Commit Graph

27397 Commits

Author SHA1 Message Date
Koji Takeda 2f01c9d715 Detect unknown key format 2025-04-03 18:36:05 +09:00
Sean Parkinson c29fba5b7e Merge pull request #8614 from douzzer/20250317-linuxkm-lkcapi-aes-ctr-ofb-ecb
20250317-linuxkm-lkcapi-aes-ctr-ofb-ecb
2025-04-03 10:45:04 +10:00
Sean Parkinson 2210ec8839 Merge pull request #8617 from douzzer/20250401-Base64_Decode_nonCT
20250401-Base64_Decode_nonCT
2025-04-03 10:41:08 +10:00
David Garske ca371b05a5 Merge pull request #8629 from douzzer/20250402-configure-copyright-year
20250402-configure-copyright-year
2025-04-02 17:38:00 -07:00
Daniel Pouzzner 3e87c4465c update copyright year in configure.ac. 2025-04-02 18:51:28 -05:00
Hideki Miyazaki aef224d53e fix cs+ failure 2025-04-03 07:57:42 +09:00
Daniel Pouzzner 13c73a9691 linuxkm/lkcapi_glue.c: add LINUXKM_LKCAPI_NEED_AES_COMMON_FUNCS and
LINUXKM_LKCAPI_NEED_AES_SKCIPHER_COMMON_FUNCS helper macros (peer review
  suggestion).

wolfcrypt/src/aes.c: add lengthy comment in software wc_AesSetKeyLocal()
  explaining the dynamics of aes->use_aesni (peer review suggestion), and in the
  !haveAESNI && WC_C_DYNAMIC_FALLBACK case, return with immediate success rather
  than following through to the redundant AesSetKey_C().
2025-04-02 17:30:19 -05:00
Daniel Pouzzner e0a74420f1 wolfcrypt/src/coding.c: restore support for BASE64_NO_TABLE builds. 2025-04-02 17:14:09 -05:00
Daniel Pouzzner 140e18c063 undo unnecessary change to .github/workflows/zephyr.yml. 2025-04-02 17:08:20 -05:00
Daniel Pouzzner c2b486ce53 fix some misindentation in wolfcrypt/src/coding.c.
force lower CMAKE_POLICY_VERSION_MINIMUM to try to work around obsolete cmake config syntax in several OSP workflows.
2025-04-02 17:08:20 -05:00
Daniel Pouzzner 51c6848340 wolfcrypt/src/coding.c, wolfssl/wolfcrypt/coding.h, wolfcrypt/src/asn.c,
wolfcrypt/test/test.c: refactor Base64_Decode() with separate always-CT
  Base64_Decode() and never-CT Base64_Decode_nonCT(), and use the latter only to
  decode known-public PEM objects, otherwise use always-CT Base64_Decode().
2025-04-02 17:08:20 -05:00
Daniel Pouzzner 8705d28d48 wolfcrypt/src/aes.c: in wc_AesSetKeyLocal(), rework support for WC_FLAG_DONT_USE_AESNI (fixes WC_C_DYNAMIC_FALLBACK).
wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, #ifdef LINUXKM_LKCAPI_REGISTER, #define WOLFSSL_TEST_SUBROUTINE to nothing, and #define WC_TEST_EXPORT_SUBTESTS.

linuxkm/lkcapi_glue.c:
* add check_skcipher_driver_masking() and check_aead_driver_masking(),
* use _masking() checks in all linuxkm_test_*().
* add !WOLFSSL_AESGCM_STREAM implementation of linuxkm_test_aesgcm().
* add implementations of linuxkm_test_aesctr(), linuxkm_test_aesofb(), and linuxkm_test_aesecb()
* remove incomplete+disabled AES-CCM shim implementation.

linuxkm/module_hooks.c: pull in wolfcrypt/test/test.h if LINUXKM_LKCAPI_REGISTER.

linuxkm/Makefile: build wolfcrypt/test/test.o if ENABLED_LINUXKM_LKCAPI_REGISTER.

Makefile.am: add ENABLED_LINUXKM_LKCAPI_REGISTER to exports in BUILD_LINUXKM section.

configure.ac: add AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]); in ENABLED_LINUXKM_DEFAULTS set up, remove `-DWOLFSSL_TEST_SUBROUTINE=static` from AM_CFLAGS adds; fix whitespace.

