Commit Graph

11274 Commits

Author SHA1 Message Date
JacobBarthelmeh 68eb8b70d1 Merge pull request #9271 from rizlik/cryptocb_sha512_family_fix
cryptocb: sha512_family: try specific digest length hashtype first
2025-10-06 11:38:57 -06:00
Daniel Pouzzner f854795c02 Merge pull request #9263 from holtrop/rsa-const-pointers
RSA API: use const pointers and clean up some comments
2025-10-06 11:55:04 -05:00
JacobBarthelmeh 7128932eff avoid attempt of key decode and free buffer if incorrect recipient found 2025-10-06 10:48:59 -06:00
David Garske dcafe9adf2 Add STM32H5 PKA support. 2025-10-06 18:38:09 +02:00
David Garske ee77094dd6 Fixes to get STM32N6 hash and GMAC working 2025-10-06 18:38:09 +02:00
Marco Oliverio fc348da28f fix: escape error code operands 2025-10-06 14:47:13 +02:00
Marco Oliverio 9cbc3f97e5 cryptocb: sha512_family: try specific digest length hashtype first
If the cryptocb provider supports specific SHA512/224 and SHA512/256
hashtype, this commit allows to:

1. avoid a copy
2. do not touch the output buffer outside of the cryptocb handler

2 might be important for cryptocb provider that needs special handling
of memory buffer (DMA, memory mapping).
2025-10-06 11:42:23 +02:00
effbiae a53f0cd3fa double free -- should be o_hash 2025-10-05 19:13:50 +11:00
JacobBarthelmeh fca3028395 advance index past recipent set in non stream case too 2025-10-03 15:55:35 -06:00
JacobBarthelmeh 4e92920a7f cast variable to word32 for compare 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 12cfca4060 account for no AES build and add err trace macro 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 7a5e97e30e adjustment for recipient index advancement 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 6987304f42 Fix to advance past multiple recipients 2025-10-03 13:51:15 -06:00
David Garske d2be867b51 Remove the NO_WRITE_TEMP_FILES test.c logic added in #9194 2025-10-03 10:40:11 -07:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
Sean Parkinson e14cc3a34e TLS 1.3 Cookie Hash: use stronger hash if no SHA-256
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
  1. SHA-256
  2. SHA-384
  3. SHA-512
  4. SM3

Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
2025-10-03 08:28:02 +10:00
Daniel Pouzzner 5804ba759a Merge pull request #9194 from dgarske/cryptocb_only_test
Fixes for crypto callback only (no filesystem and keygen)
2025-10-02 16:52:31 -05:00
Daniel Pouzzner 408e6f79f9 tests/api/test_dtls.c: add missing ExpectIntEQ() around wolfSSL_connect() in test_dtls_bogus_finished_epoch_zero();
wolfcrypt/test/test.c: fix gate for wc_DhGeneratePublic() test in dh_ffdhe_test() to properly exclude 5.3.0.
2025-10-02 14:38:05 -05:00
Josh Holtrop c36c39af0a RSA API: use const pointers and clean up some comments 2025-10-02 15:28:43 -04:00
David Garske 36ce93d409 Merge pull request #9225 from gojimmypi/pr-espidf-v6-sha-fix
Add fix for SHA HW on ESP-IDF v6
2025-10-02 09:50:46 -07:00
Daniel Pouzzner 2ca9f66579 wolfcrypt/test/test.c: add FIPS gate around wc_DhGeneratePublic() test in dh_ffdhe_test(). 2025-10-01 10:23:49 -05:00
Daniel Pouzzner 477d7fae54 remove WOLFSSL_DH_GEN_PUB, WOLFSSL_NO_DH_GEN_PUB, and WOLFSSL_DH_EXTRA gating re wc_DhGeneratePublic(), consistent with recent FIPS changes. 2025-10-01 09:38:27 -05:00
Daniel Pouzzner 88075664dc Merge pull request #9252 from bigbrett/kdf-cryptocb
HKDF cryptocb
2025-09-30 20:37:11 -05:00
Daniel Pouzzner 55a19da4c6 Merge pull request #9178 from SparkiDev/ed448_no_large_code
Ed448: No large code option with fast code
2025-09-30 20:36:10 -05:00
Daniel Pouzzner 234ba7780a Merge pull request #9148 from SparkiDev/ct_volatile
Mark variables as volatile
2025-09-30 20:35:52 -05:00
Daniel Pouzzner 1932c5a96d Merge pull request #9196 from kareem-wolfssl/zd20038_3
Fix building and running tests and examples with coding/PEM support disabled.
2025-09-30 20:34:46 -05:00
Daniel Pouzzner c7cd3b6c6d Merge pull request #8543 from JacobBarthelmeh/fsl_caam
handle unsupported fsl algo
2025-09-30 20:33:34 -05:00
Daniel Pouzzner b56cafdd25 Merge pull request #8692 from kareem-wolfssl/zd19563_verify
Update wolfSSL_X509_verify_cert to retry all certs until a valid chain is found.
2025-09-30 16:22:41 -05:00
Sean Parkinson 4719fd5e80 Ed448: No large code option with fast code
Make from bytes, to bytes and mod top half use for loops when no large
code.
Make generation script generate casting changes.
2025-09-30 09:38:06 +10:00
Daniel Pouzzner 7ea66aeffe refactor WOLFSSL_LINUXKM gates as generic WOLFSSL_KERNEL_MODE gates where appropriate:
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).

rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.

rename lkm_printf() to wc_km_printf().

replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H

remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
2025-09-29 16:59:12 -05:00
David Garske 6698cb7616 Fix for crypto callback only 2025-09-29 12:37:57 -07:00
Brett Nicholas 5121847728 add HAVE_SELFTEST protection 2025-09-29 12:00:41 -06:00
Brett Nicholas 7b67dbaa31 add FIPS protection to test.c usage of wc_HKDF_ex() 2025-09-29 11:36:18 -06:00
Brett Nicholas 26ed835ca1 fix HKDF test macro protection 2025-09-29 10:52:22 -06:00
Brett Nicholas 3c81fffedd Add HKDF cryptoCb and test 2025-09-29 10:16:01 -06:00
David Garske eda6c184bb Merge pull request #9219 from kareem-wolfssl/zd20538
Fix building with --enable-keygen --enable-rsavfy.
2025-09-26 14:08:33 -07:00
Kareem ef989a4241 Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-26 11:13:28 -07:00
Kareem 28aef2f4dd Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20038_3 2025-09-26 10:56:42 -07:00
Kareem af9a06e9bf Merge remote-tracking branch 'upstream/master' into zd19563_verify 2025-09-25 10:39:11 -07:00
Kareem 3a4472f5da Merge remote-tracking branch 'upstream/master' into zd20527 2025-09-25 10:37:22 -07:00
Kareem a3b29ed99f Merge remote-tracking branch 'upstream/master' into zd20038_3 2025-09-25 10:32:13 -07:00
JacobBarthelmeh 50835c14a2 fix warning of const char* passed as char* 2025-09-25 09:27:16 -06:00
JacobBarthelmeh 40b9fc35f9 handle unsupported fsl algo 2025-09-25 09:14:59 -06:00
Sean Parkinson 561fead861 Merge pull request #9235 from anhu/rpi_WC_RESEED_INTERVAL
Fixing up a small documentation omission.
2025-09-25 10:48:37 +10:00
Stanislav Klima 1cfafc2a52 fixes from zd20556 2025-09-24 12:03:39 +02:00
Sean Parkinson aa87b35964 Mark variables as volatile
Ensures compiler optimizers don't stop code from being constant time.
2025-09-24 08:47:20 +10:00
Daniel Pouzzner 4af6eb4f2b wolfcrypt/src/chacha20_poly1305.c: in wc_XChaCha20Poly1305_crypt_oneshot(), allow empty message. 2025-09-23 17:06:22 -05:00
Anthony Hu 93955a2ba7 Fixing up a small documentation omission. 2025-09-23 15:24:50 -04:00
Kareem 0fcfade6a0 Add missing aes NULL check to SI Labs wc_AesSetKey. 2025-09-23 10:16:47 -07:00