Commit Graph

11423 Commits

Author SHA1 Message Date
David Garske 8199fda0a4 Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
David Garske a3f5260260 Merge pull request #10500 from rizlik/sha224_only
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Roy Carter 56e4612e4e Fix : apply Julek pr notes 2026-05-22 19:01:05 +03:00
Roy Carter c1a507e175 Feature: allow the usage of
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify

in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson 8597d9da83 Merge pull request #10496 from dgarske/fenrir_20260518
Various Fenrir fixes (F-2626, F-585, F-586, F-2638, F-1960, F-599)
2026-05-23 01:28:42 +10:00
Andrew Hutchings 8574fa995f Merge pull request #10470 from JacobBarthelmeh/tropic
fix for tropic port AES key length used
2026-05-21 13:59:48 -07:00
JacobBarthelmeh 70288b017f add sanity check on AES key length 2026-05-20 16:02:56 -07:00
David Garske 782787276c Merge pull request #10497 from Frauschi/mldsa_rename
ML-DSA renaming part 2
2026-05-20 11:24:09 -07:00
Tobias Frauenschläger 1dffcffb80 Fix hashType comparison in SLH-DSA 2026-05-20 10:16:37 -07:00
Tobias Frauenschläger 2a30ce3c04 Rename ML-DSA wc_PqcSignatureType entry 2026-05-20 09:06:54 -07:00
Marco Oliverio 408ea84c83 sha256: check no hw accelleartion is enabled with CB_ONLY_SHA256 2026-05-20 11:33:31 +02:00
JacobBarthelmeh 6ac6e5065e fix for tropic port AES key length used 2026-05-20 00:43:36 -07:00
Tobias Frauenschläger 44074fd1df More ML-DSA renaming 2026-05-19 14:09:09 -07:00
David Garske dc56e87522 Merge pull request #10466 from Frauschi/slhdsa_cryptocb
Add CryptoCb support for SLH-DSA
2026-05-19 13:59:40 -07:00
David Garske 9a5bb8eb23 fix(signature): fenrir 2626 enforce min hash strength 2026-05-19 10:06:56 -07:00
David Garske 2fad30e394 fix(qat): fenrir 585 null-check buffers before memcpy 2026-05-19 10:06:56 -07:00
David Garske 0ea4fa0f97 fix(qat): fenrir 586 guard exit memcpy on error path 2026-05-19 10:06:56 -07:00
David Garske a211f74a8d fix(se050): fenrir 2638 zero ed25519 der buffer 2026-05-19 10:06:56 -07:00
David Garske 583bd6bc4e fix(kcapi): fenrir 1960 zero ecdh secret before free 2026-05-19 10:06:56 -07:00
David Garske 66e5b8fd14 fix(stm32): fenrir 599 capture sign from input mp_int 2026-05-19 10:06:55 -07:00
David Garske 583dbaff60 Merge pull request #10488 from padelsbach/lms-xmss-test-sig-cmp
Update LMS and XMSS key advance test
2026-05-19 10:04:12 -07:00
Marco Oliverio 0c8cabedff crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256 2026-05-19 10:22:06 +02:00
David Garske 145a4fac69 Merge pull request #10449 from LinuxJedi/TropicSim
Add TROPIC01 simulator
2026-05-18 16:34:25 -07:00
David Garske be67bf88f7 Merge pull request #10436 from Frauschi/mldsa_rename
Rename Dilithium to canonical ML-DSA (FIPS 204) names
2026-05-18 11:44:21 -07:00
David Garske 1ccd462ea1 Merge pull request #10482 from rlm2002/coverity
13052026 Coverity Fixes
2026-05-18 10:35:42 -07:00
David Garske bc2e842234 Merge pull request #10460 from JacobBarthelmeh/static_analysis
Static analysis fixes/improvements for SECO, devcrypto, ARIA, MD4, MD2
2026-05-18 10:31:37 -07:00
