Commit Graph

9132 Commits

Author SHA1 Message Date
David Garske 71325a2a32 Revert "Aarch64: make code compile when no hardware crypto avail" 2024-12-13 13:52:53 -08:00
JacobBarthelmeh d7e40e7413 Merge pull request #8264 from dgarske/various_20241206
Various cleanups and fixes
2024-12-13 13:48:10 -07:00
David Garske 79d9b2d6c3 Merge pull request #8277 from SparkiDev/aarch64_no_crypto
Aarch64: make code compile when no hardware crypto avail
2024-12-12 15:49:57 -08:00
Sean Parkinson 24bb2b7fab Aarch64: make code compile when no hardware crypto avail
Detects availability of instructions for Aarch64.
2024-12-13 09:16:11 +10:00
Kareem d4af181593 Add support for the RFC822 Mailbox attribute. 2024-12-12 12:37:32 -07:00
Daniel Pouzzner 1f1e985d73 Merge pull request #8268 from bandi13/fixMemleak
Fix memory leak
2024-12-11 16:35:38 -06:00
Daniel Pouzzner d825b08e16 Merge pull request #8275 from SparkiDev/aarch64_poly1305_fix
Aarch64 Poly1305: fix corner case
2024-12-11 16:24:36 -06:00
Daniel Pouzzner 88241f1a2c Merge pull request #8267 from ColtonWilley/pkcs11_cert_support
PKCS11 cert support
2024-12-11 16:04:58 -06:00
Sean Parkinson c0f3b433b2 Aarch64 Poly1305: fix corner case
Don't mask top 26 bits as it may have next bit set as reduction step was
only approximate.
2024-12-11 12:49:21 +10:00
JacobBarthelmeh 59ea24f915 Merge pull request #8225 from gojimmypi/pr-espressif-improve-sha-msg
Improve Espressif SHA HW/SW mutex messages
2024-12-10 17:30:03 -07:00
Daniel Pouzzner d257a59087 add support for WOLFSSL_NO_OPTIONS_H:
* activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o.
* refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG.
* add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H).
* for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c.
2024-12-10 13:02:37 -06:00
Colton Willey 00386c76bf No redundant NULL check on free 2024-12-10 09:43:03 -08:00
Colton Willey 0c20a20acc Use char instead of sword8, sanity length check on CKA_VALUE 2024-12-09 16:09:04 -08:00
gojimmypi 7bc026540b Improve Espressif SHA HW/SW mutex messages 2024-12-09 14:51:18 -08:00
Colton Willey 0cda59e00e Add support for cert format in get cert crypto callback 2024-12-09 14:32:02 -08:00
David Garske c4e319b092 Cleanup the gating for WOLFSSL_NO_AES_CFB_1_8. 2024-12-09 13:51:51 -08:00
Andras Fekete ff66998575 Fix memory leak 2024-12-09 16:24:38 -05:00
Colton Willey c83c9e68c9 Updates per review comments 2024-12-09 13:10:32 -08:00
Colton Willey 324b87614e Initial implementation for using PKCS11 to retrieve certificate for SSL CTX 2024-12-09 12:15:41 -08:00
David Garske 017f931f8b Various cleanups and fixes:
* Fix to properly set configure.ac LMS/XMSS enables and build of those code files.
* Remove duplicate aes.c `wc_AesSetKeyLocal` call to `wc_AesSetIV`. Moved earlier in function in commit a10260ca5f.
* Benchmark missing time.h with NO_ASN_TIME.
* Added option to support disabling AES CFB 1/8 `WOLFSSL_NO_AES_CFB_1_8`.
* Fixes for building with combinations of `WOLFSSL_RSA_VERIFY_ONLY` and `WOLFSSL_RSA_PUBLIC_ONLY`.
* Fix for building `--enable-stacksize=verbose` with single threaded.
* Various tab and formatting cleanups.
ZD 18996
2024-12-06 16:45:33 -08:00
JacobBarthelmeh 1bfbdb6c7f Merge pull request #8257 from dgarske/settings_h
Fix issue with wc_lms_impl.c or wc_lms not including settings.h
2024-12-05 11:43:43 -07:00
David Garske 1e9607b65e Fixes for ML-DSA and LMS cast warnings and spelling errors. 2024-12-05 08:34:58 -08:00
JacobBarthelmeh aa32027c26 Merge pull request #8236 from philljj/zephyr_thread_type
wc_port: change zephyr struct k_thread tid member to pointer.
2024-12-05 09:29:30 -07:00
David Garske 19b486e1f7 Fix issue with wc_lms_impl.c or wc_lms not including settings.h. Caused issue enabling LMS from user_settings.h. 2024-12-05 08:15:11 -08:00
Lealem Amedie 3476425967 Fix for Compressed Keys with FIPS 2024-12-03 14:56:30 -07:00
JacobBarthelmeh 42afede3fc Merge pull request #8235 from dgarske/fix_sp_rsa_publiconly
Fixes for building with SP RSA small and RSA Public only
2024-12-02 10:39:08 -07:00
JacobBarthelmeh 015d47b9cd Merge pull request #8231 from LinuxJedi/STM32MP13
Add STM32MP13 HAL support for more SHA types
2024-12-02 10:18:38 -07:00
jordan a18f71c27b wc_port: change zephyr struct k_thread tid member to pointer. 2024-11-27 16:05:48 -06:00
David Garske 57e1bf9fba Fixes for building with SP RSA small and RSA Public only. ZD 18996 2024-11-27 13:26:45 -08:00
Andrew Hutchings f15dbb9110 Add STM32MP13 HAL support for more SHA types
This adds STM32 HAL support for:

* SHA384
* SHA512 (with -224 and -256)
* SHA3 (all variants apart from SHAKE)

The partial FIFO block calculations have been adjusted based in the
STM32 code to support the larger hash sizes.

