Commit Graph

30513 Commits

Author SHA1 Message Date
David Garske a211f74a8d fix(se050): fenrir 2638 zero ed25519 der buffer 2026-05-19 10:06:56 -07:00
David Garske 583bd6bc4e fix(kcapi): fenrir 1960 zero ecdh secret before free 2026-05-19 10:06:56 -07:00
David Garske 66e5b8fd14 fix(stm32): fenrir 599 capture sign from input mp_int 2026-05-19 10:06:55 -07:00
David Garske 583dbaff60 Merge pull request #10488 from padelsbach/lms-xmss-test-sig-cmp
Update LMS and XMSS key advance test
2026-05-19 10:04:12 -07:00
Marco Oliverio 0c8cabedff crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256 2026-05-19 10:22:06 +02:00
David Garske 145a4fac69 Merge pull request #10449 from LinuxJedi/TropicSim
Add TROPIC01 simulator
2026-05-18 16:34:25 -07:00
David Garske ec101bae98 Merge pull request #10149 from julek-wolfssl/refactor-middle-padding
Refactor record padding handling to eliminate middle padding pattern
2026-05-18 16:34:10 -07:00
David Garske 064ebaa7b6 Merge pull request #10493 from kareem-wolfssl/zd21852
NULL the correct key in TLSX_KeyShare_ProcessPqcHybridClient when using WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ.
2026-05-18 16:23:58 -07:00
Andrew Hutchings ecdf170a91 Fix SHAKE with STM32MP13 and add simulator
This fixes the fact that you can't compile SHAKE when SHA-3 hardware
acceleration is enabled for STM32. It also adds the STM32MP13 emulator
with hardware support from the simulators repo.
2026-05-18 14:56:53 -07:00
Andrew Hutchings f60dc63dad Add PIC32MZ emulator tests
Adds PIC32MZ EC / EF emulators with hardware acceleration. Also fix a
stack pointer free bug in the PIC32 hardware acceleration code.
2026-05-18 14:48:30 -07:00
Josh Holtrop 8c11a8e028 Rust wrapper: gate RSA doc tests that use set_shared_rng() on alloc feature 2026-05-18 12:49:29 -07:00
Josh Holtrop 735d00d3d7 Rust wrapper: check slice lengths in ECC::import_unsigned 2026-05-18 12:40:17 -07:00
Josh Holtrop a2b9a24082 Rust wrapper: test more empty slices in test_ecc 2026-05-18 12:27:45 -07:00
Josh Holtrop 9696cf26eb Rust wrapper: use Rc instead of Arc for RNG references
WC_RNG has no internal locking so it is not safe to share a single
WC_RNG across threads without locking.
2026-05-18 12:27:45 -07:00
Josh Holtrop 67bb40be42 Rust wrapper: fix RSA::set_rng() doc test to actually call set_rng() 2026-05-18 12:27:45 -07:00
Josh Holtrop 5e65a12b62 Rust wrapper: drop mut from rng in ecc doc tests 2026-05-18 12:27:45 -07:00
Josh Holtrop 076144cd9c Rust wrapper: avoid double wc_ecc_init_ex() call 2026-05-18 12:27:45 -07:00
Josh Holtrop f6e279ab42 Rust wrapper: test for null-terminated C-style strings in ECC import_raw APIs 2026-05-18 12:27:45 -07:00
Josh Holtrop 0117baf011 Rust wrapper: document wolfSSL version requirement 2026-05-18 12:27:45 -07:00
Josh Holtrop 93db87e4ed Rust wrapper: remove outdated set_rng safety contract comments 2026-05-18 12:27:45 -07:00
Josh Holtrop 5a45fabb0d Rust wrapper: add blake2_digest module 2026-05-18 12:27:45 -07:00
Josh Holtrop cfc600977a Rust wrapper: add blake2_mac module 2026-05-18 12:27:45 -07:00
Josh Holtrop d88d5702e5 Rust wrapper: implement Clone for HMAC types 2026-05-18 12:27:45 -07:00
Josh Holtrop b3aa7ef260 Rust wrapper: add Aes192Ccm and Aes192Gcm 2026-05-18 12:27:45 -07:00
Josh Holtrop 4ed0a0a90d Rust wrapper: store pointer to C ECC key struct instead of instance
This fixes internal pointers breaking if Rust moves the ECC struct (with
some build configurations).
2026-05-18 12:27:45 -07:00
Josh Holtrop 54cb1d8d38 Rust wrapper: ensure memory safety for C RNG struct
- store pointer to WC_RNG instead of full struct
- enforce RNG is not dropped before consumer structs

