hideki Miyazaki c74a95c8d0 rm WOLFSSL_ASN_ORIGINAL from user_settings.h
- update signed ca cert (rsa/ecc)
 - update compiler options for v3.06.00
2026-02-05 00:08:35 +09:00
Per Allansson c979f95648 IDE/XCODE: fix file types for asm.S files 2026-01-08 16:47:04 +01:00
Hideki Miyazaki ba63d81441 add .gitignore to include.am 2025-12-24 06:36:08 +09:00
Hideki Miyazaki 75fad16f20 addressed code review comments 2025-12-24 05:59:09 +09:00
Hideki Miyazaki fc583d068f add SK-S7G2 support
Update README based on copilot suggestion
2025-12-20 10:32:09 +09:00
Daniel Pouzzner ebbfc2e413 Merge pull request #9507 from miyazakh/add_tools_includeam
Add RA6M4/tools folder to include.am
2025-12-11 12:46:37 -06:00
Hideki Miyazaki 090d89acbc add RA6M4/tools folder to include.am 2025-12-10 10:18:26 +09:00
JacobBarthelmeh ea058c6e85 xcode set correct file type for assembly files with project 2025-12-08 14:42:19 -07:00
JacobBarthelmeh 91f3d90f82 Update version .rc files too 2025-11-20 13:10:38 -07:00
Sean Parkinson f376c8d910 Merge pull request #9388 from lealem47/scan_build
Various fixes for nightly tests
2025-11-07 09:30:08 +10:00
Lealem Amedie 15ecc2e4da Update Rowley settings to define WOLFSSL_NO_SOCK 2025-11-06 15:11:49 -07:00
JacobBarthelmeh 8077551ba8 avoid warning when building without user_settings.h and options.h for QNX CAAM 2025-11-05 16:03:09 -07:00
Sean Parkinson 093cc04076 Stack API: Pull out implementation into separate file
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
2025-10-27 17:08:41 +10:00
Sean Parkinson 9c1462a9ec Aarch64 asm: convert to generated
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
2025-10-21 17:03:39 +10:00
David Garske dcafe9adf2 Add STM32H5 PKA support. 2025-10-06 18:38:09 +02:00
David Garske c349001d94 Move the STM32 hash options into STM32_HASH. Fix for realloc. Improve docs for hcom_uart. Fix issue with detecting RTC and incorrectly setting NO_ASN_TIME. 2025-10-06 18:38:09 +02:00
David Garske ee77094dd6 Fixes to get STM32N6 hash and GMAC working 2025-10-06 18:38:09 +02:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
Andrew Hutchings 504c51f354 Fix STM32 benchmark endless loop after 1 hour
If the STM32 has an RTC, this is used to time the execution of each
benchmark item. It was only multiplying hours by 24 to get seconds, so
after one hour the amount of seconds went to less than 3600. Therefore
the benchmark thought negative time elapsed and would never end.
2025-09-21 08:19:16 +01:00
Hideki Miyazaki 13809256ef minor update README 2025-09-12 17:54:49 +09:00
Daniel Pouzzner e3423d0922 Merge pull request #9163 from kaleb-himes/Batch2-WinCE
Add the updated WinCE settings for FIPS 140-3 submission
2025-09-10 09:57:59 -05:00
David Garske ce5878fb8d Merge pull request #9162 from embhorn/zd18673
Fixes for INTIME RTOS
2025-09-10 07:44:19 -07:00
Eric Blankenhorn 2179dccb1d Fix VS proj 2025-09-09 15:36:55 -05:00
David Garske f1ef484076 Merge pull request #9150 from miyazakh/update_fsp_v610
Update Renesas FSP version on RA6M4
2025-09-09 12:26:03 -07:00
David Garske b3aa39ddad Merge pull request #9138 from JacobBarthelmeh/sgx
update for SGX CPU ID to follow atomics refactor
2025-09-09 12:18:51 -07:00
David Garske 5957afb8b5 Merge pull request #9158 from miyazakh/update_fsp_v610_ra6m3
Update Renesas FSP version on RA6M3 example
2025-09-09 12:18:17 -07:00
Eric Blankenhorn a3a21fac3c Fix Makefile 2025-09-09 11:56:10 -05:00
Eric Blankenhorn b6bb43e9bc Fix Makefile 2025-09-09 11:39:40 -05:00
Eric Blankenhorn 5fd5ff89c3 Changes from customer 2025-09-08 13:20:13 -05:00
Hideki Miyazaki 815f2ce9db Update Renesas FSP version on RA6M3 example 2025-09-06 19:12:24 +09:00
gojimmypi c22354e2f5 Exclude wolfssl certs_test.h from Espressif user_settings.h 2025-09-05 17:08:04 -07:00
kaleb-himes 7c2fc506b5 Fix trailing whitespace in new user_settings.h 2025-09-05 15:36:21 -06:00
kaleb-himes 3f7ba638dd Add the updated WinCE settings for FIPS 140-3 submission
Add the missing README.md
2025-09-05 15:36:21 -06:00
Eric Blankenhorn b4a82877b8 Remove *.filters file 2025-09-05 16:23:26 -05:00
Eric Blankenhorn 53ee6d3a0b Fixes for INTIME RTOS 2025-09-05 16:23:26 -05:00
gojimmypi 0065d9a0dd Improve Arduino Examples, add workflow testing 2025-09-02 11:45:28 -07:00
Hideki Miyazaki e2fe74502f Add wolfSSL/Debug folder as include
- remove BSP_WarmStart() due to duplicate
2025-08-30 09:28:09 +09:00
Hideki Miyazaki 295a11d0f7 update Readme 2025-08-30 09:24:46 +09:00
JacobBarthelmeh 9774e4959f change sgx script to create options.h if none exists 2025-08-27 16:44:47 -06:00
gojimmypi 797c1d00ac Fix workflow for latest ESP-IDF for espressif examples 2025-08-26 14:38:23 -07:00
Daniel Pouzzner e0383b496a linuxkm/module_hooks.c: implement wc_linuxkm_GenerateSeed_IntelRD, gated on WC_LINUXKM_RDSEED_IN_GLUE_LAYER;
add WC_GENERATE_SEED_DEFAULT, which defaults to wc_GenerateSeed if not overridden, and replace wc_GenerateSeed with WC_GENERATE_SEED_DEFAULT in various calls to wc_SetSeed_Cb();

linuxkm/linuxkm_wc_port.h: if FIPS <v6 and RDSEED, define WC_LINUXKM_RDSEED_IN_GLUE_LAYER and define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD;

wolfcrypt/test/test.c: update rng_seed_test() with gating and vectors for FIPS v5 with HAVE_AMD_RDSEED or HAVE_INTEL_RDSEED;

wolfssl/wolfcrypt/types.h: add WC_HAVE_VECTOR_SPEEDUPS helper macro, and enlarge fallthrough definition coverage for DISABLE_VECTOR_REGISTERS.
2025-08-22 21:58:00 -05:00