Commit Graph

9499 Commits

Author SHA1 Message Date
David Garske f492abfe9e Merge pull request #9314 from SparkiDev/silabs_no_hash_raw
SHA-2: No hash raw
2025-10-17 10:19:01 -07:00
Sean Parkinson d0909991fb SHA-2: No hash raw
Implementation of FinalRaw for SE050 was not usable - TLS_hmac did not
produce valid results.
Removed implementations and defining WOLFSSL_NO_HASH_RAW to compile to
not require FinalRaw APIs.
2025-10-17 07:46:50 +10:00
Daniel Pouzzner 0c4feb0aa6 wolfcrypt/src/asn.c: revert earlier changes in EncodeName(), and add local S390-specific pragma to inhibit false-positive -Wnull-dereference. 2025-10-16 16:10:54 -05:00
Daniel Pouzzner 6ee660841b fixes/workarounds for -Wnull-dereferences, some true positive, some false
positive:
* src/pk.c:wolfSSL_RSA_meth_new()
* tests/api.c:test_wolfSSL_PKCS7_certs()
* tests/api.c:test_wolfSSL_X509V3_EXT_get()
* wolfcrypt/src/asn.c:EncodeName()
* wolfcrypt/src/pkcs12.c:wc_i2d_PKCS12()
* wolfcrypt/src/port/af_alg/afalg_aes.c
2025-10-16 15:10:16 -05:00
David Garske 0727bae09e Merge pull request #9310 from SparkiDev/lms_cast_16bit
LMS: Cast constants before shifting left
2025-10-16 12:16:05 -07:00
Sean Parkinson c111c5bacc Regression testing
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.

tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.

aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.

Fix tests to have better pre-processor protection.
2025-10-16 12:13:32 +10:00
Sean Parkinson 36c953dd8f LMS: Cast constants before shifting left
Compiling for 16-bit results in some constants type being too small for
shift amount without cast.
2025-10-16 09:24:48 +10:00
Daniel Pouzzner 1602ed2f3a wolfcrypt/src/asn.c: rearrange check for null cname in EncodeName() to fix false positive -Wnull-dereference.
src/internal.c: suppress -Wnull-dereference locally in ProcessPeerCertParse() to fix false positive.
2025-10-14 18:27:02 -05:00
Daniel Pouzzner 014f55fe10 wolfssl/wolfcrypt/types.h: add WC_WUR_INT(), MAX_UINT_OF(), MAX_SINT_OF(), MIN_SINT_OF(), WC_SAFE_SUM_UNSIGNED(), and WC_SAFE_SUM_SIGNED(). 2025-10-14 16:28:32 -05:00
Sean Parkinson 77dcbb5603 Merge pull request #9293 from dgpighin/docstrings_update
Some updates to the docstrings
2025-10-14 16:14:15 +10:00
Daniel Pouzzner b2c105d5f7 Merge pull request #9292 from embhorn/zd20626
Fix GCC warnings
2025-10-13 23:17:13 -05:00
Daniel Pouzzner 6fbd101f7d Merge pull request #9153 from effbiae/wc-small-stack
Small stack compress -- 3000line reduction
2025-10-13 23:12:01 -05:00
David Garske e877fa747d Merge pull request #9185 from Pushyanth-Infineon/psoc6_sha1_sha2_sha3_support
Enable hardware acceleration for SHA1, SHA384 and SHA3 algorithms on PSoC6
2025-10-13 13:29:52 -07:00
David Garske 9872207702 Merge pull request #9285 from SparkiDev/sp_small_stack_macros
SP: macros for variables that may be allocated
2025-10-13 11:12:24 -07:00
Eric Blankenhorn bae25afa40 Fix from testing 2025-10-13 12:42:01 -05:00
Eric Blankenhorn adc9146035 Fix from testing 2025-10-13 12:33:40 -05:00
effbiae f4b8f844b2 indent {.*;} macro args 2025-10-13 14:04:06 +11:00
Sean Parkinson fac53abc14 SP: macros for variables that may be allocated
Add macros to make the code simpler around allocating from dynamic
memory when WOLFSSL_SP_SMALL_STACK is defined.
Change over to using macros where it makes sense.
2025-10-13 11:48:07 +10:00
Dario Pighin a61d79d154 Some updates to the docstrings 2025-10-11 16:43:05 +02:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Kamatham Pushyanth b2c5eb51d8 Enable hardware acceleration for SHA algorithms on PSoC6.
- Introduced conditional compilation for PSoC6 crypto support across SHA1, SHA2, SHA3 implementations.
- Ensured proper mutex locking for concurrent access to hardware resources during hash operations.
- Added public key creation functionality if only private key is provided in ECDSA verify function (psoc6_ecc_verify_hash_ex).
- Updated ECC parameter size handling to fix incorrect endianness conversions in psoc6_ecc_verify_hash_ex().
- Added README for PSOC6 port.
2025-10-11 05:23:40 +05:30
Eric Blankenhorn f713cdb5e0 Fix evp const warning and pk buffer warning 2025-10-10 15:14:56 -05:00
David Garske e4b7f66927 Merge pull request #9286 from holtrop/rust-wc-ecc
Rust wrapper: add wolfssl::wolfcrypt::ecc module
2025-10-10 10:26:47 -07:00
David Garske 46281a2c17 Merge pull request #9287 from douzzer/20251009-more-WOLFSSL_API_PREFIX_MAP
20251009-more-WOLFSSL_API_PREFIX_MAP
2025-10-10 08:05:05 -07:00
David Garske 9633248b49 Merge pull request #9276 from SparkiDev/kapi_ecc_init
KCAPI ECC: initialize mp_ints
2025-10-09 15:40:04 -07:00
Daniel Pouzzner f1d014aecd add .github/workflows/symbol-prefixes.yml.
configure.ac:
* add ML-KEM, ML-DSA, XMSS, and LMS to --enable-all-crypto when !ENABLED_FIPS.
* swap order of --enable-kyber and --enable-mlkem handler code to put mlkem first.
* add --enable-mldsa hander code.
* remove setup code that was adding -DWOLFSSL_NO_TLS12 and -DNO_OLD_TLS to
  AM_CFLAGS when ENABLED_CRYPTONLY -- NO_OLD_TLS is already defined earlier for
  when ENABLED_CRYPTONLY, and WOLFSSL_NO_TLS12 breaks wc_PRF_TLS(), which is
  inside-the-FIPS-boundary crypto.

