Commit Graph

175 Commits

Author SHA1 Message Date
Thomas Cook 5e0cb5eab3 Merge branch 'master' into lpc55s69_crypto 2026-05-05 10:20:39 -04:00
Thomas Cook bbbae10faf Rework sha/sha256 hw accel based on test and benchmark testing 2026-04-13 10:53:53 -04:00
Daniel Pouzzner 21c6568883 Fixes for -Wcast-qual hygiene in wolfCrypt.
.github/workflows/wolfCrypt-Wconversion.yml: Add -Wcast-qual to all scenarios.

wolfssl/wolfcrypt/signature.h, wolfcrypt/src/signature.c, doc/dox_comments/header_files/signature.h:

  Remove incorrect const qualifier on the key argument in

  * wc_SignatureVerifyHash()
  * wc_SignatureVerify()
  * wc_SignatureGenerateHash()
  * wc_SignatureGenerateHash_ex()
  * wc_SignatureGenerate()
  * wc_SignatureGenerate_ex()

  This fixes UB code patterns throughout signature.c.  key is inherently
  accessed readwrite by the underlying low level crypto.  Fortunately, wolfCrypt
  has no APIs/methods to allow actual const MPI key objects, therefore these
  seeming breaking API changes can't actually break any users.

globally:

  * Add const qualifiers to all struct pointer members that are assigned values
    computed from const pointers.

  * Add const qualifiers to intermediate casts for accessors and read-only
    dereference constructs, as needed for -Wcast-qual hygiene, e.g. for a macro
    GET_U16(a), use (*(const word16*)(a)) rather than (*(word16*)(a)).

  * Add const qualifiers to internal declarations, and remove illegal casts, as
    needed for -Wcast-qual hygiene.

  * Add missing const qualifiers to all casts for argument, operand, and
    assignment type agreement, as needed for -Wcast-qual hygiene, e.g.
    "*data = (const byte*)dataASN->data.ref.data" rather than
    "*data = (byte*)dataASN->data.ref.data".

wolfssl/wolfcrypt/asn.h, wolfssl/wolfcrypt/asn_public.h, wolfcrypt/src/asn.c, wolfcrypt/src/asn_orig.c:

  * Add additional lifecycle management for object members that are only sometimes locally allocated:

    DNS_entry.nameStored
    DNS_entry.ipStringStored
    DNS_entry.ridStringStored

wolfssl/wolfcrypt/types.h: add WC_BARRIER() macro -- a portable construct that
   prevents compiler optimizers from reordering operations across the barrier.

wolfssl/wolfcrypt/blake2-impl.h, wolfcrypt/src/blake2s.c, wolfcrypt/src/blake2b.c:

  * In blake2b_init(), blake2b_init_key(), blake2s_init(), and
    blake2s_init_key(), refactor blake2b_param initialization using WC_BARRIER()
    (fixes volatile abuse that triggered -Wcast-qual).

  * Remove the residual and unused WOLFSSL_BLAKE2[BS]_INIT_EACH_FIELD code.

wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h:

  Remove incorrect const qualifier on curve arg to wc_ecc_free_curve() (internal function).
2026-04-01 14:12:02 -05:00
Thomas Cook 9351033906 Add hw support for SHA1 and SHA256 2026-03-26 16:55:32 -04:00
David Garske 4c75a866d9 Add inline documentation for missing macros and fix spelling errors 2026-03-16 17:09:13 -07:00
Daniel Pouzzner 58f48a96bf Merge pull request #9836 from Frauschi/pkcs11_dilithium
Add support for ML-DSA in PKCS#11
2026-03-05 15:22:10 -06:00
night1rider c3b329eb2e Refactor to use HASH_KEEP option instead of dedicated context for SHA, also add HASH_KEEP to sha1 context with correct init/free calls 2026-03-04 10:27:22 -07:00
Tobias Frauenschläger ad22f9a37c Support for ML-DSA in PKCS#11
Offload ML-DSA operations onto a PKCS#11 token via the cryptoCb
interface:
* Key generation
* Signature generation
* Signature verification
* Key import

Both the pure and pre-hash versions are supported. Not yet supported are
the pre-hash versions that also offload the hashing onto the token.

