Commit Graph

25241 Commits

Author SHA1 Message Date
David Garske 760178c7dc Improvements to no malloc support in ConfirmSignature for async and non-blocking. Refactor DSA ASN.1 decode in ConfirmSignature. Cleanup indent in types.h. Move struct CertSignCtx to types.h. Move WC_ENABLE_ASYM_KEY_IMPORT and WC_ENABLE_ASYM_KEY_EXPORT to settings.h. 2025-05-07 12:06:09 -07:00
Alex Lanzano bc6b5598c5 Add NO_MALLOC support for wc_CheckCertSigPugKey 2025-05-07 12:04:38 -07:00
David Garske 1e3718ea7b Merge pull request #8655 from SparkiDev/asn1_oid_update
ASN.1 OIDs and sum: Change algorithm for sum
2025-05-07 11:43:54 -07:00
philljj 36d8298602 Merge pull request #8743 from douzzer/20250807-linuxkm-lkcapi-ecdh-fips-5v15
20250807-linuxkm-lkcapi-ecdh-fips-5v15
2025-05-07 12:47:03 -05:00
Daniel Pouzzner 060d4d5ecc linuxkm/lkcapi_glue.c: on FIPS kernels <5.15, suspend fips_enabled when registering ecdh-nist-p256 and ecdh-nist-p384 to work around wrong/missing attributes/items in kernel crypto manager. 2025-05-07 11:14:24 -05:00
JacobBarthelmeh eae4005884 Merge pull request #8717 from dgarske/renesas_rx_api
Make wc_tsip_* API's public
2025-05-07 09:29:05 -06:00
Sean Parkinson 5e5f486a4c Merge pull request #8732 from dgarske/stm32_hash_status
Fix for STM32 hash status check logic (also fix NO_AES_192 and NO_AES_256)
2025-05-07 20:56:18 +10:00
Sean Parkinson 4b73e70515 Merge pull request #8706 from dgarske/win_crypt_rng
New build option to allow reuse of the windows crypt provider handle …
2025-05-07 20:55:07 +10:00
philljj a69039b40d Merge pull request #8740 from douzzer/20250506-linuxkm-lkcapi-default-priority-100000
20250506-linuxkm-lkcapi-default-priority-100000
2025-05-06 20:04:19 -05:00
Sean Parkinson 112351667a ASN.1 OIDs and sum: Change algorithm for sum
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.

Added bunch of OID names into asn1 example.
2025-05-07 08:32:08 +10:00
Sean Parkinson d100898e92 Merge pull request #8737 from julek-wolfssl/wc_HKDF_Expand_ex-fix
wc_HKDF_Expand_ex: correctly advance the index
2025-05-07 08:23:33 +10:00
Daniel Pouzzner 8a3a5929b8 linuxkm/lkcapi_glue.c: change WOLFSSL_LINUXKM_LKCAPI_PRIORITY from INT_MAX to 100000 to avoid overflows in kernel calculation of priority on constructed algs. 2025-05-06 17:21:35 -05:00
David Garske 6eb8dfb769 Merge pull request #8668 from gojimmypi/pr-arduino-print
Fix Arduino progmem print, AVR WOLFSSL_USER_IO
2025-05-06 14:51:12 -07:00
David Garske 213c43b0fc Merge pull request #8715 from padelsbach/ssl-certman-codesonar
Speculative fix for CodeSonar overflow issue in ssl_certman.c
2025-05-06 14:49:57 -07:00
David Garske 1ee954a38c Merge pull request #8738 from kaleb-himes/refine-module-boundary
Refine module boundary based on lab feedback [IG C.K.]
2025-05-06 14:42:57 -07:00
David Garske 05a3557b2b Merge pull request #8703 from lealem47/zd19592
Attempt wolfssl_read_bio_file in read_bio even when XFSEEK is available
2025-05-06 14:42:19 -07:00
David Garske d04ab3757e New build option WIN_REUSE_CRYPT_HANDLE to allow reuse of the windows crypt provider handle. Seeding happens on any new RNG or after WC_RESEED_INTERVAL. If using threads make sure wolfSSL_Init() or wolfCrypt_Init() is called before spinning up threads. ZD 19754. Fixed minor implicit cast warnings in internal.c. Add missing hpke.c to wolfssl VS project. 2025-05-06 14:38:02 -07:00
David Garske 602f4a7b05 Merge pull request #8739 from douzzer/20250506-fixes-and-test-coverage
20250506-fixes-and-test-coverage
2025-05-06 14:27:38 -07:00
Daniel Pouzzner 982a7600c2 src/tls13.c: in DoTls13ServerHello() WOLFSSL_ASYNC_CRYPT path, fix -Wdeclaration-after-statement caused by fallthrough definition;
.github/workflows: update async.yml, multi-arch.yml, multi-compiler.yml, no-malloc.yml, opensslcoexist.yml, and os-check.yml, with -pedantic and related flags, and add --enable-riscv-asm to multi-arch.yml RISC-V scenario;

