Commit Graph

29160 Commits

Author SHA1 Message Date
Chris Conlon fe4473fbea Add ML-DSA SPKI/PKCS#8 DER support to d2i_PUBKEY and d2i_PrivateKey. 2026-05-04 09:24:02 -06:00
Tobias Frauenschläger 5151a695bc Merge pull request #10373 from douzzer/20260430-ecc_test_vector_item-WC_MIN_DIGEST_SIZE
20260430-ecc_test_vector_item-WC_MIN_DIGEST_SIZE
2026-05-01 08:57:53 +02:00
Daniel Pouzzner d8797f59c4 Merge pull request #10261 from Frauschi/slh-dsa
Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
2026-04-30 23:52:36 -05:00
lealem47 8541142a10 Merge pull request #10361 from dgarske/stm32u3
Add STM32U3 hardware crypto support
2026-04-30 16:30:26 -06:00
Daniel Pouzzner 70d5d86dda wolfcrypt/test/test.c: in ecc_test_vector_item(), don't attempt wc_ecc_verify_hash() if the test vector's message (hash) is shorter than WC_MIN_DIGEST_SIZE. 2026-04-30 17:00:40 -05:00
JacobBarthelmeh fc51a38094 Merge pull request #10135 from lealem47/nid_ED
Add Ed25519/Ed448 support to EVP layer
2026-04-30 14:16:05 -06:00
David Garske 31ae5d3efd Add STM32U3 hardware crypto support for AES, Hash and TRNG. Tested on NUCLEO-U385RG-Q. 2026-04-30 09:45:44 -07:00
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
lealem47 d00a137de0 Merge pull request #10344 from douzzer/20260416-linuxkm-fips-rodata-canonify
20260416-linuxkm-fips-rodata-canonify
2026-04-30 10:19:43 -06:00
Daniel Pouzzner a057975347 Merge pull request #10293 from Frauschi/liboqs_removal
Remove liboqs for ML-KEM and ML-DSA, update for Falcon
2026-04-30 09:04:11 -05:00
Daniel Pouzzner 76080d0b19 Merge pull request #10292 from Frauschi/liblms_libxmss_removal
Remove deprecated liblms and libxmss
2026-04-30 09:01:24 -05:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
Daniel Pouzzner 43e44cb418 Merge pull request #10270 from space88man/fix-spec
Update RPM spec for changes in examples and cmake
2026-04-29 18:33:41 -05:00
Daniel Pouzzner c782db3cc9 Merge pull request #10158 from Roy-Carter/feature/libevent_integration
Libevent integration for OpenSSL compatibility layer
2026-04-29 18:22:07 -05:00
Daniel Pouzzner 5dbf2e7382 linuxkm/linuxkm_memory.c: in wc_fips_generate_hash(), fix handling of failed hmac_update() in text segment loop;
linuxkm/module_hooks.c: in wolfssl_init() DEBUG_LINUXKM_PIE_SUPPORT section, render stabilized_rodata_hash;

in my_kallsyms_lookup_name(), gate kprobe failure messages behind WOLFSSL_LINUXKM_VERBOSE_DEBUG.
2026-04-29 17:35:11 -05:00
Tobias Frauenschläger e1fefcca4f Remove deprecated liblms and libxmss 2026-04-29 19:52:09 +02:00
Daniel Pouzzner 9aec51d00b Merge pull request #10334 from lealem47/acme
Add TLS-ALPN-01 challenge cert support (RFC 8737 acmeId extension)
2026-04-29 12:16:15 -05:00
Lealem Amedie e7297493d4 --enable-compkey allowed with v5 2026-04-29 11:09:33 -06:00
David Garske 07ea48673a Merge pull request #10073 from anhu/certmgr
Ensure certificates are getting into cert manager
2026-04-29 09:58:45 -07:00
Lealem Amedie 7f7d28372b Configure.ac cleanup for demented AI logic 2026-04-29 09:53:03 -06:00
Tobias Frauenschläger 71a8a55654 Merge pull request #10345 from douzzer/20260428-SLHDSA-fixes
20260428-SLHDSA-fixes
2026-04-29 16:44:02 +02:00
Daniel Pouzzner 468ee9e1be Merge pull request #10348 from Frauschi/hostap_fix
Fix race condition in hostap CI tests
2026-04-29 09:05:21 -05:00
Daniel Pouzzner 9c618177c9 Merge pull request #10347 from Frauschi/pq-all_timeout
Increase pq-all test timeout
2026-04-29 09:04:37 -05:00
Daniel Pouzzner 0f0348d505 Merge pull request #10341 from Frauschi/ci_optimization
Remove the amount of macOS based tests in CI
2026-04-29 09:04:00 -05:00
Tobias Frauenschläger 46b47cb8ec Fix race conditions in hostap CI tests 2026-04-29 14:31:15 +02:00
Tobias Frauenschläger 4f3f40e1fb Increase pq-all test timeout to 10 minutes
Increase the timeout for PQC CI tests from 6 to 10 minutes. The new
SLH-DSA tests take more time than the previous tests due to the slow
signing. With the old timeout, some tests sometimes hit the timeout
before finishing successfully.
2026-04-29 09:21:14 +02:00
Daniel Pouzzner d7a34d4e39 Merge pull request #10311 from dgarske/stm32_gmac
Fix for using STM32 AES hardware crypto with WOLFSSL_ARMASM set
2026-04-28 23:58:17 -05:00
Daniel Pouzzner 1d21858be1 linuxkm/module_hooks.c: in wolfssl_init() DEBUG_LINUXKM_PIE_SUPPORT hash_span() loops, reset cur_reloc_index before each loop (Fenrir review). 2026-04-28 18:12:25 -05:00
Daniel Pouzzner f81f8479d5 fixes for SLH-DSA verifyonly:
wolfssl/wolfcrypt/wc_slhdsa.h: implement WOLFSSL_SLHDSA_NO_SHAKE and WOLFSSL_SLHDSA_NO_SHA2, and fix WC_SLHDSA_MAX_SIG_LEN setup to reflect SHA2 variants;