The C library stores a pointer via the set_rng() methods on a few
structs (e.g. RSA). This change holds a reference (or instance) of RNG
within the consumer structs to ensure it is kept alive if set_rng (or
now set_shared_rng) is used.
2026-05-18 12:27:44 -07:00
David Garske be67bf88f7 Merge pull request #10436 from Frauschi/mldsa_rename
Rename Dilithium to canonical ML-DSA (FIPS 204) names
2026-05-18 11:44:21 -07:00
David Garske 1ccd462ea1 Merge pull request #10482 from rlm2002/coverity
13052026 Coverity Fixes
2026-05-18 10:35:42 -07:00
David Garske bc2e842234 Merge pull request #10460 from JacobBarthelmeh/static_analysis
Static analysis fixes/improvements for SECO, devcrypto, ARIA, MD4, MD2
2026-05-18 10:31:37 -07:00
Kareem 9467d82ae6 NULL the correct key in TLSX_KeyShare_ProcessPqcHybridClient when using WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ.
Thanks to Haiyang Huang for the report.
2026-05-18 10:25:02 -07:00
David Garske 9096bcc8fa Merge pull request #10393 from JacobBarthelmeh/opensslextra
support build --enable-opensslextra with NO_BIO and NO_FILESYSTEM
2026-05-17 22:33:23 -07:00
David Garske ec2222964f Merge pull request #10481 from padelsbach/x509-set-double-free
Fix double free possibility in wolfSSL_X509_set_ext
2026-05-17 22:26:20 -07:00
David Garske 4c9116c743 Merge pull request #10462 from kareem-wolfssl/zd21507
Fix alert type for missing cert.  Prevent building with RNG disabled and blinding enabled by default.  Enforce bounds for AES CMAC size in verify.
2026-05-17 22:25:09 -07:00
David Garske d982aa27cc Merge pull request #10467 from JacobBarthelmeh/static_analysis_2
Xilinx/AMD port fixes for sanity checks on return values and psoc6 sanity check on input arg
2026-05-17 22:22:12 -07:00
David Garske 0055eb5e82 Merge pull request #10459 from JacobBarthelmeh/caam
fix for CAAM build
2026-05-17 22:22:05 -07:00
David Garske e7f5c99115 Merge pull request #10398 from julek-wolfssl/fenrir/20260430
Fenrir fixes
2026-05-17 22:21:06 -07:00
David Garske 156c088f3c Merge pull request #10475 from julek-wolfssl/ci-apt-cache
ci: switch direct apt usage to install-apt-deps action
2026-05-17 22:19:43 -07:00
David Garske e0f1ae2af8 Merge pull request #10477 from Frauschi/arduino
Improve Arduino CI test
2026-05-17 22:19:31 -07:00
Daniel Pouzzner a5e79d3b1c wolfssl/wolfcrypt/dilithium.h: use macros, not inlines, for all legacy (!WOLFSSL_NO_DILITHIUM_LEGACY_NAMES) wrappers;
tests/api/test_mldsa.c: suppress -Wunreachable-code around wc_mldsa_canonical_api_check() and wc_mldsa_legacy_alias_check().
2026-05-16 09:51:36 -05:00
Tobias Frauenschläger 2832df2139 Update C# wrapper to new ML-DSA names 2026-05-16 09:48:35 -05:00
Tobias Frauenschläger fb6b62dd8e Rename Dilithium to canonical ML-DSA (FIPS 204) names
NIST standardized the pre-standardization Dilithium signature scheme as
ML-DSA in FIPS 204. Migrate the provider's user-visible surface to
canonical spellings, with a temporary shim that preserves source-level
backward compatibility for existing consumers.

