Commit Graph

7436 Commits

Author SHA1 Message Date
Sean Parkinson 5ffee2dbe1 Merge pull request #6459 from douzzer/20230531-analyzer-guided-fixes
20230531-analyzer-guided-fixes
2023-06-01 10:55:48 +10:00
JacobBarthelmeh 42a5d0320b Merge pull request #6445 from jpbland1/dsa_ex
add ex functions to use other digest algorithms with DSA
2023-05-31 14:50:05 -06:00
Daniel Pouzzner 59a7c0d7e4 move definitions of XASM_LINK() from wolfcrypt/src/aes.c, wolfcrypt/src/asm.c, and wolfcrypt/src/cpuid.c, to wolfssl/wolfcrypt/types.h, and use __asm__() instead of asm() if __GNUC__, for compatibility with -std=c99. 2023-05-31 15:48:52 -05:00
Daniel Pouzzner 109a17f3bd wolfcrypt/src/memory.c: restore required linuxkm #define WOLFSSL_NEED_LINUX_CURRENT 2023-05-31 15:17:01 -05:00
Sean Parkinson 541ea51ad5 Tests api.c: rework for malloc failure testing
Modified number of tests to not crash on failure and cleanup allocations
on failure.
Added memory fail count option to set which memory allocation to start
failing on.
Fix issues found from testing.

bio.c:
BIO_new() move ref count up so that calls to wolfSSL_BIO_free()
work.
internal.c:
ImportCipherSpecState wasn't checking SetKeySide for failure. Crash
when pointer is NULL and accessed directly.
ocsp.c:
wolfSSL_OCSP_response_get1_basic() doesn't need to free vs->source
as it is freed in WOLFSSL_OCSP_RESPONSE_free().
ssl.c:
ProcessBuffer() Don't strip PKCS#8 header if failed to create DER.
Crasged as directly accessing 'der' which was NULL.
ssl_asn.c:
wolfssl_asn1_integer_require_len was checking wrong variable to see
if allocation failed.
x509,c:
wolfSSL_X509_ALGOR_set0 needs to set aobj only when no failure
possible.
wolfSSL_X509_chain_up_ref needs to call cleanup to ensure everything
is freed.
2023-05-30 12:01:21 +10:00
David Garske 4f8419c641 Merge pull request #6441 from SparkiDev/cryptocb_pkcs11_rsa_get_size
CryptoCb, PKCS#11: add RSA key size lookup
2023-05-29 16:09:33 -07:00
John Bland 566fa1179f add ex functions to use other digest algorithms 2023-05-25 12:50:23 -04:00
David Garske e3be76b238 Merge pull request #6435 from SparkiDev/sp_int_count_bits_cleanup
SP int: cleanup sp_count_bits
2023-05-24 15:11:12 -07:00
Sean Parkinson e954110cc5 CryptoCb, PKCS#11: add RSA key size lookup
wc_RsaEncryptSize(): assumed a key size of 2048 when using hardware key.
Added callback to do lookup and implemented for PKCS#11.
If lookup not supported then assumes 2048 bits.
2023-05-24 11:42:52 +10:00
Sean Parkinson 622375b47e SP int: clenaup sp_count_bits
More explicitly handle used == 0 for static code analyser.
Make sp_count_bits clearer.
2023-05-23 09:20:22 +10:00
Sean Parkinson 98a717e1d5 Memory usage: reduce stack usage
AES C impl: don't align to 32 bytes, align to 16 as buffer is 16 bytes
long.
SP int: Don't call _sp_mulmod but call sp_mul and _sp_div to do mod
operation. For RSA, fewer calls for mod operation means less stack used
at deepest point.
2023-05-22 16:57:07 +10:00
Sean Parkinson d8e4c78960 Merge pull request #6426 from jpbland1/invariant-mp-size
add check to sp_invmod_mont_ct to make sure the
2023-05-22 08:14:39 +10:00
JacobBarthelmeh a06bd777c0 Merge pull request #6423 from cconlon/pkcs7NoStream
Fix PKCS#7 build with NO_PKCS7_STREAM
2023-05-19 10:32:49 -06:00
JacobBarthelmeh 235dc95b27 Merge pull request #6420 from julek-wolfssl/atomic-use-macro
Implement atomic operations interface
2023-05-19 10:29:04 -06:00
David Garske 10b6105505 Merge pull request #6424 from SparkiDev/coverity_2
Coverity scan fixes
2023-05-19 09:13:26 -07:00
John Bland 7e3aafb60c Fix for FIPS ECC integrity check with crypto callback set (#6425)
Skip ECC private key check when the TPM is used to generate the key, since it doesn't release the private part. this option needs to be used with a FIPS approved TPM for the end result to be FIPS approved
2023-05-19 09:12:44 -07:00
John Bland 344c3338a9 add check to sp_invmod_mont_ct to make sure the
result integer can hold the range of the modulus
2023-05-19 10:49:42 -04:00
Sean Parkinson 45503972f8 scan-build fixes
sp_mulmod
 - scan-build getting confused with size of result
 - don't check result size as checked already
 - split out implementation of sp_mulmod from check

