Commit Graph

2122 Commits

Author SHA1 Message Date
Lealem Amedie 295033441c Fix for AES-CFB1 encrypt/decrypt on size (8*x-1) bits 2024-04-18 11:31:28 -06:00
Daniel Pouzzner 436efb0078 wolfcrypt/test/test.c: in aes_xts_128_test(), change DEBUG_VECTOR_REGISTER_ACCESS gates to DEBUG_VECTOR_REGISTER_ACCESS_AESXTS (currently unused), after refactor of AES-XTS C fallback in 9f55dba2f2. (per-call fallback is no longer supported for AES-XTS.) 2024-04-18 00:59:03 -05:00
Sean Parkinson c590fe514f EdDSA FIPS checks on public key
Check that the Ed25519 and Ed448 public key is valid even without
private key.
Perform pairwise consistency test, only in FIPS, when making a key i
Ed25519 and Ed448.
2024-04-17 17:50:33 +10:00
Daniel Pouzzner 281c2a431e wolfcrypt/test/test.c: fix return code in pbkdf2_test(), add DEBUG_WOLFSSL gates on keysize report in ecc_test_curve(), and add missing PRIVATE_KEY_UNLOCK()s in cryptocb_test() for fips-dev coverage. 2024-04-15 14:11:21 -05:00
Daniel Pouzzner 6e0a90190f fixes for v5 and v6+ FIPS builds, including linuxkm v6+ builds. 2024-04-15 14:11:21 -05:00
kaleb-himes b8d31b042f Windows support 2024-04-09 13:55:05 -06:00
kaleb-himes a3413ad009 Address Jenkins caught item 2024-04-09 09:48:33 -06:00
kaleb-himes ef2a636610 Expose additional features of opensslall in a compliant way 2024-04-09 09:48:33 -06:00
kaleb-himes 8092104396 Address a flush-left in test.c and gt 80 column limit in settings.h 2024-04-09 09:48:33 -06:00
kaleb-himes 84f5b4e5bf Touchup a few more edge cases caught by Jenkins 2024-04-09 09:48:33 -06:00
kaleb-himes 829d028d98 Add configure for wolfEngine with new module 2024-04-09 09:48:33 -06:00
kaleb_himes 81f5ac7f6c SRTP-KDF FS Preview 2024-04-09 09:48:33 -06:00
jordan 4a069ee5c1 Small cleanup for review. 2024-04-08 21:41:33 -05:00
jordan d0802335a8 Add wc_XmssKey_ExportPubRaw to wolfcrypt test. 2024-04-05 12:09:04 -05:00
Daniel Pouzzner d930825a92 Merge pull request #7362 from jpbland1/rsa-make-key-no-malloc
fix wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC
2024-03-30 03:19:27 -04:00
Daniel Pouzzner 03d7eac9c4 Merge pull request #7337 from gojimmypi/PR-test-certbuf-256
wolfcrypt tests: improve file system gating for USE_CERT_BUFFERS
2024-03-30 00:43:20 -04:00
John Bland 7c0423eb65 reduce der buffer size 2024-03-28 12:56:26 -04:00
Andras Fekete 4cb176ffff Fix sanitizer complaint 2024-03-28 11:44:12 -04:00
John Bland 6cc32e90b0 trim down buffer size 2024-03-28 03:01:46 -04:00
John Bland 9cd614fcac update rsa test to support no malloc 2024-03-28 02:54:49 -04:00
Daniel Pouzzner 716870cbc2 Merge pull request #7370 from anhu/quickie
sizeof(oriType) ---> sizeof(asnDataOid)
2024-03-28 01:58:01 -04:00
Anthony Hu 28a88d1c7c sizeof(oriType) ---> sizeof(asnDataOid) 2024-03-27 17:05:25 -04:00
gojimmypi bf9775831f Improve wolfcrypt test NO_FILESYSTEM checks 2024-03-22 13:00:25 -07:00
Sean Parkinson d4b1995a2c ASN.1 testing: add tests of bad DER encodings
Certificates with bad DER encoded ASN.1 added to testing.
Fix comment in asn.c.
2024-03-22 08:51:17 +10:00
Sean Parkinson 638d0b1a9f Regression test fixes
pkcs7.c: pkcs7->stream must be restored or there will be a leak.
test.c: when compiled for compression, compiler warning about const
2024-03-18 09:57:22 +10:00
Sean Parkinson d1b16f2c7b Regression testing fixes
api.c: z and ret no longer only when !NO_ASN_TIME.
benchmark.c: rsaKey array type has changed and unusual code path needsed
updating.
cmac.c: Zeroization test failed when checkSz was zero as called function
didn't zero out cmac. checkSz is invalid.
test.c: rsaCaCertDerFile used even when NO_ASN_TIME.
test.h: --enable-sp-math only supports DH of 2048 bits and above. Change
default DH parameters to be 2048 bits.
2024-03-15 13:24:40 +10:00
Daniel Pouzzner 3fd6af0cd2 Merge pull request #7283 from SparkiDev/lms
LMS: initial implementation
2024-03-14 01:48:57 -04:00
Sean Parkinson 6c8df33191 LMS: initial implementation
Initial wolfSSL implementation of LMS.
Changed LMS benchmarking to time making a key and reloading.
SHA-256:
  Added wc_Sha256HashBlock to make hashing a block fast.
Fixed assembly code to be able to hash a block from an external
buffer.
  Simplified code were possible.
Moved byte reversal decision logic to one place instead of replicating
length checks.
2024-03-07 11:43:16 +10:00
Daniel Pouzzner 321a72c906 misc fixes:
wolfcrypt/test/test.c: fix gating for verify4 in scrypt_test(), and fix WOLFSSL_SMALL_STACK -Wframe-larger-than=2048 warnings in sha256_test() and sha512_test().

