wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 19:22:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,419 Commits 12 Branches 184 Tags
9644a04db2f94bca138114ce94aa8908ce4eaff2
Commit Graph

1325 Commits

Author SHA1 Message Date
David Garske
9644a04db2 Peer review fix. 2022-02-28 11:32:12 -08:00
David Garske
cc2eb0ab71 KCAPI Testing fixes. 2022-02-25 15:16:55 -08:00
Sean Parkinson
bb50777f1a ASN template: handle short OIDs 
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
 2022-02-24 15:36:56 +10:00
Sean Parkinson
2eb044dc60 SP: Add support for P521 2022-02-23 14:51:47 +10:00
Daniel Pouzzner
cbc253d713 wolfcrypt/test/test.c: gate ecc_encrypt_e2e_test() on !HAVE_FIPS || FIPS_VERSION_GE(5,3). 2022-02-10 16:00:52 -06:00
David Garske
d1267b5203 Merge pull request #4805 from SparkiDev/ecies_aes_ctr 
ECIES: add support for more encryption algorithms
 2022-02-10 07:04:24 -08:00
Sean Parkinson
e50f661639 ECIES: add support for more encryption algorithms 
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
 2022-02-10 09:54:22 +10:00
Daniel Pouzzner
1f69c52ce8 Merge pull request #4830 from dgarske/no_hmac 
Fixes for building without HMAC
 2022-02-07 22:26:38 -06:00
David Garske
56c562a516 Fixes for building with ./configure --enable-opensslextra --enable-cryptonly CFLAGS="-DNO_HMAC" && make. Found this testing a customers configuration with latest. Also fixes some trailing whitespace. 2022-02-07 15:10:21 -08:00
Anthony Hu
e47dd675af Fix tests to properly gate on ! NO_PWDBASED && ! NO_SHA 2022-02-07 14:44:26 -05:00
Marco Oliverio
a7165907da psa: support AES 2022-02-04 21:45:38 +01:00
Marco Oliverio
cebb127ac3 test: don't free AesXts struct in-between tests that reuse the key 2022-02-02 10:46:40 +01:00
Anthony Hu
9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
David Garske
5bdaf44354 Merge pull request #4774 from anhu/kill_rabbit 
Purge Rabbit cipher
 2022-01-31 09:17:23 -08:00
David Garske
40fff86807 Merge pull request #4801 from tmael/cert_rr 
cert subset improvements
 2022-01-28 11:00:55 -08:00
Anthony Hu
b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
Daniel Pouzzner
30b2073228 test.c: fix gating on wc_ecc_encrypt_ex() for FIPS <5.3 --enable-all. 2022-01-27 19:54:07 -06:00
Sean Parkinson
b890a2f15d ECIES: allow compressed public keys 
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
 2022-01-27 12:10:59 +10:00
Tesfa Mael
1c1bd413e0 cert subset SHA2-256, ecc-256, cert gen, cryptocb 2022-01-26 17:11:00 -08:00
Daniel Pouzzner
a718637c6f AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2). 2022-01-24 11:44:16 -06:00
Sean Parkinson
3d63e41653 SP int: sp_modinv fixes for sizes 
sp_invmod with even modulus requires a multiplication by modulus. Don't
let modulus overflow result variable 'r'.
Fix allocation of temporary sp_ints to be correct size.
Add test for maximum modulus size in test.c.

Remove leading spaces on functions so git correctly determines which
function has changed.
Put in Thumb code for more sizes of _sp_mul_*().
 2022-01-24 15:18:20 +10:00
Daniel Pouzzner
386aac9694 AES-SIV: 
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;

