Commit Graph

2122 Commits

Author SHA1 Message Date
David Garske 59389a0ef5 Fix possible AES leaks detected with sanitizer and clang-tidy. 2024-10-05 11:52:22 -07:00
David Garske b9de3bbf1a Fixes for memory leaks in test.c with wc_AesNew and wc_HashNew. 2024-10-05 11:44:59 -07:00
David Garske 7989dd8713 Refactor the AES ECB/Direct, CBC and CTR tests. 2024-10-05 11:44:58 -07:00
Aidan Garske e10c943bf3 wolfCrypt CSharp Wrapper:
* Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
* Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
* Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
* Fixes for several scan-build warnings.
2024-10-05 11:44:58 -07:00
Daniel Pouzzner a25c0244a7 wolfssl/wolfcrypt/types.h: refactor static_assert*() as wc_static_assert*() to avoid conflicts with target-native static_assert(), and add additional coverage for C23 and MSVC C11.
wolfcrypt/test/test.c: in render_error_message(), in tests for strerror_r(), test for __USE_GNU.
2024-10-04 16:41:33 -05:00
jordan c3410f2cb8 dilithium: support building dilithium with wolfboot. 2024-10-03 16:38:12 -05:00
Daniel Pouzzner e814d1baea Merge pull request #8016 from SparkiDev/dilithium_draft_final_fix
Dilithium: Final and draft available in one build
2024-10-02 14:02:00 -05:00
Reda Chouk 10f0885d88 Merge branch 'master' into fix-conversion 2024-10-02 17:14:06 +02:00
Sean Parkinson 50bbdbbe42 Dilithium: Final and draft available in one build
Make draft version of ML-DSA compiled in with final.
Use WC_ML_DSA_44_DRAFT, WC_ML_DSA_65_DRAFT and WC_ML_DSA_87_DRAFT for
the level to get the draft implementation.
2024-10-02 22:23:25 +10:00
JacobBarthelmeh 45b88048c2 make macro unique to wolfSSL 2024-09-25 15:59:57 -06:00
JacobBarthelmeh d72c0b372c Merge pull request #7990 from buchstabenwurst/master
Add support for (DevkitPro)libnds
2024-09-25 15:52:34 -06:00
JacobBarthelmeh 79b5ec86f6 Merge pull request #8015 from gojimmypi/pr-mp_read_radix
gate test mp_read_radix on OPENSSL_EXTRA or !NO_DSA or HAVE_ECC
2024-09-25 11:35:57 -06:00
jordan e5109b3f41 misc cleanup: extra spaces, typos. 2024-09-25 09:51:48 -05:00
gojimmypi 393072037a gate test mp_read_radix on OPENSSL_EXTRA || !NO_DSA || HAVE_ECC 2024-09-24 17:23:04 -07:00
Joshua Okeleke 1896b47399 Change comment style 2024-09-24 16:35:29 +02:00
JacobBarthelmeh 554d52b069 Merge pull request #7777 from night1rider/MAX32666-port
MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback Support
2024-09-20 17:14:34 -06:00
Daniel Pouzzner 55cd8a800f FIPS v5 gating fixes:
configure.ac:
* fix logic in "Forcing off" test expressions, first flubbed in 19106a9510;
* fix auto-enable of compkey to exclude v5 even if v5-dev.

src/tls13.c: fix gating for HKDF _ex() variants (>=6.0, not >=5.3).

wolfcrypt/src/error.c: snip out stray spaces at start of several ECC error message strings.

