Commit Graph

25247 Commits

Author SHA1 Message Date
David Garske 82cb83abee Improvements for portability using older gcc 4.8.2 and customer parsing tools. 2025-05-08 17:02:27 -07:00
David Garske 7ff4ada692 Merge pull request #8746 from douzzer/20250507-ed25519-noasm
20250507-ed25519-noasm
2025-05-08 08:29:04 -07:00
Daniel Pouzzner e044ec45b7 .github/workflows/codespell.yml: in skip section, add full paths for new artifacts in examples/asn1/. 2025-05-08 00:41:35 -05:00
Daniel Pouzzner 2e0ada9836 configure.ac: implement support for --enable-ed25519=noasm, and refactor and improve existing support for --enable-curve25519=noasm. 2025-05-07 23:59:58 -05:00
David Garske 18818415d9 Merge pull request #8744 from douzzer/20250507-fips-all
20250507-fips-all
2025-05-07 13:56:31 -07:00
Daniel Pouzzner d3ce45fbfb clean up Curve25519/Curve448 dependencies in FIPS builds:
configure.ac:

* in FIPS setup, fix sensing of ENABLED_CURVE25519 and ENABLED_CURVE448 to prevent noasm sneaking through, and allow fips=dev to enable them via override;

* enable-all enables ECH only if !FIPS;

* enable-all-crypto enables curve25519/curve448 only if !FIPS;

* QUIC implication of ENABLED_CURVE25519 is inhibited if FIPS;

tests/quic.c: add !HAVE_CURVE25519 paths in test_quic_key_share() to allow FIPS QUIC.
2025-05-07 14:34:35 -05:00
David Garske cdeac13c87 Merge pull request #8742 from gojimmypi/pr-espressif-p4-and-hkdf
Espressif HAVE_HKDF for wolfssl_test, explicit ESP32P4
2025-05-07 12:30:54 -07:00
David Garske 1e3718ea7b Merge pull request #8655 from SparkiDev/asn1_oid_update
ASN.1 OIDs and sum: Change algorithm for sum
2025-05-07 11:43:54 -07:00
philljj 36d8298602 Merge pull request #8743 from douzzer/20250807-linuxkm-lkcapi-ecdh-fips-5v15
20250807-linuxkm-lkcapi-ecdh-fips-5v15
2025-05-07 12:47:03 -05:00
Daniel Pouzzner 060d4d5ecc linuxkm/lkcapi_glue.c: on FIPS kernels <5.15, suspend fips_enabled when registering ecdh-nist-p256 and ecdh-nist-p384 to work around wrong/missing attributes/items in kernel crypto manager. 2025-05-07 11:14:24 -05:00
JacobBarthelmeh eae4005884 Merge pull request #8717 from dgarske/renesas_rx_api
Make wc_tsip_* API's public
2025-05-07 09:29:05 -06:00
gojimmypi ed2c20a3b2 Espressif HAVE_HKDF for wolfssl_test, explicit ESP32P4 2025-05-07 16:38:05 +02:00
Sean Parkinson 5e5f486a4c Merge pull request #8732 from dgarske/stm32_hash_status
Fix for STM32 hash status check logic (also fix NO_AES_192 and NO_AES_256)
2025-05-07 20:56:18 +10:00
Sean Parkinson 4b73e70515 Merge pull request #8706 from dgarske/win_crypt_rng
New build option to allow reuse of the windows crypt provider handle …
2025-05-07 20:55:07 +10:00
philljj a69039b40d Merge pull request #8740 from douzzer/20250506-linuxkm-lkcapi-default-priority-100000
20250506-linuxkm-lkcapi-default-priority-100000
2025-05-06 20:04:19 -05:00
Sean Parkinson 112351667a ASN.1 OIDs and sum: Change algorithm for sum
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.

