Sean Parkinson
2064ff461c
Merge pull request #9797 from douzzer/20260218-aes-prefetch-optimize
...
20260218-aes-prefetch-optimize
2026-02-26 08:27:08 +10:00
JacobBarthelmeh
76816a0e11
Merge pull request #9823 from embhorn/zd21242
...
Add sanity checks in key export
2026-02-25 14:38:46 -07:00
JacobBarthelmeh
e317aa2b70
Merge pull request #9827 from embhorn/zd21241
...
Fix cert chain size issue
2026-02-25 14:30:58 -07:00
JacobBarthelmeh
ee616b4774
Merge pull request #9828 from rizlik/sigalgofix
...
tls13: don't create a new suite in CertificateRequest, fallback to WOLFSSL_SUITES(sa->ssl)
2026-02-25 14:08:09 -07:00
JacobBarthelmeh
b5b7dc89ac
Merge pull request #9819 from holtrop-wolfssl/rust-ml-dsa
...
Rust wrapper: add dilithium module
2026-02-25 10:18:03 -07:00
JacobBarthelmeh
b63f878300
Merge pull request #9742 from sameehj/pkcs7-rsa-pss
...
pkcs7: add RSA-PSS support for SignedData
2026-02-25 09:55:00 -07:00
Daniel Pouzzner
c962b8cd8f
Merge pull request #9832 from JacobBarthelmeh/arduino
...
reduce arduino coverage to avoid tests failing from external changes
2026-02-25 10:11:23 -06:00
Eric Blankenhorn
75b0808fe5
Update from review
2026-02-25 09:02:55 -06:00
Eric Blankenhorn
41ebc92fa5
Replace macros from stdint.h with literals to make code more generic
2026-02-25 09:00:57 -06:00
Eric Blankenhorn
4f8f11bcba
Add test case
2026-02-25 09:00:57 -06:00
Eric Blankenhorn
67de2349da
Add sanity checks in key export
2026-02-25 09:00:57 -06:00
Marco Oliverio
20eeba3d89
test: tls13: add wolfSSL_set1_sigalgs_list test
2026-02-25 12:10:48 +01:00
Sameeh Jubran
deb668ca4b
pkcs7: add RSA-PSS support for SignedData
...
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.
This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.
Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData
This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com >
2026-02-25 11:02:47 +02:00
JacobBarthelmeh
3f3bf7501c
reduce arduino coverage to avoid tests failing from external changes
2026-02-24 16:35:10 -07:00
JacobBarthelmeh
47033c4b3e
Merge pull request #9826 from Frauschi/declaration-after-statement
...
Wdeclaration-after-statement fixes
2026-02-24 16:14:00 -07:00
Daniel Pouzzner
314da6d6bc
wolfssl/wolfcrypt/types.h: work around limitations of Watcom and Windows preprocessors, re WC_ARG_NOT_NULL and friends.
2026-02-24 15:41:11 -06:00
Daniel Pouzzner
39987a9d53
wolfcrypt/src/aes.c, wolfcrypt/src/cmac.c, wolfssl/wolfcrypt/aes.h, wolfssl/wolfcrypt/types.h: optimizations to mitigate performance regressions from 299e7bd097 ( #9783 ):
...
* add prefetch_ptr flag argument to AesEncrypt_C() and AesDecrypt_C(), and call PreFetchTe() and PreFetchSBox() only if *prefetch_ptr is zero, whereupon it is set to 1;
* when C implementations are available, add prefetch_ptr arg to wc_AesEncrypt() and wc_AesDecrypt(), and pass it through;
* in functions that directly call the AES block encryption methods, opportunistically inhibit prefetch on all but the first call;
* move AES-specific code in wc_CmacUpdate() in cmac.c to wc_local_CmacUpdateAes() in aes.c to let it use conditional prefetching;
* add WC_ARG_NOT_NULL(), WC_ARGS_NOT_NULL(), and WC_ALL_ARGS_NOT_NULL attribute abstractions.
2026-02-24 13:59:12 -06:00
Josh Holtrop
7af0fa497a
Rust wrapper: update dilithium module after review
2026-02-24 14:23:59 -05:00
Eric Blankenhorn
5536ecf026
Fix issue from review
2026-02-24 12:43:46 -06:00
Eric Blankenhorn
8f787909da
Fix from review
2026-02-24 11:17:42 -06:00
Marco Oliverio
d72fcb1d27
tls13: avoid to create a new suite in CertificateRequest
...
This way the ssl object honour the HasSigAlgo list set by
wolfSSL_set1_sigalgs_list.
2026-02-24 18:02:26 +01:00
Eric Blankenhorn
2ae3164c6f
Fix cert chain size issue
2026-02-24 09:27:42 -06:00
Tobias Frauenschläger
96fc896265
Wdeclaration-after-statement fixes
2026-02-24 16:20:10 +01:00
Daniel Pouzzner
66566955db
wolfssl/wolfcrypt/wc_port.h, wolfssl/wolfcrypt/sha256.h, wolfssl/wolfcrypt/sha512.h, wolfssl/wolfcrypt/sp.h, wolfssl/wolfcrypt/wc_mlkem.h: add WC_NO_INLINE.
2026-02-23 23:03:08 -06:00
Kaleb Himes
a08efc9b0a
Merge pull request #9821 from douzzer/20260223-fix2-configure-kernel-mode-defaults
...
