Commit Graph

433 Commits

Author SHA1 Message Date
Sean Parkinson 31cfcdf3f0 sp_int.c: comment fixes
Fix comments.
Reformat @param lines.
Reformat XMALLOC lines.
Fix lines to be no longer than 80 characters.
2026-03-11 14:45:10 +10:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
David Garske 6bdc6a7550 Merge pull request #9618 from SparkiDev/volatile_multi_statement
Multiple volatile variables in a C statement undefined
2026-01-20 10:42:49 -08:00
Sean Parkinson 1aa79af41e Multiple volatile variables in a C statement undefined
Undefined behaviour when there are multiple volatile variables accessed
in the one C statement.
Changes to introduce non-volatile temporaries, split statement or make
variable non-volatile.
2026-01-13 15:08:50 +10:00
Sean Parkinson 80a0f6bb32 RSA PKCS#1.5 verify: bounds check input
As long as NO_RSA_BOUNDS_CHECK is not defined, the input range is
checked for verification.
2026-01-07 17:49:50 +10:00
Lealem Amedie 08db159c5d Fixes for minor scan-build warnings 2025-11-05 21:27:06 -07:00
Ruby Martin e546d319c1 Fix Coverity INTEGER_OVERFLOW in sp_to_unsigned_bin, avoid unsigned underflow 2025-10-28 11:12:19 -06:00
Daniel Pouzzner 234ba7780a Merge pull request #9148 from SparkiDev/ct_volatile
Mark variables as volatile
2025-09-30 20:35:52 -05:00
Daniel Pouzzner 7ea66aeffe refactor WOLFSSL_LINUXKM gates as generic WOLFSSL_KERNEL_MODE gates where appropriate:
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).

rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.

rename lkm_printf() to wc_km_printf().

replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H

remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
2025-09-29 16:59:12 -05:00
Sean Parkinson aa87b35964 Mark variables as volatile
Ensures compiler optimizers don't stop code from being constant time.
2025-09-24 08:47:20 +10:00
Daniel Pouzzner 2dfc7eee89 wolfcrypt/src/sp_int.c: in _sp_exptmod_nct(), use 2 bit window if bits <= 21. 2025-08-07 10:26:34 -05:00
Daniel Pouzzner 40506a6ddf Revert "SP int: modular exponentiation constant time" (fixes regression in benchmark "RSA,2048,public").
This reverts commit 219509d7d9.
2025-08-07 10:14:02 -05:00
Sean Parkinson 219509d7d9 SP int: modular exponentiation constant time
Using a 1-bit window size for small exponentsisn't useful.
2025-08-06 07:38:37 +10:00
Daniel Pouzzner 77dccc0c32 linuxkm:
* add wc_linuxkm_check_for_intr_signals(), wc_linuxkm_relax_long_loop(),
  WC_CHECK_FOR_INTR_SIGNALS(), WC_RELAX_LONG_LOOP(), SAVE_NO_VECTOR_REGISTERS(),
  RESTORE_NO_VECTOR_REGISTERS(), and new error code INTERRUPTED_E ("Process
  interrupted");

* update the no-asm remaps in the PK implementations to use
  SAVE_NO_VECTOR_REGISTERS() and RESTORE_NO_VECTOR_REGISTERS(), so that inner
  loops in them are always covered by the new logic.
2025-07-25 15:56:48 -05:00
Daniel Pouzzner 2c341a5806 Merge pull request #8990 from JacobBarthelmeh/license
updating license from GPLv2 to GPLv3

(linuxkm tweak to `MODULE_LICENSE("GPL")` to follow.)
2025-07-14 16:14:39 -05:00
David Garske 8d68977e33 Merge pull request #8985 from sebastian-carpenter/GH-issue-8951
improper access of sp_int_minimal using sp_int
2025-07-10 15:21:20 -07:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Sebastian Carpenter a00cfcb55f improper access of sp_int_minimal using sp_int
related thread: https://bugzilla.redhat.com/show_bug.cgi?id=2047439