StoreEccKey
 - ensure pubKey is not NULL even though all uses will not be

GetCertKey
 - ensure source is not NULL
 - cert->source may be NULL in incorrect usages of APIs
2023-05-19 12:17:41 +10:00
Sean Parkinson 2c34210efb Coverity scan fixes
DecodeRsaPssParams() assumed params is never NULL. Should never be
called with NULL but check saves a NULL dereference.

PrintObjectIdText() didn't check return of call to GetObjectId. 'oid'
will retain -1 value on error and work as normal on error return.
Cleaner to check for ASN_PARSE_E and handle - other error,
ASN_UNKNOWN_OID_E, is OK for printing.
2023-05-19 09:15:16 +10:00
Chris Conlon 6ef580ca59 fix PKCS#7 build when using NO_PKCS7_STREAM 2023-05-18 14:50:03 -06:00
Juliusz Sosinowicz 466636214f Add MSVC atomics 2023-05-18 12:06:54 +02:00
David Garske 0530ee774f Merge pull request #6418 from douzzer/20230517-linuxkm-benchmarks
20230517-linuxkm-benchmarks
2023-05-17 15:00:49 -07:00
Daniel Pouzzner fffff657de cleanups: line length, WOLFSSL_SMALL_STACK_STATIC, and SAVE_VECTOR_REGISTERS() failure trap in benchmark.c, proper path to benchmark.c in linuxkm/module_hooks.c, and proper casting in aes.c. also harmonized semantics and prototype of bench_ripemd(). 2023-05-17 13:00:46 -05:00
Juliusz Sosinowicz dd9edfee24 Implement atomic operations interface 2023-05-17 16:33:11 +02:00
Daniel Pouzzner 37b716192b wolfcrypt/benchmark/benchmark.c: fix typo in bench_stats_start(). 2023-05-17 02:27:04 -05:00
Daniel Pouzzner 4f4842fce6 linuxkm/linuxkm_memory.c: refactor SAVE/RESTORE_VECTOR_REGISTERS() to be per-process rather than per-CPU, and add migrate_disable/enable() to kernel_fpu_begin/end() because preempt_disable() is just a barrier on _PREEMPT_VOLUNTARY kernels;
linuxkm/linuxkm_wc_port.h: activate SAVE/RESTORE_VECTOR_REGISTERS() whenever defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) for benchmark.c support, independent of vector crypto features;

fix and optimize various alignment issues with stack and heap allocations;

fix macro definitions for XMALLOC/XREALLOC/XFREE to correctly use kvmalloc and friends when defined(HAVE_KVMALLOC), and to use wolfSSL_Malloc() and friends when defined(WOLFSSL_TRACK_MEMORY);

