Kareem
903fd97dbe
Fix issues with newly added check when using fast/integer math.
...
Simplify logic by using single macro for ECC & RSA.
2026-05-27 16:24:47 -07:00
Sean Parkinson
7bcc613bb0
Merge pull request #10478 from embhorn/zd21821
...
Fixes in SP int and DH
2026-05-28 09:00:41 +10:00
Kareem
d942fe47d5
Fix issue in ECC test from size mismatch. Code review feedback.
2026-05-27 15:57:00 -07:00
Kareem
5b2569e321
Fix potential mismatch in size between DECL_MP_INT_SIZE_DYN and NEW_MP_INT_SIZE. In some configurations DECL_MP_INT_SIZE_DYN will set the size to max while NEW_MP_INT_SIZE will memset bits.
2026-05-27 15:57:00 -07:00
Kareem
de9d0fded8
Fix unused variable warning in random.c when building with CUSTOM_RAND_GENERATE_BLOCK.
...
Fixes #10499 .
2026-05-27 15:57:00 -07:00
Colton Willey
3ffe25f783
Add d2i NULL-deref guards and regression tests
...
Add `*pp == NULL` checks to three d2i wrappers to prevent NULL deref
on public OpenSSL-compat APIs:
- d2i_evp_pkey (reachable via wolfSSL_d2i_PublicKey/PrivateKey)
- wolfSSL_d2i_OCSP_RESPONSE
- wolfSSL_d2i_ECDSA_SIG (template-ASN crash)
Also add regression tests for the existing PR fixes: ProcessBuffer
negative-size, PemToDer family negative-pemSz, GetCRLInfo negative-sz,
wc_Set*Buffer derSz<0, and d2i_ECDSA_SIG negative-length / *pp==NULL.
2026-05-27 15:38:30 -07:00
jordan
12d79d8838
wc_port: guard fcntl behind WOLFSSL_KERNEL_MODE.
2026-05-27 14:52:54 -05:00
David Garske
e55e8a9842
Merge pull request #10524 from JacobBarthelmeh/sgx
...
SGX build does not have fcntl.h
2026-05-27 12:06:05 -07:00
Colton Willey
7de624ff08
Add negative length validation to d2i wrappers, PEM helpers, and buffer loaders
...
Reject negative signed lengths before they are cast to unsigned (word32/size_t),
preventing heap buffer over-reads and oversized allocations. Covers d2i_* OpenSSL
compat wrappers, ProcessBuffer, PemToDer, certgen helpers, and CRL buffer paths.
2026-05-27 11:36:38 -07:00
Anthony Hu
73b4f7b5fd
For chachapoly, force zero of output on auth fail
2026-05-27 13:55:15 -04:00
JacobBarthelmeh
4e491ed3db
Merge pull request #10511 from dgarske/zd21780
...
Fix minor compile error with `WOLFSSL_DEBUG_MEMORY`
2026-05-27 11:16:19 -06:00
JacobBarthelmeh
cd82d7e08d
Merge pull request #10529 from SparkiDev/sp_fixes_8
...
sp_int: fixes and added testing
2026-05-27 10:59:24 -06:00
David Garske
10020f9cc9
Fix minor compile error with WOLFSSL_DEBUG_MEMORY
2026-05-26 11:39:34 -07:00
David Garske
8199fda0a4
Merge pull request #10160 from Roy-Carter/feature/integrate_openssl_comp_fixes
...
OpenSSL compatibility layer extension
2026-05-26 10:39:14 -07:00
night1rider
291ec20d4e
stash caller heap before cryptocb fires so InitCmac_* callbacks can honor it
2026-05-26 09:51:59 -06:00
David Garske
a3f5260260
Merge pull request #10500 from rizlik/sha224_only
...
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
2026-05-26 08:05:47 -07:00
Tobias Frauenschläger
637c07798a
Finalize ML-DSA renaming
2026-05-26 14:54:30 +02:00
Sean Parkinson
8fb88a502d
SP x86_64: save and restore vector registers
...
Add save and restore vector registers calls to SP code for x86_64.
2026-05-26 16:30:40 +10:00
Sean Parkinson
c57a873824
sp_int: fixes and added testing
...
sp_set_bit(): check i is in range before use.
_sp_div_2(): Use a constant-time clamp as called by a constant-time
function.
_sp_sqr(): static buffer needs to be one larger for when ECC with P-521
is the largest size.
Add tests:
- Testing negative numbers with mp_read_raidx/mp_to_radix 10/16
- Testing negative numbers with mp_add_d/mp_sub_d
- Testing of mp_gcd without mp_lcm
- More testing of mp_mod_d and when negative numbers are used
- Check maximum values work for square. Check of _sp_sqr() bug
- Add testing of mp_add/sub_mod_ct
- Add testing of mp_cmp_mag
- Add testing of mp_mulmod/mp_sqrmod
- Add testing of mp_exch
- Add testing of mp_to_unsigned_bin_len_ct
- Add testing of mp_exptmod that uses base-2 windowing method.
