Check-in stm32.c changes for v5.2.5

wolfcrypt/src/aes.c

@@ -4385,6 +4385,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return 0;
         }
 
+        int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+                                        const byte* iv, int dir)
+        {
+            if (aes == NULL) {
+                return BAD_FUNC_ARG;
+            }
+            if (len > sizeof(aes->key)) {
+                return BAD_FUNC_ARG;
+            }
+
+            return wc_AesSetKey(aes, key, len, iv, dir);
+        }
+
     #endif /* NEED_AES_CTR_SOFT */
 
 #endif /* WOLFSSL_AES_COUNTER */

wolfcrypt/src/dh.c

@@ -1336,7 +1336,7 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
         *pubSz = binSz;
 
     mp_clear(y);
-    mp_clear(x);
+    mp_forcezero(x);
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(y, key->heap, DYNAMIC_TYPE_DH);
     XFREE(x, key->heap, DYNAMIC_TYPE_DH);

wolfcrypt/src/hmac.c

@@ -1196,6 +1196,7 @@ int wolfSSL_GetHmacMaxSize(void)
                 ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
             if (ret == 0)
                 ret = wc_HmacFinal(&myHmac,  out);
+            ForceZero(&myHmac, sizeof(myHmac));
             wc_HmacFree(&myHmac);
         }
 
@@ -1261,6 +1262,7 @@ int wolfSSL_GetHmacMaxSize(void)
             n++;
         }
 
+        ForceZero(&myHmac, sizeof(myHmac));
         wc_HmacFree(&myHmac);
 
         return ret;

wolfcrypt/src/kdf.c

@@ -734,6 +734,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
         }
     }
 
+    ForceZero(&hash, sizeof(hash));
     _HashFree(enmhashId, &hash);
 
     return ret;

wolfcrypt/src/random.c

@@ -1972,6 +1972,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
         int ret;
+        word32 retVal;
         RNG_HandleTypeDef hrng;
         word32 i = 0;
         (void)os;
@@ -2004,7 +2005,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
             }
             else {
                 /* Use native 32 instruction */
-                if (HAL_RNG_GenerateRandomNumber(&hrng, (uint32_t*)&output[i]) != HAL_OK) {
+                retVal = HAL_RNG_GenerateRandomNumber(&hrng,
+                                                    (uint32_t*)&output[i]);
+                if (retVal != HAL_OK) {
                     wolfSSL_CryptHwMutexUnLock();
                     return RAN_BLOCK_E;
                 }

wolfcrypt/src/sha.c

@@ -137,7 +137,7 @@
         ret = wolfSSL_CryptHwMutexLock();
         if (ret == 0) {
             ret = wc_Stm32_Hash_Update(&sha->stmCtx, HASH_AlgoSelection_SHA1,
-                data, len);
+                data, len, WC_SHA_BLOCK_SIZE);
             wolfSSL_CryptHwMutexUnLock();
         }
         return ret;

wolfcrypt/src/sha256.c

@@ -553,7 +553,7 @@ static int InitSha256(wc_Sha256* sha256)
         ret = wolfSSL_CryptHwMutexLock();
         if (ret == 0) {
             ret = wc_Stm32_Hash_Update(&sha256->stmCtx,
-                HASH_AlgoSelection_SHA256, data, len);
+                HASH_AlgoSelection_SHA256, data, len, WC_SHA256_BLOCK_SIZE);
             wolfSSL_CryptHwMutexUnLock();
         }
         return ret;
@@ -1384,7 +1384,7 @@ static int InitSha256(wc_Sha256* sha256)
         ret = wolfSSL_CryptHwMutexLock();
         if (ret == 0) {
             ret = wc_Stm32_Hash_Update(&sha224->stmCtx,
-                HASH_AlgoSelection_SHA224, data, len);
+                HASH_AlgoSelection_SHA224, data, len, WC_SHA224_BLOCK_SIZE);
             wolfSSL_CryptHwMutexUnLock();
         }
         return ret;

wolfssl/wolfcrypt/aes.h

@@ -367,6 +367,9 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
 #ifdef WOLFSSL_AES_COUNTER
  WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
                                    const byte* in, word32 sz);
+ WOLFSSL_API int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+                                        const byte* iv, int dir);
+
 #endif
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)

wolfssl/wolfcrypt/fips_test.h

@@ -58,10 +58,10 @@ enum FipsCastStateId {
 };
 
 enum FipsModeId {
-    FIPS_MODE_INIT,
-    FIPS_MODE_NORMAL,
-    FIPS_MODE_DEGRADED,
-    FIPS_MODE_FAILED
+    FIPS_MODE_INIT = 0,
+    FIPS_MODE_NORMAL = 1,
+    FIPS_MODE_DEGRADED = 2,
+    FIPS_MODE_FAILED = 3
 };
 
