Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27,549 Commits 12 Branches 184 Tags
2f388dde4c8f4bfc4e6db86e5baca58acf587311
Commit Graph

27549 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JacobBarthelmeh
2f388dde4c Merge pull request #9703 from dgarske/stsafe-a120-ecdhe 
Fixes for STSAFE-A120 ECDHE
 2026-01-23 10:59:45 -07:00
David Garske
4773ea6d44 Merge pull request #9637 from Frauschi/test_coverage 
Increase test coverage for PQC and CMake
 2026-01-23 07:51:40 -08:00
David Garske
b5209344e0 Merge pull request #9707 from danielinux/enable_stm32g0_AES_only 
Add STM32G0 hardware crypto support
 2026-01-23 07:50:30 -08:00
Michal Jahelka
269c28be16 Add STM32G0 hardware crypto support 2026-01-23 11:09:08 +01:00
Tobias Frauenschläger
14ce7956f1 Increase test coverage 
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests

Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
 2026-01-23 09:27:16 +01:00
Sean Parkinson
27df554e99 Merge pull request #9701 from Frauschi/brainpool-tls13 
Add support for TLS 1.3 Brainpool curves
 2026-01-23 10:42:32 +10:00
Sean Parkinson
baaa368a61 Merge pull request #9668 from kaleb-himes/PQ-FS-2026-Part1 
PQ FS 2026 part1
 2026-01-23 10:30:47 +10:00
David Garske
2c83711319 Merge pull request #9693 from kareem-wolfssl/zd21012 
Use MinGW XINET_PTON definition for 32-bit MinGW as well as 64-bit.
 2026-01-22 15:24:31 -08:00
David Garske
a17f68f036 Merge pull request #9587 from kareem-wolfssl/zd20850 
Add duplicate entry error to distinguish cases where a duplicate CRL is rejected.
 2026-01-22 15:07:19 -08:00
David Garske
2fb19f84e5 Fixes for STSAFE-A120 ECDHE 2026-01-22 22:46:35 +00:00
kaleb-himes
20fc2de29d Restore sanity to < SEED_BLOCK_SZ 2026-01-22 09:09:29 -07:00
kaleb-himes
20b2fd200f Address failure rates from FIPS CRNGT test by implementing alternate RCT/ADP tests 
Update ret code to match docs and update docs

Replace magic numbers with appropriate define

Define MAX_ENTROPY_BITS when MEMUSE not enabled

Fix type cast windows detection

Older FIPS modules still need the old check

CodeSpell you're wrong, that is what I want to name my variable

Turn the hostap into a manual dispatch until it gets fixed

Upon closer review we can not skip the test when memuse enabled

Fix whitespace stuff found by multitest

More syntax things

Correct comments based on latest findings
 2026-01-22 09:06:17 -07:00
Tobias Frauenschläger
bde1bf6ce7 Fix user_settings ASM multiple define 2026-01-22 14:14:15 +01:00
Tobias Frauenschläger
eb8ba6124e Support TLS 1.3 ECC Brainpool authentication 
This also fixes TLS 1.2 authentication to only succeed in case the
brainpool curve was present in the supported_groups extension.
 2026-01-22 14:14:09 +01:00
Tobias Frauenschläger
a462398387 Support Brainpool ECC curve TLS 1.3 key exchange 
When both TLS 1.3 and Brainpool curves are enabled, three new groups can
be used for the ECDHE key exchange according to RFC 8734:
* WOLFSSL_ECC_BRAINPOOLP256R1TLS13 (31)
* WOLFSSL_ECC_BRAINPOOLP384R1TLS13 (32)
* WOLFSSL_ECC_BRAINPOOLP512R1TLS13 (33)

Also ensure that the existing TLS 1.2 curves are sent properly.

The TLS client application is updated to support handshakes via
Brainpool curves using the new argument "--bpKs".
 2026-01-22 14:14:09 +01:00
David Garske
62ca34497c Merge pull request #9633 from douzzer/20260108-DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS 
20260108-DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS
 2026-01-21 17:39:56 -08:00
David Garske
baeffb2f6a Merge pull request #9692 from anhu/aead 
wc_XChaCha20Poly1305_Init: NULL check aead, not ad
 2026-01-21 17:22:32 -08:00
Daniel Pouzzner
142f493964 configure.ac: if ENABLED_32BIT, add -DWC_32BIT_CPU to AM_CFLAGS, and don't add WOLFSSL_X86_64_BUILD to AM_CFLAGS; fix handling for --enable-bump; 
wolfssl/wolfcrypt/settings.h: classify OPENSSL_EXTRA as "desktop type system" in bump up of default FP_MAX_BITS and SP_INT_BITS;

