Commit Graph

10747 Commits

Author SHA1 Message Date
Daniel Pouzzner 258afa5493 wolfcrypt/src/pkcs7.c: in PKCS7_EncodeSigned(), check for error from SetSerialNumber(). 2025-02-17 18:05:04 -06:00
JacobBarthelmeh 3e38bdcd2c Merge pull request #8450 from dgarske/stm32_pka_ecc521
Fix for STM32 PKA ECC 521-bit support
2025-02-17 08:27:45 -08:00
Marco Oliverio a06a8b589c ocsp: minors 2025-02-17 08:59:29 +00:00
Marco Oliverio c1c9af5cb6 minor: improve indentation of guards 2025-02-17 08:59:29 +00:00
Marco Oliverio 2c2eb2a285 ocsp: improve OCSP response signature validation
- search for the signer in the CertificateManager if the embedded cert
  verification fails in original asn template.
2025-02-17 08:59:29 +00:00
Marco Oliverio 851d74fd69 ocsp-resp-refactor: address reviewer's comments 2025-02-17 08:59:29 +00:00
Marco Oliverio f782614e1e clang tidy fixes 2025-02-17 08:59:28 +00:00
Marco Oliverio 3a3238eb9f ocsp: refactor wolfSSL_OCSP_response_get1_basic
The internal fields of OcspResponse refer to the resp->source buffer.
Copying these fields is complex, so it's better to decode the response again.
2025-02-17 08:58:03 +00:00
Marco Oliverio b7f08b81a6 ocsp: adapt ASN original to new OCSP response refactor 2025-02-17 08:58:03 +00:00
Marco Oliverio f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
2025-02-17 08:58:03 +00:00
Marco Oliverio dedbb2526c ocsp: fix memory leaks in OpenSSL compat layer 2025-02-17 08:58:02 +00:00
Daniel Pouzzner 60c1558142 Merge pull request #8447 from dgarske/memleak
Fixed possible memory leaks
2025-02-14 00:26:09 -06:00
Daniel Pouzzner e806bd76bb Merge pull request #8445 from SparkiDev/perf_improv_1
Performance improvements
2025-02-13 23:25:47 -06:00
David Garske 86c3ee1a9d Fix for STM32 PKA ECC 521-bit support. Issue was 65 vs 66 buffer check. ZD 19379 2025-02-13 16:41:42 -08:00
David Garske 746aa9b171 Merge pull request #8443 from ColtonWilley/add_cert_rel_prefix
Add a cert relative prefix option for tests
2025-02-13 14:48:06 -08:00
David Garske f943f6ff5c Fixed possible memory leaks reported by nielsdos in PR 8415 and 8414. 2025-02-13 08:20:37 -08:00
David Garske db0fa304a8 Merge pull request #8436 from SparkiDev/mlkem_cache_a
ML-KEM/Kyber: cache A from key generation for decapsulation
2025-02-12 17:29:38 -08:00
David Garske 846ba43a29 Merge pull request #8392 from SparkiDev/curve25519_blinding
Curve25519: add blinding when using private key
2025-02-12 16:20:51 -08:00
Sean Parkinson 9253d1d3ac ML-KEM/Kyber: cache A from key generation for decapsulation
Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
  1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
2025-02-13 10:12:05 +10:00
Sean Parkinson bfd52decb6 Performance improvements
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
2025-02-13 09:55:55 +10:00
Sean Parkinson bb84ebfd7a Curve25519: add blinding when using private key
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.

Add new APIs to support passing in an RNG.
Old APIs create a new RNG.

Only needed for the C implementations that are not small.

Modified TLS and OpenSSL compat API implementations to pass in RNG.

Fixed tests and benchmark program to pass in RNG.
2025-02-13 08:52:35 +10:00
David Garske 0e474fc673 Merge pull request #8437 from LinuxJedi/SE050-changes
Minor SE050 improvements
2025-02-12 14:50:36 -08:00
Colton Willey ddf7bfcb8f Add a cert relative prefix option for tests 2025-02-12 13:59:23 -08:00
Daniel Pouzzner 3856d55d9b Revert "Performance improvements"
This reverts commit ce679ef057.
2025-02-12 12:32:47 -06:00
Sean Parkinson bcd89b0592 Merge pull request #8388 from julek-wolfssl/BN_CTX_get
Implement BN_CTX_get
2025-02-12 08:08:58 +10:00
David Garske 92e222b1ab Merge pull request #8429 from SparkiDev/perf_improv_1
Performance improvements AES-GCM and HMAC (in/out hash copy)
2025-02-11 08:32:30 -08:00
Andrew Hutchings cb42f18a47 Minor SE050 improvements
Adds two features for SE050:

