Commit Graph

11502 Commits

Author SHA1 Message Date
Daniel Pouzzner 4bf2d52780 Merge pull request #10571 from Frauschi/mlkem_rename
Migrate internal ML-KEM consumers to canonical wc_MlKemKey API
2026-06-05 11:00:44 -05:00
Daniel Pouzzner 727041b525 Merge pull request #10543 from anhu/zeroOnAuthFail
For chachapoly, force zero of output on auth fail
2026-06-05 10:55:05 -05:00
Sean Parkinson eeab53205a Merge pull request #10600 from douzzer/20260604-asm-and-linuxkm-fixes
20260604-asm-and-linuxkm-fixes
2026-06-05 20:55:43 +10:00
Daniel Pouzzner b8d8e918af Merge pull request #10597 from SparkiDev/sp_lazy_mutex_init_improv
SP gen: FP_ECC init mutex improvement
2026-06-04 22:38:06 -05:00
Sean Parkinson ada6c5f95b SP gen: FP_ECC init mutex improvement
F-1379
Better handling of the lazy mutex initialization to use atomics where
available.

Improved atomic code when no system support:
 - add types
 - used types in functions

Add --no-ec to unit.test to not run wolfCrypt tests.
2026-06-05 10:58:44 +10:00
Daniel Pouzzner af119869d2 Merge pull request #10364 from MarkAtwood/fix/evp-cipher-iv-length-cfb-ofb
fix: EVP_CIPHER_iv_length returns 0 for AES-CFB128 and AES-OFB (ZD-21730)
2026-06-04 17:26:48 -05:00
Daniel Pouzzner b2e4bd1a11 Merge pull request #9987 from MarkAtwood/fix/evp-pkey-cmp-after-der-roundtrip
evp: fix EVP_PKEY_cmp for EC keys after DER deserialization
2026-06-04 17:19:46 -05:00
Daniel Pouzzner 6c4c03dc76 Merge pull request #10593 from miyazakh/f4429_EntropyGet
f4429 Add missing upper-bound validation in wc_Entropy_Get()
2026-06-04 17:09:36 -05:00
Daniel Pouzzner 50166aab36 wolfcrypt/src/port/ppc64/ppc64-aes-asm.S: use TOC-relative addressing consistently, and add ELFv2 global-entry prologues. 2026-06-04 16:28:08 -05:00
Daniel Pouzzner 99bf36bb61 wolfcrypt/src/port/arm/armv8-32-curve25519.S and wolfcrypt/src/port/arm/armv8-32-curve25519_c.c: fix MPI overflow in L_curve25519_inv_8, similar to fix in #10536 (efabd1844a). 2026-06-04 14:12:01 -05:00
Daniel Pouzzner 4993571ccd Merge pull request #10549 from rizlik/nc_dns_wildcards
NameConstraints: support wildcard SAN
2026-06-03 22:29:49 -05:00
Daniel Pouzzner c96da9a002 Merge pull request #10581 from miyazakh/ra6m4_update
Removes the legacy ASN parser override (`WOLFSSL_ASN_ORIGINAL`) from …
2026-06-03 20:42:46 -05:00
Daniel Pouzzner 86fa502285 Merge pull request #10577 from kareem-wolfssl/zd21907
Fix compilation with WOLFSSL_RNG_USE_FULL_SEED.  Fix benchmark compilation with MAIN_NO_ARGS.
2026-06-03 20:41:02 -05:00
Hideki Miyazaki 9e711f5c9c Add MAX ENTROPY BITS check 2026-06-04 09:08:24 +09:00
Sean Parkinson aef6283a7e Merge pull request #10540 from Frauschi/small_order_check
Reject small-order public keys for Ed25519 and Ed448
2026-06-04 09:58:24 +10:00
David Garske 3bc1575e12 Merge pull request #9852 from SparkiDev/ppc64_asm_aes
PPC64 ASM: AES-ECB/CBC/CTR/GCM
2026-06-03 16:30:12 -07:00
David Garske 4cce154024 Merge pull request #10530 from SparkiDev/riscv_unaligned_fix
RISC-V ASM unaligned read/writes: alternative assembly
2026-06-03 16:29:33 -07:00
Mark Atwood 05f8d0beed evp: fix EVP_PKEY_cmp for EC keys after DER deserialization
wolfSSL_EVP_PKEY_cmp returned 'not equal' for EC keys that were
serialized to DER and deserialized back, even though the key material
was identical. This happened because keys imported via RFC 5915
(ECPrivateKey) without the optional public key field had type
ECC_PRIVATEKEY_ONLY, meaning the internal ecc_key.pubkey was not
populated. The point comparison then failed against a key that did
have a populated pubkey.

