mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 19:20:55 +02:00
@@ -72,7 +72,7 @@ jobs:
|
||||
|
||||
- name: Download haproxy if needed
|
||||
if: steps.cache-haproxy.outputs.cache-hit != 'true'
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: haproxy/haproxy
|
||||
ref: ${{matrix.haproxy_ref}}
|
||||
|
||||
@@ -20,7 +20,7 @@ jobs:
|
||||
run:
|
||||
shell: msys2 {0}
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: msys2/setup-msys2@v2
|
||||
with:
|
||||
msystem: msys
|
||||
|
||||
@@ -15,7 +15,7 @@ jobs:
|
||||
steps:
|
||||
- name: Cache NetXDuo bundle
|
||||
id: cache-netxduo
|
||||
uses: actions/cache@v3
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: ./v6.4.3_rel.tar.gz
|
||||
key: netxduo-bundle-v6.4.3_rel
|
||||
|
||||
+3
-3
@@ -7976,7 +7976,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
(unsigned long)wolfSSL_X509_VERIFY_PARAM_get_flags(
|
||||
wolfSSL_CTX_get0_param(ctx))) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("ssl->param set flags error");
|
||||
return WOLFSSL_FAILURE;
|
||||
return BAD_STATE_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -8137,7 +8137,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
|
||||
if (ctx->quic.method) {
|
||||
ret = wolfSSL_set_quic_method(ssl, ctx->quic.method);
|
||||
if (ret != WOLFSSL_SUCCESS)
|
||||
return ret;
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -14988,6 +14988,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
|
||||
#elif !defined(NO_SHA)
|
||||
retHash = wc_ShaHash((const byte*)pbuf, (word32)len, dgt);
|
||||
#endif
|
||||
wolfSSL_OPENSSL_free(pbuf);
|
||||
if (retHash == 0) {
|
||||
/* 4 bytes in little endian as unsigned long */
|
||||
hash = (((unsigned long)dgt[3] << 24) |
|
||||
@@ -14998,7 +14999,6 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
|
||||
WOLFSSL_MSG("failed hash operation");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
wolfSSL_OPENSSL_free(pbuf);
|
||||
}
|
||||
|
||||
/* try to load each hashed name file in path */
|
||||
|
||||
+1
-1
@@ -3899,7 +3899,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
|
||||
}
|
||||
}
|
||||
|
||||
mp_clear(t);
|
||||
mp_forcezero(t);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (rsa != NULL) {
|
||||
|
||||
+14
-5
@@ -2930,17 +2930,21 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
|
||||
#endif
|
||||
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
|
||||
#ifdef WOLFSSL_TLS13
|
||||
|
||||
#ifdef WOLFSSL_32BIT_MILLI_TIME
|
||||
if (i - idx < OPAQUE32_LEN) {
|
||||
ret = BUFFER_ERROR;
|
||||
goto end;
|
||||
}
|
||||
ato32(data + idx, &s->ticketSeen);
|
||||
idx += OPAQUE32_LEN;
|
||||
#else
|
||||
if (i - idx < (OPAQUE32_LEN * 2)) {
|
||||
ret = BUFFER_ERROR;
|
||||
goto end;
|
||||
}
|
||||
#ifdef WOLFSSL_32BIT_MILLI_TIME
|
||||
ato32(data + idx, &s->ticketSeen);
|
||||
idx += OPAQUE32_LEN;
|
||||
#else
|
||||
{
|
||||
word32 seenHi, seenLo;
|
||||
|
||||
ato32(data + idx, &seenHi);
|
||||
idx += OPAQUE32_LEN;
|
||||
ato32(data + idx, &seenLo);
|
||||
@@ -2948,6 +2952,11 @@ WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
|
||||
s->ticketSeen = ((sword64)seenHi << 32) + seenLo;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (i - idx < OPAQUE32_LEN) {
|
||||
ret = BUFFER_ERROR;
|
||||
goto end;
|
||||
}
|
||||
ato32(data + idx, &s->ticketAdd);
|
||||
idx += OPAQUE32_LEN;
|
||||
if (i - idx < OPAQUE8_LEN) {
|
||||
|
||||
+4
-5
@@ -33629,14 +33629,13 @@ int test_wc_LmsKey_reload_cache(void);
|
||||
static int test_lms_write_key(const byte* priv, word32 privSz, void* context)
