wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 14:22:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,695 Commits 12 Branches 184 Tags
dc2e2631bcd93b6ccf81902ff62637825aa7f18e
Commit Graph

24695 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
dc2e2631bc linuxkm: various fixes for LKCAPI wrapper for AES-CBC (now passing kernel-native 
self-test and crypto fuzzer), and de-experimentalize it.

wolfssl/wolfcrypt/types.h: add definitions for WOLFSSL_WORD_SIZE_LOG2.

wolfcrypt/src/misc.c: fix xorbuf() to make the XorWords() reachable; also,
  refactor integer division and modulus ops as masks and shifts, and add pragma
  to suppress linuxkm FORTIFY_SOURCE false positive -Wmaybe-uninitialized.
 2025-03-05 17:56:08 -06:00
Daniel Pouzzner
7d102a1816 Merge pull request #8530 from SparkiDev/test_dual_alg_support_dates_fix 
Test daul alg support: set before and after dates
 2025-03-05 17:55:38 -06:00
Daniel Pouzzner
9fc7e42554 Merge pull request #8507 from SparkiDev/ct_fixes_3 
Constant time code: improved implementations
 2025-03-05 15:17:23 -06:00
Sean Parkinson
eaa61c2208 Test daul alg support: set before and after dates 
Must set before and after dates into certificate structure as creation
of certificate does not fill in those fields but uses the current time.
The current time may change by a second between signings.
 2025-03-05 16:15:55 +10:00
David Garske
a073868cf0 Merge pull request #8527 from SparkiDev/sp_int_asm_fixes_1 
SP int: inline asm improvements and mont reduce simplifications
 2025-03-04 14:45:16 -08:00
David Garske
49122f36e9 Merge pull request #8526 from gasbytes/add-middlebox-compat-to-enable-jni 
Enable TLS 1.3 middlebox compatibility by default with --enable-jni
 2025-03-04 09:11:28 -08:00
Sean Parkinson
caf801f211 SP int: inline asm improvements and mont reduce simplifications 
SP int inline asm:
- allow input variables to be either registers or memory for Intel
x86/x64 (minor performance improvement)
  - don't have memory in clobber list if output variables are registers
- remove empty clobber line in arm32/thumb2 code for old versions of
gcc
_sp_mont_red():
  - simplify the code by not using extra variables
  - don't add to j in for loop check.
 2025-03-04 16:16:26 +10:00
David Garske
9b16ed5da4 Merge pull request #8518 from lealem47/evp_update_null_cipher 
Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate
 2025-03-03 14:03:57 -08:00
David Garske
2b099daee0 Merge pull request #8511 from SparkiDev/intel_sha_not_avx1 
SHA256: Intel flags has SHA but not AVX1 or AVX2
 2025-03-03 13:59:10 -08:00
Reda Chouk
3e5e81c45f Enable TLS 1.3 middlebox compatibility by default with --enable-jni 
Adding -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT flag to the default
compilation flags when --enable-jni is used.