Fix by deriving the public key from the private key via
wc_ecc_make_pub() when the ecc_key type is ECC_PRIVATEKEY_ONLY
before comparing. Also ensure SetECKeyInternal() is called when
the internal representation is not yet synced from external BIGNUMs.
2026-06-03 16:09:53 -07:00
David Garske 70da83972b Merge pull request #10536 from SparkiDev/curve25519_x64_red_fix
X25519 x64 ASM: fix full reduction
2026-06-03 09:24:48 -07:00
Hideki Miyazaki f3a60c2c69 Removes the legacy ASN parser override (WOLFSSL_ASN_ORIGINAL) from the RA6M4 demo project 2026-06-03 14:00:53 +09:00
Daniel Pouzzner 768cdc39d3 wolfcrypt/src/asn.c: in DecodeGeneralName() and DecodeAcertGeneralName(),
* don't disable URI validation when defined(WOLFSSL_FPKI).
* return immediately with ASN_ALT_NAME_E when URI contains an unexpected '/', as in asn_orig.c DecodeAltNames(), fixing OOB read defect.

wolfcrypt/src/asn_orig.c: fix URI validation gating (ignore WOLFSSL_FPKI) in DecodeAltNames().

tests/api/test_certman.c: fix uriSan in test_wolfSSL_X509_check_host_URI_SAN_not_DNS_match() (make it a URI).

tests/api.c: align gating in test_wolfSSL_URI() with new dynamics (URIs validated regardless of defined(WOLFSSL_FPKI)).
2026-06-02 22:16:40 -05:00
Kareem 586fe466bf Fix compilation of benchmark with MAIN_NO_ARGS defined. 2026-06-02 15:57:01 -07:00
Kareem 9592d8254a Fix compilation with WOLFSSL_RNG_USE_FULL_SEED. 2026-06-02 15:50:42 -07:00
Tobias Frauenschläger 320010aad6 Migrate internal ML-KEM consumers to canonical wc_MlKemKey API 2026-06-02 10:51:37 +02:00
Sean Parkinson 95158fa31f Merge pull request #10563 from douzzer/20260528-pk-vector-regs
20260528-pk-vector-regs
2026-06-02 12:59:46 +10:00
Daniel Pouzzner d037bd1eed tests/api/test_pkcs12.c, tests/api/test_pwdbased.c: add missing FIPS version gates to test_wc_PKCS12_PBKDF(), test_wc_PKCS12_PBKDF_ex(), and test_wc_PBKDF1_ex_iterations();
wolfcrypt/src/evp_pk.c: fix identicalInnerCondition in wolfSSL_d2i_PKCS8_PKEY().
2026-06-01 14:23:38 -05:00
Daniel Pouzzner 62c0c8fc13 Merge pull request #10557 from dgarske/cryptocb_fips
Fix FIPS v6 or older build with crypto callbacks and SHA512
2026-06-01 13:32:08 -05:00
Daniel Pouzzner 58fcbd46a8 wolfcrypt/src/sp_*: synchronize with scripts#581.
* Fixes frivolous ASSERT_SAVED_VECTOR_REGISTERS() in sp_#_div_#(),
* Adds "force off unneeded vector register save/restore." macro masking to all archs, and
* Removes now-unused x86 SSE2 asm implementations of sp_#_get_from_table_#().
2026-06-01 10:59:27 -05:00
Sean Parkinson 55c9f83d64 Improvements to SP code
Fixed left shifts to be on unsigned types.

Mod exp change to correctly get the highest indeces of exponent -
corrected in some places and now the same in all.
2026-06-01 10:57:11 +10:00
Sean Parkinson 14b55a0bc4 X25519 x64 ASM: fix full reduction
The last add was overflowing into the top bit.
Must mask the last word to clear top bit.