This should work with other chips such as the STM32U5xx, but is not
enabled for that yet.
2024-11-27 15:04:45 +00:00
Daniel Pouzzner b65d3fff56 fixes for OPENSSL_COEXIST with FIPS and with/without TEST_OPENSSL_COEXIST. 2024-11-26 19:38:32 -06:00
JacobBarthelmeh 5e13fc2c84 Merge pull request #7410 from SparkiDev/sp_arm_big_endian
SP: big-endian support
2024-11-26 17:05:53 -07:00
JacobBarthelmeh 70d595478c Merge pull request #8227 from douzzer/20241125-linuxkm-aarch64-pie
20241125-linuxkm-aarch64-pie
2024-11-26 13:31:01 -07:00
David Garske 29dc0f5d0b Merge pull request #8223 from LinuxJedi/STM32MP1
Initial support for STM32MP13 HAL
2024-11-26 09:34:04 -08:00
Andrew Hutchings 5d0ee8c9f3 Initial support for STM32MP13 HAL
This adds support for the STM32MP13 HAL, tested on the STM32MP135F MPU.

Using the HAL this modifies our previous RNG, AES-CBC, AES-GCM, HASH,
ECDSA and DES3 ST HAL acceleration to work with the MPU. It also works
around bugs found in the AES-GCM code of the HAL.

The HAL does not appear to have support for MD5 HASH at the moment, so
this has been given a flag to disable it on this MPU.
2024-11-26 14:15:57 +00:00
Daniel Pouzzner 7dcec3e62f linuxkm: work around aarch64 dependency on alt_cb_patch_nops for enable-linuxkm-pie (FIPS support). 2024-11-26 00:12:29 -06:00
JacobBarthelmeh 02432990dc Merge pull request #8210 from night1rider/devcrypto-authtag-error
/dev/crypto auth error fix/adjustment for benchmark
2024-11-25 16:42:58 -07:00
night1rider 02e6ec0c86 devcrypto auth error fix/adjustment 2024-11-25 14:43:12 -07:00
Daniel Pouzzner bfeb0ad48e expand opensslcoexist to all low level crypto APIs. 2024-11-22 19:27:56 -06:00
JacobBarthelmeh 033a2a08e9 Merge pull request #8212 from bandi13/fixTestFailure
Fix Renesas test
2024-11-22 10:42:21 -07:00
David Garske 401a64d112 Improve stdarg.h around uses of var_arg. Cleanup warning for XFREE/XMALLOC redef. 2024-11-22 08:11:32 -08:00
Daniel Pouzzner d85c108952 wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: add WC_FAILURE ("wolfCrypt generic failure") with value -1, for traceable error return of -1 in wolfCrypt.
configure.ac: add OPENSSL_EXTRA to --enable-wolfsentry.

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, wolfssl/ssl.h: accommodate backward dependencies for wolfSSL_X509_NAME_add_entry_by_NID, wolfSSL_X509_NAME_free, and wolfSSL_X509_NAME_new_ex.

linuxkm/lkcapi_glue.c: if CONFIG_CRYPTO_MANAGER, assert match of CONFIG_CRYPTO_FIPS and HAVE_FIPS.

src/ssl_crypto.c, wolfcrypt/src/wc_lms.c, wolfcrypt/src/wc_lms_impl.c, wolfcrypt/src/wc_xmss.c, wolfcrypt/test/test.c: add missing casts for XMALLOC()s.

src/ssl_crypto.c: in wolfSSL_AES_decrypt(), fix gate for wc_AesDecryptDirect() return type.

wolfcrypt/test/test.c: smallstack refactor in test_dilithium_decode_level().

tests/api.c: fix uninited vars and "embedding a directive within macro arguments is not portable" in test_wc_dilithium_der().
2024-11-21 21:59:26 -06:00
Reda Chouk 378519d7fb Adding missing checks missing initialization of sp_int/mp_int initialization (
in case of MEMORY_E).

removed printf (added for previous debugging)
2024-11-21 23:55:34 +01:00
Brett Nicholas cceeb776f7 gate dilithium OID autodetection on FIPS 204 draft mode 2024-11-21 09:38:11 -08:00
JacobBarthelmeh 04932dd97d Merge pull request #8206 from dgarske/rx_tsip
Fixes for RSA TSIP RSA Sign/Verify
2024-11-21 09:30:48 -07:00
JacobBarthelmeh c06f65a8ac Merge pull request #8182 from dgarske/no_compat_headers
Support for building without wolfssl/openssl header files
2024-11-20 21:33:18 -07:00
David Garske d109f38cbd Fixes for RSA TSIP RSA Sign/Verify. Tested on RX72N EnvisionKit. Added THREADX threading support.
```
Start wolf tsip crypt Test

 simple crypt test by using TSIP
 sha_test() passed
 sha256_test() passed
 tsip_aes_cbc_test()  passed
 tsip_aes256_test()  passed
 tsip_rsa_test(2048) passed
 tsip_rsa_SignVerify_test(2048) passed

End wolf tsip crypt Test
```
2024-11-20 13:08:26 -08:00
JacobBarthelmeh be70bea687 Merge pull request #8202 from LinuxJedi/fix-cryptodev-debug
Fix cryptodev debug output
2024-11-20 14:00:05 -07:00
David Garske ef67b1c06a Support for building without wolfssl/openssl header files. ZD 18465
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
2024-11-20 12:32:32 -08:00
Andrew Hutchings f5e6e17c7c Fix cryptodev debug output
Cryptodev has two sections for the session info struct, cipher and hash.
Our debug mode was using hash for the output even if we were using
cipher, so would output random data. Simple 'if' statement to do the
correct thing.
2024-11-20 06:41:58 +00:00