Commit Graph

334 Commits

Author SHA1 Message Date
Daniel Pouzzner 41daf899b3 linuxkm/linuxkm_wc_port.h:
* when including kernel headers with gcc-17+, ignore -Wconstant-logical-operand.

* when CONFIG_KMSAN, explicitly map memcpy(), memset(), memmove(), strcpy(),
  strncpy(), and strncat(), to clang builtins, to get proper __msan
  interception.

* genericize WC_SANITIZE_DISABLE() and WC_SANITIZE_ENABLE() to cover both KASAN
  and KMSAN, and use the generic macros in wc_linuxkm_stack_hwm_prepare() and
  wc_linuxkm_stack_hwm_measure_rel().
2026-07-01 12:35:21 -05:00
Tobias Frauenschläger 9e71da21ac Merge pull request #10751 from aidangarske/tinytls13
Add --enable-tinytls13 TLS 1.3-only footprint profile.

Merging with PRB-master-job failing. Failures are unrelated to this PR.
2026-07-01 15:21:04 +02:00
philljj b5636ffaf9 Merge pull request #10696 from douzzer/20260615-linuxkm-fixes
20260615-linuxkm-fixes
2026-06-30 12:00:25 -05:00
David Garske 8d63afab99 Merge pull request #10767 from SparkiDev/ppc64_ppc32_asm_1
PPC64/PPC32 ASM: AES, SHA-2, SHA-3
2026-06-30 07:13:35 -07:00
Daniel Pouzzner 155e5822a7 wolfssl/wolfcrypt/settings.h: move ML-KEM/ML-DSA/SLH-DSA inhibition of
DEBUG_VECTOR_REGISTER_ACCESS_FUZZING from the WOLFSSL_LINUXKM section to top
  level (the exceptions are generally applicable, and needed for user-mode SVR
  fuzzing).  also add a DEBUG_FORCE_VECTOR_REGISTER_ACCESS_FUZZING flag.
2026-06-29 19:06:13 -05:00
Sean Parkinson 3e99430671 PPC64/PPC32 ASM: AES, SHA-2, SHA-3
PPC64:
  - Added AES-ECB/CBC/CTR/GCM/XTS using crypto instructions
  - Added SHA-256/512 using base scalar and crypto instructions
  - Added SHA-3 using base scalar and POWER8 VSX
  - Added SHA-3 x2/x3 but disabled compilation.
  - Added CPU id flags.
  - Changed the constant data format to be consistent with other platforms.
PPC32:
  - Added AES-ECB/CBC/CTR/GCM/XTS using base scalar
  - Added SHA-256/512 using base scalar
  - Added SHA-3 using base scalar
2026-06-30 08:52:45 +10:00
Daniel Pouzzner 3811ec0aa7 linuxkm-related loose ends:
* wolfssl/ocsp.h: gate out the CheckOcspResponder() prototype if defined(CheckOcspResponder) (for linuxkm-pie).
* wolfcrypt/src/wc_mldsa.c: add support for WC_MLDSA_NO_ASM.
* .wolfssl_known_macro_extras: add new macros.
2026-06-27 14:47:32 -05:00
David Garske 0cecccdf6e Merge pull request #10756 from SparkiDev/aes_asm_ymm_zmm
Intel x64 ASM: Add new assembly for AES
2026-06-25 21:41:17 -07:00
aidan garske 5bd8fc5b47 Move tinytls13 smoke test to examples/tls13/tls13_memio.c and restore WOLFSSL_MLKEM_DYNAMIC_KEYS macro 2026-06-25 14:32:33 -07:00
aidan garske 93d16f431c Address tinytls13 review: ML-DSA-44, canonical ML-DSA/ML-KEM macros, optimizer-measured static-mem bucket guidance, footprint hygiene 2026-06-24 15:43:01 -07:00
Sean Parkinson a342eba578 Intel x64 ASM: Add new assembly for AES
Support AES-XTS AVX512/VAES
Support AES-GCM AVX512/VAES
Support AES-ECB/CBC/CTR AVX512/VAES/AVX1/AES-NI.
Remove code from aes_asm.S/aes_asm.asm
Add CPU defines for AVX512 and VAES
Updated ASM files with new defines for AVX512.
Added support for printing out the new CPU Id flags in benchmark.
Added new files to Windows projects.
aes.c: Supports ECB/CBC/CTR in assembly. Supports calling AVX512/VAES assembly.
2026-06-23 20:54:59 +10:00
Sean Parkinson e017e6cba7 X25519: standard requires masking of top bit
Instead of failing when top bit is set, the standard and current research says to mask it.
WOLFSSL_X25519_NO_MASK_PEER is added to allow the rejection when required.
2026-06-17 15:37:26 +10:00
Juliusz Sosinowicz 1b3a1ef6a6 Fix CI: register JSON-config CPPFLAGS macros in .wolfssl_known_macro_extras
The workflow matrix rework moved configure args into JSON lists, where
CPPFLAGS defines appear as "CPPFLAGS=-DFOO". The known-macro scan in
check-source-text only recognizes -D tokens preceded by whitespace or a
quote, so macros whose only -D site now sits directly after the '=' are
no longer registered as known. Add those macros to
.wolfssl_known_macro_extras, and drop two entries that became redundant
because the new workflow configs define them at a position the scanner
does recognize.
2026-06-12 09:47:14 +00:00
Daniel Pouzzner 0097739dd8 fixes for F-3325:
wolfcrypt/src/aes.c: enforce AES-XTS K1!=K2 constraint in wc_AesXtsSetKeyNoInit() unless WC_AES_XTS_ALLOW_DUPLICATE_KEYS and !HAVE_FIPS:

