Commit Graph

2084 Commits

Author SHA1 Message Date
Daniel Pouzzner 6040cd7915 configure.ac: fix to allow SHAKE force-off FIPS lean-aesgcm setup. 2026-04-25 12:34:25 -05:00
Daniel Pouzzner 0bfa206b74 configure.ac: for FIPS v6 setup, explicitly set WOLFSSL_NOSHA512_224 and WOLFSSL_NOSHA512_256;
wolfssl/wolfcrypt/hash.h: when WOLFSSL_NOSHA512_{224,256}, gate out prototypes for wc_Sha512_{224,256}Hash[_ex](), to shift build failures from link-time to compile-time.
2026-04-25 12:21:26 -05:00
Daniel Pouzzner 363bb0e216 configure.ac:
* allow for fips-dev in v7|ready|dev ENABLED_SHA256_DRBG and ENABLED_SHA512_DRBG setup and change from AC_MSG_WARN to AC_MSG_ERROR if user tries to disable outside fips-dev;
* set ENABLED_SHA512_DRBG=no in lean-aesgcm setup;

wolfcrypt/test/test.c: suppress concurrency-mt-unsafe in myFipsCb();

 .wolfssl_known_macro_extras: fix lexical order.
2026-04-25 11:47:25 -05:00
David Garske 426dc7bb76 Merge pull request #10236 from Roy-Carter/feature/enhance_conf_and_max_size
Enhance extra user data value and external cookie length max size
2026-04-24 14:42:44 -07:00
kaleb-himes 08fd7bde58 PQ FIPS v7.0.0 Phase 2 & 3: All changes
Implement peer review feedback
2026-04-24 06:52:49 -06:00
David Garske e05ce26fc9 wolfCrypt SRAM PUF Support
Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.

- **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`)
  - `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct`
  - `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint)
  - `wc_PufZeroize` (secure context cleanup)
  - `wc_PufSetTestData` (synthetic SRAM for testing without hardware)
- **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
- **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
- **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded)
- `./configure --enable-puf` (auto-enables HKDF dependency)
- CMake: `WOLFSSL_PUF=yes`
- `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM`
- See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
- Supports test mode (synthetic SRAM)
- Builds to ~13KB `.elf`
- Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
- `.github/workflows/puf.yml`: host build + test workflow for PUF feature
- Doxygen API docs for all 8 public functions
- PUF group added to `doxygen_groups.h`
2026-04-22 11:39:39 -07:00
Roy Carter 16fd8d4910 FIx: trailing white spaces fails the job 2026-04-18 11:15:05 +03:00
Roy Carter 8342738f02 Fix: PR notes fixes 2026-04-17 22:24:48 +03:00
Tobias Frauenschläger 0de3925207 Add RFC8773bis cert_with_extern_psk support
Implement RFC8773bis (draft-ietf-tls-8773bis-13)
cert_with_extern_psk for TLS 1.3, including protocol checks
and API support.

Includes unit tests for API and handshake behavior as well
as tests in the testsuite using extended examples.
2026-04-17 15:12:04 +02:00
Roy Carter 9365248d6d Refactor - allow configurating more than 99 , since large platforms which use high scale of operations require more than 99 index options back from SSL_get_ex_new_index 2026-04-16 12:58:08 +03:00
night1rider 1078e797f8 Fix CMake SHE deps, const-correctness in CryptoCb uid, stale comment, XSTRLEN double call, configure.ac AES-CBC guard, and add LoadKey/LoadKey_Verify test coverage 2026-04-15 11:28:03 -06:00
night1rider f081a08c5c Address comments from bigbrett and Fenrir bot. Rename she.{c,h} to wc_she.{c,h}, fix naming consistency, auto-enable CMAC/AES dependencies, add WC_SHE_SW_DEFAULT opt-inAddress PR #10009 review comments from bigbrett and Fenrir 2026-04-15 11:28:03 -06:00
night1rider ee7fe9e1b1 SHE API: remove key storage from context, add direct output params 2026-04-15 11:28:03 -06:00
night1rider eeedc470e9 Add SHE (Secure Hardware Extension) support to wolfCrypt 2026-04-15 11:27:44 -06:00
David Garske 1a67eb7223 Merge pull request #9851 from night1rider/setkey-callbacks
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
Daniel Pouzzner 1df26161a7 configure.ac: exclude AES-EAX from --enable-all-crypto when --enable-afalg. 2026-04-14 23:09:21 -05:00
night1rider 1295f4fe0e Add WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY crypto callback
utilities for generic SetKey and ExportKey operations on HMAC, RSA, ECC,
  and AES. Add wc_ecc_size/wc_ecc_sig_size callback hooks for hardware-only
  keys. Integrate into configure.ac as --enable-cryptocbutils=setkey,export
  options with CI test configurations in os-check.yml.