Renames
-------
* File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c
* New canonical header: wolfssl/wolfcrypt/wc_mldsa.h
* Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams
* Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_*
* Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA,
  WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_*
* Configure flag: --enable-mldsa (legacy --enable-dilithium still works)
* CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a
  DEPRECATION message)

Backward compatibility
----------------------
wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim:
* Forward-translates legacy build gates to canonical (the two sub-gates
  read by certs_test.h are translated in settings.h so the auto-generated
  header is reachable without including dilithium.h; the remainder lives
  in dilithium.h itself).
* Reverse-translates canonical gates back to legacy so unmigrated
  consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps
  compiling.
* Provides macro / static-inline aliases for the legacy type and
  function names so source-level callers compile unchanged. Sets
  WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef
  redefinition in asn_public.h.

Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables
build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the
symbol aliases. Both are temporary and the shim will be removed in a
future release. doc/dilithium-to-mldsa-migration.md describes the
migration path for downstream consumers.

ABI note
--------
The library now exports wc_MlDsaKey_* instead of wc_dilithium_*.
Pre-built binaries that linked against the legacy symbols need to
recompile against the shim header (which resolves to the new symbols at
compile time) or migrate to the canonical names directly. Source code
keeps building unchanged.

Other changes
-------------
* wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static
  memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger
  LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally.
  Override these macros for small-mem builds.
* gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the
  canonical WOLFSSL_HAVE_MLDSA spelling.
* tests/api/test_mldsa.c: adds compile-time API surface validators
  (canonical wc_MlDsaKey_* surface plus legacy alias surface) so
  signature drift produces a build error during make check.
* IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr
  CMakeLists.txt, and autotools include.am updated for the rename.
* DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols;
  scheduled to be renamed alongside the eventual shim removal.
2026-05-16 09:48:35 -05:00
Tobias Frauenschläger 5915e39b7f Add WOLFSSL_KEY_SHARE_DEFAULT_GROUP for ClientHello key share default
Decouples the speculative key share group from preferredGroup[0]. The new
macro prefers widely deployed groups (PQ/T hybrids with X25519 or SECP256R1,
then SECP256R1/X25519/SECP384R1, then FFDHE 2048/3072) to reduce the chance
of a HelloRetryRequest, and falls back to preferredGroup[0] for
configurations not covered explicitly. Users can override the default via
user_settings.h or a manually passed -DWOLFSSL_KEY_SHARE_DEFAULT_GROUP=x via
autoconf.

Furthermore, an empty key_share is now sent when the user's group list does
not intersect preferredGroup[], keeping TLS 1.3 negotiation alive instead
of allowing a silent TLS 1.2 downgrade or handshake failure due to a
missing key share extension.
2026-05-16 10:41:27 +02:00
Tobias Frauenschläger 9b0ea68ab8 Minor refactoring in TLSX_PopulateExtensions 2026-05-16 10:41:27 +02:00
Tobias Frauenschläger 9f85d21ee3 Align preferredGroup array with TLSX_PopulateSupportedGroups() 2026-05-16 10:41:27 +02:00
jordan c88c3fdcbd zfs: support wolfzfs patch. 2026-05-15 16:10:54 -05:00
JacobBarthelmeh 3bca71be0b add test case for NO_BIO and NO_FILESYSTEM build with opensslextra 2026-05-15 10:38:24 -06:00
JacobBarthelmeh c0ba788cb1 support of NO_BIO and NO_FILESYSTEM build with opensslextra 2026-05-15 10:37:46 -06:00
Kareem 213bcb3e94 Gate out all of the newly added AES-CMAC tests for FIPS as none of them will apply to the old FIPS AES-CMAC code. 2026-05-14 15:19:56 -07:00
Ruby Martin 4e0e1891fb remove logically dead code
remove unused total value
2026-05-14 15:28:07 -06:00
Kareem d7af80dc93 Update new AES-CMAC bounds test to account for FIPS still using the old code. 2026-05-14 12:46:25 -07:00