This also fixes casting errors introduced in #9780 due to usage of
uintptr_t, which is unavailable without including stdint.h on some
platforms. Use the wolfssl own wc_ptr_t instead.
2026-03-02 11:45:11 +01:00
night1rider d4f8f0d0a5 Revert XMEMSET 0 after free in copy process for digest/hashing functions 2026-02-27 12:56:58 -07:00
night1rider 4713ad5675 Add Free(dst) + XMEMSET before XMEMCPY in all wc_ hash Copy functions (MD5, SHA, SHA2, SHA3, SHAKE) and add copy cleanup tests to prevent resource leaks when copying into previously-used contexts. 2026-02-27 12:56:58 -07:00
night1rider 4c9b980c72 Fix potential memory leak in SHA Copy and zero-initialize temp GetHash contexts; zero HMAC dst hash before copy to prevent shared pointers 2026-02-27 12:56:57 -07:00
night1rider 1f3bea4907 Fix potential memory leak when copying into existing SHA contexts and zero-initialize temp GetHash contexts 2026-02-27 12:56:57 -07:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
night1rider 572776e685 Reset return value to success when copy callback requests to use software function instead 2025-11-04 13:25:16 -07:00
night1rider f1faefed91 Added callbacks for copy and free to SHA, 224, 384, 512, and SHA3. Also split macros for FREE and COPY Callbacks, and add configure.ac option. 2025-10-20 11:09:35 -06:00
Daniel Pouzzner 6fbd101f7d Merge pull request #9153 from effbiae/wc-small-stack
Small stack compress -- 3000line reduction
2025-10-13 23:12:01 -05:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Kamatham Pushyanth b2c5eb51d8 Enable hardware acceleration for SHA algorithms on PSoC6.
- Introduced conditional compilation for PSoC6 crypto support across SHA1, SHA2, SHA3 implementations.
- Ensured proper mutex locking for concurrent access to hardware resources during hash operations.
- Added public key creation functionality if only private key is provided in ECDSA verify function (psoc6_ecc_verify_hash_ex).
- Updated ECC parameter size handling to fix incorrect endianness conversions in psoc6_ecc_verify_hash_ex().
- Added README for PSOC6 port.
2025-10-11 05:23:40 +05:30
Daniel Pouzzner e6c6ef64df Merge pull request #9047 from miyazakh/rz_update
Update Renesas RZ examples
2025-08-08 23:27:35 -05:00
Hideki Miyazaki 9b7caac3ef Update RZ examples
- Use xSPI0 boot mode
 - Update FSP from v1.3 to v2.0.0
 - Simplify UART
 - Migrate new User Ctx
 - Update README
 - Fix SCE TLS on RA6M4
2025-07-31 11:04:06 +09:00
Juliusz Sosinowicz 42e2dd9990 Zero sha->buffer
msan reported it as an uninitialized buffer
2025-07-30 14:16:52 +02:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
jordan baa7efa8af Fix coverity uninit var warnings, add missing priv key ForceZero. 2025-05-05 13:14:39 -05:00
Daniel Pouzzner ed5d8f8e6b update several files in wolfcrypt/src/port/arm to include libwolfssl_sources.h;
update wolfcrypt/src/port/af_alg, wolfcrypt/src/port/devcrypto, and wolfcrypt/src/port/kcapi to include libwolfssl_sources.h;

remove a slew of includes across lib sources made redundant by libwolfssl_sources.h.
2025-04-11 13:57:23 -05:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
ZackLabPC 9881edfabe Crypto Callback Support for ARM ASM: AES-ECB/CBC, SHA-1/256/384/512 + Fix SP SHA CB Bug 2024-09-20 09:42:53 -06:00
night1rider d714e55a2b Addressing PR comments typos and cleanup and support HAVE_AES_ECB, Sha1, and Sha224 2024-09-20 09:42:52 -06:00
Andras Fekete f419e2351b Remove NULL test with 'ptr = NULL' at the end 2024-08-06 10:55:37 -04:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
kaleb-himes c333fdf545 Check-in Nucleus Plus 2.3 port work 2024-07-09 15:53:00 -06:00
Daniel Pouzzner b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
kaleb-himes e45867bbc3 WIN fips section refactor / wolfEntropy API syntax adjustment 2024-04-09 09:48:33 -06:00
kaleb_himes 81f5ac7f6c SRTP-KDF FS Preview 2024-04-09 09:48:33 -06:00
jordan 83169f91e9 Fix ShaFinal overrun. 2024-02-03 17:36:26 -06:00
gojimmypi 07a5566c52 Add wolfcrypt SHA support for ESP32-C2, other minor updates 2023-12-18 17:35:43 -08:00
gojimmypi 9227020f8e code review updates for ESP32 C3/C6/S2 HW Acceleration 2023-11-21 16:22:49 -08:00
gojimmypi 7e69030df1 Espressif ESP32-C3 ESP32-C6 ESP32-S2 Hardware Acceleration 2023-11-20 18:05:18 -08:00
Hideki Miyazaki e092c57675 change sha h/w acceleration implementation 2023-09-29 16:22:16 +09:00
Chris Conlon 5bc5b8a99b Merge pull request #6768 from miyazakh/renesas_rz
Renesas RZN2L support
2023-09-19 14:38:03 -06:00
gojimmypi 9398fa0736 Espressif HW Improvements (#6624)
* Espressif HW Improvements
* revised AES HW/SW fallback logic for ESP32
2023-09-19 08:21:13 -07:00
Hideki Miyazaki 1c9afb8b12 initial commit for RZN2L board Support 2023-09-13 09:22:55 +09:00
JacobBarthelmeh 7f0cfcb27d Merge pull request #6667 from bandi13/byebyeCyaSSL
Byebye cya ssl
2023-08-03 15:43:01 -06:00
Andras Fekete b31e485dc9 Remove 'HAVE_FIPS_VERSION < 2' blocks 2023-08-02 17:08:03 -04:00
Hideki Miyazaki 02ec92a3b9 Support TSIP crypt only
- Aes, sha,
  - rsa
     MakeRsaKey, sign/verify

fix compile error when not enabled TSIP
2023-07-27 06:23:34 +09:00
gojimmypi 57546405c0 refactor WROOM32 ESP32 2023-07-07 15:47:00 -07:00
David Garske fc153ff273 Support for Silicon Labs Gecko SDK v4. Changes SE Hash to use multipart API's. Gecko SDK v3 auto-detected or manually forced using WOLFSSL_SILABS_SE_ACCEL_3. 2023-06-23 14:22:44 -07:00
Sean Parkinson 1a8f09d013 Merge pull request #6320 from JacobBarthelmeh/curl
smaller sized build with curl
2023-05-03 07:46:29 +10:00
Daniel Pouzzner 2a00b67056 revert change in wc_ShaFinal() capturing InitSha() retval, introduced in 510038022f, to (void)ed result. 2023-04-19 17:25:33 -05:00