wolfssl/wolfcrypt/settings.h: if WOLFSSL_KERNEL_MODE, set WOLFSSL_SLHDSA_VERIFY_ONLY unless WOLFSSL_SLHDSA_NO_VERIFY_ONLY;

wolfcrypt/src/wc_slhdsa.c: fix WOLFSSL_SLHDSA_VERIFY_ONLY to work with --enable-slhdsa=sha2,verifyonly;

fix -Wunused-variables in slhdsakey_wots_pk_from_sig_x4();

wolfcrypt/test/test.c: in slhdsa_test(), fix gating for compatibility with --enable-slhdsa=sha2,verifyonly;

tests/api/test_slhdsa.c: fix gating in test_wc_slhdsa() and test_wc_slhdsa_sizes().
2026-04-28 18:06:00 -05:00
Daniel Pouzzner 559b207506 linuxkm/lkcapi_*.c and linuxkm/module_hooks.c: add missing linefeed characters in format args to pr_*(), for proper line flushing. 2026-04-28 17:38:22 -05:00
Daniel Pouzzner b7ed413571 wolfcrypt/src/wc_lms_impl.c: work around false-positive -Wmaybe-uninitialized in wc_lms_treehash_update(). 2026-04-28 15:05:30 -05:00
Lealem Amedie 2a0a5cc610 Multi-test fixes 2026-04-28 13:25:14 -06:00
Daniel Pouzzner 29c5b02046 linuxkm/: finish support for stabilization of .rodata_wolfcrypt segment in WC_SYM_RELOC_TABLES (FIPS) kernel module builds:
linuxkm/Makefile: update the GENERATE_RELOC_TAB recipe to generate both wc_linuxkm_pie_text_reloc_tab[] and wc_linuxkm_pie_rodata_reloc_tab.

linuxkm/linuxkm-fips-hash-wrapper.sh: add handling for wc_linuxkm_pie_rodata_reloc_tab.

linuxkm/linuxkm-fips-hash.c: add handling for rodata_reloc_tab.*.

linuxkm/linuxkm_memory.c:
* refactor find_reloc_tab_offset() to be segment-agnostic and tolerate empty reloc tabs.
* refactor wc_reloc_normalize_segment():
  * to be segment-agnostic,
  * identify the src segment dynamically,
  * return BAD_FUNC_ARG where previously returning literal -1,
  * use seg_in_out_len arg to accommodate size skew between input and output (not currently used), and
  * rename working vars for better mnemonicitude.
* update wc_fips_generate_hash() to
  * handle seg_map->rodata_reloc_tab,
  * use new calling convention for wc_reloc_normalize_segment(), and
  * add wc_reloc_normalize_segment() loop for .rodata_wolfcrypt.

linuxkm/linuxkm_memory.h and linuxkm/linuxkm_wc_port.h: rename WOLFSSL_TEXT_SEGMENT_CANONICALIZER* to WOLFSSL_SEGMENT_CANONICALIZER*, with backward-compat provisions.