tests/api/test_aes.c: add negative tests to test_wc_AesXtsSetKey() for K1==K2;

wolfcrypt/test/test.c: fix keys in aes_xts_128_inplace_test() and aes_xts_192_inplace_test() so that K1!=K2, update test vectors, and remove associated !HAVE_FIPS gating;

linuxkm/lkcapi_aes_glue.c: synchronize aes_xts_128_test() test of ciphertext stealing in-place with wolfcrypt/test/test.c.

wrapper/rust/wolfssl-wolfcrypt/src/aes.rs: synchronize XTS streaming test with wolfcrypt/test/test.c.

linuxkm/: refactor self-test sensing with version-gated setup in linuxkm_wc_port.h and refactored gates in lkcapi_glue.c.
2026-06-11 15:38:28 -05:00
Daniel Pouzzner 486e8eefc0 .wolfssl_known_macro_extras: fix lexical order. 2026-06-10 17:32:20 -05:00
David Garske da1de8a9fc Merge pull request #10472 from douzzer/20260512-wc_init_state
20260512-wc_init_state
2026-06-08 13:44:17 -07:00
Daniel Pouzzner 1943a6f33a Merge pull request #10550 from rizlik/sha512_only
add support for WOLF_CRYPTO_CB_ONLY_SHA512
2026-06-08 15:20:08 -05:00
Daniel Pouzzner a36ada8d53 wolfcrypt/src/wc_port.c and wolfssl/wolfcrypt/wc_port.h: add
* wc_local_InitUp()
* wc_local_InitUpDone()
* wc_local_InitDown()
* wc_local_InitDownDone()
* wc_init_state_t
* WC_DECLARE_INIT_STATE()
* WC_INIT_STATE_*
* union wc_init_state_bitfields
* WC_INIT_STATE_RAISE_BAD_STATE()
* WC_ATOMIC_INT_ARG and WC_ATOMIC_UINT_ARG, pivoting on WC_16BIT_CPU, used to assure operands to atomic operators are 32 bits, and that wc_init_state_t is 32 bits, even on 16 bit targets like Arduino.

