Commit Graph

29626 Commits

Author SHA1 Message Date
David Garske a629ef1fdf Merge pull request #10356 from space88man/fix-rhel10-lto
rpm packaging: RHEL10 + LTO needs gcc-toolset-15
2026-05-05 09:14:22 -07:00
Daniel Pouzzner d93a5ee194 linuxkm/linuxkm-fips-hash-wrapper.sh: fix whitespace. 2026-05-05 11:02:13 -05:00
Daniel Pouzzner 610b109241 fixes for fips#379 and related:
linuxkm/Makefile, linuxkm/linuxkm-fips-hash-wrapper.sh, linuxkm/linuxkm_memory.c: refactor coreKey extraction to use ELF tools rather than WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE and user_settings.h.

linuxkm/module_hooks.c: add stack measurement for wc_RunAllCast_fips().

tests/api/test_slhdsa.c: frivolous initialization to work around a false positive -Wmaybe-uninitialized in slhdsa_der_roundtrip_one().

wolfcrypt/src/wc_slhdsa.c,  wolfssl/wolfcrypt/wc_slhdsa.h:
* refactor lifecycle management for SHA-2 objects to fix a leak via wc_SlhDsaKey_CheckKey().
* add support for WC_SLHDSA_NO_ASM.
* add WOLFSSL_SLHDSA_VERIFY_ONLY gates around prototypes, to get compile-time failures for misuse.

wolfcrypt/test/test.c:
* clean up myFipsCb() and restore usability of TEST_ALWAYS_RUN_TO_END with bad FIPS hash (useful test coverage).
* add wc_RunAllCast_fips() to wolfcrypt_test().
* when WOLFSSL_KERNEL_MODE or BENCH_EMBEDDED, force on WOLFSSL_SLHDSA_VERIFY_ONLY unless WOLFSSL_SLHDSA_FORCE_FULL_TESTS is defined.

wolfssl/wolfcrypt/settings.h:
* add WC_MLKEM_NO_ASM to WOLFSSL_LINUXKM section to work around asm bug.
* remove clause in WOLFSSL_KERNEL_MODE section that forced on WOLFSSL_SLHDSA_VERIFY_ONLY.
2026-05-05 11:02:13 -05:00
David Garske f7d3a486c3 Merge pull request #10029 from danielinux/wolfboot-integration-tests
Add github workflow to check for wolfboot regressions
2026-05-05 08:38:32 -07:00
Thomas Cook 5e0cb5eab3 Merge branch 'master' into lpc55s69_crypto 2026-05-05 10:20:39 -04:00
Thomas Cook 0b95406037 Set NO_WOLFSSL_SHA256_INTERLEAVE when lpc55s69 hw accel is enabled 2026-05-05 10:20:21 -04:00
Thomas Cook 30fc5887ee Address PR comments 2026-05-05 10:20:21 -04:00
Thomas Cook 9605d96ccb Fix rsa acceleration exponent issue, turn back on. 2026-05-05 10:20:21 -04:00
Thomas Cook 83799e3767 Fix multi-test issues 2026-05-05 10:20:21 -04:00
Thomas Cook 1e2ab2c7c8 more pr fixes 2026-05-05 10:20:21 -04:00
Thomas Cook b7b0215070 cleanup around passing external build flags 2026-05-05 10:20:20 -04:00
Thomas Cook 55f61de8d3 Merge branch 'master' into make_rpm_fix 2026-05-05 10:12:05 -04:00
Daniele Lacamera 59a0ec4a94 Correctly detect expected failures 2026-05-05 15:10:56 +02:00
Daniele Lacamera d633a76de3 Properly copy wolfssl as wolfBoot lib/ submodule 2026-05-05 14:18:39 +02:00
Daniele Lacamera 8b9bb6b3c6 Migrate wolfboot integration tests to new wolfboot-ci container 2026-05-05 14:01:49 +02:00
Daniele Lacamera e8ccb5c8a2 Address more comments, pin renode to v 1.15.3 2026-05-05 13:03:42 +02:00
Daniele Lacamera cc85d5a656 Addressed copilot's comment 2026-05-05 13:03:42 +02:00
Daniele Lacamera c7684acb6c Renode docker: fixed permission 2026-05-05 13:03:42 +02:00
Daniele Lacamera 2c7bc0d1b3 Removed toLower 2026-05-05 13:03:42 +02:00
Daniele Lacamera b695dd37b4 Remove artifact upload, address copilot's, fix docker boundary 2026-05-05 13:03:42 +02:00
Daniele Lacamera b69ea6659b Add github workflow to check for wolfboot regressions 2026-05-05 13:03:41 +02:00
Jeremiah Mackey 3f371828c6 tests: cover private-key flag rejection on export 2026-05-05 04:36:16 +00:00
Jeremiah Mackey 6a1b737dae PKCS7 PWRI decrypt: parse PBKDF2 prf 2026-05-05 04:36:16 +00:00
Jeremiah Mackey 9f79f79d86 wc_Entropy_GetRawEntropy: hold entropy_mutex 2026-05-05 04:36:16 +00:00
Jeremiah Mackey 19ff338be9 mp_cond_swap_ct: branchless masked XOR 2026-05-05 04:36:16 +00:00
Thomas Cook dde0d56416 Fix a few issues with "make rpm" 2026-05-04 18:38:39 -04:00
David Garske 02dfd12466 Merge pull request #10376 from rlm2002/coverity
20260501 Coverity Fixes
2026-05-04 15:15:11 -07:00
sebastian-carpenter 61ba5378fe TLS ECH compliance fixes 2026-05-04 15:46:18 -06:00
Daniel Pouzzner 5ffdb9f6b9 Merge pull request #10295 from lealem47/hal_xtime
Allow custom time functions on STM32
2026-05-04 13:22:50 -05:00
Jeremiah Mackey f3c3687efc wc_hash2sz: fix SHA-224 size to 28 2026-05-04 17:18:39 +00:00
Jeremiah Mackey cf9f852db6 validate preconditions at public API boundary 2026-05-04 17:18:39 +00:00
Tobias Frauenschläger 1411046a98 Retry hostap tests up to 2 times to reduce flakyness 2026-05-04 18:41:36 +02:00
night1rider 25c8a9aad5 workflow tests for zephyr 4.3 and 4.1 2026-05-04 09:39:04 -06:00
Chris Conlon fe4473fbea Add ML-DSA SPKI/PKCS#8 DER support to d2i_PUBKEY and d2i_PrivateKey. 2026-05-04 09:24:02 -06:00
JacobBarthelmeh f3496ca2d3 add macro to known macro extras list 2026-05-04 09:05:38 -06:00
Tobias Frauenschläger bbcfa97144 SLH-DSA Wconversion fixes 2026-05-04 13:58:00 +02:00
Tobias Frauenschläger 1093a36bc3 Fix flaky tcp bind on Windows test runs
Windows test code pre-picked a random port via GetRandomPort() (returning
a value in [49152, 65535]) before calling bind(), with no check that the
port was free and no retry on collision. Under load this occasionally
collided with an already-bound port and aborted the test with
"tcp bind failed", producing intermittent Jenkins failures (e.g. PRB
windows-test-v2 #17140 in the OCSP responder test).