linuxkm/linuxkm_wc_port.h:
* adopt the WC_SANITIZE_DISABLE and WC_SANITIZE_ENABLE setup code from
  settings.h (where it didn't belong).
* fix FIPS remapping of wc_InitMutex&friends to InitMutex&friends -- inhibit
  when WOLFSSL_API_PREFIX_MAP.

wolfcrypt/src/ge_operations.c: add _wc_curve25519_dummy() to fix visibility of
curve25519().

wolfcrypt/src/poly1305.c: fix visibility of several unprefixed helper routines.

wolfcrypt/test/test.c: fix gating on tls12_kdf_test() and prf_test() (both
  require !WOLFSSL_NO_TLS12).

wolfssl/internal.h, wolfssl/wolfio.h: add several WOLFSSL_API_PREFIX_MAPs.

wolfssl/wolfcrypt/ge_operations.h: fix visibility of several internal asm
  functions.

wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM setup, add gates to avoid redef
  warnings for various settings, and remove the setup for
  WC_SANITIZE_{DISABLE,ENABLE} (moved to linuxkm_wc_port.h as noted above).

wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API_PREFIX_MAPs for InitMutex() and
  friends.
2025-10-09 15:34:08 -05:00
Josh Holtrop 883da3dd35 Rust wrapper: add wolfssl::wolfcrypt::ecc module 2025-10-09 14:58:07 -04:00
David Garske 29e2f21fff Merge pull request #9224 from kareem-wolfssl/zd20527
Fix swapped WOLFSSL_SILABS_SHA384/SHA512 defines in sha512.c.
2025-10-08 13:19:05 -07:00
Kareem 14e1d2eec3 Merge branch 'master' into zd20527 2025-10-07 14:22:08 -07:00
Daniele Lacamera ea300985e0 Added support for AES-CTR in PKCS11 driver 2025-10-07 13:03:24 +02:00
Sean Parkinson abfcb7122c KCAPI ECC: initialize mp_ints
Was not initializing mp_ints and it is needed now.
2025-10-07 20:59:27 +10:00
David Garske 92a47829fa Merge pull request #8674 from JacobBarthelmeh/pkcs7_stream
Fix to advance past multiple recipients
2025-10-06 11:27:03 -07:00
JacobBarthelmeh 68eb8b70d1 Merge pull request #9271 from rizlik/cryptocb_sha512_family_fix
cryptocb: sha512_family: try specific digest length hashtype first
2025-10-06 11:38:57 -06:00
Daniel Pouzzner f854795c02 Merge pull request #9263 from holtrop/rsa-const-pointers
RSA API: use const pointers and clean up some comments
2025-10-06 11:55:04 -05:00
JacobBarthelmeh 7128932eff avoid attempt of key decode and free buffer if incorrect recipient found 2025-10-06 10:48:59 -06:00
David Garske dcafe9adf2 Add STM32H5 PKA support. 2025-10-06 18:38:09 +02:00
David Garske ee77094dd6 Fixes to get STM32N6 hash and GMAC working 2025-10-06 18:38:09 +02:00
Marco Oliverio fc348da28f fix: escape error code operands 2025-10-06 14:47:13 +02:00
Marco Oliverio 9cbc3f97e5 cryptocb: sha512_family: try specific digest length hashtype first
If the cryptocb provider supports specific SHA512/224 and SHA512/256
hashtype, this commit allows to:

1. avoid a copy
2. do not touch the output buffer outside of the cryptocb handler

2 might be important for cryptocb provider that needs special handling
of memory buffer (DMA, memory mapping).
2025-10-06 11:42:23 +02:00
effbiae a53f0cd3fa double free -- should be o_hash 2025-10-05 19:13:50 +11:00
JacobBarthelmeh fca3028395 advance index past recipent set in non stream case too 2025-10-03 15:55:35 -06:00
JacobBarthelmeh 4e92920a7f cast variable to word32 for compare 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 12cfca4060 account for no AES build and add err trace macro 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 328f505702 add pkcs7 test with multiple recipients 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 7a5e97e30e adjustment for recipient index advancement 2025-10-03 13:51:15 -06:00
JacobBarthelmeh 6987304f42 Fix to advance past multiple recipients 2025-10-03 13:51:15 -06:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
Daniel Pouzzner 5804ba759a Merge pull request #9194 from dgarske/cryptocb_only_test
Fixes for crypto callback only (no filesystem and keygen)
2025-10-02 16:52:31 -05:00
Josh Holtrop c36c39af0a RSA API: use const pointers and clean up some comments 2025-10-02 15:28:43 -04:00
David Garske 36ce93d409 Merge pull request #9225 from gojimmypi/pr-espidf-v6-sha-fix
Add fix for SHA HW on ESP-IDF v6
2025-10-02 09:50:46 -07:00