Commit Graph

29626 Commits

Author SHA1 Message Date
Eric Blankenhorn 05d73707ef Fixes from review 2026-05-11 15:06:32 -05:00
Eric Blankenhorn 29f3b30651 Fix in ECC point conversion 2026-05-11 15:06:32 -05:00
jordan 333aaaa3a9 asn: fix GetShortInt for asn original. 2026-05-11 14:50:48 -05:00
Daniele Lacamera 7003f6bee2 Addressed copilot's comments 2026-05-11 20:55:25 +02:00
Daniele Lacamera 84955e457c IDE/iotsafe: fix memory TLS wrapper and example build 2026-05-11 20:31:30 +02:00
Reda Chouk 54bb2c2caf zero-initialize DecodedCert immediately after allocation in
wolfssl_certmanagerloadcabuffertype to prevent cleanup on an
uninitialized struct on the pem error path.
2026-05-11 20:12:19 +02:00
Paul Adelsbach d56831c90d Fix LMS and XMSS cryptocb software fallback 2026-05-11 10:45:38 -07:00
sebastian-carpenter 0ff622c709 F-1908, improve hpke return codes 2026-05-11 11:35:22 -06:00
jordan 99e5597372 wolfmath: check mpSz cleanup. 2026-05-11 12:09:50 -05:00
Kareem a12ccca612 Fully exclude the wc_DsaCheckPubKey function when building with NO_DSA_PUBKEY_CHECK. 2026-05-11 10:05:45 -07:00
Kareem b79870e1ba Add opt-out macro NO_DSA_PUBKEY_CHECK to allow skipping the newly added DSA public key check. 2026-05-11 10:05:45 -07:00
Kareem 367bd173d1 Reword comment to hopefully fix clang-tidy test. 2026-05-11 10:05:45 -07:00
Kareem 44d3659244 Code review feedback 2026-05-11 10:05:45 -07:00
Kareem ea67ace873 Validate DSA parameters when verifying DSA key.
Thanks to Kr0emer for the report.
2026-05-11 10:05:45 -07:00
Andrew Hutchings 7b89d82b35 Fix mem_track.h compile failure on multi-threaded non-Linux builds
The memLock mutex and #include <pthread.h> in mem_track.h were
declared under #ifdef DO_MEM_LIST (Linux/macOS/Zephyr only), but
referenced under the broader guard

    !defined(SINGLE_THREADED) && \
    (defined(DO_MEM_LIST) || defined(DO_MEM_STATS))

Since DO_MEM_STATS is defined whenever WOLFSSL_TRACK_MEMORY +
USE_WOLFSSL_MEMORY are set without WOLFSSL_STATIC_MEMORY, any
non-Linux/Mac/Zephyr multi-threaded build failed to compile with
implicit pthread_mutex_lock declarations and undeclared memLock.

Replace the raw pthread mutex with wolfSSL's portable mutex API
(wc_InitMutex / wc_LockMutex / wc_UnLockMutex / wc_FreeMutex) so
locking works on every platform wolfSSL already ports to.
InitMemoryTracker now calls wc_InitMutex before
wolfSSL_SetAllocators installs TrackMalloc, guarded by a
memLockInit flag for idempotency. CleanupMemoryTracker calls
wc_FreeMutex after restoring the default allocators so no
in-flight allocation races a freed mutex. The four mutex guards
in TrackMalloc/TrackFree and the two in InitMemoryTracker/
ShowMemoryTracker are unified on the same condition as the
memLock declaration itself.

ZD #21763
2026-05-11 16:20:35 +01:00
David Garske 01ba609f0d Merge pull request #9702 from danielinux/ta100_2025
[Microchip TA-100] Fix port + update to cryptoauthlib v3.6.0
2026-05-11 07:26:43 -07:00
Tobias Frauenschläger f16216e5b8 HashSLH-DSA APIs now take the pre-hashed digest, not the raw message
wc_SlhDsaKey_{Sign,Verify}Hash* previously accepted the raw message and
performed the pre-hash internally. They now require the caller to hash the
message first and pass the resulting digest -- the functions no longer call
wc_*Hash() themselves and feed the supplied digest directly into the M'
construction. Parameters are renamed from msg/msgSz to hash/hashSz to reflect
this, and hashSz is validated against wc_HashGetDigestSize(hashType) per
FIPS 205 Section 10.2.2 (32 for SHAKE128, 64 for SHAKE256), returning
BAD_LENGTH_E on mismatch.

This matches ML-DSA's wc_dilithium_{sign,verify}_ctx_hash, NIST ACVP
signatureInterface=external / preHash=preHash vectors, and other libraries
(OpenSSL HASH-ML-DSA, leancrypto, mldsa-native). It also enables distributed
signers and HSM-style flows where the digest is computed separately from the
signing operation.