in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
 2022-01-21 01:26:33 -06:00
Daniel Pouzzner
5e33da8147 fix whitespace. 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Hayden Roche
888bd2b304 Fix AES-SIV test with g++. 
The string initializers for the AES-SIV test vector fields needed an extra byte
for the null terminator expected by g++.
 2022-01-20 19:22:25 -08:00
David Garske
609d6442b1 Merge pull request #4753 from SparkiDev/siphash 
Add SipHash algorithm
 2022-01-19 18:51:44 -08:00
Sean Parkinson
a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
Hayden Roche
62b07d8806 Add AES-SIV (RFC 5297). 
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
 2022-01-19 14:32:33 -08:00
David Garske
7adbf59f22 Merge pull request #4767 from anhu/kill_hc128 
Get rid of HC-128
 2022-01-19 12:20:18 -08:00
Daniel Pouzzner
2984cb5abf Merge pull request #4768 from SparkiDev/sp_invmod_nr 
SP math: sp_invmod changed to not call itself
 2022-01-18 16:20:37 -06:00
Sean Parkinson
e745de657f Merge pull request #4761 from haydenroche5/time_cb 
Add time callback functionality.
 2022-01-18 16:49:19 +10:00
Hayden Roche
1b0926a3b8 Add time callback functionality. 
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
 2022-01-17 17:49:51 -08:00
Sean Parkinson
fc861f3d6d SP math: sp_invmod changed to not call itself 
When the modulus is even, calculate m^-1 mod a instead and fixup after.
Don't call self to do inverse.
 2022-01-18 10:45:57 +10:00
Anthony Hu
c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
John Safranek
d06cf97d73 Old Compiler Warning Cleanup (GCC 4.0.2) 
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
   the build. And matched the guards to the call of the function. The
   issue is a test that fails only in a cert 3389 build using Arm
   assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
 2022-01-16 22:08:35 -08:00
John Safranek
15c5ac880e PKCS7 Test Output 
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
 2022-01-12 14:51:11 -08:00
John Safranek
33f0e2eda5 In the wolfCrypt test, fix a few filenames to use the VPATH versions. 2022-01-12 14:50:43 -08:00
Daniel Pouzzner
ff0eb5a41e wolfcrypt/test/test.c: in wolfcrypt_test(), tweak formatting of CheckRunTimeSettings() to resolve invalidPrintfArgType_uint from cppcheck --force. 2022-01-08 01:35:46 -06:00
Daniel Pouzzner
a4444e6c3e wolfcrypt/test/test.c: in rsa_oaep_padding_test(), remove accidentally repeated MEMORY_E check. 2022-01-08 01:10:02 -06:00
Daniel Pouzzner
29fcbb0b19 wolfcrypt/test/test.c: fixes for cppcheck complaints: memleakOnRealloc nullPointerRedundantCheck uninitvar invalidPrintfArgType_uint 2022-01-08 00:33:54 -06:00
Marco Oliverio
7edc916057 wolfcrypt/wolfssl: tests: adding missing wc_Aes*Free() 
In some Aes implementation this may leak resources
 2021-12-30 20:30:33 +01:00
JacobBarthelmeh
c4e50ef086 fix for libz test with pkcs7 2021-12-23 09:37:09 -08:00
David Garske
9d137668c7 Merge pull request #4675 from julek-wolfssl/openssh-8.8 
Fix macro name conflicts with openssh
 2021-12-22 08:31:36 -08:00
Juliusz Sosinowicz
8435eb4644 Add WC_ namespace to variable handling defines 2021-12-22 12:16:02 +01:00
Juliusz Sosinowicz
dd9b1afb72 Remove magic numbers from WOLFSSL_ASN_TEMPLATE code (#4582) 
* pkcs8KeyASN and other misc asn fixes

- Test fixes for testing with `USE_CERT_BUFFERS_1024`

* intASN

* bitStringASN

* objectIdASN

* algoIdASN

* rsaKeyASN

* pbes2ParamsASN

* pbes1ParamsASN

* pkcs8DecASN

* p8EncPbes1ASN

* rsaPublicKeyASN

* dhParamASN

* dhKeyPkcs8ASN

* dsaKeyASN

* dsaPubKeyASN

- Add `wc_SetDsaPublicKey` without header testing

* dsaKeyOctASN

* rsaCertKeyASN

* eccCertKeyASN

* rdnASN

* certNameASN

* digestInfoASN

* otherNameASN

* altNameASN

* basicConsASN

* crlDistASN

* accessDescASN

* authKeyIdASN

* keyUsageASN

* keyPurposeIdASN

* subTreeASN

* nameConstraintsASN

* policyInfoASN

* certExtHdrASN

* certExtASN

* x509CertASN

* reqAttrASN

* strAttrASN

* certReqASN

* eccPublicKeyASN

* edPubKeyASN

* ekuASN

* nameASN

* certExtsASN

* sigASN

* certReqBodyASN_IDX_EXT_BODY

* dsaSigASN

* eccSpecifiedASN

* eccKeyASN

* edKeyASN

* singleResponseASN

* respExtHdrASN

* ocspRespDataASN

* ocspBasicRespASN

* ocspResponseASN

* ocspNonceExtASN

* ocspRequestASN

* revokedASN

* crlASN

* pivASN

* pivCertASN

* dateASN

* `wc_SetDsaPublicKey` was not including `y` in the sequence length

* All index names changed to uppercase

* Shorten names in comments

* Make sure extensions have sequence header when in cert gen

* Fix/refactor size calc in `SetNameEx`

* Pad blocks for encryption

* Add casting for increased enum portability

* Use stack for small ASN types
 2021-12-22 11:28:01 +10:00
David Garske
360a513696 Merge pull request #4553 from SparkiDev/sp_mont_inv_order_fix 
SP: fix when mont_mul_order is defined
 2021-12-20 15:09:08 -08:00
David Garske
ce4f436d0f Merge pull request #4587 from SparkiDev/dis_algs_fix_1 
Disable algorithms: fixes
 2021-12-19 20:12:30 -08:00
Chris Conlon
5172130287 add wc_GetPubKeyDerFromCert(), get pub key DER from DecodedCert 2021-12-15 11:04:52 -07:00
Daniel Pouzzner
355b779a3e feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c. 2021-12-11 14:08:04 -06:00
Sean Parkinson
6da0cc1ced Merge pull request #4600 from dgarske/cust_oid 
Support for Custom OID in subject and CSR request extension
 2021-12-09 11:24:30 +10:00