wolfssl/wolfcrypt/types.h: if WC_32BIT_CPU, don't define WC_64BIT_CPU.
 2026-01-21 18:21:16 -06:00
David Garske
e4e79dd8a3 Merge pull request #9694 from SparkiDev/tls_msg_sanity_fix 
TLS: more sanity checks on message order
 2026-01-21 15:11:11 -08:00
Anthony Hu
7d7299e254 Do not allow NULL with non-zero length. 2026-01-21 17:49:30 -05:00
David Garske
11ddec3f69 Merge pull request #9681 from tmael/wfb1_ 
Fix cert SW issues in Aes and rng
 2026-01-21 13:41:01 -08:00
David Garske
e1e7c4d9f0 Merge pull request #9695 from miyazakh/fix_qt_unittest 
Include `asn.h` for SN_xxx definitions from `openssl/obj_mac.h`
 2026-01-21 12:56:53 -08:00
David Garske
47ff34b503 Merge pull request #9696 from SparkiDev/mldsa_max_vals_from_avail 
ML-DSA: max values based on available parameters
 2026-01-21 12:56:07 -08:00
David Garske
758d74f51f Merge pull request #9687 from holtrop-wolfssl/rust-hmac-blake2 
Rust wrapper: add HMAC-BLAKE2[bs] wrappers
 2026-01-21 12:55:48 -08:00
Tesfa Mael
1c3816d7d8 Use seedSz < SEED_BLOCK_SZ 2026-01-21 12:09:53 -08:00
Tesfa Mael
d3d2105035 Fix cert SW issues 2026-01-21 12:09:53 -08:00
Daniel Pouzzner
418a3bff32 Merge pull request #9698 from dgarske/rsa_no_rng2 
More fixes for NO RNG and NO check key
 2026-01-21 14:01:10 -06:00
David Garske
f52930b844 More fixes for NO RNG and NO check key (broken in #9606 and #9576) 2026-01-21 10:31:57 -08:00
David Garske
2a449ebfdf Merge pull request #9673 from holtrop-wolfssl/update-github-workflows-ubuntu 
Update from Ubuntu 22.04 to Ubuntu 24.04 for github workflows
 2026-01-21 09:14:39 -08:00
Daniel Pouzzner
cc7897be0d Merge pull request #9689 from dgarske/rsa_no_rng 
Fixes for RSA with no RNG
 2026-01-21 11:13:03 -06:00
David Garske
98dbc56daa Merge pull request #9691 from douzzer/20260120-linuxkm-RHEL9v6-and-RDSEED-sanity-check 
20260120-linuxkm-RHEL9v6-and-RDSEED-sanity-check
 2026-01-21 09:03:32 -08:00
JacobBarthelmeh
685bacc917 Merge pull request #9614 from dgarske/stsafe-a120 
Add STSAFE-A120 Support
 2026-01-21 09:12:23 -07:00
Josh Holtrop
69fd8dc01f Update from Ubuntu 22.04 to Ubuntu 24.04 for several github workflows 2026-01-20 21:44:56 -05:00
Sean Parkinson
88593f8dcd ML-DSA: max values based on available parameters 
When building wolfSSL implementation, make maximum sizes based on
available parameter sets.

Add wc_MlDsaKey_SignCtx and wc_MlDsaKey_VerifyCtx macros.
 2026-01-21 12:04:28 +10:00
David Garske
38b0fe19a1 Improvements to code for ECDHE and peer review fixes. 2026-01-21 00:03:26 +00:00
David Garske
16fb84d0d1 Peer review fixes. Tested with brainpool. 2026-01-21 00:03:26 +00:00
David Garske
54f0ecb536 Fix for ephemeral key usage limit. 2026-01-21 00:03:26 +00:00
David Garske
384eaa48b3 Peer review fixes (thank you copilot) 2026-01-21 00:03:26 +00:00
David Garske
654901782c Peer review cleanups. ECDHE improvements. 2026-01-21 00:03:26 +00:00
David Garske
02c3086e00 Added ECDHE support 2026-01-21 00:03:26 +00:00
David Garske
09c75f25de Fixes for peer review. 2026-01-21 00:03:26 +00:00
David Garske
c7ca035baf Cleanup WOLFSL_STSAFE and fix issue with multi-test macros 2026-01-21 00:03:26 +00:00
David Garske
a4c2398265 Add STSAFE-A120 Support 2026-01-21 00:03:26 +00:00
Sean Parkinson
8902afdcea TLS: more sanity checks on message order 
Add more checks on message ordering for TLS 1.2 and below.
Reformat code.
 2026-01-21 10:00:38 +10:00
Hideki Miyazaki
22ed7472b4 fix qt unit test 
include asn.h for SN_xxx definitions
 2026-01-21 08:59:28 +09:00
Kareem
832bcd7f4b Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd20850 2026-01-20 15:59:05 -07:00
Kareem
549f106907 Use MinGW XINET_PTON definition for 32-bit MinGW as well as 64-bit. 2026-01-20 15:55:19 -07:00
Daniel Pouzzner
7048fa80d4 wolfcrypt/src/random.c and wolfssl/wolfcrypt/settings.h: fixes from CI and peer review: 
* in wc_GenerateSeed_IntelRD(), use stack/register allocation for sanity_word{1,2}, and
* don't set WC_VERBOSE_RNG if WOLFSSL_DEBUG_PRINTF is missing.
 2026-01-20 16:48:21 -06:00
Anthony Hu
4550814e66 wc_XChaCha20Poly1305_Init: NULL check aead, not ad 2026-01-20 16:37:20 -05:00
Daniel Pouzzner
b91272c9a5 wolfcrypt/src/random.c: add sanity check in wc_GenerateSeed_IntelRD() to work around buggy RDSEED by disabling it if it generates three identical 64 bit words consecutively; 
wolfssl/wolfcrypt/settings.h: if DEBUG_WOLFSSL && !WC_NO_VERBOSE_RNG, set WC_VERBOSE_RNG, and add WOLFSSL_NO_DEBUG_CERTS to allow inhibition of WOLFSSL_DEBUG_CERTS.
 2026-01-20 15:24:43 -06:00