Commit Graph

29480 Commits

Author SHA1 Message Date
Andrew Hutchings 7b89d82b35 Fix mem_track.h compile failure on multi-threaded non-Linux builds
The memLock mutex and #include <pthread.h> in mem_track.h were
declared under #ifdef DO_MEM_LIST (Linux/macOS/Zephyr only), but
referenced under the broader guard

    !defined(SINGLE_THREADED) && \
    (defined(DO_MEM_LIST) || defined(DO_MEM_STATS))

Since DO_MEM_STATS is defined whenever WOLFSSL_TRACK_MEMORY +
USE_WOLFSSL_MEMORY are set without WOLFSSL_STATIC_MEMORY, any
non-Linux/Mac/Zephyr multi-threaded build failed to compile with
implicit pthread_mutex_lock declarations and undeclared memLock.

Replace the raw pthread mutex with wolfSSL's portable mutex API
(wc_InitMutex / wc_LockMutex / wc_UnLockMutex / wc_FreeMutex) so
locking works on every platform wolfSSL already ports to.
InitMemoryTracker now calls wc_InitMutex before
wolfSSL_SetAllocators installs TrackMalloc, guarded by a
memLockInit flag for idempotency. CleanupMemoryTracker calls
wc_FreeMutex after restoring the default allocators so no
in-flight allocation races a freed mutex. The four mutex guards
in TrackMalloc/TrackFree and the two in InitMemoryTracker/
ShowMemoryTracker are unified on the same condition as the
memLock declaration itself.

ZD #21763
2026-05-11 16:20:35 +01:00
David Garske 01ba609f0d Merge pull request #9702 from danielinux/ta100_2025
[Microchip TA-100] Fix port + update to cryptoauthlib v3.6.0
2026-05-11 07:26:43 -07:00
Daniel Pouzzner 9f759fa1e0 Merge pull request #10446 from kaleb-himes/quickfix
Fix private key lock issues in master
2026-05-09 09:17:53 -05:00
kaleb-himes afb90dd2da Fix private key lock issues in master 2026-05-08 17:08:38 -06:00
David Garske 867ce26474 Merge pull request #10278 from twcook86/lpc55s69_crypto
Add wolfCrypt support for lpc55s69 hw crypto
2026-05-08 16:00:54 -07:00
David Garske 3351eb429a Merge pull request #10354 from embhorn/zd21725
Fix IPSAN and registeredID handling
2026-05-08 12:15:37 -07:00
Daniel Pouzzner f1fff73352 tests/api.c: fix readability-uppercase-literal-suffix in rfc9802_verify_one_cert();
tests/api/test_mldsa.c: fix misplaced PRIVATE_KEY_UNLOCK() in dilithium_oneasymkey_version_check();

wolfcrypt/test/test.c: fix valgrind-detected "Conditional jump or move depends on uninitialised value(s)" in ecc_test_curve_size() negative test on all-zeros digest.
2026-05-08 18:53:57 +02:00
Daniele Lacamera ae0d09ccff More fixes to the broken atecc608 test 2026-05-08 18:50:44 +02:00
Daniele Lacamera 5f321d7372 Removed redundat hotfix from the ATECC608 workflow 2026-05-08 18:50:44 +02:00
Daniele Lacamera acb3243501 [TA-100] test.c: fix unbalanced/unterminated preprocessor blocks from
previous merge
2026-05-08 18:50:44 +02:00
Daniele Lacamera 50428d2d92 [TA-100] Address review feedback (Copilot + Fenrir)
Copilot fixes:
- atmel.c: ATCA_ENABLE_DEPRECATED I2C path now uses ATECC_I2C_ADDR
  instead of slave_address=1 (matches the non-deprecated path).
- atmel.c: capture and propagate atmel_createHandles() return value;
  abort init via WC_HW_E if handle creation fails.
- atmel.h: include calib_aes_gcm.h with the same <calib/...> form used
  for calib_command.h so a single -I (.../include or
  .../include/cryptoauthlib) resolves both.
- configure.ac: drop the duplicated AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB])
  (kept only in the consolidated section near the end).
- settings.h: remove leftover commented-out '#ifdef WOLFSSL_ATECC508A'.
- benchmark.c: drop the broken TA100 wc_RsaSSL_Verify branch (it passed
  message/enc as if they were sig/out).
- test.c: stop calling atmel_ecc_free() with the slot-TYPE enum
  constants; wc_ecc_free(userA/userB) already releases the allocated
  slots.
- ecc.c (microchip_curve_id_for_key): switch on key->dp->id, not size,
  so SECP256K1 / BRAINPOOLP256R1 are not silently mapped to SECP256R1.
  Helper is now defined for ATECC508A/608A as well, fixing the
  TA100-only gating that broke ATECC builds.
- ecc.c (_ecc_make_key_ex): keep ATECC508A/608A's curve check at
  SECP256R1-only (hardware does not support the wider curve set);
  TA100 retains the multi-curve list.

