Commit Graph

828 Commits

Author SHA1 Message Date
Sean Parkinson fbd69f9b48 ECC: when multiplying by zero, set z to 1
Make sure zero times a point is infinity but z is 1 as it is assumed
later on.
2024-06-18 11:30:57 +10:00
Daniel Pouzzner b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
David Garske 5a0594d257 Match wc_ecc_ctx_set_kdf_salt argument names between header and implementation. 2024-05-20 08:38:23 -07:00
David Garske 95095f5bc4 Add option for using a custom salt for ourselves. ZD 17988 2024-05-17 08:16:04 -07:00
Sean Parkinson b63f308812 fixup 2024-05-15 09:07:04 +10:00
Sean Parkinson 36754683d6 ECC: handle zero in wc_ecc_mulmod()
Public API needs to handle multiplying by zero as the underlying code
doesn't and needn't.
2024-05-15 09:05:31 +10:00
Sean Parkinson b7eca574bb SSL/TLS: blind private key DER
When WOLFSSL_BLIND_PRIVATE_KEY is defined, blind the private key DER
encoding so that stored private key data is always changing.
2024-05-14 09:47:51 +10:00
Sean Parkinson f24ebdde25 ECC: blind private key after use in signing
Use a mask to blind the private key after use so that stored private key
is always changing.
2024-05-14 09:41:06 +10:00
David Garske eaa5edb65b Support for ECC_CACHE_CURVE with no malloc. ZD 17774 2024-04-30 08:22:56 -07:00
David Garske 5af0b1e83b Improved the prioritization of crypto callback vs async crypt in ECC and RSA. Resolves possible use of uninitialized value on ECC/RSA key when PKCS11 is enabled. See #7482 2024-04-29 10:34:01 -07:00
kaleb-himes 24eed7de34 Remove debug printf and place comments inside gate 2024-04-24 10:55:13 -04:00
kaleb-himes 80d21f10c6 Remove excess empty line 2024-04-23 13:47:26 -04:00
kaleb-himes 690671d447 ECC allow keyVer of 192-bit (import OK, generate restricted) 2024-04-23 13:45:41 -04:00
kaleb-himes ef2a636610 Expose additional features of opensslall in a compliant way 2024-04-09 09:48:33 -06:00
kaleb_himes 81f5ac7f6c SRTP-KDF FS Preview 2024-04-09 09:48:33 -06:00
JacobBarthelmeh d4f5825fd2 fix for sp build with ecc_map_ex 2024-04-02 11:40:53 -06:00
Marco Oliverio 0a03940f5a wolfcrypt: wc_ecc_cmp_param: check string len before strncmp
also return -1 on param mismatch.
2024-03-26 14:59:41 +01:00
gojimmypi 56f3c93272 Revert per https://github.com/wolfSSL/wolfssl/pull/7304#pullrequestreview-1925571495 2024-03-08 12:05:54 -08:00
gojimmypi e40eb3c774 Update Arduino examples; add wolfcrypt breadcrumbs. 2024-03-06 15:13:37 -08:00
Daniel Pouzzner dfbde4514b global refactor of static mutex initialization to use WOLFSSL_MUTEX_INITIALIZER, and adjustment of WOLFSSL_MUTEX_INITIALIZER macro to take an argument, for Linux kernel compatibility. 2024-02-29 02:11:32 -06:00
JacobBarthelmeh 2f6cd765f1 revert some macro guards for support with sp math 2024-02-24 01:07:05 +07:00
JacobBarthelmeh 2364b699ff add support for crypto cb only with ECC and CAAM 2024-02-23 08:09:19 -08:00
Sean Parkinson d5142d8553 Merge pull request #7234 from douzzer/20240208-test-config-and-linuxkm-tweaks
20240208-test-config-and-linuxkm-tweaks
2024-02-12 22:50:28 +10:00
Daniel Pouzzner 6146485d2a linuxkm/linuxkm_wc_port.h:
* add support for DEBUG_LINUXKM_FORTIFY_OVERLAY to allow KASAN analysis of the overlay without actually enabling CONFIG_FORTIFY_SOURCE (which is buggy in combination with KASAN).
* make SAVE_VECTOR_REGISTERS2 definition conditional on !defined(SAVE_VECTOR_REGISTERS2).