Migration: callers must now hash the message before invoking these APIs;
passing the raw message will either fail length validation or produce
signatures over the wrong input. The M'-supplied wc_SlhDsaKey_SignMsg* /
VerifyMsg family (FIPS 205 internal interface, Algorithms 19/20) is
unchanged but gains stricter input validation and doxygen coverage.
2026-05-11 10:14:13 +02:00
Sean Parkinson 69027c2445 LMS: fixes and improvements
Remove WC_LMS_PARM_NONE as it serves no purpose.
Change sig_len from a 16-bit value to a 32-bit value in the parameters.
Added wc_LmsKey_SetParameters_ex() and wc_LmsKey_GetParameters_ex() to
handle hash algorithm.
Change mass ForceZeros to smaller amounts with XMEMSET and setting to
NULL or default valus.
Allow signing of empty message.
Other minor fixes.

Fix API tests to work when WOLFSSL_LMS_MAX_HEIGHT/WOLFSSL_LMS_MAX_LEVELS
are/is defined.
2026-05-11 16:18:12 +10:00
Paul Adelsbach 3cad0bfe50 Fix OOB possibility in PKCS7_VerifySignedData 2026-05-10 20:34:48 -07:00
Mattia Moffa 5aa8e6aa2b Fix Blake2 oversized key path
- Reduce long keys in a separate state rather than reusing the state used
for the HMAC inner hash.
- Pad the rest of the buffer with zeros as required by the spec.
- Add regression tests
2026-05-11 04:56:16 +02:00
Daniel Pouzzner 9f759fa1e0 Merge pull request #10446 from kaleb-himes/quickfix
Fix private key lock issues in master
2026-05-09 09:17:53 -05:00
kaleb-himes afb90dd2da Fix private key lock issues in master 2026-05-08 17:08:38 -06:00
David Garske 867ce26474 Merge pull request #10278 from twcook86/lpc55s69_crypto
Add wolfCrypt support for lpc55s69 hw crypto
2026-05-08 16:00:54 -07:00
jordan 98831c25d4 wolfmath: check mpSz in wc_export_int. 2026-05-08 15:26:57 -05:00
David Garske 3351eb429a Merge pull request #10354 from embhorn/zd21725
Fix IPSAN and registeredID handling
2026-05-08 12:15:37 -07:00
David Garske d465d8b130 Add RSA/DH SP non-blocking support for C/Small 2048/3072/4096 2026-05-08 10:36:28 -07:00
Daniel Pouzzner f1fff73352 tests/api.c: fix readability-uppercase-literal-suffix in rfc9802_verify_one_cert();
tests/api/test_mldsa.c: fix misplaced PRIVATE_KEY_UNLOCK() in dilithium_oneasymkey_version_check();

wolfcrypt/test/test.c: fix valgrind-detected "Conditional jump or move depends on uninitialised value(s)" in ecc_test_curve_size() negative test on all-zeros digest.
2026-05-08 18:53:57 +02:00
Daniele Lacamera ae0d09ccff More fixes to the broken atecc608 test 2026-05-08 18:50:44 +02:00
Daniele Lacamera 5f321d7372 Removed redundat hotfix from the ATECC608 workflow 2026-05-08 18:50:44 +02:00
Daniele Lacamera acb3243501 [TA-100] test.c: fix unbalanced/unterminated preprocessor blocks from
previous merge
2026-05-08 18:50:44 +02:00
Daniele Lacamera 50428d2d92 [TA-100] Address review feedback (Copilot + Fenrir)
Copilot fixes:
- atmel.c: ATCA_ENABLE_DEPRECATED I2C path now uses ATECC_I2C_ADDR
  instead of slave_address=1 (matches the non-deprecated path).
- atmel.c: capture and propagate atmel_createHandles() return value;
  abort init via WC_HW_E if handle creation fails.
- atmel.h: include calib_aes_gcm.h with the same <calib/...> form used
  for calib_command.h so a single -I (.../include or
  .../include/cryptoauthlib) resolves both.
- configure.ac: drop the duplicated AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB])
  (kept only in the consolidated section near the end).
- settings.h: remove leftover commented-out '#ifdef WOLFSSL_ATECC508A'.
- benchmark.c: drop the broken TA100 wc_RsaSSL_Verify branch (it passed
  message/enc as if they were sig/out).
- test.c: stop calling atmel_ecc_free() with the slot-TYPE enum
  constants; wc_ecc_free(userA/userB) already releases the allocated
  slots.
- ecc.c (microchip_curve_id_for_key): switch on key->dp->id, not size,
  so SECP256K1 / BRAINPOOLP256R1 are not silently mapped to SECP256R1.
  Helper is now defined for ATECC508A/608A as well, fixing the
  TA100-only gating that broke ATECC builds.
- ecc.c (_ecc_make_key_ex): keep ATECC508A/608A's curve check at
  SECP256R1-only (hardware does not support the wider curve set);
  TA100 retains the multi-curve list.