20260223-fix2-configure-kernel-mode-defaults
2026-02-23 16:33:03 -07:00
Daniel Pouzzner
1270733838
configure.ac: fix typo, $enabled_rng for $enable_rng, in KERNEL_MODE_DEFAULTS setup added in a21dad9555.
2026-02-23 16:05:24 -06:00
Kaleb Himes
9b10357e78
Merge pull request #9820 from douzzer/20260223-fix-configure-kernel-mode-defaults
...
20260223-fix-configure-kernel-mode-defaults
2026-02-23 14:46:45 -07:00
JacobBarthelmeh
505d170631
Merge pull request #9812 from rlm2002/coverity
...
02202026 Coverity changes
2026-02-23 14:42:48 -07:00
David Garske
c3bc68806c
Merge pull request #9811 from julek-wolfssl/ntp-4.2.8p18
...
Add changes for ntp 4.2.8p18
2026-02-23 10:46:11 -08:00
Daniel Pouzzner
a21dad9555
configure.ac: fixes for 47dd864f32 ( #9815 ) -- in KERNEL_MODE_DEFAULTS setup, add additional conditions for automatic activation of AES modes and CMAC, ECC options, and SHAKE, to avoid configuration conflicts in barebones configurations.
2026-02-23 12:31:37 -06:00
Josh Holtrop
504617bbe9
Rust wrapper: add dilithium module
2026-02-23 10:54:21 -05:00
Kaleb Himes
9ed2f4bad1
Merge pull request #9815 from douzzer/20260221-configure-kernel-mode-defaults
...
20260221-configure-kernel-mode-defaults
2026-02-22 11:19:07 -07:00
Daniel Pouzzner
47dd864f32
configure.ac:
...
* add a kernel-appropriate subset of enable-all-crypto to enable whenever KERNEL_MODE_DEFAULTS (almost all of these overlap with FIPS v5/v6 settings);
* move ocspstapling features from enable-all-crypto to enable-all.
2026-02-21 15:09:30 -06:00
David Garske
f9572880bf
Merge pull request #9813 from embhorn/tlsanvil-fixes
...
Extend timeout for tls13-client
2026-02-21 12:13:27 -08:00
Kaleb Himes
f60beb6c7c
Merge pull request #9814 from douzzer/20260221-configure-all-crypto-fpecc
...
20260221-configure-all-crypto-fpecc
2026-02-21 11:16:19 -07:00
Daniel Pouzzner
ff7bc11774
configure.ac: restore fpecc to enable-all-crypto, accidentally removed in f376ae210e.
2026-02-21 10:48:14 -06:00
philljj
1a0549fe5a
Merge pull request #9800 from douzzer/20260204-linuxkm-fips-hash
...
20260204-linuxkm-fips-hash
2026-02-20 18:39:25 -06:00
Ruby Martin
d85387b84c
set s = NULL to prevent use object after free error
2026-02-20 15:44:47 -07:00
Ruby Martin
c17217ce31
add null check in test_wolfSSL_X509_CRL_sign_large()
...
init revoked
2026-02-20 15:44:45 -07:00
Eric Blankenhorn
4f8fc76d9d
Extend timeout for tls13-client
2026-02-20 16:35:52 -06:00
Daniel Pouzzner
9ca32e23d4
linuxkm/linuxkm-fips-hash.c: cosmetic bikeshedding (AI-prompted);
...
linuxkm/linuxkm_memory.c and linuxkm/linuxkm_memory.h: set up and use WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ.
2026-02-20 15:45:27 -06:00
Daniel Pouzzner
10ba02fe40
linuxkm/lkcapi_sha_glue.c: add -wolfentropy and/or -rdseed to WOLFKM_STDRNG_DRIVER to advertise the seed source.
2026-02-20 15:44:54 -06:00
Ruby Martin
00c773e1b5
remove dead code in MakeSignature()
2026-02-20 14:38:12 -07:00
David Garske
9641ab4b68
Merge pull request #9805 from julek-wolfssl/openldap-2.6.9-testing
...
Add openldap 2.6.9 testing
2026-02-20 11:16:44 -08:00
David Garske
1e544b303f
Merge pull request #9810 from julek-wolfssl/rng-tools-6.17
...
Add rng-tools 6.17 testing
2026-02-20 11:16:18 -08:00
David Garske
670aa59dee
Merge pull request #9809 from holtrop-wolfssl/cmake-null-cipher
...
Add CMake support for NULL_CIPHER
2026-02-20 10:59:17 -08:00
David Garske
e34e679766
Merge pull request #9804 from embhorn/tls-anvil-workflow
...
TLS Anvil workflow
2026-02-20 10:59:05 -08:00
David Garske
940ac7093f
Merge pull request #9808 from holtrop-wolfssl/rust-no-std
...
Rust wrapper: fix no_std support
2026-02-20 10:55:01 -08:00
Juliusz Sosinowicz
a9f23ad140
Add changes for ntp 4.2.8p18
...
Depends on https://github.com/wolfSSL/osp/pull/319
2026-02-20 19:06:55 +01:00
Daniel Pouzzner
f84377ed69
linuxkm/linuxkm-fips-hash-wrapper.sh: make sure awk is gawk.
2026-02-20 11:35:47 -06:00