src/ssl.c: fix for true-but-benign nullPointerRedundantCheck in ProcessBufferTryDecodeEd25519().

tests/api.c: fix for -Wmaybe-uninitialized in test_wc_PKCS7_VerifySignedData_RSA() identified via cross-m68k-all-asm.
2024-03-05 17:44:33 -06:00
Sean Parkinson ee39a8f17f Merge pull request #7262 from gojimmypi/PR-SHA-Interleave
Introduce SHA256/SHA512 interleave testing, HAVE_DSA; revised ERROR_OUT
2024-03-05 10:13:10 +10:00
Brett Nicholas 55421a11b9 review: removed WOLFSSL_ABI from and refactored args for wc_rng_new_ex, updated tests 2024-02-27 10:17:24 -07:00
gojimmypi 0775baa2e1 Introduce SHA256/SHA512 interleave, HAVE_DSA; revised ERROR_OUT, cleanup 2024-02-23 17:52:20 -08:00
Brett Nicholas 1a5064cf8c add full support to wolfcrypt tests for random.c cryptocbs 2024-02-23 13:02:05 -07:00
JacobBarthelmeh 88e7d47930 Merge pull request #7230 from anhu/tests_gating
Fixup some gating in the tests.
2024-02-22 01:24:55 +07:00
Anthony Hu 00c3f5be2e A fixup 2024-02-20 21:50:03 -05:00
Sean Parkinson af2b2dddb4 Merge pull request #7253 from julek-wolfssl/zd/17507
wc_ecc_shared_secret_ssh fix
2024-02-20 06:56:28 +10:00
Daniel Pouzzner 8d894fb01b wolfssl/wolfcrypt/types.h: add WC_ARRAY_ARG() and WC_HEAP_ARRAY_ARG() constructors, for passing arrays declared by WC_DECLARE_ARRAY() and WC_DECLARE_HEAP_ARRAY(). used this to refactor bench_rsa_helper() arg list, fixing a cppcheck argumentSize warning.
wolfcrypt/test/test.c: revert overeager constification of xmss_msg and xmss_sig.
2024-02-17 15:24:55 -06:00
Daniel Pouzzner 44e0ee1ecd wolfssl/wolfcrypt/types.h:
* fix overallocation in WC_DECLARE_ARRAY() macro in the !WOLFSSL_SMALL_STACK path.
* rename WC_INIT_ARRAY() to WC_ALLOC_ARRAY() for clarity (it doesn't initialize any memory).
* rename WC_DECLARE_ARRAY_DYNAMIC_DEC(), WC_DECLARE_ARRAY_DYNAMIC_EXE(), and WC_FREE_ARRAY_DYNAMIC() to WC_DECLARE_HEAP_ARRAY(), WC_ALLOC_HEAP_ARRAY(), and WC_FREE_HEAP_ARRAY(), respectively, also for clarity, and refactor out the duplicate definitions.
* add WC_ALLOC_VAR(), and move the XMALLOC() in smallstack WC_DECLARE_VAR() into it.  smallstack WC_DECLARE_VAR() now initializes the pointer to NULL, like smallstack WC_DECLARE_ARRAY(), assuring all pointers are valid upon shortcircuit to cleanup for a failed allocation (see WC_ALLOC_DO_ON_FAILURE below).
* add a new hook "WC_ALLOC_DO_ON_FAILURE" in WC_ALLOC_VAR(), WC_ALLOC_ARRAY(), and WC_DECLARE_ARRAY_DYNAMIC_EXE(), which is invoked when an allocation fails.  by default the hook is defined to WC_DO_NOTHING.
* add basic safety to WC_*_HEAP_ARRAY() by recording/detecting allocation state via idx##VAR_NAME.
* add macros WC_ARRAY_OK() and WC_HEAP_ARRAY_OK() to test if allocation succeeded.
* add macros WC_CALLOC_ARRAY() and WC_CALLOC_HEAP_ARRAY() which zero the objects.
* add macro WC_CALLOC_VAR() which zeros the object.

