Commit Graph

11359 Commits

Author SHA1 Message Date
Daniel Pouzzner 50a0773c09 Merge pull request #8285 from LinuxJedi/gaisler
Add initial support for Gaisler-BCC with Sparc
2024-12-21 11:03:39 -06:00
Daniel Pouzzner ed18bf3deb In wolfcrypt/src/port/ and IDE/, replace remaining uses of AES_BLOCK_SIZE with WC_AES_BLOCKSIZE for compatibility with OPENSSL_COEXIST.
Automated replacement with
```
git ls-files -z wolfcrypt/src/port/ IDE/ | xargs -0 pcre2grep -l '[^_]AES_BLOCK_SIZE' | xargs sed --regexp-extended --in-place 's/([^_])AES_BLOCK_SIZE/\1WC_AES_BLOCK_SIZE/g'
```

Checked for mis-transformations with
```
git ls-files -z | xargs -0 pcre2grep '[^-[()+*/[:space:]]WC_AES_BLOCK_SIZE' | less
```

Checked for residual hits with
```
git ls-files -z | xargs -0 pcre2grep '[^_]AES_BLOCK_SIZE' | less
```

Deliberately excluded:
* ChangeLog.md -- do not alter history.
* doc/ -- do not confuse documentation with newly prefixed macro, because AES_BLOCK_SIZE is available unless -DOPENSSL_COEXIST.
* tests/api.c -- the unit tests deliberately use compatibility names, and are not compatible with -DOPENSSL_COEXIST.
* wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs -- false positive hits on C# names.
* wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs -- false positive hits on C# names.
* reference in wolfssl/wolfcrypt/aes.h that defines AES_BLOCK_SIZE when -UOPENSSL_COEXIST.
* reference in wolfssl/wolfcrypt/settings.h that defines WC_AES_BLOCK_SIZE for old FIPS when -UWC_AES_BLOCK_SIZE.
2024-12-21 10:28:18 -06:00
Daniel Pouzzner 33a47c1c04 Merge pull request #8265 from JacobBarthelmeh/armasm
armasm with opensslcoexist build
2024-12-21 10:06:27 -06:00
Daniel Pouzzner b07f2cb461 wolfcrypt/src/coding.c: fix incorrect array bounds check in CEscape(), introduced in 8bbe8a7c8a (before which there was no bounds check at all). 2024-12-21 09:47:07 -06:00
Andrew Hutchings 231cea34ef Add initial support for Gaisler-BCC with Sparc
Slight modifications and documentation to get wolfSSL working with
Gaisler Sparc CPUs and their cross-compilers.
2024-12-21 09:19:58 +00:00
JacobBarthelmeh 961453b5ee fix for free'ing up memory after use 2024-12-20 14:58:57 -07:00
JacobBarthelmeh 67f3343a5d Merge pull request #8306 from SparkiDev/kyber_no_avx2_fix
ML-KEM/Kyber: fix kyber_prf() for when no AVX2
2024-12-20 11:40:46 -07:00
JacobBarthelmeh 7cebe95138 Merge pull request #8304 from SparkiDev/regression_fixes_15
Regression testing: fixes
2024-12-20 11:29:15 -07:00
Sean Parkinson e507c466d5 ML-KEM/Kyber: fix kyber_prf() for when no AVX2
When no AVX2 available, kyber_prf() is called to produce more than one
SHAKE-256 blocks worth of ouput. Otherwise only one block is needed.
Changed function to support an outlen of greater than one block.
2024-12-20 11:03:58 +10:00
Kareem 8bbe8a7c8a Fix a couple of missing bounds checks found via code analyzer. 2024-12-19 17:01:25 -07:00
Sean Parkinson b7c1e1cf35 Regression testing: fixes
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.

wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'

tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'

tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
2024-12-20 09:25:03 +10:00
Daniel Pouzzner ed76d8ea10 Merge pull request #8297 from miyazakh/ra_jankins
Fix RA6M4 jankins failure
2024-12-18 22:18:43 -06:00
Daniel Pouzzner 122502e2b1 wolfCrypt -Wconversion expansion: fix numerous warnings, all benign, from -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion. 2024-12-18 11:51:06 -06:00
Hideki Miyazaki 39c11c269f Fix RA6M jankins failure 2024-12-18 07:37:21 +09:00
JacobBarthelmeh 613c1aa16d fix for no malloc build 2024-12-17 14:47:45 -07:00
Daniel Pouzzner f23a2f2f48 wolfcrypt/src/aes.c: add missing WOLFSSL_ARMASM gate clause around wolfCrypt_FIPS_aes_ro_sanity, necessitated by 514a92d6ee/#8293. 2024-12-17 14:17:52 -06:00
JacobBarthelmeh 87ae31b48f some additional sanity checks with harden build 2024-12-17 12:47:42 -07:00
Daniel Pouzzner 22e95081cd Merge pull request #8181 from gojimmypi/dev-compiler-message
Initialize vars & change types to appease Windows/VS
2024-12-16 23:19:05 -06:00
Daniel Pouzzner 9d7c02589f Merge pull request #8276 from SparkiDev/ed448_muladd_full_reduce
EdDSA Ed448: sc_muladd now does full reduction
2024-12-16 20:29:49 -06:00
Daniel Pouzzner fd22bfc0b7 Merge pull request #8293 from SparkiDev/aarch64_no_crypto
Aarch64: make code compile when no hardware crypto avail
2024-12-16 14:57:53 -06:00
Sean Parkinson 514a92d6ee Aarch64: make code compile when no hardware crypto avail
Detects availability of instructions for Aarch64.
2024-12-16 17:46:08 +10:00
JacobBarthelmeh ad03518aa8 armasm with opensslcoexist build 2024-12-13 17:11:32 -07:00
David Garske 71325a2a32 Revert "Aarch64: make code compile when no hardware crypto avail" 2024-12-13 13:52:53 -08:00
JacobBarthelmeh f0f50f1837 add option for additional sanity checks 2024-12-13 14:42:51 -07:00
JacobBarthelmeh d7e40e7413 Merge pull request #8264 from dgarske/various_20241206
Various cleanups and fixes
2024-12-13 13:48:10 -07:00
David Garske 79d9b2d6c3 Merge pull request #8277 from SparkiDev/aarch64_no_crypto
Aarch64: make code compile when no hardware crypto avail
2024-12-12 15:49:57 -08:00
Sean Parkinson 24bb2b7fab Aarch64: make code compile when no hardware crypto avail
Detects availability of instructions for Aarch64.
2024-12-13 09:16:11 +10:00
Kareem d4af181593 Add support for the RFC822 Mailbox attribute. 2024-12-12 12:37:32 -07:00
Daniel Pouzzner 1f1e985d73 Merge pull request #8268 from bandi13/fixMemleak
Fix memory leak
2024-12-11 16:35:38 -06:00
Sean Parkinson c9c28335ae EdDSA Ed448: sc_muladd now does full reduction
sc_muladd was reducing to word boundary and not to order.
Now reduces to order as last step.
2024-12-12 08:33:35 +10:00
Daniel Pouzzner d825b08e16 Merge pull request #8275 from SparkiDev/aarch64_poly1305_fix
Aarch64 Poly1305: fix corner case
2024-12-11 16:24:36 -06:00
Daniel Pouzzner 88241f1a2c Merge pull request #8267 from ColtonWilley/pkcs11_cert_support
PKCS11 cert support
2024-12-11 16:04:58 -06:00
Sean Parkinson c0f3b433b2 Aarch64 Poly1305: fix corner case
Don't mask top 26 bits as it may have next bit set as reduction step was
only approximate.
2024-12-11 12:49:21 +10:00
JacobBarthelmeh 59ea24f915 Merge pull request #8225 from gojimmypi/pr-espressif-improve-sha-msg
Improve Espressif SHA HW/SW mutex messages
2024-12-10 17:30:03 -07:00
Daniel Pouzzner d257a59087 add support for WOLFSSL_NO_OPTIONS_H:
* activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o.
* refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG.
* add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H).
* for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c.
2024-12-10 13:02:37 -06:00
Colton Willey 00386c76bf No redundant NULL check on free 2024-12-10 09:43:03 -08:00
Colton Willey 0c20a20acc Use char instead of sword8, sanity length check on CKA_VALUE 2024-12-09 16:09:04 -08:00
gojimmypi 7bc026540b Improve Espressif SHA HW/SW mutex messages 2024-12-09 14:51:18 -08:00
Colton Willey 0cda59e00e Add support for cert format in get cert crypto callback 2024-12-09 14:32:02 -08:00
David Garske c4e319b092 Cleanup the gating for WOLFSSL_NO_AES_CFB_1_8. 2024-12-09 13:51:51 -08:00
Andras Fekete ff66998575 Fix memory leak 2024-12-09 16:24:38 -05:00
Colton Willey c83c9e68c9 Updates per review comments 2024-12-09 13:10:32 -08:00
Colton Willey 324b87614e Initial implementation for using PKCS11 to retrieve certificate for SSL CTX 2024-12-09 12:15:41 -08:00
David Garske 017f931f8b Various cleanups and fixes:
* Fix to properly set configure.ac LMS/XMSS enables and build of those code files.
* Remove duplicate aes.c `wc_AesSetKeyLocal` call to `wc_AesSetIV`. Moved earlier in function in commit a10260ca5f.
* Benchmark missing time.h with NO_ASN_TIME.
* Added option to support disabling AES CFB 1/8 `WOLFSSL_NO_AES_CFB_1_8`.
* Fixes for building with combinations of `WOLFSSL_RSA_VERIFY_ONLY` and `WOLFSSL_RSA_PUBLIC_ONLY`.
* Fix for building `--enable-stacksize=verbose` with single threaded.
* Various tab and formatting cleanups.
ZD 18996
2024-12-06 16:45:33 -08:00
JacobBarthelmeh 1bfbdb6c7f Merge pull request #8257 from dgarske/settings_h
Fix issue with wc_lms_impl.c or wc_lms not including settings.h
2024-12-05 11:43:43 -07:00
David Garske 1e9607b65e Fixes for ML-DSA and LMS cast warnings and spelling errors. 2024-12-05 08:34:58 -08:00
JacobBarthelmeh aa32027c26 Merge pull request #8236 from philljj/zephyr_thread_type
wc_port: change zephyr struct k_thread tid member to pointer.
2024-12-05 09:29:30 -07:00
David Garske 19b486e1f7 Fix issue with wc_lms_impl.c or wc_lms not including settings.h. Caused issue enabling LMS from user_settings.h. 2024-12-05 08:15:11 -08:00
Lealem Amedie 3476425967 Fix for Compressed Keys with FIPS 2024-12-03 14:56:30 -07:00
JacobBarthelmeh 42afede3fc Merge pull request #8235 from dgarske/fix_sp_rsa_publiconly
Fixes for building with SP RSA small and RSA Public only
2024-12-02 10:39:08 -07:00