also found sp_uint8 that was not updated to sp_sign_t
2025-07-10 10:42:30 -06:00
David Garske 7ba6f836c4 Merge pull request #8972 from SparkiDev/sp_int_8_bit_fix
SP int: fix 8 bit words and sp_clamp_ct
2025-07-09 16:30:33 -07:00
Sean Parkinson f0041cd761 SP int: fix 8 bit words and sp_clamp_ct
Need to cast to sp_size_t as it may be bigger than the word type
sp_int_digit.
2025-07-07 18:43:29 +10:00
Sean Parkinson 41eef2ef71 CodeQL: o is larger type and could cause issues
Make 'o' sp_size_t as the callers are passing 0 or explicit cast to
sp_size_t
2025-07-04 09:04:39 +10:00
Sean Parkinson f1cb4d579c Regression testing
Fixes to get WOLFSSL_PUBLIC_MP testing passing.
Fix DH constant time agreement:
  - implement constant time encoding to big-endian byte array in TFM
- only force x to be zero for SP math as others implementations ensure
unused words are zero
- exponentiate in constant time to the smallest number of words
possible
- no need to encode into separate buffer anymore as encoding is
constant time and front padded
- make requested_sz be the maximum size for the parameters and check
against agreeSz
- update agreeSz to be the maximum valid size instead of filling all
the buffer which may be many times too big
- fix SP result to front pad when doing constant time
2025-06-26 21:21:05 +10:00
Daniel Pouzzner e1fe186753 wolfcrypt/src/sp_int.c: in _sp_prime_trials(), use DECL_SP_INT() not DECL_SP_INT_ARRAY() for n1 and r, to mollify a very confused clang-tidy (fixes false positive clang-analyzer-core.UndefinedBinaryOperatorResult and clang-analyzer-core.CallAndMessage). 2025-06-20 14:52:42 -05:00
JacobBarthelmeh c1b683f307 add clang-tidy lint comment to avoid false positive 2025-06-03 14:44:01 -06:00
Daniel Pouzzner c201006a26 wolfcrypt/src/sp_int.c: move setup for -Wno-array-bounds when WOLFSSL_SP_DYN_STACK, to follow sp_int.h include. 2025-05-14 18:20:08 -05:00
Daniel Pouzzner 55bbd84445 wolfssl/wolfcrypt/sp_int.h and wolfcrypt/src/sp_int.c: add WOLFSSL_SP_DYN_STACK macro to orthogonalize gnarly setup logic, and refactor to use it throughout; refactor several more sp_int stack-allocated data buffers as sp_int_digit[]s rather than char[]s. 2025-05-14 15:39:37 -05:00
Daniel Pouzzner c967dd2a30 wolfcrypt/src/sp_int.c and wolfssl/wolfcrypt/sp_int.h: add
MP_INT_SIZEOF_DIGITS() macro, and use it for stack allocations in DECL_SP_INT()
  and DECL_SP_INT_ARRAY();

  refactor _sp_submod() to use DECL_SP_INT() rather than DECL_SP_INT_ARRAY() to
  work around apparent optimizer bug in gcc-15.
2025-05-10 01:28:17 -05:00
Sean Parkinson a1442cf3a1 Merge pull request #8643 from kaleb-himes/KH-SRTP-REVIEW-rev1
Explicit API redirects for FIPS moving forward
2025-04-09 07:08:52 +10:00
kaleb-himes 8c0ef0b1f5 Explicit API redirects for FIPS moving forward 2025-04-07 11:06:52 -06:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
David Garske 18268a5ea9 Merge pull request #8551 from kareem-wolfssl/zd19541
Change #pragma GCC macros in sp_int.c to PRAGMA_GCC macros to avoid calling them on unsupported toolchains.
2025-03-20 16:44:10 -07:00
Kareem 88fdfdd52d Change #pragma GCC macros in sp_int.c to PRAGMA_GCC macros to avoid calling them on unsupported toolchains. 2025-03-12 12:12:24 -07:00
Daniel Pouzzner 932513a41e fixes for various -W*conversions in sp_int.c, asn.c, fe_operations.c, fe_448.c, ge_448.c. also, add support for NO_INT128, and add .github/workflows/wolfCrypt-Wconversion.yml. 2025-03-06 16:08:38 -06:00
Daniel Pouzzner 9fc7e42554 Merge pull request #8507 from SparkiDev/ct_fixes_3
Constant time code: improved implementations
2025-03-05 15:17:23 -06:00
Sean Parkinson caf801f211 SP int: inline asm improvements and mont reduce simplifications
SP int inline asm:
- allow input variables to be either registers or memory for Intel
x86/x64 (minor performance improvement)
  - don't have memory in clobber list if output variables are registers
- remove empty clobber line in arm32/thumb2 code for old versions of
gcc
_sp_mont_red():
  - simplify the code by not using extra variables
  - don't add to j in for loop check.
2025-03-04 16:16:26 +10:00
Daniel Pouzzner 50a3be6df7 wolfcrypt/src/sp_int.c. src/ssl_asn1.c. src/internal.c: rename several declarations to avoid shadowing global functions, for the convenience of obsolete (pre-4v8) gcc -Wshadow. 2025-02-28 15:29:58 -06:00
Sean Parkinson 4752bd2125 Constant time code: improved implementations
Change constant time code to be faster.
2025-02-26 11:52:09 +10:00
David Garske 345c969164 Fixes for Watcom compiler and new CI test
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
2025-02-04 12:38:52 -08:00
Daniel Pouzzner 0de38040f4 CT tweaks:
in wolfcrypt/src/coding.c, add ALIGN64 to hexDecode[], and add hexEncode[] for use by Base16_Encode();

in wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h:

move ctMask*() up so that min() and max() can use them, and add ctMaskWord32GTE();

add ALIGN64 to kHexChar[];

add CT implementation of CharIsWhiteSpace();

remove min_size_t() and max_size_t() recently added, but only one user (refactored).
2025-01-30 01:24:40 -06:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Daniel Pouzzner b16bedf82a more fixes guided by clang-tidy heap analyzer using clang-20.0.0_pre20250104:
wolfcrypt/src/integer.c: add additional guards against OOB access from uint wraps and null derefs of mp_int.dp, and refactor mp_grow() and mp_init_size() to use XMEMSET, for the benefit of clang-tidy.  in mp_grow(), fix the condition for the realloc to assure always evaluated if a->alloc == 0.

wolfcrypt/src/asn.c: fix wc_CreatePKCS8Key() so that *outSz is always assigned when LENGTH_ONLY_E is returned.

wolfcrypt/src/pkcs7.c: remove redundant inner condition in wc_PKCS7_EncodeAuthEnvelopedData(), added in previous commit and caught on review by Jacob (thanks!).

wolfcrypt/src/sp_int.c: in sp_mont_norm(), add another suppression for the same false positive in sp_mul() suppressed in previous commit.

wolfcrypt/src/srp.c: refactor SrpHashSize() to return ALGO_ID_E rather than 0 when unknown/uncompiled alg is requested.
2025-01-10 15:48:05 -06:00
Daniel Pouzzner 7cd2fd3617 numerous fixes for memory errors reported by clang-tidy, most of them true positives, unmasked by CPPFLAGS=-DNO_WOLFSSL_MEMORY: clang-analyzer-unix.Malloc, clang-analyzer-core.NullDereference, clang-analyzer-core.uninitialized.Assign, clang-analyzer-core.UndefinedBinaryOperatorResult, and clang-analyzer-optin.portability.UnixAPI (re malloc(0)).
several fixes for defects reported by cppcheck:

wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;

wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.
2025-01-10 14:30:42 -06:00
Sean Parkinson 13ce92cc1f SP int: stop CodeSonar complaining about i being negatve
n is checked for negative and fail out in that case.
i is n devided by a positive constant and can never be negative.
2025-01-06 10:04:14 +10:00
Daniel Pouzzner 122502e2b1 wolfCrypt -Wconversion expansion: fix numerous warnings, all benign, from -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion. 2024-12-18 11:51:06 -06:00
David Garske 57e1bf9fba Fixes for building with SP RSA small and RSA Public only. ZD 18996 2024-11-27 13:26:45 -08:00
Daniel Pouzzner 8ecf064314 Merge pull request #8098 from dgarske/x86_notwindows_2
More fixes for building x86 in Visual Studio for non-windows OS
2024-11-05 00:13:13 -06:00
David Garske 99daac3974 Improvement for SAVE_VECTOR_REGISTERS 2024-11-01 13:57:02 -07:00
Sean Parkinson 26312141d8 ASM: generated code not using uint*_t types
Don't use uint*_t types as they may not be available.
2024-10-31 10:14:00 +10:00
Daniel Pouzzner 805eaa90cc Merge pull request #7797 from julek-wolfssl/softhsm
Init SoftHSMv2 support
2024-10-21 23:56:12 -05:00