wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 10:52:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
27,397 Commits 12 Branches 184 Tags
100d765b0c333ec00a111ce7c19be6f1bf4070a5
Commit Graph

10346 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
37554a13db Updates for OpenSSH 10.0p2 
- random.c: use getrandom when available and fall back to direct file access
- openssh.yml: run more tests
- openssh.yml: add 10.0p2 and 9.9p2
- configure.ac: detect if `getrandom` is available on the system
- configure.ac: openssh requires WC_RNG_SEED_CB to always use `getrandom` so that the RNG doesn't get killed by SECCOMP
 2025-06-13 18:06:19 +02:00
Koji Takeda
ff1baf0ae7 Apply stronger salt length for PBES2 2025-06-14 00:45:03 +09:00
David Garske
c5e63b84ca Merge pull request #8840 from douzzer/20250605-linuxkm-DRBG-multithread-round-1 
20250605-linuxkm-DRBG-multithread-round-1
 2025-06-12 13:17:54 -07:00
David Garske
2fc1110a13 Merge pull request #8587 from lealem47/gh8574 
Fix bug in ParseCRL_Extensions
 2025-06-12 12:09:52 -07:00
David Garske
bfdce3a345 Merge pull request #8832 from SparkiDev/aarch64_xfence 
Aarch64 XFENCE
 2025-06-12 11:53:55 -07:00
David Garske
6571f42cb9 Merge pull request #8867 from JacobBarthelmeh/rng 
Improvements to RNG and compatibility layer
 2025-06-11 14:31:53 -07:00
Sean Parkinson
1c85a76ddd Dilithium/ML-DSA: Fixes for casting down and uninit 2025-06-11 11:14:49 +10:00
Sean Parkinson
d66863d0ac Aarch64 XFENCE 
Use sb instruction instead of isb if available.
 2025-06-11 09:29:20 +10:00
JacobBarthelmeh
ae87afa677 Merge pull request #8857 from miyazakh/tsip_fix 
fix TSIP TLS example program
 2025-06-10 16:26:34 -06:00
JacobBarthelmeh
47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh
31490ab813 add sanity checks on pid with RNG 2025-06-10 14:37:11 -06:00
JacobBarthelmeh
047f0bb5fc Merge pull request #8847 from gojimmypi/pr-platformio-cert-bundles 
Improve PlatformIO Certificate Bundle Support
 2025-06-10 10:23:07 -06:00
Sean Parkinson
cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Koji Takeda
0260ff789b Clarify supported PKCS12 encryption algorithms 2025-06-09 12:03:47 +09:00
Hideki Miyazaki
0404447bd8 fix typo 2025-06-07 12:46:22 +09:00
Hideki Miyazaki
1f8efc3c14 fix TSIP example 
fix Client Certificate Verify using RSA sign/verify
 2025-06-07 12:38:18 +09:00
Daniel Pouzzner
ae15693fa8 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_generate() and wc_linuxkm_drbg_seed(), check retval from wc_LockMutex(). 
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), restore smallstack path for digest[], but use non-smallstack path for WOLFSSL_LINUXKM.
 2025-06-07 07:07:20 +04:00
gojimmypi
3254f56d32 Improve PlatformIO Certificate Bundle Support 2025-06-06 15:48:07 -07:00
JacobBarthelmeh
ae7509e746 Merge pull request #8813 from gojimmypi/espressif-mlkem-support 
Adjust Espressif Examples for Post Quantum ML-KEM
 2025-06-06 11:41:59 -06:00
JacobBarthelmeh
9ffca6b39c Merge pull request #8822 from kojiws/support_cert_aes_cbc_on_pkcs12_export 
Support PBE_AES(256|128)_CBC certificate encryptions on wc_PKCS12_create()
 2025-06-06 11:35:13 -06:00
Daniel Pouzzner
4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; 
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
 2025-06-06 17:18:50 +04:00
JacobBarthelmeh
c207e2d198 Merge pull request #8838 from miyazakh/fsp_fix2 
Fix Renesas SCE on RA6M4
 2025-06-05 09:43:05 -06:00
Daniel Pouzzner
dbc34352c7 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_seed(), prefix the supplied seed with the CPU ID of each DRBG, to avoid duplicate states; 
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), always put digest[] on the stack even in WOLFSSL_SMALL_STACK configuration (it's only 32 bytes);

configure.ac: default smallstackcache on when linuxkm-defaults.
 2025-06-05 16:31:46 +04:00
Sean Parkinson
640b060792 LMS: Key ID fixup 
Fix implementation for extracting from private key data.
Add implementation that gets Key ID from wc_LmsKey.
