Commit Graph

11359 Commits

Author SHA1 Message Date
Anthony Hu fe2a826ede Better guarding. 2024-07-10 18:28:22 -04:00
Anthony Hu 6456281b41 Add support for uknown certificate extensions in PKCS7 2024-07-10 16:15:45 -04:00
David Garske 28db1b19e1 Fix to support PKCS11 without RSA key generation. Fixed Pkcs11Rsa where ret failure could be ignored. 2024-07-10 11:17:02 -07:00
Anthony Hu e581930cb7 Extend the unknown extension callback.
This will allow the user to pass in a context pointer. Allows them to avoid
global variables.

We also add unknown extensions callback when processing a CA in cert manager
as CA certs can have unknown extensions as well.

Fixes ZD 18252
2024-07-10 13:22:19 -04:00
JacobBarthelmeh 204668778b Merge pull request #7733 from SparkiDev/coverity_3
Coverity fixes
2024-07-10 10:01:29 -06:00
JacobBarthelmeh 6703a58c51 fix for staticmemory and singlethreaded build 2024-07-10 09:44:10 -06:00
S-P Chan fdd03fa909 wolfcrypt/src/wc_pkcs11.c: iterate correctly over slotId when searching for token
Addresses #7734
2024-07-10 21:01:35 +08:00
Sean Parkinson fea7a89b86 Coverity fixes
pk.c:
	EncryptDerKey - setting wrong ret value on allocation failure.
	wolfssl_rsa_generate_key_native - now checks e is a valid long
before passing in.
	Fix formatting.

ssl_load.c:
	ProcessBufferPrivPkcs8Dec - now checking password is not NULL
before zeroizing. Allocation may fail and ForceZero doesn't check for
NULL.
	Fix formatting.

tests/api.c:
	test_RsaSigFailure_cm - Check cert_sz is greater than zero
before use.
	send_new_session_ticket - assert that building the message
doesn't return error or 0.
	test_ticket_nonce_malloc - fix setting of medium and big to use
preprocessor. Fix big to be medium + 20.

asn.c:
	GetLength_ex - Fix type of bytes so that it can go negative.

