Commit Graph

215 Commits

Author SHA1 Message Date
David Garske 255f14bab9 Merge pull request #9732 from Frauschi/pqc_first
Enable and use ML-KEM by default
2026-03-19 12:38:36 -07:00
JacobBarthelmeh a08fa98adc prepare for release 5.9.0 2026-03-18 16:18:12 -06:00
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
Tobias Frauenschläger da94ea6265 Move PQC algos out of experimental in CMake
This has already been done long time in autoconf. User
now does not have to enable experimental features to use
PQC.
2026-03-13 17:53:54 +01:00
Daniel Pouzzner 2ad5afaf4d wolfcrypt/src/wc_slhdsa.c: fixes for uninited data reads in slhdsakey_wots_sign_chain_x4_*() and slhdsakey_wots_pk_from_sig_x4;
CMakeLists.txt, cmake/functions.cmake, cmake/options.h.in: fixes for -DWOLFSSL_SLHDSA.
2026-03-10 17:51:18 -05:00
Sean Parkinson 39b34333d6 FIPS 205, SLH-DSA: implementation
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Josh Holtrop 616f1eec75 Add CMake support for NULL_CIPHER 2026-02-20 07:50:36 -05:00
Tobias Frauenschläger 540b51eb28 CMake fixes and improvements
* Minor fixes to the CMakeLists.txt
* Add more options to the CMake infrastructure already present in the
  autoconf infrastructure
* An autoconf build now also generates and installs files required to
  consume the installed wolfssl library via CMake.
* Added test for autoconf-CMake interworking

Work is mostly done by Codex and Curser.
2026-02-02 10:26:58 +01:00
Tobias Frauenschläger 14ce7956f1 Increase test coverage
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests

Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
2026-01-23 09:27:16 +01:00
Daniel Pouzzner 9aabef04ba Merge pull request #9641 from SparkiDev/api_c_split_evp
API testing: split out more test cases
2026-01-16 14:58:15 -06:00
Sean Parkinson 43d831ff06 API testing: split out more test cases
EVP into test_evp_cipher, test_evp_digest, test_evp_pkey and test_evp.
OBJ into test_ossl_obj.
OpenSSL RAND into test_ossl_rand.
OpenSSL PKCS7 and PKCS12 tests into test_ossl_p7p12.
CertificateManager into test_certman.

Move some BIO tests from api.c into test_evp_bio.c.

