Commit Graph

1502 Commits

Author SHA1 Message Date
Juliusz Sosinowicz c9d91c5e79 Zephyr port update
- Add CONFIG_PTHREAD_IPC when using threads
- Add logging config suggestions
- test.c: fix undefined `ret` error
- Increase stack size for samples
- Ignore ASN_BEFORE_DATE_E in examples
- wc_port.h: add missing posix thread includes
- wc_port.h: move definitions to relevant section
- benchmark.c: fix missing `arc` and `argv` errors
- benchmark.c: fflush does not work on stdout in Zephyr
- Update z_fs_open implementation to support flags
2023-04-19 18:18:00 +02:00
JacobBarthelmeh ff13a7cdc8 Merge pull request #6250 from julek-wolfssl/fix-wolfSSL_DES_ede3_cbc_encrypt
Write next IV in wolfSSL_DES_ede3_cbc_encrypt
2023-04-18 09:33:10 -06:00
Daniel Pouzzner 4b59588cf3 more fixes for implicit casts, mostly asn=original. 2023-04-12 02:17:18 -05:00
JacobBarthelmeh 1bef3ec745 Merge pull request #6233 from embhorn/gh6209
Support HAVE_SESSION_TICKET without realloc
2023-04-05 15:17:58 -06:00
Eric Blankenhorn d9bf93b49f Support HAVE_SESSION_TICKET without realloc 2023-04-05 11:33:06 -05:00
Juliusz Sosinowicz 171c217ae5 Add in-place support for DES_ede3_cbc_encrypt 2023-04-05 15:50:51 +02:00
JacobBarthelmeh 30adcd58d8 IMX6Q CAAM Port 2023-04-03 16:41:08 -06:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
Juliusz Sosinowicz ffcc66bb53 Add explicit casts 2023-03-31 11:48:18 +02:00
David Garske 22a5a5c45e Add introspection for math build and math cleanups:
* Add introspection for math build.
* Raise build error if more than one multi-precision math library used.
* Fix ESP32 to support using any multi-precision math option.
* Refactor math headers to use `wolfmath.h`
* Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32).
* Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`.
* Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings.

