Commit Graph

10421 Commits

Author SHA1 Message Date
Tobias Frauenschläger 90be76cb94 Misc fixes and improvements regarding PKCS#11 2026-01-29 18:39:15 +01:00
Tobias Frauenschläger f59a27cdc6 Support PKCS#11 ECDSA verify with stored key 2026-01-29 18:39:04 +01:00
Tobias Frauenschläger 55946d5bdf Add support for PKCS#11 version 3.2 2026-01-29 18:38:10 +01:00
Tobias Frauenschläger ee16b9506f Add support for PKCS#11 Version 3.0 and 3.1 2026-01-29 18:38:03 +01:00
Sean Parkinson bc9e37118e Regression test fixes
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.

wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
2026-01-28 07:37:29 +10:00
JacobBarthelmeh f7b5f00973 Merge pull request #9710 from rlm2002/xChaCha20_Poly1305_unitTest
Unit test updates for XChacha20-Poly1305
2026-01-27 13:56:16 -07:00
JacobBarthelmeh 4f84be8e66 Merge pull request #9715 from dgarske/rsa_key_parsing
Fix for RSA private key parsing (allowing public) and RSA keygen no malloc support
2026-01-27 13:11:14 -07:00
JacobBarthelmeh 3e7efe8be2 Merge pull request #9705 from cconlon/nameConstraints
Support for extracting and validating X.509 Name Constraints extensions
2026-01-27 10:01:48 -07:00
David Garske c8fa1e915b Fix for RSA private key parsing (allowing public) and RSA keygen no malloc support. 2026-01-26 16:06:05 -08:00
Ruby Martin 38cb14f2a9 add API unit test for XChacha20-Poly1305
Expand XChacha20-Poly1305 unit test
2026-01-26 15:33:35 -07:00
Chris Conlon 610d530e45 Add Name Constraints extension support with wolfSSL_X509_get_ext_d2i() and wolfSSL_NAME_CONSTRAINTS_check_name() 2026-01-26 10:36:05 -07:00
JacobBarthelmeh 2f388dde4c Merge pull request #9703 from dgarske/stsafe-a120-ecdhe
Fixes for STSAFE-A120 ECDHE
2026-01-23 10:59:45 -07:00
Tobias Frauenschläger 14ce7956f1 Increase test coverage
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests

Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
2026-01-23 09:27:16 +01:00
David Garske 2fb19f84e5 Fixes for STSAFE-A120 ECDHE 2026-01-22 22:46:35 +00:00
kaleb-himes 20fc2de29d Restore sanity to < SEED_BLOCK_SZ 2026-01-22 09:09:29 -07:00
kaleb-himes 20b2fd200f Address failure rates from FIPS CRNGT test by implementing alternate RCT/ADP tests
Update ret code to match docs and update docs

