Commit Graph

9683 Commits

Author SHA1 Message Date
David Garske c36beba9b7 Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
David Garske bf492eba12 Merge pull request #10175 from yosuke-wolfssl/f_2205
Fix authTagSz validation
2026-04-13 09:33:14 -07:00
David Garske 9627d80363 Merge pull request #10184 from SparkiDev/asm_gen_fixes_4
ASM generation fixes
2026-04-13 08:37:33 -07:00
David Garske 3b63f4bdee Merge pull request #10072 from night1rider/extend-cmac-api-id-label
Extend/Add label/id extension functions
2026-04-13 08:15:46 -07:00
Sean Parkinson a50a5403a7 Merge pull request #10199 from douzzer/20260412-clang-23_pre20260331
20260412-clang-23_pre20260331
2026-04-13 10:39:11 +10:00
Sean Parkinson 1cd1872abf Merge pull request #10179 from Frauschi/mlkem-alloc-key
Add dynamic key allocation support for ML-KEM
2026-04-13 09:35:34 +10:00
David Garske 3d4e929869 Merge pull request #10173 from SparkiDev/init_cert_sha1
Initialize certificate: default to SHA-1 when necessary
2026-04-12 14:46:53 -07:00
David Garske 77b0939a8f Merge pull request #10176 from SparkiDev/aes_gcm_small_armasm_fix
ARM ASM: AES-GCM small table without NEON
2026-04-12 14:46:44 -07:00
Daniel Pouzzner 1b692b8063 fixes for clang -Wunused-but-set-globals (coverage added by LLVM 23_pre20260331). 2026-04-12 12:07:33 -05:00
Daniel Pouzzner d343ea657b Merge pull request #10190 from rlm2002/mlkem_valgrind
Nightly-multi-test valgrind fix
2026-04-11 13:09:13 -05:00
David Garske ae0a3877ca Merge pull request #10122 from miyazakh/f-1370_SigGetSize
F-1370 : Tighten key_len check from `>=` to `==`
2026-04-10 14:27:16 -07:00
David Garske ddf4666031 Merge pull request #10077 from Frauschi/pkcs11-mlkem
Add ML-KEM support for PKCS#11
2026-04-10 14:22:47 -07:00
night1rider 3fa0fb78f2 Add (void)ret after CRYPTOCB_UNAVAILABLE fall-through reset in _InitCmac_common to acknowledge intentional store. 2026-04-10 13:19:01 -06:00
night1rider 24c40b543b reset ret after CRYPTOCB_UNAVAILABLE fall-through in _InitCmac_common, add test_RsaInit_Pub/test_RsaNew_Pub helpers for keypub, re-add (void)heap, reject oversized CMAC id. 2026-04-10 13:19:01 -06:00
night1rider 8b49e0abf0 Fix -Wcast-qual errors by replacing void* with typed id/label params in _common helpers and add input validation. 2026-04-10 13:19:01 -06:00
night1rider 88396d7d12 Fix -Wcast-qual errors in _Label functions by making _common helpers accept const void* data parameter. 2026-04-10 13:19:01 -06:00
night1rider 3e112a380b Extend CMAC API to pull in label/id extension functions to pass down to the AES init call
Refactor CMAC init to common function, add wc_AesNew_Id/Label API, do same for RSA new
functions, and add test init helpers for id[] support along with some test disable options
2026-04-10 13:19:00 -06:00
Ruby Martin 9a8610ca03 increase rand buffer, fix valgrind invalid read size 16 2026-04-10 11:26:51 -06:00
Tobias Frauenschläger b7cc7adab8 Add dynamic key allocation support for ML-KEM
Introduce the WOLFSSL_MLKEM_DYNAMIC_KEYS option to allow dynamic allocation
of private and public key buffers in the MlKemKey struct. This change
enables right-sizing of buffers based on the actual ML-KEM level and eliminates
unnecessary memory usage for encapsulate-only operations.
2026-04-10 17:20:21 +02:00
Tobias Frauenschläger 062ef3e93b Remove some duplicate CI tests 2026-04-10 12:50:24 +02:00
Tobias Frauenschläger 85dd923355 cryptocb: always run software cleanup in key Free functions
The WOLF_CRYPTO_CB_FREE path in wc_MlKemKey_Free, wc_dilithium_free,
and wc_ecc_free returned early when the crypto callback succeeded,
skipping local cleanup: ForceZero on private key material, PRF/hash
object frees (ML-KEM), SHAKE free and cached vector frees (ML-DSA),
and mp_forcezero on the private scalar and all hardware port frees
(ECC).

