Reda Chouk
fb64844924
Merge pull request #10205 from holtrop-wolfssl/rust-fenrir-fixes
...
Rust fenrir fixes
2026-04-17 10:32:26 +02:00
Sean Parkinson
318cd62d44
Merge pull request #10231 from JeremiahM37/fenrir-issues-3
...
Fix PEM input validation and zeroize sensitive key buffers
2026-04-17 10:44:55 +10:00
Brett Nicholas
4bf334c299
Merge pull request #10009 from night1rider/SHE-update
...
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-16 16:49:00 -06:00
Sean Parkinson
c119a21931
SP int: fixes from review by Claude
...
1. sp_cond_swap_ct_ex (line ~5524) — XOR typo: b->sign ^= b->sign always
zeroed the sign. Fixed to b->sign ^= t->sign to correctly swap signs.
2. sp_mod_d (line ~7271) — Negative modulo correction was applied even
when the remainder was 0. Added (*r != 0) guard to avoid producing d
instead of 0.
3. sp_lshb (line ~8444) — Left-shift size check was off. Refactored to
correctly distinguish between pure-digit shifts and bit-within-digit
shifts when checking if the result fits, using separate overflow checks
for each case.
4. _sp_mulmod_tmp (line ~12160) — Zero inputs caused an allocation of
size 0, which is problematic. Added an early path: if either operand is
zero, set result to zero and skip the allocation/multiply entirely.
5. sp_mod_2d — copy path (line ~14762) — XMEMCPY copied digits *
SP_WORD_SIZEOF bytes but a may have fewer than digits used digits. Fixed
to copy min(a->used, digits) digits to avoid reading uninitialized
memory.
6. sp_mod_2d — negation loop (line ~14782) — Negation loop iterated
over r->used, which could exceed digits. Fixed to loop over min(r->used,
digits).
7. _sp_sqrmod (line ~17314) — Same zero-input issue as _sp_mulmod_tmp.
Added early zero path to skip the allocation/squaring when input is
zero.
8. sp_lcm (line ~19838) — Typo in sign check: b->sign >= MP_NEG
(comparing against a value that is 1, so >= 1 would also match MP_ZPOS)
changed to b->sign == MP_NEG.
2026-04-16 19:01:53 +10:00
Daniel Pouzzner
0f0dab0105
wolfcrypt/src/logging.c and wolfssl/wolfcrypt/logging.h: add wc_backtrace_set_fp().
2026-04-15 21:28:43 -05:00
Daniel Pouzzner
8d332778b0
wolfcrypt/test/test.c: in ed25519_test(), fix RARE_ED_BAD_ENC_E and RARE_ED_BAD_SIG_E macros to use WC_NO_ERR_TRACE() safely;
...
.github/workflows/trackmemory.yml: add --enable-debug-trace-errcodes to a couple scenarios.
2026-04-15 21:12:21 -05:00
night1rider
64a1ac8dd2
wc_SHE_ImportM1M2M3: fix guard from || to && so it gates on WOLF_CRYPTO_CB
2026-04-15 18:03:39 -06:00
Sean Parkinson
3c2a92d21d
Merge pull request #10225 from kareem-wolfssl/zd21544
...
Fix uninitialized before use warning. Fix unsupported #warning directive by Tasking compiler.
2026-04-16 08:55:49 +10:00
Sean Parkinson
cd6b062847
Merge pull request #10136 from JeremiahM37/fenrir-issues-2
...
Fenrir fixes
2026-04-16 08:51:17 +10:00
Sean Parkinson
d2175f3b42
Merge pull request #10222 from embhorn/zd21597
...
Report cert verify failure with MD5
2026-04-16 08:45:15 +10:00
David Garske
48a0347581
Merge pull request #10180 from Frauschi/dilithium-alloc-key
...
Add dynamic key allocation support for Dilithium
2026-04-15 10:36:14 -07:00
night1rider
9775795470
Add ability to skip load key verify test
2026-04-15 11:28:03 -06:00
night1rider
1078e797f8
Fix CMake SHE deps, const-correctness in CryptoCb uid, stale comment, XSTRLEN double call, configure.ac AES-CBC guard, and add LoadKey/LoadKey_Verify test coverage
2026-04-15 11:28:03 -06:00
night1rider
994b0cdedd
Add one-shot SHE LoadKey and LoadKey Verify convenience APIs: wc_SHE_LoadKey, wc_SHE_LoadKey_Id, wc_SHE_LoadKey_Label and their verify counterparts
2026-04-15 11:28:03 -06:00
night1rider
f8956abcc1
update she union for callback to be getUid not setUid
2026-04-15 11:28:03 -06:00
night1rider
f081a08c5c
Address comments from bigbrett and Fenrir bot. Rename she.{c,h} to wc_she.{c,h}, fix naming consistency, auto-enable CMAC/AES dependencies, add WC_SHE_SW_DEFAULT opt-inAddress PR #10009 review comments from bigbrett and Fenrir
2026-04-15 11:28:03 -06:00
night1rider
802c34018c
Add more in depth comments in header file for she.h
2026-04-15 11:28:03 -06:00
night1rider
ee7fe9e1b1
SHE API: remove key storage from context, add direct output params
2026-04-15 11:28:03 -06:00
night1rider
eeedc470e9
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-15 11:27:44 -06:00
David Garske
1a67eb7223
Merge pull request #9851 from night1rider/setkey-callbacks
...
