Commit Graph

9499 Commits

Author SHA1 Message Date
S-P Chan fdd03fa909 wolfcrypt/src/wc_pkcs11.c: iterate correctly over slotId when searching for token
Addresses #7734
2024-07-10 21:01:35 +08:00
Sean Parkinson fea7a89b86 Coverity fixes
pk.c:
	EncryptDerKey - setting wrong ret value on allocation failure.
	wolfssl_rsa_generate_key_native - now checks e is a valid long
before passing in.
	Fix formatting.

ssl_load.c:
	ProcessBufferPrivPkcs8Dec - now checking password is not NULL
before zeroizing. Allocation may fail and ForceZero doesn't check for
NULL.
	Fix formatting.

tests/api.c:
	test_RsaSigFailure_cm - Check cert_sz is greater than zero
before use.
	send_new_session_ticket - assert that building the message
doesn't return error or 0.
	test_ticket_nonce_malloc - fix setting of medium and big to use
preprocessor. Fix big to be medium + 20.

asn.c:
	GetLength_ex - Fix type of bytes so that it can go negative.

sp_int.h:
	sp_clamp - add one to ii while it is a signed.
	Fix formatting.
2024-07-10 11:40:48 +10:00
kaleb-himes c333fdf545 Check-in Nucleus Plus 2.3 port work 2024-07-09 15:53:00 -06:00
Colton Willey 4ec07bb5a8 Changes needed for default TLS support in zephyr kernel 2024-07-09 12:00:34 -07:00
Sean Parkinson 90836c782b Poly1305 AArch64: unique naming of asm funcs
Change function names to ensure no clash with OpenSSL.
Specifically: poly1305_blocks()
2024-07-09 11:02:10 +10:00
Sean Parkinson d1e26b4f5d Dilithium: fixes
Fix inclusion of functions dilithium_vec_check_low() in build:
--enable-dilithium=verify-only,44,65,87
CFLAGS=-DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
Fix memory leaks in unit.test:
--enable-dilithium CFLAGS=-DWC_DILITHIUM_CACHE_MATRIX_A 'CC=clang
-fsanitize=address'
2024-07-08 15:02:43 +10:00
Daniel Pouzzner e35e713c4a wolfcrypt/src/asn.c: fix for copy-paste error in FillSigner() WOLFSSL_DUAL_ALG_CERTS path. 2024-07-06 10:04:26 -05:00
Daniel Pouzzner c8a9bdbe15 wolfcrypt/src/asn.c: fix for -Wconversion in FillSigner(). 2024-07-05 20:42:32 -05:00
Daniel Pouzzner 88af1a2932 fixes for Coverity #394680, #394682, #394693, #394712. 2024-07-05 20:42:32 -05:00
JacobBarthelmeh de20bb7ba9 fix for coverity issue 394677 2024-07-05 15:13:28 -06:00
JacobBarthelmeh c880fcf822 add check on padSz return, coverity issue 394711 2024-07-05 12:07:42 -06:00
JacobBarthelmeh 50a7243486 fix for coverity issue 394670 possible overflow 2024-07-05 11:53:19 -06:00
JacobBarthelmeh fbdb064a4b coverity issue 394701 possible derefernce before null check 2024-07-05 11:24:42 -06:00
JacobBarthelmeh ac52660d5b Merge pull request #7713 from SparkiDev/dilithium_sign_small_alloc
Dilithium: add implementation of signing that allocated less
2024-07-05 10:38:19 -06:00
JacobBarthelmeh 8946e3fb4b Merge pull request #7702 from rizlik/ocspv2
ocsp stapling improvements
2024-07-05 10:29:25 -06:00
JacobBarthelmeh 5ca9b2f8a4 Merge pull request #7712 from SparkiDev/kyber_ml_kem
KYBER/ML-KEM: make ML-KEM available
2024-07-05 09:15:08 -06:00
David Garske 4ae277d21e Fixes for building RX TSIP with e2Studio project. Fixed tsip_Tls13GenEccKeyPair incorrect free of key if TSIP not used (ZD18222). 2024-07-05 07:44:00 -07:00
Sean Parkinson 44a5e1a398 Dilithium: add implementation of signing that allocated less