  Add test handlers in test.c and api.c with export/import delegation
  pattern, small-stack-safe allocations, custom curve support, and
  DEBUG_CRYPTOCB helpers.
2026-04-14 16:21:50 -06:00
Daniel Pouzzner fc4ce8b256 linuxkm: implement LKCAPI shims for wolfCrypt-native AES-CCM.
also, minor fixes:

linuxkm/lkcapi_aes_glue.c: in linuxkm_test_aescfb(), call the appropriate aes_cfb_test(), not aes_cfb_test().
linuxkm/lkcapi_glue.c: fix bugprone-macro-parentheses in REGISTER_ALG_OPTIONAL().
linuxkm/module_hooks.c: in updateFipsHash(), add suppression for clang-diagnostic-cast-function-type-strict warnings around actually-safe function pointer casts in call to wc_fips_generate_hash().
2026-04-10 22:19:35 -05:00
David Garske 51cd66d0e8 Merge pull request #10106 from BrianAker/fix/remove-unused-m4
Remove unused m4 macros and update AX_PTHREAD
2026-04-10 08:56:24 -07:00
David Garske a91096501f Merge pull request #10153 from sebastian-carpenter/GH-10067
do not enable TLSX with --enable-ech
2026-04-09 11:43:52 -07:00
JacobBarthelmeh 719e98f717 prepare for release 5.9.1 2026-04-08 07:34:41 -06:00
sebastian-carpenter faf93cba85 do not enable TLSX with --enable-ech 2026-04-07 12:40:38 -06:00
Daniel Pouzzner 60d1e222b2 globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
Daniel Pouzzner 68eaf67767 Merge pull request #10061 from anhu/fips23
Not just FIPS 140-2, 3 as well.
2026-04-01 18:03:09 -05:00
Brian Aker dd84a70bee Remove unused m4 macros and update AX_PTHREAD
Remove the unused AX_CHECK_LIBRARY and REQUIRE_CANONICAL macros from m4/, and stop calling AC_CANONICAL_TARGET from configure.ac since this tree no longer needs target canonicalization.