- Add testing of mp_invmod_mont_ct
2026-05-26 13:52:57 +10:00
JacobBarthelmeh
8c0d3b7ea1
SGX build does not have fcntl.h
2026-05-22 23:20:36 -06:00
Chris Conlon
497de930fd
evp: support ML-DSA in wolfSSL_EVP_PKCS82PKEY() and wolfSSL_X509_check_private_key()
2026-05-22 14:56:14 -06:00
Chris Conlon
a9e15634db
asn: parse RFC 5958 PKCS#8 (OneAsymmetricKey) publicKey trailer in ToTraditional_ex()
2026-05-22 14:55:38 -06:00
Roy Carter
56e4612e4e
Fix : apply Julek pr notes
2026-05-22 19:01:05 +03:00
Roy Carter
c1a507e175
Feature: allow the usage of
...
wolfSSL_alert_type_string
wolfSSL_alert_desc_string
wolfSSL_EVP_DigestSign
wolfSSL_EVP_DigestVerify
in the openssl compatiility layer for wolfssl
2026-05-22 19:01:04 +03:00
Sean Parkinson
8597d9da83
Merge pull request #10496 from dgarske/fenrir_20260518
...
Various Fenrir fixes (F-2626, F-585, F-586, F-2638, F-1960, F-599)
2026-05-23 01:28:42 +10:00
Andrew Hutchings
8574fa995f
Merge pull request #10470 from JacobBarthelmeh/tropic
...
fix for tropic port AES key length used
2026-05-21 13:59:48 -07:00
JacobBarthelmeh
0073f3c879
dcp unlock added around aes forcezero, adjust align macro check
2026-05-21 09:34:28 -07:00
JacobBarthelmeh
70288b017f
add sanity check on AES key length
2026-05-20 16:02:56 -07:00
Mattia Moffa
03e695a9c6
Lazy-initialize digest in cryptocb mode
2026-05-20 22:31:45 +02:00
David Garske
782787276c
Merge pull request #10497 from Frauschi/mldsa_rename
...
ML-DSA renaming part 2
2026-05-20 11:24:09 -07:00
HIDEKI MIYAZAKI
03eb38e897
fix EVP_BytesToKey
2026-05-20 11:04:07 -07:00
Tobias Frauenschläger
1dffcffb80
Fix hashType comparison in SLH-DSA
2026-05-20 10:16:37 -07:00
Tobias Frauenschläger
2a30ce3c04
Rename ML-DSA wc_PqcSignatureType entry
2026-05-20 09:06:54 -07:00
HIDEKI MIYAZAKI
319f1d699d
fix clamp iterations <= 0 to 1 instead of returning an error
2026-05-20 07:25:35 -07:00
Marco Oliverio
408ea84c83
sha256: check no hw accelleartion is enabled with CB_ONLY_SHA256
2026-05-20 11:33:31 +02:00
JacobBarthelmeh
51698759fa
0 memset kop in devcrypto before use
2026-05-20 01:29:34 -07:00
JacobBarthelmeh
26bce72776
fix for devcrypto RSA size used
2026-05-20 01:25:46 -07:00
JacobBarthelmeh
2a05c13db8
fix to use correct struct size for devcrypto memset
2026-05-20 01:25:46 -07:00
JacobBarthelmeh
f7d595eec4
fix for Renesas RX64 GetHash on initial state
2026-05-20 01:25:46 -07:00
JacobBarthelmeh
35f61aaa66
explicit cast to word16 before shift with RC2
2026-05-20 01:25:46 -07:00
JacobBarthelmeh
a04b68243c
clear public/private key buffer after use in tropicsquare port
2026-05-20 01:25:46 -07:00
JacobBarthelmeh
999e1b9f99
In NXP DCP port clear key buffer after use
2026-05-20 01:25:46 -07:00
JacobBarthelmeh
6ac6e5065e
fix for tropic port AES key length used
2026-05-20 00:43:36 -07:00
Mattia Moffa
c9a534a63e
Fix issues in wc_MXC_MAA_zeroPad
2026-05-20 00:27:01 +02:00
Mattia Moffa
11b207e57f
Remove unused variable
2026-05-20 00:27:00 +02:00
Mattia Moffa
e8d3e19da5
Address Copilot suggestions
2026-05-20 00:27:00 +02:00
Mattia Moffa
36acdef662
Update README
2026-05-20 00:27:00 +02:00
Mattia Moffa
1fb8cf0d61
MAX32666 bare-metal SHA accelerator
2026-05-20 00:27:00 +02:00
Tobias Frauenschläger
44074fd1df
More ML-DSA renaming
2026-05-19 14:09:09 -07:00
David Garske
dc56e87522
Merge pull request #10466 from Frauschi/slhdsa_cryptocb
...
Add CryptoCb support for SLH-DSA
2026-05-19 13:59:40 -07:00