wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 19:59:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,292 Commits 12 Branches 184 Tags
b60d2dccce9110fd2b985d99063e524e39bdf6f7
Commit Graph

5962 Commits

Author SHA1 Message Date
David Garske
1f8ff7d9fe Merge pull request #4822 from embhorn/zd13613 
Fix warnings in VS
 2022-02-04 15:37:31 -08:00
Hayden Roche
b850cc89b0 Fix IV length bug in EVP AES-GCM code. 
In `wolfSSL_EVP_CipherInit`, `ctx`'s `ivSz` field isn't being accounted for.
A common OpenSSL EVP AES-GCM flow looks like this:

- `EVP_CIPHER_CTX_new`
- `EVP_EncryptInit_ex`
- `EVP_CIPHER_CTX_ctrl` with command `EVP_CTRL_GCM_SET_IVLEN` to set the IV
length to 16 (AES block size) instead of the default 12
- `EVP_EncryptInit_ex` again to set the key and IV
- `EVP_EncryptUpdate` however many times
- `EVP_EncryptFinal`

In fact, we test this flow in our unit test `test_wolfssl_EVP_aes_gcm`. However,
in our implementation, the second call to `EVP_EncryptInit_ex` unconditionally
resets the IV length back to 12. This doesn't cause a test failure because
decryption has the same problem, so both sides of the equation have the same
wrong view of the IV.

The solution is to preserve the IV length in wolfSSL_EVP_CipherInit if ctx->ivSz
is non-zero. Otherwise, use the default of 12 (`GCM_NONCE_MID_SZ`).

This was discovered by a user migrating to the compatibility layer. As I
mentioned, it isn't exposed by our testing. It is exposed if you try to use the
same key and IV with OpenSSL and compare the resulting ciphertext with wolfSSL.
They won't be the same and thus won't interoperate.
 2022-02-03 17:40:26 -08:00
Eric Blankenhorn
7b2e457d04 Fix VS unreachable code warning 2022-02-03 15:53:35 -06:00
David Garske
99799a3e3e Merge pull request #4806 from anhu/kill_idea 
Purge IDEA cipher
 2022-02-01 12:27:55 -08:00
Hayden Roche
24a2ed7e9e Merge pull request #4780 from dgarske/ipsec_racoon 2022-01-31 15:10:58 -08:00
David Garske
df85ea7e87 Merge pull request #4800 from SparkiDev/sp_c_smul 
SP C: multiplication of two signed types with overflow is undefined in C
 2022-01-31 14:29:18 -08:00
Anthony Hu
9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Daniel Pouzzner
a7de880745 wolfcrypt/src/camellia.c: clang-tidy fixes (bugprone-macro-parentheses). 2022-01-31 14:21:54 -06:00
David Garske
ecb3f215b5 Merge pull request #4808 from lealem47/certreq 
Fix for certreq and certgen options with openssl compatability
 2022-01-31 10:16:22 -08:00
David Garske
5bdaf44354 Merge pull request #4774 from anhu/kill_rabbit 
Purge Rabbit cipher
 2022-01-31 09:17:23 -08:00
Lealem Amedie
e135ea7338 Fix for certreq and certgen options with openssl compatability 2022-01-28 12:39:00 -08:00
David Garske
40fff86807 Merge pull request #4801 from tmael/cert_rr 
cert subset improvements
 2022-01-28 11:00:55 -08:00
Anthony Hu
b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
David Garske
80ae237852 Fixes for building with ipsec-tools/racoon and openvpn: 
* Fix for `EVP_CIPHER_CTX_flags`, which mapped to a missing function (broke openvpn)
* Added stack of name entries for ipsec/racoon support.
* Added `X509_STORE_CTX_set_flags` stub.
* Added PKCS7 NID types.
* Improved FIPS "SHA" logic in `test_wolfSSL_SHA`
* Added some uncommon NID type definitions.
* Expose the DH `DH_set_length` and `DH_set0_pqg` with OPENSSL_ALL
 2022-01-28 09:21:03 -08:00
Daniel Pouzzner
30b2073228 test.c: fix gating on wc_ecc_encrypt_ex() for FIPS <5.3 --enable-all. 2022-01-27 19:54:07 -06:00
David Garske
667009007b Merge pull request #4799 from SparkiDev/file_gen_fixes 
Generated files: fixes
 2022-01-27 14:21:34 -08:00
Sean Parkinson
b890a2f15d ECIES: allow compressed public keys 
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
 2022-01-27 12:10:59 +10:00
Tesfa Mael
a37e17084d Use mp_iszero 2022-01-26 17:33:42 -08:00
Tesfa Mael
1c1bd413e0 cert subset SHA2-256, ecc-256, cert gen, cryptocb 2022-01-26 17:11:00 -08:00
Sean Parkinson
91b1e541c5 SP C: multiplication of two signed types with overflow is undefined in C 
Montgomery Reduction: cast variables to be unsigned where signed
multiplication with overflow is performed.
 2022-01-27 10:25:02 +10:00
Sean Parkinson
a242424abe Generated files: fixes 
Fixups from updating scripts that generate the files.
Include settings.h for ARM32 assembly.
ARM32 SHA-512 ASM has only one function, Transform_Sha512_Len(). The
implementation is dependent on defines.
 2022-01-27 10:05:45 +10:00
David Garske
9bbc5e07e6 Merge pull request #4733 from JacobBarthelmeh/ECC 
include hmac for deterministic ecc sign build
 2022-01-26 10:01:46 -08:00
Daniel Pouzzner
b7cecbacb2 update headers to resolve clang-tidy carping (mostly bugprone-macro-parentheses and readability-named-parameter). also disables MSC C4028 because incompatible with readability-avoid-const-params-in-decls. 2022-01-26 02:06:37 -06:00
Daniel Pouzzner
9250edc2ea wolfcrypt/src/fe_x25519_128.i: harmonize argument names in fe_cswap() and fe_cmov() with those used in fe_operations.c. 2022-01-26 02:05:26 -06:00
David Garske
588f4a11c9 Merge pull request #4785 from douzzer/20220120-aes-internal-error-handling 
20220120-aes-internal-error-handling
 2022-01-24 20:45:53 -08:00
David Garske
50e3565df6 Merge pull request #4779 from SparkiDev/dyn_cert 
Cert: allow allocation of fields even with WOLFSSL_NO_MALLOC
 2022-01-24 14:17:41 -08:00
Daniel Pouzzner
746c05ca44 AES: peer review: remove gating around sanity checks on aes->rounds in software wc_AesEncrypt() and wc_AesDecrypt(); 
use local variable crypto_cb_ret around WOLF_CRYPTO_CB calls for clarity;