sp_int.h:
	sp_clamp - add one to ii while it is a signed.
	Fix formatting.
2024-07-10 11:40:48 +10:00
kaleb-himes c333fdf545 Check-in Nucleus Plus 2.3 port work 2024-07-09 15:53:00 -06:00
Colton Willey 4ec07bb5a8 Changes needed for default TLS support in zephyr kernel 2024-07-09 12:00:34 -07:00
Sean Parkinson 90836c782b Poly1305 AArch64: unique naming of asm funcs
Change function names to ensure no clash with OpenSSL.
Specifically: poly1305_blocks()
2024-07-09 11:02:10 +10:00
Sean Parkinson d1e26b4f5d Dilithium: fixes
Fix inclusion of functions dilithium_vec_check_low() in build:
--enable-dilithium=verify-only,44,65,87
CFLAGS=-DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
Fix memory leaks in unit.test:
--enable-dilithium CFLAGS=-DWC_DILITHIUM_CACHE_MATRIX_A 'CC=clang
-fsanitize=address'
2024-07-08 15:02:43 +10:00
Daniel Pouzzner e35e713c4a wolfcrypt/src/asn.c: fix for copy-paste error in FillSigner() WOLFSSL_DUAL_ALG_CERTS path. 2024-07-06 10:04:26 -05:00
Daniel Pouzzner c8a9bdbe15 wolfcrypt/src/asn.c: fix for -Wconversion in FillSigner(). 2024-07-05 20:42:32 -05:00
Daniel Pouzzner 88af1a2932 fixes for Coverity #394680, #394682, #394693, #394712. 2024-07-05 20:42:32 -05:00
JacobBarthelmeh de20bb7ba9 fix for coverity issue 394677 2024-07-05 15:13:28 -06:00
David Garske d5016d451f Merge pull request #7714 from JacobBarthelmeh/coverity
Coverity issues reported
2024-07-05 13:49:20 -07:00
kaleb-himes f42fb587a5 Address coverity issue 394706 2024-07-05 13:54:23 -06:00
JacobBarthelmeh c880fcf822 add check on padSz return, coverity issue 394711 2024-07-05 12:07:42 -06:00
JacobBarthelmeh 50a7243486 fix for coverity issue 394670 possible overflow 2024-07-05 11:53:19 -06:00
JacobBarthelmeh fbdb064a4b coverity issue 394701 possible derefernce before null check 2024-07-05 11:24:42 -06:00
JacobBarthelmeh ac52660d5b Merge pull request #7713 from SparkiDev/dilithium_sign_small_alloc
Dilithium: add implementation of signing that allocated less
2024-07-05 10:38:19 -06:00
JacobBarthelmeh 8946e3fb4b Merge pull request #7702 from rizlik/ocspv2
ocsp stapling improvements
2024-07-05 10:29:25 -06:00
JacobBarthelmeh 5ca9b2f8a4 Merge pull request #7712 from SparkiDev/kyber_ml_kem
KYBER/ML-KEM: make ML-KEM available
2024-07-05 09:15:08 -06:00
David Garske 4ae277d21e Fixes for building RX TSIP with e2Studio project. Fixed tsip_Tls13GenEccKeyPair incorrect free of key if TSIP not used (ZD18222). 2024-07-05 07:44:00 -07:00
Sean Parkinson 44a5e1a398 Dilithium: add implementation of signing that allocated less
Added implementation of signing that allocates less memory by doing the
matrix/vector loops in the sign code - WOLFSSL_DILITHIUM_SIGN_SMALL_MEM.
Split out vector operations into vector and polynomial operations so
that small mem signing can call them.
Fix benchmark to be able to compile with only Dilithium and no
asymmetric algorithms.
2024-07-05 16:20:06 +10:00
David Garske f91d0a2925 Remove hash type check not required for ECDSA deterministic k. Fix _HMAC_K devId. 2024-07-04 14:49:20 -07:00
Sean Parkinson 1fd9f2af91 KYBER/ML-KEM: make ML-KEM available
Added ML-KEM instead of Kyber implementation with WOLFSSL_ML_KEM.
Tests added from NIST for ML-KEM operations.
2024-07-04 23:51:23 +10:00
Sean Parkinson 387f36657c Dilithium: Add KATs and fix key generation
Add KATs from NIST and fix key generation to produce output of KATs.
2024-07-04 22:22:11 +10:00
Marco Oliverio fe932b893c fixup! csrv2multi: pending ca list 2024-07-04 10:21:20 +02:00
Anthony Hu f5e27bfb0c Stop stripping out the sequence header on the AltSigAlg extension. 2024-07-03 19:02:04 -04:00
David Garske 4335dac794 Add wc_ecc_set_deterministic_ex to support custom hash type for deterministic sign or verify. 2024-07-03 15:13:29 -07:00
JacobBarthelmeh ba1eedb46b Merge pull request #7697 from SparkiDev/arm32_ldrd_strd_fix
ARM32 SHA-3 ASM: fix ldrd/strd for ARMv6
2024-07-02 17:18:06 -06:00
JacobBarthelmeh d7b0aa92cb Merge pull request #7694 from SparkiDev/sp_x64_asm_fix_3
SP Intel x64 ASM: fix get_from_table ASM
2024-07-02 17:13:49 -06:00
aidan garske 804f25d76b Sha3.c wc_Sha3Update and wc_Sha3Final changes so that hash type is determined in the processing functions. 2024-07-02 10:32:57 -07:00
aidan garske c065e4a854 Added PKCS7 PEM support: "-----BEGIN PKCS7-----" and "-----END PKCS7-----" 2024-07-02 07:58:01 -07:00
Marco Oliverio b5206e8504 csrv2multi: pending ca list 2024-07-02 09:51:34 +02:00
David Garske 7ad0248558 Fix for RX TSIP ECDSA Verify hash padding/truncation. Fix to set ECDSA crypto callback "res" on success. 2024-07-01 13:43:26 -07:00
JacobBarthelmeh 32066373c2 Merge pull request #7695 from dgarske/compat_realloc
Fixes for building the compatibility layer with no realloc
2024-07-01 11:37:52 -06:00
David Garske 9ec29e9ad9 Reduced duplicate code in deterministic test. 2024-07-01 10:35:03 -07:00
David Garske ac7f44b0dc Fix the async tests for deterministic sign. The _ex versions cannot be called again. Fix possible leak with async and deterministic sign. 2024-07-01 10:13:28 -07:00
aidan garske c07e7f1e58 Fixed async test for test.c deterministic K. 2024-07-01 09:51:07 -07:00
aidan garske b5b0e17587 ecc.c and test.c changes to add support in ecc_sign_determinsitic.c for SHA256, SHA384, and SHA512 for SECP256R1, SECP384R1, SECP521R1. 2024-07-01 08:43:32 -07:00
Sean Parkinson 45442db047 ARM32 SHA-3 ASM: fix ldrd/strd for ARMv6
LDRD/STRD not available with ARMv6 and the alternative is two ldr/str
operations. Pointer was 64-bits causing second ldr/str to be 8 bytes
passed first and not 4 bytes. Fixed in asm to add 4 rather than index.
2024-07-01 15:23:53 +10:00
David Garske 2fd7a2e4ae Fix for test.c memcb_test and missing XREALLOC. 2024-06-28 15:25:01 -07:00
Sean Parkinson 864a9d0598 Dilithium: fixes
TLS uses DER API now and needs to be protected with the right #ifdefs.
Do the right check of size in wc_Dilithium_PrivateKeyDecode().
Don't require public key when doing private DER.
2024-06-28 10:55:16 +10:00
David Garske 2a86ca43f8 Fixes for building the compatibility layer with WOLFSSL_NO_REALLOC. Tested using ./configure --enable-opensslextra CFLAGS="-DWOLFSSL_NO_REALLOC".
Improve benchmark FreeRTOS default tick rate logic. For example Xilinx FreeRTOS uses 10ms tick (not default 1ms), so include `configTICK_RATE_HZ` in calculation if available.
Fix test.c warning around too many parens with no realloc.
2024-06-27 16:02:28 -07:00
Sean Parkinson 4dc52484f6 SP Intel x64 ASM: fix get_from_table ASM
Use movdqu instead of vmovdqu so that function works on SSE2 only CPUs.
2024-06-28 07:42:56 +10:00
Sean Parkinson 4d56cc1790 Regression testing: memory allocation failure
Fixes from memory allocation failure testing.
Also:
fix asn.c to have ifdef protection around code compiled in with dual
algorithm certificates.
  fix test_tls13_rpk_handshake() to support no TLS 1.2 or no TLS 1.3.
fix wc_xmss_sigsleft() to initialize the index to avoid compilation
error.
2024-06-27 17:17:53 +10:00
David Garske 73a1938e89 Added Renesas RX TSIP ECDSA Verify Crypto callback. 2024-06-26 17:39:29 -07:00