 
@@ -73,6 +73,7 @@ WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
 
 /* Public get status functions */
 WOLFSSL_API int wolfCrypt_GetStatus_fips(void);
+WOLFSSL_API int wolfCrypt_GetMode_fips(void);
 WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
 
 #ifdef HAVE_FORCE_FIPS_FAILURE
@@ -87,6 +88,7 @@ WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int); /* FIPSv1 and FIPSv2 */
 
 WOLFSSL_API int wc_RunCast_fips(int);
 WOLFSSL_API int wc_GetCastStatus_fips(int);
+WOLFSSL_API int wc_RunAllCast_fips(void);
 
 #ifdef __cplusplus
     } /* extern "C" */

wolfssl/wolfcrypt/port/st/stm32.h

@@ -1,6 +1,6 @@
 /* stm32.h
  *
- * Copyright (C) 2006-2021 wolfSSL Inc.
+ * Copyright (C) 2006-2025 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -26,7 +26,7 @@
 /* Supports CubeMX HAL or Standard Peripheral Library */
 
 #include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/types.h> /* for MATH_INT_T */
 
 #ifdef STM32_HASH
 
@@ -35,10 +35,24 @@
 #ifdef HASH_DIGEST
     /* The HASH_DIGEST register indicates SHA224/SHA256 support */
     #define STM32_HASH_SHA2
-    #define HASH_CR_SIZE 54
-    #define HASH_MAX_DIGEST 32
+    #if defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13)
+        #define HASH_CR_SIZE    103
+        #define HASH_MAX_DIGEST 64 /* Up to SHA512 */
+    #else
+        #define HASH_CR_SIZE    54
+        #define HASH_MAX_DIGEST 32
+    #endif
+    #if defined(WOLFSSL_STM32MP13) || defined(WOLFSSL_STM32H7S)
+        #define STM32_HASH_SHA512
+        #define STM32_HASH_SHA512_224
+        #define STM32_HASH_SHA512_256
+        #define STM32_HASH_SHA384
+    #endif
+    #if defined(WOLFSSL_STM32MP13)
+        #define STM32_HASH_SHA3
+    #endif
 #else
-    #define HASH_CR_SIZE 50
+    #define HASH_CR_SIZE    50
     #define HASH_MAX_DIGEST 20
 #endif
 
@@ -46,11 +60,15 @@
 #if !defined(HASH_ALGOMODE_HASH) && defined(HASH_AlgoMode_HASH)
     #define HASH_ALGOMODE_HASH HASH_AlgoMode_HASH
 #endif
-#if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b)
-    #define HASH_DATATYPE_8B HASH_DataType_8b
+#if !defined(HASH_DATATYPE_8B)
+    #if defined(HASH_DataType_8b)
+        #define HASH_DATATYPE_8B HASH_DataType_8b
+    #elif defined(HASH_BYTE_SWAP)
+        #define HASH_DATATYPE_8B HASH_BYTE_SWAP
+    #endif
 #endif
 #ifndef HASH_STR_NBW
-	#define HASH_STR_NBW HASH_STR_NBLW
+    #define HASH_STR_NBW HASH_STR_NBLW
 #endif
 
 #ifndef STM32_HASH_TIMEOUT
@@ -60,6 +78,15 @@
 
 /* STM32 register size in bytes */
 #define STM32_HASH_REG_SIZE  4
+/* Maximum FIFO buffer is 64 bits for SHA256, 128 bits for SHA512 and 144 bits
+ * for SHA3 */
+#if defined(STM32_HASH_SHA3)
+    #define STM32_HASH_FIFO_SIZE 36
+#elif defined(STM32_HASH_SHA512) || defined(STM32_HASH_SHA384)
+    #define STM32_HASH_FIFO_SIZE 32
+#else
+    #define STM32_HASH_FIFO_SIZE 16
+#endif
 
 /* STM32 Hash Context */
 typedef struct {
@@ -68,53 +95,90 @@ typedef struct {
     uint32_t HASH_STR;
     uint32_t HASH_CR;
     uint32_t HASH_CSR[HASH_CR_SIZE];
+#ifdef STM32_HASH_SHA3
+    uint32_t SHA3CFGR;
+#endif
 
     /* Hash state / buffers */
-    word32 buffer[STM32_HASH_REG_SIZE / sizeof(word32)]; /* partial word buffer */
+    word32 buffer[STM32_HASH_FIFO_SIZE+1]; /* partial word buffer */
     word32 buffLen; /* partial word remain */
     word32 loLen;   /* total update bytes
                  (only lsb 6-bits is used for nbr valid bytes in last word) */
+    word32 fifoBytes; /* number of currently filled FIFO bytes */
 } STM32_HASH_Context;
 
 
 /* API's */
 void wc_Stm32_Hash_Init(STM32_HASH_Context* stmCtx);
 int  wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo,
-    const byte* data, int len);
+    const byte* data, word32 len, word32 blockSize);
 int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
-    byte* hash, int digestSize);
+    byte* hash, word32 digestSize);
 
