Commit Graph

19022 Commits

Author SHA1 Message Date
Sean Parkinson 08afe6a404 SP int: div small static code analysis change
_sp_div_small: Make it explicit as possible that we only want the bottom
digit of the product subtracted from the bottom word of t. Top digit is
unnecessary and more cycles used if calculated.
2023-01-30 08:40:45 +10:00
David Garske 06509021ff Merge pull request #6013 from douzzer/20230125-various-fixes
20230125-various-fixes
2023-01-26 15:10:18 -08:00
David Garske 58c2fe1c40 Merge pull request #6011 from SparkiDev/xts_in_place_enc_fix
AES XTS: encrypt not handling in-place properly
2023-01-26 14:04:58 -08:00
Daniel Pouzzner f776371874 wolfcrypt/src/hpke.c: add PRIVATE_KEY_{UNLOCK,LOCK}() wrappers in wc_HpkeSealBase() and wc_HpkeOpenBase();
wolfcrypt/test/test.c: remove PRIVATE_KEY_{UNLOCK,LOCK}() wrappers from hpke_test_single(), and do a smallstack refactor.
2023-01-26 15:00:56 -06:00
Daniel Pouzzner 84a5bb67f2 tests/api.c: in test_tls13_apis(), conditionalize expected return value of wolfSSL_CTX_set_max_early_data() on WOLFSSL_ERROR_CODE_OPENSSL (only affects !OPENSSL_EXTRA paths). 2023-01-26 14:56:50 -06:00
Daniel Pouzzner 4b0e0b88fb configure.ac: restore CPPFLAGS and CFLAGS to list of iterated options rendered into options.h; delete stale .build_params when ENABLED_REPRODUCIBLE_BUILD. 2023-01-26 14:53:56 -06:00
András Fekete 8eacd3acc9 Merge pull request #6015 from dgarske/wolf_products
Add user_settings.h template for wolfTPM
2023-01-26 15:33:54 -05:00
David Garske 10529e6199 Add user_settings.h template for wolfTPM 2023-01-26 10:40:59 -08:00
Daniel Pouzzner c3a5698799 configure.ac/Makefile.am:
add support for EXTRA_CPPFLAGS, EXTRA_CCASFLAGS, and EXTRA_LDFLAGS;

fix typo in setup for CFLAG_VISIBILITY;

lightly refactor handling of CPPFLAGS/AM_CPPFLAGS in handlers for --with-liboqs, --with-wnr, and --with-cavium;

refactor+enhance options.h generation to handle -U directives.
2023-01-25 23:45:21 -06:00
Daniel Pouzzner 022d0e7c89 linuxkm/module_exports.c.template: include hpke.h if HAVE_HPKE. 2023-01-25 23:36:55 -06:00
Daniel Pouzzner 78cc2c5c3e wolfcrypt/src/port/af_alg/afalg_aes.c: in wc_AesCbc{En,De}crypt(), handle WOLFSSL_AES_CBC_LENGTH_CHECKS as in wolfcrypt/aes.c; in wc_AesGcm{En,De}crypt(), truncate ivSz to WC_SYSTEM_AESGCM_IV if necessary. 2023-01-25 23:36:01 -06:00
Daniel Pouzzner 8f2ae77513 wolfcrypt/test/test.c: add missing PRIVATE_KEY_UNLOCK()/PRIVATE_KEY_LOCK() in hpke_test_single(). 2023-01-25 23:32:55 -06:00
David Garske 584411f21a Merge pull request #6012 from kareem-wolfssl/zd15524
Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined.
2023-01-25 18:59:38 -08:00
András Fekete 8ecd906c23 Update open wrt test (#6010)
Adding in tests of various versions of OpenWrt. Also simplified the way to reproduce potential issues and added in breadcrumbs for debugging.

