323ca40334
esp32: Fix memory leaks and thread safety issues
...
- Fix memory leaks in certificate bundle handling
- Fix thread safety issues in SHA operations
- Fix uninitialized variables in AES operations
- Fix use-after-free in WiFi operations
- Fix error handling in MP operations
- Fix hardware mutex handling
- Fix memory management
- Test across ESP-IDF v4.1, 5.2, 5.4 and ESP8266 SDK v3.5
Co-Authored-By: jim@wolfssl.com <jim@wolfssl.com>
2025-02-19 00:46:18 +00:00
6a3717fa3e
esp_sdk_mem_lib: Fix memory management and improve error handling
...
- Add memory allocation tracking
- Add stack overflow detection
- Add proper initialization and error handling
- Fix assembly code parsing errors
- Improve error messages and logging
- Follow wolfSSL style guidelines
Co-Authored-By: jim@wolfssl.com <jim@wolfssl.com>
2025-02-18 23:37:13 +00:00
78521a3d7b
esp32_util: Fix mutex handling and improve error handling
...
- Add proper mutex validation and cleanup
- Add hardware state validation
- Add consistent error handling
- Add owner validation in mutex unlock
- Improve error messages and logging
- Follow wolfSSL style guidelines
Co-Authored-By: jim@wolfssl.com <jim@wolfssl.com>
2025-02-18 23:36:18 +00:00
1aacddefb2
esp32_mp: Fix error handling and improve mutex safety
...
- Add proper parameter validation
- Add consistent error propagation
- Fix resource cleanup in error paths
- Add proper mutex handling with portENTER/EXIT_CRITICAL
- Fix parsing errors around preprocessor directives
- Follow wolfSSL style guidelines
Co-Authored-By: jim@wolfssl.com <jim@wolfssl.com>
2025-02-18 23:35:23 +00:00
4b4dc8242d
esp_sdk_wifi_lib: Fix use-after-free issues and improve error handling
...
- Remove global event variable to prevent use-after-free
- Add NULL checks for event parameters
- Add proper cleanup in error paths
- Add proper event handler instance cleanup
- Fix wifi_config initialization
- Improve error handling and logging
Co-Authored-By: jim@wolfssl.com <jim@wolfssl.com>
2025-02-18 23:32:58 +00:00
258afa5493
wolfcrypt/src/pkcs7.c: in PKCS7_EncodeSigned(), check for error from SetSerialNumber().
2025-02-17 18:05:04 -06:00
3e38bdcd2c
Merge pull request #8450 from dgarske/stm32_pka_ecc521
...
Fix for STM32 PKA ECC 521-bit support
2025-02-17 08:27:45 -08:00
60c1558142
Merge pull request #8447 from dgarske/memleak
...
Fixed possible memory leaks
2025-02-14 00:26:09 -06:00
e806bd76bb
Merge pull request #8445 from SparkiDev/perf_improv_1
...
Performance improvements
2025-02-13 23:25:47 -06:00
86c3ee1a9d
Fix for STM32 PKA ECC 521-bit support. Issue was 65 vs 66 buffer check. ZD 19379
2025-02-13 16:41:42 -08:00
f943f6ff5c
Fixed possible memory leaks reported by nielsdos in PR 8415 and 8414.
2025-02-13 08:20:37 -08:00
db0fa304a8
Merge pull request #8436 from SparkiDev/mlkem_cache_a
...
ML-KEM/Kyber: cache A from key generation for decapsulation
2025-02-12 17:29:38 -08:00
846ba43a29
Merge pull request #8392 from SparkiDev/curve25519_blinding
...
Curve25519: add blinding when using private key
2025-02-12 16:20:51 -08:00
9253d1d3ac
ML-KEM/Kyber: cache A from key generation for decapsulation
...
Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
2025-02-13 10:12:05 +10:00
bfd52decb6
Performance improvements
...
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
2025-02-13 09:55:55 +10:00
bb84ebfd7a
Curve25519: add blinding when using private key
...
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.
Add new APIs to support passing in an RNG.
Old APIs create a new RNG.
Only needed for the C implementations that are not small.
Modified TLS and OpenSSL compat API implementations to pass in RNG.
Fixed tests and benchmark program to pass in RNG.
2025-02-13 08:52:35 +10:00
0e474fc673
Merge pull request #8437 from LinuxJedi/SE050-changes
...
Minor SE050 improvements
2025-02-12 14:50:36 -08:00
3856d55d9b
Revert "Performance improvements"
...
This reverts commit ce679ef057
2025-02-12 12:32:47 -06:00
bcd89b0592
Merge pull request #8388 from julek-wolfssl/BN_CTX_get
...
Implement BN_CTX_get
2025-02-12 08:08:58 +10:00
92e222b1ab
Merge pull request #8429 from SparkiDev/perf_improv_1
...
Performance improvements AES-GCM and HMAC (in/out hash copy)
2025-02-11 08:32:30 -08:00
cb42f18a47
Minor SE050 improvements
...
Adds two features for SE050:
1. `WOLFSSL_SE050_AUTO_ERASE`. When enabled, this will automatically
erase a key from the SE050 when `wc_ecc_free()` and friends are
called.
2. `WOLFSSL_SE050_NO_RSA`. This stops RSA offloading onto the SE050,
useful for the SE050E which does not have RSA support.
2025-02-11 16:25:06 +00:00
ce679ef057
Performance improvements
...
