Commit Graph

32 Commits

Author SHA1 Message Date
sebastian-carpenter 47a24d7b90 minor coverity fixes for tls ech 2026-03-13 11:04:44 -06:00
sebastian-carpenter bb7c6a13c8 ECH tidying 2026-03-11 12:07:20 -06:00
Daniel Pouzzner cd2386c87e Merge pull request #9894 from philljj/fix_f_280
hpke: add missing ForceZero for eae_prk, key_schedule_context, secret.
2026-03-09 23:38:37 -05:00
jordan 1d3a0ca53a hpke: add missing ForceZero for eae_prk, key_schedule_context, secret. 2026-03-05 15:30:39 -06:00
Daniel Pouzzner b2913d27dd Merge pull request #9842 from rlm2002/coverity
20260227 Coverity changes
2026-03-05 14:53:14 -06:00
Ruby Martin 682901e32e return MP_VAL if n < 0. remove check for max int value
remove comment
2026-03-03 09:50:16 -07:00
Daniel Pouzzner 76bc6e337b wolfcrypt/src/hpke.c, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: implement RFC 9180 overflow checks on context->seq in wc_HpkeContextSealBase() and wc_HpkeContextOpenBase(), and add SEQ_OVERFLOW_E to wolfCrypt_ErrorCodes (Fenrir M-70). 2026-02-27 23:40:37 -06:00
aidan garske 3295a6521c Fix Fenrir issues in wolfcrypt 2026-02-24 18:51:58 -08:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
JacobBarthelmeh 3f9fe491cc adjust C# test and set rng with hpke case 2025-05-07 14:33:15 -06:00
JacobBarthelmeh 69a4607f84 null sanity check on arguments in wc_HpkeContextComputeNonce, CID 515543 2025-04-18 16:47:36 -06:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
John Bland 8ff08740f8 Merge branch 'master' into ech-hello-retry 2025-03-10 03:37:27 -04:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Daniel Pouzzner 7cd2fd3617 numerous fixes for memory errors reported by clang-tidy, most of them true positives, unmasked by CPPFLAGS=-DNO_WOLFSSL_MEMORY: clang-analyzer-unix.Malloc, clang-analyzer-core.NullDereference, clang-analyzer-core.uninitialized.Assign, clang-analyzer-core.UndefinedBinaryOperatorResult, and clang-analyzer-optin.portability.UnixAPI (re malloc(0)).
several fixes for defects reported by cppcheck:

wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;

wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.
2025-01-10 14:30:42 -06:00
Daniel Pouzzner bfeb0ad48e expand opensslcoexist to all low level crypto APIs. 2024-11-22 19:27:56 -06:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
John Bland 34d7229d4e add functions for using an hpke context multiple times 2023-12-29 16:15:54 -05:00
JacobBarthelmeh 21f34ef028 Merge pull request #6905 from bandi13/moreCodeSonarFixes
Don't nag about leaked resources
2023-11-01 14:46:02 -06:00
Andras Fekete 42c241dbbf Avoid use of uninitialized array 2023-10-27 15:38:46 -04:00
JacobBarthelmeh 16b842992d fix for CID 330416 memory leak 2023-10-27 13:27:30 -06:00
Sean Parkinson 2c9609039d Type conversion fixes: make explicit
Changed to types and casting so that there are no implcit conversion
warnings (gcc -Wconversion) in these files.
2023-07-13 08:36:02 +10:00
Juliusz Sosinowicz bed99401a0 hpke.c: use xorbufout in wc_HpkeContextComputeNonce 2023-04-19 17:06:25 +02:00
Daniel Pouzzner f776371874 wolfcrypt/src/hpke.c: add PRIVATE_KEY_{UNLOCK,LOCK}() wrappers in wc_HpkeSealBase() and wc_HpkeOpenBase();
wolfcrypt/test/test.c: remove PRIVATE_KEY_{UNLOCK,LOCK}() wrappers from hpke_test_single(), and do a smallstack refactor.
2023-01-26 15:00:56 -06:00
John Bland 44ca98f5b3 add missing NULL checks and remove rng pointer when not needed 2023-01-23 16:03:58 -05:00
John Bland a36276ca3a update hpke to not use rng with ecc when hardening is off 2023-01-23 11:27:23 -05:00
Daniel Pouzzner aa776057ff fixes: shellcheck gripes on Docker/OpenWrt/runTests.sh; null pointer derefs and duplicate tests and assigns in src/tls.c and wolfcrypt/src/hpke.c found by cppcheck (nullPointerRedundantCheck, identicalInnerCondition, duplicateAssignExpression). 2023-01-21 00:51:57 -06:00
John Bland d14d29e32a stop ech from using a recursive function call
update bad return value for when retry_configs is returned, add locks around hkdf functions for private key use
2023-01-20 18:37:19 -05:00
David Garske 6b6ad38e4f Adds support for TLS v1.3 Encrypted Client Hello (ECH) draft-ietf-tls-esni) and HPKE (Hybrid Public Key Encryption) RFC9180. 2023-01-18 11:37:27 -08:00