Add test vectors from Wycheproof.
2026-06-01 09:14:57 +10:00
Daniel Pouzzner 3a4c2cded0 activate ECCSI and SAKKE in linuxkm:
wolfssl/wolfcrypt/settings.h: add WC_NO_GLOBAL_OBJECT_POINTERS implicitly in WC_SYM_RELOC_TABLES section of WOLFSSL_LINUXKM setup.

wolfssl/wolfcrypt/wolfmath.h, wolfcrypt/src/wolfmath.c, wolfcrypt/src/sp_int.c, wolfcrypt/src/sakke.c: when WC_NO_GLOBAL_OBJECT_POINTERS, use static local wc_off_on_addr rather than global in wolfmath.c.

wolfcrypt/src/sakke.c:
* in wc_DeriveSakkeSSV(), initialize a[] with explicit XMEMSET() rather than " = {0}", to avoid unmaskable implicit memset() emitted by compiler.
* remove all vector register provisions (SAVE_VECTOR_REGISTERS(), RESTORE_VECTOR_REGISTERS(), ASSERT_SAVED_VECTOR_REGISTERS()).

linuxkm/module_exports.c.template: add includes for eccsi.h and sakke.h.

configure.ac:

* tweak enable-all-crypto setup to make enable_eccsi unconditional alongside enable_fpecc;

* move enable_sakke to be conditional only on !FIPS.

* notably this activates ECCSI and SAKKE on kernel all-crypto builds.

wolfcrypt/test/test.c: WC_*_VAR*() refactors for eccsi_test() and sakke_test().
2026-05-30 15:11:36 -05:00
Daniel Pouzzner 3121c55e4e linuxkm on x86: global refactor across PK implementations of sp-asm vector register preservation, including removal of all residual can't-fail vector paths in PK algs.
wolfcrypt/src/sp_x86_64.c:

* fix ASSERT_SAVED_VECTOR_REGISTERS() in C wrappers: add where missing for implementations that use AVX2, and remove frivolous checks for ones that don't.

* refactor vector save-restore with a single locally tracked save in sp_RsaPublic_#(), sp_RsaPrivate_#(), sp_ecc_mulmod_add_#(), sp_ecc_mulmod_base_add_#(), sp_ecc_make_key_#(), and sp_#_calc_s_#().

* fix feature test in sp_ModExp_Fp_star_1024(), sp_Pairing_1024(), and sp_Pairing_gen_precomp_1024(), to properly gate on IS_INTEL_AVX2(cpuid_flags) and SAVE_VECTOR_REGISTERS2() == 0.

wolfcrypt/src/{dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sp_int.c}:

* remove all vector register provisions (SAVE_VECTOR_REGISTERS(), RESTORE_VECTOR_REGISTERS(), ASSERT_SAVED_VECTOR_REGISTERS());

* add explicit WC_CHECK_FOR_INTR_SIGNALS() and WC_RELAX_LONG_LOOP() to the lengthy loops in wc_DhGenerateParams(), wc_MakeDsaParameters(), ecc_sign_hash_sw(), and wc_MakeRsaKey().

wolfssl/wolfcrypt/{error-crypt.h,logging.h,memory.h}:

* make wc_backtrace_render() and wc_backtrace_set_fp() available whenever defined(WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES);

* add support for DEBUG_VECTOR_REGISTERS_BACKTRACE_ON_FAIL, activating backtraces on vector register errors.

* also improve the debugging format from the DEBUG_VECTOR_REGISTER_ACCESS variants of SAVE_VECTOR_REGISTERS() and friends.

linuxkm/lkcapi_{dh,ecdh,ecdsa,rsa}_glue.c: harmonize PK driver names with AES, SHA, and DRBG, notably adding AVX2 annotation when enabled.