|
||||
{
|
||||
FILE* f = fopen((const char*)context, "wb");
|
||||
int ret = WC_LMS_RC_SAVED_TO_NV_MEMORY;
|
||||
if (f == NULL)
|
||||
return -1;
|
||||
if (fwrite(priv, 1, privSz, f) != privSz) {
|
||||
fclose(f);
|
||||
return -1;
|
||||
}
|
||||
if (fwrite(priv, 1, privSz, f) != privSz)
|
||||
ret = -1;
|
||||
fclose(f);
|
||||
return WC_LMS_RC_SAVED_TO_NV_MEMORY;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int test_lms_read_key(byte* priv, word32 privSz, void* context)
|
||||
|
||||
+22
-20
@@ -9491,14 +9491,15 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
if (rsa == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
wc_InitRsaKey(rsa, heap);
|
||||
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) {
|
||||
*algoID = RSAk;
|
||||
if (wc_InitRsaKey(rsa, heap) == 0) {
|
||||
if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) {
|
||||
*algoID = RSAk;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not RSA DER key");
|
||||
}
|
||||
wc_FreeRsaKey(rsa);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not RSA DER key");
|
||||
}
|
||||
wc_FreeRsaKey(rsa);
|
||||
XFREE(rsa, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif /* !NO_RSA && !NO_ASN_CRYPT */
|
||||
@@ -9509,22 +9510,23 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
return MEMORY_E;
|
||||
|
||||
tmpIdx = 0;
|
||||
wc_ecc_init_ex(ecc, heap, INVALID_DEVID);
|
||||
if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) {
|
||||
*algoID = ECDSAk;
|
||||
if (wc_ecc_init_ex(ecc, heap, INVALID_DEVID) == 0) {
|
||||
if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) {
|
||||
*algoID = ECDSAk;
|
||||
|
||||
/* now find oid */
|
||||
if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(ecc);
|
||||
XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return BAD_FUNC_ARG;
|
||||
/* now find oid */
|
||||
if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) {
|
||||
WOLFSSL_MSG("Error getting ECC curve OID");
|
||||
wc_ecc_free(ecc);
|
||||
XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not ECC DER key either");
|
||||
}
|
||||
wc_ecc_free(ecc);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not ECC DER key either");
|
||||
}
|
||||
wc_ecc_free(ecc);
|
||||
XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif /* HAVE_ECC && !NO_ASN_CRYPT */
|
||||
|
||||
+1
-1
@@ -1465,7 +1465,7 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng,
|
||||
if (ret == MP_OKAY)
|
||||
ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw,
|
||||
&x.raw, pub, pubSz);
|
||||
mp_clear(&x);
|
||||
mp_forcezero(&x);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -8026,6 +8026,7 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng)
|
||||
ret = wc_dilithium_make_key_from_seed(key, seed);
|
||||
}
|
||||
|
||||
ForceZero(seed, sizeof(seed));
|
||||
return ret;
|
||||
}
|
||||
#endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
|
||||
|
||||
@@ -68,8 +68,6 @@ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap,
|
||||
int devId)
|
||||
{
|
||||
int err = 0;
|
||||
ecc_key* ecc = NULL;
|
||||
ecc_key* pubkey = NULL;
|
||||
EccsiKeyParams* params = NULL;
|
||||
|
||||
if (key == NULL) {
|
||||
@@ -84,7 +82,6 @@ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap,
|
||||
err = wc_ecc_init_ex(&key->ecc, heap, devId);
|
||||
}
|
||||
if (err == 0) {
|
||||
ecc = &key->ecc;
|
||||
err = wc_ecc_init_ex(&key->pubkey, heap, devId);
|
||||
}
|
||||
if (err == 0) {
|
||||
@@ -94,7 +91,6 @@ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap,
|
||||
}
|
||||
}