fix&refactor thread safety mechanisms in wolfCrypt_Init() and wolfCrypt_Cleanup(), and fix a few preexisting error-handling flubs in wolfCrypt_Init().
2026-06-08 11:01:10 -05:00
Daniel Pouzzner 8fca95ce65 Merge pull request #10532 from rlm2002/zd21800
Remove chain walk for OCSP responder
2026-06-05 16:27:00 -05:00
Daniel Pouzzner d80785bb07 Merge pull request #10583 from Frauschi/zephyr_patch
Fixes for Zephyr secure sockets integration
2026-06-05 10:06:23 -05:00
Daniel Pouzzner 50166aab36 wolfcrypt/src/port/ppc64/ppc64-aes-asm.S: use TOC-relative addressing consistently, and add ELFv2 global-entry prologues. 2026-06-04 16:28:08 -05:00
Marco Oliverio 0314b3fed2 cryptocb: support WOLF_CRYPTO_CB_ONLY_SHA512 2026-06-04 20:21:50 +02:00
David Garske 3bc1575e12 Merge pull request #9852 from SparkiDev/ppc64_asm_aes
PPC64 ASM: AES-ECB/CBC/CTR/GCM
2026-06-03 16:30:12 -07:00
David Garske 4cce154024 Merge pull request #10530 from SparkiDev/riscv_unaligned_fix
RISC-V ASM unaligned read/writes: alternative assembly
2026-06-03 16:29:33 -07:00
Tobias Frauenschläger 00a899e9a3 Fixes for Zephyr secure sockets integration 2026-06-03 14:04:19 +02:00
Ruby Martin 08a7c4590e Remove CheckOcspResponderChain and related references. Function is not compliant with RFC 6960, 4.2.2.2.
remove unused vp parameter

Update ChangeLog.md to include OCSP responder change
2026-06-02 16:20:32 -06:00
Daniel Pouzzner 3121c55e4e linuxkm on x86: global refactor across PK implementations of sp-asm vector register preservation, including removal of all residual can't-fail vector paths in PK algs.
wolfcrypt/src/sp_x86_64.c:

* fix ASSERT_SAVED_VECTOR_REGISTERS() in C wrappers: add where missing for implementations that use AVX2, and remove frivolous checks for ones that don't.

* refactor vector save-restore with a single locally tracked save in sp_RsaPublic_#(), sp_RsaPrivate_#(), sp_ecc_mulmod_add_#(), sp_ecc_mulmod_base_add_#(), sp_ecc_make_key_#(), and sp_#_calc_s_#().

* fix feature test in sp_ModExp_Fp_star_1024(), sp_Pairing_1024(), and sp_Pairing_gen_precomp_1024(), to properly gate on IS_INTEL_AVX2(cpuid_flags) and SAVE_VECTOR_REGISTERS2() == 0.

wolfcrypt/src/{dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sp_int.c}:

* remove all vector register provisions (SAVE_VECTOR_REGISTERS(), RESTORE_VECTOR_REGISTERS(), ASSERT_SAVED_VECTOR_REGISTERS());

* add explicit WC_CHECK_FOR_INTR_SIGNALS() and WC_RELAX_LONG_LOOP() to the lengthy loops in wc_DhGenerateParams(), wc_MakeDsaParameters(), ecc_sign_hash_sw(), and wc_MakeRsaKey().

wolfssl/wolfcrypt/{error-crypt.h,logging.h,memory.h}:

* make wc_backtrace_render() and wc_backtrace_set_fp() available whenever defined(WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES);

* add support for DEBUG_VECTOR_REGISTERS_BACKTRACE_ON_FAIL, activating backtraces on vector register errors.

* also improve the debugging format from the DEBUG_VECTOR_REGISTER_ACCESS variants of SAVE_VECTOR_REGISTERS() and friends.

linuxkm/lkcapi_{dh,ecdh,ecdsa,rsa}_glue.c: harmonize PK driver names with AES, SHA, and DRBG, notably adding AVX2 annotation when enabled.

