Sean Parkinson
409b5fcf38
Merge pull request #10172 from embhorn/zd21568
...
Fix pkcs12 parse issue
2026-04-15 09:00:12 +10:00
Sean Parkinson
64c4203d96
Merge pull request #10214 from douzzer/20260413-cross-riscv64-all-asm-fips-dev
...
20260413-cross-riscv64-all-asm-fips-dev
2026-04-15 07:13:53 +10:00
David Garske
584489f2e0
Merge pull request #10211 from night1rider/mlkem-cryptocb-sha3-hashtype-bug
...
Mlkem cryptocb sha3 hashtype not reset after final call
2026-04-14 11:08:26 -07:00
Tobias Frauenschläger
17ba0c252a
Store the size of the allocated private key buffer for ML-KEM
2026-04-14 13:33:14 +02:00
Zackery Backman
467ed28d3f
wolfcrypt/mlkem: fix -Wparentheses-equality error when WOLF_CRYPTO_CB_FIND is defined
2026-04-13 22:30:22 -06:00
Daniel Pouzzner
c4c2d8fafe
src/include.am, wolfcrypt/src/aes.c, wolfcrypt/src/port/riscv/riscv-64-aes.c: initial buildability of fips-dev with --enable-riscv-asm.
2026-04-13 18:57:20 -05:00
Zackery Backman
fffb80d221
Clear sha3->hashType in InitSha3 so Final fully resets the struct for cross sha3 reuse.
2026-04-13 17:12:49 -06:00
Eric Blankenhorn
863db50318
Fix word32 truncation and add true regression test for PKCS12 OOB read
2026-04-13 16:05:51 -05:00
Eric Blankenhorn
4cb016f434
Fix pkcs12 parse issue
2026-04-13 15:11:15 -05:00
David Garske
a143369522
Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
...
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
David Garske
c36beba9b7
Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
...
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
David Garske
bf492eba12
Merge pull request #10175 from yosuke-wolfssl/f_2205
...
Fix authTagSz validation
2026-04-13 09:33:14 -07:00
David Garske
9627d80363
Merge pull request #10184 from SparkiDev/asm_gen_fixes_4
...
ASM generation fixes
2026-04-13 08:37:33 -07:00
David Garske
3b63f4bdee
Merge pull request #10072 from night1rider/extend-cmac-api-id-label
...
Extend/Add label/id extension functions
2026-04-13 08:15:46 -07:00
Yosuke Shimizu
d48fc1801e
Add regression test for authTagSz validation
2026-04-13 13:39:32 +09:00
Sean Parkinson
a50a5403a7
Merge pull request #10199 from douzzer/20260412-clang-23_pre20260331
...
20260412-clang-23_pre20260331
2026-04-13 10:39:11 +10:00
Sean Parkinson
1cd1872abf
Merge pull request #10179 from Frauschi/mlkem-alloc-key
...
Add dynamic key allocation support for ML-KEM
2026-04-13 09:35:34 +10:00
David Garske
3d4e929869
Merge pull request #10173 from SparkiDev/init_cert_sha1
...
Initialize certificate: default to SHA-1 when necessary
2026-04-12 14:46:53 -07:00
David Garske
77b0939a8f
Merge pull request #10176 from SparkiDev/aes_gcm_small_armasm_fix
...
ARM ASM: AES-GCM small table without NEON
2026-04-12 14:46:44 -07:00
Daniel Pouzzner
1b692b8063
fixes for clang -Wunused-but-set-globals (coverage added by LLVM 23_pre20260331).
2026-04-12 12:07:33 -05:00
Daniel Pouzzner
d343ea657b
Merge pull request #10190 from rlm2002/mlkem_valgrind
...
Nightly-multi-test valgrind fix
2026-04-11 13:09:13 -05:00
David Garske
ae0a3877ca
Merge pull request #10122 from miyazakh/f-1370_SigGetSize
...
F-1370 : Tighten key_len check from `>=` to `==`
2026-04-10 14:27:16 -07:00
David Garske
ddf4666031
Merge pull request #10077 from Frauschi/pkcs11-mlkem
...
Add ML-KEM support for PKCS#11
2026-04-10 14:22:47 -07:00
night1rider
3fa0fb78f2
Add (void)ret after CRYPTOCB_UNAVAILABLE fall-through reset in _InitCmac_common to acknowledge intentional store.
2026-04-10 13:19:01 -06:00
night1rider
24c40b543b
reset ret after CRYPTOCB_UNAVAILABLE fall-through in _InitCmac_common, add test_RsaInit_Pub/test_RsaNew_Pub helpers for keypub, re-add (void)heap, reject oversized CMAC id.
2026-04-10 13:19:01 -06:00
night1rider
8b49e0abf0
Fix -Wcast-qual errors by replacing void* with typed id/label params in _common helpers and add input validation.
2026-04-10 13:19:01 -06:00
night1rider
88396d7d12
Fix -Wcast-qual errors in _Label functions by making _common helpers accept const void* data parameter.
2026-04-10 13:19:01 -06:00
night1rider
48e8442e35
Add test/bench_AesEcbInit helper
2026-04-10 13:19:01 -06:00
night1rider
c74f01a1a0
change WC_TEST_NO_ECC_CHECK_KEY to WC_TEST_SKIP_ECC_CHECK_KEY
2026-04-10 13:19:01 -06:00
night1rider
ebdbc8e3d7
Add WC_TEST_SKIP_RSA_PRIVATE_EXPORT to test.c
2026-04-10 13:19:01 -06:00
night1rider
3e112a380b
Extend CMAC API to pull in label/id extension functions to pass down to the AES init call
...
