David Garske
2971c7024b
Merge pull request #9671 from SparkiDev/aes_gcm_arm32_hw_crypto_set_key_unaligned
...
ARM32 HW Crypto: AES-GCM set key unaligned key
2026-02-18 10:54:42 -08:00
David Garske
7efefc7b22
Merge pull request #9792 from SparkiDev/sp_c_rsa_pub_only
...
SP C - RSA public only build with DH
2026-02-18 10:01:53 -08:00
David Garske
0dd5009db0
Merge pull request #9768 from anhu/wc_CheckPrivateKey
...
wc_CheckPrivateKey returns NOT_COMPILED_IN for certain gating flags
2026-02-18 08:01:53 -08:00
Sean Parkinson
63b9d13db8
Merge pull request #9790 from bigbrett/sp-rsa-unused-var
...
Fix macro protection in SP code for RSA_LOW_MEM
2026-02-18 16:36:04 +10:00
Sean Parkinson
6b46754800
SP C - RSA public only build with DH
...
Fix build to compile when RSA public only but DH included.
2026-02-18 12:26:00 +10:00
Brett Nicholas
140f9aafe2
test-fix
2026-02-17 15:54:12 -07:00
Brett Nicholas
2c7eb9bc12
fix macro protection for sp_*_cond_add_* in ARM SP asm to prevent unused function warning when used with RSA_LOW_MEM
2026-02-17 15:33:14 -07:00
Anthony Hu
50fbf7f721
wc_CheckPrivateKey() returns NOT_COMPILED_IN for certain gating flags
2026-02-17 17:02:08 -05:00
David Garske
5960a365de
Merge pull request #9776 from Pushyanth-Infineon/fix_psoc6_sha_includes
...
Fix missing header includes and conditional compilation issue for PSoC6 port.
2026-02-17 10:12:00 -08:00
David Garske
a0a76254a5
Merge pull request #9783 from SparkiDev/aes_clang_volatile
...
AES clang: make x volatile in pre-fetch functions
2026-02-17 10:10:56 -08:00
Andrew Hutchings
8042f767ed
Fix issues found in static analysis
...
- Fix missing cleanup on error in wc_XChaCha20Poly1305_crypt_oneshot:
change early return to goto out so ForceZero and free are called
- Fix memory leak in wc_DeCompressDynamic: free tmp buffer before
early return on avail_out size check failure
- Fix unconditional mutex unlock in PQC sign functions (falcon,
sphincs, dilithium): only call unlock when lock was acquired
- Remove dead oqssig NULL checks in falcon sign/verify that are
unreachable after the preceding SIG_TYPE_E assignment
2026-02-17 15:20:36 +00:00
Sean Parkinson
299e7bd097
AES clang: make x volatile in pre-fetch functions
...
Latest version of clang with optimization turned right up will make the
pre-fetch functions return 0.
The pre-fetch functions are there to ensure tables are all in cache not
to calculate a value.
2026-02-17 08:44:24 +10:00
David Garske
d81bb7234a
Merge pull request #9778 from LinuxJedi/exp-fixes
...
Fixes to big-endian bugs found in Curve448 and Blake2S
2026-02-16 14:30:47 -08:00
David Garske
be9f3853fa
Merge pull request #9764 from lealem47/wolfEntropy_arm32
...
wolfEntropy: Add ARM Generic Timer virtual counter as time src
2026-02-16 13:00:26 -08:00
Pushyanth Kamatham
b395eef455
Fix missing header includes and conditional compilation issue in PSoC6 crypto hardware acceleration port.
...
Guard the `aes->left = 0` assignment to enable when WOLFSSL_AES_CFB is defined.
2026-02-17 02:26:52 +05:30
Andrew Hutchings
451cb45670
Fix Blake2s overlapping writes
...
We are copying from a 32bit buffer, so are overlapping writes. This
could cause damage the hash on big-endian platforms.
2026-02-16 16:08:27 +00:00
Andrew Hutchings
180c66ba70
Fix curve448
...
`wc_curve448_check_public` can get into an infinite loop in the
big-endian code path.
2026-02-16 15:56:41 +00:00
Daniel Pouzzner
1c92c74116
Merge pull request #9631 from padelsbach/crl-generation
...
Add CRL generation code
2026-02-13 21:59:52 -06:00
Paul Adelsbach
81ae472e50
Add CRL generation code
2026-02-13 10:54:47 -08:00
Daniel Pouzzner
c4131659cc
Merge pull request #9767 from SparkiDev/sp_thumb2_mont_sub_reg_fix
...
Thumb2 SP ASM: mont_sub fix
2026-02-13 11:35:36 -06:00
David Garske
16ba668ebe
Merge pull request #9632 from jackctj117/CSR-signing
...
Add wc_SignCert_cb API for external signing callbacks
2026-02-13 09:07:37 -08:00
Sean Parkinson
e48c867f6f
Thumb2 SP ASM: mont_sub fix
...
Always use all the parameters and always use the parameter name and not
the assumed register.
