wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 09:22:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into gh7197

Browse Source
This commit is contained in:
Kareem
2025-12-23 14:43:57 -07:00
parent 3e59b83727 d36bfabe18
commit cb81cc8ce6
34 changed files with 7727 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
wolfcrypt/src/aes.c
View File

@@ -13402,10 +13402,34 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId)
/* Free Aes resources */
void wc_AesFree(Aes* aes)
{
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
int ret = 0;
#endif
if (aes == NULL) {
return;
}
#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE)
#ifndef WOLF_CRYPTO_CB_FIND
if (aes->devId != INVALID_DEVID)
#endif
{
ret = wc_CryptoCb_Free(aes->devId, WC_ALGO_TYPE_CIPHER,
WC_CIPHER_AES, (void*)aes);
/* If they want the standard free, they can call it themselves */
/* via their callback setting devId to INVALID_DEVID */
/* otherwise assume the callback handled it */
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
return;
/* fall-through when unavailable */
}
/* silence compiler warning */
(void)ret;
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_FREE */
#ifdef WC_DEBUG_CIPHER_LIFECYCLE
(void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1);
#endif

61
wolfcrypt/src/asn.c
View File

@@ -104,6 +104,9 @@ ASN Options:
* DO NOT enable this unless required for interoperability.
* WOLFSSL_ASN_EXTRA: Make more ASN.1 APIs available regardless of internal
* usage.
* WOLFSSL_ALLOW_AKID_SKID_MATCH: By default cert issuer is found using hash
* of cert subject hash with signers subject hash. This option allows fallback
* to using AKID and SKID matching.
*/
#ifndef NO_RSA
@@ -21339,42 +21342,25 @@ static int DecodeAuthKeyIdInternal(const byte* input, word32 sz,
ret = DecodeAuthKeyId(input, sz, &extAuthKeyId, &extAuthKeyIdSz,
&extAuthKeyIdIssuer, &extAuthKeyIdIssuerSz, &extAuthKeyIdIssuerSN,
&extAuthKeyIdIssuerSNSz);
if (ret != 0)
return ret;
#ifndef WOLFSSL_ASN_TEMPLATE
if (extAuthKeyIdSz == 0)
{
if (ret != 0) {
cert->extAuthKeyIdSet = 0;
return 0;
return ret;
}
cert->extAuthKeyIdSz = extAuthKeyIdSz;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef WOLFSSL_AKID_NAME
cert->extRawAuthKeyIdSrc = input;
cert->extRawAuthKeyIdSz = sz;
#endif
cert->extAuthKeyIdSrc = extAuthKeyId;
#endif /* OPENSSL_EXTRA */
return GetHashId(extAuthKeyId, extAuthKeyIdSz, cert->extAuthKeyId,
HashIdAlg(cert->signatureOID));
#else
/* Each field is optional */
if (extAuthKeyIdSz > 0) {
#ifdef OPENSSL_EXTRA
cert->extAuthKeyIdSrc = extAuthKeyId;
cert->extAuthKeyIdSet = 1;
cert->extAuthKeyIdSz = extAuthKeyIdSz;
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
cert->extAuthKeyIdSrc = extAuthKeyId;
#endif
/* Get the hash or hash of the hash if wrong size. */
ret = GetHashId(extAuthKeyId, (int)extAuthKeyIdSz, cert->extAuthKeyId,
HashIdAlg(cert->signatureOID));
}
#ifdef WOLFSSL_AKID_NAME
if (ret == 0 && extAuthKeyIdIssuerSz > 0) {
cert->extAuthKeyIdIssuer = extAuthKeyIdIssuer;
@@ -21386,15 +21372,15 @@ static int DecodeAuthKeyIdInternal(const byte* input, word32 sz,
}
#endif /* WOLFSSL_AKID_NAME */
if (ret == 0) {
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME)
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
defined(WOLFSSL_AKID_NAME)
/* Store the raw authority key id. */
cert->extRawAuthKeyIdSrc = input;
cert->extRawAuthKeyIdSz = sz;
#endif /* OPENSSL_EXTRA */
#endif
}
return ret;
#endif /* WOLFSSL_ASN_TEMPLATE */
}
/* Decode subject key id extension.
@@ -25723,7 +25709,22 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
}
if (cert->ca != NULL && XMEMCMP(cert->issuerHash,
cert->ca->subjectNameHash, KEYID_SIZE) != 0) {
cert->ca = NULL;
#ifdef WOLFSSL_ALLOW_AKID_SKID_MATCH
/* if hash of cert subject does not match hash of issuer
* then try with AKID/SKID if available */
if (cert->extAuthKeyIdSet && cert->extAuthKeyIdSz > 0 &&
cert->extAuthKeyIdSz ==
(word32)sizeof(cert->ca->subjectKeyIdHash) &&
XMEMCMP(cert->extAuthKeyId, cert->ca->subjectKeyIdHash,
cert->extAuthKeyIdSz) == 0) {
WOLFSSL_MSG("Cert AKID matches CA SKID");
}
else
#endif
{
WOLFSSL_MSG("Cert subject hash does not match issuer hash");
cert->ca = NULL;
}
}
if (cert->ca == NULL) {
cert->ca = GetCAByName(cm, cert->issuerHash);