Replace magic numbers with appropriate define

Define MAX_ENTROPY_BITS when MEMUSE not enabled

Fix type cast windows detection

Older FIPS modules still need the old check

CodeSpell you're wrong, that is what I want to name my variable

Turn the hostap into a manual dispatch until it gets fixed

Upon closer review we can not skip the test when memuse enabled

Fix whitespace stuff found by multitest

More syntax things

Correct comments based on latest findings
2026-01-22 09:06:17 -07:00
David Garske baeffb2f6a Merge pull request #9692 from anhu/aead
wc_XChaCha20Poly1305_Init: NULL check aead, not ad
2026-01-21 17:22:32 -08:00
Anthony Hu 7d7299e254 Do not allow NULL with non-zero length. 2026-01-21 17:49:30 -05:00
David Garske 11ddec3f69 Merge pull request #9681 from tmael/wfb1_
Fix cert SW issues in Aes and rng
2026-01-21 13:41:01 -08:00
David Garske 758d74f51f Merge pull request #9687 from holtrop-wolfssl/rust-hmac-blake2
Rust wrapper: add HMAC-BLAKE2[bs] wrappers
2026-01-21 12:55:48 -08:00
Tesfa Mael 1c3816d7d8 Use seedSz < SEED_BLOCK_SZ 2026-01-21 12:09:53 -08:00
Tesfa Mael d3d2105035 Fix cert SW issues 2026-01-21 12:09:53 -08:00
David Garske f52930b844 More fixes for NO RNG and NO check key (broken in #9606 and #9576) 2026-01-21 10:31:57 -08:00
Daniel Pouzzner cc7897be0d Merge pull request #9689 from dgarske/rsa_no_rng
Fixes for RSA with no RNG
2026-01-21 11:13:03 -06:00
David Garske 98dbc56daa Merge pull request #9691 from douzzer/20260120-linuxkm-RHEL9v6-and-RDSEED-sanity-check
20260120-linuxkm-RHEL9v6-and-RDSEED-sanity-check
2026-01-21 09:03:32 -08:00
David Garske 38b0fe19a1 Improvements to code for ECDHE and peer review fixes. 2026-01-21 00:03:26 +00:00
David Garske 16fb84d0d1 Peer review fixes. Tested with brainpool. 2026-01-21 00:03:26 +00:00
David Garske 54f0ecb536 Fix for ephemeral key usage limit. 2026-01-21 00:03:26 +00:00
David Garske 384eaa48b3 Peer review fixes (thank you copilot) 2026-01-21 00:03:26 +00:00
David Garske 654901782c Peer review cleanups. ECDHE improvements. 2026-01-21 00:03:26 +00:00
David Garske 02c3086e00 Added ECDHE support 2026-01-21 00:03:26 +00:00
David Garske 09c75f25de Fixes for peer review. 2026-01-21 00:03:26 +00:00
David Garske c7ca035baf Cleanup WOLFSL_STSAFE and fix issue with multi-test macros 2026-01-21 00:03:26 +00:00
David Garske a4c2398265 Add STSAFE-A120 Support 2026-01-21 00:03:26 +00:00
Daniel Pouzzner 7048fa80d4 wolfcrypt/src/random.c and wolfssl/wolfcrypt/settings.h: fixes from CI and peer review:
* in wc_GenerateSeed_IntelRD(), use stack/register allocation for sanity_word{1,2}, and
* don't set WC_VERBOSE_RNG if WOLFSSL_DEBUG_PRINTF is missing.
2026-01-20 16:48:21 -06:00
Anthony Hu 4550814e66 wc_XChaCha20Poly1305_Init: NULL check aead, not ad 2026-01-20 16:37:20 -05:00
Daniel Pouzzner b91272c9a5 wolfcrypt/src/random.c: add sanity check in wc_GenerateSeed_IntelRD() to work around buggy RDSEED by disabling it if it generates three identical 64 bit words consecutively;
wolfssl/wolfcrypt/settings.h: if DEBUG_WOLFSSL && !WC_NO_VERBOSE_RNG, set WC_VERBOSE_RNG, and add WOLFSSL_NO_DEBUG_CERTS to allow inhibition of WOLFSSL_DEBUG_CERTS.
2026-01-20 15:24:43 -06:00
David Garske 91d9389b9f Fixes for RSA with no RNG 2026-01-20 11:05:10 -08:00
David Garske 6bdc6a7550 Merge pull request #9618 from SparkiDev/volatile_multi_statement
Multiple volatile variables in a C statement undefined
2026-01-20 10:42:49 -08:00
Josh Holtrop af0fd013a1 HMAC-BLAKE2b: avoid coverity complaints about accessing x_key out of range 2026-01-20 08:14:02 -05:00
Daniel Pouzzner e465f92905 Merge pull request #9642 from holtrop-wolfssl/hmac-blake2
Add HMAC-BLAKE2b and HMAC-BLAKE2s API functions
2026-01-19 16:49:08 -06:00
Daniel Pouzzner bfc4f6bb01 Merge pull request #9677 from dgarske/riscv_sha512
Fix for building RISC-V 64-bit without SHA512
2026-01-19 12:57:59 -06:00
Josh Holtrop e90429dbb8 HMAC-BLAKE2: avoid clang-analyzer warnings about x_key being uninitialized 2026-01-18 22:20:14 -05:00
Josh Holtrop 90c8b5c80d HMAC-BLAKE2: Use uppercase U for unsigned integer constants 2026-01-17 09:15:47 -05:00
Daniel Pouzzner 5c7f986925 Merge pull request #9670 from miyazakh/fix_selftest
Fix compilation, crypt test and unit test failures when selftest is enabled
2026-01-16 23:57:27 -06:00
David Garske 214b3c2dd7 Fix for building RISC-V 64-bit without SHA512 2026-01-16 13:07:08 -08:00
Josh Holtrop b1086a1dbc HMAC-BLAKE2[bs] - remove some spaces per review feedback 2026-01-16 10:38:49 -05:00
Zackery Backman 7a894515cb initialize i_shaCopy to prevent undefined behavior 2026-01-15 18:00:27 -07:00
David Garske f58787259c Merge pull request #9674 from douzzer/20260115-PQC-WOLFSSL_NO_MALLOC
20260115-PQC-WOLFSSL_NO_MALLOC
2026-01-15 16:18:34 -08:00
Hideki Miyazaki 8ad73d8ac1 Fix compile and crypt test failures when selftest is enabled 2026-01-16 08:55:06 +09:00