Offload ML-DSA operations onto a PKCS#11 token via the cryptoCb
interface:
* Key generation
* Signature generation
* Signature verification
* Key import
Both the pure and pre-hash versions are supported. Not yet supported are
the pre-hash versions that also offload the hashing onto the token.
This also fixes casting errors introduced in #9780 due to usage of
uintptr_t, which is unavailable without including stdint.h on some
platforms. Use the wolfssl own wc_ptr_t instead.
Always check for infinity and, when B param available, whether the point
is on the curve when point is untrusted.
Change TLS code to treat points from peer as untrusted on import.
- Introduced conditional compilation for PSoC6 crypto support across SHA1, SHA2, SHA3 implementations.
- Ensured proper mutex locking for concurrent access to hardware resources during hash operations.
- Added public key creation functionality if only private key is provided in ECDSA verify function (psoc6_ecc_verify_hash_ex).
- Updated ECC parameter size handling to fix incorrect endianness conversions in psoc6_ecc_verify_hash_ex().
- Added README for PSOC6 port.
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).
rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.
rename lkm_printf() to wc_km_printf().
replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H
remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
* add wc_linuxkm_check_for_intr_signals(), wc_linuxkm_relax_long_loop(),
WC_CHECK_FOR_INTR_SIGNALS(), WC_RELAX_LONG_LOOP(), SAVE_NO_VECTOR_REGISTERS(),
RESTORE_NO_VECTOR_REGISTERS(), and new error code INTERRUPTED_E ("Process
interrupted");
* update the no-asm remaps in the PK implementations to use
SAVE_NO_VECTOR_REGISTERS() and RESTORE_NO_VECTOR_REGISTERS(), so that inner
loops in them are always covered by the new logic.
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
sources to include them at the top.
wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
conditionally, config.h. settings.h and wc_port.h are unconditionally
included at the top of types.h.
wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.
Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
files.
Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
wolfssl/wolfcrypt/settings.h to allow coverage testing.
In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.
Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.
Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
for clarity.
Adds two features for SE050:
1. `WOLFSSL_SE050_AUTO_ERASE`. When enabled, this will automatically
erase a key from the SE050 when `wc_ecc_free()` and friends are
called.
2. `WOLFSSL_SE050_NO_RSA`. This stops RSA offloading onto the SE050,
useful for the SE050E which does not have RSA support.
The SE050 port won't compile in the latest wolfSSL. This patch:
* Updates the documentation
* Fixes a missing `#ifdef` that breaks the build
* Changes the use of `mp_int` to `MATH_INT_T`
* Fixes compiler error with `ecc.c`
* Adds a tiny bit of extra debugging info
- Support using MAXQ for:
- AES-ECB
- AES-CCM
- AES-CBC
- ECC Key Generation and ECDH
- in wc_ecc_import_private_key_ex():
- check to make sure devId is not invalid before calling wc_MAXQ10XX_EccSetKey().
- This is because the raspberry pi sometimes need to sign stuff.
- in aes_set_key() and ecc_set_key():
- delete a key in case it already exists; ignore error since it might not exist.
- unlock, lock the HW mutex around ECDSA_sign() because it needs access to rng
- in wolfSSL_MAXQ10XX_CryptoDevCb:
- allow maxq1065 to call the crypto callback.
- do not set the key during signing; use pre provisioned one instead (DEVICE_KEY_PAIR_OBJ_ID)
several fixes for defects reported by cppcheck:
wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;
wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.