Commit Graph

11359 Commits

Author SHA1 Message Date
Maxim Kostin 3b198babe3 Add Tropic01_Deinit call in wolfCrypt_Cleanup for proper resource management 2025-06-16 20:27:15 +02:00
Maxim Kostin 172728bf7f Refactor Tropic01 interface: clean up code formatting and improve function declarations 2025-06-16 20:27:15 +02:00
kosmax871 5696582add Update README.md 2025-06-16 20:27:15 +02:00
Maxim Kostin 375af753aa Changes for the PR https://github.com/wolfSSL/wolfssl/pull/8812 2025-06-16 20:27:15 +02:00
Maxim Kostin 2f210b3907 Refactor TROPIC01 integration: update README, enhance pairing key handling, and improve error messages 2025-06-16 20:27:15 +02:00
Maxim Kostin 296bfd258c README.md added 2025-06-16 20:27:15 +02:00
Maxim Kostin 0eecfbfb35 ed25519 fixes 2025-06-16 20:27:15 +02:00
Maxim Kostin cd76615e49 added support of ED25519 2025-06-16 20:27:15 +02:00
kosmax871 7c1980fe01 some fixes and updates 2025-06-16 20:27:15 +02:00
kosmax871 b13fdaa05e Draft of readme.md 2025-06-16 20:27:15 +02:00
Maxim Kostin 385be1c08a added support for Tropic01 crypto callbacks 2025-06-16 20:27:15 +02:00
Juliusz Sosinowicz 9a576d9e2e Fix CI failures 2025-06-16 19:07:58 +02:00
Juliusz Sosinowicz aca6da66f6 Set default seedCb when not FIPS 2025-06-16 17:39:22 +02:00
Juliusz Sosinowicz 37554a13db Updates for OpenSSH 10.0p2
- random.c: use getrandom when available and fall back to direct file access
- openssh.yml: run more tests
- openssh.yml: add 10.0p2 and 9.9p2
- configure.ac: detect if `getrandom` is available on the system
- configure.ac: openssh requires WC_RNG_SEED_CB to always use `getrandom` so that the RNG doesn't get killed by SECCOMP
2025-06-13 18:06:19 +02:00
Koji Takeda ff1baf0ae7 Apply stronger salt length for PBES2 2025-06-14 00:45:03 +09:00
David Garske c5e63b84ca Merge pull request #8840 from douzzer/20250605-linuxkm-DRBG-multithread-round-1
20250605-linuxkm-DRBG-multithread-round-1
2025-06-12 13:17:54 -07:00
David Garske 2fc1110a13 Merge pull request #8587 from lealem47/gh8574
Fix bug in ParseCRL_Extensions
2025-06-12 12:09:52 -07:00
David Garske bfdce3a345 Merge pull request #8832 from SparkiDev/aarch64_xfence
Aarch64 XFENCE
2025-06-12 11:53:55 -07:00
David Garske 6571f42cb9 Merge pull request #8867 from JacobBarthelmeh/rng
Improvements to RNG and compatibility layer
2025-06-11 14:31:53 -07:00
Sean Parkinson 1c85a76ddd Dilithium/ML-DSA: Fixes for casting down and uninit 2025-06-11 11:14:49 +10:00
Sean Parkinson d66863d0ac Aarch64 XFENCE
Use sb instruction instead of isb if available.
2025-06-11 09:29:20 +10:00
JacobBarthelmeh ae87afa677 Merge pull request #8857 from miyazakh/tsip_fix
fix TSIP TLS example program
2025-06-10 16:26:34 -06:00
JacobBarthelmeh 47cf634965 add a way to restore previous pid behavior 2025-06-10 16:12:09 -06:00
JacobBarthelmeh 31490ab813 add sanity checks on pid with RNG 2025-06-10 14:37:11 -06:00
JacobBarthelmeh 047f0bb5fc Merge pull request #8847 from gojimmypi/pr-platformio-cert-bundles
Improve PlatformIO Certificate Bundle Support
2025-06-10 10:23:07 -06:00
Sean Parkinson cb90b78688 ML-DSA: fix tests for different configs
Setting the private key into SSL object requires signing to be
available.
Only enable the parameters that are compiled in.
2025-06-10 20:44:27 +10:00
Koji Takeda 0260ff789b Clarify supported PKCS12 encryption algorithms 2025-06-09 12:03:47 +09:00
Hideki Miyazaki 0404447bd8 fix typo 2025-06-07 12:46:22 +09:00
Hideki Miyazaki 1f8efc3c14 fix TSIP example
fix Client Certificate Verify using RSA sign/verify
2025-06-07 12:38:18 +09:00
Daniel Pouzzner ae15693fa8 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_generate() and wc_linuxkm_drbg_seed(), check retval from wc_LockMutex().
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), restore smallstack path for digest[], but use non-smallstack path for WOLFSSL_LINUXKM.
2025-06-07 07:07:20 +04:00
gojimmypi 3254f56d32 Improve PlatformIO Certificate Bundle Support 2025-06-06 15:48:07 -07:00
JacobBarthelmeh ae7509e746 Merge pull request #8813 from gojimmypi/espressif-mlkem-support
Adjust Espressif Examples for Post Quantum ML-KEM
2025-06-06 11:41:59 -06:00
JacobBarthelmeh 9ffca6b39c Merge pull request #8822 from kojiws/support_cert_aes_cbc_on_pkcs12_export
Support PBE_AES(256|128)_CBC certificate encryptions on wc_PKCS12_create()
2025-06-06 11:35:13 -06:00
Daniel Pouzzner 4572dcf9f9 tests/api/test_x509.c: in test_x509_rfc2818_verification_callback(), add dependency on HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES;
wolfcrypt/test/test.c: in lms_test(), fix -Wdeclaration-after-statement;