Fenrir fixes:
- ecc.c (wc_ecc_init_ex): under TA100 + ALT_ECC_SIZE the pubkey x/y/z
  pointers must be aimed at key->pubkey.xyz[] (with alt_fp_init) before
  mp_init_multi - otherwise mp_init_multi dereferenced NULL.
- atmel.c (atmel_get_rev_info): check atcab_wakeup return and bail out
  via atmel_ecc_translate_err before calling atcab_info.
- atmel.c (atmel_ecc_create_pms, TA100+ECDH_ENC): pass
  MAP_TO_HANDLE(slotId) (the ephemeral private-key handle) into
  talib_ecdh_compat instead of MAP_TO_HANDLE(slotIdEnc).
- atmel.c (wc_Microchip_rsa_create_key): on any failure after the first
  talib_create_element succeeds, delete the previously created
  handle(s) and clear rKeyH/uKeyH so device elements are not leaked.
- aes.c (wc_AesGcmEncrypt / wc_AesGcmDecrypt TA100 fast paths): replace
  '(authInSz + sz) <= MAX' with bounds on each operand individually so
  word32 wraparound cannot bypass the 996-byte hardware limit.
- rsa.c (RsaPrivateDecryptEx): drop the TA100 RSA_PUBLIC_DECRYPT
  short-circuit. wc_Microchip_rsa_verify expects (digest, digestLen,
  sig, sigLen, ...) and the verified flag must be honored; the proper
  TA100 fast-path already lives in wc_RsaPSS_CheckPadding_ex2.
2026-05-08 18:50:44 +02:00
Daniele Lacamera 5dcc99c688 [TA-100] Fix build breakage on TA100 builds
- atmel.c: restore the closing #endif for the outer
  WOLFSSL_ATMEL/ATECC/TA100 block. The previous "duplicate
  ATCA_TFLEX_SUPPORT" cleanup removed the real closer because the
  trailing-comment was misleading, leaving the file with an
  unterminated #if from line 35.
- ecc.c: drop !defined(WOLFSSL_MICROCHIP_TA100) from the guard around
  wc_ecc_point_is_at_infinity. The function is generic
  (mp_iszero(x) && mp_iszero(y)) and call sites in
  _ecc_import_x963_ex2 and friends don't exclude TA100, so the
  TA100 build was failing to link.
2026-05-08 18:50:44 +02:00
Daniele Lacamera fc93bb4a09 Addressed copilot's comments 2026-05-08 18:50:44 +02:00
Daniele Lacamera 449d039581 Fixes after rebase on latest master 2026-05-08 18:50:44 +02:00
Daniele Lacamera 83aec60bd6 Addressed comment: added macros to .wolfssl_know_macro_extras 2026-05-08 18:50:44 +02:00
Tesfa Mael 0a2886f942 Correct Nested comment for Espressif build 2026-05-08 18:50:44 +02:00
Tesfa Mael 293ccdd604 Fix typo 2026-05-08 18:50:44 +02:00
Tesfa Mael 969a2502ae Fix comments and shellcheck warning 2026-05-08 18:50:44 +02:00
Tesfa Mael fbfc3ba8c2 Fix formatting 2026-05-08 18:50:44 +02:00
Tesfa Mael 416b3434db Removed the dead #ifdef WOLFSSL_MICROCHIP_TA100 block (it was inside #ifndef WOLFSSL_MICROCHIP_TA100 2026-05-08 18:50:44 +02:00
Tesfa Mael 00b99b88f3 wraps PKG_CHECK_MODULES with m4_ifdef so it's silently skipped when pkg.m4 is unavailable 2026-05-08 18:50:44 +02:00
Tesfa Mael 4d94b8e8d5 [TA-100] Fix build/test regressions in non-TA100 builds 2026-05-08 18:50:44 +02:00
Tesfa Mael 8f9ecd1afb Close PKG_CHECK_MODULES with a no-op failure action and use a separate AS_IF to conditionally run the manual search fallback 2026-05-08 18:50:44 +02:00
Daniele Lacamera 7efe61fbd0 [TA-100] Fixed RSA keygen/sign/verify, tests 2026-05-08 18:50:44 +02:00
Daniele Lacamera 8ea5235ba8 [TA-100] Fixed ECC384. Adding RSA. 2026-05-08 18:50:44 +02:00
Daniele Lacamera ab027070a4 Reverted changes to fallback ECC
ECC384 should be supported in TA-100
2026-05-08 18:50:43 +02:00
Daniele Lacamera 298845f34c [TA-100] Fixed GMAC, AES-GCM, AES, ECC
- Using correct slot ID for AES keys
- Adjust IV length
- Fallback operations to software for unsupported ECC curves

(all tests passing)
2026-05-08 18:50:43 +02:00
Tesfa Mae dbf4aaa5be TA100: follow-up changes (squash after 4e64cb56) 2026-05-08 18:50:43 +02:00
Tesfa Mae 00cca3e25b TA100: Microchip Trust Anchor support RSA/ECC 2026-05-08 18:50:43 +02:00
Daniel Pouzzner 20ed869c21 Merge pull request #10432 from danielinux/arduino-unor4wifi-flash-fix
Arduino UNO: force USE_CERT_BUFFERS_256 to fit in flash
2026-05-08 11:48:31 -05:00