Commit Graph

24454 Commits

Author SHA1 Message Date
David Garske f0b3c2955e Merge pull request #8412 from SparkiDev/mlkem_kyber_small_mem
ML-KEM/Kyber: small memory usage
2025-02-04 11:45:01 -08:00
David Garske 1d0855fbe0 Merge pull request #8420 from douzzer/20250204-fix-null-ptr-increments
20250204-fix-null-ptr-increments
2025-02-04 11:11:19 -08:00
Daniel Pouzzner b466bde5d0 src/internal.c and src/ssl.c: in CheckcipherList() and ParseCipherList(), refactor "while (next++)" to "while (next)" to avoid clang21 UndefinedBehaviorSanitizer "applying non-zero offset 1 to null pointer". 2025-02-04 12:07:29 -06:00
David Garske 6141b5060d Merge pull request #8418 from gojimmypi/pr-post-release-239b85c80-espressif
Espressif Managed Component wolfSSL 5.7.6 post-release update
2025-02-04 07:47:14 -08:00
David Garske 93cb9c4a5e Merge pull request #8417 from SparkiDev/tls13_hrr_keyshare_comments
TLS 1.3 HRR KeyShare: Improve comments
2025-02-04 06:20:24 -08:00
Sean Parkinson 316177a7f1 ML-KEM/Kyber: small memory usage
Options to compile ML-KEM/Kyber to use less dynamic memory.
Only available with C code and has small performance trade-off.
2025-02-04 10:51:56 +10:00
Sean Parkinson 92491e6368 TLS 1.3 HRR KeyShare: Improve comments
HelloRetryRequest has the key exchange group it wants to use.
A KeyShare for that group must not have been in the ClientHello.
2025-02-04 10:16:27 +10:00
gojimmypi 962260af9d Espressif Managed Component wolfSSL 5.7.6 post-release update 2025-02-03 15:34:33 -08:00
Sean Parkinson eb15a1213c Merge pull request #8416 from embhorn/zd19323
Clear old ssl->error after retry
2025-02-04 08:54:10 +10:00
Sean Parkinson 7898cce43c Merge pull request #8407 from embhorn/zd19346
Fix compat layer ASN1_TIME_diff to accept NULL output params
2025-02-04 08:43:50 +10:00
Eric Blankenhorn e9892c22a2 Clear old ssl->error after retry 2025-02-03 14:18:09 -06:00
Eric Blankenhorn b488af1d34 Fix compat layer ASN1_TIME_diff to accept NULL output params 2025-01-31 15:55:35 -06:00
JacobBarthelmeh 275becab6f Merge pull request #8406 from julek-wolfssl/krb5-spake-testing
Add spake to kerberos 5 testing
2025-01-31 13:45:36 -07:00
JacobBarthelmeh 4891d1c471 Merge pull request #8400 from ColtonWilley/add_trusted_cert_pem_parsing
Add support for parsing trusted PEM certs
2025-01-31 10:53:51 -07:00
Juliusz Sosinowicz a48f7ce276 Add spake to kerberos 5 testing 2025-01-31 18:28:31 +01:00
JacobBarthelmeh 4abba81315 Merge pull request #8405 from anhu/thanks_tobiasbrunner
Fix some typoes around Kyber and Dilithium
2025-01-31 10:05:14 -07:00
Anthony Hu f86b19dd30 Fix some typoes around Kyber and Dilithium 2025-01-31 10:13:39 -05:00
David Garske e7a0340eea Merge pull request #8395 from SparkiDev/asm32_asm_older_opt
ARM32 ASM: optimize older platform alternatives
2025-01-30 15:47:25 -08:00
Colton Willey cb0779f151 Add trusted cert to generation script and include.am 2025-01-30 15:29:59 -08:00
Sean Parkinson 3f47963802 Merge pull request #8396 from douzzer/20250129-CT-tweaks
20250129-CT-tweaks
2025-01-31 09:10:22 +10:00
JacobBarthelmeh 6181559d83 Merge pull request #8401 from douzzer/20250130-UHAVE_FFDHE_2048
20250130-UHAVE_FFDHE_2048
2025-01-30 15:55:25 -07:00
Colton Willey a0950e97f5 Add tests for trusted certificate banner 2025-01-30 14:42:41 -08:00
Daniel Pouzzner 3a6b33c180 tests/api.c and wolfcrypt/benchmark/benchmark.c: fixes for building with HAVE_FFDHE_3072 and/or HAVE_FFDHE_4096 but without HAVE_FFDHE_2048. 2025-01-30 15:02:02 -06:00
Colton Willey c4288cc334 Add support for parsing PEM certificates with begin trusted cert header/footer, needed for wolfProvider. 2025-01-30 11:34:02 -08:00
JacobBarthelmeh eb7bac3cd0 Merge pull request #8399 from julek-wolfssl/cov-fixes-30-01-2025
Cov fixes
2025-01-30 11:56:36 -07:00
JacobBarthelmeh 9641dc79d9 Merge pull request #8398 from douzzer/20250130-ASCON-unit-test-fixes
20250130-ASCON-unit-test-fixes
2025-01-30 10:57:05 -07:00
Juliusz Sosinowicz c36d23029f dtls: malloc needs to allocate the size of the dereferenced object 2025-01-30 18:32:22 +01:00
Juliusz Sosinowicz 9a8bc248de dtls: remove dead code 2025-01-30 18:32:22 +01:00
Juliusz Sosinowicz 3cd64581eb dtls: better sanitize incoming messages in stateless handling 2025-01-30 18:32:22 +01:00
JacobBarthelmeh f7b76002c2 Merge pull request #8397 from SparkiDev/kyber_no_malloc
ML-KEM/Kyber: build with no malloc
2025-01-30 10:06:13 -07:00
Juliusz Sosinowicz e4b7a53191 api: make sure len doesn't overrun the input buffer 2025-01-30 18:01:51 +01:00
Juliusz Sosinowicz 2865b0c79b api: check fd values as recv and send can't take in negative fd 2025-01-30 18:01:10 +01:00
Juliusz Sosinowicz d91141fe05 api: pass in sizeof(tmp) instead of 1024 to attempt to satisfy Coverity 2025-01-30 18:00:32 +01:00
Juliusz Sosinowicz 2590aebfd9 dtls13: don't overrun hdr->epoch 2025-01-30 17:59:48 +01:00
Daniel Pouzzner 49d2beed1a fixes for gating/tooling around ASCON. 2025-01-30 10:48:23 -06:00
Sean Parkinson b62f5ab722 ML-KEM/Kyber: build with no malloc
ML-KEM/Kyber van now be built with WOLFSSL_NO_MALLOC and all data is on
the stack.
2025-01-30 18:11:55 +10:00
Daniel Pouzzner 0de38040f4 CT tweaks:
in wolfcrypt/src/coding.c, add ALIGN64 to hexDecode[], and add hexEncode[] for use by Base16_Encode();

in wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h:

move ctMask*() up so that min() and max() can use them, and add ctMaskWord32GTE();

add ALIGN64 to kHexChar[];

add CT implementation of CharIsWhiteSpace();

remove min_size_t() and max_size_t() recently added, but only one user (refactored).
2025-01-30 01:24:40 -06:00
Daniel Pouzzner dd7ec129af fixes for gating/tooling around ASCON. 2025-01-30 01:23:26 -06:00
Sean Parkinson 2d06e67a64 ARM32 ASM: optimize older platform alternatives
Make the alternative instructions for architectures less than 7 more
optimal.
2025-01-30 16:58:13 +10:00
Anthony Hu 25c8869541 Merge pull request #8390 from SparkiDev/lms_sha256_192_l1_h20
LMS: Fix SHA-256-192 level 1, height 20
2025-01-29 18:20:50 -05:00
Sean Parkinson 871c05e0e2 Merge pull request #8307 from julek-wolfssl/ascon
Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 ipd
2025-01-30 08:39:59 +10:00
Juliusz Sosinowicz bcde4bdebb ascon: move tests to api.c and introduce framework to split up api.c 2025-01-29 15:50:00 +01:00
Juliusz Sosinowicz cd047a35f2 fixup! Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 ipd 2025-01-29 12:21:28 +01:00
Juliusz Sosinowicz b0ab7f0d26 ascon: use individual word64 to help compiler 2025-01-29 11:49:09 +01:00
Juliusz Sosinowicz 78a7d12955 ascon: use lowercase first letters for members 2025-01-29 11:38:31 +01:00
Juliusz Sosinowicz f47bbfc174 ascon: error out when word64 not available 2025-01-29 11:36:33 +01:00
Juliusz Sosinowicz 76e29be1a9 ascon: remove 6 round perm as its not used 2025-01-29 11:33:11 +01:00
Juliusz Sosinowicz 028b5b3cda Fix references to match NIST draft 2025-01-29 11:31:34 +01:00
Juliusz Sosinowicz 3e65b927dd fixup! ascon: added forced permutation unroll 2025-01-29 11:26:04 +01:00
Juliusz Sosinowicz 1018144ece fixup! Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 ipd 2025-01-29 11:24:29 +01:00