Commit Graph

7781 Commits

Author SHA1 Message Date
Anthony Hu 246228e410 Check for PIN before saving it. 2024-09-11 14:39:03 -04:00
Daniel Pouzzner c81c9be9ce error code fixes:
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
2024-09-06 19:33:48 -05:00
David Garske 80a63a3fce Merge pull request #7924 from anhu/pqm4_purge
Get rid of pqm4 in favour our own Kyber/MLDSA implementation
2024-09-06 12:00:26 -07:00
Sean Parkinson 96e2c51f07 Merge pull request #7907 from ColtonWilley/rsa_pad_crypto_cb
Add new crypto callback for RSA with padding.
2024-09-06 08:48:36 +10:00
Sean Parkinson 6fc9dcae07 Merge pull request #7947 from douzzer/20240905-mp_sign_t
20240905-mp_sign_t
2024-09-06 08:46:23 +10:00
Daniel Pouzzner dcaff9dff4 Merge pull request #7944 from JacobBarthelmeh/pkcs12
add parsing over optional PKCS8 attributes
2024-09-05 16:55:44 -05:00
David Garske 887c5abcb1 Merge pull request #7949 from douzzer/20240905-whitespace-and-utf8-cleanup
20240905-whitespace-and-utf8-cleanup
2024-09-05 14:38:19 -07:00
Daniel Pouzzner 9f6a75cdfd Merge pull request #7934 from rizlik/ocsp-get-ca-keyhash-fix
ocsp: search CA by key hash instead of ext key id
2024-09-05 15:03:54 -05:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
Daniel Pouzzner 603c03c0be MPI: add mp_sign_t and sp_sign_t. 2024-09-05 10:37:02 -05:00
JacobBarthelmeh 9a8573afc9 touch up pkcs8 create function and test case warning 2024-09-04 15:48:44 -06:00
JacobBarthelmeh 2a1165460e add parsing over optional PKCS8 attributes 2024-09-04 15:15:53 -06:00
Daniel Pouzzner a31733db85 Merge pull request #7909 from SparkiDev/dilithium_fips204_draft
Dilithium: Support FIPS 204 Draft
2024-09-04 14:34:59 -05:00
Daniel Pouzzner c9ff15da21 Merge pull request #7901 from SparkiDev/memusage_8
Memory usage improvements
2024-09-04 12:34:44 -05:00
David Garske 7c7de235d8 Merge pull request #7937 from douzzer/20240903-missing-WC_NO_ERR_TRACEs
20240903-missing-WC_NO_ERR_TRACEs
2024-09-04 08:07:19 -07:00
Sean Parkinson 88c3e0af22 Memory usage improvements
kdf.c: wc_PRF() - No need for previous, reuse current.
sha256.c: Transform_Sha256() - Add slow but small version for many
register implementation.
sp_int.h: Change 'used' and 'size' fields to 16-bit types when possible.
sp_int.c: Fixes for 16-bit used.
2024-09-04 22:51:31 +10:00
Daniel Pouzzner b26fa6cf59 Merge pull request #7918 from SparkiDev/type_conversion_fixes_3
Type conversion fixes
2024-09-03 20:18:00 -05:00
Daniel Pouzzner 121b8c52f8 Merge pull request #7869 from julek-wolfssl/libspdm-x509
libspdm x509 parts
2024-09-03 20:09:31 -05:00
Daniel Pouzzner 806df85477 backfill more missing WC_NO_ERR_TRACE()s on error code operands, and refactor away the obsolete GEN_MEM_ERR macro mechanism in wolfcrypt/src/ecc.c. 2024-09-03 17:44:11 -05:00
David Garske b7a6c6c314 Fixes for building RISCV ASM with enable-all.