David Garske 4c9116c743 Merge pull request #10462 from kareem-wolfssl/zd21507
Fix alert type for missing cert.  Prevent building with RNG disabled and blinding enabled by default.  Enforce bounds for AES CMAC size in verify.
2026-05-17 22:25:09 -07:00
David Garske d982aa27cc Merge pull request #10467 from JacobBarthelmeh/static_analysis_2
Xilinx/AMD port fixes for sanity checks on return values and psoc6 sanity check on input arg
2026-05-17 22:22:12 -07:00
David Garske 0055eb5e82 Merge pull request #10459 from JacobBarthelmeh/caam
fix for CAAM build
2026-05-17 22:22:05 -07:00
Tobias Frauenschläger 2832df2139 Update C# wrapper to new ML-DSA names 2026-05-16 09:48:35 -05:00
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
Ruby Martin 4e0e1891fb remove logically dead code
remove unused total value
2026-05-14 15:28:07 -06:00
Kareem 02306592be Require that the AES CMAC mac size is inside of the range [WC_CMAC_TAG_MIN_SZ, WC_AES_BLOCK_SIZE].
Fixes F-3084.
2026-05-14 12:45:17 -07:00
Paul Adelsbach 8e150a2868 Update LMS and XMSS key advance test 2026-05-14 12:25:59 -07:00
David Garske 460a87119e Merge pull request #10351 from rizlik/cryptocbonly
CRYPTOCB_ONLY: add test infra + SHA256 + AES
2026-05-14 10:37:39 -07:00
Daniel Pouzzner 00fe73b2ca Merge pull request #10484 from SparkiDev/arm32_neon_chacha20_align_fix
ARM32 NEON ChaCha20: alignment fix
2026-05-14 08:54:09 -05:00
Sean Parkinson 81cce394db Merge pull request #10440 from JeremiahM37/gh10423
fix NO_VERIFY_OID build in GetOID
2026-05-14 20:02:06 +10:00
Sean Parkinson 31a76d333b Merge pull request #10468 from JeremiahM37/fenrir-wolfcrypt-api-hardening
wolfCrypt API hardening: input validation, key zeroization, hardware ports
2026-05-14 20:00:39 +10:00
Sean Parkinson 75f32a336c Merge pull request #10442 from JeremiahM37/zd21783
Fix SAKKE OOB write and correctness gap in sakke_hash_to_range
2026-05-14 19:51:52 +10:00
Sean Parkinson e1840c6f83 ARM32 NEON ChaCha20: alignment fix
vldm and vstm assume an 32-bit alignment.
Change to use vld1 and vst1.
2026-05-14 19:39:10 +10:00
David Garske c450bdb381 Merge pull request #10471 from JacobBarthelmeh/cavium_octeon
fix Octeon AES-GCM J0 derivation when ivSz is a non-12-byte non-zero …
2026-05-13 15:25:11 -07:00
David Garske 121387ab25 Merge pull request #10479 from padelsbach/aesgcm-unused-vars
Avoid unused variable errors in aesgcm_non12iv_test
2026-05-13 14:36:07 -07:00
Daniel Pouzzner 5dd30c277d wolfcrypt/test/test.c: reapply lost fixes from 03cee6f2bf to aes_cbc_iv_state_test() (lost in #10404 / df5b2b6cb1). 2026-05-13 14:39:50 -05:00
Paul Adelsbach 51540a0c79 Avoid unused variable errors in aesgcm_non12iv_test 2026-05-13 10:59:06 -07:00
JacobBarthelmeh 7e30aaddce add include of misc.h for ForceZero with ARIA port 2026-05-13 11:51:35 -06:00
JacobBarthelmeh 7ef517f4b1 update documentation comments and devcrypto aes free case 2026-05-13 11:51:35 -06:00
JacobBarthelmeh c2b6bab679 force zero on ARIA buffers after use 2026-05-13 11:51:35 -06:00
JacobBarthelmeh 43b0d0d8ab fix for handling of error case with AES devcrypto 2026-05-13 11:51:35 -06:00
JacobBarthelmeh bd178bff7c handling unaligned ChaCha input key buffer 2026-05-13 11:51:33 -06:00