Commit Graph

403 Commits

Author SHA1 Message Date
Sameeh Jubran 425dc1372d cryptocb: add AES CryptoCB key import support and tests
Add CryptoCB-based AES key import support to enable Secure Element
offload without exposing raw AES key material to wolfCrypt.

When WOLF_CRYPTO_CB_AES_SETKEY is defined, wolfCrypt invokes a CryptoCB
callback during AES key setup. Behavior is determined by the callback
return value:

- If callback returns 0: Key is imported to the device (aes->devCtx).
  Key is NOT copied to wolfCrypt RAM; GCM H/M tables are NOT generated.
  Full hardware offload is assumed.

- If callback returns CRYPTOCB_UNAVAILABLE: Device does not support
  SetKey. Normal software path is used; key is copied to devKey for
  optional encrypt/decrypt acceleration.

- Any other error: Propagated to the caller.

Key points:
- Add wc_CryptoCb_AesSetKey() callback for AES key import
- Update AES SetKey paths to call CryptoCB and branch on return value
- Skip GCM H/M table generation when callback succeeded (devCtx set)
- Preserve existing behavior when devId is INVALID_DEVID or
  WOLF_CRYPTO_CB_AES_SETKEY is not defined

Testing:
- Add unit test for CryptoCB AES SetKey (verifies key isolation when
  callback succeeds)
- Add end-to-end AES-GCM offload test (SetKey, Encrypt, Decrypt, Free
  via CryptoCB)
- Tests use a mock SE with software AES to validate routing

Enable with: CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-03 16:59:02 +02:00
David Garske eeaa3a7160 Merge pull request #9596 from kareem-wolfssl/zd19378
Add a runtime option to enable or disable the secure renegotiation check.
2026-01-26 08:34:57 -08:00
Kareem 1103552c37 Code review feedback 2026-01-22 15:46:13 -07:00
Kareem d60dd53165 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into zd19378 2026-01-22 15:37:30 -07:00
kaleb-himes 20b2fd200f Address failure rates from FIPS CRNGT test by implementing alternate RCT/ADP tests
Update ret code to match docs and update docs

Replace magic numbers with appropriate define

Define MAX_ENTROPY_BITS when MEMUSE not enabled

Fix type cast windows detection

Older FIPS modules still need the old check

CodeSpell you're wrong, that is what I want to name my variable

Turn the hostap into a manual dispatch until it gets fixed

Upon closer review we can not skip the test when memuse enabled

Fix whitespace stuff found by multitest

More syntax things

Correct comments based on latest findings
2026-01-22 09:06:17 -07:00
Daniel Pouzzner e465f92905 Merge pull request #9642 from holtrop-wolfssl/hmac-blake2
Add HMAC-BLAKE2b and HMAC-BLAKE2s API functions
2026-01-19 16:49:08 -06:00
Eric Blankenhorn b3bb8edf45 Fix doc for wc_ecc_verify_hash / _ex 2026-01-15 17:01:24 -06:00
Eric Blankenhorn 8316a4080d Fix doc for wc_ecc_mulmod 2026-01-15 16:45:48 -06:00
Josh Holtrop b432ee93a5 Add incremental API for HMAC-BLAKE2[bs] computation 2026-01-14 16:12:42 -05:00
Josh Holtrop 74c79dab1e Update constants in BLAKE2 doxygen documentation 2026-01-14 15:37:29 -05:00
Josh Holtrop ee708dc457 Update README and doxygen for BLAKE2b/BLAKE2s 2026-01-14 15:37:29 -05:00
David Garske 97d9bfcea6 Merge pull request #9601 from rizlik/early_data_client_side_fixes
check that we are resuming in write_early_data + minor fixes
2026-01-08 10:26:48 -08:00
Marco Oliverio 50b39c91da fixup! (d)tls13: check if early data is possible in write_early_data 2026-01-07 14:30:16 +01:00
Takashi Kojo 5f68ea087a Merge pull request #9562 from kojiws/sync_ja_doc_rsa
[JA] Sync Japanese RSA Part with English on API Document
2026-01-07 18:18:53 +09:00
David Garske 80c1228a38 Merge pull request #9594 from holtrop-wolfssl/rust-curve25519
Rust wrapper: add wolfssl_wolfcrypt::curve25519 module
2025-12-31 12:45:43 -08:00
Kareem ddb2fb628e Add a runtime option to enable or disable the secure renegotation check. 2025-12-30 13:19:04 -07:00
Josh Holtrop 0a834bed7a Rust wrapper: add wolfssl_wolfcrypt::curve25519 module 2025-12-29 14:33:25 -05:00
David Garske 8bcac03086 Fix duplicated wc_rng_free and wc_rng_new 2025-12-29 08:52:17 -08:00
David Garske 5b5686c53c Peer review improvements. 2025-12-29 08:37:51 -08:00
David Garske 77d9410aa0 Add missing API documentation for Doxygen:
This PR adds Doxygen documentation for native wolfSSL API functions that were previously undocumented. It includes documentation notes for APIs gated on specific preprocessor macros:

- WOLF_PRIVATE_KEY_ID: _Id and _Label init helpers (wc_AesInit_Id, wc_AesInit_Label, wc_ecc_init_id, wc_ecc_init_label, wc_InitRsaKey_Id, wc_InitRsaKey_Label) require this for PKCS11 support

- WC_NO_CONSTRUCTORS: New/Delete constructor functions (wc_AesNew/Delete, wc_curve25519_new/delete, wc_ed25519_new/delete, wc_NewRsaKey/DeleteRsaKey) are only available when this is not defined. WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is defined.