* Fix type warning for SHA512 ByteReverseWords call
* Fix issue with riscv-asm and xchacha.
2024-09-03 09:37:01 -07:00
Marco Oliverio 293719c168 ocsp: search CA by key hash instead of ext key id 2024-09-02 15:25:53 +00:00
Sean Parkinson ed7beb4e0e Type conversion fixes
Changes to get compilation with -Wconversion passing on the files.
2024-09-02 19:19:23 +10:00
Juliusz Sosinowicz 2c9a3c5c1c Missing libspdm features
- RsaFunctionPrivate: detect when only n,e,d are available
- wolfSSL_EVP_add_digest: return success
- wolfSSL_EVP_add_cipher: return success
- wolfSSL_BN_bin2bn: accept NULL data if len is 0 (checked in mp_read_unsigned_bin)
- wolfssl_read_bio: advance correct bio
- wolfSSL_X509_set_ext: return raw extension data for BASIC_CA_OID
- Implement
  - sk_X509_EXTENSION_free
  - d2i_EC_PUBKEY_bio
  - d2i_RSA_PUBKEY_bio
  - d2i_X509_REQ_INFO
  - X509_REQ_INFO_free
  - ASN1_TIME_set_string_X509
2024-09-02 10:01:12 +02:00
Colton Willey 2bcfff3497 Expand testing to include SW implementation of RSA with padding callback, code cleanup to address review comments. 2024-08-30 13:41:51 -07:00
David Garske 13ec0f0694 Merge pull request #7916 from SparkiDev/riscv-sha3-asm
RISC-V ASM: SHA-3
2024-08-30 09:06:36 -07:00
Sean Parkinson d475ecc8d3 Merge pull request #7917 from douzzer/20240828-WOLFSSL_DEBUG_TRACE_ERROR_CODES-TLS
20240828-WOLFSSL_DEBUG_TRACE_ERROR_CODES-TLS
2024-08-30 14:12:20 +10:00
Daniel Pouzzner 4b4000bf61 Merge pull request #7903 from SparkiDev/ecc_sigalgo_params_null
Certificates: ECC signature algorithm parameter
2024-08-29 16:16:08 -05:00
Daniel Pouzzner 17870d4159 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E.
wolfssl/ssl.h, wolfssl/error-ssl.h, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c, and src/internal.c:
* fix values of WOLFSSL_ERROR_SSL and WOLFSSL_ERROR_WANT_X509_LOOKUP to match OpenSSL values;
* move legacy CyaSSL compat layer error codes from ssl.h to error-ssl.h and renumber them to conform to existing sequence;
* move enum IOerrors from ssl.h to error-ssl.h to get picked up by support/gen-debug-trace-error-codes.sh;
* add to enum wolfSSL_ErrorCodes negative counterparts for several positive error return constants;
* include error-ssl.h from ssl.h;
* add label (wolfCrypt_ErrorCodes) to error-crypt.h enum, and in wc_GetErrorString(), use switch ((enum wolfCrypt_ErrorCodes)error) to activate switch warnings for missing enums;
* in wolfSSL_ERR_reason_error_string(), use switch((enum wolfSSL_ErrorCodes)error) to activate switch warnings for missing enums;
* in ssl.h, add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* in error-crypt.h, add missing WOLFSSL_API attribute to wc_backtrace_render(); and
* harmonize gating of error codes, ssl.h / error-ssl.h / internal.c:wolfSSL_ERR_reason_error_string() / api.c:error_test().