Co-authored-by: Andras Fekete <andras@wolfssl.com>
2023-01-25 13:58:52 -08:00
Kareem c9125f9685 Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined. 2023-01-25 14:49:05 -07:00
David Garske 7e1aecfe4c Merge pull request #6001 from SparkiDev/dsa_sign_sig_size
DSA sign: use mp_to_unsigned_bin_len
2023-01-25 11:59:27 -08:00
David Garske becedd41c9 Merge pull request #6000 from SparkiDev/dsa_force_zero
DSA: Don't force zero MPs on memory allocation failure
2023-01-25 11:59:13 -08:00
Sean Parkinson 214a6bd216 Merge pull request #6009 from douzzer/20230124-fix-HAVE_C___ATOMIC
20230124-fix-HAVE_C___ATOMIC
2023-01-25 15:34:30 +10:00
Sean Parkinson e9af0136b9 AES XTS: encrypt not handling in-place properly
Fix AES XTS in-place encrypt to work when ciphertext stealing.
2023-01-25 09:32:37 +10:00
Daniel Pouzzner b2c751a9ca wolfcrypt/src/asn.c: fix a maybe-uninitialized found by clang --enable-asn=template. 2023-01-24 14:00:22 -06:00
Daniel Pouzzner 5e6005a1a3 m4/ax_atomic.m4: fix conflicting macro definition for HAVE_C___ATOMIC. 2023-01-24 12:08:35 -06:00
David Garske a21c3a3c89 Merge pull request #6005 from SparkiDev/ecc_fp_alloc_fail_oob_1
ECC FP_ECC: zeroize when value set
2023-01-24 07:57:53 -08:00
David Garske c9e1039a54 Merge pull request #6003 from SparkiDev/sp_math_ec_smul
EC scalar mult with SP Math: fix scalar length check
2023-01-24 07:54:02 -08:00
Sean Parkinson a5adfcd5ca ECC FP_ECC: zeroize when value set
accel_fp_mul was zeroizing an uninitialized MP - tk.
Add boolean, indicating to zeroize, that is set when a value is set.
2023-01-24 10:28:49 +10:00
Sean Parkinson e34027ec76 SP EC ASM: mod_mul_norm fix
Handle corner case of overflow in last 32-bit word.
2023-01-24 10:12:32 +10:00
Sean Parkinson 4592f1a5b4 EC scalar mult with SP Math: fix scalar length check
The support curves in SP all have an order length the same as modulus
length. The scalar cannot be larger than the order and so fix the check.
2023-01-24 09:23:19 +10:00
David Garske 4b8ab2550d Merge pull request #6004 from jpbland1/hpke-disable-harden
update hpke to not use rng with ecc when hardening is off
2023-01-23 15:09:30 -08:00
John Bland 44ca98f5b3 add missing NULL checks and remove rng pointer when not needed 2023-01-23 16:03:58 -05:00
David Garske a24a1c8530 Merge pull request #5924 from SparkiDev/ref_cnt_update
Ref count: change to use wolfSSL_Ref
2023-01-23 08:33:37 -08:00
David Garske 9c1d214a61 Merge pull request #6002 from SparkiDev/sp_dh_exp_check_outlen
SP DH Exp: check output length for minimum
2023-01-23 08:32:12 -08:00
John Bland a36276ca3a update hpke to not use rng with ecc when hardening is off 2023-01-23 11:27:23 -05:00
Sean Parkinson 53dfcd00e2 Ref count: change to use wolfSSL_Ref
Data structures changed:
WOLFSSL_CERT_MANAGER, WOLFSSL_CTX, WOLFSSL_SESSION, WOLFSSL_X509,
WOLFSSL_X509, WOLFSSL_EVP_PKEY, WOLFSSL_BIO, WOLFSSL_X509_STORE
2023-01-23 16:29:12 +10:00
Sean Parkinson 1c4e1f8871 SP DH Exp: check output length for minimum
For DH Exp function in SP, don't assume output length has the minimum
length.
2023-01-23 09:43:58 +10:00
Sean Parkinson 90e24d8ba5 DSA sign: use mp_to_unsigned_bin_len
mp_to_unsigned_len checks length and front pads with zeros.