purge stale LINUXKM_SIMD_IRQ code.
2023-05-17 01:44:36 -05:00
Daniel Pouzzner a18dc7f10a wolfcrypt/src/aes.c: in wc_AesSetKeyLocal(), add an alignment check in the haveAESNI path for WOLFSSL_LINUXKM, because the failure mode is module crash. 2023-05-17 01:07:47 -05:00
Daniel Pouzzner 85e0bf337b fix for benign sign clash in wc_RNG_GenerateBlock(). 2023-05-17 01:05:33 -05:00
Daniel Pouzzner 3ad7e39dc4 refactor benchmark.c for linux kernel compatibility -- WOLFSSL_SMALL_STACK and WOLFSSL_NO_FLOAT_FMT codepaths, SAVE/RESTORE_VECTOR_REGISTERS, refactor of several stack array initializations that broke in the kernel, and replacement of an fputs() call with printf(). 2023-05-17 01:04:40 -05:00
Eric Blankenhorn 0a5a5a65a2 Fix valgrind issue with memcpy 2023-05-16 14:38:51 -05:00
Lealem Amedie 3f795f2f47 Fixes for wolfcrypt test without ECC SECP 2023-05-15 14:12:24 -06:00
Chris Conlon a474179cdf Merge pull request #6301 from miyazakh/ra_cryptonly
Add Renesas SCE RSA Crypt Only support
2023-05-12 16:32:15 -06:00
JacobBarthelmeh 1b6ab01d0b Merge pull request #6407 from dgarske/stm32_cleanup
Remove STM AES always true check
2023-05-12 13:54:24 -06:00
JacobBarthelmeh 9cca571c1d Merge pull request #6399 from bigbrett/zd16083-ocsp-double-free
fix double free in InitOCSPRequest
2023-05-12 13:50:54 -06:00
lealem47 79a5c49e47 Skip Async_DevCtxInit when using init rsa/ecc label/id api's (#6393)
* Skip Async_DevCtxInit when using init rsa/ecc label/id api's

---------

Co-authored-by: Lealem Amedie <lealem47@github.com>
2023-05-12 11:54:03 -07:00
David Garske a68b0d8ecf Merge pull request #6402 from lealem47/no_ecc_secp
Don't test SECP vectors when disabled in test.c
2023-05-11 17:25:42 -07:00
Lealem Amedie 9a2dc120c4 Don't test SECP vectors when disabled in test.c 2023-05-11 14:21:39 -06:00
Brett Nicholas 46dce4b33f set pointer to null after freeing in InitOcspRequest() to prevent a subsequent double-free in FreeOcspRequest() 2023-05-11 12:59:25 -06:00
David Garske dbb5ee3b1e Merge pull request #6389 from JacobBarthelmeh/devid
always call crypto cb when compiled in
2023-05-11 11:48:30 -07:00
David Garske dfbd61cad9 Remove always true check. 2023-05-11 11:38:12 -07:00
Daniel Pouzzner 3c06638115 wolfcrypt/src/aes.c: fixes for bugprone-macro-parentheses;
wolfcrypt/src/ecc.c: fix for nullPointerRedundantCheck ("possible null pointer dereference").
2023-05-11 11:51:27 -05:00
JacobBarthelmeh 07c41c5498 add macro guard on test case 2023-05-10 15:51:39 -07:00
JacobBarthelmeh bab35c4de2 add WOLF_CRYPTO_CB_FIND macro to guard find device ID callback 2023-05-10 15:28:19 -07:00
David Garske 870f7cc95b Merge pull request #6394 from douzzer/20230509-THIS_MODULE-mem-and-more-Wconversion
20230509-THIS_MODULE-mem-and-more-Wconversion
2023-05-10 10:19:25 -07:00
JacobBarthelmeh 04e831fa63 Merge pull request #6309 from SparkiDev/aes_cache_touch_lines
AES: touch each cache line when getting offset from table
2023-05-10 09:56:27 -06:00
Hideki Miyazaki a2776ad35e addressed review comments 2023-05-10 13:55:34 +09:00
Daniel Pouzzner f2c97d5d35 fixes for various wolfcrypt -Wconversions visible only on compilers that promote byte and word16 to signed int, then warn of a sign conflict when an intrinsically safe result is assigned back to the original type. 2023-05-09 23:55:08 -05:00
JacobBarthelmeh 71ca447b6b resolve CB_ONLY cases 2023-05-09 09:08:32 -07:00
JacobBarthelmeh 03a566791e fix for recursive issue in test case 2023-05-08 12:51:22 -07:00
JacobBarthelmeh 71cbc019d7 always call crypto cb when compiled in 2023-05-08 09:49:50 -07:00