Commit Graph

11005 Commits

Author SHA1 Message Date
Brett Nicholas 4bf334c299 Merge pull request #10009 from night1rider/SHE-update
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-16 16:49:00 -06:00
Sean Parkinson c119a21931 SP int: fixes from review by Claude
1. sp_cond_swap_ct_ex (line ~5524) — XOR typo: b->sign ^= b->sign always
zeroed the sign. Fixed to b->sign ^= t->sign to correctly swap signs.
2. sp_mod_d (line ~7271) — Negative modulo correction was applied even
when the remainder was 0. Added (*r != 0) guard to avoid producing d
instead of 0.
3. sp_lshb (line ~8444) — Left-shift size check was off. Refactored to
correctly distinguish between pure-digit shifts and bit-within-digit
shifts when checking if the result fits, using separate overflow checks
for each case.
4. _sp_mulmod_tmp (line ~12160) — Zero inputs caused an allocation of
size 0, which is problematic. Added an early path: if either operand is
zero, set result to zero and skip the allocation/multiply entirely.
5. sp_mod_2d — copy path (line ~14762) — XMEMCPY copied digits *
SP_WORD_SIZEOF bytes but a may have fewer than digits used digits. Fixed
to copy min(a->used, digits) digits to avoid reading uninitialized
memory.
6. sp_mod_2d — negation loop (line ~14782) — Negation loop iterated
over r->used, which could exceed digits. Fixed to loop over min(r->used,
digits).
7. _sp_sqrmod (line ~17314) — Same zero-input issue as _sp_mulmod_tmp.
Added early zero path to skip the allocation/squaring when input is
zero.
8. sp_lcm (line ~19838) — Typo in sign check: b->sign >= MP_NEG
(comparing against a value that is 1, so >= 1 would also match MP_ZPOS)
changed to b->sign == MP_NEG.
2026-04-16 19:01:53 +10:00
Daniel Pouzzner 0f0dab0105 wolfcrypt/src/logging.c and wolfssl/wolfcrypt/logging.h: add wc_backtrace_set_fp(). 2026-04-15 21:28:43 -05:00
Daniel Pouzzner 8d332778b0 wolfcrypt/test/test.c: in ed25519_test(), fix RARE_ED_BAD_ENC_E and RARE_ED_BAD_SIG_E macros to use WC_NO_ERR_TRACE() safely;
.github/workflows/trackmemory.yml: add --enable-debug-trace-errcodes to a couple scenarios.
2026-04-15 21:12:21 -05:00
night1rider 64a1ac8dd2 wc_SHE_ImportM1M2M3: fix guard from || to && so it gates on WOLF_CRYPTO_CB 2026-04-15 18:03:39 -06:00
Sean Parkinson 3c2a92d21d Merge pull request #10225 from kareem-wolfssl/zd21544
Fix uninitialized before use warning.  Fix unsupported #warning directive by Tasking compiler.
2026-04-16 08:55:49 +10:00
Sean Parkinson cd6b062847 Merge pull request #10136 from JeremiahM37/fenrir-issues-2
Fenrir fixes
2026-04-16 08:51:17 +10:00
Sean Parkinson d2175f3b42 Merge pull request #10222 from embhorn/zd21597
Report cert verify failure with MD5
2026-04-16 08:45:15 +10:00
David Garske 48a0347581 Merge pull request #10180 from Frauschi/dilithium-alloc-key
Add dynamic key allocation support for Dilithium
2026-04-15 10:36:14 -07:00
night1rider 9775795470 Add ability to skip load key verify test 2026-04-15 11:28:03 -06:00
night1rider 1078e797f8 Fix CMake SHE deps, const-correctness in CryptoCb uid, stale comment, XSTRLEN double call, configure.ac AES-CBC guard, and add LoadKey/LoadKey_Verify test coverage 2026-04-15 11:28:03 -06:00
night1rider 994b0cdedd Add one-shot SHE LoadKey and LoadKey Verify convenience APIs: wc_SHE_LoadKey, wc_SHE_LoadKey_Id, wc_SHE_LoadKey_Label and their verify counterparts 2026-04-15 11:28:03 -06:00