Related PRs in other repositories:
- wolfSSL/wolfssljni#255
- wolfSSL/testing#845
 2025-03-03 14:12:20 +01:00
David Garske
72d08a1a79 Merge pull request #8522 from douzzer/20250228-fixes 
20250228-fixes
 2025-02-28 18:17:31 -08:00
Daniel Pouzzner
058014b3eb src/ssl.c: add missing !NO_WOLFSSL_SERVER gate around wolfSSL_get_servername(). 2025-02-28 19:07:03 -06:00
Daniel Pouzzner
d6b5c8e8ee src/ssl_asn1.c: fix misspelling cause by overbroad search+replace. 2025-02-28 18:25:41 -06:00
Daniel Pouzzner
de6ac319cc .wolfssl_known_macro_extras: remove unneeded entries. 2025-02-28 18:01:49 -06:00
Lealem Amedie
59a987aa00 Remove trailing whitespace 2025-02-28 16:06:24 -07:00
Daniel Pouzzner
9c3816089c tests/api.c: disable test_wolfSSL_OCSP_parse_url() if WOLFSSL_SM2 || WOLFSSL_SM3. 2025-02-28 15:58:54 -06:00
Daniel Pouzzner
50a3be6df7 wolfcrypt/src/sp_int.c. src/ssl_asn1.c. src/internal.c: rename several declarations to avoid shadowing global functions, for the convenience of obsolete (pre-4v8) gcc -Wshadow. 2025-02-28 15:29:58 -06:00
Daniel Pouzzner
f7b911f5cd src/ssl.c, src/internal.c: fix leak in wolfSSL_get_ciphers_compat(): fix gating (OPENSSL_EXTRA, not OPENSSL_ALL) in FreeSuites() re .suitesStack and .clSuitesStack, and similarly fix gating on the implementation of wolfSSL_sk_SSL_CIPHER_free(() and related. 
src/ssl_sess: suppress false positive clang-analyzer-unix.Malloc "Argument to 'free()' is the address of a global variable".
 2025-02-28 15:23:43 -06:00
Lealem Amedie
08a314e57e Add test src file to CMake build 2025-02-28 11:54:19 -07:00
Lealem Amedie
22221e5007 Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate 2025-02-28 11:44:30 -07:00
Daniel Pouzzner
7698546531 Merge pull request #8515 from SparkiDev/test_sha512_be 
Tests api.c: sha512 big endian
 2025-02-28 00:51:54 -06:00
Sean Parkinson
14651edae0 Tests api.c: sha512 big endian 
Don't need to reverse bytes for SHA-512 Transform API.
 2025-02-28 14:58:43 +10:00
Sean Parkinson
4f8a39cbcf Merge pull request #8498 from rizlik/ocsp_fixes 
OCSP openssl compat fixes
 2025-02-28 13:42:50 +10:00
Daniel Pouzzner
d63a180f95 Merge pull request #8513 from SparkiDev/api_c_split_ciphers 
Test api.c: split out MACs and ciphers
 2025-02-27 14:00:36 -06:00
Marco Oliverio
194db7e844 tests: gate ocsp test on SM2 || SM3 
we don't properly support SM2 and SM3 hash algo id properly yet
 2025-02-27 19:38:46 +00:00
Marco Oliverio
83f5644549 ocsp: Fix OcspEncodeCertID SetAlgoID return check 2025-02-27 19:38:44 +00:00
Marco Oliverio
814f0f8a09 Refactor CERT_ID encoding as per review comments 2025-02-27 12:50:37 +00:00
Sean Parkinson
48300352c6 Test api.c: split out MACs and ciphers 2025-02-27 15:52:39 +10:00
Sean Parkinson
7d0ef5bd42 Merge pull request #8512 from douzzer/20250226-fixes 
20250226-fixes
 2025-02-27 14:48:05 +10:00
Daniel Pouzzner
f7ddc49487 linuxkm/linuxkm_wc_port.h: add #error if the user tries to use the kernel crypto fuzzer with FIPS AES-XTS (kernel bug). 
src/internal.c: fix shiftTooManyBitsSigned in DefTicketEncCb().

tests/api/test_sha256.c and wolfssl/wolfcrypt/sha256.h: gate raw transform APIs (wc_Sha256Transform(), wc_Sha256FinalRaw()) and tests on !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH).

move enum wc_HashFlags from wolfssl/wolfcrypt/hash.h to wolfssl/wolfcrypt/types.h to resolve circular dependency detected by cross-armv7m-armasm-thumb-fips-140-3-dev-sp-asm-all-crypto-only.

add FIPS_VERSION_GE(7,0) gates to new null-arg tests in test_wc_Shake{128,256}_*().

