Sean Parkinson
c9c28335ae
EdDSA Ed448: sc_muladd now does full reduction
...
sc_muladd was reducing to word boundary and not to order.
Now reduces to order as last step.
2024-12-12 08:33:35 +10:00
Daniel Pouzzner
d825b08e16
Merge pull request #8275 from SparkiDev/aarch64_poly1305_fix
...
Aarch64 Poly1305: fix corner case
2024-12-11 16:24:36 -06:00
Daniel Pouzzner
88241f1a2c
Merge pull request #8267 from ColtonWilley/pkcs11_cert_support
...
PKCS11 cert support
2024-12-11 16:04:58 -06:00
Daniel Pouzzner
ee4366acc5
Merge pull request #8162 from redbaron/find-threads
...
CMAKE: look for pthreads when importing wolfSSL if required
2024-12-11 14:36:04 -06:00
Colton Willey
2039d6371f
Remove redundant NULL check
2024-12-11 12:25:35 -08:00
Daniel Pouzzner
2ea2e6bf59
Merge pull request #8233 from ColtonWilley/x509_store_add_cert_ref_count
...
Use proper ref count handling when adding to x509 store
2024-12-11 11:54:29 -06:00
JacobBarthelmeh
2749884fdc
defining custom config avoids warning of library builds pulling in options.h
2024-12-11 09:50:52 -07:00
JacobBarthelmeh
45992164d6
make new sanity check be a warning
2024-12-11 09:46:39 -07:00
Sean Parkinson
c0f3b433b2
Aarch64 Poly1305: fix corner case
...
Don't mask top 26 bits as it may have next bit set as reduction step was
only approximate.
2024-12-11 12:49:21 +10:00
Anthony Hu
762c36687f
Add a test.
2024-12-10 21:21:41 -05:00
Sean Parkinson
7ef328548d
Merge pull request #8274 from douzzer/20241210-update-wolfssl_known_macro_extras
...
20241210-update-wolfssl_known_macro_extras
2024-12-11 10:45:11 +10:00
JacobBarthelmeh
59ea24f915
Merge pull request #8225 from gojimmypi/pr-espressif-improve-sha-msg
...
Improve Espressif SHA HW/SW mutex messages
2024-12-10 17:30:03 -07:00
Daniel Pouzzner
6a05ba7cce
.wolfssl_known_macro_extras: regenerate
2024-12-10 17:20:24 -06:00
JacobBarthelmeh
1208a7499b
Merge pull request #8272 from douzzer/20241210-fixes
...
20241210-fixes
2024-12-10 13:35:09 -07:00
Daniel Pouzzner
d257a59087
add support for WOLFSSL_NO_OPTIONS_H:
...
* activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o.
* refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG.
* add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H).
* for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c.
2024-12-10 13:02:37 -06:00
Colton Willey
00386c76bf
No redundant NULL check on free
2024-12-10 09:43:03 -08:00
JacobBarthelmeh
e443366748
Merge pull request #8270 from julek-wolfssl/actions-ubuntu-22.04
...
Revert to ubuntu-22.04
2024-12-10 09:14:00 -07:00
Juliusz Sosinowicz
1d2acd9de6
Revert to ubuntu-22.04
2024-12-10 16:27:41 +01:00
JacobBarthelmeh
0772cf692d
Merge pull request #8262 from embhorn/zd18968
...
Add sanity check for configuration method
2024-12-09 21:22:54 -07:00
Colton Willey
0c20a20acc
Use char instead of sword8, sanity length check on CKA_VALUE
2024-12-09 16:09:04 -08:00
Daniel Pouzzner
ba59f1af19
wolfssl/wolfcrypt/settings.h: use #warning, not #error, for "No configuration for wolfSSL detected, check header order", to avoid unnecessary breakage of old projects with nonstandard custom settings.
2024-12-09 17:04:38 -06:00
gojimmypi
7bc026540b
Improve Espressif SHA HW/SW mutex messages
2024-12-09 14:51:18 -08:00
Colton Willey
0cda59e00e
Add support for cert format in get cert crypto callback
2024-12-09 14:32:02 -08:00
David Garske
c4e319b092
Cleanup the gating for WOLFSSL_NO_AES_CFB_1_8.
2024-12-09 13:51:51 -08:00
Andras Fekete
ff66998575
Fix memory leak
2024-12-09 16:24:38 -05:00
Colton Willey
c83c9e68c9
Updates per review comments
2024-12-09 13:10:32 -08:00
Daniel Pouzzner
e248d8499a
move !defined(EXTERNAL_OPTS_OPENVPN) assert from src/internal.c to wolfssl/wolfcrypt/types.h with refinements; refine logic+message of assert in wolfssl/wolfcrypt/settings.h re "wolfssl/options.h included in compiled wolfssl library object..".
