Commit Graph

112 Commits

Author SHA1 Message Date
Sean Parkinson 1b29f7353a Check memory is zeroized
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.

wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.

Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
2022-06-16 10:22:32 +10:00
Sean Parkinson f1ce0cc95d Memory zeroization fixes
Zeroize secrets in stack buffers and allocated memory.
mp_forcezero to ensure private MP integers are zeroized.
Fix whitespace and add some comments.
2022-06-15 11:26:11 +10:00
Jacob Barthelmeh 9bf4a94796 with WOLFSSL_NO_DH186 restriction allow odd DH param size generations 2022-04-25 15:13:24 -06:00
Sean Parkinson b5ed5c9b99 RSA/DH: check for even modulus 2022-02-23 09:51:15 +10:00
Daniel Pouzzner d36a1be74b wolfcrypt/src/dh.c: fixes for cppcheck complaints: identicalInnerCondition 2022-01-08 00:29:18 -06:00
David Garske 38214bd083 Disable the FIPS consistency checks in ECC and DH for key generation by default. 2021-12-22 10:06:19 -08:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Daniel Pouzzner 7915f6acb0 linuxkm: add the remainder of known needed SAVE_VECTOR_REGISTERS() wrappers to PK algs, add DEBUG_VECTOR_REGISTERS_{EXIT,ABORT}_ON_FAIL options; add a slew of ASSERT_SAVED_VECTOR_REGISTERS() to sp_x86_64.c (autogenerated, separate scripts commit to follow). 2021-10-26 20:24:29 -05:00
Daniel Pouzzner 62c1bcae8a linuxkm: {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around RSA, DH, and ECC routines that might use sp-asm. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner 87578262aa wolfcrypt smallstack refactors:
rsa.c: wc_CompareDiffPQ()

dh.c: wc_DhGenerateParams()

dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()

srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()

ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()

test.c: GenerateNextP() dh_generate_test() GenerateP()
2021-10-26 20:24:27 -05:00
John Safranek c31ed64eb5 Add guard around the public key check for DH to skip it when we have
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
2021-10-26 20:24:26 -05:00
John Safranek 175bab9a6f Add missed step in DH key pair generation. 2021-10-26 20:24:26 -05:00
John Safranek 04ffd2ab45 Fixes:
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
John Safranek 5d7c6dda72 Restore the PCTs to ECC and DH. 2021-10-26 20:24:25 -05:00
John Safranek 1065d2accf Fix some Windows build warnings. 2021-10-26 20:24:25 -05:00
John Safranek 9022762e5a Check to see if a pointer is nonnull that is expected to be. 2021-10-26 20:24:25 -05:00
John Safranek 908ec9b14a Modify ffdhe to not return addresses. 2021-10-26 20:24:25 -05:00
John Safranek 54a1b4c881 Remove redundant pairwise test from DH and ECC. 2021-10-26 20:24:25 -05:00
John Safranek 3b5c8231c2 Move the PCT down to where it used to be located as CheckKeyPair. 2021-10-26 20:24:25 -05:00
John Safranek 86c040a3ae Rename the PCT error codes to remove 'FIPS' since they can be enabled without FIPS. 2021-10-26 20:24:25 -05:00
John Safranek a967cbcb7b 56Ar3 Testing Updates
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
2021-10-26 20:24:25 -05:00
John Safranek a2f802199d DH key gen should call DH check key. 2021-10-26 20:24:25 -05:00
John Safranek e67bbf7526 1. Add flag to DH keys when using safe parameters.
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
2021-10-26 20:24:25 -05:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel)
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
Jacob Barthelmeh 360c961b48 fix for unused variable in dh.c from Jenkins test 2021-03-18 20:34:38 +07:00
Jacob Barthelmeh 12b290cbaf remove duplicate (deadcode) for clearing mp_int's 2021-03-17 17:34:54 +07:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
toddouska 30462fcf95 Merge pull request #3756 from SparkiDev/sp_math_dh_agree
DH SP math: return key size error with DH Agree
2021-02-15 12:26:04 -08:00
Sean Parkinson e4f8545e36 SP math all: sp_exch fixed up 2021-02-15 10:29:45 +10:00
Sean Parkinson 4b1c89ab38 DH SP math: return key size error with DH Agree
SP math requires SP to support DH operations.
When SP doesn't support bit size, WC_KEY_SIZE_E must be returned.
2021-02-15 09:04:43 +10:00
Juliusz Sosinowicz 25f5427bdd Rebase and test fixes 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz 85b1196b08 Implement/stub:
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 728f4ce892 Implement/stub:
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
2020-12-17 14:26:49 +01:00
Sean Parkinson 91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
John Safranek 4f8c2b971f Move the binSz check variable to a spot where it is only declared in the same condition it is used and initialize it to zero. 2020-10-17 19:07:44 -07:00
John Safranek 4364700c01 DH Fix
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
   doesn't need to be in the check for weOwnDh before freeing. There
   could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
   destination buffer should be stored at the location pointed to by the
   size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
   value before generating or getting the DH keys.
2020-10-16 15:35:23 -07:00
David Garske 1b051d9c5b TLS v1.3 sniffer support:
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
David Garske b947f69f60 Fix to correct SP 4096-bit enable. Correct nonexistent WOLFSSL_SP_NO_4096, which should be WOLFSSL_SP_4096. 2020-06-01 10:49:08 -07:00
toddouska bcc720ef68 Merge pull request #2773 from SKlimaRA/master
Coverity issues fixes.
2020-03-13 10:20:45 -07:00
Sean Parkinson 55ea2facdd Changes to clear issues raised by cppcheck 2020-01-30 14:24:32 +10:00
Stanislav Klima 77b69ebf56 Logically dead code. 2020-01-29 17:29:23 +01:00
JacobBarthelmeh 6b4551c012 Merge pull request #2654 from cariepointer/qt-512-513
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
Carie Pointer b9c99709f7 Fixes from review 2020-01-08 12:48:01 -07:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
Sean Parkinson 5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
Sean Parkinson 0bc16d47e2 Add support for prime checking to sp_int.c
This allows SP to support:
- DH parameter checking
- DH parameter generation
- RSA key generation
Improved performance of sp_mod operation.
Reworked some functions to have one exit point (return statement).
Fixed sp_sub_d().
Changed tests to perform 2048-bit RSA key generation only when using SP
math.

Fixed Intel x86_64 C file to not have DH specific functions available
unless WOLFSSL_HAVE_SP_DH is defined.
Fixed tfm to return an error when t is not the correct size in
fp_isprime_ex().
2019-09-19 09:08:15 +10:00
Sean Parkinson ee023c6bf4 Simple checks of DH public value from peer.
Add test for wc_DhCheckPubValue
2019-06-25 11:12:33 +10:00
Martin Kinčl d42bdf9c0b Removed unused variable keyQ from _DhSetKey. 2019-05-27 12:44:10 +02:00