.wolfssl_known_macro_extras: add WC_WANT_FLAG_DONT_USE_AESNI.

wolfcrypt/test/test.c: add `|| defined(WC_TEST_EXPORT_SUBTESTS)` to outermost gate, add wc_test_ prefix to render_error_message() and export it,

wolfcrypt/test/test.h: add prototype for wc_test_render_error_message(), and #ifdef WC_TEST_EXPORT_SUBTESTS, add prototypes for all the subtests.
2025-04-02 17:00:48 -05:00
Daniel Pouzzner 8092ff915c linuxkm/lkcapi_glue.c: bring in wolfcrypt/src/misc.c for ForceZero if FIPS_VERSION3_LT(6,0,0). 2025-04-02 17:00:48 -05:00
Daniel Pouzzner 3c16722538 wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: add support for WC_FLAG_DONT_USE_AESNI in wc_AesSetKeyLocal(); add support for USE_INTEL_SPEEDUP_FOR_AES.
linuxkm/lkcapi_glue.c: finish implementation of WC_LINUXKM_C_FALLBACK_IN_SHIMS and add TEST_WC_LINUXKM_C_FALLBACK_IN_SHIMS.

use "WC_C_DYNAMIC_FALLBACK" consistently (remove/replace uses of "WC_AES_C_DYNAMIC_FALLBACK").
2025-04-02 17:00:48 -05:00
Daniel Pouzzner 6d92dae632 configure.ac: add support for --enable-aesni-with-avx/USE_INTEL_SPEEDUP_FOR_AES (AESNI+AVX, but only for AES modes).
linuxkm/lkcapi_glue.c: implement WC_LINUXKM_C_FALLBACK_IN_SHIMS, km_AesGet(), and km_AesFree().

src/include.am: add missing gates for AES-GCM and AES-XTS asm.

