Commit Graph

88 Commits

Author SHA1 Message Date
Eric Blankenhorn 355081b123 Fix test with cast 2026-03-06 07:33:52 -06:00
Eric Blankenhorn d638824b63 Fix F382 to harden wc_FreeDsaKey 2026-03-05 15:16:55 -06:00
Eric Blankenhorn f093268bb9 Fix F381 to harden wc_MakeDsaKey 2026-03-05 15:15:41 -06:00
Eric Blankenhorn 967aaa2c56 Fix F380 to harden wc_MakeDsaKey 2026-03-05 15:14:47 -06:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Sean Parkinson dacb3425cd DSA Parameter Generation: init g earlier
Ensure dsa->g is initialized with other mp_ints so that it can be
cleared at the end regardless of failures.

Don't clear tmp or tmp2 if allocation or initialization failed as you
will access uninitialized data.
2025-12-15 09:12:11 +10:00
Daniel Pouzzner 7ea66aeffe refactor WOLFSSL_LINUXKM gates as generic WOLFSSL_KERNEL_MODE gates where appropriate:
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).

rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.

rename lkm_printf() to wc_km_printf().

replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H

remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
2025-09-29 16:59:12 -05:00
Daniel Pouzzner 77dccc0c32 linuxkm:
* add wc_linuxkm_check_for_intr_signals(), wc_linuxkm_relax_long_loop(),
  WC_CHECK_FOR_INTR_SIGNALS(), WC_RELAX_LONG_LOOP(), SAVE_NO_VECTOR_REGISTERS(),
  RESTORE_NO_VECTOR_REGISTERS(), and new error code INTERRUPTED_E ("Process
  interrupted");

* update the no-asm remaps in the PK implementations to use
  SAVE_NO_VECTOR_REGISTERS() and RESTORE_NO_VECTOR_REGISTERS(), so that inner
  loops in them are always covered by the new logic.
2025-07-25 15:56:48 -05:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
David Garske 165f868be1 Fix for warning: ‘free’ called on unallocated object ‘buf’. 2025-05-29 17:15:55 -07:00
David Garske 482f2bdd2a Refactor to support CSR generation and signing with WOLFSSL_NO_MALLOC. Also for DSA. Don't test no malloc with ECC custom curves. 2025-05-27 14:51:16 -07:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Daniel Pouzzner 22e95081cd Merge pull request #8181 from gojimmypi/dev-compiler-message
Initialize vars & change types to appease Windows/VS
2024-12-16 23:19:05 -06:00
Reda Chouk 378519d7fb Adding missing checks missing initialization of sp_int/mp_int initialization (
in case of MEMORY_E).

removed printf (added for previous debugging)
2024-11-21 23:55:34 +01:00
gojimmypi 5d86031f57 Initialize vars & change types to appease Windows/VS 2024-11-17 17:50:17 -08:00
David Garske 99daac3974 Improvement for SAVE_VECTOR_REGISTERS 2024-11-01 13:57:02 -07:00
Daniel Pouzzner c81c9be9ce error code fixes:
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
2024-09-06 19:33:48 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Daniel Pouzzner b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
Daniel Pouzzner 6146485d2a linuxkm/linuxkm_wc_port.h:
* add support for DEBUG_LINUXKM_FORTIFY_OVERLAY to allow KASAN analysis of the overlay without actually enabling CONFIG_FORTIFY_SOURCE (which is buggy in combination with KASAN).
* make SAVE_VECTOR_REGISTERS2 definition conditional on !defined(SAVE_VECTOR_REGISTERS2).

wolfssl/wolfcrypt/memory.h: fix the DEBUG_VECTOR_REGISTER_ACCESS definition for SAVE_VECTOR_REGISTERS to properly omit the on-success bookkeeping code even if the supplied fail_clause doesn't return.

wolfcrypt/src/rsa.c: in wc_MakeRsaKey() primality loop, invoke RESTORE_VECTOR_REGISTERS() SAVE_VECTOR_REGISTERS() to prevent lengthy kernel lockups.

wolfcrypt/src/dh.c: in wc_DhGenerateParams() primality loop, invoke RESTORE_VECTOR_REGISTERS() SAVE_VECTOR_REGISTERS() to prevent lengthy kernel lockups.

wolfcrypt/src/{curve25519.c,dh.c,dsa.c,ecc.c,eccsi.c,rsa.c,sakke.c,sp_int.c}: when WOLFSSL_LINUXKM, force {SAVE,RESTORE}_VECTOR_REGISTERS() to WC_DO_NOTHING if settings gate out applicable asm.
2024-02-09 00:47:23 -06:00
Dimitri Papadopoulos 50752f5a2b Fix typos found by codespell 2023-07-04 07:21:27 +02:00
Sean Parkinson b62e0b7ceb Fix type conversion warnings by gcc 2023-06-01 14:21:41 +10:00
John Bland 566fa1179f add ex functions to use other digest algorithms 2023-05-25 12:50:23 -04:00
David Garske 22a5a5c45e Add introspection for math build and math cleanups:
* Add introspection for math build.
* Raise build error if more than one multi-precision math library used.
* Fix ESP32 to support using any multi-precision math option.
* Refactor math headers to use `wolfmath.h`
* Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32).
* Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`.
* Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings.