|
||||
if (err == 0) {
|
||||
pubkey = &key->pubkey;
|
||||
err = mp_init_multi(¶ms->order,
|
||||
#ifdef WOLFCRYPT_ECCSI_CLIENT
|
||||
¶ms->a, ¶ms->b, ¶ms->prime, &key->tmp, &key->ssk
|
||||
@@ -111,8 +107,7 @@ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap,
|
||||
}
|
||||
|
||||
if (err != 0) {
|
||||
wc_ecc_free(pubkey);
|
||||
wc_ecc_free(ecc);
|
||||
wc_FreeEccsiKey(key);
|
||||
}
|
||||
|
||||
return err;
|
||||
|
||||
+33
-39
@@ -416,26 +416,21 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
|
||||
/* step 1: create nonce to use where nonce is r in
|
||||
r = H(h_b, ... ,h_2b-1,M) */
|
||||
ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
/* apply clamp */
|
||||
az[0] &= 248;
|
||||
az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
|
||||
az[31] |= 64;
|
||||
|
||||
{
|
||||
if (ret == 0) {
|
||||
#ifdef WOLFSSL_ED25519_PERSISTENT_SHA
|
||||
wc_Sha512 *sha = &key->sha;
|
||||
#else
|
||||
wc_Sha512 sha[1];
|
||||
ret = ed25519_hash_init(key, sha);
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (type == Ed25519ctx || type == Ed25519ph) {
|
||||
/* apply clamp */
|
||||
az[0] &= 248;
|
||||
az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
|
||||
az[31] |= 64;
|
||||
|
||||
if (ret == 0 && (type == Ed25519ctx || type == Ed25519ph)) {
|
||||
ret = ed25519_hash_update(key, sha, ed25519Ctx, ED25519CTX_SIZE);
|
||||
if (ret == 0)
|
||||
ret = ed25519_hash_update(key, sha, &type, sizeof(type));
|
||||
@@ -457,39 +452,36 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
|
||||
#endif
|
||||
}
|
||||
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if (ret == 0) {
|
||||
#ifdef FREESCALE_LTC_ECC
|
||||
ltcPoint.X = &tempBuf[0];
|
||||
ltcPoint.Y = &tempBuf[32];
|
||||
LTC_PKHA_sc_reduce(nonce);
|
||||
LTC_PKHA_Ed25519_PointMul(LTC_PKHA_Ed25519_BasePoint(), nonce,
|
||||
ED25519_KEY_SIZE, <cPoint, kLTC_Ed25519 /* result on Ed25519 */);
|
||||
LTC_PKHA_Ed25519_Compress(<cPoint, out);
|
||||
ltcPoint.X = &tempBuf[0];
|
||||
ltcPoint.Y = &tempBuf[32];
|
||||
LTC_PKHA_sc_reduce(nonce);
|
||||
LTC_PKHA_Ed25519_PointMul(LTC_PKHA_Ed25519_BasePoint(), nonce,
|
||||
ED25519_KEY_SIZE, <cPoint,
|
||||
kLTC_Ed25519 /* result on Ed25519 */);
|
||||
LTC_PKHA_Ed25519_Compress(<cPoint, out);
|
||||
#else
|
||||
sc_reduce(nonce);
|
||||
sc_reduce(nonce);
|
||||
|
||||
/* step 2: computing R = rB where rB is the scalar multiplication of
|
||||
r and B */
|
||||
ge_scalarmult_base(&R,nonce);
|
||||
ge_p3_tobytes(out,&R);
|
||||
/* step 2: computing R = rB where rB is the scalar multiplication of
|
||||
r and B */
|
||||
ge_scalarmult_base(&R,nonce);
|
||||
ge_p3_tobytes(out,&R);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* step 3: hash R + public key + message getting H(R,A,M) then
|
||||
creating S = (r + H(R,A,M)a) mod l */
|
||||
{
|
||||
if (ret == 0) {
|
||||
#ifdef WOLFSSL_ED25519_PERSISTENT_SHA
|
||||
wc_Sha512 *sha = &key->sha;
|
||||
#else
|
||||
wc_Sha512 sha[1];
|
||||
|
||||
ret = ed25519_hash_init(key, sha);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
#endif
|
||||
|
||||
if (type == Ed25519ctx || type == Ed25519ph) {
|
||||
if (ret == 0 && (type == Ed25519ctx || type == Ed25519ph)) {
|
||||
ret = ed25519_hash_update(key, sha, ed25519Ctx, ED25519CTX_SIZE);
|
||||
if (ret == 0)
|
||||
ret = ed25519_hash_update(key, sha, &type, sizeof(type));
|
||||
@@ -512,20 +504,22 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
|
||||
#endif
|
||||
}
|
||||
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if (ret == 0) {
|
||||
