Daniele Lacamera
83aec60bd6
Addressed comment: added macros to .wolfssl_know_macro_extras
2026-05-08 18:50:44 +02:00
Tesfa Mael
0a2886f942
Correct Nested comment for Espressif build
2026-05-08 18:50:44 +02:00
Tesfa Mael
293ccdd604
Fix typo
2026-05-08 18:50:44 +02:00
Tesfa Mael
969a2502ae
Fix comments and shellcheck warning
2026-05-08 18:50:44 +02:00
Tesfa Mael
fbfc3ba8c2
Fix formatting
2026-05-08 18:50:44 +02:00
Tesfa Mael
416b3434db
Removed the dead #ifdef WOLFSSL_MICROCHIP_TA100 block (it was inside #ifndef WOLFSSL_MICROCHIP_TA100
2026-05-08 18:50:44 +02:00
Tesfa Mael
00b99b88f3
wraps PKG_CHECK_MODULES with m4_ifdef so it's silently skipped when pkg.m4 is unavailable
2026-05-08 18:50:44 +02:00
Tesfa Mael
4d94b8e8d5
[TA-100] Fix build/test regressions in non-TA100 builds
2026-05-08 18:50:44 +02:00
Tesfa Mael
8f9ecd1afb
Close PKG_CHECK_MODULES with a no-op failure action and use a separate AS_IF to conditionally run the manual search fallback
2026-05-08 18:50:44 +02:00
Daniele Lacamera
7efe61fbd0
[TA-100] Fixed RSA keygen/sign/verify, tests
2026-05-08 18:50:44 +02:00
Daniele Lacamera
8ea5235ba8
[TA-100] Fixed ECC384. Adding RSA.
2026-05-08 18:50:44 +02:00
Daniele Lacamera
ab027070a4
Reverted changes to fallback ECC
...
ECC384 should be supported in TA-100
2026-05-08 18:50:43 +02:00
Daniele Lacamera
298845f34c
[TA-100] Fixed GMAC, AES-GCM, AES, ECC
...
- Using correct slot ID for AES keys
- Adjust IV length
- Fallback operations to software for unsupported ECC curves
(all tests passing)
2026-05-08 18:50:43 +02:00
Tesfa Mae
dbf4aaa5be
TA100: follow-up changes (squash after 4e64cb56)
2026-05-08 18:50:43 +02:00
Tesfa Mae
00cca3e25b
TA100: Microchip Trust Anchor support RSA/ECC
2026-05-08 18:50:43 +02:00
Daniel Pouzzner
20ed869c21
Merge pull request #10432 from danielinux/arduino-unor4wifi-flash-fix
...
Arduino UNO: force USE_CERT_BUFFERS_256 to fit in flash
2026-05-08 11:48:31 -05:00
Daniele Lacamera
347553ca09
Added missing known_macro
2026-05-08 11:02:51 +02:00
Daniele Lacamera
23c28c3203
Address Copilot's comments: uniform mutual exclusions
2026-05-08 09:29:22 +02:00
Daniele Lacamera
3a7cd3a7db
Arduino UNO: force USE_CERT_BUFFERS_256 to fit in flash
...
Fixes failing CI test
2026-05-08 09:09:03 +02:00
Hideki Miyazaki
7d1516f4db
Merge pull request #10382 from kojo1/doc
...
Improve arg descriptions in API doc
2026-05-08 15:31:55 +09:00
Sean Parkinson
69a378461a
Merge pull request #10406 from Frauschi/lms_xmss_certs
...
Support RFC 9802 LMS and XMSS in X.509 verification
2026-05-08 11:48:34 +10:00
Sean Parkinson
5fce8025bb
Merge pull request #10386 from JeremiahM37/fenrir-4
...
Harden TLS handshake validation, OpenSSL-compat defaults, and stale code paths
2026-05-08 10:50:55 +10:00
David Garske
2b042709f2
Merge pull request #10427 from cconlon/setAsymKeyDerVersion
...
Set PKCS#8 version correctly in SetAsymKeyDer() when publicKey is bundled
2026-05-07 16:12:18 -07:00
David Garske
6a83144cb3
Merge pull request #10417 from embhorn/zd21713
...
Fix include for errno in Microchip port settings
2026-05-07 16:09:59 -07:00
David Garske
7b34be3945
Merge pull request #10331 from embhorn/zd21706
...
Fix IDNA matching
2026-05-07 16:09:33 -07:00
David Garske
bf6c870889
Merge pull request #10304 from JeremiahM37/fenrir-2
...
Zero DH keys, tighten SSL APIs, harden TLS extensions
2026-05-07 14:51:28 -07:00
David Garske
fea8d1b5bc
Merge pull request #10413 from JeremiahM37/fenrir-7
...
zeroize sensitive memory and validate public API inputs
2026-05-07 14:47:32 -07:00
David Garske
9a46ecb263
Merge pull request #10380 from padelsbach/lms-xmss
...
Add crypto callbacks for LMS and XMSS
2026-05-07 14:46:56 -07:00
David Garske
58ca6a1fa7
Merge pull request #10302 from JacobBarthelmeh/ecc
...
additional sanity checks on invalid input
2026-05-07 14:39:21 -07:00
David Garske
80a04551cf
Merge pull request #10405 from SparkiDev/mlkem_fixes_1
...
ML-KEM: fix comments, API signatures, minor issues
2026-05-07 14:37:59 -07:00
David Garske
b306f2d846
Merge pull request #10422 from Frauschi/socat
...
Make socat tests less flaky
2026-05-07 14:36:24 -07:00
David Garske
8c74977eee
Merge pull request #10297 from kareem-wolfssl/zd21676
...