night1rider f8956abcc1 update she union for callback to be getUid not setUid 2026-04-15 11:28:03 -06:00
night1rider f081a08c5c Address comments from bigbrett and Fenrir bot. Rename she.{c,h} to wc_she.{c,h}, fix naming consistency, auto-enable CMAC/AES dependencies, add WC_SHE_SW_DEFAULT opt-inAddress PR #10009 review comments from bigbrett and Fenrir 2026-04-15 11:28:03 -06:00
night1rider 802c34018c Add more in depth comments in header file for she.h 2026-04-15 11:28:03 -06:00
night1rider ee7fe9e1b1 SHE API: remove key storage from context, add direct output params 2026-04-15 11:28:03 -06:00
night1rider eeedc470e9 Add SHE (Secure Hardware Extension) support to wolfCrypt 2026-04-15 11:27:44 -06:00
David Garske 1a67eb7223 Merge pull request #9851 from night1rider/setkey-callbacks
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
David Garske 240703c959 Merge pull request #10219 from rizlik/se050
SE050: Fixes  + NO_{RSA,ECDHE}_VERIFY options + simulator CI
2026-04-15 09:35:23 -07:00
Sean Parkinson b44d8c66d7 Merge pull request #10192 from mattia-moffa/20260409-fixes
Various fixes
2026-04-15 20:35:04 +10:00
Marco Oliverio 8b01033d0b se050: reviewer's fixes 2026-04-15 08:52:16 +02:00
Marco Oliverio 2f5df5c9f8 se050: abide compilers warning about init keyId 2026-04-15 08:33:30 +02:00
Daniel Pouzzner 9bc221bfec wolfcrypt/test/test.c: skip the "reject authTagSz below WOLFSSL_MIN_AUTH_TAG_SZ" test on FIPS <7.0.0. 2026-04-14 23:09:21 -05:00
Mattia Moffa 0749f20c33 Require exact tag length in EVP_DigestVerifyFinal HMAC path
ZD#21457 (31)
2026-04-15 03:09:11 +02:00
Mattia Moffa 0a00b47c75 Fix ML-KEM ARM64 NEON ciphertext comparison reduction
ZD#21457 (30)
2026-04-15 03:09:11 +02:00
Mattia Moffa 9c304bdc09 PKCS12: check mismatch between hash algo and hash size
ZD#21457 (27)
2026-04-15 03:08:50 +02:00
Sean Parkinson 409b5fcf38 Merge pull request #10172 from embhorn/zd21568
Fix pkcs12 parse issue
2026-04-15 09:00:12 +10:00
night1rider a99a72029c narrow ecc_size/sig_size guards to SETKEY||EXPORT_KEY, update _WC_PK_TYPE_MAX, const-qualify export_key.obj, call _ecc_import_x963_ex2 directly, fix GetSetKeyTypeStr, fix NULL deref in wc_RsaPrivateKeyDecode with WOLF_CRYPTO_CB_FIND, add FIND CI config. 2026-04-14 16:21:50 -06:00
night1rider d58eea5566 Address pr review: add braces, move scope of variables, add X9.63 comment 2026-04-14 16:21:50 -06:00
night1rider bf1013bfd4 Address feedback from Fenrir 2026-04-14 16:21:50 -06:00
night1rider 642a65a34d Add export hooks for ecc 2026-04-14 16:21:50 -06:00
night1rider 1295f4fe0e Add WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY crypto callback
utilities for generic SetKey and ExportKey operations on HMAC, RSA, ECC,
  and AES. Add wc_ecc_size/wc_ecc_sig_size callback hooks for hardware-only
  keys. Integrate into configure.ac as --enable-cryptocbutils=setkey,export
  options with CI test configurations in os-check.yml.

  Add test handlers in test.c and api.c with export/import delegation
  pattern, small-stack-safe allocations, custom curve support, and
  DEBUG_CRYPTOCB helpers.
2026-04-14 16:21:50 -06:00
Kareem 5defbc3219 Tasking compiler does not support #warning and needs the #pragma message case where available.
Fixes #10108.