wolfcrypt/test/test.c:
* in render_error_message(), use wolfSSL_ERR_reason_error_string() if available rather than wc_GetErrorString(), to render non-wolfcrypt error strings;
* in ecc_test_deterministic_k(), ecc384_test_deterministic_k(), ecc521_test_deterministic_k(), on FIPS <6.0, gate out SHA384 and SHA512 tests (FIPS v5 only supports SHA256 in wc_ecc_gen_deterministic_k());
* in cmac_test(), gate use of wc_AesCmacGenerate_ex() and wc_AesCmacVerify_ex() on >=6.0, not >=5.3.
2024-09-20 13:53:36 -05:00
night1rider 1cb324affa Expanding mutexing and Adding in AES Callbacks for HW 2024-09-20 09:42:53 -06:00
Daniel Pouzzner 212708e3b4 wolfssl/wolfcrypt/ecc.h and wolfcrypt/src/ecc.c: refactor ecc_sets and ecc_sets_count using accessor functions, to fix linker relocation errors in Fedora packaging test. 2024-09-19 17:03:07 -05:00
Joshua Okeleke 337456cc1e Add support for (DevkitPro)libnds 2024-09-18 21:27:53 +02:00
Reda Chouk 949565f156 Merge branch 'wolfSSL:master' into fix-conversion 2024-09-18 17:16:48 +02:00
Reda Chouk be88ddda15 more Wconversion fixes: api/test* block 2024-09-18 16:53:39 +02:00
András Fekete 9666394b73 Merge pull request #7977 from billphipps/have_rsa_fix
Update to remove HAVE_RSA references.  Correct NO_MALLOC RSA test bug.
2024-09-16 16:26:26 -04:00
Bill Phipps 92f3a808b0 Update to remove HAVE_RSA references. Correct NO_MALLOC RSA test bug. 2024-09-16 13:29:38 -04:00
Sean Parkinson e6b466dd71 Merge pull request #7923 from embhorn/rsa2048_min
Set RSA_MIN_SIZE default to 2048 bits
2024-09-16 21:38:19 +10:00
Daniel Pouzzner 4545a9b4a2 Merge pull request #7960 from night1rider/mmcau-DesEcb
DES ECB using mmcau HW Library, and DES ECB basic test
2024-09-14 00:07:18 -05:00
Eric Blankenhorn 91e411b4b9 Set RSA_MIN_SIZE default to 2048 bits 2024-09-13 16:02:05 -05:00
David Garske 20e2e33e25 Merge pull request #7939 from SparkiDev/thumb2_poly1305
undefined
2024-09-12 11:15:53 -07:00
Siert Wieringa 9e2a7b3653 Feature/multiple aes siv ads (#7911)
* Proposed new interface for AesSivEncrypt with number of ADs != 1.

* Implement AES SIV S2V computation with a number of ADs not equal to 1.

* Add Example A.1 from RFC5297 to AES SIV test vectors.

* Add tests for new AES SIV interface, and add test vectors for examples given in RFC5297.

* Include the nonce in count of maximum number of ADs.

* Addressing review comments.

* Addressing review comments: Use uppercase 'U' suffix on unsigned constant.