Added implementation of signing that allocates less memory by doing the
matrix/vector loops in the sign code - WOLFSSL_DILITHIUM_SIGN_SMALL_MEM.
Split out vector operations into vector and polynomial operations so
that small mem signing can call them.
Fix benchmark to be able to compile with only Dilithium and no
asymmetric algorithms.
2024-07-05 16:20:06 +10:00
David Garske f91d0a2925 Remove hash type check not required for ECDSA deterministic k. Fix _HMAC_K devId. 2024-07-04 14:49:20 -07:00
Sean Parkinson 1fd9f2af91 KYBER/ML-KEM: make ML-KEM available
Added ML-KEM instead of Kyber implementation with WOLFSSL_ML_KEM.
Tests added from NIST for ML-KEM operations.
2024-07-04 23:51:23 +10:00
Sean Parkinson 387f36657c Dilithium: Add KATs and fix key generation
Add KATs from NIST and fix key generation to produce output of KATs.
2024-07-04 22:22:11 +10:00
Marco Oliverio fe932b893c fixup! csrv2multi: pending ca list 2024-07-04 10:21:20 +02:00
Anthony Hu f5e27bfb0c Stop stripping out the sequence header on the AltSigAlg extension. 2024-07-03 19:02:04 -04:00
David Garske 4335dac794 Add wc_ecc_set_deterministic_ex to support custom hash type for deterministic sign or verify. 2024-07-03 15:13:29 -07:00
JacobBarthelmeh ba1eedb46b Merge pull request #7697 from SparkiDev/arm32_ldrd_strd_fix
ARM32 SHA-3 ASM: fix ldrd/strd for ARMv6
2024-07-02 17:18:06 -06:00
JacobBarthelmeh d7b0aa92cb Merge pull request #7694 from SparkiDev/sp_x64_asm_fix_3
SP Intel x64 ASM: fix get_from_table ASM
2024-07-02 17:13:49 -06:00
aidan garske 804f25d76b Sha3.c wc_Sha3Update and wc_Sha3Final changes so that hash type is determined in the processing functions. 2024-07-02 10:32:57 -07:00
aidan garske c065e4a854 Added PKCS7 PEM support: "-----BEGIN PKCS7-----" and "-----END PKCS7-----" 2024-07-02 07:58:01 -07:00
Marco Oliverio b5206e8504 csrv2multi: pending ca list 2024-07-02 09:51:34 +02:00
David Garske 7ad0248558 Fix for RX TSIP ECDSA Verify hash padding/truncation. Fix to set ECDSA crypto callback "res" on success. 2024-07-01 13:43:26 -07:00
JacobBarthelmeh 32066373c2 Merge pull request #7695 from dgarske/compat_realloc
Fixes for building the compatibility layer with no realloc
2024-07-01 11:37:52 -06:00
David Garske ac7f44b0dc Fix the async tests for deterministic sign. The _ex versions cannot be called again. Fix possible leak with async and deterministic sign. 2024-07-01 10:13:28 -07:00
aidan garske b5b0e17587 ecc.c and test.c changes to add support in ecc_sign_determinsitic.c for SHA256, SHA384, and SHA512 for SECP256R1, SECP384R1, SECP521R1. 2024-07-01 08:43:32 -07:00
Sean Parkinson 45442db047 ARM32 SHA-3 ASM: fix ldrd/strd for ARMv6
LDRD/STRD not available with ARMv6 and the alternative is two ldr/str
operations. Pointer was 64-bits causing second ldr/str to be 8 bytes
passed first and not 4 bytes. Fixed in asm to add 4 rather than index.
2024-07-01 15:23:53 +10:00
Sean Parkinson 864a9d0598 Dilithium: fixes
TLS uses DER API now and needs to be protected with the right #ifdefs.
Do the right check of size in wc_Dilithium_PrivateKeyDecode().
Don't require public key when doing private DER.
2024-06-28 10:55:16 +10:00
David Garske 2a86ca43f8 Fixes for building the compatibility layer with WOLFSSL_NO_REALLOC. Tested using ./configure --enable-opensslextra CFLAGS="-DWOLFSSL_NO_REALLOC".