Fix line lengths.
2026-01-13 06:34:49 +10:00
Tobias Frauenschläger 99bde324aa Build systems improvements
* Add `WOLFSSL_USER_SETTINGS` to CMake `options.h.in`
* Add CMake support for Dilithium
* Add user_settings.h support for aes_asm.S
* Add PKCS#11 support to CMake
* Minor ARM assembly port fixes
2026-01-05 15:46:58 +01:00
Kareem f98229554b Update CMake logic to allow WOLFSSL_SYS_CA_CERTS without filesystem support on Windows/Mac. 2025-12-24 17:02:25 -07:00
Sean Parkinson b4b617de49 api.c: Split out more functions
More X509 function testing.
X509 store function testing.
X509 lookup function testing.
2025-12-11 19:00:19 +10:00
JacobBarthelmeh ab98c150c6 prepare for release 5.8.4 2025-11-20 10:57:50 -07:00
Sean Parkinson 093cc04076 Stack API: Pull out implementation into separate file
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
2025-10-27 17:08:41 +10:00
night1rider 4dfa75fbfa Updating support/wolfssl.pc.in, CMakelist.txt, and configure.ac to track missing apple options in the resulting wolfssl.pc file by adding new PC_LIBS_PRIVATE to track options 2025-09-22 12:00:33 -06:00
Sean Parkinson 115d4d88c0 api.c: pull out TLS 1.3 specific tests 2025-08-26 09:05:46 +10:00
Ruby Martin 18f3f22a7e add option for WOLFSSL_ARMASM_INLINE to CMake 2025-08-13 17:05:48 -06:00
gojimmypi d64ef34ef8 Introduce WOLFSSL_DEBUG_CERTS Certificate Debug Messages 2025-08-06 13:57:53 -07:00
Sean Parkinson b40e3d479f api.c: split out more tests into separate files
wolfCrypt PKCS7
wolfCrypt PKCS12
OpenSSL compat ASN.1
OpenSSL compat BN
OpenSSL comppat BIO
OpenSSL comppat Digest
OpenSSL comppat MAC
OpenSSL comppat Cipher
OpenSSL comppat RSA
OpenSSL comppat DH
OpenSSL comppat EC
OpenSSL comppat ECX
OpenSSL comppat DSA
2025-08-05 19:32:56 +10:00
JacobBarthelmeh c34e6ab8d9 prepare for release 5.8.2 2025-07-17 10:26:19 -06:00
Eric Blankenhorn 0d14ec3547 Fix curl Cmake config to set HAVE_EX_DATA and HAVE_ALPN 2025-07-07 17:15:11 -05:00
Alex Lanzano 709581061e Disable MD5 by default for cmake builds 2025-07-01 09:27:46 -04:00
Daniel Pouzzner 981ba4b14c Merge pull request #8925 from mattia-moffa/20250625-wolftpm-ca-false
Allow CA:FALSE on wolftpm
2025-06-25 22:27:27 -05:00
Mattia Moffa e9e00c47ab Allow CA:FALSE on wolftpm
The Intel CSME fTFM sets this basic constraint on their EK certificates
and by default wolfSSL fails to parse because of this.
2025-06-25 22:48:53 +02:00
Koji Takeda d76386f38c Add tests 2025-06-25 11:27:12 +09:00
JacobBarthelmeh 31490ab813 add sanity checks on pid with RNG 2025-06-10 14:37:11 -06:00
Juliusz Sosinowicz f2584fd5fa ALT_NAMES_OID: Mark IP address as WOLFSSL_V_ASN1_OCTET_STRING 2025-06-05 19:17:00 +02:00
Juliusz Sosinowicz 2ec6b92b41 tls13: handle malformed CCS and CCS before CH
- fix incorrect alert type being sent
- error out when we receive a CCS before a CH
- error out when we receive an encrypted CCS
2025-05-23 15:04:22 +02:00
JacobBarthelmeh 9be6a81bab prepare for release 5.8.0 2025-04-24 10:41:40 -07:00
Daniel Pouzzner f6434cf712 Merge pull request #8639 from anhu/cmake_pq
Fix building ML-KEM and LMS with cmake
2025-04-15 17:50:42 -05:00
Juliusz Sosinowicz 2c585d73c8 Move extended master secret testing to test_tls_ext 2025-04-09 14:36:34 +02:00
Anthony Hu a3c3996c08 256/192 2025-04-07 10:43:10 -04:00
Anthony Hu 6cd1d7f3c9 Fix building ML-KEM and LMS with cmake 2025-04-07 10:43:10 -04:00
David Garske a59075b908 Various improvements to iscacii and CMake key log:
* Detect 'isascii' at configuration (tested with `./configure CFLAGS="-DNO_STDLIB_ISASCII" && make check`).
* Add mew CMake option `WOLFSSL_KEYLOG_EXPORT` (fixes #8165)
Replaces PR #8174 and #8158. Thank you @redbaron.
2025-03-26 15:24:15 -07:00
David Garske c06df2093a Merge pull request #8548 from wolfSSL/devin/1741708186-add-cmake-wolfclu
Add WOLFSSL_CLU option to CMakeLists.txt
2025-03-20 16:50:03 -07:00
David Garske 7ba179f50f Merge pull request #8560 from SparkiDev/test_api_c_split_1
Split out tests: random, wolfmath, public key
2025-03-20 16:42:41 -07:00
David Garske 2c36ae268f Merge pull request #8536 from SparkiDev/kyber_to_mlkem
Update Kyber APIs to ML-KEM APIs
2025-03-20 11:07:53 -07:00
Devin AI cf813c81b8 Revert "Enable WOLFSSL_OPENSSLEXTRA and OPENSSL_EXTRA for WOLFSSL_CLU option"
This reverts commit 16eb8d9ec9.
2025-03-17 20:30:26 +00:00
Devin AI 16eb8d9ec9 Enable WOLFSSL_OPENSSLEXTRA and OPENSSL_EXTRA for WOLFSSL_CLU option
Co-Authored-By: eric@wolfssl.com <eric@wolfssl.com>
2025-03-17 20:25:15 +00:00
Eric Blankenhorn 098358c217 Add WOLFSSL_AESCTR to WOLFSSL_CLU cmake option 2025-03-17 13:34:15 -05:00
Sean Parkinson 663ca29a5d Split out tests: random, wolfmath, public key
Improved testing of random APIs.
wolfmath tests moved out.
Public key algorithm testing moved out: RSA, DSA, DH, ECC, SM2,
Curve25519, Ed25519, Curve448, Ed448, ML-DSA.
Signature API tests moved out.

Fix for OCSP testing to ensure RSA is available.

Added group names to API test cases.
Can select groups to run with --group <name>. --groups lists all known
group names.

Added option to stop API testing on first failure: --stopOnFail.
2025-03-17 09:32:00 +10:00
Eric Blankenhorn e44ccda931 Fix ED25519 definition when WOLFSSL_CLU is enabled 2025-03-14 16:40:31 -05:00
Devin AI e9fadcc86e Fix NO_DES3 definition when WOLFSSL_CLU is enabled
Co-Authored-By: eric@wolfssl.com <eric@wolfssl.com>
2025-03-14 21:12:09 +00:00
Daniel Pouzzner bc7fbee539 Merge pull request #8528 from SparkiDev/digest_test_rework_2
Digest tests: add more tests
2025-03-14 16:11:42 -05:00
Devin AI dbc2017cc7 Fix OPENSSL_ALL definition for WOLFSSL_CLU option
Co-Authored-By: eric@wolfssl.com <eric@wolfssl.com>
2025-03-14 20:03:00 +00:00
Daniel Pouzzner 9a84dfc86a add wolfcrypt_test() to unit_test(); remove call to HashTest() and delete
tests/hash.c (entire file duplicates code in wolfcrypt/test/test.c, originally
  ctaocrypt/test/test.c).
2025-03-11 14:59:07 -05:00
Devin AI 60dc30326c Add WOLFSSL_CLU option to CMakeLists.txt
Co-Authored-By: eric@wolfssl.com <eric@wolfssl.com>
2025-03-11 15:50:31 +00:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00