Commit Graph

90 Commits

Author SHA1 Message Date
Andrew Hutchings 61a77e2dd6 Add lots more membrowse platforms
Lots more ARM Cortex, RiscV, AArch64, linuxkm and some Zephyr
2026-06-03 11:21:35 +01:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Daniele Lacamera 23c28c3203 Address Copilot's comments: uniform mutual exclusions 2026-05-08 09:29:22 +02:00
Daniele Lacamera 3a7cd3a7db Arduino UNO: force USE_CERT_BUFFERS_256 to fit in flash
Fixes failing CI test
2026-05-08 09:09:03 +02:00
Daniel Pouzzner a057975347 Merge pull request #10293 from Frauschi/liboqs_removal
Remove liboqs for ML-KEM and ML-DSA, update for Falcon
2026-04-30 09:04:11 -05:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
Tobias Frauenschläger e1fefcca4f Remove deprecated liblms and libxmss 2026-04-29 19:52:09 +02:00
Daniel Pouzzner 60d1e222b2 globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
Sameeh Jubran deb668ca4b pkcs7: add RSA-PSS support for SignedData
Add full RSA-PSS (RSASSA-PSS) support to PKCS#7 SignedData
encoding and verification.

This change enables SignerInfo.signatureAlgorithm to use
id-RSASSA-PSS with explicit RSASSA-PSS-params (hash, MGF1,
salt length), as required by RFC 4055 and CMS profiles.

Key changes:
- Add RSA-PSS encode and verify paths for PKCS7 SignedData
- Encode full RSASSA-PSS AlgorithmIdentifier parameters
- Decode RSA-PSS parameters from SignerInfo for verification
- Treat RSA-PSS like ECDSA (sign raw digest, not DigestInfo)
- Fix certificate signatureAlgorithm parameter length handling
- Add API test coverage for RSA-PSS SignedData

This resolves failures when using RSA-PSS signer certificates
(e.g. -173 invalid signature algorithm) and maintains backward
compatibility with RSA PKCS#1 v1.5 and ECDSA.

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-25 11:02:47 +02:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
David Garske 8c30cfb0da Add tests for async with static memory. Fix issue with mixed-declaration in SP ECC non-blocking. 2026-02-05 09:43:31 -08:00
David Garske 4d3925d526 Add X25519 non-blocking support for key gen and shared secret
## Summary
- Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`)
- Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply
- Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key
- Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`)
- Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`)
- Add X25519 async software dispatch cases in `async.c` and types in `async.h`
- Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms)
- Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync
- Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow
- Add wolfcrypt test and API test coverage for X25519 non-blocking
2026-02-04 21:28:52 -08:00
David Garske 7077a7bdd8 Fix for macros not longer needed in .wolfssl_known_macro_extras 2026-01-29 09:28:23 -08:00
David Garske c2a987595f Add new user_settings.h templates for tls13, dtls13, pq, openssl_compat, baremetal, rsa_only, pkcs7, ca 2026-01-28 11:27:01 -08:00
David Garske 3946ba8de3 Improve user_settings.h examples and add validation rules
- Standardize header guards to WOLFSSL_USER_SETTINGS_H across all files
  - Add #if 0/1 gates with labels for easy feature toggling
  - Fix bugs: typos in eccnonblock (WOLFSL_SHA*), duplicates in fipsv5/all
  - Add NO_DES3_TLS_SUITES alongside NO_DES3 where needed
  - Update wolfboot_keytools with upstream PQ algorithms (ML-DSA, LMS, XMSS)
  - Add settings.h validation rules with descriptive error messages
  - Auto-define NO_DES3_TLS_SUITES when NO_DES3 is set (instead of error)
  - Update README.md and add missing files to CI tests
2026-01-28 09:52:24 -08:00
Tobias Frauenschläger 14ce7956f1 Increase test coverage
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests

Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
2026-01-23 09:27:16 +01:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
gojimmypi 0065d9a0dd Improve Arduino Examples, add workflow testing 2025-09-02 11:45:28 -07:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Juliusz Sosinowicz 72db5e5108 Remove NO_FILESYSTEM for CI 2025-06-16 18:06:19 +02:00
gojimmypi 3254f56d32 Improve PlatformIO Certificate Bundle Support 2025-06-06 15:48:07 -07:00
gojimmypi a9db6d08f7 Adjust Espressif Examples for Post Quantum ML-KEM 2025-06-02 15:11:53 -07:00
gojimmypi 1f88ab58c1 Fix Arduino progmem print, AVR WOLFSSL_USER_IO 2025-04-18 14:29:32 +02:00
gojimmypi 241a1ed360 Introduce and move new Arduino examples and configuration updates 2025-04-12 15:38:37 +02:00
Daniel Pouzzner f14498ea6b fix a couple broken configs in examples/configs/ - simultaneous SP and NO_BIG_INT. 2025-03-20 22:40:08 -05:00
David Garske 2c36ae268f Merge pull request #8536 from SparkiDev/kyber_to_mlkem
Update Kyber APIs to ML-KEM APIs
2025-03-20 11:07:53 -07:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
David Garske dfc6a52db5 Fixes for ECC non-blocking tests. Added example user_settings.h build test. Demonstrate ECC 256, 384 and 521 bit. 2025-03-05 15:58:51 -08:00
David Garske 557abcf76a Support for STM32H7S (tested on NUCLEO-H7S3L8). It supports hardware crypto for RNG, Hash, AES and PKA. Added future config option for DTLS v1.3. Support DTLS v1.3 only reduce code size (tested with: ./configure --enable-dtls13 --enable-dtls --disable-tlsv12 CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE"). 2025-02-26 14:00:48 -08:00
gojimmypi 0680895d7d Add Espressif sample user_settings.h 2025-02-04 14:26:15 -08:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
gojimmypi 560d89ed44 Update Arduino files for wolfssl 5.7.4 2024-11-23 13:26:46 -08:00
Daniel Pouzzner afa5b0168e fix HAVE_SHA* configurations in IDE/iotsafe/user_settings.h to also set WOLFSSL_SHA*, and in IDE/STM32Cube/default_conf.ftl, IDE/iotsafe/user_settings.h, and examples/configs/user_settings_stm32.h, comment HAVE_SHA* as "old freeRTOS settings.h requires this". 2024-10-23 12:46:32 -05:00
gojimmypi a13f48aea0 Update Espressif Examples 2024-10-15 18:36:28 -07:00
David Garske 9d24480379 Fix WOLF_CONF_AESGCM=2. 2024-09-19 14:19:39 -07:00
David Garske 9815d9bd03 Support for STM32G4. ZD 18675 2024-09-19 10:54:29 -07:00
András Fekete 9666394b73 Merge pull request #7977 from billphipps/have_rsa_fix
Update to remove HAVE_RSA references.  Correct NO_MALLOC RSA test bug.
2024-09-16 16:26:26 -04:00
Bill Phipps 92f3a808b0 Update to remove HAVE_RSA references. Correct NO_MALLOC RSA test bug. 2024-09-16 13:29:38 -04:00
Anthony Hu 844d0ec558 Get rid of pqm4 in favour our own Kyber/MLDSA implementation 2024-08-29 13:23:39 -04:00
Eric Blankenhorn 373f5ee9ae Fix example settings 2024-08-09 13:06:29 -05:00
Andras Fekete b6a9c38950 Addressing PR comments 2024-08-06 15:29:32 -04:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
David Garske d07d4fb8ac Update support for wolfSSH with RSA_LOW_MEM. 2024-06-03 12:08:37 -07:00
David Garske b4910c4615 wolfSSH size optimizations. Disable RSA OAEP, enable SHA-1 with DH. Do not need SHA2-384/512. 2024-06-03 09:34:53 -07:00
David Garske cfbadc8b07 Fixes for wolfSSH user_settings.h template. Add low resource option. 2024-06-03 09:34:53 -07:00
David Garske 3d374239a1 Template for wolfSSH minimal build using user_settings.h. ZD 17991. 2024-06-03 09:34:52 -07:00
JacobBarthelmeh cf61df129c fix typo with NO_CERTS macro 2024-05-29 17:08:01 -06:00
gojimmypi 74c0d9b9f6 Update example/configs list, sort order. 2024-05-16 10:48:14 -07:00
gojimmypi 503bbbec8f Update PlatformIO wolfssl/wolfssl@^5.7.0-rev.3c 2024-05-15 17:13:03 -07:00
David Garske 2d7f9d1874 Support for Infineon Modus Toolbox with wolfSSL. 2024-03-27 15:37:50 -07:00