configure.ac: clarify error message for "SP ASM not available for CPU."
2025-05-06 14:49:32 -05:00
Lealem Amedie 579e22f843 Remove WOLFSSL_NO_FSEEK from known macros 2025-05-06 15:39:18 -04:00
David Garske 25db14f50c Fix macro typo. 2025-05-06 10:42:09 -07:00
kaleb-himes 654812679b Refine module boundary based on lab feedback [IG C.K.] 2025-05-06 09:33:36 -06:00
Juliusz Sosinowicz d82d8a53ef wc_HKDF_Expand_ex: correctly advance the index 2025-05-06 13:47:54 +02:00
Sean Parkinson 1c0e5af3a4 Merge pull request #8720 from JacobBarthelmeh/xilinx
add macro guards for SHA3 test cases to unit tests
2025-05-06 10:50:01 +10:00
Sean Parkinson 428915e492 Merge pull request #8719 from philljj/coverity_april_2025
Fix coverity warnings
2025-05-06 10:11:27 +10:00
Sean Parkinson dfec168402 Merge pull request #8721 from philljj/coverity_misc
Coverity misc
2025-05-06 10:04:53 +10:00
JacobBarthelmeh 3819c352e8 Merge pull request #8728 from dgarske/qat_4.28
Fixes for Intel QuickAssist latest driver (4.28)
2025-05-05 17:48:49 -06:00
David Garske 219902149e Fix issue with api.c test_wolfSSL_OBJ and ./certs/test-servercert.p12 that uses DES3 and AES-CBC-256. 2025-05-05 15:55:00 -07:00
David Garske c2f1563144 Merge pull request #8726 from kareem-wolfssl/zd19786
Pass in correct hash type to wolfSSL_RSA_verify_ex.
2025-05-05 15:38:41 -07:00
Daniel Pouzzner 629d812eb3 Merge pull request #8730 from philljj/linuxkm_pkcs1pad_more
linuxkm rsa: add more pkcs1pad sha variants
2025-05-05 16:59:29 -05:00
David Garske 751dcdf3df Improve the hash wait logic by separating the data input ready from the digest calculation complete. 2025-05-05 14:36:36 -07:00
David Garske 0f4ce03c28 Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384. 2025-05-05 14:36:36 -07:00
David Garske e487685d7d Fix for STM32 Hashing status bit checking logic. ZD 19783. The digest calculation was indicating "not busy" before digest result (DCIS) was finished. This did not show up on most systems because the computation is usually done by the time it reads. 2025-05-05 14:36:36 -07:00
philljj 6296dfdb1e Merge pull request #8735 from douzzer/20250502-linuxkm-fixes
20250502-linuxkm-fixes
2025-05-05 16:29:00 -05:00
David Garske 3d4e89c2ca Make wc_tsip_* API's public. 2025-05-05 14:02:05 -07:00
David Garske 2c0ca1cacb Fix for QAT driver QAT.L.4.28.0-00004 icp include path. Fix for CentOS 7 to allow automake 1.13.4 (works fine). 2025-05-05 13:22:54 -07:00
Daniel Pouzzner c402d7bd94 Merge pull request #8729 from philljj/linuxkm_ecdh_decode_secret
Linuxkm ecdh decode secret
2025-05-05 14:59:51 -05:00
David Garske d5cca9d7c9 Merge pull request #8733 from SparkiDev/riscv_hash_raw_fix
RISC-V 64-bit: fix raw hash when using crypto instructions
2025-05-05 12:44:51 -07:00
Kareem aad15b27a2 Pass in correct hash type to wolfSSL_RSA_verify_ex. 2025-05-05 11:58:26 -07:00
jordan a341333589 linuxkm rsa: additional pkcs1 sha variants. 2025-05-05 13:50:12 -05:00
jordan 68682f155c linuxkm ecdh: remove dependency on crypto_ecdh_decode_key. 2025-05-05 13:39:13 -05:00
jordan efd5405d0e coverity: fix check_after_deref, assignment_where_comparison_intended, uninit vars, return values, etc. 2025-05-05 13:18:29 -05:00
Daniel Pouzzner b9b66042d7 wolfssl/wolfcrypt/dh.h: gate in wc_DhGeneratePublic() with WOLFSSL_DH_EXTRA,
adding WOLFSSL_NO_DH_GEN_PUB in the unlikely event it needs to be disabled;