optimize ByteReverseWords() for cases where only one operand is unaligned, and add correct handling of unaligned data in ByteReverseWords64() to resolve unaligned access sanitizer report in cross-aarch64_be-all-sp-asm-unittest-sanitizer.
 2025-02-26 20:55:56 -06:00
Sean Parkinson
0a6a8516f9 Merge pull request #8488 from dgarske/stm32h7s 
Support for STM32H7S (tested on NUCLEO-H7S3L8)
 2025-02-27 10:34:41 +10:00
Sean Parkinson
a0d6afbb04 Merge pull request #8505 from jmalak/ow-fixes 
various fixes for Open Watcom build
 2025-02-27 10:31:19 +10:00
Daniel Pouzzner
183d9b44d1 Merge pull request #8509 from kaleb-himes/WCv6.0.0-RC4-CHECKIN 
Disable XTS-384 as an allowed use in FIPS mode
 2025-02-26 18:24:12 -06:00
Sean Parkinson
c290907228 Merge pull request #8510 from wolfSSL/devin-lifeguard/update-rules-d59f9c48 
Update Devin Lifeguard rules
 2025-02-27 09:40:48 +10:00
Sean Parkinson
99f25c6399 Merge pull request #8494 from Laboratory-for-Safe-and-Secure-Systems/various 
Various fixes and improvements
 2025-02-27 09:40:06 +10:00
Sean Parkinson
b104887042 SHA256: Intel flags has SHA but not AVX1 or AVX2 
Reversal of bytes when IS_INTEL_SHA only is same as when AVX1 or AVX2.
 2025-02-27 09:25:13 +10:00
David Garske
92ed003a58 Merge pull request #8502 from SparkiDev/pkcs_pad 
PKCS Pad: public API to do PKCS padding
 2025-02-26 15:17:50 -08:00
David Garske
512f928650 Fix cast warnings with g++. 2025-02-26 14:45:23 -08:00
Sean Parkinson
f204ac8363 PKCS Pad: public API to do PKCS padding 
PKCS padding adds length of padding as repeated padding byte.
Use the new function in all places.
 2025-02-27 08:28:53 +10:00
devin-ai-integration[bot]
615d7229b0 Update Devin Lifeguard rules 2025-02-26 22:19:57 +00:00
David Garske
307b71c0f4 Merge pull request #8508 from SparkiDev/arm_asm_sha512_384 
ARM ASM: available for SHA-384 only too
 2025-02-26 14:11:27 -08:00
David Garske
557abcf76a Support for STM32H7S (tested on NUCLEO-H7S3L8). It supports hardware crypto for RNG, Hash, AES and PKA. Added future config option for DTLS v1.3. Support DTLS v1.3 only reduce code size (tested with: ./configure --enable-dtls13 --enable-dtls --disable-tlsv12 CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE"). 2025-02-26 14:00:48 -08:00
kaleb-himes
738462a6f0 Remove redundent gates 2025-02-26 12:03:25 -07:00
kaleb-himes
b8a383469a Disable 192-bit tests in FIPS mode 2025-02-26 11:09:31 -07:00
kaleb-himes
9063093993 Disable XTS-384 as an allowed use in FIPS mode 2025-02-26 07:38:45 -07:00
Tobias Frauenschläger
75d63071df Fix memory leak in handshake 
Make sure peer dilithium keys are properly freed.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-26 15:34:00 +01:00
Tobias Frauenschläger
491e70be7a PSK fix 
Fix compilation in case PSK is enabled, not Session tickets are
disabled.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-26 15:33:59 +01:00
Tobias Frauenschläger
3d4ec1464b Minor Dilithium fix 
Fix compilation in case caching is enabled.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-26 15:33:59 +01:00
Tobias Frauenschläger
af4017132d LMS fixes 
* Add support for CMake
* Add support for Zephyr
* Make sure the internal key state is properly handled in case a public
  key is imported into a reloaded private key.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-26 15:33:59 +01:00
Tobias Frauenschläger
9db5499dbd Update CryptoCb API for Dilithium final standard 
Add context and preHash metadata.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
 2025-02-26 15:33:59 +01:00