David Garske
089468fbf1
Merge pull request #7132 from ejohnstown/x25519-ecdhe-psk
...
ECDHE-PSK with x25519
2024-01-16 20:16:01 -08:00
David Garske
11029127df
Merge pull request #7119 from JacobBarthelmeh/crl
...
support for RSA-PSS signatures with CRL
2024-01-16 15:23:16 -08:00
John Safranek
746ffac84a
ECDHE-PSK with x25519
...
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
2024-01-16 15:18:05 -08:00
JacobBarthelmeh
b140f93b17
refactor sigParams allocation and adjust test file name
2024-01-16 14:41:24 -07:00
JacobBarthelmeh
114d11a8d8
adding RSA-PSS macro guard around CRL use
2024-01-15 15:33:01 -07:00
Stanislav Klima
909b437571
cleared ticket and ticketNonce
2024-01-11 19:59:12 +01:00
Stanislav Klima
e63c50b1f3
fixed double free happening during EvictSessionFromCache
2024-01-11 19:52:03 +01:00
Sean Parkinson
8c6de41eb9
Merge pull request #7051 from JacobBarthelmeh/mb
...
fix and enhancement for AES-GCM use with Xilsecure
2024-01-12 03:44:43 +10:00
David Garske
06a32d3437
Merge pull request #7097 from lealem47/removeUserCrypto
...
Remove user-crypto functionality and Intel IPP support
2024-01-09 17:33:28 -08:00
JacobBarthelmeh
cd07e32b13
update crl files and add in compat support for RSA-PSS
2024-01-08 16:38:11 -08:00
JacobBarthelmeh
74f0625c89
add native asn template RSA-PSS support with CRL
2024-01-05 14:25:12 -08:00
Daniel Pouzzner
d5d476a3a1
Merge pull request #7113 from bandi13/codeSonarFixes
...
Leak
2024-01-05 12:38:17 -05:00
Andras Fekete
f84fa8dd8d
Uninitialized variable
...
Warning 581199.5810097
2024-01-04 17:13:28 -05:00
Daniel Pouzzner
7f53bcc4d0
fixes for clang-tidy reported defects and misstylings --with-liboqs:
...
* readability-named-parameter (style)
* bugprone-sizeof-expression (true bugs)
* clang-analyzer-deadcode.DeadStores (true bugs)
* clang-analyzer-core.NonNullParamChecker (true bug)
* clang-diagnostic-newline-eof (style)
* clang-diagnostic-shorten-64-to-32 (true but benign in practice)
fixes for sanitizer reported defects --with-liboqs: null pointer memcpy()s in TLSX_KeyShare_GenPqcKey() and server_generate_pqc_ciphertext().
fixes for silent crypto-critical failure in wolfSSL_liboqsGetRandomData(): refactor to accommodate oversize numOfBytes, and abort() if wc_RNG_GenerateBlock() returns failure.
2024-01-04 15:57:09 -06:00
Sean Parkinson
9e468a900b
Merge pull request #7096 from julek-wolfssl/zd/17219
...
Add fencing to ClientSessionToSession()
2024-01-05 07:24:00 +10:00
Juliusz Sosinowicz
14c812cdb7
Code review
...
Add server side check
2024-01-04 13:19:44 +01:00
Juliusz Sosinowicz
5bdcfaa5d0
server: allow reading 0-RTT data after writing 0.5-RTT data
2024-01-04 13:19:44 +01:00
Daniel Pouzzner
9db20774d8
Merge pull request #7099 from jpbland1/tls13-bounds-check
...
TLS13 padding bounds check
2024-01-04 01:09:36 -05:00
John Bland
b37716f5ce
refactor and remove word16 index
2024-01-03 19:19:13 -05:00
John Bland
245c87fe8f
clean up variable definitions
2024-01-03 17:39:20 -05:00
John Bland
e1435e96d2
do bounds check on full word32 size to match
...
inputBuffer length
2024-01-03 17:21:08 -05:00
Daniel Pouzzner
bcfaf0372c
Merge pull request #7026 from Frauschi/liboqs
...
Improve liboqs integration
2024-01-03 16:20:26 -05:00
Sean Parkinson
52db533d9b
Merge pull request #7106 from bandi13/20231114-codesonar-fixes
...
20231114 codesonar fixes
2024-01-04 07:16:33 +10:00
Daniel Pouzzner
7e60b029c2
Merge branch 'master' into liboqs
2024-01-03 15:56:05 -05:00
Andras Fekete
e5d8ce9983
Fix memset size
2024-01-03 11:09:20 -05:00
Andras Fekete
d164a6c543
Buffer Overrun
...
Warning 545843.5806721
2024-01-03 10:00:31 -05:00
Andras Fekete
c404df78b1
Uninitialized variable
...
Warning 581196.3236230
2024-01-03 09:59:18 -05:00
jordan
e175004f85
Fix Infer Uninitialized Values.
2024-01-02 12:16:20 -06:00
JacobBarthelmeh
567243d257
touch up autoconf build with xilinx and sp macro guards
2024-01-02 08:50:59 -08:00
Daniel Pouzzner
b17ec3b4bc
cppcheck-2.13.0 mitigations peer review:
...
* add explanation in DoSessionTicket() re autoVariables.
* re-refactor ECC_KEY_MAX_BITS() in ecc.c to use two separate macros, ECC_KEY_MAX_BITS() with same definition as before, and ECC_KEY_MAX_BITS_NONULLCHECK().
* in rsip_vprintf() use XVSNPRINTF() not vsnprintf().