 #endif /* STM32_HASH */
 
 
 #ifdef STM32_CRYPTO
 
+#if defined(WOLFSSL_STM32MP13)
+    #define RNG RNG1
+    #define CRYP CRYP1
+    #define hcryp hcryp1
+    #define FORMAT_BIN RTC_FORMAT_BIN
+    #define __HAL_RCC_RNG_CLK_ENABLE __HAL_RCC_RNG1_CLK_ENABLE
+    #define __HAL_RCC_HASH_CLK_ENABLE __HAL_RCC_HASH1_CLK_ENABLE
+    #define __HAL_RCC_HASH_CLK_DISABLE __HAL_RCC_HASH1_CLK_DISABLE
+    /* From stm32_hal_legacy.h, but that header has a bug in it */
+    #define HASH_AlgoSelection_MD5       HASH_ALGOSELECTION_MD5
+    #define HASH_AlgoSelection_SHA1      HASH_ALGOSELECTION_SHA1
+    #define HASH_AlgoSelection_SHA224    HASH_ALGOSELECTION_SHA224
+    #define HASH_AlgoSelection_SHA256    HASH_ALGOSELECTION_SHA256
+
+    #define STM32_NOMD5 /* The HASH HAL has no MD5 implementation */
+#endif
+
 #ifndef NO_AES
     #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \
             defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \
-			defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7))
+            defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7) || \
+            defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \
+            defined(WOLFSSL_STM32MP13) || defined(WOLFSSL_STM32H7S) || \
+            defined(WOLFSSL_STM32N6))
         /* Hardware supports AES GCM acceleration */
         #define STM32_CRYPTO_AES_GCM
     #endif
 
-    #if defined(WOLFSSL_STM32WB)
+    #if defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32WL) || \
+        defined(WOLFSSL_STM32WBA)
         #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
-        #define CRYP AES1
+        #ifdef WOLFSSL_STM32WB
+            #define CRYP AES1
+        #else
+            #define CRYP AES
+        #endif
         #define STM32_HAL_V2
     #endif
-    #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5)
-		#ifdef WOLFSSL_STM32L4
-        	#define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
-		#endif
+    #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \
+        defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5)
+        #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32U5)
+            #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */
+        #endif
+        #if defined(WOLFSSL_STM32H5)
+            #define __HAL_RCC_CRYP_CLK_DISABLE  __HAL_RCC_AES_CLK_DISABLE
+            #define __HAL_RCC_CRYP_CLK_ENABLE   __HAL_RCC_AES_CLK_ENABLE
+        #endif
         #define CRYP AES
-		#ifndef CRYP_AES_GCM
-			#define CRYP_AES_GCM CRYP_AES_GCM_GMAC
-		#endif
+        #ifndef CRYP_AES_GCM
+            #define CRYP_AES_GCM CRYP_AES_GCM_GMAC
+        #endif
     #endif
 
     /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */
     #if !defined(STM32_HAL_V2) && defined(CRYP_AES_GCM) && \
-        (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7))
+        (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || \
+         defined(WOLFSSL_STM32H7) || defined(WOLFSSL_STM32U5) || \
+         defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13) || \
+         defined(WOLFSSL_STM32H7S) || defined(WOLFSSL_STM32N6))
         #define STM32_HAL_V2
     #endif
 
@@ -125,31 +189,34 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
         #define STM_CRYPT_TYPE uint8_t
     #endif
 
+    /* Determine minimum AES GCM alignment supported */
+    #ifndef STM_CRYPT_HEADER_WIDTH
+        /* newer crypt HAL requires auth header size as 4 bytes (word) */
+        #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && \
+            !defined(WOLFSSL_STM32MP13) && !defined(WOLFSSL_STM32H7S)
+            #define STM_CRYPT_HEADER_WIDTH 1
+        #else
+            #define STM_CRYPT_HEADER_WIDTH 4
+        #endif
+    #endif
+
     /* CRYPT_AES_GCM starts the IV with 2 */
     #define STM32_GCM_IV_START 2
 
     struct Aes;
     #ifdef WOLFSSL_STM32_CUBEMX
         int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp);
+        void wc_Stm32_Aes_Cleanup(void);
     #else /* Standard Peripheral Library */
         int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit,
             CRYP_KeyInitTypeDef* keyInit);
+        void wc_Stm32_Aes_Cleanup(void);
     #endif /* WOLFSSL_STM32_CUBEMX */
 #endif /* !NO_AES */
 
 #endif /* STM32_CRYPTO */
 
 #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)
-#ifdef WOLFSSL_SP_MATH
-    struct sp_int;
-    #define MATH_INT_T struct sp_int
-#elif defined(USE_FAST_MATH)
-    struct fp_int;
-    #define MATH_INT_T struct fp_int
-#else
-    struct mp_int;
-	#define MATH_INT_T struct mp_int
-#endif
 struct ecc_key;
 struct WC_RNG;