wolfSSL · SparkiDev · Mar 19, 2026
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
@@ -647,6 +647,7 @@ WC_NO_RNG_SIMPLE
 WC_NO_STATIC_ASSERT
 WC_NO_VERBOSE_RNG
 WC_PKCS11_FIND_WITH_ID_ONLY
+WC_PKCS12_PBKDF_USING_MP_API
 WC_PROTECT_ENCRYPTED_MEM
 WC_RNG_BLOCKING
 WC_RSA_NONBLOCK
@@ -805,7 +806,6 @@ WOLFSSL_MP_COND_COPY
 WOLFSSL_MP_INVMOD_CONSTANT_TIME
 WOLFSSL_MULTICIRCULATE_ALTNAMELIST
 WOLFSSL_NEW_PRIME_CHECK
-WOLFSSL_NONBLOCK_OCSP
 WOLFSSL_NOSHA3_384
 WOLFSSL_NOT_WINDOWS_API
 WOLFSSL_NO_BIO_ADDR_IN

diff --git a/tests/api.c b/tests/api.c
@@ -23455,7 +23455,7 @@ static int test_wolfSSL_X509_print(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-   !defined(NO_RSA) && defined(XSNPRINTF)
+   !defined(NO_RSA) && defined(XSNPRINTF) && !defined(WC_DISABLE_RADIX_ZERO_PAD)
     X509 *x509 = NULL;
     BIO *bio = NULL;
 #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)

diff --git a/tests/api/test_pkcs12.c b/tests/api/test_pkcs12.c
@@ -29,6 +29,7 @@
 #endif
 
 #include <wolfssl/wolfcrypt/pkcs12.h>
+#include <wolfssl/wolfcrypt/pwdbased.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <tests/api/api.h>
 #include <tests/api/test_pkcs12.h>
@@ -196,6 +197,126 @@ int test_wc_PKCS12_create(void)
     return EXPECT_RESULT();
 }
 
+int test_wc_PKCS12_PBKDF(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA256)
+    /* Test vectors from RFC 7292 Appendix B (SHA-256 based) */
+    static const byte passwd[] = {
+        0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
+        0x00, 0x00
+    };
+    static const byte salt[] = {
+        0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
+    };
+    static const byte passwd2[] = {
+        0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
+        0x00, 0x67, 0x00, 0x00
+    };
+    static const byte salt2[] = {
+        0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
+    };
+    static const byte verify[] = {
+        0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
+        0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
+        0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
+    };
+    static const byte verify2[] = {
+        0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
+        0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
+        0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
+    };
+    byte derived[24];
+
+    /* bad args */
+    ExpectIntNE(wc_PKCS12_PBKDF(NULL, passwd, (int)sizeof(passwd),
+                    salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0);
+    ExpectIntNE(wc_PKCS12_PBKDF(derived, passwd, 0,
+                    salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0);
+    ExpectIntNE(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
+                    salt, 0, 1, 24, WC_SHA256, 1), 0);
+
+    /* 1 iteration */
+    ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
+                    salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0);
+    ExpectIntEQ(XMEMCMP(derived, verify, 24), 0);
+
+    /* 1000 iterations */
+    ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd2, (int)sizeof(passwd2),
+                    salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0);
+    ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0);
+
+    /* iterations <= 0 treated as 1 */
+    ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd),
+                    salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1), 0);
+    ExpectIntEQ(XMEMCMP(derived, verify, 24), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_PKCS12_PBKDF_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA256)
+    static const byte passwd[] = {
+        0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
+        0x00, 0x00
+    };
+    static const byte salt[] = {
+        0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
+    };
+    static const byte passwd2[] = {
+        0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
+        0x00, 0x67, 0x00, 0x00
+    };
+    static const byte salt2[] = {
+        0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
+    };
+    static const byte verify[] = {
+        0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
+        0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
+        0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
+    };
+    static const byte verify2[] = {
+        0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
+        0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
+        0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
+    };
+    byte derived[24];
+    byte derived2[24];
+
+    /* bad args */
+    ExpectIntNE(wc_PKCS12_PBKDF_ex(NULL, passwd, (int)sizeof(passwd),
+                    salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0);
+    ExpectIntNE(wc_PKCS12_PBKDF_ex(derived, passwd, 0,
+                    salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0);
+    ExpectIntNE(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
+                    salt, 0, 1, 24, WC_SHA256, 1, NULL), 0);
+
+    /* 1 iteration, NULL heap */
+    ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
+                    salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0);
+    ExpectIntEQ(XMEMCMP(derived, verify, 24), 0);
+
+    /* 1000 iterations, NULL heap */
+    ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2),
+                    salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1, NULL), 0);
+    ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0);
+
+    /* _ex and non-_ex produce identical output */
+    ExpectIntEQ(wc_PKCS12_PBKDF(derived2, passwd2, (int)sizeof(passwd2),
+                    salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0);
+    ExpectIntEQ(XMEMCMP(derived, derived2, 24), 0);
+
+    /* id 2 (IV) and id 3 (MAC) also accepted */
+    ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
+                    salt, (int)sizeof(salt), 1, 24, WC_SHA256, 2, NULL), 0);
+    ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd),
+                    salt, (int)sizeof(salt), 1, 24, WC_SHA256, 3, NULL), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
 int test_wc_d2i_PKCS12_bad_mac_salt(void)
 {
     EXPECT_DECLS;

