Commit Graph

10994 Commits

Author SHA1 Message Date
Daniel Pouzzner 0f0dab0105 wolfcrypt/src/logging.c and wolfssl/wolfcrypt/logging.h: add wc_backtrace_set_fp(). 2026-04-15 21:28:43 -05:00
Daniel Pouzzner 8d332778b0 wolfcrypt/test/test.c: in ed25519_test(), fix RARE_ED_BAD_ENC_E and RARE_ED_BAD_SIG_E macros to use WC_NO_ERR_TRACE() safely;
.github/workflows/trackmemory.yml: add --enable-debug-trace-errcodes to a couple scenarios.
2026-04-15 21:12:21 -05:00
Sean Parkinson 3c2a92d21d Merge pull request #10225 from kareem-wolfssl/zd21544
Fix uninitialized before use warning.  Fix unsupported #warning directive by Tasking compiler.
2026-04-16 08:55:49 +10:00
Sean Parkinson cd6b062847 Merge pull request #10136 from JeremiahM37/fenrir-issues-2
Fenrir fixes
2026-04-16 08:51:17 +10:00
Sean Parkinson d2175f3b42 Merge pull request #10222 from embhorn/zd21597
Report cert verify failure with MD5
2026-04-16 08:45:15 +10:00
David Garske 48a0347581 Merge pull request #10180 from Frauschi/dilithium-alloc-key
Add dynamic key allocation support for Dilithium
2026-04-15 10:36:14 -07:00
David Garske 1a67eb7223 Merge pull request #9851 from night1rider/setkey-callbacks
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
David Garske 240703c959 Merge pull request #10219 from rizlik/se050
SE050: Fixes  + NO_{RSA,ECDHE}_VERIFY options + simulator CI
2026-04-15 09:35:23 -07:00
Sean Parkinson b44d8c66d7 Merge pull request #10192 from mattia-moffa/20260409-fixes
Various fixes
2026-04-15 20:35:04 +10:00
Marco Oliverio 8b01033d0b se050: reviewer's fixes 2026-04-15 08:52:16 +02:00
Marco Oliverio 2f5df5c9f8 se050: abide compilers warning about init keyId 2026-04-15 08:33:30 +02:00
Daniel Pouzzner 9bc221bfec wolfcrypt/test/test.c: skip the "reject authTagSz below WOLFSSL_MIN_AUTH_TAG_SZ" test on FIPS <7.0.0. 2026-04-14 23:09:21 -05:00
Mattia Moffa 0749f20c33 Require exact tag length in EVP_DigestVerifyFinal HMAC path
ZD#21457 (31)
2026-04-15 03:09:11 +02:00
Mattia Moffa 0a00b47c75 Fix ML-KEM ARM64 NEON ciphertext comparison reduction
ZD#21457 (30)
2026-04-15 03:09:11 +02:00
Mattia Moffa 9c304bdc09 PKCS12: check mismatch between hash algo and hash size
ZD#21457 (27)
2026-04-15 03:08:50 +02:00
Sean Parkinson 409b5fcf38 Merge pull request #10172 from embhorn/zd21568
Fix pkcs12 parse issue
2026-04-15 09:00:12 +10:00
night1rider a99a72029c narrow ecc_size/sig_size guards to SETKEY||EXPORT_KEY, update _WC_PK_TYPE_MAX, const-qualify export_key.obj, call _ecc_import_x963_ex2 directly, fix GetSetKeyTypeStr, fix NULL deref in wc_RsaPrivateKeyDecode with WOLF_CRYPTO_CB_FIND, add FIND CI config. 2026-04-14 16:21:50 -06:00
night1rider d58eea5566 Address pr review: add braces, move scope of variables, add X9.63 comment 2026-04-14 16:21:50 -06:00
night1rider bf1013bfd4 Address feedback from Fenrir 2026-04-14 16:21:50 -06:00
night1rider 642a65a34d Add export hooks for ecc 2026-04-14 16:21:50 -06:00
night1rider 1295f4fe0e Add WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY crypto callback
utilities for generic SetKey and ExportKey operations on HMAC, RSA, ECC,
  and AES. Add wc_ecc_size/wc_ecc_sig_size callback hooks for hardware-only
  keys. Integrate into configure.ac as --enable-cryptocbutils=setkey,export
  options with CI test configurations in os-check.yml.