Properly handle fallback cipher type case in wc_Pkcs11_CryptoDevCb.
2026-05-07 14:36:05 -07:00
David Garske
6efbacf402
Merge pull request #10416 from jackctj117/v6-fix
...
fix: guard wc_Ed448PublicKeyToDer ed448_export_public call for FIPS<7
2026-05-07 14:32:48 -07:00
David Garske
aeeb98cc04
Merge pull request #10400 from embhorn/gh10383
...
Fix Dilithium signing when WC_DILITHIUM_CACHE_MATRIX_A is enabled
2026-05-07 14:30:46 -07:00
David Garske
e78418db95
Merge pull request #10306 from sebastian-carpenter/tls-ech-client-oe
...
Add OuterExtensions encoding for TLS ECH client
2026-05-07 14:14:50 -07:00
David Garske
8ac2a1ae1b
Merge pull request #10418 from rlm2002/coverity
...
20260506 Coverity
2026-05-07 14:11:32 -07:00
David Garske
52847ed7e0
Merge pull request #10420 from SparkiDev/mldsa_small_1
...
ML-DSA fixes: small vfy key object, small SHA-3, fix test
2026-05-07 13:52:50 -07:00
Chris Conlon
7cc84d38fb
fix SetAsymKeyDer to set PKCS#8 version=1 when bundling publicKey (RFC 5958)
2026-05-07 14:05:51 -06:00
Daniel Pouzzner
fcf23dcd04
Merge pull request #10357 from sameehj/km-fixes
...
Km fixes
2026-05-07 14:54:48 -05:00
Daniel Pouzzner
4b00525e90
Merge pull request #10407 from Frauschi/Wconversion
...
Add LMS, XMSS and ML-DSA to Wconversion testing
2026-05-07 12:05:48 -05:00
sebastian-carpenter
15b8c88bf6
Write ECH last in HRR to promote interop
2026-05-07 10:10:00 -06:00
sebastian-carpenter
9d938c12ea
supported_versions added to non-encode list
2026-05-07 10:10:00 -06:00
sebastian-carpenter
e3b291589d
TLS ECH outerExtensions (client-side)
2026-05-07 10:10:00 -06:00
Tobias Frauenschläger
28468b44f5
Support RFC 9802 LMS and XMSS in X.509 verification
...
Wire the stateful hash-based signature schemes HSS/LMS (RFC 8554) and
XMSS / XMSS^MT (RFC 8391) into the X.509 cert-verification path per
RFC 9802.
asn:
- Register id-alg-hss-lms-hashsig (1.2.840.113549.1.9.16.3.17),
id-alg-xmss-hashsig (1.3.6.1.5.5.7.6.34) and id-alg-xmssmt-hashsig
(1.3.6.1.5.5.7.6.35) in oid_sum.h, asn.c and asn1_oid_sum.pl.
- Plumb the new keyOIDs through GetCertKey, SigOidMatchesKeyOid,
HashForSignature, FreeSignatureCtx and ConfirmSignature so leaf
and CA certificates parse, load and verify end-to-end.
- Rename IsSigAlgoECC -> IsSigAlgoNoParams; the function has tested
"AlgorithmIdentifier omits NULL parameters" since PQC algos were
added, and HSS/LMS + XMSS only made the original name more
misleading.
wc_lms / wc_xmss:
- Add wc_XmssKey_ImportPubRaw_ex which derives parameters from the
4-byte OID prefix at the start of the raw public key, taking an
is_xmssmt hint to disambiguate the overlapping XMSS / XMSS^MT OID
spaces.
- Extend wc_LmsKey_ImportPubRaw with the same auto-derive from
u32str(L) || lmsType || lmOtsType when key->params is NULL; this
also fixes a latent NULL-deref when the legacy precondition was
violated.
- Reject WC_*_STATE_OK in both ImportPubRaw paths so re-importing
on a private-key-loaded handle can't desync priv/pub.
- Tighten wc_XmssKey_Verify's length check to strict equality,
matching wc_LmsKey_Verify and the documented contract of using
wc_XmssKey_GetSigLen for the buffer size.
tests / fixtures:
- Bouncy Castle 1.81 fixtures in certs/lms and certs/xmss covering
every supported parameter set, plus CA->leaf chains per family
and one BC-native LMS fixture as a cross-impl interop gate.
- New api tests verify each fixture end-to-end, tamper TBS and
signature bytes, exercise the wolfCrypt-level negative paths
(NOT_COMPILED_IN, BUFFER_E, BAD_FUNC_ARG, BAD_STATE_E, OID/family
mismatch, partial-write invariants, lenient VERIFYONLY re-import,
strict sigLen check) and confirm the outer signatureAlgorithm
OID is rejected when it disagrees with the SPKI in both
XMSS<->XMSS^MT directions.
2026-05-07 17:14:31 +02:00
Tobias Frauenschläger
bca5610508
Make socat tests less flaky
2026-05-07 15:25:19 +02:00
Eric Blankenhorn
935c3901d9
Fix from review
2026-05-07 07:34:39 -05:00
Eric Blankenhorn
8ce4e126ae
Fix from review
2026-05-07 07:34:39 -05:00
Eric Blankenhorn
4191d46d95
Fix Dilithium signing when WC_DILITHIUM_CACHE_MATRIX_A is enabled
2026-05-07 07:34:39 -05:00
Eric Blankenhorn
b6091d6db5
Fix from review
2026-05-07 07:32:51 -05:00
Eric Blankenhorn
ede266acc2
Fixes from review
2026-05-07 07:32:51 -05:00