Merge pull request #9981 from julek-wolfssl/fenrir/260316

Fenrir fixes
This commit is contained in:
JacobBarthelmeh
2026-03-17 08:36:11 -06:00
committed by GitHub
14 changed files with 108 additions and 98 deletions
+1 -1
View File
@@ -72,7 +72,7 @@ jobs:
- name: Download haproxy if needed
if: steps.cache-haproxy.outputs.cache-hit != 'true'
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: haproxy/haproxy
ref: ${{matrix.haproxy_ref}}
+1 -1
View File
@@ -20,7 +20,7 @@ jobs:
run:
shell: msys2 {0}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: msys2/setup-msys2@v2
with:
msystem: msys
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
steps:
- name: Cache NetXDuo bundle
id: cache-netxduo
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ./v6.4.3_rel.tar.gz
key: netxduo-bundle-v6.4.3_rel
+3 -3
View File
@@ -7976,7 +7976,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
(unsigned long)wolfSSL_X509_VERIFY_PARAM_get_flags(
wolfSSL_CTX_get0_param(ctx))) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("ssl->param set flags error");
return WOLFSSL_FAILURE;
return BAD_STATE_E;
}
#endif
@@ -8137,7 +8137,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
if (ctx->quic.method) {
ret = wolfSSL_set_quic_method(ssl, ctx->quic.method);
if (ret != WOLFSSL_SUCCESS)
return ret;
return WOLFSSL_FATAL_ERROR;
}
#endif
@@ -14988,6 +14988,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
#elif !defined(NO_SHA)
retHash = wc_ShaHash((const byte*)pbuf, (word32)len, dgt);
#endif
wolfSSL_OPENSSL_free(pbuf);
if (retHash == 0) {
/* 4 bytes in little endian as unsigned long */
hash = (((unsigned long)dgt[3] << 24) |
@@ -14998,7 +14999,6 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
WOLFSSL_MSG("failed hash operation");
return WOLFSSL_FAILURE;
}
wolfSSL_OPENSSL_free(pbuf);
}
/* try to load each hashed name file in path */
+1 -1
View File
@@ -3899,7 +3899,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
}
}
mp_clear(t);
mp_forcezero(t);
#ifdef WOLFSSL_SMALL_STACK
if (rsa != NULL) {
+14 -5
View File
@@ -2930,17 +2930,21 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
#ifdef WOLFSSL_TLS13
#ifdef WOLFSSL_32BIT_MILLI_TIME
if (i - idx < OPAQUE32_LEN) {
ret = BUFFER_ERROR;
goto end;
}
ato32(data + idx, &s->ticketSeen);
idx += OPAQUE32_LEN;
#else
if (i - idx < (OPAQUE32_LEN * 2)) {
ret = BUFFER_ERROR;
goto end;
}
#ifdef WOLFSSL_32BIT_MILLI_TIME
ato32(data + idx, &s->ticketSeen);
idx += OPAQUE32_LEN;
#else
{
word32 seenHi, seenLo;
ato32(data + idx, &seenHi);
idx += OPAQUE32_LEN;
ato32(data + idx, &seenLo);
@@ -2948,6 +2952,11 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
s->ticketSeen = ((sword64)seenHi << 32) + seenLo;
}
#endif
if (i - idx < OPAQUE32_LEN) {
ret = BUFFER_ERROR;
goto end;
}
ato32(data + idx, &s->ticketAdd);
idx += OPAQUE32_LEN;
if (i - idx < OPAQUE8_LEN) {
+4 -5
View File
@@ -33629,14 +33629,13 @@ int test_wc_LmsKey_reload_cache(void);
static int test_lms_write_key(const byte* priv, word32 privSz, void* context)
{
FILE* f = fopen((const char*)context, "wb");
int ret = WC_LMS_RC_SAVED_TO_NV_MEMORY;
if (f == NULL)
return -1;
if (fwrite(priv, 1, privSz, f) != privSz) {
fclose(f);
return -1;
}
if (fwrite(priv, 1, privSz, f) != privSz)
ret = -1;
fclose(f);
return WC_LMS_RC_SAVED_TO_NV_MEMORY;
return ret;
}
static int test_lms_read_key(byte* priv, word32 privSz, void* context)
+22 -20
View File
@@ -9491,14 +9491,15 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
if (rsa == NULL)
return MEMORY_E;
wc_InitRsaKey(rsa, heap);
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) {
*algoID = RSAk;
if (wc_InitRsaKey(rsa, heap) == 0) {
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) {
*algoID = RSAk;
}
else {
WOLFSSL_MSG("Not RSA DER key");
}
wc_FreeRsaKey(rsa);
}
else {
WOLFSSL_MSG("Not RSA DER key");
}
wc_FreeRsaKey(rsa);