configure.ac: in --enable-linuxkm-lkcapi-register section, remove special-case
  handling for -DWOLFSSL_DH_GEN_PUB, and add support for
  --enable-linuxkm-lkcapi-register=all-kconfig, which disables registration of
  any algs that are disabled in the target kernel, and #errors if any algs or
  registrations are disabled or incompatible in libwolfssl but enabled in the
  target kernel (note, it does not #error for algorithms we don't currently
  shim/implement);

linuxkm/lkcapi_glue.c: change default WOLFSSL_LINUXKM_LKCAPI_PRIORITY from 10000
  to INT_MAX to make masking impossible;

linuxkm/lkcapi*glue.c: move all remaining algorithm-specific gate setup into the
  respective algorithm family files, and in each family file, add
  LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG logic to activate shims only if the
  corresponding algorithm is activated in the target kernel.

linuxkm/lkcapi_sha_glue.c: fix -Wunuseds in
  wc_linuxkm_drbg_default_instance_registered() and wc_linuxkm_drbg_cleanup()
  when !LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT.
2025-05-05 13:17:06 -05:00
jordan baa7efa8af Fix coverity uninit var warnings, add missing priv key ForceZero. 2025-05-05 13:14:39 -05:00
JacobBarthelmeh e233ead7f6 add macro guards for SHA3 test cases 2025-05-05 11:19:21 -06:00
David Garske 9587b7b12e Merge pull request #8734 from JacobBarthelmeh/libssh2
update libssh2 test to use stable-slim instead of test-slim
2025-05-05 09:55:57 -07:00
JacobBarthelmeh 5fbe23cfd9 update libssh2 test to use stable-slim instead of test-slim 2025-05-05 10:09:47 -06:00
Sean Parkinson 3acf3ef3c5 RISC-V 64-bit: fix raw hash when using crypto instructions
./configure CC=riscv64-linux-gnu-gcc --host=riscv64 --disable-shared LDFLAGS=--static --enable-riscv-asm=zvkned
Digest state is not always stored in a way that can be directly copied out.
2025-05-03 08:42:17 +10:00
philljj 1075ce8cf4 Merge pull request #8727 from douzzer/20250501-linuxkm-ecdsa-workaround
20250501-linuxkm-ecdsa-workaround
2025-05-01 22:44:48 -05:00
Sean Parkinson aa50cfc92c Merge pull request #8723 from lealem47/zd19721
Sniffer: Add multiple sessions by removing cached check
2025-05-02 08:44:05 +10:00