1. `WOLFSSL_SE050_AUTO_ERASE`. When enabled, this will automatically
   erase a key from the SE050 when `wc_ecc_free()` and friends are
   called.
2. `WOLFSSL_SE050_NO_RSA`. This stops RSA offloading onto the SE050,
   useful for the SE050E which does not have RSA support.
2025-02-11 16:25:06 +00:00
Sean Parkinson ce679ef057 Performance improvements
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
2025-02-11 10:26:51 +10:00
David Garske be5f203274 Merge pull request #8425 from philljj/ecdsa_mldsa_test_api
dual alg: add ML-DSA test, and misc cleanup.
2025-02-10 15:05:44 -08:00
JacobBarthelmeh 96d9ebcfee add else case to match with other statements 2025-02-10 14:53:15 -07:00
David Garske 4373e551e7 Merge pull request #8431 from LinuxJedi/SE050-fixes
Fix SE050 Port
2025-02-10 11:33:46 -08:00
jordan 557e43bcd7 dual alg: peer review cleanup, and more function comments. 2025-02-10 10:08:35 -05:00
Andrew Hutchings 8870b76c26 Fix SE050 Port
The SE050 port won't compile in the latest wolfSSL. This patch:

* Updates the documentation
* Fixes a missing `#ifdef` that breaks the build
* Changes the use of `mp_int` to `MATH_INT_T`
* Fixes compiler error with `ecc.c`
* Adds a tiny bit of extra debugging info
2025-02-10 14:27:28 +00:00
jordan 937d6d404a dual alg: clean up comments and line lengths. 2025-02-07 09:22:16 -05:00
Juliusz Sosinowicz e2d40288ee Remove internal use of wolfSSL_BN_CTX_new() 2025-02-07 14:45:42 +01:00
Daniel Pouzzner 1e17d737c8 "#undef _WINSOCKAPI_" after defining it to "block inclusion of winsock.h header file", to fix #warning in /usr/x86_64-w64-mingw32/usr/include/winsock2.h. 2025-02-06 18:41:20 -06:00
jordan 035d4022fb dual alg: add ML-DSA test, and misc cleanup. 2025-02-06 15:50:37 -05:00
Sean Parkinson e6ceb40187 Merge pull request #8391 from dgarske/cmake_watcom
Fixes for Watcom compiler and new CI test
2025-02-06 08:51:51 +10:00
David Garske f061e19ecb Merge pull request #8403 from miyazakh/keytype_tsip
Revert TSIP_KEY_TYPE as TSIP TLS definition
2025-02-04 15:21:27 -08:00
David Garske 60c5a0ac7f Peer review feedback. Thank you @jmalak 2025-02-04 14:32:24 -08:00
David Garske 743655b9ce Merge pull request #8402 from gojimmypi/pr-espressif-build-improvement
Improve Espressif make and cmake for ESP8266 and ESP32 series
2025-02-04 14:05:32 -08:00
David Garske 345c969164 Fixes for Watcom compiler and new CI test
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
2025-02-04 12:38:52 -08:00
David Garske f0b3c2955e Merge pull request #8412 from SparkiDev/mlkem_kyber_small_mem
ML-KEM/Kyber: small memory usage
2025-02-04 11:45:01 -08:00
Sean Parkinson 316177a7f1 ML-KEM/Kyber: small memory usage
Options to compile ML-KEM/Kyber to use less dynamic memory.
Only available with C code and has small performance trade-off.
2025-02-04 10:51:56 +10:00
gojimmypi 71a982e6b7 sync with upstream 2025-02-03 16:13:05 -08:00
JacobBarthelmeh 4891d1c471 Merge pull request #8400 from ColtonWilley/add_trusted_cert_pem_parsing
Add support for parsing trusted PEM certs
2025-01-31 10:53:51 -07:00
Hideki Miyazaki 6555da9448 revert TSIP_KEY_TYPE as TSIP TLS definition 2025-01-31 14:13:36 +09:00
David Garske e7a0340eea Merge pull request #8395 from SparkiDev/asm32_asm_older_opt
ARM32 ASM: optimize older platform alternatives
2025-01-30 15:47:25 -08:00
Sean Parkinson 3f47963802 Merge pull request #8396 from douzzer/20250129-CT-tweaks
20250129-CT-tweaks
2025-01-31 09:10:22 +10:00
Daniel Pouzzner 3a6b33c180 tests/api.c and wolfcrypt/benchmark/benchmark.c: fixes for building with HAVE_FFDHE_3072 and/or HAVE_FFDHE_4096 but without HAVE_FFDHE_2048. 2025-01-30 15:02:02 -06:00