night1rider
f8956abcc1
update she union for callback to be getUid not setUid
2026-04-15 11:28:03 -06:00
night1rider
f081a08c5c
Address comments from bigbrett and Fenrir bot. Rename she.{c,h} to wc_she.{c,h}, fix naming consistency, auto-enable CMAC/AES dependencies, add WC_SHE_SW_DEFAULT opt-inAddress PR #10009 review comments from bigbrett and Fenrir
2026-04-15 11:28:03 -06:00
night1rider
802c34018c
Add more in depth comments in header file for she.h
2026-04-15 11:28:03 -06:00
night1rider
ee7fe9e1b1
SHE API: remove key storage from context, add direct output params
2026-04-15 11:28:03 -06:00
night1rider
eeedc470e9
Add SHE (Secure Hardware Extension) support to wolfCrypt
2026-04-15 11:27:44 -06:00
David Garske
1a67eb7223
Merge pull request #9851 from night1rider/setkey-callbacks
...
Setkey/Export callbacks
2026-04-15 10:17:38 -07:00
David Garske
240703c959
Merge pull request #10219 from rizlik/se050
...
SE050: Fixes + NO_{RSA,ECDHE}_VERIFY options + simulator CI
2026-04-15 09:35:23 -07:00
Marco Oliverio
8b01033d0b
se050: reviewer's fixes
2026-04-15 08:52:16 +02:00
Marco Oliverio
2f5df5c9f8
se050: abide compilers warning about init keyId
2026-04-15 08:33:30 +02:00
Mattia Moffa
0749f20c33
Require exact tag length in EVP_DigestVerifyFinal HMAC path
...
ZD#21457 (31)
2026-04-15 03:09:11 +02:00
Mattia Moffa
0a00b47c75
Fix ML-KEM ARM64 NEON ciphertext comparison reduction
...
ZD#21457 (30)
2026-04-15 03:09:11 +02:00
Mattia Moffa
9c304bdc09
PKCS12: check mismatch between hash algo and hash size
...
ZD#21457 (27)
2026-04-15 03:08:50 +02:00
Sean Parkinson
409b5fcf38
Merge pull request #10172 from embhorn/zd21568
...
Fix pkcs12 parse issue
2026-04-15 09:00:12 +10:00
night1rider
a99a72029c
narrow ecc_size/sig_size guards to SETKEY||EXPORT_KEY, update _WC_PK_TYPE_MAX, const-qualify export_key.obj, call _ecc_import_x963_ex2 directly, fix GetSetKeyTypeStr, fix NULL deref in wc_RsaPrivateKeyDecode with WOLF_CRYPTO_CB_FIND, add FIND CI config.
2026-04-14 16:21:50 -06:00
night1rider
d58eea5566
Address pr review: add braces, move scope of variables, add X9.63 comment
2026-04-14 16:21:50 -06:00
night1rider
bf1013bfd4
Address feedback from Fenrir
2026-04-14 16:21:50 -06:00
night1rider
642a65a34d
Add export hooks for ecc
2026-04-14 16:21:50 -06:00
night1rider
1295f4fe0e
Add WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY crypto callback
...
utilities for generic SetKey and ExportKey operations on HMAC, RSA, ECC,
and AES. Add wc_ecc_size/wc_ecc_sig_size callback hooks for hardware-only
keys. Integrate into configure.ac as --enable-cryptocbutils=setkey,export
options with CI test configurations in os-check.yml.
Add test handlers in test.c and api.c with export/import delegation
pattern, small-stack-safe allocations, custom curve support, and
DEBUG_CRYPTOCB helpers.
2026-04-14 16:21:50 -06:00
Sean Parkinson
64c4203d96
Merge pull request #10214 from douzzer/20260413-cross-riscv64-all-asm-fips-dev
...
20260413-cross-riscv64-all-asm-fips-dev
2026-04-15 07:13:53 +10:00
David Garske
584489f2e0
Merge pull request #10211 from night1rider/mlkem-cryptocb-sha3-hashtype-bug
...
Mlkem cryptocb sha3 hashtype not reset after final call
2026-04-14 11:08:26 -07:00
Marco Oliverio
f55ecb5124
se050: add support for SE050 SIGN ONLY options
2026-04-14 18:07:30 +02:00
Marco Oliverio
0fbfbb8089
se050: refuse invalid digest sz in ECDSA
2026-04-14 18:07:30 +02:00
Marco Oliverio
ed2e230f78
se050: initialize keyId to abide compilers
2026-04-14 18:07:30 +02:00
Marco Oliverio
fff6f3fc32
se050: fix RSA Encrypt with only pubkey setting keyId
2026-04-14 18:07:30 +02:00
Andrew Hutchings
931893c62b
Address items in code review
2026-04-14 18:07:30 +02:00
Andrew Hutchings
f08d7ba950
Fix SE050 RSA port bugs
...
- se050_rsa_verify: when the function uploads only the public part of the key (keyCreated == 1), erase the transient SE050 object and don't persist keyIdSet = 1. A subsequent sign on the same RsaKey was reusing the public-only SE050 object and failing. Pre-existing bindings (from wc_RsaUseKeyId or a prior sign that uploaded a keypair) are preserved untouched.
- rsa_keygen_test: add WOLFSSL_SE050 to the existing WOLFSSL_CRYPTOCELL guard around the export-then-decode round-trip. SE050-generated keys keep their private components in the secure element, so wc_RsaKeyToDer + wc_RsaPrivateKeyDecode cannot complete. Matching guard on the idx declaration to avoid an unused-variable warning.
2026-04-14 18:07:28 +02:00
Andrew Hutchings
6d2845751b
Fix SE050 Ed25519 port bugs and add simulator CI workflow
...