wolfssl/wolfcrypt/memory.h: fix the DEBUG_VECTOR_REGISTER_ACCESS definition for SAVE_VECTOR_REGISTERS to properly omit the on-success bookkeeping code even if the supplied fail_clause doesn't return.

wolfcrypt/src/rsa.c: in wc_MakeRsaKey() primality loop, invoke RESTORE_VECTOR_REGISTERS() SAVE_VECTOR_REGISTERS() to prevent lengthy kernel lockups.

wolfcrypt/src/dh.c: in wc_DhGenerateParams() primality loop, invoke RESTORE_VECTOR_REGISTERS() SAVE_VECTOR_REGISTERS() to prevent lengthy kernel lockups.

wolfcrypt/src/{curve25519.c,dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sakke.c,sp_int.c}: when WOLFSSL_LINUXKM, force {SAVE,RESTORE}_VECTOR_REGISTERS() to WC_DO_NOTHING if settings gate out applicable asm.
2024-02-09 00:47:23 -06:00
gojimmypi bf29066d70 Add wolfSSL debug messages 2024-02-08 17:22:36 -08:00
Daniel Pouzzner 3d3c07944e wolfcrypt/src/ecc.c: fix logic around WOLF_CRYPTO_CB_ONLY_ECC in wc_ecc_shared_secret(), _ecc_make_key_ex(), wc_ecc_sign_hash(), and wc_ecc_verify_hash() (defects reported by -Wreturn-type, -Wmaybe-uninitialized around err, and a failure of ecc_onlycb_test()). 2024-01-29 22:30:33 -06:00
John Bland 41ea1109ec update uses of wolfSSL_X509_new and wolfSSL_X509_d2i
where heap doesn't require a new ex function or struct field to avoid size increase
2024-01-17 18:46:24 -05:00
Daniel Pouzzner b17ec3b4bc cppcheck-2.13.0 mitigations peer review:
* add explanation in DoSessionTicket() re autoVariables.
* re-refactor ECC_KEY_MAX_BITS() in ecc.c to use two separate macros, ECC_KEY_MAX_BITS() with same definition as before, and ECC_KEY_MAX_BITS_NONULLCHECK().
* in rsip_vprintf() use XVSNPRINTF() not vsnprintf().
* in types.h, fix fallthrough definition of WC_INLINE macro in !NO_INLINE cascade to be WC_MAYBE_UNUSED as it is when NO_INLINE.
2023-12-28 16:38:47 -06:00
Daniel Pouzzner 44b18de704 fixes for cppcheck-2.13.0 --force:
* fix null pointer derefs in wc_InitRsaKey_Id() and wc_InitRsaKey_Label() (nullPointerRedundantCheck).
* fix use of wrong printf variant in rsip_vprintf() (wrongPrintfScanfArgNum).
* fix wrong printf format in bench_xmss_sign_verify() (invalidPrintfArgType_sint).
* add missing WOLFSSL_XFREE_NO_NULLNESS_CHECK variants of XFREE() (WOLFSSL_LINUXKM, FREESCALE_MQX, FREESCALE_KSDK_MQX).
* suppress false-positive uninitvar on "limit" in CheckTLS13AEADSendLimit().
* suppress true-but-benign-positive autoVariables in DoClientHello().
* in wolfcrypt/src/ecc.c, refactor ECC_KEY_MAX_BITS() as a local function to resolve true-but-benign-positive identicalInnerCondition.
* refactor flow in wc_ecc_sign_hash_ex() to resolve true-but-benign-positive identicalInnerCondition.
2023-12-28 15:06:21 -06:00
Chris Conlon fb6b022f42 Merge pull request #7020 from SparkiDev/ecc_gen_k_by_reject
ECC: generate values in range of order by rejection
2023-12-14 14:54:39 -07:00
David Garske 1cf87ce0c9 Spelling fix. 2023-12-14 12:14:30 -08:00
Sean Parkinson 21f53f37a1 ECC: generate values in range of order by rejection
When generating private key and nonce for ECDSA, use rejection sampling.
