wolfSSL
diff --git a/‎.github/workflows/windows-vs.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/windows-vs.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CLAUDE.md‎
Lines changed: 3 additions & 1 deletion b/‎CLAUDE.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎IDE/Android/app/src/main/cpp/CMakeLists.txt‎
Lines changed: 1 addition & 0 deletions b/‎IDE/Android/app/src/main/cpp/CMakeLists.txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎README_JCE.md‎
Lines changed: 5 additions & 0 deletions b/‎README_JCE.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎jni/include/com_wolfssl_wolfcrypt_Dh.h‎
Lines changed: 90 additions & 0 deletions b/‎jni/include/com_wolfssl_wolfcrypt_Dh.h‎
Lines changed: 90 additions & 0 deletions
diff --git a/‎jni/jni_aesccm.c‎
Lines changed: 2 additions & 2 deletions b/‎jni/jni_aesccm.c‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎jni/jni_aesgcm.c‎
Lines changed: 2 additions & 2 deletions b/‎jni/jni_aesgcm.c‎
Lines changed: 2 additions & 2 deletions
@@ -274,7 +274,7 @@ jobs:
           $content = Get-Content $userSettingsPath -Raw
           Write-Output "Original file size: $($content.Length) characters"
 
-          $newDefines = "#define WOLFSSL_KEY_GEN`n#define HAVE_CRL`n#define OPENSSL_ALL`n#define WOLFSSL_SHA224`n`n"
+          $newDefines = "#define WOLFSSL_KEY_GEN`n#define HAVE_CRL`n#define OPENSSL_ALL`n#define WOLFSSL_SHA224`n#define HAVE_FFDHE_2048`n#define HAVE_FFDHE_3072`n#define HAVE_FFDHE_4096`n#define HAVE_FFDHE_Q`n#define WOLFSSL_VALIDATE_FFC_IMPORT`n`n"
 
           # Try multiple possible insertion points
           $insertPoints = @(
 
@@ -11,7 +11,9 @@
 - Keep lines under 80 characters maximum length
 - MUST only use multi-line comments, no "//" style ones
 - MUST remove all trailing white space
-- Use 4 spaces for one tab, no hard tabs
+- MUST use 4 spaces for one tab, no hard tabs
+- MUST use XMALLOC/XFREE for memory allocation instead of malloc/free
+- MUST cast XMALLOC back to type being allocated
 
 # Source Code Organization
 - The source code is organized into the following directories:
 
@@ -65,6 +65,7 @@ if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
                 -DWOLFSSL_AKID_NAME -DHAVE_CTS -DNO_DES3 -DGCM_TABLE_4BIT
                 -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT
                 -DHAVE_AESGCM -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
+                -DWOLFSSL_KEY_GEN
                 -DWOLFSSL_CUSTOM_CONFIG
 
                 # For gethostbyname()
 
@@ -185,6 +185,7 @@ The JCE provider currently supports the following algorithms:
 
     KeyFactory
         EC
+        DH (aliases: DiffieHellman, 1.2.840.113549.1.3.1)
 
     CertPathValidator Class
         PKIX
@@ -205,9 +206,13 @@ The JCE provider currently supports the following algorithms:
 
     AlgorithmParameters
         AES
+        DH
         GCM
         RSASSA-PSS
 
+    AlgorithmParameterGenerator
+        DH
+
 ### SecureRandom.getInstanceStrong()
 
 When registered as the highest priority security provider, wolfJCE will provide
 
@@ -194,7 +194,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCcm_wc_1AesCcmEncrypt
 
     /* in can be NULL if inLen is 0 - case with only AAD to gen tag */
     if ((inLen != 0 && in == NULL) || nonce == NULL || authTag == NULL ||
-         nonceSz < 7 || nonceSz > 13 || authTagSz > WC_AES_BLOCK_SIZE) {
+         nonceSz < 7 || nonceSz > 13 || authTagSz > AES_BLOCK_SIZE) {
         ret = BAD_FUNC_ARG;
     }
 
@@ -327,7 +327,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCcm_wc_1AesCcmDecrypt
 
     /* in can be NULL if inLen is 0 - case with only AAD to verify tag */
     if ((inLen != 0 && in == NULL) || nonce == NULL || authTag == NULL ||
-        nonceSz < 7 || nonceSz > 13 || authTagSz > WC_AES_BLOCK_SIZE) {
+        nonceSz < 7 || nonceSz > 13 || authTagSz > AES_BLOCK_SIZE) {
         ret = BAD_FUNC_ARG;
     }
 
 
@@ -193,7 +193,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesGcm_wc_1AesGcmEncrypt
     }
 
     /* in may be null, users might only pass in AAD to generate tag */
-    if (authTagSz > WC_AES_BLOCK_SIZE || iv == NULL || ivSz == 0 ||
+    if (authTagSz > AES_BLOCK_SIZE || iv == NULL || ivSz == 0 ||
         ((authTagSz > 0) && (authTag == NULL)) ||
         ((authInSz > 0) && (authIn == NULL))) {
         ret = BAD_FUNC_ARG;
@@ -329,7 +329,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesGcm_wc_1AesGcmDecrypt
     /* If inLen is non-zero, both in and out must be set. If inLen is 0,
      * in and out are don't cares, as this is the GMAC case */
     if (iv == NULL || ivSz == 0 || (inLen != 0 && in == NULL) ||
-        authTag == NULL || (authTagSz > WC_AES_BLOCK_SIZE) || authTagSz == 0) {
+        authTag == NULL || (authTagSz > AES_BLOCK_SIZE) || authTagSz == 0) {
         ret = BAD_FUNC_ARG;
     }
Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCcm_wc_1AesCcmEncrypt`
`194`	`194`
`195`	`195`	`/* in can be NULL if inLen is 0 - case with only AAD to gen tag */`
`196`	`196`	`if ((inLen != 0 && in == NULL) \|\| nonce == NULL \|\| authTag == NULL \|\|`
`197`		`- nonceSz < 7 \|\| nonceSz > 13 \|\| authTagSz > WC_AES_BLOCK_SIZE) {`
	`197`	`+ nonceSz < 7 \|\| nonceSz > 13 \|\| authTagSz > AES_BLOCK_SIZE) {`
`198`	`198`	`ret = BAD_FUNC_ARG;`
`199`	`199`	`}`
`200`	`200`
`@@ -327,7 +327,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_AesCcm_wc_1AesCcmDecrypt`
`327`	`327`
`328`	`328`	`/* in can be NULL if inLen is 0 - case with only AAD to verify tag */`
`329`	`329`	`if ((inLen != 0 && in == NULL) \|\| nonce == NULL \|\| authTag == NULL \|\|`
`330`		`- nonceSz < 7 \|\| nonceSz > 13 \|\| authTagSz > WC_AES_BLOCK_SIZE) {`
	`330`	`+ nonceSz < 7 \|\| nonceSz > 13 \|\| authTagSz > AES_BLOCK_SIZE) {`
`331`	`331`	`ret = BAD_FUNC_ARG;`
`332`	`332`	`}`
`333`	`333`