Applies To:
```
WOLFSSL_ESPWROOM32
WOLFSSL_ESPWROOM32SE
MICROCHIP_PIC32
WOLFSSL_PICOTCP_DEMO
WOLFSSL_UTASKER
WOLFSSL_NRF5x
FREERTOS_TCP
WOLFSSL_TIRTOS
EBSNET
FREESCALE_COMMON
FREESCALE_KSDK_BM
WOLFSSL_DEOS
MICRIUM
WOLFSSL_SGX
```
2023-03-30 14:42:55 -07:00
Juliusz Sosinowicz de2f878781 Write next IV in wolfSSL_DES_ede3_cbc_encrypt 2023-03-30 18:47:53 +02:00
Lealem Amedie a5e7a20c93 Fix for logic gating strerror_r() 2023-03-22 17:29:13 -06:00
kaleb-himes e1d1f0790e Fixup uninitialized warnings detected by xCode 2023-03-16 15:18:00 -06:00
Daniel Pouzzner 6a7674a146 wolfcrypt/test/test.c: improve strerror_r() flavor sensing (simpler gate randomly provoked cppcheck-all-async-quic). 2023-03-01 17:50:00 -06:00
Sean Parkinson d1b8386d36 Cert name encoding fix
Only include extra name entries once when encoding.
Fix certDefaultName to not have \0 on strings of extra names.
2023-03-01 10:01:54 +10:00
Daniel Pouzzner b133f6bbf7 20230223-refactor-test-c-error-codes (#6135)
* wolfcrypt/test/test.{c,h}: refactor to capture and encode error retvals using WC_TEST_RET_*() macros (based on line numbers), and print line and return code in err_sys().
* wolfcrypt/test/test.h: cast back to int in WC_TEST_RET_ENC(), to fix MSVC warning.
* configure.ac: add shake128 and shake256 to enable-all and enable-all-crypto;
* wolfcrypt/benchmark/benchmark.c: fix gating for bench_shake128() from !defined(WOLFSSL_NO_SHAKE128) to defined(WOLFSSL_SHAKE128).
* wolfcrypt/test/test.h: add WC_TEST_RET_TAG_* and WC_TEST_RET_DEC_TAG(), and refactor WC_TEST_RET_{ENC,DEC}_*() macros to implement the tag mechanism;
* add render_error_message() with tag-specific rendering of error strings;
* wolfcrypt/test/test.c: smallstack refactor of shake128_test() and shake128_absorb_test();
* wolfcrypt/test/test.c: change gating around mp_test() and related routines from defined(HAVE_VALGRIND) to defined(WOLFSSL_PUBLIC_MP);
* smallstack refactor of mp_test();
* refactor a slew of WC_TEST_RET_ENC_NC associated with XFOPEN/XFREAD to be WC_TEST_RET_ENC_ERRNO, and add error detection for XFREAD (previously silently tolerating zero retvals).
* wolfcrypt/test/test.c: build mp_test() only if WOLFSSL_SP_MATH_ALL or USE_FAST_MATH (in addition to WOLFSSL_PUBLIC_MP), because many general purpose functions such as sp_mulmod() are gated out in SP builds without WOLFSSL_SP_MATH_ALL.
* wolfcrypt/test/test.c: fix array bounds flubs in shake128_test();
* don't print_fiducials() in wolfcrypt_test() header, but rather, after render_error_message() in err_sys().
* wolfcrypt/test/test.{c,h}: wrap some overlong lines, and fix an unused-variable warning in mp_test_set_is_bit().
* wolfcrypt/test/test.c: fixes for several misplaced and several missing WC_TEST_RET_ENC_EC()s.
2023-02-28 13:02:37 -08:00
JacobBarthelmeh b801a96f8c Port to RT1170 and expand CAAM driver 2023-02-22 08:26:25 -08:00
David Garske fc6d693dae Update logging enter, exit, msg to match function names. Fix some typos and improper use of "enter". Fix internal uses of SSL_SUCCESS and SSL_FAILURE. Add WOLFSSL_DEBUG_NONBLOCK option to allow printing iterations without debug enabled. 2023-02-21 12:02:15 -08:00
gojimmypi 136267d29c Add new SHA-512/224 and SHA-512/256 tests 2023-02-20 16:55:38 -08:00
Daniel Pouzzner a945017a88 wolfcrypt/test/test.c: around ecc_ctx_kdf_salt_test(): fix fips gating, fix length handling for "message", fix memory leaks;
in crypto_ecc_verify(), crypto_ecc_sign(), ecc_test_nonblock_dhe(), and ecc_test_nonblock_ecdsa(), add codepoint-specific retvals.
2023-02-13 14:21:50 -06:00
John Bland 338d8db274 Ecc ctx state fix (#6077)
* set the client state correctly when wc_ecc_ctx_set_kdf_salt is called
* add test that covers wc_ecc_ctx_set_kdf_salt
* use shared key and smallstack to reduce test stack usage
2023-02-10 10:05:52 -08:00
John Bland e9aeb1a857 Add nuttx integration (#6043) 2023-02-08 16:04:53 -08:00
Sean Parkinson 3455e726f9 SP int: make used and size fields unsigned
used and size have no reason to be negative - change type.
Change code to match unsigned change. Mostly change variables to be
unsigned where possible.
integer.c: Only have mp_rand_prime available when needed and
mp_prime_is_prime_ex is available.
Fixes from regression testing.
2023-02-03 17:09:56 +10:00
Daniel Pouzzner 38c057a084 fix resource leak (missing calls to wc_AesFree()) in wolfSSL_EVP_CIPHER_CTX_cleanup();
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;

fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();

fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);

fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());