Applies To:
```
WOLFSSL_ESPWROOM32
WOLFSSL_ESPWROOM32SE
MICROCHIP_PIC32
WOLFSSL_PICOTCP_DEMO
WOLFSSL_UTASKER
WOLFSSL_NRF5x
FREERTOS_TCP
WOLFSSL_TIRTOS
EBSNET
FREESCALE_COMMON
FREESCALE_KSDK_BM
WOLFSSL_DEOS
MICRIUM
WOLFSSL_SGX
```
2023-03-30 14:42:55 -07:00
Andras Fekete 08c63d55dc Addressing PR comments 2023-02-08 13:18:13 -05:00
Andras Fekete 38f2f43705 Fix for calling 'mp_clear(tmp)' without having called 'mp_init(tmp)' 2023-02-08 13:08:12 -05:00
David Garske 7e1aecfe4c Merge pull request #6001 from SparkiDev/dsa_sign_sig_size
DSA sign: use mp_to_unsigned_bin_len
2023-01-25 11:59:27 -08:00
Sean Parkinson 90e24d8ba5 DSA sign: use mp_to_unsigned_bin_len
mp_to_unsigned_len checks length and front pads with zeros.

Return MP_VAL when length is too small in all implemenations.
Make TFM implementation check length.
Add test case.
2023-01-23 09:14:24 +10:00
Sean Parkinson ffe302025e DSA: Don't force zero MPs on memory allocation failure
When memory allocation fails, the MPs are not initialized and force zero
is using invalid values.
2023-01-23 08:33:09 +10:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Masashi Honma 6086728968 Fix possible segfault occurs when mp_clear() is executed for uninitialized mp_int
If NULL is passed as the digest argument of wc_DsaSign(), mp_clear() will be
called before mp_init() is called. This can cause segmentation fault.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-16 09:57:02 +09:00
Masashi Honma f621defefe Fix the segfault occurs when mp_clear() is executed for uninitialized mp_int on i386
test_wc_DsaSignVerify() passes the tests but causes an error.

free(): invalid pointer

If NULL is passed as the digest argument of wc_DsaVerify(), mp_clear() will be
called before mp_init() is called. On qemu-i386, the dp field of the mp_int
structure is non-null by default, which causes a segmentation fault when calling
mp_clear(). However, if WOLFSSL_SMALL_STACK is enabled, this problem does not
occur.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-16 09:56:56 +09:00
Daniel Pouzzner 7915f6acb0 linuxkm: add the remainder of known needed SAVE_VECTOR_REGISTERS() wrappers to PK algs, add DEBUG_VECTOR_REGISTERS_{EXIT,ABORT}_ON_FAIL options; add a slew of ASSERT_SAVED_VECTOR_REGISTERS() to sp_x86_64.c (autogenerated, separate scripts commit to follow). 2021-10-26 20:24:29 -05:00
Daniel Pouzzner 342e319870 dsa.c: fix up comment spelling/typography in wc_MakeDsaKey(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner 87578262aa wolfcrypt smallstack refactors:
rsa.c: wc_CompareDiffPQ()

dh.c: wc_DhGenerateParams()

dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()

srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()

ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()

test.c: GenerateNextP() dh_generate_test() GenerateP()
2021-10-26 20:24:27 -05:00
Jacob Barthelmeh c07a7deec2 sanity check on q value with DSA sign 2021-10-18 10:17:49 -06:00
Jacob Barthelmeh 63c9fa7a37 add check on bit length of q with DSA 2021-10-11 09:52:57 -06:00
Juliusz Sosinowicz 10168e093a Rebase fixes 2021-07-23 18:14:54 +02:00
Juliusz Sosinowicz c7d6e26437 Fix DSA signature length
The length of the DSA signature is 40 bytes for N=160 but 64 bytes for N=256. New enum values are added for better clarity.
2021-07-23 18:14:18 +02:00
Juliusz Sosinowicz 142ff6d885 Bind 9.11.22 2021-07-23 18:14:18 +02:00
Daniel Pouzzner 05128968f6 fixes for null pointer accesses detected by clang sanitizer. also, gate SuiteTest() on !NO_WOLFSSL_CIPHER_SUITE_TEST in tests/unit.c, greatly reducing time to completion when not debugging cipher suites. 2021-07-16 13:49:47 -05:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Sean Parkinson e4f8545e36 SP math all: sp_exch fixed up 2021-02-15 10:29:45 +10:00
Daniel Pouzzner 0b42f3ae72 wolfcrypt/src/dsa.c: disable MSVC warning C4127 (compiler bug) as in wolfcrypt/src/tfm.c and src/internal.c. 2020-12-11 14:16:44 -06:00
Daniel Pouzzner f2e1595eef wolfcrypt/src/dsa.c: use do{}while(0) with break, rather than goto, for top level flow control in wc_DsaSign() and wc_DsaVerify() smallstack refactor. 2020-12-11 14:16:44 -06:00
Daniel Pouzzner 2ed75402b8 wc_DsaSign(): removal several redundant mp_clear()s preceded by mp_forcezero()s. 2020-12-11 14:16:44 -06:00
Daniel Pouzzner f49e9bf954 dsa.c, srp.c, wolfcrypt/test/test.c: smallstack refactors: wc_DsaExportKeyRaw(), wc_DsaSign(), wc_SrpSetKey(), ecc_test_cdh_vectors(), ecc_test_custom_curves(). 2020-12-10 14:16:21 -06:00