Fenrir fixes:
- ecc.c (wc_ecc_init_ex): under TA100 + ALT_ECC_SIZE the pubkey x/y/z
  pointers must be aimed at key->pubkey.xyz[] (with alt_fp_init) before
  mp_init_multi - otherwise mp_init_multi dereferenced NULL.
- atmel.c (atmel_get_rev_info): check atcab_wakeup return and bail out
  via atmel_ecc_translate_err before calling atcab_info.
- atmel.c (atmel_ecc_create_pms, TA100+ECDH_ENC): pass
  MAP_TO_HANDLE(slotId) (the ephemeral private-key handle) into
  talib_ecdh_compat instead of MAP_TO_HANDLE(slotIdEnc).
- atmel.c (wc_Microchip_rsa_create_key): on any failure after the first
  talib_create_element succeeds, delete the previously created
  handle(s) and clear rKeyH/uKeyH so device elements are not leaked.
- aes.c (wc_AesGcmEncrypt / wc_AesGcmDecrypt TA100 fast paths): replace
  '(authInSz + sz) <= MAX' with bounds on each operand individually so
  word32 wraparound cannot bypass the 996-byte hardware limit.
- rsa.c (RsaPrivateDecryptEx): drop the TA100 RSA_PUBLIC_DECRYPT
  short-circuit. wc_Microchip_rsa_verify expects (digest, digestLen,
  sig, sigLen, ...) and the verified flag must be honored; the proper
  TA100 fast-path already lives in wc_RsaPSS_CheckPadding_ex2.
2026-05-08 18:50:44 +02:00
Daniele Lacamera 5dcc99c688 [TA-100] Fix build breakage on TA100 builds
- atmel.c: restore the closing #endif for the outer
  WOLFSSL_ATMEL/ATECC/TA100 block. The previous "duplicate
  ATCA_TFLEX_SUPPORT" cleanup removed the real closer because the
  trailing-comment was misleading, leaving the file with an
  unterminated #if from line 35.
- ecc.c: drop !defined(WOLFSSL_MICROCHIP_TA100) from the guard around
  wc_ecc_point_is_at_infinity. The function is generic
  (mp_iszero(x) && mp_iszero(y)) and call sites in
  _ecc_import_x963_ex2 and friends don't exclude TA100, so the
  TA100 build was failing to link.
2026-05-08 18:50:44 +02:00
Daniele Lacamera fc93bb4a09 Addressed copilot's comments 2026-05-08 18:50:44 +02:00
Daniele Lacamera 449d039581 Fixes after rebase on latest master 2026-05-08 18:50:44 +02:00
Daniele Lacamera 83aec60bd6 Addressed comment: added macros to .wolfssl_know_macro_extras 2026-05-08 18:50:44 +02:00
Tesfa Mael 0a2886f942 Correct Nested comment for Espressif build 2026-05-08 18:50:44 +02:00
Tesfa Mael 293ccdd604 Fix typo 2026-05-08 18:50:44 +02:00
Tesfa Mael 969a2502ae Fix comments and shellcheck warning 2026-05-08 18:50:44 +02:00
Tesfa Mael fbfc3ba8c2 Fix formatting 2026-05-08 18:50:44 +02:00
Tesfa Mael 416b3434db Removed the dead #ifdef WOLFSSL_MICROCHIP_TA100 block (it was inside #ifndef WOLFSSL_MICROCHIP_TA100 2026-05-08 18:50:44 +02:00
Tesfa Mael 00b99b88f3 wraps PKG_CHECK_MODULES with m4_ifdef so it's silently skipped when pkg.m4 is unavailable 2026-05-08 18:50:44 +02:00
Tesfa Mael 4d94b8e8d5 [TA-100] Fix build/test regressions in non-TA100 builds 2026-05-08 18:50:44 +02:00
Tesfa Mael 8f9ecd1afb Close PKG_CHECK_MODULES with a no-op failure action and use a separate AS_IF to conditionally run the manual search fallback 2026-05-08 18:50:44 +02:00
Daniele Lacamera 7efe61fbd0 [TA-100] Fixed RSA keygen/sign/verify, tests 2026-05-08 18:50:44 +02:00
Daniele Lacamera 8ea5235ba8 [TA-100] Fixed ECC384. Adding RSA. 2026-05-08 18:50:44 +02:00
Daniele Lacamera ab027070a4 Reverted changes to fallback ECC
ECC384 should be supported in TA-100
2026-05-08 18:50:43 +02:00
Daniele Lacamera 298845f34c [TA-100] Fixed GMAC, AES-GCM, AES, ECC
- Using correct slot ID for AES keys
- Adjust IV length
- Fallback operations to software for unsupported ECC curves