* Rename local variables named 'ad0' to 'ad', since the zero makes no sense, especially since in the RFC 5297 document they're actually counting the ADs from 1.
2024-09-12 07:55:29 -07:00
Sean Parkinson 27033c225f Thumb-2 ChaCha, Poly1305: implemention in assembly
Implementation of ChaCha algorithm for ARM Thumb-2.
Implementation of Poly1305 algorithm for ARM Thumb-2.
2024-09-12 10:59:01 +10:00
night1rider e912aff7e5 DES ECB using mmcau HW Library, and DES ECB basic test 2024-09-09 15:32:21 -06:00
Daniel Pouzzner 49a680540c add constant time DH key agreement APIs:
* adds wc_DhAgree_ct().
* adds wolfSSL_DH_compute_key_padded(), using wc_DhAgree_ct() if available, with fallback fixup code.
* adds unit test coverage in api.c:test_wolfSSL_DH() for expected-success calls to wolfSSL_DH_compute_key() and wolfSSL_DH_compute_key_padded().
2024-09-09 16:24:07 -05:00
David Garske 80a63a3fce Merge pull request #7924 from anhu/pqm4_purge
Get rid of pqm4 in favour our own Kyber/MLDSA implementation
2024-09-06 12:00:26 -07:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
Daniel Pouzzner a31733db85 Merge pull request #7909 from SparkiDev/dilithium_fips204_draft
Dilithium: Support FIPS 204 Draft
2024-09-04 14:34:59 -05:00
David Garske 7c7de235d8 Merge pull request #7937 from douzzer/20240903-missing-WC_NO_ERR_TRACEs
20240903-missing-WC_NO_ERR_TRACEs
2024-09-04 08:07:19 -07:00
Daniel Pouzzner b26fa6cf59 Merge pull request #7918 from SparkiDev/type_conversion_fixes_3
Type conversion fixes
2024-09-03 20:18:00 -05:00
Daniel Pouzzner 806df85477 backfill more missing WC_NO_ERR_TRACE()s on error code operands, and refactor away the obsolete GEN_MEM_ERR macro mechanism in wolfcrypt/src/ecc.c. 2024-09-03 17:44:11 -05:00
Sean Parkinson ed7beb4e0e Type conversion fixes
Changes to get compilation with -Wconversion passing on the files.
2024-09-02 19:19:23 +10:00
Juliusz Sosinowicz 2c9a3c5c1c Missing libspdm features
- RsaFunctionPrivate: detect when only n,e,d are available
- wolfSSL_EVP_add_digest: return success
- wolfSSL_EVP_add_cipher: return success
- wolfSSL_BN_bin2bn: accept NULL data if len is 0 (checked in mp_read_unsigned_bin)
- wolfssl_read_bio: advance correct bio
- wolfSSL_X509_set_ext: return raw extension data for BASIC_CA_OID
- Implement
  - sk_X509_EXTENSION_free
  - d2i_EC_PUBKEY_bio
  - d2i_RSA_PUBKEY_bio
  - d2i_X509_REQ_INFO
  - X509_REQ_INFO_free
  - ASN1_TIME_set_string_X509
2024-09-02 10:01:12 +02:00
Anthony Hu 844d0ec558 Get rid of pqm4 in favour our own Kyber/MLDSA implementation 2024-08-29 13:23:39 -04:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
Sean Parkinson 652158fcac Dilithium: Support FIPS 204 Draft
Compile with WOLFSSL_DILITHIUM_FIPS204_DRAFT to get code that implements
the FIPS-204 August 2023 DRAFT.
Alternatively, --enable-dilithium=draft or
--enable-dilithium=fips204-draft
2024-08-28 11:02:01 +10:00
Eric Blankenhorn dcea21a9a5 Merge pull request #7897 from douzzer/20240823-WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
20240823-WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
2024-08-27 15:41:20 -05:00
Sean Parkinson 60f438f0c3 Dilithum, Kyber: Update to final specification
FIPS 203 and FIPS 204 final specification changes.
2024-08-26 17:42:27 +10:00
Daniel Pouzzner 7725e75c42 add WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS flag for optional errcode tracing in apps, define it in wolfcrypt/test/test.c when defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES), and deploy WC_NO_ERR_TRACE() to test.c where needed. 2024-08-23 16:35:43 -05:00
Daniel Pouzzner 2448d482f4 wolfssl/wolfcrypt/error-crypt.h: move MPI error codes to range {-97, -100} to avoid collisions. 2024-08-20 23:37:21 -05:00
Daniel Pouzzner 0da78a7ee2 move several MP error codes from wolfssl/wolfcrypt/sp_int.h, wolfssl/wolfcrypt/tfm.h, and wolfssl/wolfcrypt/integer.h, to wolfssl/wolfcrypt/error-crypt.h, harmonizing their names and numbers.
wolfssl/wolfcrypt/error-crypt.h: add WC_FIRST_E.

wolfcrypt/src/error.c: add MP error code strings.

wolfssl/error-ssl.h: add WOLFSSL_FIRST_E and WOLFSSL_LAST_E.

wolfcrypt/test/test.c: update error_test() for new error code layout, refactoring the "missing" check.

src/internal.c: use WC_FIRST_E and WC_LAST_E  in wolfSSL_ERR_reason_error_string().

src/ssl.c: fix wolfSSL_ERR_GET_REASON() to identify in-range error codes using WC_FIRST_E, WC_LAST_E, WOLFSSL_FIRST_E, and WOLFSSL_LAST_E.

sp_int.h: provide for WOLFSSL_DEBUG_TRACE_ERROR_CODES, and refactor MP error codes as enums, for consistency with other error codes.

wolfcrypt/src/ecc.c: fix 2 identicalInnerCondition's.
2024-08-20 14:09:06 -05:00
Daniel Pouzzner 14254e8a6e Merge pull request #7862 from bigbrett/wc-test-nocryptocb
cryptocb test disable option
2024-08-14 23:18:02 -05:00
Andras Fekete f8c968d8d1 Fix possible memory overrun 2024-08-13 13:43:54 -04:00