Note: SP uses this algorithm
2023-12-12 14:55:56 +10:00
Daniel Pouzzner 962bf88c9d wolfcrypt/src/ecc.c: add missing semicolon in SAVE_VECTOR_REGISTERS() args. 2023-11-29 11:59:35 -06:00
Sean Parkinson 26a9435f5c ECC point double: when z ordinate is 0 point is infinity
Recognize z == 0 as infinity in result of double.
2023-11-15 16:43:06 +10:00
Sean Parkinson 2213306386 ECC double point: SECP112R2 and SEC128R2 are Koblitz curves
SECP112r2 and SECP128R2 are Koblitz curves, so don't compile them in
unless HAVE_ECC_KOBLITZ is defined. This requires custom curves which
enables point doubling to support A != -3.
2023-11-15 13:30:45 +10:00
David Garske 33e12e3537 Support for the STM32WL55 and PKA improvements for ECC parameters. Fixes #6386 and Fixes #6396. 2023-11-01 13:55:31 -07:00
Sean Parkinson abd7bb3ac3 ECC SM2 import private key: check less than order-1
SM2 curves must have private key less than order-1 instead of order.
2023-10-19 17:29:25 +10:00
JacobBarthelmeh 79a6e1eb04 Merge pull request #6808 from SparkiDev/sp_sm2
SP updates for SM2
2023-10-13 10:17:17 -06:00
Sean Parkinson 0cc21a42f3 SP updates for SM2
Allow wolfSSL to build with SP implementations of SM2.
Updates to SP implementation of other code.
2023-10-13 08:14:15 +10:00
Sean Parkinson e55e6790dd mp_sqrtmod_prime: bail early on the check for small values
When using custom curves, only use the first 22 values with the prime to
calculate Legendre symbol. The known curves work and defeats long running
times when non-prime values are passed in.
2023-10-03 16:48:34 +10:00
Andras Fekete 186d3c2eb4 Fixes to various Async issues 2023-09-19 13:10:16 -04:00
Andras Fekete ad9779cdc1 Explicitly define code with WOLFCRYPT_ASYNC_CRYPT_SW 2023-09-19 13:10:16 -04:00
Sean Parkinson 00a08374df Merge pull request #6707 from JacobBarthelmeh/xilinx
use flush instead of invalidate
2023-09-08 07:07:08 +10:00
Sean Parkinson 41d6afcfa1 ECIES: add support for other KDFs 2023-08-30 10:37:57 +10:00
Sean Parkinson 36b92a4cef Thumb2 ASM, Curve25519
Add support for compiling ASM for Thumb2
Add Curve25519 ASM for Thumb2
Limit assembly code compiled when Ed25519 not required.
Rework all assembly implementations to replace ge_*() functions instead
of having fe_ge_*() versions that take many parameters.
Get ARM32 inline asm working.
2023-08-24 17:43:03 +10:00
Sean Parkinson b156e83990 Merge pull request #6711 from bandi13/mp_sqrtmod_prime-static
Set mp_sqrtmod_prime as static
2023-08-18 07:13:55 +10:00
Andras Fekete c917eee70e Set mp_sqrtmod_prime as static
This function is not in any header files, and wasn't meant to be exposed.
2023-08-17 13:52:17 -04:00
JacobBarthelmeh c3ebfd133b use flush instead of invalidate 2023-08-15 15:05:47 -07:00
Andras Fekete 437c2020bd Add in another clamp to prevent infinite loops
M = i - 1 would make it 2^0. Anything above that would be negative powers which don't make sense.
2023-08-15 17:05:43 -04:00
JacobBarthelmeh 46229bb167 Merge pull request #6693 from bandi13/ZD16551
Add in clamp for mp_sqrtmod_prime
2023-08-11 09:22:53 -06:00