19
wolfcrypt/src/curve25519.c
View File

@@ -202,6 +202,15 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
#endif /* !WOLFSSL_CURVE25519_BLINDING */
#endif /* FREESCALE_LTC_ECC */
/* If WOLFSSL_CURVE25519_BLINDING is defined, this check is run in
* wc_curve25519_make_pub_blind since it could be called directly. */
#if !defined(WOLFSSL_CURVE25519_BLINDING) || defined(FREESCALE_LTC_ECC)
if (ret == 0) {
ret = wc_curve25519_check_public(pub, (word32)public_size,
EC25519_LITTLE_ENDIAN);
}
#endif
return ret;
}
@@ -297,6 +306,11 @@ int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size,
ret = curve25519_smul_blind(pub, priv, (byte*)kCurve25519BasePoint, rng);
#endif
if (ret == 0) {
ret = wc_curve25519_check_public(pub, (word32)public_size,
EC25519_LITTLE_ENDIAN);
}
return ret;
}
#endif
@@ -463,11 +477,6 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point,
(int)sizeof(key->k), key->k);
#endif
if (ret == 0) {
ret = wc_curve25519_check_public(key->p.point,
(word32)sizeof(key->p.point),
EC25519_LITTLE_ENDIAN);
}
key->pubSet = (ret == 0);
}
#endif

7
wolfcrypt/src/ed25519.c
View File

@@ -1127,6 +1127,9 @@ int wc_ed25519_export_public(const ed25519_key* key, byte* out, word32* outLen)
return BUFFER_E;
}
if (!key->pubKeySet)
return PUBLIC_KEY_E;
*outLen = ED25519_PUB_KEY_SIZE;
XMEMCPY(out, key->p, ED25519_PUB_KEY_SIZE);
@@ -1368,7 +1371,7 @@ int wc_ed25519_export_private_only(const ed25519_key* key, byte* out, word32* ou
int wc_ed25519_export_private(const ed25519_key* key, byte* out, word32* outLen)
{
/* sanity checks on arguments */
if (key == NULL || out == NULL || outLen == NULL)
if (key == NULL || !key->privKeySet || out == NULL || outLen == NULL)
return BAD_FUNC_ARG;
if (*outLen < ED25519_PRV_KEY_SIZE) {
@@ -1398,6 +1401,8 @@ int wc_ed25519_export_key(const ed25519_key* key,
/* export public part */
ret = wc_ed25519_export_public(key, pub, pubSz);
if (ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E))
ret = 0; /* ignore no public key */
return ret;
}