tests/api.c:
* add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().
* in post_auth_version_client_cb(), add missing !NO_ERROR_STRINGS gating.

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-29 14:22:56 -05:00
Anthony Hu 844d0ec558 Get rid of pqm4 in favour our own Kyber/MLDSA implementation 2024-08-29 13:23:39 -04:00
Reda Chouk 109e4c3dfb added missing wolfSSL_X509_NAME_free(dName) 2024-08-29 17:59:02 +02:00
Sean Parkinson 7c3d66ecd6 RISC-V ASM: SHA-3
Add assembly implementations of SHA-3.
Use VSRL_VX instead of two VSRL_VI operations as immediate is only 5
bits.
2024-08-29 17:58:02 +10:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
Sean Parkinson a3e239c2ad Certificates: ECC signature algorithm parameter
Allow, with a define, ECC signature algorithm parameters to be NULL and
not just empty.
Only for interop.
2024-08-28 11:10:41 +10:00
Sean Parkinson 652158fcac Dilithium: Support FIPS 204 Draft
Compile with WOLFSSL_DILITHIUM_FIPS204_DRAFT to get code that implements
the FIPS-204 August 2023 DRAFT.
Alternatively, --enable-dilithium=draft or
--enable-dilithium=fips204-draft
2024-08-28 11:02:01 +10:00
Colton Willey b7299a23c0 Add new crypto callback for RSA with padding. 2024-08-27 13:09:23 -07:00
Daniel Pouzzner 90152fedda Merge pull request #7902 from gasbytes/wc_pkcs7_decodeauthenvelopeddata-problem
Added check on error out from wc_PKCS7_EncodeAuthEnvelopedData
2024-08-27 00:40:21 -05:00
Daniel Pouzzner 2537e08a99 Merge pull request #7890 from embhorn/zd18463
Various Coverity fixes
2024-08-26 23:34:23 -05:00
Reda Chouk 25dd8b641e added check on error out from wc_PKCS7_EncodeAuthEnvelopedData 2024-08-26 19:29:06 +02:00
Sean Parkinson 60f438f0c3 Dilithum, Kyber: Update to final specification
FIPS 203 and FIPS 204 final specification changes.
2024-08-26 17:42:27 +10:00
Daniel Pouzzner 3f0ba97d1e Merge pull request #7893 from gojimmypi/pr-asn-allow-zero-serial
Introduce WOLFSSL_ASN_ALLOW_0_SERIAL
2024-08-23 21:09:41 -05:00
Daniel Pouzzner 1d34b565fa Merge pull request #7891 from SparkiDev/test_fixes_2
Test fixes
2024-08-23 21:08:44 -05:00
Daniel Pouzzner a39f521f7f Merge pull request #7884 from dgarske/x86_notwindows
Fixes for building x86 in Visual Studio for non-windows OS
2024-08-23 17:38:30 -05:00
Eric Blankenhorn 6dab58266d Various Coverity fixes 2024-08-23 16:09:18 -05:00
gojimmypi 8baf39310f Introduce WOLFSSL_ASN_ALLOW_0_SERIAL 2024-08-22 12:30:15 -07:00
Sean Parkinson 08d8a74992 Test fixes
api.c:
	Update #ifdefs.
sp_int.c:
	Fix free call when hardening is disabled.
2024-08-22 16:09:22 +10:00
Sean Parkinson e99bbf9429 Merge pull request #7875 from douzzer/20240814-debug-trace-errcodes-MP
20240814-debug-trace-errcodes-MP
2024-08-22 10:10:45 +10:00
Daniel Pouzzner 05c4955316 linuxkm: add support for WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES using dump_stack(). 2024-08-20 23:36:07 -05:00
Daniel Pouzzner 0da78a7ee2 move several MP error codes from wolfssl/wolfcrypt/sp_int.h, wolfssl/wolfcrypt/tfm.h, and wolfssl/wolfcrypt/integer.h, to wolfssl/wolfcrypt/error-crypt.h, harmonizing their names and numbers.
wolfssl/wolfcrypt/error-crypt.h: add WC_FIRST_E.

wolfcrypt/src/error.c: add MP error code strings.

wolfssl/error-ssl.h: add WOLFSSL_FIRST_E and WOLFSSL_LAST_E.

wolfcrypt/test/test.c: update error_test() for new error code layout, refactoring the "missing" check.

src/internal.c: use WC_FIRST_E and WC_LAST_E  in wolfSSL_ERR_reason_error_string().

src/ssl.c: fix wolfSSL_ERR_GET_REASON() to identify in-range error codes using WC_FIRST_E, WC_LAST_E, WOLFSSL_FIRST_E, and WOLFSSL_LAST_E.

sp_int.h: provide for WOLFSSL_DEBUG_TRACE_ERROR_CODES, and refactor MP error codes as enums, for consistency with other error codes.

wolfcrypt/src/ecc.c: fix 2 identicalInnerCondition's.
2024-08-20 14:09:06 -05:00
Juliusz Sosinowicz 3260a9b680 Address code review 2024-08-20 10:53:44 +02:00
David Garske 294362a0b7 Fixes for building x86 in Visual Studio for non-windows OS. 2024-08-19 13:00:41 -07:00