ED448: smallstack refactor of ge448_scalarmult_base().

src/tls.c tests/api.c wolfcrypt/test/test.c: update WC_DECLARE_VAR()s with now-required matching WC_ALLOC_VAR()s.

wolfcrypt/benchmark/benchmark.c:
* no functional changes in default error-free behavior.
* add definition of WC_ALLOC_DO_ON_FAILURE() that prints error message, sets ret, and does goto exit.
* add BENCH_NTIMES and BENCH_AGREETIMES overrideeable macros, to allow fast sanitizer runs and slow high-precision runs.
* smallstack refactor of all declarations of stack arrays of the form foo[BENCH_MAX_PENDING], using WC_DECLARE_ARRAY() (35 in all).
* additional smallstack refactors, using WC_DECLARE_VAR(), for bench_aesxts(), bench_ed448KeyGen(), bench_eccsi*(), and bench_sakke*().
* fixes for various unhandled error conditions around malloc failures.

wolfcrypt/test/test.c: opportunistically constify several (42) static constants, moving them to the readonly data segment.

linuxkm/Makefile: if ENABLED_LINUXKM_BENCHMARKS, add wolfcrypt/benchmark/benchmark.o to WOLFSSL_OBJ_FILES.

linuxkm/Kbuild: enable FPU for benchmark.o, and remove enablement for module_hooks.o.

linuxkm/module_hooks.c: remove inline include of benchmark.c.
2024-02-16 10:26:21 -06:00
Juliusz Sosinowicz 469760e186 wc_ecc_shared_secret_ssh fix
- wc_ecc_shared_secret_ssh should either be declared or not. Having two different signatures for the same function is error prone.
- Don't use wc_ecc_shared_secret_ssh in our code. Use wc_ecc_shared_secret directly.
2024-02-16 13:38:35 +01:00
Daniel Pouzzner 9b7decada0 wolfcrypt/test/test.c: fix Aes init/free lifecycle in aes192_test() and aes256_test(). 2024-02-13 01:23:11 -06:00
Daniel Pouzzner 63fe12efe3 wolfcrypt/src/aes.c: fix WOLFSSL_AESGCM_STREAM && WC_AES_C_DYNAMIC_FALLBACK: establish AESNI status dynamically at time of wc_AesGcmSetKey(), and stick to it (or return failure) until the next wc_AesGcmSetKey(). this matches the semantics of the Linux kernel in-tree implementation, allowing safe registration of the wolfCrypt AESNI implementation with the LKCAPI.
configure.ac: move enable_aesgcm_stream=yes clauses in enable-all and enable-all-crypto to the main section, from the !ENABLED_LINUXKM_DEFAULTS section, and in ENABLED_LINUXKM_LKCAPI_REGISTER setup, remove the !ENABLED_AESNI from the condition for forcing on ENABLED_AESGCM_STREAM.