2026-04-14 15:06:20 -07:00
Kareem 5662077267 Fix uninitialized before use warning in wc_Dilithium_PublicKeyDecode. 2026-04-14 15:00:53 -07:00
Sean Parkinson 64c4203d96 Merge pull request #10214 from douzzer/20260413-cross-riscv64-all-asm-fips-dev
20260413-cross-riscv64-all-asm-fips-dev
2026-04-15 07:13:53 +10:00
David Garske 584489f2e0 Merge pull request #10211 from night1rider/mlkem-cryptocb-sha3-hashtype-bug
Mlkem cryptocb sha3 hashtype not reset after final call
2026-04-14 11:08:26 -07:00
Eric Blankenhorn 4a13896b2e Report cert verify failure with MD5 2026-04-14 12:31:01 -05:00
Marco Oliverio f55ecb5124 se050: add support for SE050 SIGN ONLY options 2026-04-14 18:07:30 +02:00
Marco Oliverio 5cd2db0b4d se050: skip ecc_test_buffers (invalid digest sz) 2026-04-14 18:07:30 +02:00
Marco Oliverio 0fbfbb8089 se050: refuse invalid digest sz in ECDSA 2026-04-14 18:07:30 +02:00
Marco Oliverio e6a7be8969 test: rsa: reset RSA key between operation 2026-04-14 18:07:30 +02:00
Marco Oliverio ed2e230f78 se050: initialize keyId to abide compilers 2026-04-14 18:07:30 +02:00
Marco Oliverio fff6f3fc32 se050: fix RSA Encrypt with only pubkey setting keyId 2026-04-14 18:07:30 +02:00
Andrew Hutchings 931893c62b Address items in code review 2026-04-14 18:07:30 +02:00
Andrew Hutchings f08d7ba950 Fix SE050 RSA port bugs
- se050_rsa_verify: when the function uploads only the public part of the key (keyCreated == 1), erase the transient SE050 object and don't persist keyIdSet = 1. A subsequent sign on the same RsaKey was reusing the public-only SE050 object and failing. Pre-existing bindings (from wc_RsaUseKeyId or a prior sign that uploaded a keypair) are preserved untouched.

- rsa_keygen_test: add WOLFSSL_SE050 to the existing WOLFSSL_CRYPTOCELL guard around the export-then-decode round-trip. SE050-generated keys keep their private components in the secure element, so wc_RsaKeyToDer + wc_RsaPrivateKeyDecode cannot complete. Matching guard on the idx declaration to avoid an unused-variable warning.
2026-04-14 18:07:28 +02:00
Andrew Hutchings 6d2845751b Fix SE050 Ed25519 port bugs and add simulator CI workflow
- se050_ed25519_verify_msg: initialize *res = 0 at entry so failures don't leak a stale res = 1 from a prior good verify.
- Ed25519 import functions: reset keyIdSet / keyId under WOLFSSL_SE050 in wc_ed25519_import_private_key_ex, wc_ed25519_import_private_only, wc_ed25519_import_public_ex so overwriting host-side key material invalidates any prior SE050 object binding.
- New workflow .github/workflows/se050-sim.yml: builds wolfSSL against the NXP Plug&Trust SDK and runs the wolfCrypt tests against the SE050Sim simulator. Patches the upstream Dockerfile to use the PR's wolfSSL source.
- ed25519_test SE050 adjustments:
- Cap the RFC 8032 loop at 5 iters — iter 5's 1023 B msg exceeds NXP SDK SE05X_TLV_BUF_SIZE_CMD = 900.
  - rareEd verifies and private-only sign: expect WC_HW_E (SE050 delegates malformed-input rejection to the secure element) instead of BAD_FUNC_ARG / SIG_VERIFY_E.
  - Skip ed25519ctx_test / ed25519ph_test — SE050 port drops the context/prehash params so RFC 8032 ctx/ph vectors can't byte-match.
2026-04-14 18:05:51 +02:00
Tobias Frauenschläger 17ba0c252a Store the size of the allocated private key buffer for ML-KEM 2026-04-14 13:33:14 +02:00
Tobias Frauenschläger 064cfe2b31 Make ML-DSA signing w1e variable aware of SMALL_STACK 2026-04-14 13:22:19 +02:00
Tobias Frauenschläger b562d5c7d8 Add dynamic key allocation support for Dilithium
This update introduces the WOLFSSL_DILITHIUM_DYNAMIC_KEYS option, allowing
for dynamic memory allocation of public and private key buffers. This change
reduces memory usage by allocating buffers only when needed.
2026-04-14 13:22:12 +02:00
Zackery Backman 467ed28d3f wolfcrypt/mlkem: fix -Wparentheses-equality error when WOLF_CRYPTO_CB_FIND is defined 2026-04-13 22:30:22 -06:00