wolfcrypt/src/aes_xts_asm.S and wolfssl/wolfcrypt/sp_int.h: don't redefine HAVE_INTEL_AVX2.
2025-04-02 17:00:48 -05:00
Daniel Pouzzner 9d931d45de LKCAPI checkpoint (all AES except CCM working). 2025-04-02 17:00:48 -05:00
JacobBarthelmeh 9bcb3f71d0 Merge pull request #8624 from douzzer/20250401-AEAD-WARN_UNUSED_RESULT
20250401-AEAD-WARN_UNUSED_RESULT
2025-04-02 15:08:33 -06:00
Daniel Pouzzner 91e9e8f65f update documentation for AEAD decrypt methods, specifically noting that nonzero retval means output data is undefined, and noting requirement to zeroize the output data unconditionally. 2025-04-02 13:36:59 -05:00
JacobBarthelmeh a3d0ffb1ed Merge pull request #8622 from SparkiDev/kyber_improv_3
ML-KEM/Kyber: minor improvements
2025-04-02 09:56:32 -06:00
JacobBarthelmeh 0a4599133c Merge pull request #8599 from kareem-wolfssl/zd19563
Add support for DoD certificate policy OIDs.
2025-04-02 09:44:25 -06:00
Daniel Pouzzner b8ece68b17 add WARN_UNUSED_RESULT to AEAD verify methods. 2025-04-02 01:15:57 -05:00
Sean Parkinson fafc333e93 LMS: add API to get Key ID from raw private key
Always last 16 bytes of private key.
2025-04-02 16:05:11 +10:00
Sean Parkinson 8a9e125756 ML-KEM/Kyber: minor improvements
Minor improvement to SHA-3 x64 code.
Minor improvement to performance of ML-KEM/Kyber x64 code.
Minor improvement to performance of C code.
2025-04-02 13:10:44 +10:00
David Garske dcdaeabc40 Merge pull request #8620 from lealem47/actions_cmake
Set the CMake compiler version for failing gh actions
2025-04-01 18:46:59 -07:00
Lealem Amedie 5083b41d1b Set the CMake compiler version for failin gh actions 2025-04-01 14:11:15 -10:00
Sean Parkinson 83e1cfcf01 LMS: change identifiers to match standard
Use the identifiers from IANA for LMS.
2025-04-01 12:15:20 +10:00
Sean Parkinson c5dadd6f8d Merge pull request #8600 from JacobBarthelmeh/microchip
random implementation does not require PIC32 build macro
2025-04-01 08:36:45 +10:00
Kareem 8e9a986e0b Add comment clarifying that DoD certificate policy OIDs are not currently being parsed in the code, they are just recognized as valid OIDs. 2025-03-31 14:37:19 -07:00
mgrojo e6f09b8372 Ada: fixes for the No_Secondary_Stack restriction
- Align README.md and GPR files with the fact that the server no longer compiles with the No_Secondary_Stack restriction.
- Fix include.am to reference the new name for the adc file.
2025-03-31 23:27:31 +02:00
JacobBarthelmeh 307d746653 Merge pull request #8590 from SparkiDev/arm32_no_assign_reg
ARM32/Thumb2 ASM: fix WOLFSSL_NO_VAR_ASSIGN_REG
2025-03-31 10:04:51 -06:00
JacobBarthelmeh 151a156581 include harmony macro check with strncasecmp and strcasecmp 2025-03-31 09:35:10 -06:00
JacobBarthelmeh d035bfeb99 Merge pull request #8607 from embhorn/nds_doc
Update DevKitPro doc with calico dependency
2025-03-31 09:08:30 -06:00
Eric Blankenhorn b0f65a85ab Update DevKitPro doc with calico dependency 2025-03-28 15:59:02 -05:00
Kareem b803a03ddd Add support for ISRG domain validated certificate policy OID (used by Let's Encrypt). Fixes libspdm test failure. 2025-03-28 12:41:52 -07:00
mgrojo 98eda78857 Ada: fix issues in tls_server.adb detected by gnatprove
Checked with:
```
gnatprove -Pdefault.gpr --level=4 -j12
```
2025-03-28 19:33:42 +01:00
mgrojo bf5009b544 Ada: fix initialization issue in examples
Detected by
```
gnatprove -Pclient.gpr --level=4 -j12
```
2025-03-28 18:38:22 +01:00
mgrojo db4ebfb77e Allow use of the library with an Alire pin
- Allow enabling WOLFSSL_STATIC_PSK via an Alire configuration variable
 - `gnat.adc` applies unconditionally when using the library through Alire, so it has been renamed and used only in the default project file.
 - Clean-up of the Alire project file `wolfssl.gpr`.
2025-03-28 18:16:06 +01:00
Brett Nicholas a8384bb426 Merge pull request #8602 from dgarske/cryptocb_no_hmac
Fix for crypto callback macro guards with `DEBUG_CRYPTOCB`
2025-03-28 10:51:45 -06:00
David Garske 04a3f1c206 Merge pull request #8604 from LinuxJedi/STM32MP2
Add instructions for STM32MP25 with OpenSTLinux
2025-03-28 09:37:13 -07:00
Andrew Hutchings 803a160808 Merge pull request #8601 from dgarske/stm32_pka
Fix for STM32 PKA with P521 and shared secret
2025-03-28 13:49:25 +00:00
Andrew Hutchings 5d0c3f7c27 Add instructions for STM32MP25 with OpenSTLinux 2025-03-28 09:28:49 +00:00
David Garske e1ec90a886 Fix for crypto callback without HMAC and DEBUG_CRYPTOCB. Fix guards on crypto cb hashing. 2025-03-27 16:42:24 -07:00
Sean Parkinson 3969dd5a11 Merge pull request #8596 from dgarske/various_isacii_keylog
Various improvements to iscacii and CMake key log
2025-03-28 08:51:49 +10:00
David Garske d235013fe9 Fix for STM32 PKA with P521 and shared secret. ZD 19422 2025-03-27 15:30:37 -07:00
JacobBarthelmeh 25dc3f08e9 random implementation does not require PIC32 build macro 2025-03-27 15:53:39 -06:00
Kareem f313edb4cf Add a test certificate for all of the FPKI certificate policy OIDs. 2025-03-27 12:20:36 -07:00
Kareem eb3b4751ac Handle collisions in FPKI cert policy OID sums. 2025-03-27 12:20:36 -07:00
Kareem ac2df1420b Checked and corrected all OIDs and OID sums. 2025-03-27 12:20:36 -07:00
Devin AI 53f30b3c47 Add remaining FPKI cert policy OIDs.
Co-Authored-By: kareem@wolfssl.com <kareem@wolfssl.com>
2025-03-27 12:20:29 -07:00
Kareem 6daaaec6e2 WIP: clean up Devin's work, remove duplicate OIDs, handle OID sum collisions 2025-03-27 12:20:28 -07:00