wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 20:52:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,026 Commits 12 Branches 184 Tags
8e77ee5c2aeb93c95ac63243996b5f428a041e95
Commit Graph

1948 Commits

Author SHA1 Message Date
JacobBarthelmeh
040e2102a8 Merge pull request #9049 from kojiws/import_mldsa_seed_pkcs8_reapply 
Reapply - Import ML-DSA's seed from PKCS8 file
 2025-08-01 14:34:09 -06:00
Koji Takeda
09deacbe8f Revert "Merge pull request #9045 from douzzer/20250730-revert-PR9000" 
This reverts commit 70af2be5ab, reversing
changes made to 46347173b2.
 2025-07-31 14:14:51 +09:00
Daniel Pouzzner
c353052e54 linuxkm/linuxkm_wc_port.h: 
* move enum wc_svr_flags out of BUILDING_WOLFSSL guard;
* add DISABLE_VECTOR_REGISTERS() and REENABLE_VECTOR_REGISTERS() definitions for !BUILDING_WOLFSSL;
* add #include <linux/spinlock.h> to !WOLFSSL_LINUXKM_USE_MUTEXES implementation to fix compilation (and add usability) to caller code;

linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_ctx_clear(), fix error-path deallocation of locked object;

wolfcrypt/benchmark/benchmark.c:

* in FIPS v6+ builds, and FIPS linuxkm v5+, check retval from wc_AesEncryptDirect() and wc_AesDecryptDirect();
* add WC_RELAX_LONG_LOOP() in bench_stats_sym_finish() and bench_stats_asym_finish_ex();

wolfcrypt/test/test.c: fix rng_seed_test() with correct test vectors for the relevant combinations of features, and gate the test out if there are user override defines for ENTROPY_SCALE_FACTOR or SEED_BLOCK_SZ.
 2025-07-30 22:15:05 -05:00
Daniel Pouzzner
d0bf9c4b3c Revert "Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE" 
This reverts commit bbcdfe92e0.
 2025-07-30 15:39:53 -05:00
JacobBarthelmeh
46347173b2 Merge pull request #9034 from holtrop/allow-pkcs7-without-x963-kdf 
Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset
 2025-07-30 10:05:09 -06:00
JacobBarthelmeh
36912c3af8 Merge pull request #9000 from kojiws/import_mldsa_seed_pkcs8 
Import ML-DSA's seed from PKCS8 file
 2025-07-29 16:02:36 -06:00
Josh Holtrop
df7e105fb7 Allow building with HAVE_PKCS7 set and HAVE_X963_KDF unset 2025-07-29 11:46:44 -04:00
Josh Holtrop
26a4ea93eb Allow building with HAVE_PKCS7 set and HAVE_AES_KEYWRAP unset 2025-07-28 12:40:35 -04:00
Koji Takeda
bbcdfe92e0 Disable exporting dilithium DER tests without WOLFSSL_ASN_TEMPLATE 2025-07-28 21:46:28 +09:00
Albert Ribes
2e25c65129 wolfcrypt test: Fix build on 32 bit machines 
Declare a 64 bit variable using W64LIT to avoid warnings on 32 bit
machines
 2025-07-21 10:34:19 +02:00
Daniel Pouzzner
2c341a5806 Merge pull request #8990 from JacobBarthelmeh/license 
updating license from GPLv2 to GPLv3