#ifdef FREESCALE_LTC_ECC
|
||||
LTC_PKHA_sc_reduce(hram);
|
||||
LTC_PKHA_sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
|
||||
LTC_PKHA_sc_reduce(hram);
|
||||
LTC_PKHA_sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
|
||||
#else
|
||||
sc_reduce(hram);
|
||||
sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
|
||||
sc_reduce(hram);
|
||||
sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
|
||||
#endif
|
||||
}
|
||||
|
||||
ForceZero(az, sizeof(az));
|
||||
ForceZero(nonce, sizeof(nonce));
|
||||
#endif /* WOLFSSL_SE050 */
|
||||
|
||||
#ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
|
||||
{
|
||||
if (ret == 0) {
|
||||
int i;
|
||||
byte c = 0;
|
||||
for (i = 0; i < ED25519_KEY_SIZE; i++) {
|
||||
|
||||
+10
-10
@@ -391,16 +391,15 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
|
||||
#else
|
||||
wc_Shake sha[1];
|
||||
ret = ed448_hash_init(key, sha);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
#endif
|
||||
/* apply clamp */
|
||||
az[0] &= 0xfc;
|
||||
az[55] |= 0x80;
|
||||
az[56] = 0x00;
|
||||
|
||||
ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE);
|
||||
|
||||
if (ret == 0) {
|
||||
ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE);
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = ed448_hash_update(key, sha, &type, sizeof(type));
|
||||
}
|
||||
@@ -429,15 +428,14 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
|
||||
#else
|
||||
wc_Shake sha[1];
|
||||
ret = ed448_hash_init(key, sha);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
#endif
|
||||
sc448_reduce(nonce);
|
||||
|
||||
if (ret == 0)
|
||||
sc448_reduce(nonce);
|
||||
/* step 2: computing R = rB where rB is the scalar multiplication of
|
||||
r and B */
|
||||
ret = ge448_scalarmult_base(&R,nonce);
|
||||
|
||||
if (ret == 0) {
|
||||
ret = ge448_scalarmult_base(&R,nonce);
|
||||
}
|
||||
/* step 3: hash R + public key + message getting H(R,A,M) then
|
||||
creating S = (r + H(R,A,M)a) mod l */
|
||||
if (ret == 0) {
|
||||
@@ -487,6 +485,8 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
|
||||
}
|
||||
#endif
|
||||
|
||||
ForceZero(az, sizeof(az));
|
||||
ForceZero(nonce, sizeof(nonce));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
+15
-5
@@ -1263,13 +1263,17 @@ static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff)
|
||||
{
|
||||
int i;
|
||||
int n;
|
||||
byte mask = 0;
|
||||
n = buff[ctx->block_size-1];
|
||||
if (n > ctx->block_size || n == 0) return -1;
|
||||
for (i = 0; i < n; i++) {
|
||||
if (buff[ctx->block_size-i-1] != n)
|
||||
return -1;
|
||||
/* Encode invalid n into mask constant-time instead of early-returning,
|
||||
* so the loop always runs and timing does not reveal padding length. */
|
||||
mask |= ctMaskEq(n, 0) | ctMaskGT(n, ctx->block_size);
|
||||
for (i = 0; i < ctx->block_size; i++) {
|
||||
byte in_padding = ctMaskLT(i, n);
|
||||
mask |= ctMaskSel(in_padding,
|
||||
ctMaskNotEq(buff[ctx->block_size - 1 - i], n), 0);
|
||||
}
|
||||
return ctx->block_size - n;
|
||||
return ctMaskSelInt(ctMaskEq(mask, 0), ctx->block_size - n, -1);
|
||||
}
|
||||
|
||||
#if (defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
|
||||
@@ -3096,6 +3100,12 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ctx->op != WC_EVP_PKEY_OP_DECRYPT) {
|
||||
WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_DECRYPT. Use "
|
||||
"wolfSSL_EVP_PKEY_decrypt_init.");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
(void)out;
|
||||
(void)outLen;
|
||||
(void)in;
|
||||
|
||||
Reference in New Issue
Block a user