2026-02-13 11:49:21 +10:00
Lealem Amedie
d9b934323a
Check if _POSIX_C_SOURCE is defined
2026-02-12 18:13:29 -07:00
Lealem Amedie
17287cd595
wolfEntropy: Add ARM Generic Timer virtual counter as time src
2026-02-12 18:13:29 -07:00
David Garske
49ed1fa21f
Merge pull request #9684 from SparkiDev/ecc_import_pub_check_fix
...
ECC: import point, always do some checks
2026-02-11 21:53:03 -08:00
David Garske
1b0b4b1444
Merge pull request #9756 from SparkiDev/arm_asm_fixes_1
...
ARM assembly fixes
2026-02-11 21:51:51 -08:00
Sean Parkinson
2f53add6a5
Merge pull request #9758 from LinuxJedi/lxj-fixes
...
Minor fixes to EVP and PKCS12 code
2026-02-12 08:01:28 +10:00
Sean Parkinson
1847c6e778
Merge pull request #9721 from dgarske/x25519_nb
...
Add X25519 non-blocking support and async example improvements
2026-02-12 07:56:58 +10:00
David Garske
bc12b7563f
Peer review improvements
2026-02-10 14:51:51 -08:00
Andrew Hutchings
54e8e80e81
Added integer overflow protection to PKCS12
...
PKCS12_ConcatenateContent() could overflow.
2026-02-10 15:53:29 +00:00
Andrew Hutchings
6b4fd431da
Fix leak in PKCS12 error path
2026-02-10 15:47:10 +00:00
Andrew Hutchings
a8d844003e
Fix potential buffer overflow in EVP
...
It is potentially possible on a 32bit system to get realloc to overflow
with several of the EVP functions.
2026-02-10 14:49:20 +00:00
Sean Parkinson
2b370f8ecb
ARM assembly fixes
...
armv8-32-aes-asm*: Fix #define protection around L_AES_ARM32_ecb_td4.
armv8-curve25519_c.c: Fix definition of fe_invert_nct to match
prototype.
2026-02-10 16:20:20 +10:00
David Garske
19bb7198a2
Peer review fixes
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-06 10:24:31 -08:00
David Garske
78bba7e90f
Fix for TLS with WOLFSSL_SMALL_CERT_VERIFY
2026-02-05 21:55:32 -08:00
Daniel Pouzzner
25db90afe7
Merge pull request #9741 from kareem-wolfssl/variousFixes
...
Various fixes
2026-02-05 20:32:12 -06:00
Daniel Pouzzner
8e6ebdb8ac
Merge pull request #9723 from SparkiDev/ssl_split_cert
...
Split out code form ssl.c and pk.c
2026-02-05 18:21:36 -06:00
Daniel Pouzzner
1d871879df
Merge pull request #9726 from Frauschi/pkcs11_pqc_prep
...
PKCS#11 PQC preparation work
2026-02-05 16:50:25 -06:00
Daniel Pouzzner
a6ee93c84c
Merge pull request #9739 from holtrop-wolfssl/rust-crate-fips-support
...
Rust wrapper: add FIPS support
2026-02-05 16:49:58 -06:00
Daniel Pouzzner
681d09fc3c
Merge pull request #9714 from philljj/bsdkm_crypto_accel
...
bsdkm: x86 crypto acceleration support.
2026-02-05 16:48:03 -06:00
Daniel Pouzzner
2a32e108d0
Merge pull request #9656 from jackctj117/PKCS7-signing
...
Add PKCS7 ECC raw sign callback support
2026-02-05 16:46:27 -06:00
Daniel Pouzzner
6d7cb87965
Merge pull request #9733 from SparkiDev/srtp_kdf_ctr_fix
...
SRTP-KDF: use two bytes of index
2026-02-05 16:21:38 -06:00
jackctj117
cfcd384c4c
Address copilot feedback
2026-02-05 12:12:16 -07:00
jackctj117
d774825ab8
Address copilot feedback
2026-02-05 11:57:33 -07:00
David Garske
8c30cfb0da
Add tests for async with static memory. Fix issue with mixed-declaration in SP ECC non-blocking.
2026-02-05 09:43:31 -08:00
David Garske
6a4415911b
Merge pull request #9727 from miyazakh/tsip_rm_asn_original
...
Renesas RX72N : Remove WOLFSSL_ASN_ORIGINAL from user_settings.h
2026-02-05 08:42:59 -08:00
David Garske
4d3925d526
Add X25519 non-blocking support for key gen and shared secret
...
## Summary
- Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`)
- Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply
- Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key
- Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`)
- Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`)
- Add X25519 async software dispatch cases in `async.c` and types in `async.h`
- Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms)
- Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync
- Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow
- Add wolfcrypt test and API test coverage for X25519 non-blocking
2026-02-04 21:28:52 -08:00
David Garske
c7ed5ff179
Merge pull request #9740 from douzzer/20260204-linuxkm-with-global-replace-etc
...
20260204-linuxkm-with-global-replace-etc
2026-02-04 19:07:06 -08:00
Kareem
4bb4648282
Ensure lru_count does not overflow.
2026-02-04 15:33:15 -07:00
Chris Conlon
3753f69a50
Merge pull request #9728 from padelsbach/aia-updates
...
Extend AIA interface
2026-02-04 15:11:02 -07:00