Improve benchmark FreeRTOS default tick rate logic. For example Xilinx FreeRTOS uses 10ms tick (not default 1ms), so include `configTICK_RATE_HZ` in calculation if available.
Fix test.c warning around too many parens with no realloc.
2024-06-27 16:02:28 -07:00
Sean Parkinson 4dc52484f6 SP Intel x64 ASM: fix get_from_table ASM
Use movdqu instead of vmovdqu so that function works on SSE2 only CPUs.
2024-06-28 07:42:56 +10:00
Sean Parkinson 4d56cc1790 Regression testing: memory allocation failure
Fixes from memory allocation failure testing.
Also:
fix asn.c to have ifdef protection around code compiled in with dual
algorithm certificates.
  fix test_tls13_rpk_handshake() to support no TLS 1.2 or no TLS 1.3.
fix wc_xmss_sigsleft() to initialize the index to avoid compilation
error.
2024-06-27 17:17:53 +10:00
David Garske 73a1938e89 Added Renesas RX TSIP ECDSA Verify Crypto callback. 2024-06-26 17:39:29 -07:00
Daniel Pouzzner 474b8a0673 Merge pull request #7682 from SparkiDev/dilithium_fix_1
Dilithium: fix public and private key decode
2024-06-26 00:03:03 -04:00
David Garske e81e18859b Support for Renesas RX TSIP with ECDSA and Crypto Callbacks.
Fix building ECC with NO_ASN (`./configure --enable-cryptonly --disable-rsa --disable-asn --disable-examples`).
2024-06-25 17:43:16 -07:00
JacobBarthelmeh 22abd37408 Merge pull request #7681 from SparkiDev/kyber_improv_1
Kyber: Improve performance
2024-06-25 15:25:51 -06:00
JacobBarthelmeh 263eb6c60f Merge pull request #7666 from SparkiDev/sp_x64_asm_fix_2
SP Intel x64 ASM: fixes
2024-06-25 10:18:31 -06:00
Sean Parkinson 8bba660f9c Dilithium: fix public and private key decode
Fixes to decoding to prevent accessing NULL key.
2024-06-25 19:37:11 +10:00
Sean Parkinson aa61f98955 Kyber: Improve performance
Unroll loops and use larger types.
Allow benchmark to run each kyber parameter separately.
Allow benchmark to have -ml-dsa specified which runs all parameters.
Fix thumb2 ASM C code to not have duplicate includes and ifdef checks.
Fix thumb2 ASM C code to include error-crypt.h to ensure no empty
translation unit.
Check for WOLFSSL_SHA3 before including Thumb2 SHA-3 assembly code.
2024-06-25 18:53:53 +10:00
David Garske 7b029d3447 Fixes for building WOLFSSL_RENESAS_TSIP_CRYPTONLY and NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH. 2024-06-24 16:26:27 -07:00
Sean Parkinson 5793f626ac Merge pull request #7677 from Laboratory-for-Safe-and-Secure-Systems/mldsa_fixes
Fixes for WolfSSL ML-DSA implementation
2024-06-25 09:12:25 +10:00
David Garske be68ba4850 Merge pull request #7676 from SparkiDev/dilithium_opt_1
Dilithium: C code optimized
2024-06-24 12:09:29 -07:00
Tobias Frauenschläger 7cd610bc45 Fixes for WolfSSL ML-DSA implementation
* Update OIDs etc. to match OQS ML-DSA values (old ones were Dilithium
  Round 3 values)
* Make sure private key files/buffers containing both the private and
  the public key are parsed correctly

Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
2024-06-24 15:00:44 +02:00
Sean Parkinson 0900e00ee7 Merge pull request #7650 from kaleb-himes/SRTP-KDF-CODEREVIEWr2
Add sanity for case id'd in optesting review
2024-06-24 17:04:13 +10:00