add .github/workflows/no-tls.yml;

.github/workflows/pq-all.yml: add smallstack scenario.
2025-06-06 17:18:50 +04:00
JacobBarthelmeh c207e2d198 Merge pull request #8838 from miyazakh/fsp_fix2
Fix Renesas SCE on RA6M4
2025-06-05 09:43:05 -06:00
Daniel Pouzzner dbc34352c7 linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_seed(), prefix the supplied seed with the CPU ID of each DRBG, to avoid duplicate states;
wolfcrypt/src/random.c: in Hash_DRBG_Generate(), always put digest[] on the stack even in WOLFSSL_SMALL_STACK configuration (it's only 32 bytes);

configure.ac: default smallstackcache on when linuxkm-defaults.
2025-06-05 16:31:46 +04:00
Sean Parkinson 640b060792 LMS: Key ID fixup
Fix implementation for extracting from private key data.
Add implementation that gets Key ID from wc_LmsKey.
2025-06-05 10:25:47 +10:00
Lealem Amedie 02a49693e2 Fix bug in ParseCRL_Extensions 2025-06-04 10:23:53 -06:00
Koji Takeda 7c33096398 Support PBE_AES256_CBC and PBE_AES128_CBC cert encryption on wc_PKCS12_create() 2025-06-04 16:43:30 +09:00
Hideki Miyazaki e633dd7537 trailing whitespace 2025-06-04 13:41:01 +09:00
Hideki Miyazaki 6d2a8b3f4c ready-for-use flag fix 2025-06-04 13:41:01 +09:00
JacobBarthelmeh c1b683f307 add clang-tidy lint comment to avoid false positive 2025-06-03 14:44:01 -06:00
gojimmypi a9db6d08f7 Adjust Espressif Examples for Post Quantum ML-KEM 2025-06-02 15:11:53 -07:00
gojimmypi 1aa97a9070 Correct Espressif default time setting 2025-06-02 15:04:49 -07:00
Daniel Pouzzner a6e9bd73e4 Merge pull request #8803 from dgarske/csr_nomalloc
Refactor to support CSR generation and signing with `WOLFSSL_NO_MALLOC`
2025-05-30 18:05:25 -05:00
Daniel Pouzzner dd6e6015ea wolfcrypt/src/wc_mlkem.c: add setup for WC_MLKEM_NO_ASM. 2025-05-30 14:51:52 -05:00
Daniel Pouzzner 8f347e68f5 wolfcrypt/src/wc_mlkem_poly.c and configure.ac: add support for WC_MLKEM_NO_ASM, and add gates to support WC_SHA3_NO_ASM;
wolfcrypt/src/sha3.c and wolfssl/wolfcrypt/sha3.h: BlockSha3() now always WOLFSSL_LOCAL (never static) to support calls from MLKEM implementation.
2025-05-30 13:31:40 -05:00
David Garske 165f868be1 Fix for warning: ‘free’ called on unallocated object ‘buf’. 2025-05-29 17:15:55 -07:00
Daniel Pouzzner 245042a342 add WC_SHA3_NO_ASM, mainly for the benefit of linuxkm-defaults and KASAN compatibility. 2025-05-29 16:21:34 -05:00
Daniel Pouzzner b9ef6c583a wolfcrypt/test/test.c: in test_dilithium_decode_level(), on early malloc failure, stay in the flow to assure cleanup;
.wolfssl_known_macro_extras: remove unneeded entry for WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC.
2025-05-28 12:48:36 -05:00