Commit Graph

7585 Commits

Author SHA1 Message Date
David Garske 089468fbf1 Merge pull request #7132 from ejohnstown/x25519-ecdhe-psk
ECDHE-PSK with x25519
2024-01-16 20:16:01 -08:00
David Garske 11029127df Merge pull request #7119 from JacobBarthelmeh/crl
support for RSA-PSS signatures with CRL
2024-01-16 15:23:16 -08:00
John Safranek 746ffac84a ECDHE-PSK with x25519
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
   is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
2024-01-16 15:18:05 -08:00
JacobBarthelmeh b140f93b17 refactor sigParams allocation and adjust test file name 2024-01-16 14:41:24 -07:00
JacobBarthelmeh 114d11a8d8 adding RSA-PSS macro guard around CRL use 2024-01-15 15:33:01 -07:00
Stanislav Klima 909b437571 cleared ticket and ticketNonce 2024-01-11 19:59:12 +01:00
Stanislav Klima e63c50b1f3 fixed double free happening during EvictSessionFromCache 2024-01-11 19:52:03 +01:00
Sean Parkinson 8c6de41eb9 Merge pull request #7051 from JacobBarthelmeh/mb
fix and enhancement for AES-GCM use with Xilsecure
2024-01-12 03:44:43 +10:00
David Garske 06a32d3437 Merge pull request #7097 from lealem47/removeUserCrypto
Remove user-crypto functionality and Intel IPP support
2024-01-09 17:33:28 -08:00
JacobBarthelmeh cd07e32b13 update crl files and add in compat support for RSA-PSS 2024-01-08 16:38:11 -08:00
JacobBarthelmeh 74f0625c89 add native asn template RSA-PSS support with CRL 2024-01-05 14:25:12 -08:00
Daniel Pouzzner d5d476a3a1 Merge pull request #7113 from bandi13/codeSonarFixes
Leak
2024-01-05 12:38:17 -05:00
Andras Fekete f84fa8dd8d Uninitialized variable
Warning 581199.5810097
2024-01-04 17:13:28 -05:00
Daniel Pouzzner 7f53bcc4d0 fixes for clang-tidy reported defects and misstylings --with-liboqs:
* readability-named-parameter (style)
* bugprone-sizeof-expression (true bugs)
* clang-analyzer-deadcode.DeadStores (true bugs)
* clang-analyzer-core.NonNullParamChecker (true bug)
* clang-diagnostic-newline-eof (style)
* clang-diagnostic-shorten-64-to-32 (true but benign in practice)

fixes for sanitizer reported defects --with-liboqs: null pointer memcpy()s in TLSX_KeyShare_GenPqcKey() and server_generate_pqc_ciphertext().

fixes for silent crypto-critical failure in wolfSSL_liboqsGetRandomData(): refactor to accommodate oversize numOfBytes, and abort() if wc_RNG_GenerateBlock() returns failure.
2024-01-04 15:57:09 -06:00
Sean Parkinson 9e468a900b Merge pull request #7096 from julek-wolfssl/zd/17219
Add fencing to ClientSessionToSession()
2024-01-05 07:24:00 +10:00
Juliusz Sosinowicz 14c812cdb7 Code review
Add server side check
2024-01-04 13:19:44 +01:00
Juliusz Sosinowicz 5bdcfaa5d0 server: allow reading 0-RTT data after writing 0.5-RTT data 2024-01-04 13:19:44 +01:00
Daniel Pouzzner 9db20774d8 Merge pull request #7099 from jpbland1/tls13-bounds-check
TLS13 padding bounds check
2024-01-04 01:09:36 -05:00
John Bland b37716f5ce refactor and remove word16 index 2024-01-03 19:19:13 -05:00
John Bland 245c87fe8f clean up variable definitions 2024-01-03 17:39:20 -05:00
John Bland e1435e96d2 do bounds check on full word32 size to match
inputBuffer length
2024-01-03 17:21:08 -05:00
Daniel Pouzzner bcfaf0372c Merge pull request #7026 from Frauschi/liboqs
Improve liboqs integration
2024-01-03 16:20:26 -05:00
Sean Parkinson 52db533d9b Merge pull request #7106 from bandi13/20231114-codesonar-fixes
20231114 codesonar fixes
2024-01-04 07:16:33 +10:00
Daniel Pouzzner 7e60b029c2 Merge branch 'master' into liboqs 2024-01-03 15:56:05 -05:00
Andras Fekete e5d8ce9983 Fix memset size 2024-01-03 11:09:20 -05:00
Andras Fekete d164a6c543 Buffer Overrun
Warning 545843.5806721
2024-01-03 10:00:31 -05:00
Andras Fekete c404df78b1 Uninitialized variable
Warning 581196.3236230
2024-01-03 09:59:18 -05:00
jordan e175004f85 Fix Infer Uninitialized Values. 2024-01-02 12:16:20 -06:00
JacobBarthelmeh 567243d257 touch up autoconf build with xilinx and sp macro guards 2024-01-02 08:50:59 -08:00
Daniel Pouzzner b17ec3b4bc cppcheck-2.13.0 mitigations peer review:
* add explanation in DoSessionTicket() re autoVariables.
* re-refactor ECC_KEY_MAX_BITS() in ecc.c to use two separate macros, ECC_KEY_MAX_BITS() with same definition as before, and ECC_KEY_MAX_BITS_NONULLCHECK().
* in rsip_vprintf() use XVSNPRINTF() not vsnprintf().
* in types.h, fix fallthrough definition of WC_INLINE macro in !NO_INLINE cascade to be WC_MAYBE_UNUSED as it is when NO_INLINE.
2023-12-28 16:38:47 -06:00
Daniel Pouzzner 44b18de704 fixes for cppcheck-2.13.0 --force:
* fix null pointer derefs in wc_InitRsaKey_Id() and wc_InitRsaKey_Label() (nullPointerRedundantCheck).
* fix use of wrong printf variant in rsip_vprintf() (wrongPrintfScanfArgNum).
* fix wrong printf format in bench_xmss_sign_verify() (invalidPrintfArgType_sint).
* add missing WOLFSSL_XFREE_NO_NULLNESS_CHECK variants of XFREE() (WOLFSSL_LINUXKM, FREESCALE_MQX, FREESCALE_KSDK_MQX).
* suppress false-positive uninitvar on "limit" in CheckTLS13AEADSendLimit().
* suppress true-but-benign-positive autoVariables in DoClientHello().
* in wolfcrypt/src/ecc.c, refactor ECC_KEY_MAX_BITS() as a local function to resolve true-but-benign-positive identicalInnerCondition.
* refactor flow in wc_ecc_sign_hash_ex() to resolve true-but-benign-positive identicalInnerCondition.
2023-12-28 15:06:21 -06:00
Daniel Pouzzner 457188f55e Merge pull request #7070 from dgarske/cryptocb_moreinfo
Fixes for TLS with crypto callbacks
2023-12-27 18:55:56 -05:00
David Garske 1c4d7285d3 Add documentation for HKDF functions. Improve param comments for devId. 2023-12-27 13:56:40 -08:00
John Bland e641c6b738 when removing the padding for the TLS13 verify message
step, check that the index doesn't wrap around due to a malformed packet
2023-12-27 16:06:40 -05:00
Lealem Amedie 837452b1ca Remove user-crypto functionality and Intel IPP support 2023-12-27 12:24:19 -07:00
David Garske 0d057099af Fix line lengths. 2023-12-27 10:12:52 -08:00
David Garske b86dfffdbe Improve the TLS v1.3 expand key label warning for possible use of uninitialized "hash". 2023-12-27 09:52:56 -08:00
Juliusz Sosinowicz 4b21cf3efc Add fencing to ClientSessionToSession()
Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized.

