Commit Graph

29647 Commits

Author SHA1 Message Date
Tobias Frauenschläger 9b0ea68ab8 Minor refactoring in TLSX_PopulateExtensions 2026-05-16 10:41:27 +02:00
Tobias Frauenschläger 9f85d21ee3 Align preferredGroup array with TLSX_PopulateSupportedGroups() 2026-05-16 10:41:27 +02:00
David Garske 460a87119e Merge pull request #10351 from rizlik/cryptocbonly
CRYPTOCB_ONLY: add test infra + SHA256 + AES
2026-05-14 10:37:39 -07:00
David Garske d0073d9e5c Merge pull request #10326 from sebastian-carpenter/tls-ech-maxnamelen
Add maximum_name_length to TLS ECH padding
2026-05-14 09:15:38 -07:00
Daniel Pouzzner 00fe73b2ca Merge pull request #10484 from SparkiDev/arm32_neon_chacha20_align_fix
ARM32 NEON ChaCha20: alignment fix
2026-05-14 08:54:09 -05:00
Sean Parkinson 81cce394db Merge pull request #10440 from JeremiahM37/gh10423
fix NO_VERIFY_OID build in GetOID
2026-05-14 20:02:06 +10:00
Sean Parkinson 31a76d333b Merge pull request #10468 from JeremiahM37/fenrir-wolfcrypt-api-hardening
wolfCrypt API hardening: input validation, key zeroization, hardware ports
2026-05-14 20:00:39 +10:00
Sean Parkinson 8d08ff8926 Merge pull request #10428 from kareem-wolfssl/gh10271_10313
tls13.c fixes + Add configure and CMake options for WOLF_CRYPTO_CB_RSA_PAD.
2026-05-14 19:56:23 +10:00
Sean Parkinson a7beb20675 Merge pull request #10451 from Frauschi/fix/client-nonblocking-resume-err
Minor error handling fixes in client and server examples
2026-05-14 19:53:32 +10:00
Sean Parkinson 75f32a336c Merge pull request #10442 from JeremiahM37/zd21783
Fix SAKKE OOB write and correctness gap in sakke_hash_to_range
2026-05-14 19:51:52 +10:00
Sean Parkinson 233c3e9130 Merge pull request #10474 from Frauschi/membrowse_timeout
Add timeout to membrowse CI tests
2026-05-14 19:48:54 +10:00
Sean Parkinson e1840c6f83 ARM32 NEON ChaCha20: alignment fix
vldm and vstm assume an 32-bit alignment.
Change to use vld1 and vst1.
2026-05-14 19:39:10 +10:00
David Garske c450bdb381 Merge pull request #10471 from JacobBarthelmeh/cavium_octeon
fix Octeon AES-GCM J0 derivation when ivSz is a non-12-byte non-zero …
2026-05-13 15:25:11 -07:00
David Garske 121387ab25 Merge pull request #10479 from padelsbach/aesgcm-unused-vars
Avoid unused variable errors in aesgcm_non12iv_test
2026-05-13 14:36:07 -07:00
David Garske e4b9ac442b Merge pull request #10480 from douzzer/20260513-fixes
20260513-fixes
2026-05-13 14:35:53 -07:00
Daniel Pouzzner ffab43aa82 .wolfssl_known_macro_extras: add __CHERI_PURE_CAPABILITY__. 2026-05-13 14:41:02 -05:00
Daniel Pouzzner 5dd30c277d wolfcrypt/test/test.c: reapply lost fixes from 03cee6f2bf to aes_cbc_iv_state_test() (lost in #10404 / df5b2b6cb1). 2026-05-13 14:39:50 -05:00
Paul Adelsbach 51540a0c79 Avoid unused variable errors in aesgcm_non12iv_test 2026-05-13 10:59:06 -07:00
David Garske 497ed9843e Merge pull request #10303 from julek-wolfssl/zd/21675
ocsp: bind responder authorization to CertID issuerKeyHash
2026-05-13 10:33:17 -07:00
David Garske d6931b9f29 Merge pull request #10272 from The-Capable-Hub/wbeasley/meta-cheri-fixes
Fix support on CHERI RISC-V architecture
2026-05-13 09:33:53 -07:00
Jeremiah Mackey e346cf93cc Add SSV size coverage to sakke_op_test 2026-05-13 14:58:56 +00:00
Jeremiah Mackey cd34cefbad Reject ssvSz=0 in SAKKE public APIs 2026-05-13 14:58:56 +00:00
JeremiahM37 623ab49572 Fix sakke_xor_in_v write offset and read base 2026-05-13 14:58:56 +00:00
rizlik cbaf9c154a cryptocb: don't declare wc_Sha256Trasnform under ONLY_SHA256 2026-05-13 16:18:52 +02:00
rizlik 6c2040adba swdev: add README.md 2026-05-13 16:18:52 +02:00
rizlik e03bc94742 swdev: add AES-ECB only testing option 2026-05-13 16:18:52 +02:00
rizlik cf6c645d73 aes: CRYPTO_ONLY_AES: do keyscheduling to support GCM on ECB-only device 2026-05-13 16:18:52 +02:00
rizlik a98d4798b1 tests: swdev: api: init/deinit swdev in TestSetup/TestCleanup 2026-05-13 16:18:52 +02:00
rizlik c84ea8df88 tests: api: remove extra wolfSSL_cleanup() 2026-05-13 16:18:52 +02:00
rizlik b1a3d72854 github ci: minor rewording 2026-05-13 16:18:52 +02:00
rizlik 31891eae8f swdev: always add swdev files to EXTRA_DISK 2026-05-13 16:18:52 +02:00
rizlik 71819bcb44 swdev: pair internal wolfCrypt_Init() with wolfCrypt_Cleanup() 2026-05-13 16:18:52 +02:00
rizlik 6d4fa5919c tests:api: skip TLS_CALLBACK_TEST under CRYPTO_CB_ONLY_* 2026-05-13 16:18:52 +02:00
rizlik 799f7d438b swdev: support user_settings.h based main library builds 2026-05-13 16:18:52 +02:00
rizlik c926aafa1b swdev: add copyright headers 2026-05-13 16:18:52 +02:00
rizlik 438e512334 test: use XFREE to pair XMALLOC 2026-05-13 16:18:52 +02:00
rizlik df2fd4ec06 swdev: refcount swdev Init/Cleanup 2026-05-13 16:18:52 +02:00
rizlik ade53b0c59 CRYPTO_CB_ONLY_SHA256: fix: guard Sha256FinalRaw under CB_ONLY_SHA256 2026-05-13 16:18:52 +02:00
rizlik c5ef060139 WOLF_CRYPTO_CB_ONLY_AES: add support + swdev for testing
Modes (CTR, GCM, CCM, etc.) can be supported either directly or fallback
to invoking the crypto callback with a "direct" (ECB) mode.
Software implementation and AES tables are stripped under CB_ONLY_AES.

