Commit Graph

9263 Commits

Author SHA1 Message Date
David Garske 2971c7024b Merge pull request #9671 from SparkiDev/aes_gcm_arm32_hw_crypto_set_key_unaligned
ARM32 HW Crypto: AES-GCM set key unaligned key
2026-02-18 10:54:42 -08:00
David Garske 7efefc7b22 Merge pull request #9792 from SparkiDev/sp_c_rsa_pub_only
SP C - RSA public only build with DH
2026-02-18 10:01:53 -08:00
David Garske 0dd5009db0 Merge pull request #9768 from anhu/wc_CheckPrivateKey
wc_CheckPrivateKey returns NOT_COMPILED_IN for certain gating flags
2026-02-18 08:01:53 -08:00
Sean Parkinson 63b9d13db8 Merge pull request #9790 from bigbrett/sp-rsa-unused-var
Fix macro protection in SP code for RSA_LOW_MEM
2026-02-18 16:36:04 +10:00
Sean Parkinson 6b46754800 SP C - RSA public only build with DH
Fix build to compile when RSA public only but DH included.
2026-02-18 12:26:00 +10:00
Brett Nicholas 140f9aafe2 test-fix 2026-02-17 15:54:12 -07:00
Brett Nicholas 2c7eb9bc12 fix macro protection for sp_*_cond_add_* in ARM SP asm to prevent unused function warning when used with RSA_LOW_MEM 2026-02-17 15:33:14 -07:00
Anthony Hu 50fbf7f721 wc_CheckPrivateKey() returns NOT_COMPILED_IN for certain gating flags 2026-02-17 17:02:08 -05:00
David Garske 5960a365de Merge pull request #9776 from Pushyanth-Infineon/fix_psoc6_sha_includes
Fix missing header includes and conditional compilation issue for PSoC6 port.
2026-02-17 10:12:00 -08:00
David Garske a0a76254a5 Merge pull request #9783 from SparkiDev/aes_clang_volatile
AES clang: make x volatile in pre-fetch functions
2026-02-17 10:10:56 -08:00
Andrew Hutchings 8042f767ed Fix issues found in static analysis
- Fix missing cleanup on error in wc_XChaCha20Poly1305_crypt_oneshot:
  change early return to goto out so ForceZero and free are called
- Fix memory leak in wc_DeCompressDynamic: free tmp buffer before
  early return on avail_out size check failure
- Fix unconditional mutex unlock in PQC sign functions (falcon,
  sphincs, dilithium): only call unlock when lock was acquired
- Remove dead oqssig NULL checks in falcon sign/verify that are
  unreachable after the preceding SIG_TYPE_E assignment
2026-02-17 15:20:36 +00:00
Sean Parkinson 299e7bd097 AES clang: make x volatile in pre-fetch functions
Latest version of clang with optimization turned right up will make the
pre-fetch functions return 0.
The pre-fetch functions are there to ensure tables are all in cache not
to calculate a value.
2026-02-17 08:44:24 +10:00
David Garske d81bb7234a Merge pull request #9778 from LinuxJedi/exp-fixes
Fixes to big-endian bugs found in Curve448 and Blake2S
2026-02-16 14:30:47 -08:00
David Garske be9f3853fa Merge pull request #9764 from lealem47/wolfEntropy_arm32
wolfEntropy: Add ARM Generic Timer virtual counter as time src
2026-02-16 13:00:26 -08:00
Pushyanth Kamatham b395eef455 Fix missing header includes and conditional compilation issue in PSoC6 crypto hardware acceleration port.
Guard the `aes->left = 0` assignment to enable when WOLFSSL_AES_CFB is defined.
2026-02-17 02:26:52 +05:30
Andrew Hutchings 451cb45670 Fix Blake2s overlapping writes
We are copying from a 32bit buffer, so are overlapping writes. This
could cause damage the hash on big-endian platforms.
2026-02-16 16:08:27 +00:00
Andrew Hutchings 180c66ba70 Fix curve448
`wc_curve448_check_public` can get into an infinite loop in the
big-endian code path.
2026-02-16 15:56:41 +00:00
Daniel Pouzzner 1c92c74116 Merge pull request #9631 from padelsbach/crl-generation
Add CRL generation code
2026-02-13 21:59:52 -06:00
Paul Adelsbach 81ae472e50 Add CRL generation code 2026-02-13 10:54:47 -08:00
Daniel Pouzzner c4131659cc Merge pull request #9767 from SparkiDev/sp_thumb2_mont_sub_reg_fix
Thumb2 SP ASM: mont_sub fix
2026-02-13 11:35:36 -06:00
David Garske 16ba668ebe Merge pull request #9632 from jackctj117/CSR-signing
Add wc_SignCert_cb API for external signing callbacks
2026-02-13 09:07:37 -08:00
Sean Parkinson e48c867f6f Thumb2 SP ASM: mont_sub fix
Always use all the parameters and always use the parameter name and not
the assumed register.