also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
2023-02-01 00:49:34 -06:00
David Garske 2d03a052e1 Fixes and cleanups for STM32:
* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1.
* Cleanups for `XREALLOC` and new `WOLFSSL_NO_REALLOC` to force undef of `XREALLOC`.
* Change STM32 Cube to default to `NO_TLS_UART_TEST`.
2023-01-30 16:44:47 -08:00
Sean Parkinson 0e16d2919f Merge pull request #6022 from douzzer/20230127-fixes
20230127-fixes
2023-01-30 08:46:42 +10:00
Kareem c70ca25282 Fix building NO_ASN_TIME with cert gen and OpenSSL Extra enabled. 2023-01-27 16:09:04 -07:00
Daniel Pouzzner d077c39f42 wolfcrypt/test/test.c: in aes_xts_128_test(), gate in-place test on !HAVE_FIPS || FIPS_VERSION_GE(5,3); in hpke_test(), gate tests on availability of relevant ECC curve, not just on relevant digest. 2023-01-27 16:49:46 -06:00
David Garske 06509021ff Merge pull request #6013 from douzzer/20230125-various-fixes
20230125-various-fixes
2023-01-26 15:10:18 -08:00
David Garske 58c2fe1c40 Merge pull request #6011 from SparkiDev/xts_in_place_enc_fix
AES XTS: encrypt not handling in-place properly
2023-01-26 14:04:58 -08:00
Daniel Pouzzner f776371874 wolfcrypt/src/hpke.c: add PRIVATE_KEY_{UNLOCK,LOCK}() wrappers in wc_HpkeSealBase() and wc_HpkeOpenBase();
wolfcrypt/test/test.c: remove PRIVATE_KEY_{UNLOCK,LOCK}() wrappers from hpke_test_single(), and do a smallstack refactor.
2023-01-26 15:00:56 -06:00
Daniel Pouzzner 8f2ae77513 wolfcrypt/test/test.c: add missing PRIVATE_KEY_UNLOCK()/PRIVATE_KEY_LOCK() in hpke_test_single(). 2023-01-25 23:32:55 -06:00
David Garske 584411f21a Merge pull request #6012 from kareem-wolfssl/zd15524
Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined.
2023-01-25 18:59:38 -08:00
Kareem c9125f9685 Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined. 2023-01-25 14:49:05 -07:00
Sean Parkinson e9af0136b9 AES XTS: encrypt not handling in-place properly
Fix AES XTS in-place encrypt to work when ciphertext stealing.
2023-01-25 09:32:37 +10:00
Sean Parkinson 90e24d8ba5 DSA sign: use mp_to_unsigned_bin_len
mp_to_unsigned_len checks length and front pads with zeros.

Return MP_VAL when length is too small in all implemenations.
Make TFM implementation check length.
Add test case.
2023-01-23 09:14:24 +10:00
David Garske e72ec4e876 Merge pull request #5976 from SparkiDev/eccsi_hash_check
ECCSI: hash function must have output size as curve size
2023-01-19 17:50:44 -08:00
David Garske 6b6ad38e4f Adds support for TLS v1.3 Encrypted Client Hello (ECH) draft-ietf-tls-esni) and HPKE (Hybrid Public Key Encryption) RFC9180. 2023-01-18 11:37:27 -08:00
Sean Parkinson 11ea6a10e8 ECCSI: hash function must have output size as curve size 2023-01-18 03:54:17 +10:00
Anthony Tatowicz a08c853799 Add fix for siphash cache and tests 2023-01-05 16:56:07 -06:00
David Garske 023db01aca * Fixed some build configuration variations.
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
2023-01-03 10:59:59 -08:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
JacobBarthelmeh 4a23edd5fb fix for older selftest that returns bad padding instead of salt len error 2022-12-30 06:31:09 -08:00
David Garske d686f0a5de Merge pull request #5925 from SparkiDev/sp_mod_3_perf
SP math: rework mod 3
2022-12-22 17:55:28 -08:00
David Garske 49d23cf60a Merge pull request #5913 from douzzer/20221219-no-sha-1-all-crypto
20221219-no-sha-1-all-crypto
2022-12-22 17:02:58 -08:00
Sean Parkinson 162dca87c3 SP math: rework mod 3
Simplification when only calculating mod and modulus is 3.
2^(2*n) * x mod 3 = x mod 3.
Add all digits and calculate mod 3 of sum.
2022-12-23 09:21:13 +10:00
Chris Conlon 9a7ff8773b add --with-libsuffix support, append suffix to library artifact name 2022-12-21 13:31:07 -07:00
Daniel Pouzzner 91869f6028 minor fixes to accommodate --disable-sha in combination with --enable-all-crypto. 2022-12-20 00:42:05 -06:00
kaleb-himes ed17524793 Add alt case for unsupported static memory API 2022-12-14 16:02:35 -07:00
Sean Parkinson 1de30c6b67 SP: --enable-sp-asm now enables SP if not set
Enabling SP with ASM didn't enable SP or error out when SP wasn't
configured. Now enables SP when '' and errors when 'no'.

SAKKE modinv used large amounts of stack. Change to have more temporary
memory allocated increased to cover the usage.
ECC, SAKKE: sp_<bits>_ecc_mulmod_<cpu><words>() used large amounts of
stack. Allocate when WOLFSSL_SMALL_STACK.

wc_DhCheckKeyPair() not available when HAVE_SELFTEST.
Wasn't compiled in before as WOLFSSL_HAVE_SP_DH wasn't defined.
2022-12-07 09:01:53 +10:00