* in types.h, fix fallthrough definition of WC_INLINE macro in !NO_INLINE cascade to be WC_MAYBE_UNUSED as it is when NO_INLINE.
2023-12-28 16:38:47 -06:00
Daniel Pouzzner
44b18de704
fixes for cppcheck-2.13.0 --force:
...
* fix null pointer derefs in wc_InitRsaKey_Id() and wc_InitRsaKey_Label() (nullPointerRedundantCheck).
* fix use of wrong printf variant in rsip_vprintf() (wrongPrintfScanfArgNum).
* fix wrong printf format in bench_xmss_sign_verify() (invalidPrintfArgType_sint).
* add missing WOLFSSL_XFREE_NO_NULLNESS_CHECK variants of XFREE() (WOLFSSL_LINUXKM, FREESCALE_MQX, FREESCALE_KSDK_MQX).
* suppress false-positive uninitvar on "limit" in CheckTLS13AEADSendLimit().
* suppress true-but-benign-positive autoVariables in DoClientHello().
* in wolfcrypt/src/ecc.c, refactor ECC_KEY_MAX_BITS() as a local function to resolve true-but-benign-positive identicalInnerCondition.
* refactor flow in wc_ecc_sign_hash_ex() to resolve true-but-benign-positive identicalInnerCondition.
2023-12-28 15:06:21 -06:00
Daniel Pouzzner
457188f55e
Merge pull request #7070 from dgarske/cryptocb_moreinfo
...
Fixes for TLS with crypto callbacks
2023-12-27 18:55:56 -05:00
David Garske
1c4d7285d3
Add documentation for HKDF functions. Improve param comments for devId.
2023-12-27 13:56:40 -08:00
John Bland
e641c6b738
when removing the padding for the TLS13 verify message
...
step, check that the index doesn't wrap around due to a malformed packet
2023-12-27 16:06:40 -05:00
Lealem Amedie
837452b1ca
Remove user-crypto functionality and Intel IPP support
2023-12-27 12:24:19 -07:00
David Garske
0d057099af
Fix line lengths.
2023-12-27 10:12:52 -08:00
David Garske
b86dfffdbe
Improve the TLS v1.3 expand key label warning for possible use of uninitialized "hash".
2023-12-27 09:52:56 -08:00
Juliusz Sosinowicz
4b21cf3efc
Add fencing to ClientSessionToSession()
...
Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized.
Fixes ZD17219
Co-authored-by: Daniele Lacamera <dan@danielinux.net >
2023-12-27 16:23:52 +01:00
Daniel Pouzzner
e68facd889
src/ssl.c: in wolfSSL_curve_is_disabled(), fix shiftTooManyBitsSigned.
2023-12-25 00:27:49 -06:00
David Garske
d9ac8b5422
Peer review fixes. Fix issues with Tls13HKDFExpandKeyLabel. Fix crypto callback line lengths.
2023-12-22 14:16:59 -08:00
Daniel Pouzzner
e65e9f11c7
fixes for clang -Wunreachable-code-aggressive (-Wunreachable-code/clang-diagnostic-unreachable-code in src/ssl.c:wolfSSL_CTX_load_verify_buffer_ex() and -Wunreachable-code/clang-diagnostic-unreachable-code-return in api.c:myCEKwrapFunc()).
2023-12-22 14:12:13 -06:00
David Garske
0d212d8055
Further cleanup for Hashes.sha when not required. Gate all TLS SHA-1 on either old TLS or WOLFSSL_ALLOW_TLS_SHA1.
2023-12-21 09:41:29 -08:00
Daniel Pouzzner
f2d573f01f
wolfssl/wolfcrypt/asn.h, src/ssl.c: add "ANONk" to enum Key_Sum, and use the new value in wolfSSL_get_sigalg_info(), fixing clang-analyzer-optin.core.EnumCastOutOfRange.
...
add suppressions in tests for expected clang-analyzer-optin.core.EnumCastOutOfRange's.
2023-12-19 18:14:29 -06:00
David Garske
41d4f4a972
Fix TLS v1.2 case where SHA-1 could be used uninitialized. Exclude the SHA1 struct from HS_Hashes when not needed. Fixes mix-match of the SHA-1 with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1.
2023-12-19 12:30:53 -08:00
David Garske
fb5eab8f79
Fix one shot hash routines to attempt offloading to crypto callbacks. Fix random.c health test to use devId. Fix FIPS unused "ssl".
2023-12-19 11:20:56 -08:00
David Garske
2001d1c74b
Fixes for TLS v1.3 with crypto callbacks not offloading DeriveKeyMsg, KDF HMAC and ECH.
2023-12-19 08:15:58 -08:00
Lealem Amedie
dd55cdbea8
Initialize variables to NULL
2023-12-18 16:51:51 -07:00
Daniel Pouzzner
7eed28fbe0
src/ssl.c: in AddSessionToClientCache(), remove benign frivolous assignment, and fix so that ret is assigned only if no error.
2023-12-18 11:15:28 -06:00
Tobias Frauenschläger
85c40b1728
liboqs: add RNG support for falcon
...
Added a RNG argument to the wc_falcon_sign_msg method to properly
generate necessary random data using the desired WolfSSL RNG object.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com >
2023-12-16 12:40:26 +01:00
Tobias Frauenschläger
ec86a86096
liboqs: add RNG support for dilithium
...
Added a RNG argument to the wc_dilithium_sign_msg method to properly
generate necessary random data using the desired WolfSSL RNG object.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com >
2023-12-16 12:40:26 +01:00