24
wolfcrypt/src/pkcs7.c
View File

@@ -5455,7 +5455,6 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
if (ret == 0 && GetMyVersion(pkiMsg, &idx, &version, pkiMsgSz) < 0)
ret = ASN_PARSE_E;
/* version 1 follows RFC 2315 */
/* version 3 follows RFC 4108 */
if (ret == 0 && (version != 1 && version != 3)) {
@@ -5673,6 +5672,15 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
* this as start of content. */
localIdx = start;
pkcs7->contentIsPkcs7Type = 1;
#ifndef NO_PKCS7_STREAM
/* Set streaming variables for PKCS#7 type content.
* length contains the size from [0] EXPLICIT wrapper */
pkcs7->stream->multi = 0;
pkcs7->stream->currContIdx = localIdx;
pkcs7->stream->currContSz = (word32)length;
pkcs7->stream->currContRmnSz = (word32)length;
#endif
}
else {
/* CMS eContent OCTET_STRING */
@@ -5762,7 +5770,6 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
idx = localIdx;
}
else {
/* If either pkcs7->content and pkcs7->contentSz are set
* (detached signature where user has set content explicitly
* into pkcs7->content/contentSz) OR pkcs7->hashBuf and
@@ -5862,7 +5869,7 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
/* copy content to pkcs7->contentDynamic */
if (keepContent && pkcs7->stream->content &&
pkcs7->stream->contentSz >0) {
pkcs7->stream->contentSz > 0) {
pkcs7->contentDynamic = (byte*)XMALLOC(pkcs7->stream->contentSz,
pkcs7->heap, DYNAMIC_TYPE_PKCS7);
if (pkcs7->contentDynamic == NULL) {
@@ -6412,6 +6419,17 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
NO_USER_CHECK) < 0)
ret = ASN_PARSE_E;
/* Update degenerate flag based on if signerInfos SET is empty.
* The earlier degenerate check at digestAlgorithms is an early
* optimization, but depending on degenerate case may not be
* detected until here. */
if (ret == 0) {
degenerate = (length == 0) ? 1 : 0;
#ifndef NO_PKCS7_STREAM
pkcs7->stream->degenerate = (degenerate != 0);
#endif
}
if (ret != 0)
break;
#ifndef NO_PKCS7_STREAM

6
wolfcrypt/src/port/caam/caam_integrity.c
View File

@@ -759,6 +759,9 @@ static Error caamAes(struct DescStruct* desc)
ctx[ctxIdx] = buf;
sz += buf->dataSz;
if (ctx[ctxIdx]->dataSz + offset > (MAX_CTX * sizeof(UINT4))) {
return SizeIsTooLarge;
}
memcpy((unsigned char*)&local[offset],
(unsigned char*)ctx[ctxIdx]->data, ctx[ctxIdx]->dataSz);
offset += ctx[ctxIdx]->dataSz;
@@ -958,6 +961,9 @@ static Error caamAead(struct DescStruct* desc)
ctx[ctxIdx] = buf;
sz += buf->dataSz;
if (ctx[ctxIdx]->dataSz + offset > (MAX_CTX * sizeof(UINT4))) {
return SizeIsTooLarge;
}
memcpy((unsigned char*)&local[offset],
(unsigned char*)ctx[ctxIdx]->data, ctx[ctxIdx]->dataSz);
offset += ctx[ctxIdx]->dataSz;

3239
wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S
View File

File diff suppressed because it is too large Load Diff

3248
wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c
View File

File diff suppressed because it is too large Load Diff

5
wolfcrypt/src/random.c
View File

@@ -813,7 +813,6 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
#ifdef HAVE_HASHDRBG
word32 seedSz = SEED_SZ + SEED_BLOCK_SZ;
WC_DECLARE_VAR(seed, byte, MAX_SEED_SZ, rng->heap);
int drbg_instantiated = 0;
#ifdef WOLFSSL_SMALL_STACK_CACHE
int drbg_scratch_instantiated = 0;
#endif
@@ -1025,8 +1024,6 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg,
seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ,
nonce, nonceSz, rng->heap, devId);
if (ret == 0)
drbg_instantiated = 1;
} /* ret == 0 */
#ifdef WOLFSSL_SMALL_STACK
@@ -1038,8 +1035,6 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
WC_FREE_VAR_EX(seed, rng->heap, DYNAMIC_TYPE_SEED);
if (ret != DRBG_SUCCESS) {
if (drbg_instantiated)
(void)Hash_DRBG_Uninstantiate((DRBG_internal *)rng->drbg);
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
#endif