linuxkm/module_hooks.c:
* add wc_linuxkm_normalize_relocations_noresize() backward-compat wrapper.
* wolfssl_init(): add .rodata_wolfcrypt relocation handling alongside existing .text_wolfcrypt handling, and update for new wc_reloc_normalize_segment() calling convention.
* add seg_map.rodata_reloc_tab initialization.
* update wc_linuxkm_normalize_relocations() to be segment-agnostic and use new wc_reloc_normalize_segment() calling convention.
2026-04-28 12:58:32 -05:00
Daniel Pouzzner 8b98f7f8ea linuxkm/: refactor wc_reloc_table_segments.reloc_tab_* as wc_reloc_table_segments.text_reloc_tab.* (using the new struct wc_reloc_table_fenceposts and WC_RELOC_TABLE_FENCEPOSTS_INITIALIZER), and add wc_reloc_table_segments.rodata_reloc_tab (allocated but not yet implemented). 2026-04-28 12:58:32 -05:00
Daniel Pouzzner d218d3fbdd wolfcrypt/src/ge_operations.c and wolfssl/wolfcrypt/ge_operations.h: when ge_tobytes_nct and ge_tobytes have identical definitions, map the former to the latter using a macro and omit the latter definition, to avoid problematic R_ARM_THM_JUMP11 tail call. 2026-04-28 12:58:32 -05:00
Daniel Pouzzner 00b65a9e00 linuxkm/Kbuild: define NO_PIE_FLAG to 1, not empty, to satisfy gnu make criteria for ifdef. 2026-04-28 12:58:31 -05:00
Lealem Amedie 82b15efebc Add acmeIdentifier to asn=original 2026-04-28 11:51:40 -06:00
Tobias Frauenschläger b59ff436f3 Remove the amount of macos based tests in os-check
Reduce the number of tests running on macos in os-check.yml to the
minimum required number to cover all mac os specific features. All other
platform-agnostic configs and setups are only tested on Linux, which is
much faster in GitHub CI.
2026-04-28 19:34:05 +02:00
Lealem Amedie 5da71f4c98 Move new wolfSSL_ED* API's to openssl/ed*.h headers 2026-04-28 08:21:55 -06:00
Lealem Amedie c4400a15fb Address copilot feedback 2026-04-28 08:10:10 -06:00
Lealem Amedie 4791d8c26d Add --enable-tailscale to autotools 2026-04-28 07:05:26 -06:00
Lealem Amedie 1f260ccb0a Add TLS-ALPN-01 challenge cert support (RFC 8737 acmeId extension) 2026-04-27 17:15:06 -06:00
David Garske e31e158225 Fix for using STM32 AES hardware crypto with WOLFSSL_ARMASM set (ZD 21262) 2026-04-27 14:46:18 -07:00
David Garske 1c9555c121 Merge pull request #10324 from douzzer/20260426-fixes
20260426-fixes
2026-04-27 14:06:07 -07:00
Daniel Pouzzner 66ea4daa09 wolfcrypt/src/wc_port.c: in wc_socket_cloexec(), add necessary but undocumented __USE_GNU gating on call to accept4() (pre-includes can bring in socket.h before the override setting of _GNU_SOURCE at the top). Also enable accept4() for FreeBSD. 2026-04-27 11:40:04 -05:00
Daniel Pouzzner 3279b367d7 wolfcrypt/src/wc_lms.c: remove redundant gating on WOLFSSL_LMS_SHAKE256 in wc_LmsParamsMap wc_lms_map[]. 2026-04-27 11:37:29 -05:00
Daniel Pouzzner ac11279c60 wolfcrypt/src/random.c:
* add workaround in Hash512_df() for gcc compiler bug around AVX512 and object alignment.
* add missing WC_VERBOSE_RNG clause.
2026-04-27 11:37:15 -05:00
Daniel Pouzzner 1d8028865f wolfcrypt/benchmark/benchmark.c: add missing WOLFSSL_USE_SAVE_VECTOR_REGISTERS handling in bench_stats_ops_finish(). 2026-04-27 11:36:48 -05:00
Daniel Pouzzner beae56fba7 wolfcrypt/test/test.c:
* fix aes_eax_test() for NO_MALLOC (use WC_*_VAR() to allocate eax context).
* in slhdsa_test(), gate the profusely verbose TestDumpData() clauses on WC_SLHDSA_VERBOSE_DEBUG.
2026-04-27 11:36:34 -05:00
Daniel Pouzzner 7035fcf72b wolfcrypt/src/wc_slhdsa.c:
* fix smallstackcache memory leaks in sha256 and sha512 contexts -- don't init or copy over a context that's been inited but not freed, and make sure to explicitly free any context that's been inited or copied over.
* fix uninited-var warnings in slhdsakey_wots_sign(), slhdsakey_xmss_sign(), and slhdsakey_fors_sign() (the uninited-var scenario depends on corrupt arg(s) resulting in zero iterations).
2026-04-27 11:36:15 -05:00