Fixes ZD17219

Co-authored-by: Daniele Lacamera <dan@danielinux.net>
2023-12-27 16:23:52 +01:00
Daniel Pouzzner e68facd889 src/ssl.c: in wolfSSL_curve_is_disabled(), fix shiftTooManyBitsSigned. 2023-12-25 00:27:49 -06:00
David Garske d9ac8b5422 Peer review fixes. Fix issues with Tls13HKDFExpandKeyLabel. Fix crypto callback line lengths. 2023-12-22 14:16:59 -08:00
Daniel Pouzzner e65e9f11c7 fixes for clang -Wunreachable-code-aggressive (-Wunreachable-code/clang-diagnostic-unreachable-code in src/ssl.c:wolfSSL_CTX_load_verify_buffer_ex() and -Wunreachable-code/clang-diagnostic-unreachable-code-return in api.c:myCEKwrapFunc()). 2023-12-22 14:12:13 -06:00
David Garske 0d212d8055 Further cleanup for Hashes.sha when not required. Gate all TLS SHA-1 on either old TLS or WOLFSSL_ALLOW_TLS_SHA1. 2023-12-21 09:41:29 -08:00
Daniel Pouzzner f2d573f01f wolfssl/wolfcrypt/asn.h, src/ssl.c: add "ANONk" to enum Key_Sum, and use the new value in wolfSSL_get_sigalg_info(), fixing clang-analyzer-optin.core.EnumCastOutOfRange.
add suppressions in tests for expected clang-analyzer-optin.core.EnumCastOutOfRange's.
2023-12-19 18:14:29 -06:00
David Garske 41d4f4a972 Fix TLS v1.2 case where SHA-1 could be used uninitialized. Exclude the SHA1 struct from HS_Hashes when not needed. Fixes mix-match of the SHA-1 with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1. 2023-12-19 12:30:53 -08:00
David Garske fb5eab8f79 Fix one shot hash routines to attempt offloading to crypto callbacks. Fix random.c health test to use devId. Fix FIPS unused "ssl". 2023-12-19 11:20:56 -08:00
David Garske 2001d1c74b Fixes for TLS v1.3 with crypto callbacks not offloading DeriveKeyMsg, KDF HMAC and ECH. 2023-12-19 08:15:58 -08:00
Lealem Amedie dd55cdbea8 Initialize variables to NULL 2023-12-18 16:51:51 -07:00
Daniel Pouzzner 7eed28fbe0 src/ssl.c: in AddSessionToClientCache(), remove benign frivolous assignment, and fix so that ret is assigned only if no error. 2023-12-18 11:15:28 -06:00
Tobias Frauenschläger 85c40b1728 liboqs: add RNG support for falcon
Added a RNG argument to the wc_falcon_sign_msg method to properly
generate necessary random data using the desired WolfSSL RNG object.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-12-16 12:40:26 +01:00
Tobias Frauenschläger ec86a86096 liboqs: add RNG support for dilithium
Added a RNG argument to the wc_dilithium_sign_msg method to properly
generate necessary random data using the desired WolfSSL RNG object.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-12-16 12:40:26 +01:00