linuxkm/lkcapi_glue.c:
* remove all special-casing for AES-GCM with AESNI.
* add support for a LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING macro.

wolfssl/wolfcrypt/memory.h: add missing definition of SAVE_VECTOR_REGISTERS2() when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS.

wolfcrypt/src/memory.c:
* define SAVE_VECTOR_REGISTERS2_fuzzer() if DEBUG_VECTOR_REGISTER_ACCESS_FUZZING, regardless of DEBUG_VECTOR_REGISTER_ACCESS.
* add a DEBUG_VECTOR_REGISTER_ACCESS clause to the !HAVE_THREAD_LS version of SAVE_VECTOR_REGISTERS2_fuzzer().

wolfcrypt/test/test.c: remove several errant wc_AesFree()s in aes256_test().
2024-02-10 01:09:15 -06:00
Daniel Pouzzner 91681f378f configure.ac:
* add srtp to enable-all
* add srtp-kdf to enable-all-crypto
* fix typo in enable-all[-crypto] where ENABLED_FIPS was used when FIPS_VERSION was needed.
* in enable-all[-crypto], conditionalize aesxts on !FIPS || FIPS_VERSION == dev.
* move AES-XTS CFLAG setup after FIPS settings, to allow non-dev FIPS to force it off, and add clause to FIPS v5 setup to do that.
* in FIPS v5 setup, add AES-XTS to the list of modes that forces -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB.

wolfcrypt/src/kdf.c: fix several benign -Wconversions.

wolfcrypt/test/test.c: add aes_cfb_test() and aes_xts_test() as top-level tests with separate "pass" messages, for transparency that those modes have indeed been tested in builds that activate them.
2024-02-09 00:46:54 -06:00
Anthony Hu d0fd0a287b Fixup some gating in the tests.
Found with:

./configure --enable-wolfclu --enable-asn=template 'CFLAGS=-DNO_ASN_TIME -DWOLFSSL_CUSTOM_OID -DHAVE_OID_ENCODING'
2024-02-08 16:14:43 -05:00
Daniel Pouzzner 851f059023 Merge pull request #7203 from julek-wolfssl/openssh-9.6
openssh 9.6p1 fixes
2024-02-02 19:51:55 -05:00
David Garske 32aecf4c35 Merge pull request #7180 from douzzer/20240126-LINUXKM_LKCAPI_REGISTER
20240126-LINUXKM_LKCAPI_REGISTER
2024-02-02 11:12:35 -08:00
Juliusz Sosinowicz 7ebb8cd007 Update radix tests 2024-02-02 12:09:50 +01:00
Daniel Pouzzner f228a85cee AES-XTS: fix FIPS gating to use defined(HAVE_FIPS), not defined(HAVE_FIPS_VERSION). 2024-01-30 17:16:37 -06:00
jordan 7ddf20851d Fix WOLFSSL_NO_MALLOC build. 2024-01-30 09:00:02 -06:00
Daniel Pouzzner 6261108d49 linuxkm: fix line lengths throughout; in linuxkm/lkcapi_glue.c: fix/harmonize error catching, reporting, and error codes; further address peer review feedback. 2024-01-29 17:48:31 -06:00
Daniel Pouzzner 1fc67183a5 linuxkm: address peer review:
* support AES_ENCRYPTION_AND_DECRYPTION only if WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS is defined, and define it in linuxkm_wc_port.h if LINUXKM_LKCAPI_REGISTER.
* fix a typo in km_AesInitCommon().
* remove #if 0 code in lkcapi_glue.c.
2024-01-28 23:58:46 -06:00