Commit Graph

11717 Commits

Author SHA1 Message Date
Kareem 903fd97dbe Fix issues with newly added check when using fast/integer math.
Simplify logic by using single macro for ECC & RSA.
2026-05-27 16:24:47 -07:00
Sean Parkinson 7bcc613bb0 Merge pull request #10478 from embhorn/zd21821
Fixes in SP int and DH
2026-05-28 09:00:41 +10:00
Kareem d942fe47d5 Fix issue in ECC test from size mismatch. Code review feedback. 2026-05-27 15:57:00 -07:00
Kareem 5b2569e321 Fix potential mismatch in size between DECL_MP_INT_SIZE_DYN and NEW_MP_INT_SIZE. In some configurations DECL_MP_INT_SIZE_DYN will set the size to max while NEW_MP_INT_SIZE will memset bits. 2026-05-27 15:57:00 -07:00
Kareem de9d0fded8 Fix unused variable warning in random.c when building with CUSTOM_RAND_GENERATE_BLOCK.
Fixes #10499.
2026-05-27 15:57:00 -07:00
Colton Willey 3ffe25f783 Add d2i NULL-deref guards and regression tests
Add `*pp == NULL` checks to three d2i wrappers to prevent NULL deref
on public OpenSSL-compat APIs:
- d2i_evp_pkey (reachable via wolfSSL_d2i_PublicKey/PrivateKey)
- wolfSSL_d2i_OCSP_RESPONSE
- wolfSSL_d2i_ECDSA_SIG (template-ASN crash)

Also add regression tests for the existing PR fixes: ProcessBuffer
negative-size, PemToDer family negative-pemSz, GetCRLInfo negative-sz,
wc_Set*Buffer derSz<0, and d2i_ECDSA_SIG negative-length / *pp==NULL.
2026-05-27 15:38:30 -07:00
jordan 12d79d8838 wc_port: guard fcntl behind WOLFSSL_KERNEL_MODE. 2026-05-27 14:52:54 -05:00
David Garske e55e8a9842 Merge pull request #10524 from JacobBarthelmeh/sgx
SGX build does not have fcntl.h
2026-05-27 12:06:05 -07:00
Colton Willey 7de624ff08 Add negative length validation to d2i wrappers, PEM helpers, and buffer loaders
Reject negative signed lengths before they are cast to unsigned (word32/size_t),
preventing heap buffer over-reads and oversized allocations. Covers d2i_* OpenSSL
compat wrappers, ProcessBuffer, PemToDer, certgen helpers, and CRL buffer paths.
2026-05-27 11:36:38 -07:00
Anthony Hu 73b4f7b5fd For chachapoly, force zero of output on auth fail 2026-05-27 13:55:15 -04:00
JacobBarthelmeh 4e491ed3db Merge pull request #10511 from dgarske/zd21780
Fix minor compile error with `WOLFSSL_DEBUG_MEMORY`
2026-05-27 11:16:19 -06:00
JacobBarthelmeh cd82d7e08d Merge pull request #10529 from SparkiDev/sp_fixes_8
sp_int: fixes and added testing
2026-05-27 10:59:24 -06:00
David Garske 10020f9cc9 Fix minor compile error with WOLFSSL_DEBUG_MEMORY 2026-05-26 11:39:34 -07:00
David Garske 8199fda0a4 Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
night1rider 291ec20d4e stash caller heap before cryptocb fires so InitCmac_* callbacks can honor it 2026-05-26 09:51:59 -06:00
David Garske a3f5260260 Merge pull request #10500 from rizlik/sha224_only
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
Tobias Frauenschläger 637c07798a Finalize ML-DSA renaming 2026-05-26 14:54:30 +02:00
Sean Parkinson 8fb88a502d SP x86_64: save and restore vector registers
Add save and restore vector registers calls to SP code for x86_64.
2026-05-26 16:30:40 +10:00
Sean Parkinson c57a873824 sp_int: fixes and added testing
sp_set_bit(): check i is in range before use.
_sp_div_2(): Use a constant-time clamp as called by a constant-time
function.
_sp_sqr(): static buffer needs to be one larger for when ECC with P-521
is the largest size.

