wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, #ifdef LINUXKM_LKCAPI_REGISTER, #define WOLFSSL_TEST_SUBROUTINE to nothing, and #define WC_TEST_EXPORT_SUBTESTS.
linuxkm/lkcapi_glue.c:
* add check_skcipher_driver_masking() and check_aead_driver_masking(),
* use _masking() checks in all linuxkm_test_*().
* add !WOLFSSL_AESGCM_STREAM implementation of linuxkm_test_aesgcm().
* add implementations of linuxkm_test_aesctr(), linuxkm_test_aesofb(), and linuxkm_test_aesecb()
* remove incomplete+disabled AES-CCM shim implementation.
linuxkm/module_hooks.c: pull in wolfcrypt/test/test.h if LINUXKM_LKCAPI_REGISTER.
linuxkm/Makefile: build wolfcrypt/test/test.o if ENABLED_LINUXKM_LKCAPI_REGISTER.
Makefile.am: add ENABLED_LINUXKM_LKCAPI_REGISTER to exports in BUILD_LINUXKM section.
configure.ac: add AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]); in ENABLED_LINUXKM_DEFAULTS set up, remove `-DWOLFSSL_TEST_SUBROUTINE=static` from AM_CFLAGS adds; fix whitespace.
.wolfssl_known_macro_extras: add WC_WANT_FLAG_DONT_USE_AESNI.
wolfcrypt/test/test.c: add `|| defined(WC_TEST_EXPORT_SUBTESTS)` to outermost gate, add wc_test_ prefix to render_error_message() and export it,
wolfcrypt/test/test.h: add prototype for wc_test_render_error_message(), and #ifdef WC_TEST_EXPORT_SUBTESTS, add prototypes for all the subtests.
-Wdeclaration-after-statement to .github/workflows/pq-all.yml.
rearrange code/gating in wolfcrypt/src/wc_mlkem.c:mlkemkey_encapsulate() for
clarity and to fix a -Wdeclaration-after-statement.
also, made mlkem_encapsulate_c() and mlkem_encapsulate() return error code
(currently always zero) rather than void, for consistency.
configure.ac: fix Kyber/ML-KEM option setup.
wolfcrypt/test/test.c: fix gating around modLen in rsa_test().
wolfssl/openssl/bn.h: remove superfluous WOLFSSL_SP_MATH gate around mp_int mpi
in struct WOLFSSL_BIGNUM definition.
wolfssl/wolfcrypt/wolfmath.h: add check for "Conflicting MPI settings.", add
initial check for WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_MATH to include sp_int.h,
and remove superfluous WOLFSSL_SP_MATH gate on "common math functions".
the FIPS boundary, just set up appropriate defaults.
wolfssl/wolfcrypt/wolfmath.h: if legacy math back ends aren't defined, and
NO_BIG_INT isn't defined, then always include sp_int.h, for backward compat.
defined, and issue a #error if no MPI backend gate is defined and NO_BIG_INT
is not defined either.
configure.ac:
* add support for FIPS lean-aesgcm[-{ready,dev}].
* implement handler for --enable-sha256.
* move setup for WOLFSSL_FIPS_DEV and WOLFSSL_FIPS_READY into the applicable
per-flavor sections.
* fix sensing of $ENABLED_AESGCM in FIPS setup clauses to pivot on `!= "no"`
rather than `= "yes"`, to accommodate "4bit" and other non-"yes" values.
* fix SNI_DEFAULT to be "no" if $ENABLED_TLS = no.
* fix ENABLED_DHDEFAULTPARAMS default to be $ENABLED_DH rather than yes.
wc_encrypt.c: add missing gates in wc_CryptKey() for NO_SHA256.
wolfcrypt/test/test.c: gating fixes for NO_SHA256.
wolfcrypt/benchmark/benchmark.c: basic fixes for building/running with
--disable-rng (-DWC_NO_RNG).
With the above additions and fixes, it's now a clean build, test, and benchmark,
with --disable-sha256 --enable-cryptonly --disable-hashdrbg --disable-rng
--disable-hmac, though RSA/DH/ECC benches are disabled.
as readonly in the encrypt/decrypt handlers -- clone them before setting the IV
-- for thread safety. also, remove the "experimental" designation of
--enable-linuxkm-lkcapi-register=all.
* sense assert.h and define WOLFSSL_HAVE_ASSERT_H accordingly.
* force off enable_aesgcm_stream if 32 bit armasm or riscv-asm (not yet implemented or buildable).
* add AM_CONDITIONAL([BUILD_CHACHA_NOASM, ...]) when --enable-chacha=noasm.
src/include.am: gate armasm/riscv_asm chacha files on !BUILD_CHACHA_NOASM.
tests/api.c: add missing HAVE_CHACHA&&HAVE_POLY1305 gate around test_TLSX_CA_NAMES_bad_extension().
wolfcrypt/src/chacha.c: tweak WOLFSSL_ARMASM and WOLFSSL_RISCV_ASM codepaths to also depend on !NO_CHACHA_ASM.
wolfssl/wolfcrypt/types.h: in setup for wc_static_assert(), #include <assert.h> if WOLFSSL_HAVE_ASSERT_H, >=C11, or >=C++11.
WOLFSSL_DEBUG_TRACE_ERROR_CODES support for EINVAL/ENOMEM/EBADMSG;
configure.ac: remove ENABLED_EXPERIMENTAL requirement for
--enable-linuxkm-lkcapi-register=cfb(aes);
linuxkm/module_hooks.c: omit "skipping full wolfcrypt_test" message if
wc_RunAllCast_fips() was run.
this now works, and uses armasm-accelerated _AesEcb{En,De}crypt() via
_AesXtsHelper(). also, add -DNO_CRYPT_TEST to CFLAGS in builds with
$ENABLED_CRYPT_TESTS = no.
configure.ac: add a "Conflicting asm settings" error check at end, since our configuration currently blows up if --enable-intelasm and --disable-asm are combined.
self-test and crypto fuzzer), and de-experimentalize it.
wolfssl/wolfcrypt/types.h: add definitions for WOLFSSL_WORD_SIZE_LOG2.
wolfcrypt/src/misc.c: fix xorbuf() to make the XorWords() reachable; also,
refactor integer division and modulus ops as masks and shifts, and add pragma
to suppress linuxkm FORTIFY_SOURCE false positive -Wmaybe-uninitialized.
Adding -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT flag to the default
compilation flags when --enable-jni is used.
Related PRs in other repositories:
- wolfSSL/wolfssljni#255
- wolfSSL/testing#845