Update m4/ax_pthread.m4 to the latest AX_PTHREAD macro from the autoconf archive, which brings the host-based canonicalization checks used by the current upstream macro.
2026-03-30 19:02:12 -07:00
Anthony Hu 2d29608f28 Not just FIPS 140-2, 3 as well. 2026-03-24 14:20:57 -04:00
David Garske 328822b447 Merge pull request #10047 from Frauschi/mldsa_no_ctx
Guard old non-ctx ML-DSA API by default
2026-03-24 09:26:24 -07:00
Tobias Frauenschläger 3fd13b819d Guard old non-ctx ML-DSA API by default 2026-03-24 11:16:22 +01:00
Daniel Pouzzner 799637689b configure.ac: fix stray tabs. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner d70839506b refactor wc_Hash* so that known wc_HashType values are unconditionally defined in enum wc_HashType, and always either succeed if used properly, or return HASH_TYPE_E if gated out or used improperly; add detailed error code tracing in wolfcrypt/src/hash.c. 2026-03-23 13:01:38 -05:00
Daniel Pouzzner 2b47453800 configure.ac: add SHAKE_DEFAULT, following ENABLED_SHA3, with a FIPS v6 threshold. 2026-03-20 14:53:05 -05:00
Daniel Pouzzner b68991195f configure.ac:
* don't default-enable ML-KEM if SHA3/SHAKE are explicitly disabled at user request, or if FIPS <7.
* move ML-KEM flag setup after FIPS setup (like SHA3 and SHAKE flag setup) to allow FIPS overrides.
* remove the unused and misleading "v6-ready" FIPS flavor, and fix v6-dev to get the v6 version triplet.
2026-03-20 14:53:05 -05:00
Chris Conlon 8b388ba3e3 Merge pull request #10011 from mattia-moffa/20260319-jni-no-md5
Don't force enable MD5 with --enable-jni
2026-03-19 14:16:18 -06:00
David Garske 255f14bab9 Merge pull request #9732 from Frauschi/pqc_first
Enable and use ML-KEM by default
2026-03-19 12:38:36 -07:00
Mattia Moffa 5ad9f1f684 Don't force enable MD5 with --enable-jni 2026-03-19 02:37:46 +01:00
JacobBarthelmeh a08fa98adc prepare for release 5.9.0 2026-03-18 16:18:12 -06:00
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
David Garske 96661a5dab Merge pull request #9977 from JacobBarthelmeh/multi-test
Minor fixes for nightly multi-test tool
2026-03-16 14:31:39 -07:00
Daniel Pouzzner 49796a5159 configure.ac: don't include enable_ocsp_responder in enable-all if $enable_sha = no, remove enable_ocsp_responder from enable-all-crypto setup, and remove superseded fixup clause for ENABLED_OCSP_RESPONDER with ENABLED_SHA = no.
.wolfssl_known_macro_extras: remove unneeded WOLFSSL_PYTHON.
2026-03-16 10:20:48 -05:00
JacobBarthelmeh eaa6db9462 account for --enable-all-crypto and --disable-sha build now having OCSP responder 2026-03-16 00:06:13 -06:00
Tobias Frauenschläger 3b4e51c150 ML-KEM Wconversion fixes
* fix -Wconversion warnings
* allow APIs without RNG usage in case WC_NO_RNG is defined
2026-03-13 21:22:48 +01:00
JacobBarthelmeh 156db7dd2d Merge pull request #9831 from julek-wolfssl/pytho-3.13.4
Fixes to run python with --enable-all
2026-03-13 10:50:23 -06:00
Juliusz Sosinowicz 4578e1390f Implement OCSP responder
OCSP Responder Core API:

- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM

Header Cleanup:

- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h

OCSP Responder Example (examples/ocsp_responder/):

- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client

Test Scripts (scripts/):

- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling

Certificate Infrastructure (certs/ocsp/):

- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions

Known Limitations (documented in src/ocsp.c header comment):

  - Single request/response per OCSP exchange only
  - Key-hash responder ID only (no name-based responder ID)
  - No singleExtensions support
2026-03-11 10:21:16 +01:00
Daniel Pouzzner e8a53c2e6d Merge pull request #9941 from kaleb-himes/v6-wolfentropy-combofix
Ensure user-space wolfentropy builds of the v6 module compile the cor…
2026-03-10 19:36:52 -05:00
Kaleb Himes 4d1b603587 Implement peer review feedback. 2026-03-10 14:15:42 -06:00
kaleb-himes b2520f120f Ensure user-space wolfentropy builds of the v6 module compile the correct resource 2026-03-10 10:48:43 -06:00
Sean Parkinson 39b34333d6 FIPS 205, SLH-DSA: implementation
Adding implementation of SLH-DSA.
Included optimizations for Intel x64.
Some tests added.
2026-03-09 19:06:34 +10:00
Juliusz Sosinowicz 3084305200 Remove qt from enable-all as its defines are disruptive for most OSP's 2026-03-06 08:27:41 +01:00
Daniel Pouzzner cc2fdda54c Merge pull request #9734 from SparkiDev/mlkem_mldsa_harden
ML-KEM/ML-DSA: harden against fault attacks
2026-03-05 21:34:39 -06:00
Sean Parkinson 65a1a68877 ML-KEM/ML-DSA: harden against fault attacks
ML-DSA: check pointer to the y parameter has not be faulted.
ML-KEM: to harden against faultiong, use a different buffer for private
seed, sigma, and add a check that the buffer was copied correctly.
SHA-3: fix size of check variables.
2026-03-06 08:44:08 +10:00