- WOLFSSL_PUBLIC_ASN: ASN functions marked with WOLFSSL_ASN_API include  notes indicating they are not public by default

- WOLFSSL_DUAL_ALG_CERTS: wc_GeneratePreTBS and wc_MakeSigWithBitStr for Post-Quantum dual algorithm certificate signing

The New/Delete functions are documented as being exposed to support allocation of structures using dynamic memory to provide better ABI compatibility.
2025-12-26 08:41:56 -08:00
David Garske 1744c11686 Merge pull request #9570 from kareem-wolfssl/variousFixes
Add SSL_get_rfd and SSL_get_wfd.  Various documentation updates.
2025-12-26 07:47:17 -08:00
Koji Takeda 51d49658d4 Update Japanese RSA API document 2025-12-26 09:16:33 +09:00
Takashi Kojo ff14797c3a Merge pull request #9552 from tamasan238/pr9458
[JA] Fix issues with the API documentation
2025-12-25 08:28:21 +09:00
Masaki I. ee8fcf9d36 [JA] Correct the API docs for wolfSSL_write_early_data() 2025-12-24 14:53:10 +09:00
Anthony Hu 0b5e9c76ed Correct the API docs for wolfSSL_write_early_data() 2025-12-23 10:08:02 -05:00
Kareem fe45b74921 Add trailing newline back to ssl.h. 2025-12-22 11:45:25 -07:00
Kareem adf38007f4 Document wolfSSL_CTX_New's behavior on failure around WOLFSSL_METHOD.
Fixes #9517.
2025-12-19 17:19:45 -07:00
Kareem ac98505204 Document wolfSSL_CTX_set_default_passwd_cb and wolfSSL_CTX_set_default_passwd_cb_userdata.
Fixes #6008.
2025-12-19 17:18:45 -07:00
Kareem b6766106c8 Add documentation for Base16_Encode and Base64_Encode's behavior of adding a NULL terminator byte.
Fixes #5602
2025-12-19 17:15:44 -07:00
Masaki I. 42e324e545 [JA] Fix issues with the API documentation 2025-12-18 18:08:59 +09:00
Daniel Pouzzner b9368d7a3d Merge pull request #9516 from embhorn/gh3665
Add checking of size param and clarify usage in doc
2025-12-15 10:49:57 -06:00
JacobBarthelmeh d7a852af82 remove unimplemented function macro 2025-12-11 09:32:57 -07:00
Eric Blankenhorn 67b6b284d6 Add checking of size param and clarify usage in doc 2025-12-11 08:27:57 -06:00
Masaki Iwai d100ff81ba Merge branch 'master' into doc 2025-12-10 16:07:30 +09:00
Takashi Kojo a555e211d4 Merge pull request #9405 from tamasan238/doc-2
[ja] update docs - part 2
2025-12-10 15:58:57 +09:00
Masaki Iwai 42990f7eec Merge branch 'master' into doc 2025-12-04 13:38:25 +09:00
David Garske 0aa789a289 Merge pull request #9458 from LinuxJedi/doc_fixes
Fix issues with the API documentation
2025-12-03 09:23:23 -08:00
Andrew Hutchings 2376e484d8 Fix return values 2025-12-03 15:21:11 +00:00
Andrew Hutchings 590a02e541 Fix Doxygen parameters 2025-12-03 15:15:32 +00:00
Andrew Hutchings c4e9ca4eca Fix some errors in the doc edits 2025-12-03 14:56:52 +00:00
Masaki I. 0c9a5620d7 add ending newline 2025-12-03 13:39:09 +09:00
Masaki I. 65d844dba2 [ja] update docs 2 2025-12-03 13:22:16 +09:00
Masaki Iwai 801d9bfa3d Merge branch 'master' into doc 2025-12-02 14:14:01 +09:00
Andrew Hutchings 026fa2dd4e Fix issues with the API documentation 2025-11-21 17:43:55 +00:00
Eric Blankenhorn fda674a48a Clarify return value of wc_RsaSSL_Verify/Inline 2025-11-14 11:06:26 -06:00
Juliusz Sosinowicz bd2cc5ba5c fixup! DTLS: Introduce custom I/O callbacks API and structure 2025-11-06 18:07:18 +01:00
Josh Holtrop 797194f85b Rust wrapper: add PBKDF2 and PKCS #12 PBKDF wrappers 2025-11-05 09:25:52 -05:00
Masaki I. 87c4646e97 [ja] update docs 2025-11-02 19:07:26 +09:00
Josh Holtrop 7cbcd0b00d Rust wrapper: add wolfssl::wolfcrypt::ed25519 module 2025-10-31 11:03:15 -04:00
Daniel Pouzzner bac055dc14 Merge pull request #9357 from holtrop/rust-wc-srtp-kdf
Rust wrapper: add SRTP/SRTCP KDF functions to kdf module
2025-10-30 23:45:48 -05:00