XFREE(rsa, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* !NO_RSA && !NO_ASN_CRYPT */
@@ -9509,22 +9510,23 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
return MEMORY_E;
tmpIdx = 0;
wc_ecc_init_ex(ecc, heap, INVALID_DEVID);
if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) {
*algoID = ECDSAk;
if (wc_ecc_init_ex(ecc, heap, INVALID_DEVID) == 0) {
if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) {
*algoID = ECDSAk;
/* now find oid */
if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(ecc);
XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_FUNC_ARG;
/* now find oid */
if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) {
WOLFSSL_MSG("Error getting ECC curve OID");
wc_ecc_free(ecc);
XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_FUNC_ARG;
}
}
else {
WOLFSSL_MSG("Not ECC DER key either");
}
wc_ecc_free(ecc);
}
else {
WOLFSSL_MSG("Not ECC DER key either");
}
wc_ecc_free(ecc);
XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* HAVE_ECC && !NO_ASN_CRYPT */
+1 -1
View File
@@ -1465,7 +1465,7 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
if (ret == MP_OKAY)
ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
&x.raw, pub, pubSz);
mp_clear(&x);
mp_forcezero(&x);
return ret;
}
+1
View File
@@ -8026,6 +8026,7 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng)
ret = wc_dilithium_make_key_from_seed(key, seed);
}
ForceZero(seed, sizeof(seed));
return ret;
}
#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
+1 -6
View File
@@ -68,8 +68,6 @@ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap,
int devId)
{
int err = 0;
ecc_key* ecc = NULL;
ecc_key* pubkey = NULL;
EccsiKeyParams* params = NULL;
if (key == NULL) {
@@ -84,7 +82,6 @@ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap,
err = wc_ecc_init_ex(&key->ecc, heap, devId);
}
if (err == 0) {
ecc = &key->ecc;
err = wc_ecc_init_ex(&key->pubkey, heap, devId);
}
if (err == 0) {
@@ -94,7 +91,6 @@ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap,
}
}
if (err == 0) {
pubkey = &key->pubkey;
err = mp_init_multi(&params->order,
#ifdef WOLFCRYPT_ECCSI_CLIENT
&params->a, &params->b, &params->prime, &key->tmp, &key->ssk
@@ -111,8 +107,7 @@ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap,
}
if (err != 0) {
wc_ecc_free(pubkey);
wc_ecc_free(ecc);
wc_FreeEccsiKey(key);
}
return err;
+33 -39
View File
@@ -416,26 +416,21 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
/* step 1: create nonce to use where nonce is r in
r = H(h_b, ... ,h_2b-1,M) */
ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az);
if (ret != 0)
return ret;
/* apply clamp */
az[0] &= 248;
az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
az[31] |= 64;
{
if (ret == 0) {
#ifdef WOLFSSL_ED25519_PERSISTENT_SHA
wc_Sha512 *sha = &key->sha;
#else
wc_Sha512 sha[1];
ret = ed25519_hash_init(key, sha);
if (ret < 0) {
return ret;
}
#endif
if (type == Ed25519ctx || type == Ed25519ph) {
/* apply clamp */
az[0] &= 248;
az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
az[31] |= 64;
if (ret == 0 && (type == Ed25519ctx || type == Ed25519ph)) {
ret = ed25519_hash_update(key, sha, ed25519Ctx, ED25519CTX_SIZE);
if (ret == 0)
ret = ed25519_hash_update(key, sha, &type, sizeof(type));
@@ -457,39 +452,36 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
#endif
}
if (ret != 0)
return ret;
if (ret == 0) {
#ifdef FREESCALE_LTC_ECC
ltcPoint.X = &tempBuf[0];
ltcPoint.Y = &tempBuf[32];
LTC_PKHA_sc_reduce(nonce);
LTC_PKHA_Ed25519_PointMul(LTC_PKHA_Ed25519_BasePoint(), nonce,
ED25519_KEY_SIZE, &ltcPoint, kLTC_Ed25519 /* result on Ed25519 */);
LTC_PKHA_Ed25519_Compress(&ltcPoint, out);
ltcPoint.X = &tempBuf[0];
ltcPoint.Y = &tempBuf[32];
LTC_PKHA_sc_reduce(nonce);
LTC_PKHA_Ed25519_PointMul(LTC_PKHA_Ed25519_BasePoint(), nonce,
ED25519_KEY_SIZE, &ltcPoint,