wolfcrypt/src/{sp_x86_64_asm.S,sp_x86_64_asm.asm}: synchronize with wolfssl/scripts#581 (removes SSE2 implementations of sp_#_get_from_table_#(), which no longer have users).
2026-05-30 15:11:15 -05:00
Sean Parkinson 018e937a91 RISC-V ASM unaligned read/writes: alternative assembly
Not all RISC-V chips allow unaligned reads and writes with basic
assembly instructions like lw/sw.
Add alternative assembly that is turned on with:
WOLFSSL_RISCV_ASM_NO_UNALIGNED.
2026-05-29 10:11:12 +10:00
Sean Parkinson c92208076f Merge pull request #10374 from kareem-wolfssl/zd21699
Enable all-zero shared secret check for Curve448/25519 by default.  Ensure post_handshake_auth extension was sent before accepting post-handshake CertificateRequest message.
2026-05-28 09:29:49 +10:00
Marco Oliverio 0c15be5fef Revert ".wolfssl_known_macro_extra: add ONLY_AES and ONLY_SHA256"
This reverts commit 87f8078367.
2026-05-26 15:48:06 +02:00
Marco Oliverio bc574f7930 dtls13: WOLFSSL_DTLS13_5_9_0_COMPAT -> WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID 2026-05-26 09:16:56 +02:00
Marco Oliverio 87f8078367 .wolfssl_known_macro_extra: add ONLY_AES and ONLY_SHA256 2026-05-26 09:16:53 +02:00
Marco Oliverio 8f477356ce dtls: add compat flag for buggy pre 5.9.0 DTLSv1.3 clients 2026-05-26 09:15:58 +02:00
Sean Parkinson abe15d260b Merge pull request #10487 from embhorn/zd21842
Add check for ARM to set WOLFSS_USE_ALIGN
2026-05-23 00:11:00 +10:00
Daniel Pouzzner 7164d75cb7 linuxkm: add WC_LINUXKM_USE_HEAP_WRAPPERS and implementations wc_linuxkm_malloc(), wc_linuxkm_free(), wc_linuxkm_realloc(), and wc_linuxkm_malloc_usable_size(), to insulate from API drift in kernel heap (required on 7.2+, implicit on 7.1+). 2026-05-21 17:21:12 +00:00
Tobias Frauenschläger 2a30ce3c04 Rename ML-DSA wc_PqcSignatureType entry 2026-05-20 09:06:54 -07:00
Tobias Frauenschläger 44074fd1df More ML-DSA renaming 2026-05-19 14:09:09 -07:00
Eric Blankenhorn 47db354fad Fix from review 2026-05-19 13:03:35 -05:00
David Garske be67bf88f7 Merge pull request #10436 from Frauschi/mldsa_rename
Rename Dilithium to canonical ML-DSA (FIPS 204) names
2026-05-18 11:44:21 -07:00
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
Kareem 3300d0834e Code review feedback. Don't error out if WOLFSSL_RSA_PUBLIC_ONLY or WOLFSSL_RSA_VERIFY_ONLY are defined as they don't use blinding. 2026-05-14 12:45:17 -07:00
Kareem 1c63dad5d6 Prevent building with RNG disabled and RSA blinding enabled by default.
Fixes F-2624.
2026-05-14 12:45:17 -07:00
Kareem 2aacc18788 Enable all-zero shared secret check for curve448/25519 by default. Change macro to opt-out macro WOLFSSL_NO_ECDHX_SHARED_ZERO_CHECK. Add unit test.
Thanks to Xiangdong Li for the report.
2026-05-13 17:02:08 -07:00
Daniel Pouzzner ffab43aa82 .wolfssl_known_macro_extras: add __CHERI_PURE_CAPABILITY__. 2026-05-13 14:41:02 -05:00
David Garske dfe03ff538 Merge pull request #10381 from kareem-wolfssl/zd21694
Validate DSA parameters when verifying DSA key.
2026-05-12 16:29:29 -07:00
Andrew Hutchings 90359f90e1 Add STM32 emulator from simulators repo
This tests a lot more than the Renode STM32H753 test, so this PR removes
that and adds our own emulator for STM32H753 and STM32U585. This
includes testing the v1 and v2 HAL CRYP / HASH / PKA functionality.
2026-05-12 20:17:11 +02:00
David Garske 33efd8c9b3 Merge pull request #10050 from anhu/pbkdf_max
Add upper limit to PBKDF iteration count
2026-05-12 09:10:54 -07:00
Sean Parkinson 218ddb449e Merge pull request #10394 from dgarske/sp_nonblock_rsa_dh
Add RSA/DH SP non-blocking support for C/Small 2048/3072/4096
2026-05-12 13:25:43 +10:00
Daniel Pouzzner 717ce03614 .wolfssl_known_macro_extras: clean up unneeded and out-of-order ents. 2026-05-11 16:24:09 -05:00
Daniel Pouzzner f248b272db rename WC_PBKDF_MAX_ITERATIONS to WC_PBKDF_DEFAULT_MAX_ITERATIONS, raise it to 10000000, add wc_PBKDF_max_iterations_set() and wc_PBKDF_max_iterations_get(), and restore new negative tests in pwdbased_test(). 2026-05-11 15:57:22 -05:00