Added bunch of OID names into asn1 example.
2025-05-07 08:32:08 +10:00
Sean Parkinson d100898e92 Merge pull request #8737 from julek-wolfssl/wc_HKDF_Expand_ex-fix
wc_HKDF_Expand_ex: correctly advance the index
2025-05-07 08:23:33 +10:00
Daniel Pouzzner 8a3a5929b8 linuxkm/lkcapi_glue.c: change WOLFSSL_LINUXKM_LKCAPI_PRIORITY from INT_MAX to 100000 to avoid overflows in kernel calculation of priority on constructed algs. 2025-05-06 17:21:35 -05:00
David Garske 6eb8dfb769 Merge pull request #8668 from gojimmypi/pr-arduino-print
Fix Arduino progmem print, AVR WOLFSSL_USER_IO
2025-05-06 14:51:12 -07:00
David Garske 213c43b0fc Merge pull request #8715 from padelsbach/ssl-certman-codesonar
Speculative fix for CodeSonar overflow issue in ssl_certman.c
2025-05-06 14:49:57 -07:00
David Garske 1ee954a38c Merge pull request #8738 from kaleb-himes/refine-module-boundary
Refine module boundary based on lab feedback [IG C.K.]
2025-05-06 14:42:57 -07:00
David Garske 05a3557b2b Merge pull request #8703 from lealem47/zd19592
Attempt wolfssl_read_bio_file in read_bio even when XFSEEK is available
2025-05-06 14:42:19 -07:00
David Garske d04ab3757e New build option WIN_REUSE_CRYPT_HANDLE to allow reuse of the windows crypt provider handle. Seeding happens on any new RNG or after WC_RESEED_INTERVAL. If using threads make sure wolfSSL_Init() or wolfCrypt_Init() is called before spinning up threads. ZD 19754. Fixed minor implicit cast warnings in internal.c. Add missing hpke.c to wolfssl VS project. 2025-05-06 14:38:02 -07:00
David Garske 602f4a7b05 Merge pull request #8739 from douzzer/20250506-fixes-and-test-coverage
20250506-fixes-and-test-coverage
2025-05-06 14:27:38 -07:00
Daniel Pouzzner 982a7600c2 src/tls13.c: in DoTls13ServerHello() WOLFSSL_ASYNC_CRYPT path, fix -Wdeclaration-after-statement caused by fallthrough definition;
.github/workflows: update async.yml, multi-arch.yml, multi-compiler.yml, no-malloc.yml, opensslcoexist.yml, and os-check.yml, with -pedantic and related flags, and add --enable-riscv-asm to multi-arch.yml RISC-V scenario;