kLTC_Ed25519 /* result on Ed25519 */);
LTC_PKHA_Ed25519_Compress(&ltcPoint, out);
#else
sc_reduce(nonce);
sc_reduce(nonce);
/* step 2: computing R = rB where rB is the scalar multiplication of
r and B */
ge_scalarmult_base(&R,nonce);
ge_p3_tobytes(out,&R);
/* step 2: computing R = rB where rB is the scalar multiplication of
r and B */
ge_scalarmult_base(&R,nonce);
ge_p3_tobytes(out,&R);
#endif
}
/* step 3: hash R + public key + message getting H(R,A,M) then
creating S = (r + H(R,A,M)a) mod l */
{
if (ret == 0) {
#ifdef WOLFSSL_ED25519_PERSISTENT_SHA
wc_Sha512 *sha = &key->sha;
#else
wc_Sha512 sha[1];
ret = ed25519_hash_init(key, sha);
if (ret < 0)
return ret;
#endif
if (type == Ed25519ctx || type == Ed25519ph) {
if (ret == 0 && (type == Ed25519ctx || type == Ed25519ph)) {
ret = ed25519_hash_update(key, sha, ed25519Ctx, ED25519CTX_SIZE);
if (ret == 0)
ret = ed25519_hash_update(key, sha, &type, sizeof(type));
@@ -512,20 +504,22 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
#endif
}
if (ret != 0)
return ret;
if (ret == 0) {
#ifdef FREESCALE_LTC_ECC
LTC_PKHA_sc_reduce(hram);
LTC_PKHA_sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
LTC_PKHA_sc_reduce(hram);
LTC_PKHA_sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
#else
sc_reduce(hram);
sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
sc_reduce(hram);
sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
#endif
}
ForceZero(az, sizeof(az));
ForceZero(nonce, sizeof(nonce));
#endif /* WOLFSSL_SE050 */
#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
{
if (ret == 0) {
int i;
byte c = 0;
for (i = 0; i < ED25519_KEY_SIZE; i++) {
+10 -10
View File
@@ -391,16 +391,15 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
#else
wc_Shake sha[1];
ret = ed448_hash_init(key, sha);
if (ret < 0)
return ret;
#endif
/* apply clamp */
az[0] &= 0xfc;
az[55] |= 0x80;
az[56] = 0x00;
ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE);
if (ret == 0) {
ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE);
}
if (ret == 0) {
ret = ed448_hash_update(key, sha, &type, sizeof(type));
}
@@ -429,15 +428,14 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
#else
wc_Shake sha[1];
ret = ed448_hash_init(key, sha);
if (ret < 0)
return ret;
#endif
sc448_reduce(nonce);
if (ret == 0)
sc448_reduce(nonce);
/* step 2: computing R = rB where rB is the scalar multiplication of
r and B */
ret = ge448_scalarmult_base(&R,nonce);
if (ret == 0) {
ret = ge448_scalarmult_base(&R,nonce);
}
/* step 3: hash R + public key + message getting H(R,A,M) then
creating S = (r + H(R,A,M)a) mod l */
if (ret == 0) {
@@ -487,6 +485,8 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
}
#endif
ForceZero(az, sizeof(az));
ForceZero(nonce, sizeof(nonce));
return ret;
}
+15 -5
View File
@@ -1263,13 +1263,17 @@ static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff)
{
int i;
int n;
byte mask = 0;
n = buff[ctx->block_size-1];
if (n > ctx->block_size || n == 0) return -1;
for (i = 0; i < n; i++) {
if (buff[ctx->block_size-i-1] != n)
return -1;
/* Encode invalid n into mask constant-time instead of early-returning,
* so the loop always runs and timing does not reveal padding length. */
mask |= ctMaskEq(n, 0) | ctMaskGT(n, ctx->block_size);
for (i = 0; i < ctx->block_size; i++) {
byte in_padding = ctMaskLT(i, n);
mask |= ctMaskSel(in_padding,
ctMaskNotEq(buff[ctx->block_size - 1 - i], n), 0);
}
return ctx->block_size - n;
return ctMaskSelInt(ctMaskEq(mask, 0), ctx->block_size - n, -1);
}
#if (defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
@@ -3096,6 +3100,12 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
return 0;
}
if (ctx->op != WC_EVP_PKEY_OP_DECRYPT) {
WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_DECRYPT. Use "
"wolfSSL_EVP_PKEY_decrypt_init.");
return WOLFSSL_FAILURE;
}
(void)out;
(void)outLen;
(void)in;