1
wolfcrypt/src/wc_lms.c
View File

@@ -913,6 +913,7 @@ int wc_LmsKey_Reload(LmsKey* key)
/* Reload the key ready for signing. */
ret = wc_hss_reload_key(state, key->priv_raw, &key->priv,
key->priv_data, NULL);
wc_lmskey_state_free(state);
}
ForceZero(state, sizeof(LmsState));
WC_FREE_VAR_EX(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);

3
wolfcrypt/src/wc_pkcs11.c
View File

@@ -2764,7 +2764,8 @@ static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
if (ret == 0) {
secSz = *info->pk.ecdh.outlen;
if (secSz > (CK_ULONG)info->pk.ecdh.private_key->dp->size)
if (info->pk.ecdh.private_key->dp != NULL &&
secSz > (CK_ULONG)info->pk.ecdh.private_key->dp->size)
secSz = info->pk.ecdh.private_key->dp->size;
params.kdf = CKD_NULL;

34
wolfcrypt/src/wolfentropy.c
View File

@@ -58,7 +58,7 @@ data, use this implementation to seed and re-seed the DRBG.
#define MAX_NOISE_CNT (MAX_ENTROPY_BITS * 8 + ENTROPY_EXTRA)
/* MemUse entropy global state initialized. */
static int entropy_memuse_initialized = 0;
static volatile int entropy_memuse_initialized = 0;
/* Global SHA-3 object used for conditioning entropy and creating noise. */
static wc_Sha3 entropyHash;
/* Reset the health tests. */
@@ -740,6 +740,21 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
int noise_len = (bits + ENTROPY_EXTRA) / ENTROPY_MIN;
static byte noise[MAX_NOISE_CNT];
#ifdef HAVE_FIPS
/* FIPS KATs, e.g. EccPrimitiveZ_KnownAnswerTest(), call wc_Entropy_Get()
* incidental to wc_InitRng(), without first calling Entropy_Init(), neither
* directly, nor indirectly via wolfCrypt_Init(). This matters, because
* KATs must be usable before wolfCrypt_Init() (indeed, in the library
* embodiment, the HMAC KAT always runs before wolfCrypt_Init(), incidental
* to fipsEntry()). Without the InitSha3() under Entropy_Init(), the
* SHA3_BLOCK function pointer is null when Sha3Update() is called by
* Entropy_MemUse(), which ends badly.
*/
if (!entropy_memuse_initialized) {
ret = Entropy_Init();
}
#endif
/* Lock the mutex as collection uses globals. */
if ((ret == 0) && (wc_LockMutex(&entropy_mutex) != 0)) {
ret = BAD_MUTEX_E;
@@ -851,6 +866,19 @@ int Entropy_Init(void)
#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER)
ret = wc_InitMutex(&entropy_mutex);
#endif
if (ret == 0)
ret = wc_LockMutex(&entropy_mutex);
if (entropy_memuse_initialized) {
/* Short circuit return -- a competing thread initialized the state
* while we were waiting. Note, this is only threadsafe when
* WOLFSSL_MUTEX_INITIALIZER is defined.
*/
if (ret == 0)
wc_UnLockMutex(&entropy_mutex);
return 0;
}
if (ret == 0) {
/* Initialize a SHA3-256 object for use in entropy operations. */
ret = wc_InitSha3_256(&entropyHash, NULL, INVALID_DEVID);
@@ -872,6 +900,10 @@ int Entropy_Init(void)
Entropy_StopThread();
#endif
}
if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) {
wc_UnLockMutex(&entropy_mutex);
}
}
return ret;