Add tests:
 - Testing negative numbers with mp_read_raidx/mp_to_radix 10/16
 - Testing negative numbers with mp_add_d/mp_sub_d
 - Testing of mp_gcd without mp_lcm
 - More testing of mp_mod_d and when negative numbers are used
 - Check maximum values work for square. Check of _sp_sqr() bug
 - Add testing of mp_add/sub_mod_ct
 - Add testing of mp_cmp_mag
 - Add testing of mp_mulmod/mp_sqrmod
 - Add testing of mp_exch
 - Add testing of mp_to_unsigned_bin_len_ct
 - Add testing of mp_exptmod that uses base-2 windowing method.
 - Add testing of mp_invmod_mont_ct
2026-05-26 13:52:57 +10:00
JacobBarthelmeh 8c0d3b7ea1 SGX build does not have fcntl.h 2026-05-22 23:20:36 -06:00
Chris Conlon 497de930fd evp: support ML-DSA in wolfSSL_EVP_PKCS82PKEY() and wolfSSL_X509_check_private_key() 2026-05-22 14:56:14 -06:00
Chris Conlon a9e15634db asn: parse RFC 5958 PKCS#8 (OneAsymmetricKey) publicKey trailer in ToTraditional_ex() 2026-05-22 14:55:38 -06:00
Roy Carter 56e4612e4e Fix : apply Julek pr notes 2026-05-22 19:01:05 +03:00
Roy Carter c1a507e175 Feature: allow the usage of
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify

in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson 8597d9da83 Merge pull request #10496 from dgarske/fenrir_20260518
Various Fenrir fixes (F-2626, F-585, F-586, F-2638, F-1960, F-599)
2026-05-23 01:28:42 +10:00
Andrew Hutchings 8574fa995f Merge pull request #10470 from JacobBarthelmeh/tropic
fix for tropic port AES key length used
2026-05-21 13:59:48 -07:00
JacobBarthelmeh 0073f3c879 dcp unlock added around aes forcezero, adjust align macro check 2026-05-21 09:34:28 -07:00
JacobBarthelmeh 70288b017f add sanity check on AES key length 2026-05-20 16:02:56 -07:00
Mattia Moffa 03e695a9c6 Lazy-initialize digest in cryptocb mode 2026-05-20 22:31:45 +02:00
David Garske 782787276c Merge pull request #10497 from Frauschi/mldsa_rename
ML-DSA renaming part 2
2026-05-20 11:24:09 -07:00
HIDEKI MIYAZAKI 03eb38e897 fix EVP_BytesToKey 2026-05-20 11:04:07 -07:00
Tobias Frauenschläger 1dffcffb80 Fix hashType comparison in SLH-DSA 2026-05-20 10:16:37 -07:00
Tobias Frauenschläger 2a30ce3c04 Rename ML-DSA wc_PqcSignatureType entry 2026-05-20 09:06:54 -07:00
HIDEKI MIYAZAKI 319f1d699d fix clamp iterations <= 0 to 1 instead of returning an error 2026-05-20 07:25:35 -07:00
Marco Oliverio 408ea84c83 sha256: check no hw accelleartion is enabled with CB_ONLY_SHA256 2026-05-20 11:33:31 +02:00
JacobBarthelmeh 51698759fa 0 memset kop in devcrypto before use 2026-05-20 01:29:34 -07:00
JacobBarthelmeh 26bce72776 fix for devcrypto RSA size used 2026-05-20 01:25:46 -07:00
JacobBarthelmeh 2a05c13db8 fix to use correct struct size for devcrypto memset 2026-05-20 01:25:46 -07:00
JacobBarthelmeh f7d595eec4 fix for Renesas RX64 GetHash on initial state 2026-05-20 01:25:46 -07:00
JacobBarthelmeh 35f61aaa66 explicit cast to word16 before shift with RC2 2026-05-20 01:25:46 -07:00
JacobBarthelmeh a04b68243c clear public/private key buffer after use in tropicsquare port 2026-05-20 01:25:46 -07:00
JacobBarthelmeh 999e1b9f99 In NXP DCP port clear key buffer after use 2026-05-20 01:25:46 -07:00
JacobBarthelmeh 6ac6e5065e fix for tropic port AES key length used 2026-05-20 00:43:36 -07:00
Mattia Moffa c9a534a63e Fix issues in wc_MXC_MAA_zeroPad 2026-05-20 00:27:01 +02:00
Mattia Moffa 11b207e57f Remove unused variable 2026-05-20 00:27:00 +02:00
Mattia Moffa e8d3e19da5 Address Copilot suggestions 2026-05-20 00:27:00 +02:00
Mattia Moffa 36acdef662 Update README 2026-05-20 00:27:00 +02:00
Mattia Moffa 1fb8cf0d61 MAX32666 bare-metal SHA accelerator 2026-05-20 00:27:00 +02:00
Tobias Frauenschläger 44074fd1df More ML-DSA renaming 2026-05-19 14:09:09 -07:00
David Garske dc56e87522 Merge pull request #10466 from Frauschi/slhdsa_cryptocb
Add CryptoCb support for SLH-DSA
2026-05-19 13:59:40 -07:00