(all tests passing)
2026-05-08 18:50:43 +02:00
Tesfa Mae dbf4aaa5be TA100: follow-up changes (squash after 4e64cb56) 2026-05-08 18:50:43 +02:00
Tesfa Mae 00cca3e25b TA100: Microchip Trust Anchor support RSA/ECC 2026-05-08 18:50:43 +02:00
Daniel Pouzzner 20ed869c21 Merge pull request #10432 from danielinux/arduino-unor4wifi-flash-fix
Arduino UNO: force USE_CERT_BUFFERS_256 to fit in flash
2026-05-08 11:48:31 -05:00
Daniele Lacamera 347553ca09 Added missing known_macro 2026-05-08 11:02:51 +02:00
Daniele Lacamera 23c28c3203 Address Copilot's comments: uniform mutual exclusions 2026-05-08 09:29:22 +02:00
Daniele Lacamera 3a7cd3a7db Arduino UNO: force USE_CERT_BUFFERS_256 to fit in flash
Fixes failing CI test
2026-05-08 09:09:03 +02:00
Hideki Miyazaki 7d1516f4db Merge pull request #10382 from kojo1/doc
Improve arg descriptions in API doc
2026-05-08 15:31:55 +09:00
Sean Parkinson 69a378461a Merge pull request #10406 from Frauschi/lms_xmss_certs
Support RFC 9802 LMS and XMSS in X.509 verification
2026-05-08 11:48:34 +10:00
Sean Parkinson 5fce8025bb Merge pull request #10386 from JeremiahM37/fenrir-4
Harden TLS handshake validation, OpenSSL-compat defaults, and stale code paths
2026-05-08 10:50:55 +10:00
David Garske 2b042709f2 Merge pull request #10427 from cconlon/setAsymKeyDerVersion
Set PKCS#8 version correctly in SetAsymKeyDer() when publicKey is bundled
2026-05-07 16:12:18 -07:00
David Garske 6a83144cb3 Merge pull request #10417 from embhorn/zd21713
Fix include for errno in Microchip port settings
2026-05-07 16:09:59 -07:00
David Garske 7b34be3945 Merge pull request #10331 from embhorn/zd21706
Fix IDNA matching
2026-05-07 16:09:33 -07:00
David Garske bf6c870889 Merge pull request #10304 from JeremiahM37/fenrir-2
Zero DH keys, tighten SSL APIs, harden TLS extensions
2026-05-07 14:51:28 -07:00
David Garske fea8d1b5bc Merge pull request #10413 from JeremiahM37/fenrir-7
zeroize sensitive memory and validate public API inputs
2026-05-07 14:47:32 -07:00
David Garske 9a46ecb263 Merge pull request #10380 from padelsbach/lms-xmss
Add crypto callbacks for LMS and XMSS
2026-05-07 14:46:56 -07:00
David Garske 58ca6a1fa7 Merge pull request #10302 from JacobBarthelmeh/ecc
additional sanity checks on invalid input
2026-05-07 14:39:21 -07:00
David Garske 80a04551cf Merge pull request #10405 from SparkiDev/mlkem_fixes_1
ML-KEM: fix comments, API signatures, minor issues
2026-05-07 14:37:59 -07:00
David Garske b306f2d846 Merge pull request #10422 from Frauschi/socat
Make socat tests less flaky
2026-05-07 14:36:24 -07:00
David Garske 8c74977eee Merge pull request #10297 from kareem-wolfssl/zd21676
Properly handle fallback cipher type case in wc_Pkcs11_CryptoDevCb.
2026-05-07 14:36:05 -07:00
David Garske 6efbacf402 Merge pull request #10416 from jackctj117/v6-fix
fix: guard wc_Ed448PublicKeyToDer ed448_export_public call for FIPS<7
2026-05-07 14:32:48 -07:00
David Garske aeeb98cc04 Merge pull request #10400 from embhorn/gh10383
Fix Dilithium signing when WC_DILITHIUM_CACHE_MATRIX_A is enabled
2026-05-07 14:30:46 -07:00
David Garske e78418db95 Merge pull request #10306 from sebastian-carpenter/tls-ech-client-oe
Add OuterExtensions encoding for TLS ECH client
2026-05-07 14:14:50 -07:00
David Garske 8ac2a1ae1b Merge pull request #10418 from rlm2002/coverity
20260506 Coverity
2026-05-07 14:11:32 -07:00