Any non-PKCS#11 callback returning 0 would silently leave key material
in memory. The PKCS#11 backend worked around this by returning
CRYPTOCB_UNAVAILABLE on success to force the fallthrough — a fragile
contract that is not part of the documented callback interface.

Fix by always continuing to software cleanup after invoking the
callback.

Remove the CRYPTOCB_UNAVAILABLE workaround from the three PKCS#11 free
dispatchers (ECC, ML-DSA, ML-KEM); they now return the real result of
C_DestroyObject.
2026-04-10 12:23:57 +02:00
Tobias Frauenschläger 21f1587c26 PKCS#11: add ML-KEM support
Add PKCS#11 integration for ML-KEM with key generation,
encapsulation and decapsulation support through the crypto
callback path.

Includes ML-KEM PKCS#11 constants/types, key store handling,
token object lifecycle management, and ML-KEM key init helpers
for private-key ID/label workflows.

Align implementation details with current upstream conventions
and review feedback:
- internal wolfCrypt ML-KEM path only for PKCS#11
- inline ML-KEM key-type/flag checks in PKCS#11 code
- proper key template formatting and enum placement
- ensure TLS ML-KEM object storage behavior is compatible with
  PKCS#11 ephemeral-key decapsulation flow
2026-04-10 12:23:37 +02:00
Hideki Miyazaki e04fe0c347 fix typo 2026-04-10 15:26:16 +09:00
Sean Parkinson b764aac074 API testing additions: cipher tests
Fixed wc_AesEaxAuthDataUpdate to check eax for NULL before
dereferencing.

Fix AesSivCipher to delete/free AES if new/initialization succeeded.
Memsetting to 0 doesn't work when WC_DEBUG_CIPHER_LIFECYCLE is defined.