Return MP_VAL when length is too small in all implemenations.
Make TFM implementation check length.
Add test case.
2023-01-23 09:14:24 +10:00
Sean Parkinson ffe302025e DSA: Don't force zero MPs on memory allocation failure
When memory allocation fails, the MPs are not initialized and force zero
is using invalid values.
2023-01-23 08:33:09 +10:00
David Garske a40da56f11 Merge pull request #5996 from douzzer/20230120-fixes
20230120-fixes
2023-01-21 08:32:14 -08:00
Daniel Pouzzner aa776057ff fixes: shellcheck gripes on Docker/OpenWrt/runTests.sh; null pointer derefs and duplicate tests and assigns in src/tls.c and wolfcrypt/src/hpke.c found by cppcheck (nullPointerRedundantCheck, identicalInnerCondition, duplicateAssignExpression). 2023-01-21 00:51:57 -06:00
Daniel Pouzzner d711e4b9f8 Merge pull request #5995 from jpbland1/ech-no-recursion
stop ech from using a recursive function call
2023-01-20 23:47:22 -06:00
tmael 9d73c197e6 Move X509_V errors from enums to defines for HAProxy CLI (#5901)
* Move X509_V errors to openssl/ssl.h

* Have X509_V define errors in wolfssl/ssl.h

* Refactor X509_V errors

* Add wolfSSL_SESSION_set1_id_*

* Fix overlong line
2023-01-20 17:50:26 -08:00
András Fekete b9a544920d Add open wrt test (#5985)
* First test

* Don't forget to run autogen.sh!

* Add tools needed by automake

* Try additional platforms

* Add in qemu for other platforms

* No real support for arm containers

* Fix indentation

* Simplify container build with a testing script

* Simpler names for actions

* No need to distribute OpenWRT test files

* Better list to put ignore files onto

* Create an 'ignore_files' list after all

* Add in some documentation of how OpenWRT tests work

* Fix up naming of OpenWrt

Co-authored-by: Andras Fekete <andras@wolfssl.com>
2023-01-20 16:59:36 -08:00
David Garske 6206ad320c Merge pull request #5992 from tim-weller-wolfssl/zd15423-accepts-large-ivs
Update AES-GCM stream decryption to allow long IVs (ZenDesk #15423)
2023-01-20 16:10:13 -08:00
David Garske d28bd08093 Merge pull request #5994 from bandi13/noAutoCancelActions
Don't auto-cancel GitHub Workflows
2023-01-20 16:09:56 -08:00
John Bland d14d29e32a stop ech from using a recursive function call
update bad return value for when retry_configs is returned, add locks around hkdf functions for private key use
2023-01-20 18:37:19 -05:00
Andras Fekete 7e87623973 Don't auto-cancel GitHub Workflows 2023-01-20 16:17:20 -05:00
tim-weller-wolfssl cf9b865e33 Update AES-GCM stream decryption setup to allow long IV values (already allowed by encryption APIs) 2023-01-20 20:35:39 +00:00
David Garske 8c3cad3e95 Merge pull request #5984 from embhorn/zd15493
Fix Cmake to exclude libm when DH is not enabled
2023-01-20 11:21:09 -08:00
David Garske 8d89d4a168 Merge pull request #5927 from SparkiDev/sp_math_clz
SP math: use count leading zero instruction
2023-01-20 10:33:18 -08:00
David Garske c1e0115092 Merge pull request #5993 from anhu/quic_doc_switcharoo
Move the wolfSSL Configuration section higher in QUIC.md
2023-01-20 09:32:40 -08:00
Anthony Hu 9be01633d1 Move the wolfSSL Configuration section higher in QUIC.md because it is the first step. 2023-01-20 09:49:18 -05:00
Eric Blankenhorn 9f7e82a081 Add WOLFSSL_DH_CONST option to Cmake 2023-01-20 08:42:48 -06:00