Commit Graph

30513 Commits

Author SHA1 Message Date
David Garske e4b9ac442b Merge pull request #10480 from douzzer/20260513-fixes
20260513-fixes
2026-05-13 14:35:53 -07:00
Daniel Pouzzner ffab43aa82 .wolfssl_known_macro_extras: add __CHERI_PURE_CAPABILITY__. 2026-05-13 14:41:02 -05:00
Daniel Pouzzner 5dd30c277d wolfcrypt/test/test.c: reapply lost fixes from 03cee6f2bf to aes_cbc_iv_state_test() (lost in #10404 / df5b2b6cb1). 2026-05-13 14:39:50 -05:00
Tobias Frauenschläger 97183e873a Improve Arduino CI test
* Remove test platforms not required for test coverage
* Install only required dependencies
* Make flaky configs "continue-on-error"
2026-05-13 20:59:35 +02:00
Paul Adelsbach 51540a0c79 Avoid unused variable errors in aesgcm_non12iv_test 2026-05-13 10:59:06 -07:00
JacobBarthelmeh 7e30aaddce add include of misc.h for ForceZero with ARIA port 2026-05-13 11:51:35 -06:00
JacobBarthelmeh 7ef517f4b1 update documentation comments and devcrypto aes free case 2026-05-13 11:51:35 -06:00
JacobBarthelmeh c2b6bab679 force zero on ARIA buffers after use 2026-05-13 11:51:35 -06:00
JacobBarthelmeh 43b0d0d8ab fix for handling of error case with AES devcrypto 2026-05-13 11:51:35 -06:00
JacobBarthelmeh bd178bff7c handling unaligned ChaCha input key buffer 2026-05-13 11:51:33 -06:00
JacobBarthelmeh c19dec7449 NULL check on XMALLOC return value with devcrypto_rsa.c 2026-05-13 11:36:36 -06:00
JacobBarthelmeh d592b834c5 NULL check in CAAM XMALLOC cases 2026-05-13 11:36:36 -06:00
JacobBarthelmeh 8b2b49d496 CAAM/SECO add XMALLOC NULL checks and zero KEK stack buffer 2026-05-13 11:36:36 -06:00
JacobBarthelmeh 7683edc448 update MD4 return from void to int 2026-05-13 11:36:36 -06:00
JacobBarthelmeh b34cec2205 update MD2 functions to return int instead of void 2026-05-13 11:36:36 -06:00
David Garske 497ed9843e Merge pull request #10303 from julek-wolfssl/zd/21675
ocsp: bind responder authorization to CertID issuerKeyHash
2026-05-13 10:33:17 -07:00
David Garske d6931b9f29 Merge pull request #10272 from The-Capable-Hub/wbeasley/meta-cheri-fixes
Fix support on CHERI RISC-V architecture
2026-05-13 09:33:53 -07:00
Ruby Martin c86c606bea initiallize camellia variable 2026-05-13 09:01:20 -06:00
Ruby Martin 052b0cc47b remove unnecessary null check around PskDheKe option restoration, clears dereference after null check 2026-05-13 09:01:20 -06:00
Jeremiah Mackey e346cf93cc Add SSV size coverage to sakke_op_test 2026-05-13 14:58:56 +00:00
Jeremiah Mackey cd34cefbad Reject ssvSz=0 in SAKKE public APIs 2026-05-13 14:58:56 +00:00
JeremiahM37 623ab49572 Fix sakke_xor_in_v write offset and read base 2026-05-13 14:58:56 +00:00
rizlik cbaf9c154a cryptocb: don't declare wc_Sha256Trasnform under ONLY_SHA256 2026-05-13 16:18:52 +02:00
rizlik 6c2040adba swdev: add README.md 2026-05-13 16:18:52 +02:00
rizlik e03bc94742 swdev: add AES-ECB only testing option 2026-05-13 16:18:52 +02:00
rizlik cf6c645d73 aes: CRYPTO_ONLY_AES: do keyscheduling to support GCM on ECB-only device 2026-05-13 16:18:52 +02:00
rizlik a98d4798b1 tests: swdev: api: init/deinit swdev in TestSetup/TestCleanup 2026-05-13 16:18:52 +02:00
rizlik c84ea8df88 tests: api: remove extra wolfSSL_cleanup() 2026-05-13 16:18:52 +02:00
rizlik b1a3d72854 github ci: minor rewording 2026-05-13 16:18:52 +02:00
rizlik 31891eae8f swdev: always add swdev files to EXTRA_DISK 2026-05-13 16:18:52 +02:00
rizlik 71819bcb44 swdev: pair internal wolfCrypt_Init() with wolfCrypt_Cleanup() 2026-05-13 16:18:52 +02:00
rizlik 6d4fa5919c tests:api: skip TLS_CALLBACK_TEST under CRYPTO_CB_ONLY_* 2026-05-13 16:18:52 +02:00
rizlik 799f7d438b swdev: support user_settings.h based main library builds 2026-05-13 16:18:52 +02:00
rizlik c926aafa1b swdev: add copyright headers 2026-05-13 16:18:52 +02:00
rizlik 438e512334 test: use XFREE to pair XMALLOC 2026-05-13 16:18:52 +02:00
rizlik df2fd4ec06 swdev: refcount swdev Init/Cleanup 2026-05-13 16:18:52 +02:00
rizlik ade53b0c59 CRYPTO_CB_ONLY_SHA256: fix: guard Sha256FinalRaw under CB_ONLY_SHA256 2026-05-13 16:18:52 +02:00
rizlik c5ef060139 WOLF_CRYPTO_CB_ONLY_AES: add support + swdev for testing
Modes (CTR, GCM, CCM, etc.) can be supported either directly or fallback
to invoking the crypto callback with a "direct" (ECB) mode.
Software implementation and AES tables are stripped under CB_ONLY_AES.