(linuxkm tweak to `MODULE_LICENSE("GPL")` to follow.)
 2025-07-14 16:14:39 -05:00
Ruby Martin
e65647faa8 xmemset rng before test runs 2025-07-10 16:17:53 -06:00
JacobBarthelmeh
629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
David Garske
5d89ca6706 Fix build issue with ML-DSA 44 only. Fix --enable-mlkem=all to enable features (keygen/enc/dec) to match --enable-dilithium behavior and allow uses like: --enable-mlkem=all,512,small. Fix issue building mem track with missing PRINT_HEAP_ADDRESS (reproduced with --enable-trackmemory=verbose --enable-stacksize=verbose). 
```
wolfcrypt/src/dilithium.c:6696:21: error: expected expression before '}' token
 6696 |                     }
      |
```
 2025-07-09 15:06:41 -07:00
JeremiahM37
88da86e900 ML DSA Static Memory Fix 2025-07-08 17:51:42 -06:00
Daniel Pouzzner
bdd2056645 wolfcrypt/test/test.c: fix gate in dh_test() (fixes disable-sha256). 2025-07-03 10:19:07 -05:00
David Garske
295d90655b Merge pull request #8929 from SparkiDev/regression_fixes_18 
Regression testing
 2025-06-27 08:44:43 -07:00
Sean Parkinson
f1cb4d579c Regression testing 
Fixes to get WOLFSSL_PUBLIC_MP testing passing.
Fix DH constant time agreement:
  - implement constant time encoding to big-endian byte array in TFM
- only force x to be zero for SP math as others implementations ensure
unused words are zero
- exponentiate in constant time to the smallest number of words
possible
- no need to encode into separate buffer anymore as encoding is
constant time and front padded
- make requested_sz be the maximum size for the parameters and check
against agreeSz
- update agreeSz to be the maximum valid size instead of filling all
the buffer which may be many times too big
- fix SP result to front pad when doing constant time
 2025-06-26 21:21:05 +10:00
Daniel Pouzzner
6fb1c54c29 Merge pull request #8854 from dgarske/renesas_rx_tsip_aesctr 
Added Renesas RX TSIP AES CTR support
 2025-06-25 22:20:03 -05:00
David Garske
ad9d068174 Fix issues with crypto callbacks and HAVE_ECC_DHE. Fix issues with ecc_onlycb_test. 2025-06-24 09:41:33 -07:00
Sean Parkinson
d05790ed89 LMS: Allow state to be saved with private key 
Defining WOLFSSL_WC_LMS_SERIALIZE_STATE will have the state serialized
before the private key data.
Lots of memory used but means fast reload times. That means that the key
can be reloaded for each sign.
 2025-06-24 20:46:41 +10:00
Sean Parkinson
f36f86ee98 LMS SHA-256_192: fix parameters 
Winternitz bits needs to be one larger when only 192 bit hash.
 2025-06-23 08:16:05 +10:00
Sean Parkinson
7289687b44 ECC configuration fixes 
When ECC verify only and with no RNG.
 2025-06-19 13:37:43 +10:00
David Garske
74de689941 Merge pull request #8875 from kareem-wolfssl/zd20035 
Fix SRP wolfCrypt test on lower FP_MAX/SP_INT_BITS configs
 2025-06-18 08:59:09 -07:00
David Garske
7e864c177d Merge pull request #8886 from douzzer/20250617-prime_test-uninited-wc_FreeRng 
20250617-prime_test-uninited-wc_FreeRng
 2025-06-17 11:31:53 -07:00
Kareem
fe5ae0cbdf Restore 128-byte SRP test using safe prime N for the case where 192 bytes is too large for the fast/SP math config. 2025-06-17 11:30:11 -07:00
Kareem
a035b045a4 Only run SRP tests with at least 3072 bits. 
The SRP buffers are 192 bytes, so they need a minimum of 3072 bits.
If the bit size is too low, wc_SrpGetVerifier will return MP_VAL as the buffers won't fit.
 2025-06-17 11:30:11 -07:00
Daniel Pouzzner
d28045daa8 wolfcrypt/test/test.c: fix prime_test() uninitialized data access by wc_FreeRng(). 2025-06-17 09:31:19 -05:00
Juliusz Sosinowicz
9a576d9e2e Fix CI failures 2025-06-16 19:07:58 +02:00
Sean Parkinson
cb90b78688 ML-DSA: fix tests for different configs 
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
 2025-06-10 20:44:27 +10:00
Daniel Pouzzner
4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES; 
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
 2025-06-06 17:18:50 +04:00
Sean Parkinson
640b060792 LMS: Key ID fixup 
Fix implementation for extracting from private key data.
Add implementation that gets Key ID from wc_LmsKey.
 2025-06-05 10:25:47 +10:00
Daniel Pouzzner
a6e9bd73e4 Merge pull request #8803 from dgarske/csr_nomalloc 
Refactor to support CSR generation and signing with `WOLFSSL_NO_MALLOC`
 2025-05-30 18:05:25 -05:00
Daniel Pouzzner
b9ef6c583a wolfcrypt/test/test.c: in test_dilithium_decode_level(), on early malloc failure, stay in the flow to assure cleanup; 
.wolfssl_known_macro_extras: remove unneeded entry for WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC.
 2025-05-28 12:48:36 -05:00
David Garske
482f2bdd2a Refactor to support CSR generation and signing with WOLFSSL_NO_MALLOC. Also for DSA. Don't test no malloc with ECC custom curves. 2025-05-27 14:51:16 -07:00
David Garske
607d7489bc Add no malloc support for Dilithium tests. Fixes for WOLFSSL_DILITHIUM_NO_ASN1. 2025-05-22 14:34:34 -07:00
Daniel Pouzzner
401868908a add .github/workflows/smallStackSize.yml; 
smallstack refactors in
* wolfcrypt/src/asn.c : wc_GetSubjectPubKeyInfoDerFromCert(),
* wolfcrypt/src/dilithium.c : dilithium_sign_with_seed_mu(),
* wolfcrypt/src/ecc.c : wc_ecc_mulmod_ex2(),
* wolfcrypt/src/wc_mlkem.c : mlkemkey_decapsulate(),
* and wolfcrypt/src/wc_mlkem_poly.c : mlkem_gen_matrix_k*_avx2() and mlkem_get_noise_k2_avx2();