configure.ac: clarify error message for "SP ASM not available for CPU."
2025-05-06 14:49:32 -05:00
Lealem Amedie 579e22f843 Remove WOLFSSL_NO_FSEEK from known macros 2025-05-06 15:39:18 -04:00
David Garske 25db14f50c Fix macro typo. 2025-05-06 10:42:09 -07:00
kaleb-himes 654812679b Refine module boundary based on lab feedback [IG C.K.] 2025-05-06 09:33:36 -06:00
Juliusz Sosinowicz d82d8a53ef wc_HKDF_Expand_ex: correctly advance the index 2025-05-06 13:47:54 +02:00
Sean Parkinson 1c0e5af3a4 Merge pull request #8720 from JacobBarthelmeh/xilinx
add macro guards for SHA3 test cases to unit tests
2025-05-06 10:50:01 +10:00
Sean Parkinson 428915e492 Merge pull request #8719 from philljj/coverity_april_2025
Fix coverity warnings
2025-05-06 10:11:27 +10:00
Sean Parkinson dfec168402 Merge pull request #8721 from philljj/coverity_misc
Coverity misc
2025-05-06 10:04:53 +10:00
JacobBarthelmeh 3819c352e8 Merge pull request #8728 from dgarske/qat_4.28
Fixes for Intel QuickAssist latest driver (4.28)
2025-05-05 17:48:49 -06:00
David Garske 219902149e Fix issue with api.c test_wolfSSL_OBJ and ./certs/test-servercert.p12 that uses DES3 and AES-CBC-256. 2025-05-05 15:55:00 -07:00
David Garske c2f1563144 Merge pull request #8726 from kareem-wolfssl/zd19786
Pass in correct hash type to wolfSSL_RSA_verify_ex.
2025-05-05 15:38:41 -07:00
Daniel Pouzzner 629d812eb3 Merge pull request #8730 from philljj/linuxkm_pkcs1pad_more
linuxkm rsa: add more pkcs1pad sha variants
2025-05-05 16:59:29 -05:00
David Garske 751dcdf3df Improve the hash wait logic by separating the data input ready from the digest calculation complete. 2025-05-05 14:36:36 -07:00
David Garske 0f4ce03c28 Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384. 2025-05-05 14:36:36 -07:00
David Garske e487685d7d Fix for STM32 Hashing status bit checking logic. ZD 19783. The digest calculation was indicating "not busy" before digest result (DCIS) was finished. This did not show up on most systems because the computation is usually done by the time it reads. 2025-05-05 14:36:36 -07:00
philljj 6296dfdb1e Merge pull request #8735 from douzzer/20250502-linuxkm-fixes
20250502-linuxkm-fixes
2025-05-05 16:29:00 -05:00
David Garske 3d4e89c2ca Make wc_tsip_* API's public. 2025-05-05 14:02:05 -07:00
David Garske 2c0ca1cacb Fix for QAT driver QAT.L.4.28.0-00004 icp include path. Fix for CentOS 7 to allow automake 1.13.4 (works fine). 2025-05-05 13:22:54 -07:00
Daniel Pouzzner c402d7bd94 Merge pull request #8729 from philljj/linuxkm_ecdh_decode_secret
Linuxkm ecdh decode secret
2025-05-05 14:59:51 -05:00
David Garske d5cca9d7c9 Merge pull request #8733 from SparkiDev/riscv_hash_raw_fix
RISC-V 64-bit: fix raw hash when using crypto instructions
2025-05-05 12:44:51 -07:00
Kareem aad15b27a2 Pass in correct hash type to wolfSSL_RSA_verify_ex. 2025-05-05 11:58:26 -07:00
jordan a341333589 linuxkm rsa: additional pkcs1 sha variants. 2025-05-05 13:50:12 -05:00
jordan 68682f155c linuxkm ecdh: remove dependency on crypto_ecdh_decode_key. 2025-05-05 13:39:13 -05:00
jordan efd5405d0e coverity: fix check_after_deref, assignment_where_comparison_intended, uninit vars, return values, etc. 2025-05-05 13:18:29 -05:00
Daniel Pouzzner b9b66042d7 wolfssl/wolfcrypt/dh.h: gate in wc_DhGeneratePublic() with WOLFSSL_DH_EXTRA,
adding WOLFSSL_NO_DH_GEN_PUB in the unlikely event it needs to be disabled;

configure.ac: in --enable-linuxkm-lkcapi-register section, remove special-case
  handling for -DWOLFSSL_DH_GEN_PUB, and add support for
  --enable-linuxkm-lkcapi-register=all-kconfig, which disables registration of
  any algs that are disabled in the target kernel, and #errors if any algs or
  registrations are disabled or incompatible in libwolfssl but enabled in the
  target kernel (note, it does not #error for algorithms we don't currently
  shim/implement);

linuxkm/lkcapi_glue.c: change default WOLFSSL_LINUXKM_LKCAPI_PRIORITY from 10000
  to INT_MAX to make masking impossible;

linuxkm/lkcapi*glue.c: move all remaining algorithm-specific gate setup into the
  respective algorithm family files, and in each family file, add
  LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG logic to activate shims only if the
  corresponding algorithm is activated in the target kernel.

linuxkm/lkcapi_sha_glue.c: fix -Wunuseds in
  wc_linuxkm_drbg_default_instance_registered() and wc_linuxkm_drbg_cleanup()
  when !LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT.
2025-05-05 13:17:06 -05:00
jordan baa7efa8af Fix coverity uninit var warnings, add missing priv key ForceZero. 2025-05-05 13:14:39 -05:00