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
Jeremiah Mackey
e182645d20
zero PKCS12 key bag buffers before free
2026-04-15 16:59:18 +00:00
Jeremiah Mackey
897ce55e2d
zero HMAC-DRBG K and V in deterministic k
2026-04-15 16:46:32 +00:00
Jeremiah Mackey
bdebcfc5a0
reject negative pemSz in PEM-to-DER APIs
2026-04-15 16:46:32 +00:00
David Garske
240703c959
Merge pull request #10219 from rizlik/se050
...
SE050: Fixes + NO_{RSA,ECDHE}_VERIFY options + simulator CI
2026-04-15 09:35:23 -07:00
Josh Holtrop
4f31ff95f7
Rust wrapper: require fixed length index buffers for SRTP/SRTCP
2026-04-15 11:36:02 -04:00
Sean Parkinson
b44d8c66d7
Merge pull request #10192 from mattia-moffa/20260409-fixes
...
Various fixes
2026-04-15 20:35:04 +10:00
Marco Oliverio
8b01033d0b
se050: reviewer's fixes
2026-04-15 08:52:16 +02:00
Marco Oliverio
2f5df5c9f8
se050: abide compilers warning about init keyId
2026-04-15 08:33:30 +02:00
Daniel Pouzzner
9bc221bfec
wolfcrypt/test/test.c: skip the "reject authTagSz below WOLFSSL_MIN_AUTH_TAG_SZ" test on FIPS <7.0.0.
2026-04-14 23:09:21 -05:00
Mattia Moffa
0749f20c33
Require exact tag length in EVP_DigestVerifyFinal HMAC path
...
ZD#21457 (31)
2026-04-15 03:09:11 +02:00
Mattia Moffa
0a00b47c75
Fix ML-KEM ARM64 NEON ciphertext comparison reduction
...
ZD#21457 (30)
2026-04-15 03:09:11 +02:00
Mattia Moffa
9c304bdc09
PKCS12: check mismatch between hash algo and hash size
...
ZD#21457 (27)
2026-04-15 03:08:50 +02:00
Sean Parkinson
409b5fcf38
Merge pull request #10172 from embhorn/zd21568
...
Fix pkcs12 parse issue
2026-04-15 09:00:12 +10:00
night1rider
a99a72029c
narrow ecc_size/sig_size guards to SETKEY||EXPORT_KEY, update _WC_PK_TYPE_MAX, const-qualify export_key.obj, call _ecc_import_x963_ex2 directly, fix GetSetKeyTypeStr, fix NULL deref in wc_RsaPrivateKeyDecode with WOLF_CRYPTO_CB_FIND, add FIND CI config.
2026-04-14 16:21:50 -06:00
night1rider
d58eea5566
Address pr review: add braces, move scope of variables, add X9.63 comment
2026-04-14 16:21:50 -06:00
night1rider
bf1013bfd4
Address feedback from Fenrir
2026-04-14 16:21:50 -06:00
night1rider
642a65a34d
Add export hooks for ecc
2026-04-14 16:21:50 -06:00
night1rider
1295f4fe0e
Add WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY crypto callback
...
utilities for generic SetKey and ExportKey operations on HMAC, RSA, ECC,
and AES. Add wc_ecc_size/wc_ecc_sig_size callback hooks for hardware-only
keys. Integrate into configure.ac as --enable-cryptocbutils=setkey,export
options with CI test configurations in os-check.yml.
Add test handlers in test.c and api.c with export/import delegation
pattern, small-stack-safe allocations, custom curve support, and
DEBUG_CRYPTOCB helpers.
2026-04-14 16:21:50 -06:00
Kareem
5defbc3219
Tasking compiler does not support #warning and needs the #pragma message case where available.
...
Fixes #10108 .
2026-04-14 15:06:20 -07:00
Kareem
5662077267
Fix uninitialized before use warning in wc_Dilithium_PublicKeyDecode.
2026-04-14 15:00:53 -07:00
Sean Parkinson
64c4203d96
Merge pull request #10214 from douzzer/20260413-cross-riscv64-all-asm-fips-dev
...
20260413-cross-riscv64-all-asm-fips-dev
2026-04-15 07:13:53 +10:00
David Garske
584489f2e0
Merge pull request #10211 from night1rider/mlkem-cryptocb-sha3-hashtype-bug
...
Mlkem cryptocb sha3 hashtype not reset after final call
2026-04-14 11:08:26 -07:00
Eric Blankenhorn
4a13896b2e
Report cert verify failure with MD5
2026-04-14 12:31:01 -05:00
Marco Oliverio
f55ecb5124
se050: add support for SE050 SIGN ONLY options
2026-04-14 18:07:30 +02:00
Marco Oliverio
5cd2db0b4d
se050: skip ecc_test_buffers (invalid digest sz)
2026-04-14 18:07:30 +02:00
Marco Oliverio
0fbfbb8089
se050: refuse invalid digest sz in ECDSA
2026-04-14 18:07:30 +02:00
Marco Oliverio
e6a7be8969
test: rsa: reset RSA key between operation
2026-04-14 18:07:30 +02:00
Marco Oliverio
ed2e230f78
se050: initialize keyId to abide compilers
2026-04-14 18:07:30 +02:00
Marco Oliverio
fff6f3fc32
se050: fix RSA Encrypt with only pubkey setting keyId
2026-04-14 18:07:30 +02:00
Andrew Hutchings
931893c62b
Address items in code review
2026-04-14 18:07:30 +02:00