 2025-06-05 10:25:47 +10:00
Lealem Amedie
02a49693e2 Fix bug in ParseCRL_Extensions 2025-06-04 10:23:53 -06:00
Koji Takeda
7c33096398 Support PBE_AES256_CBC and PBE_AES128_CBC cert encryption on wc_PKCS12_create() 2025-06-04 16:43:30 +09:00
Hideki Miyazaki
e633dd7537 trailing whitespace 2025-06-04 13:41:01 +09:00
Hideki Miyazaki
6d2a8b3f4c ready-for-use flag fix 2025-06-04 13:41:01 +09:00
JacobBarthelmeh
c1b683f307 add clang-tidy lint comment to avoid false positive 2025-06-03 14:44:01 -06:00
gojimmypi
a9db6d08f7 Adjust Espressif Examples for Post Quantum ML-KEM 2025-06-02 15:11:53 -07:00
gojimmypi
1aa97a9070 Correct Espressif default time setting 2025-06-02 15:04:49 -07:00
Daniel Pouzzner
a6e9bd73e4 Merge pull request #8803 from dgarske/csr_nomalloc 
Refactor to support CSR generation and signing with `WOLFSSL_NO_MALLOC`
 2025-05-30 18:05:25 -05:00
Daniel Pouzzner
dd6e6015ea wolfcrypt/src/wc_mlkem.c: add setup for WC_MLKEM_NO_ASM. 2025-05-30 14:51:52 -05:00
Daniel Pouzzner
8f347e68f5 wolfcrypt/src/wc_mlkem_poly.c and configure.ac: add support for WC_MLKEM_NO_ASM, and add gates to support WC_SHA3_NO_ASM; 
wolfcrypt/src/sha3.c and wolfssl/wolfcrypt/sha3.h: BlockSha3() now always WOLFSSL_LOCAL (never static) to support calls from MLKEM implementation.
 2025-05-30 13:31:40 -05:00
David Garske
165f868be1 Fix for warning: ‘free’ called on unallocated object ‘buf’. 2025-05-29 17:15:55 -07:00
Daniel Pouzzner
245042a342 add WC_SHA3_NO_ASM, mainly for the benefit of linuxkm-defaults and KASAN compatibility. 2025-05-29 16:21:34 -05:00
Daniel Pouzzner
b9ef6c583a wolfcrypt/test/test.c: in test_dilithium_decode_level(), on early malloc failure, stay in the flow to assure cleanup; 
.wolfssl_known_macro_extras: remove unneeded entry for WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC.
 2025-05-28 12:48:36 -05:00
David Garske
482f2bdd2a Refactor to support CSR generation and signing with WOLFSSL_NO_MALLOC. Also for DSA. Don't test no malloc with ECC custom curves. 2025-05-27 14:51:16 -07:00
Daniel Pouzzner
8179367412 Merge pull request #8798 from dgarske/mldsa_nosign 
Fix for ML-DSA with `WOLFSSL_DILITHIUM_NO_SIGN`
 2025-05-27 14:44:44 -05:00
David Garske
607d7489bc Add no malloc support for Dilithium tests. Fixes for WOLFSSL_DILITHIUM_NO_ASN1. 2025-05-22 14:34:34 -07:00
David Garske
d0085834cd Fix for ML-DSA with WOLFSSL_DILITHIUM_NO_SIGN. ZD 19948. 2025-05-22 12:36:46 -07:00
David Garske
cc78e3f5d1 Fix for older STM32Cube HAL that does not support hcryp->Init.HeaderWidthUnit. ZD 19926. 2025-05-21 16:42:52 -07:00
Sean Parkinson
9fdb40caa4 Merge pull request #8790 from philljj/fix_coverity 
coverity: misc fixes
 2025-05-22 08:40:59 +10:00
Sean Parkinson
85a4e34705 Merge pull request #8782 from kojiws/support_aes_cbc_pkcs12_export 
Support PBE_AES(256|128)_CBC key encryptions on wc_PKCS12_create()
 2025-05-22 08:39:11 +10:00
Daniel Pouzzner
e2def987d4 wolfcrypt/src/siphash.c: for WC_SIPHASH_NO_ASM, don't define WOLFSSL_NO_ASM if it's already defined. 2025-05-21 10:03:10 -05:00
Daniel Pouzzner
a01fb2a61c wolfcrypt/src/siphash.c: honor WC_SIPHASH_NO_ASM; configure.ac: add -DWC_SIPHASH_NO_ASM when ENABLED_LINUXKM. 2025-05-20 13:03:58 -05:00
jordan
c619c19a1d asn: add underflow check to idx. 2025-05-19 19:04:27 -05:00
Koji Takeda
3666851589 Support PBE_AES256_CBC and PBE_AES128_CBC key encryption on wc_PKCS12_create() 2025-05-19 22:26:46 +09:00
Ruby Martin
7ae2c24ac4 add NULL reference checks to RSA functions 2025-05-16 14:00:35 -06:00
Daniel Pouzzner
e67536cb15 Merge pull request #8775 from rlm2002/coverity 
Coverity: address uninitialized scalar variable issues
 2025-05-16 14:44:38 -05:00