wc_swdev gains AES support so WOLF_CRYPTO_CB_ONLY_AES builds can be
tested.

crypto find cb support added to wc_AesSetKey in order to support current
CI tests that use INVALID_DEVID.
2026-05-13 16:18:52 +02:00
rizlik 61bfff1dac WOLF_CRYPTO_CB_ONLY_SHA256: strip software SHA-256 and dispatch via swdev
Add WOLF_CRYPTO_CB_ONLY_SHA256: when set, the SHA-256 software.
wc_Sha256FinalRaw is reduced to a stub returning NO_VALID_DEVID, and
sha256.h force-defines WOLFSSL_NO_HASH_RAW so the constant-time TLS HMAC
path falls back to its backend-opaque variant.

Incompatible with
WOLFSSL_SHA224, which aliases the SHA-256 statics; #error guard added.

Add wc_swdev support for SHA-256 for testing.
2026-05-13 16:18:51 +02:00
rizlik 65b49b2fb5 _CRYPTO_CB_ONLY_{RSA,ECC,SHA256,AES}: move WOLF_CRYPTO_CB guards to settings.h 2026-05-13 16:18:51 +02:00
rizlik 8f0d4db7d9 tests/swdev: add RSA support to wc_swdev
Extend the swdev callback to handle RSA operations: public/private encrypt
and decrypt, plus key generation.
2026-05-13 16:18:51 +02:00
rizlik 6fb617aba9 tests/swdev: add ECC support to wc_swdev
Extend the swdev callback to handle ECC operations: keygen, ECDH, sign,
verify, get-size, get-sig-size.

Relax WOLF_CRYPTO_CB_ONLY_ECC guards in the test suite so that tests run
under swdev, and wire wc_SwDev_Init/Cleanup into testsuite, client, and
server.  Two tests are intentionally kept excluded even with swdev because
they call raw ECC math primitives (wc_ecc_mulmod, on-curve validation in
wc_ecc_import_x963) that are stripped below the cryptocb dispatch layer:

  - ecc_mulmod_test (wolfcrypt/test/test.c)
  - test_wc_ecc_import_x963_off_curve (tests/api/test_ecc.c)
2026-05-13 16:18:51 +02:00
rizlik 0f82b9e5fb tests/swdev: add scaffolding for WOLF_CRYPTO_CB_ONLY_* testing
Add a software crypto-callback device (wc_swdev) that lets the wolfcrypt
test suite run under WOLF_CRYPTO_CB_ONLY_* flags without per-test devId
plumbing.  The bundle is a separately-compiled second copy of wolfcrypt
(software implementations enabled, WOLF_CRYPTO_CB_ONLY_* stripped) linked
into testwolfcrypt as a single relocatable object; every symbol is demoted
to local via objcopy --keep-global-symbol except wc_SwDev_Callback, so there
is no collision with the main libwolfssl.

A find callback routes unbound operations (devId == INVALID_DEVID) to the
swdev while letting real device IDs pass through.

wc_SwDev_Init / wc_SwDev_Cleanup hooks are wired into wolfcrypt/test/test.c.
cryptocb_test's WOLF_CRYPTO_CB_FIND and WOLF_CRYPTO_CB_ONLY_RSA blocks are
gated off under WOLFSSL_SWDEV.

Enable via --enable-swdev (requires --enable-cryptocb).
2026-05-13 16:18:51 +02:00
Tobias Frauenschläger 12070eb032 Merge pull request #10473 from douzzer/20260512-fips-gating-fixes
20260512-fips-gating-fixes
2026-05-13 16:15:30 +02:00
Tobias Frauenschläger 61e7e07720 Move membrowse CI workflows to install-apt-deps action 2026-05-13 15:49:32 +02:00
Juliusz Sosinowicz f2bfa1b932 ci: switch direct apt usage to install-apt-deps action
multi-arch.yml and linuxkm.yml were installing apt packages with inline
shell commands. Replace them with the install-apt-deps composite action
for consistent retry behavior and caching.
2026-05-13 11:26:33 +00:00
Tobias Frauenschläger d11b5cd648 Add timeout to membrowse CI tests 2026-05-13 12:07:03 +02:00
Tobias Frauenschläger d88ce69082 Minor error handling fixes in client and server examples 2026-05-13 09:50:12 +02:00
Sean Parkinson 58c41b6d57 Merge pull request #10458 from philljj/fix_GetShortInt
asn: fix GetShortInt for asn original.
2026-05-13 16:44:38 +10:00
Sean Parkinson cef3187fdb Merge pull request #10456 from padelsbach/lms-xmss-sw-fallback-fix
Fix LMS and XMSS cryptocb software fallback
2026-05-13 16:43:41 +10:00