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
2025-02-11 10:26:51 +10:00
be5f203274
Merge pull request #8425 from philljj/ecdsa_mldsa_test_api
...
dual alg: add ML-DSA test, and misc cleanup.
2025-02-10 15:05:44 -08:00
4373e551e7
Merge pull request #8431 from LinuxJedi/SE050-fixes
...
Fix SE050 Port
2025-02-10 11:33:46 -08:00
557e43bcd7
dual alg: peer review cleanup, and more function comments.
2025-02-10 10:08:35 -05:00
8870b76c26
Fix SE050 Port
...
The SE050 port won't compile in the latest wolfSSL. This patch:
* Updates the documentation
* Fixes a missing `#ifdef` that breaks the build
* Changes the use of `mp_int` to `MATH_INT_T`
* Fixes compiler error with `ecc.c`
* Adds a tiny bit of extra debugging info
2025-02-10 14:27:28 +00:00
937d6d404a
dual alg: clean up comments and line lengths.
2025-02-07 09:22:16 -05:00
e2d40288ee
Remove internal use of wolfSSL_BN_CTX_new()
2025-02-07 14:45:42 +01:00
1e17d737c8
"#undef _WINSOCKAPI_" after defining it to "block inclusion of winsock.h header file", to fix #warning in /usr/x86_64-w64-mingw32/usr/include/winsock2.h.
2025-02-06 18:41:20 -06:00
035d4022fb
dual alg: add ML-DSA test, and misc cleanup.
2025-02-06 15:50:37 -05:00
e6ceb40187
Merge pull request #8391 from dgarske/cmake_watcom
...
Fixes for Watcom compiler and new CI test
2025-02-06 08:51:51 +10:00
f061e19ecb
Merge pull request #8403 from miyazakh/keytype_tsip
...
Revert TSIP_KEY_TYPE as TSIP TLS definition
2025-02-04 15:21:27 -08:00
60c5a0ac7f
Peer review feedback. Thank you @jmalak
2025-02-04 14:32:24 -08:00
743655b9ce
Merge pull request #8402 from gojimmypi/pr-espressif-build-improvement
...
Improve Espressif make and cmake for ESP8266 and ESP32 series
2025-02-04 14:05:32 -08:00
345c969164
Fixes for Watcom compiler and new CI test
...
* Correct cmake script to support Open Watcom toolchain (#8167 )
* Fix thread start callback prototype for Open Watcom toolchain (#8175 )
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
2025-02-04 12:38:52 -08:00
f0b3c2955e
Merge pull request #8412 from SparkiDev/mlkem_kyber_small_mem
...
ML-KEM/Kyber: small memory usage
2025-02-04 11:45:01 -08:00
316177a7f1
ML-KEM/Kyber: small memory usage
...
Options to compile ML-KEM/Kyber to use less dynamic memory.
Only available with C code and has small performance trade-off.
2025-02-04 10:51:56 +10:00
71a982e6b7
sync with upstream
2025-02-03 16:13:05 -08:00
4891d1c471
Merge pull request #8400 from ColtonWilley/add_trusted_cert_pem_parsing
...
Add support for parsing trusted PEM certs
2025-01-31 10:53:51 -07:00
6555da9448
revert TSIP_KEY_TYPE as TSIP TLS definition
2025-01-31 14:13:36 +09:00
e7a0340eea
Merge pull request #8395 from SparkiDev/asm32_asm_older_opt
...
ARM32 ASM: optimize older platform alternatives
2025-01-30 15:47:25 -08:00
3f47963802
Merge pull request #8396 from douzzer/20250129-CT-tweaks
...
20250129-CT-tweaks
2025-01-31 09:10:22 +10:00
c4288cc334
Add support for parsing PEM certificates with begin trusted cert header/footer, needed for wolfProvider.
2025-01-30 11:34:02 -08:00
b62f5ab722
ML-KEM/Kyber: build with no malloc
...
ML-KEM/Kyber van now be built with WOLFSSL_NO_MALLOC and all data is on
the stack.
2025-01-30 18:11:55 +10:00
0de38040f4
CT tweaks:
...
in wolfcrypt/src/coding.c, add ALIGN64 to hexDecode[], and add hexEncode[] for use by Base16_Encode();
in wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h:
move ctMask*() up so that min() and max() can use them, and add ctMaskWord32GTE();
add ALIGN64 to kHexChar[];
add CT implementation of CharIsWhiteSpace();
remove min_size_t() and max_size_t() recently added, but only one user (refactored).
2025-01-30 01:24:40 -06:00
2d06e67a64
ARM32 ASM: optimize older platform alternatives
...
Make the alternative instructions for architectures less than 7 more
optimal.
2025-01-30 16:58:13 +10:00
25c8869541
Merge pull request #8390 from SparkiDev/lms_sha256_192_l1_h20
...
LMS: Fix SHA-256-192 level 1, height 20
2025-01-29 18:20:50 -05:00
cd047a35f2
fixup! Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 ipd
2025-01-29 12:21:28 +01:00
b0ab7f0d26
ascon: use individual word64 to help compiler
2025-01-29 11:49:09 +01:00
78a7d12955
ascon: use lowercase first letters for members
2025-01-29 11:38:31 +01:00
Devin AI
Daniel Pouzzner
JacobBarthelmeh
David Garske
Sean Parkinson
Andrew Hutchings
jordan
Juliusz Sosinowicz
gojimmypi
Hideki Miyazaki
Colton Willey
Anthony Hu