Refactor CMAC init to common function, add wc_AesNew_Id/Label API, do same for RSA new
functions, and add test init helpers for id[] support along with some test disable options
2026-04-10 13:19:00 -06:00
Paul Adelsbach
6f7e5d030b
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-10 10:48:17 -07:00
Ruby Martin
9a8610ca03
increase rand buffer, fix valgrind invalid read size 16
2026-04-10 11:26:51 -06:00
Tobias Frauenschläger
b7cc7adab8
Add dynamic key allocation support for ML-KEM
...
Introduce the WOLFSSL_MLKEM_DYNAMIC_KEYS option to allow dynamic allocation
of private and public key buffers in the MlKemKey struct. This change
enables right-sizing of buffers based on the actual ML-KEM level and eliminates
unnecessary memory usage for encapsulate-only operations.
2026-04-10 17:20:21 +02:00
Tobias Frauenschläger
062ef3e93b
Remove some duplicate CI tests
2026-04-10 12:50:24 +02:00
Tobias Frauenschläger
85dd923355
cryptocb: always run software cleanup in key Free functions
...
The WOLF_CRYPTO_CB_FREE path in wc_MlKemKey_Free, wc_dilithium_free,
and wc_ecc_free returned early when the crypto callback succeeded,
skipping local cleanup: ForceZero on private key material, PRF/hash
object frees (ML-KEM), SHAKE free and cached vector frees (ML-DSA),
and mp_forcezero on the private scalar and all hardware port frees
(ECC).
Any non-PKCS#11 callback returning 0 would silently leave key material
in memory. The PKCS#11 backend worked around this by returning
CRYPTOCB_UNAVAILABLE on success to force the fallthrough — a fragile
contract that is not part of the documented callback interface.
Fix by always continuing to software cleanup after invoking the
callback.
Remove the CRYPTOCB_UNAVAILABLE workaround from the three PKCS#11 free
dispatchers (ECC, ML-DSA, ML-KEM); they now return the real result of
C_DestroyObject.
2026-04-10 12:23:57 +02:00
Tobias Frauenschläger
21f1587c26
PKCS#11: add ML-KEM support
...
Add PKCS#11 integration for ML-KEM with key generation,
encapsulation and decapsulation support through the crypto
callback path.
Includes ML-KEM PKCS#11 constants/types, key store handling,
token object lifecycle management, and ML-KEM key init helpers
for private-key ID/label workflows.
Align implementation details with current upstream conventions
and review feedback:
- internal wolfCrypt ML-KEM path only for PKCS#11
- inline ML-KEM key-type/flag checks in PKCS#11 code
- proper key template formatting and enum placement
- ensure TLS ML-KEM object storage behavior is compatible with
PKCS#11 ephemeral-key decapsulation flow
2026-04-10 12:23:37 +02:00
Hideki Miyazaki
e04fe0c347
fix typo
2026-04-10 15:26:16 +09:00
Sean Parkinson
b764aac074
API testing additions: cipher tests
...
Fixed wc_AesEaxAuthDataUpdate to check eax for NULL before
dereferencing.
Fix AesSivCipher to delete/free AES if new/initialization succeeded.
Memsetting to 0 doesn't work when WC_DEBUG_CIPHER_LIFECYCLE is defined.
Added tests for:
- AES-EAX streaming
- AES-SIV
- Poly1305
- DES-CBC
2026-04-10 15:43:21 +10:00
Sean Parkinson
f4b2908532
ASM generation fixes
...
Shift mnemonic case changed due to generation scripts fixup of class
name - no functional difference.
RISC-V AES-GCM tag check fixed
2026-04-10 10:18:26 +10:00
Sean Parkinson
41aae56ab8
ARM ASM: AES-GCM small table without NEON
...
Non-neon GCM_gmult_len requires M0 which is not available with a small
build.
Fix to have C implementation when M0 and NEON not available.
2026-04-10 08:06:17 +10:00
Sean Parkinson
ecd925f10e
Initialize certificate: default to SHA-1 when necessary
...
Make SHA-1 with RSA signature type the last option.
SHA-1 signatures are deprecated as weak.
2026-04-10 07:58:37 +10:00
JacobBarthelmeh
044a5f8b81
Merge pull request #10143 from dgarske/qat_aes_gcm
...
Improve QAT AES GCM tag checking
2026-04-09 09:40:25 -06:00
Sean Parkinson
3e0679ee17
Merge pull request #10156 from douzzer/20260407-SHA3-unaligned-access
...
20260407-SHA3-unaligned-access
2026-04-09 18:47:06 +10:00
Sean Parkinson
6617863249
Merge pull request #10145 from Frauschi/ecc_follow_up
...
ECC curve validation follow-up
2026-04-09 18:35:56 +10:00
Yosuke Shimizu
0a05129bd6
Fix authTagSz validation
2026-04-09 17:15:28 +09:00
Sean Parkinson
2a064607e4
Merge pull request #10150 from julek-wolfssl/enable-ocsp-responder-disable-tls13
...
Guard OCSP signature params with WC_RSA_PSS ifdef
2026-04-09 18:13:00 +10:00
Juliusz Sosinowicz
bfad5398b1
MSVC: replace UINT32_MAX with WOLFSSL_MAX_32BIT in dilithium.c
2026-04-08 10:00:52 -07:00
Hideki Miyazaki
0e14849c31
addressed Copilot review comments
2026-04-08 17:24:11 +09:00
Hideki Miyazaki
e3fd4cc24d
fix f-1370 key_len size check for void* in wc_SignatureGetSize
2026-04-08 17:07:42 +09:00