2026-02-13 11:49:21 +10:00
Lealem Amedie d9b934323a Check if _POSIX_C_SOURCE is defined 2026-02-12 18:13:29 -07:00
Lealem Amedie 17287cd595 wolfEntropy: Add ARM Generic Timer virtual counter as time src 2026-02-12 18:13:29 -07:00
David Garske 49ed1fa21f Merge pull request #9684 from SparkiDev/ecc_import_pub_check_fix
ECC: import point, always do some checks
2026-02-11 21:53:03 -08:00
David Garske 1b0b4b1444 Merge pull request #9756 from SparkiDev/arm_asm_fixes_1
ARM assembly fixes
2026-02-11 21:51:51 -08:00
Sean Parkinson 2f53add6a5 Merge pull request #9758 from LinuxJedi/lxj-fixes
Minor fixes to EVP and PKCS12 code
2026-02-12 08:01:28 +10:00
Sean Parkinson 1847c6e778 Merge pull request #9721 from dgarske/x25519_nb
Add X25519 non-blocking support and async example improvements
2026-02-12 07:56:58 +10:00
David Garske bc12b7563f Peer review improvements 2026-02-10 14:51:51 -08:00
Andrew Hutchings 54e8e80e81 Added integer overflow protection to PKCS12
PKCS12_ConcatenateContent() could overflow.
2026-02-10 15:53:29 +00:00
Andrew Hutchings 6b4fd431da Fix leak in PKCS12 error path 2026-02-10 15:47:10 +00:00
Andrew Hutchings a8d844003e Fix potential buffer overflow in EVP
It is potentially possible on a 32bit system to get realloc to overflow
with several of the EVP functions.
2026-02-10 14:49:20 +00:00
Sean Parkinson 2b370f8ecb ARM assembly fixes
armv8-32-aes-asm*: Fix #define protection around L_AES_ARM32_ecb_td4.
armv8-curve25519_c.c: Fix definition of fe_invert_nct to match
prototype.
2026-02-10 16:20:20 +10:00
David Garske 19bb7198a2 Peer review fixes
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 10:24:31 -08:00
David Garske 78bba7e90f Fix for TLS with WOLFSSL_SMALL_CERT_VERIFY 2026-02-05 21:55:32 -08:00
Daniel Pouzzner 25db90afe7 Merge pull request #9741 from kareem-wolfssl/variousFixes
Various fixes
2026-02-05 20:32:12 -06:00
Daniel Pouzzner 8e6ebdb8ac Merge pull request #9723 from SparkiDev/ssl_split_cert
Split out code form ssl.c and pk.c
2026-02-05 18:21:36 -06:00
Daniel Pouzzner 1d871879df Merge pull request #9726 from Frauschi/pkcs11_pqc_prep
PKCS#11 PQC preparation work
2026-02-05 16:50:25 -06:00
Daniel Pouzzner a6ee93c84c Merge pull request #9739 from holtrop-wolfssl/rust-crate-fips-support
Rust wrapper: add FIPS support
2026-02-05 16:49:58 -06:00
Daniel Pouzzner 681d09fc3c Merge pull request #9714 from philljj/bsdkm_crypto_accel
bsdkm: x86 crypto acceleration support.
2026-02-05 16:48:03 -06:00
Daniel Pouzzner 2a32e108d0 Merge pull request #9656 from jackctj117/PKCS7-signing
Add PKCS7 ECC raw sign callback support
2026-02-05 16:46:27 -06:00
Daniel Pouzzner 6d7cb87965 Merge pull request #9733 from SparkiDev/srtp_kdf_ctr_fix
SRTP-KDF: use two bytes of index
2026-02-05 16:21:38 -06:00
jackctj117 cfcd384c4c Address copilot feedback 2026-02-05 12:12:16 -07:00
jackctj117 d774825ab8 Address copilot feedback 2026-02-05 11:57:33 -07:00
David Garske 8c30cfb0da Add tests for async with static memory. Fix issue with mixed-declaration in SP ECC non-blocking. 2026-02-05 09:43:31 -08:00
David Garske 6a4415911b Merge pull request #9727 from miyazakh/tsip_rm_asn_original
Renesas RX72N : Remove WOLFSSL_ASN_ORIGINAL from user_settings.h
2026-02-05 08:42:59 -08:00
David Garske 4d3925d526 Add X25519 non-blocking support for key gen and shared secret
## Summary
- Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`)
- Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply
- Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key
- Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`)
- Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`)
- Add X25519 async software dispatch cases in `async.c` and types in `async.h`
- Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms)
- Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync
- Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow
- Add wolfcrypt test and API test coverage for X25519 non-blocking
2026-02-04 21:28:52 -08:00
David Garske c7ed5ff179 Merge pull request #9740 from douzzer/20260204-linuxkm-with-global-replace-etc
20260204-linuxkm-with-global-replace-etc
2026-02-04 19:07:06 -08:00
Kareem 4bb4648282 Ensure lru_count does not overflow. 2026-02-04 15:33:15 -07:00
Chris Conlon 3753f69a50 Merge pull request #9728 from padelsbach/aia-updates
Extend AIA interface
2026-02-04 15:11:02 -07:00