wolfcrypt/test/test.c: in TEST_PASS(), fix STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK to honor TEST_ALWAYS_RUN_TO_END.
 2025-05-15 15:28:11 -05:00
Daniel Pouzzner
001a5ef897 wolfcrypt/test/test.c: in main(), return (exit with) 0 for success and 1 for failure. 2025-05-10 12:08:50 -05:00
David Garske
760178c7dc Improvements to no malloc support in ConfirmSignature for async and non-blocking. Refactor DSA ASN.1 decode in ConfirmSignature. Cleanup indent in types.h. Move struct CertSignCtx to types.h. Move WC_ENABLE_ASYM_KEY_IMPORT and WC_ENABLE_ASYM_KEY_EXPORT to settings.h. 2025-05-07 12:06:09 -07:00
David Garske
1e3718ea7b Merge pull request #8655 from SparkiDev/asn1_oid_update 
ASN.1 OIDs and sum: Change algorithm for sum
 2025-05-07 11:43:54 -07:00
Sean Parkinson
112351667a ASN.1 OIDs and sum: Change algorithm for sum 
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.

Added bunch of OID names into asn1 example.
 2025-05-07 08:32:08 +10:00
David Garske
0f4ce03c28 Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384. 2025-05-05 14:36:36 -07:00
jordan
f6f3b0a1ee linuxkm: register dh and ffdhe. 2025-04-25 21:21:26 -05:00
Daniel Pouzzner
2ec8e72579 CURVE25519_MAX_KEY_TO_DER_SZ: refactor to macro like other CURVE25519_ constants, and add FIPS clause in curve255519_der_test() to accommodate FIPS v6. 2025-04-14 18:29:22 -05:00
Sean Parkinson
9106d1275f Merge pull request #8651 from billphipps/fix_curve25519_enums 
Update to expose reasonable DER buffer sizes for Curve25519
 2025-04-15 08:34:12 +10:00
David Garske
b77bd78b5c Merge pull request #8664 from douzzer/20250411-more-libwolfssl_sources_h-2 
20250411-more-libwolfssl_sources_h-2
 2025-04-14 07:38:02 -07:00
Bill Phipps
eca0318fe8 Rename to MAX_KEY_TO_DER_SZ, set to 130. Remove Curve448 changes. 2025-04-14 09:43:55 -04:00
gojimmypi
1de73200ab Remove unreachable test code 2025-04-13 09:45:08 +02:00
Daniel Pouzzner
e7577bc2e9 wolfssl/wolfcrypt/libwolfssl_sources*.h: check if the other libwolfssl_sources*.h was included before concluding that "#error settings.h included before libwolfssl_sources.h.", and add WC_CONFIG_H_INCLUDED to inhibit multiple inclusions of config.h; 
wolfcrypt/src/port/kcapi/kcapi_aes.c: restore #include <errno.h> removed incorrectly in ed5d8f8e6b;

wolfcrypt/src/port/liboqs/liboqs.c: include libwolfssl_sources.h;

wolfcrypt/src/port/riscv/*.c: include libwolfssl_sources.h;

wolfcrypt/test/test.c: fix use of WC_TEST_RET_ENC_I() where WC_TEST_RET_ENC_EC() was required.
 2025-04-12 00:35:49 -05:00
gojimmypi
8ee7d381ec Fix hash_test() memory leak in wolfcrypt/test/test.c (#8506) 
* Fix hash_test() memory leak in wolfcrypt/test/test.c
* Escape HASH_TYPE_E comparisons
* Revised hash_test() in test.c
* Use ERROR_OUT and WC_NO_ERR_TRACE patterns, polish
* Remove placeholder init, no longer needed
* remove verbose hash_test() WOLFSSL_MSG and PRINT_HEAP_CHECKPOINT
 2025-04-11 10:37:55 -07:00