2024-12-09 15:02:41 -06:00
Colton Willey
324b87614e
Initial implementation for using PKCS11 to retrieve certificate for SSL CTX
2024-12-09 12:15:41 -08:00
Eric Blankenhorn
fcce09a4d3
Fix from review
2024-12-09 12:59:37 -06:00
Eric Blankenhorn
c77bea6691
Disable hitch OSP test
2024-12-09 12:45:54 -06:00
Eric Blankenhorn
3d0cc250b9
Add sanity check for configuration method
2024-12-09 12:03:25 -06:00
JacobBarthelmeh
67fb29a6f6
Merge pull request #8255 from julek-wolfssl/nss-interop
...
Add nss interop
2024-12-09 09:52:07 -07:00
David Garske
314f7575fa
Fixes for macro names.
2024-12-09 08:30:47 -08:00
Juliusz Sosinowicz
aa662ad50a
fix redirect order
2024-12-09 13:38:07 +01:00
Juliusz Sosinowicz
a3be826895
use unique key
2024-12-09 13:38:07 +01:00
Juliusz Sosinowicz
3275ebf54b
add shebang
2024-12-09 13:37:20 +01:00
Juliusz Sosinowicz
0961be7711
Add CID interop with mbedtls
2024-12-09 13:37:18 +01:00
Juliusz Sosinowicz
ba4d1e6815
Add nss interop
2024-12-09 12:42:32 +01:00
Juliusz Sosinowicz
0e8320347c
CID also supported in DTLS 1.2
2024-12-09 12:09:54 +01:00
David Garske
017f931f8b
Various cleanups and fixes:
...
* Fix to properly set configure.ac LMS/XMSS enables and build of those code files.
* Remove duplicate aes.c `wc_AesSetKeyLocal` call to `wc_AesSetIV`. Moved earlier in function in commit a10260ca5f .
* Benchmark missing time.h with NO_ASN_TIME.
* Added option to support disabling AES CFB 1/8 `WOLFSSL_NO_AES_CFB_1_8`.
* Fixes for building with combinations of `WOLFSSL_RSA_VERIFY_ONLY` and `WOLFSSL_RSA_PUBLIC_ONLY`.
* Fix for building `--enable-stacksize=verbose` with single threaded.
* Various tab and formatting cleanups.
ZD 18996
2024-12-06 16:45:33 -08:00
JacobBarthelmeh
f764dbeee1
Merge pull request #8254 from douzzer/20241204-WOLF_AGG_DUMMY_MEMBER
...
20241204-WOLF_AGG_DUMMY_MEMBER
2024-12-06 14:07:32 -07:00
Daniel Pouzzner
0ad072a34b
src/internal.c: in HashSkeData(), remove unneeded logically faulty nullness check around XFREE(ssl->buffers.digest.buffer, ...).
2024-12-06 13:01:40 -06:00
Daniel Pouzzner
0381a47d7e
peer review: refactor HAVE_ANONYMOUS_INLINE_AGGREGATES and HAVE_EMPTY_AGGREGATES to conform to wolfssl convention -- defined() for true, !defined() for false -- while retaining ability for user override-off by passing in explicit 0 definition.
2024-12-06 13:01:40 -06:00
Daniel Pouzzner
447d5ea6ee
fips-check.sh: add support for WOLFSSL_REPO and noautogen option; tweak git fetching to keep wolfssl and fips tags distinct, and fetch all needed tags by name to assure availability for checkout. also, hide stdout noise from pushd/popd.
2024-12-06 13:01:40 -06:00
Daniel Pouzzner
aec0345f90
update fips-check.sh for cert #4718 : remap linuxv5 as an alias for linuxv5.2.1, and add linuxv5-RC12.
2024-12-06 13:01:40 -06:00
Daniel Pouzzner
27e0df040f
src/ssl_crypto.c: revert FIPS gate threshold in wolfSSL_AES_decrypt() changed in d85c108952 -- original value was correct, misdiagnosed by faulty test.
2024-12-06 13:01:40 -06:00
Daniel Pouzzner
3dcc12b30a
wolfssl/wolfcrypt/types.h and wolfssl/wolfcrypt/hash.h: define WOLF_AGG_DUMMY_MEMBER, pivoting on HAVE_EMPTY_AGGREGATES, and use WOLF_AGG_DUMMY_MEMBER in wc_Hashes.
2024-12-06 13:01:40 -06:00
Daniel Pouzzner
37acac2eb3
configure.ac: fix SC1105 ("Shells disambiguate (( differently or not at all.").
2024-12-06 13:01:40 -06:00
Daniel Pouzzner
66c874bded
configure.ac: add --enable-fips=cert4718 alias for v5, and make --enable-fips=v5 set FIPS to 5.2.1; set DEF_FAST_MATH and DEF_SP_MATH to "no" when "yes" would conflict with user-supplied arguments.
2024-12-06 13:01:40 -06:00
JacobBarthelmeh
86b24ef6fa
Merge pull request #8261 from julek-wolfssl/libspdm-action
...
Add libspdm action
2024-12-06 11:44:14 -07:00