wc_swdev gains AES support so WOLF_CRYPTO_CB_ONLY_AES builds can be
tested.

crypto find cb support added to wc_AesSetKey in order to support current
CI tests that use INVALID_DEVID.
2026-05-13 16:18:52 +02:00
rizlik 61bfff1dac WOLF_CRYPTO_CB_ONLY_SHA256: strip software SHA-256 and dispatch via swdev
Add WOLF_CRYPTO_CB_ONLY_SHA256: when set, the SHA-256 software.
wc_Sha256FinalRaw is reduced to a stub returning NO_VALID_DEVID, and
sha256.h force-defines WOLFSSL_NO_HASH_RAW so the constant-time TLS HMAC
path falls back to its backend-opaque variant.

Incompatible with
WOLFSSL_SHA224, which aliases the SHA-256 statics; #error guard added.

Add wc_swdev support for SHA-256 for testing.
2026-05-13 16:18:51 +02:00
rizlik 65b49b2fb5 _CRYPTO_CB_ONLY_{RSA,ECC,SHA256,AES}: move WOLF_CRYPTO_CB guards to settings.h 2026-05-13 16:18:51 +02:00
rizlik 8f0d4db7d9 tests/swdev: add RSA support to wc_swdev
Extend the swdev callback to handle RSA operations: public/private encrypt
and decrypt, plus key generation.
2026-05-13 16:18:51 +02:00
rizlik 6fb617aba9 tests/swdev: add ECC support to wc_swdev
Extend the swdev callback to handle ECC operations: keygen, ECDH, sign,
verify, get-size, get-sig-size.

Relax WOLF_CRYPTO_CB_ONLY_ECC guards in the test suite so that tests run
under swdev, and wire wc_SwDev_Init/Cleanup into testsuite, client, and
server.  Two tests are intentionally kept excluded even with swdev because
they call raw ECC math primitives (wc_ecc_mulmod, on-curve validation in
wc_ecc_import_x963) that are stripped below the cryptocb dispatch layer:

  - ecc_mulmod_test (wolfcrypt/test/test.c)
  - test_wc_ecc_import_x963_off_curve (tests/api/test_ecc.c)
2026-05-13 16:18:51 +02:00
rizlik 0f82b9e5fb tests/swdev: add scaffolding for WOLF_CRYPTO_CB_ONLY_* testing
Add a software crypto-callback device (wc_swdev) that lets the wolfcrypt
test suite run under WOLF_CRYPTO_CB_ONLY_* flags without per-test devId
plumbing.  The bundle is a separately-compiled second copy of wolfcrypt
(software implementations enabled, WOLF_CRYPTO_CB_ONLY_* stripped) linked
into testwolfcrypt as a single relocatable object; every symbol is demoted
to local via objcopy --keep-global-symbol except wc_SwDev_Callback, so there
is no collision with the main libwolfssl.

A find callback routes unbound operations (devId == INVALID_DEVID) to the
swdev while letting real device IDs pass through.

wc_SwDev_Init / wc_SwDev_Cleanup hooks are wired into wolfcrypt/test/test.c.
cryptocb_test's WOLF_CRYPTO_CB_FIND and WOLF_CRYPTO_CB_ONLY_RSA blocks are
gated off under WOLFSSL_SWDEV.

Enable via --enable-swdev (requires --enable-cryptocb).
2026-05-13 16:18:51 +02:00
Tobias Frauenschläger 12070eb032 Merge pull request #10473 from douzzer/20260512-fips-gating-fixes
20260512-fips-gating-fixes
2026-05-13 16:15:30 +02:00
Tobias Frauenschläger 61e7e07720 Move membrowse CI workflows to install-apt-deps action 2026-05-13 15:49:32 +02:00
Tobias Frauenschläger d11b5cd648 Add timeout to membrowse CI tests 2026-05-13 12:07:03 +02:00
Tobias Frauenschläger d88ce69082 Minor error handling fixes in client and server examples 2026-05-13 09:50:12 +02:00
Sean Parkinson 58c41b6d57 Merge pull request #10458 from philljj/fix_GetShortInt
asn: fix GetShortInt for asn original.
2026-05-13 16:44:38 +10:00
Sean Parkinson cef3187fdb Merge pull request #10456 from padelsbach/lms-xmss-sw-fallback-fix
Fix LMS and XMSS cryptocb software fallback
2026-05-13 16:43:41 +10:00