The Unix path already does the right thing: bind to port 0 (OS-assigned
ephemeral) and read the port back via getsockname(). The same primitives
exist in Winsock 1.1, so drop the USE_WINDOWS_API guard around the
getsockname block in tcp_listen()/udp_accept() and remove the per-caller
GetRandomPort() workarounds in the OCSP responder, server example, and
the api.c / test_ossl_bio.c test sites. socklen_t is already typedef'd
as int on Windows in test.h.

GetRandomPort() itself is left in place since it is a static inline in a
shipped public test header.
2026-05-04 10:35:04 +02:00
Tobias Frauenschläger 3524ece54e Fix PQC key exchange with multiple KEM key shares 2026-05-04 10:32:45 +02:00
Takashi Kojo 691900ac05 Improve argument descriptions 2026-05-02 10:31:03 +09:00
Takashi Kojo 582f505abf test_mldsa_x509_pubkey_sigtype to TEST_MLDSA_DECLS 2026-05-02 08:19:19 +09:00
Takashi Kojo 048a2e66e1 check candidate runnability before probing ML-DSA support 2026-05-02 08:15:22 +09:00
Takashi Kojo 69854c1cfd Fix for the comments 2026-05-02 08:15:22 +09:00
Takashi Kojo 1a6dee2bb3 Add ML-DSA to X509_get_pubkey and EVP_PKEY_base_id 2026-05-02 08:13:08 +09:00
Takashi Kojo 4c04ba306b fix error case in d2iTryAltDhKey 2026-05-02 08:13:08 +09:00
JacobBarthelmeh da440d19a8 account for FIPS ready build and SE050 test 2026-05-01 16:00:19 -06:00
Daniel Pouzzner 7b5330391b Merge pull request #10051 from anhu/mp_int_bounds
Add bounds checks for MP integer size in SizeASN_Items
2026-05-01 15:32:18 -05:00
Ruby Martin 3137d62cf3 fix issue where ToTraditional_ex may assign negative value to *pkeySz 2026-05-01 14:06:51 -06:00
Ruby Martin 00e1fa651f Adds tmpSz so int is not cast to word32 in wc_d2i_PKCS12 2026-05-01 13:36:33 -06:00
Ruby Martin 001939d663 Call ForceZero on sensitive buffers 2026-05-01 13:36:33 -06:00
JacobBarthelmeh b3e9e51967 extra sanity check for hash of all 0's 2026-05-01 13:27:39 -06:00