wolfcrypt/src/{sp_x86_64_asm.S,sp_x86_64_asm.asm}: synchronize with wolfssl/scripts#581 (removes SSE2 implementations of sp_#_get_from_table_#(), which no longer have users).
2026-05-30 15:11:15 -05:00
JacobBarthelmeh f6f27652dd Merge pull request #10495 from LinuxJedi/PIC32MZ-Sim
Add PIC32MZ emulator tests
2026-05-29 16:21:15 -06:00
JacobBarthelmeh 9fa5db5606 Merge pull request #10509 from kareem-wolfssl/zd21863_5
Disallow matching URI type in CheckForAltNames.  NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.
2026-05-29 16:08:04 -06:00
David Garske f41a9dc1e7 Fix FIPS v6 or older build with crypto callbacks and SHA512 2026-05-29 10:01:22 -07:00
Sean Parkinson 018e937a91 RISC-V ASM unaligned read/writes: alternative assembly
Not all RISC-V chips allow unaligned reads and writes with basic
assembly instructions like lw/sw.
Add alternative assembly that is turned on with:
WOLFSSL_RISCV_ASM_NO_UNALIGNED.
2026-05-29 10:11:12 +10:00
JacobBarthelmeh beff858833 Merge pull request #10552 from julek-wolfssl/evp-x25519-x448
Add NID_X25519 and NID_X448 support to the EVP layer
2026-05-28 15:57:50 -06:00
Tobias Frauenschläger 25a1a20444 Reject small-order public keys for Ed25519 and Ed448
Add defense-in-depth checks to wc_ed{25519,448}_check_key() and
ed{25519,448}_verify_msg_final_with_sha() that reject the identity
point and other small-order public keys. Honest EdDSA key generation
never produces such keys, but wolfSSL previously accepted them on
import and verification. The guard runs at both entry points so it
holds even when a key is imported with trusted=1. New tests are gated
on !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0).
2026-05-28 19:53:19 +02:00
Daniel Pouzzner 7467ce2173 Merge pull request #10531 from SparkiDev/kernel_sp_vector
SP x86_64: save and restore vector registers
2026-05-28 11:43:48 -05:00
Juliusz Sosinowicz df8cc30cb8 Add NID_X25519 and NID_X448 support to the EVP layer 2026-05-28 14:40:36 +00:00
Marco Oliverio c4b4e6cd14 NameConstraints: support wildcard SAN 2026-05-28 15:19:20 +02:00
David Garske 2dd7947d27 Merge pull request #10483 from cconlon/pkcs8V1PublicKeyParse
ML-DSA: PKCS#8 parsing + EVP_PKCS82PKEY support
2026-05-27 17:41:30 -07:00
Kareem 4472980738 Code review feedback and minor fixes.
Remove outdated RFC, refactor into single error case, guard against negative/0 len and NULL *data pointer, don't set ownStatus until status is confirmed non-NULL.
2026-05-27 16:54:14 -07:00
Kareem 872a03a056 Disallow matching URI type in CheckForAltNames.
Thanks to Haruki Oyama (Waseda University) for the report.
2026-05-27 16:54:14 -07:00
Sean Parkinson 971d2b051a Merge pull request #10401 from night1rider/Early-heap-delcare-cmac
plumb caller heap into Cmac before cryptocb fires
2026-05-28 09:46:10 +10:00
Sean Parkinson 78a5740bac Merge pull request #10504 from miyazakh/f-2180_pbkdf
f-2180: fix clamp iterations <= 0 to 1 instead of returning an error
2026-05-28 09:32:01 +10:00
Sean Parkinson c92208076f Merge pull request #10374 from kareem-wolfssl/zd21699
Enable all-zero shared secret check for Curve448/25519 by default.  Ensure post_handshake_auth extension was sent before accepting post-handshake CertificateRequest message.
2026-05-28 09:29:49 +10:00
Sean Parkinson eaadfb12ed Merge pull request #10508 from JacobBarthelmeh/static_analysis_3
devcrypto fixes, forcezero on memory after use, RX64 GetHash port fix, blake2 stor64 alignment
2026-05-28 09:24:56 +10:00
Sean Parkinson 7bcc613bb0 Merge pull request #10478 from embhorn/zd21821
Fixes in SP int and DH
2026-05-28 09:00:41 +10:00
jordan 12d79d8838 wc_port: guard fcntl behind WOLFSSL_KERNEL_MODE. 2026-05-27 14:52:54 -05:00