- se050_ed25519_verify_msg: initialize *res = 0 at entry so failures don't leak a stale res = 1 from a prior good verify.
- Ed25519 import functions: reset keyIdSet / keyId under WOLFSSL_SE050 in wc_ed25519_import_private_key_ex, wc_ed25519_import_private_only, wc_ed25519_import_public_ex so overwriting host-side key material invalidates any prior SE050 object binding.
- New workflow .github/workflows/se050-sim.yml: builds wolfSSL against the NXP Plug&Trust SDK and runs the wolfCrypt tests against the SE050Sim simulator. Patches the upstream Dockerfile to use the PR's wolfSSL source.
- ed25519_test SE050 adjustments:
- Cap the RFC 8032 loop at 5 iters — iter 5's 1023 B msg exceeds NXP SDK SE05X_TLV_BUF_SIZE_CMD = 900.
- rareEd verifies and private-only sign: expect WC_HW_E (SE050 delegates malformed-input rejection to the secure element) instead of BAD_FUNC_ARG / SIG_VERIFY_E.
- Skip ed25519ctx_test / ed25519ph_test — SE050 port drops the context/prehash params so RFC 8032 ctx/ph vectors can't byte-match.
2026-04-14 18:05:51 +02:00
Tobias Frauenschläger
17ba0c252a
Store the size of the allocated private key buffer for ML-KEM
2026-04-14 13:33:14 +02:00
Zackery Backman
467ed28d3f
wolfcrypt/mlkem: fix -Wparentheses-equality error when WOLF_CRYPTO_CB_FIND is defined
2026-04-13 22:30:22 -06:00
Daniel Pouzzner
c4c2d8fafe
src/include.am, wolfcrypt/src/aes.c, wolfcrypt/src/port/riscv/riscv-64-aes.c: initial buildability of fips-dev with --enable-riscv-asm.
2026-04-13 18:57:20 -05:00
Zackery Backman
fffb80d221
Clear sha3->hashType in InitSha3 so Final fully resets the struct for cross sha3 reuse.
2026-04-13 17:12:49 -06:00
Eric Blankenhorn
863db50318
Fix word32 truncation and add true regression test for PKCS12 OOB read
2026-04-13 16:05:51 -05:00
Eric Blankenhorn
4cb016f434
Fix pkcs12 parse issue
2026-04-13 15:11:15 -05:00
David Garske
a143369522
Merge pull request #10138 from padelsbach/cobalt-fixes-2026-04-06
...
Use size_t in wolfSSL_strnstr and reject negative indices in mp_get_digit
2026-04-13 12:37:59 -07:00
David Garske
c36beba9b7
Merge pull request #10174 from SparkiDev/api_test_cipher_algs_1
...
API testing additions: cipher tests
2026-04-13 09:54:23 -07:00
David Garske
bf492eba12
Merge pull request #10175 from yosuke-wolfssl/f_2205
...
Fix authTagSz validation
2026-04-13 09:33:14 -07:00
David Garske
9627d80363
Merge pull request #10184 from SparkiDev/asm_gen_fixes_4
...
ASM generation fixes
2026-04-13 08:37:33 -07:00
David Garske
3b63f4bdee
Merge pull request #10072 from night1rider/extend-cmac-api-id-label
...
Extend/Add label/id extension functions
2026-04-13 08:15:46 -07:00
Sean Parkinson
a50a5403a7
Merge pull request #10199 from douzzer/20260412-clang-23_pre20260331
...
20260412-clang-23_pre20260331
2026-04-13 10:39:11 +10:00
Sean Parkinson
1cd1872abf
Merge pull request #10179 from Frauschi/mlkem-alloc-key
...
Add dynamic key allocation support for ML-KEM
2026-04-13 09:35:34 +10:00
David Garske
3d4e929869
Merge pull request #10173 from SparkiDev/init_cert_sha1
...
Initialize certificate: default to SHA-1 when necessary
2026-04-12 14:46:53 -07:00
David Garske
77b0939a8f
Merge pull request #10176 from SparkiDev/aes_gcm_small_armasm_fix
...
ARM ASM: AES-GCM small table without NEON
2026-04-12 14:46:44 -07:00
Daniel Pouzzner
1b692b8063
fixes for clang -Wunused-but-set-globals (coverage added by LLVM 23_pre20260331).
2026-04-12 12:07:33 -05:00
Daniel Pouzzner
d343ea657b
Merge pull request #10190 from rlm2002/mlkem_valgrind
...
Nightly-multi-test valgrind fix
2026-04-11 13:09:13 -05:00
David Garske
ae0a3877ca
Merge pull request #10122 from miyazakh/f-1370_SigGetSize
...
F-1370 : Tighten key_len check from `>=` to `==`
2026-04-10 14:27:16 -07:00
David Garske
ddf4666031
Merge pull request #10077 from Frauschi/pkcs11-mlkem
...
Add ML-KEM support for PKCS#11
2026-04-10 14:22:47 -07:00
night1rider
3fa0fb78f2
Add (void)ret after CRYPTOCB_UNAVAILABLE fall-through reset in _InitCmac_common to acknowledge intentional store.
2026-04-10 13:19:01 -06:00
night1rider
24c40b543b
reset ret after CRYPTOCB_UNAVAILABLE fall-through in _InitCmac_common, add test_RsaInit_Pub/test_RsaNew_Pub helpers for keypub, re-add (void)heap, reject oversized CMAC id.
2026-04-10 13:19:01 -06:00
night1rider
8b49e0abf0
Fix -Wcast-qual errors by replacing void* with typed id/label params in _common helpers and add input validation.
2026-04-10 13:19:01 -06:00
night1rider
88396d7d12
Fix -Wcast-qual errors in _Label functions by making _common helpers accept const void* data parameter.
2026-04-10 13:19:01 -06:00