  Add test handlers in test.c and api.c with export/import delegation
  pattern, small-stack-safe allocations, custom curve support, and
  DEBUG_CRYPTOCB helpers.
2026-04-14 16:21:50 -06:00
Kareem 5defbc3219 Tasking compiler does not support #warning and needs the #pragma message case where available.
Fixes #10108.
2026-04-14 15:06:20 -07:00
Kareem 5662077267 Fix uninitialized before use warning in wc_Dilithium_PublicKeyDecode. 2026-04-14 15:00:53 -07:00
Sean Parkinson 64c4203d96 Merge pull request #10214 from douzzer/20260413-cross-riscv64-all-asm-fips-dev
20260413-cross-riscv64-all-asm-fips-dev
2026-04-15 07:13:53 +10:00
David Garske 584489f2e0 Merge pull request #10211 from night1rider/mlkem-cryptocb-sha3-hashtype-bug
Mlkem cryptocb sha3 hashtype not reset after final call
2026-04-14 11:08:26 -07:00
Eric Blankenhorn 4a13896b2e Report cert verify failure with MD5 2026-04-14 12:31:01 -05:00
Marco Oliverio f55ecb5124 se050: add support for SE050 SIGN ONLY options 2026-04-14 18:07:30 +02:00
Marco Oliverio 5cd2db0b4d se050: skip ecc_test_buffers (invalid digest sz) 2026-04-14 18:07:30 +02:00
Marco Oliverio 0fbfbb8089 se050: refuse invalid digest sz in ECDSA 2026-04-14 18:07:30 +02:00
Marco Oliverio e6a7be8969 test: rsa: reset RSA key between operation 2026-04-14 18:07:30 +02:00
Marco Oliverio ed2e230f78 se050: initialize keyId to abide compilers 2026-04-14 18:07:30 +02:00
Marco Oliverio fff6f3fc32 se050: fix RSA Encrypt with only pubkey setting keyId 2026-04-14 18:07:30 +02:00
Andrew Hutchings 931893c62b Address items in code review 2026-04-14 18:07:30 +02:00
Andrew Hutchings f08d7ba950 Fix SE050 RSA port bugs
- se050_rsa_verify: when the function uploads only the public part of the key (keyCreated == 1), erase the transient SE050 object and don't persist keyIdSet = 1. A subsequent sign on the same RsaKey was reusing the public-only SE050 object and failing. Pre-existing bindings (from wc_RsaUseKeyId or a prior sign that uploaded a keypair) are preserved untouched.

- rsa_keygen_test: add WOLFSSL_SE050 to the existing WOLFSSL_CRYPTOCELL guard around the export-then-decode round-trip. SE050-generated keys keep their private components in the secure element, so wc_RsaKeyToDer + wc_RsaPrivateKeyDecode cannot complete. Matching guard on the idx declaration to avoid an unused-variable warning.
2026-04-14 18:07:28 +02:00
Andrew Hutchings 6d2845751b Fix SE050 Ed25519 port bugs and add simulator CI workflow
- se050_ed25519_verify_msg: initialize *res = 0 at entry so failures don't leak a stale res = 1 from a prior good verify.
- Ed25519 import functions: reset keyIdSet / keyId under WOLFSSL_SE050 in wc_ed25519_import_private_key_ex, wc_ed25519_import_private_only, wc_ed25519_import_public_ex so overwriting host-side key material invalidates any prior SE050 object binding.
- New workflow .github/workflows/se050-sim.yml: builds wolfSSL against the NXP Plug&Trust SDK and runs the wolfCrypt tests against the SE050Sim simulator. Patches the upstream Dockerfile to use the PR's wolfSSL source.
- ed25519_test SE050 adjustments:
- Cap the RFC 8032 loop at 5 iters — iter 5's 1023 B msg exceeds NXP SDK SE05X_TLV_BUF_SIZE_CMD = 900.
  - rareEd verifies and private-only sign: expect WC_HW_E (SE050 delegates malformed-input rejection to the secure element) instead of BAD_FUNC_ARG / SIG_VERIFY_E.
  - Skip ed25519ctx_test / ed25519ph_test — SE050 port drops the context/prehash params so RFC 8032 ctx/ph vectors can't byte-match.
2026-04-14 18:05:51 +02:00
Tobias Frauenschläger 17ba0c252a Store the size of the allocated private key buffer for ML-KEM 2026-04-14 13:33:14 +02:00
Tobias Frauenschläger 064cfe2b31 Make ML-DSA signing w1e variable aware of SMALL_STACK 2026-04-14 13:22:19 +02:00
Tobias Frauenschläger b562d5c7d8 Add dynamic key allocation support for Dilithium
This update introduces the WOLFSSL_DILITHIUM_DYNAMIC_KEYS option, allowing
for dynamic memory allocation of public and private key buffers. This change
reduces memory usage by allocating buffers only when needed.
2026-04-14 13:22:12 +02:00
Zackery Backman 467ed28d3f wolfcrypt/mlkem: fix -Wparentheses-equality error when WOLF_CRYPTO_CB_FIND is defined 2026-04-13 22:30:22 -06:00
Daniel Pouzzner c4c2d8fafe src/include.am, wolfcrypt/src/aes.c, wolfcrypt/src/port/riscv/riscv-64-aes.c: initial buildability of fips-dev with --enable-riscv-asm. 2026-04-13 18:57:20 -05:00
Zackery Backman fffb80d221 Clear sha3->hashType in InitSha3 so Final fully resets the struct for cross sha3 reuse. 2026-04-13 17:12:49 -06:00
Eric Blankenhorn 863db50318 Fix word32 truncation and add true regression test for PKCS12 OOB read 2026-04-13 16:05:51 -05:00
Eric Blankenhorn 4cb016f434 Fix pkcs12 parse issue 2026-04-13 15:11:15 -05:00
David Garske a143369522 Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
David Garske c36beba9b7 Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
David Garske bf492eba12 Merge pull request #10175 from yosuke-wolfssl/f_2205
Fix authTagSz validation
2026-04-13 09:33:14 -07:00
Jeremiah Mackey 3aa9a58b74 move length check before dispatch 2026-04-13 15:52:45 +00:00
Jeremiah Mackey a77e1ff5ac reject non-block-aligned CBC cipher input 2026-04-13 15:50:52 +00:00
Jeremiah Mackey 362eda5b25 add NULL checks to Base64 encode/decode 2026-04-13 15:50:52 +00:00
Jeremiah Mackey 1dddc1daf5 save heap before FreeRsaKey in delete 2026-04-13 15:50:52 +00:00