Added tests for:
 - AES-EAX streaming
 - AES-SIV
 - Poly1305
 - DES-CBC
2026-04-10 15:43:21 +10:00
Sean Parkinson f4b2908532 ASM generation fixes
Shift mnemonic case changed due to generation scripts fixup of class
name - no functional difference.
RISC-V AES-GCM tag check fixed
2026-04-10 10:18:26 +10:00
Sean Parkinson 41aae56ab8 ARM ASM: AES-GCM small table without NEON
Non-neon GCM_gmult_len requires M0 which is not available with a small
build.
Fix to have C implementation when M0 and NEON not available.
2026-04-10 08:06:17 +10:00
Sean Parkinson ecd925f10e Initialize certificate: default to SHA-1 when necessary
Make SHA-1 with RSA signature type the last option.
SHA-1 signatures are deprecated as weak.
2026-04-10 07:58:37 +10:00
JacobBarthelmeh 044a5f8b81 Merge pull request #10143 from dgarske/qat_aes_gcm
Improve QAT AES GCM tag checking
2026-04-09 09:40:25 -06:00
Sean Parkinson 3e0679ee17 Merge pull request #10156 from douzzer/20260407-SHA3-unaligned-access
20260407-SHA3-unaligned-access
2026-04-09 18:47:06 +10:00
Sean Parkinson 6617863249 Merge pull request #10145 from Frauschi/ecc_follow_up
ECC curve validation follow-up
2026-04-09 18:35:56 +10:00
Yosuke Shimizu 0a05129bd6 Fix authTagSz validation 2026-04-09 17:15:28 +09:00
Sean Parkinson 2a064607e4 Merge pull request #10150 from julek-wolfssl/enable-ocsp-responder-disable-tls13
Guard OCSP signature params with WC_RSA_PSS ifdef
2026-04-09 18:13:00 +10:00
Juliusz Sosinowicz bfad5398b1 MSVC: replace UINT32_MAX with WOLFSSL_MAX_32BIT in dilithium.c 2026-04-08 10:00:52 -07:00
Hideki Miyazaki 0e14849c31 addressed Copilot review comments 2026-04-08 17:24:11 +09:00
Hideki Miyazaki e3fd4cc24d fix f-1370 key_len size check for void* in wc_SignatureGetSize 2026-04-08 17:07:42 +09:00
Daniel Pouzzner 750f3b119e Merge pull request #10088 from anhu/new_various
Various security fixes and tests
2026-04-07 22:13:18 -05:00
JacobBarthelmeh 4fd0df42e7 add adjustment for review 2026-04-07 21:08:11 -06:00
JacobBarthelmeh d1c6423b82 make the padding check constant time and move evp exponent print size macro to local file 2026-04-07 16:09:52 -06:00
David Garske 852ddcb37d Improve QAT AES GCM tag checking 2026-04-07 13:53:41 -07:00
Daniel Pouzzner 296148b4e6 wolfcrypt/src/sha3.c: fix Load64Unaligned() implementation with unaligned integer access when WC_SHA3_FAULT_HARDEN && !BIG_ENDIAN_ORDER. 2026-04-07 15:39:31 -05:00
Daniel Pouzzner 60d1e222b2 globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
Paul Adelsbach c335f7dd6f Remove UTF-8 chars
Get rid of weird character

Fix warning found by CI

Style changes

Addressed 1 and 2.
2026-04-07 10:07:12 -06:00
Anthony Hu 5bd5f36dff Fix RSA exponent printing (ZD 21426)
Increase buff size from 8 to 24 bytes in PrintPubKeyRSA and related
EVP PKEY print functions.
2026-04-07 10:05:48 -06:00
Anthony Hu c563f3932a Fix PKCS7 CBC padding oracle in EnvelopedData and EncryptedData (ZD 21422)
Replace single last-byte padding check with full PKCS#5/PKCS#7
validation: verify padLen is non-zero and within block size.
Both wc_PKCS7_DecodeEnvelopedData and wc_PKCS7_DecodeEncryptedData
paths are fixed.
2026-04-07 10:05:21 -06:00
Anthony Hu d14b506c51 Fix Dilithium with USE_INTEL_SPEEDUP (ZD 21417)
Add check before word32 addition in dilithium_hash256() that
could wrap to zero, bypassing the size check.
Also reject absurdly large msgLen (> UINT32_MAX/2) in
wc_dilithium_verify_ctx_msg.
2026-04-07 10:04:41 -06:00
Anthony Hu b3278af8dc Fix wc_*_delete() functions (ZD 21415)
Save key->heap before calling wc_*_free(), which zeros the entire key
structure via ForceZero. The saved heap pointer is then passed to XFREE
instead of the now-zeroed key->heap.
2026-04-07 10:04:35 -06:00
Juliusz Sosinowicz 8d54e2213f Guard OCSP signature params with WC_RSA_PSS ifdef
OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS is only defined when WC_RSA_PSS
is enabled but was used unconditionally in EncodeBasicOcspResponse,
causing a build error when WC_RSA_PSS is not defined.
2026-04-07 17:30:30 +02:00
Tobias Frauenschläger 06e63f0a7b ECC curve validation follow-up 2026-04-07 12:40:44 +02:00
philljj b5874a6d9e Merge pull request #10132 from douzzer/20260404-default_rng_bank
20260404-default_rng_bank
2026-04-06 22:54:20 -05:00
Daniel Pouzzner efe6ad4bd6 Merge pull request #10116 from Frauschi/zd21457
Additional fixes
2026-04-06 20:23:25 -05:00