diff --git a/tests/api/test_pkcs12.h b/tests/api/test_pkcs12.h
@@ -27,10 +27,14 @@
 int test_wc_i2d_PKCS12(void);
 int test_wc_PKCS12_create(void);
 int test_wc_d2i_PKCS12_bad_mac_salt(void);
+int test_wc_PKCS12_PBKDF(void);
+int test_wc_PKCS12_PBKDF_ex(void);
 
 #define TEST_PKCS12_DECLS                                       \
     TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12),              \
     TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create),            \
-    TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_bad_mac_salt)
+    TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_bad_mac_salt), \
+    TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF),            \
+    TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex)
 
 #endif /* WOLFCRYPT_TEST_PKCS12_H */
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
@@ -1517,12 +1517,13 @@ static const char* bench_result_words1[][5] = {
 #endif
 };
 
-#if !defined(NO_RSA) || \
-    defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \
-    defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET)  || \
-    defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \
-    defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM)
+#if ((!defined(NO_RSA) || \
+      defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \
+      defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET)  || \
+      defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \
+      defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \
+      defined(HAVE_DILITHIUM)) && !defined(WC_NO_RNG)) || \
+     defined(WOLFSSL_HAVE_MLKEM)
 
 static const char* bench_desc_words[][15] = {
     /* 0           1          2         3        4        5         6            7            8          9        10        11       12          13       14 */
@@ -2057,11 +2058,11 @@ static const char* bench_result_words3[][5] = {
 #endif
 
 #if defined(BENCH_ASYM)
-#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
-    defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
-    defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \
-    defined(WOLFSSL_HAVE_LMS)
+#if ((defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
+      defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
+      defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
+      defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_LMS)) && \
+      !defined(WC_NO_RNG)) || defined(WOLFSSL_HAVE_MLKEM)
 static const char* bench_result_words2[][6] = {
 #ifdef BENCH_MICROSECOND
     { "ops took", "μsec"     , "avg" , "ops/μsec", "cycles/op",
@@ -3201,11 +3202,11 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
 } /* bench_stats_sym_finish */
 
 #ifdef BENCH_ASYM
-#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
-    defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
-    defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
-    defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \
-    defined(WOLFSSL_HAVE_LMS)
+#if ((defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \
+      defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
+      defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
+      defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_LMS)) && \
+      !defined(WC_NO_RNG)) || defined(WOLFSSL_HAVE_MLKEM)
 static void bench_stats_asym_finish_ex(const char* algo, int strength,
     const char* desc, const char* desc_extra, int useDeviceID, int count,
     double start, int ret)
@@ -4567,7 +4568,7 @@ static void* benchmarks_do(void* args)
     if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL5_SIGN))
         bench_falconKeySign(5);
 #endif
-#ifdef HAVE_DILITHIUM
+#if defined(HAVE_DILITHIUM) && !defined(WC_NO_RNG)
 #ifndef WOLFSSL_NO_ML_DSA_44
     if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN))
         bench_dilithiumKeySign(2);
@@ -9643,7 +9644,7 @@ void bench_srtpkdf(void)
 }
 #endif
 
-#ifndef NO_RSA
+#if !defined(NO_RSA) && !defined(WC_NO_RNG)
 
 #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
 static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
@@ -10285,7 +10286,7 @@ void bench_rsa_key(int useDeviceID, word32 rsaKeySz)
     }
 }
 #endif /* WOLFSSL_KEY_GEN */
-#endif /* !NO_RSA */
+#endif /* !NO_RSA && !WC_NO_RNG */
 
 
 #if !defined(NO_DH) && !defined(WC_NO_RNG)
@@ -14329,7 +14330,7 @@ void bench_falconKeySign(byte level)
 }
 #endif /* HAVE_FALCON */
 
-#ifdef HAVE_DILITHIUM
+#if defined(HAVE_DILITHIUM) && !defined(WC_NO_RNG)
 
 #if defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
 
@@ -15675,7 +15676,7 @@ void bench_dilithiumKeySign(byte level)
     #endif
 #endif
 }
-#endif /* HAVE_DILITHIUM */
+#endif /* HAVE_DILITHIUM && !WC_NO_RNG */
 
 #ifdef HAVE_SPHINCS
 void bench_sphincsKeySign(byte level, byte optim)

diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
@@ -2227,8 +2227,10 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
 #endif
     XFREE(y, key->heap, DYNAMIC_TYPE_DH);
 #elif defined(WOLFSSL_CHECK_MEM_ZERO)
+#if !defined(WOLFSSL_SP_MATH)
     mp_memzero_check(x);
     mp_memzero_check(z);
+#endif
 #endif
 
     return ret;