fix line length.
 2022-01-24 15:47:23 -06:00
Daniel Pouzzner
f0041852b5 aes.c: add error catching and percolation for wc_AesGetKeySize() on FREESCALE_LTC in wc_AesEncrypt(), wc_AesDecrypt(), and wc_AesCtrEncrypt(). 2022-01-24 13:34:22 -06:00
Daniel Pouzzner
5ff1d98306 AES: fix linebreaks in newly overlong lines in aes.c and aes.h; add missing return code in armv8-aes.c wc_AesDecryptDirect(); add missing RESTORE_VECTOR_REGISTERS() in software wc_AesXtsEncrypt() (all pursuant to peer review in #4785 from Sean). 2022-01-24 12:32:25 -06:00
Daniel Pouzzner
565a7b0aab aes.c: in linuxkm clause of WOLFSSL_AES_DIRECT section, gate on WOLFSSL_LINUXKM && WOLFSSL_AESNI (with no-asm falling through to the generic definition), and use wolfssl-idiomatic WARN_UNUSED_RESULT, not linux-kernel-idiomatic __must_check. (thanks to John S peer review) 2022-01-24 11:44:16 -06:00
Daniel Pouzzner
a718637c6f AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2). 2022-01-24 11:44:16 -06:00
David Garske
dee66cfe9e Merge pull request #4789 from SparkiDev/sp_invmod_oob 
SP int: sp_modinv fixes for sizes
 2022-01-24 09:08:08 -08:00
Sean Parkinson
3d63e41653 SP int: sp_modinv fixes for sizes 
sp_invmod with even modulus requires a multiplication by modulus. Don't
let modulus overflow result variable 'r'.
Fix allocation of temporary sp_ints to be correct size.
Add test for maximum modulus size in test.c.

Remove leading spaces on functions so git correctly determines which
function has changed.
Put in Thumb code for more sizes of _sp_mul_*().
 2022-01-24 15:18:20 +10:00
Sean Parkinson
1dd213db76 ParseCert: check index in DecodeSubtree before accessing tag 2022-01-24 12:30:48 +10:00
David Garske
7a36d57e8f Merge pull request #4784 from SparkiDev/sp_int_modinv_perf 
SP int: minor improvements to sp_invmod
 2022-01-21 10:30:09 -08:00
Daniel Pouzzner
bfada558bd remove extraneous build gates and fix whitespace justification in a comment (peer review re PR #4772). 2022-01-21 01:26:44 -06:00
Daniel Pouzzner
386aac9694 AES-SIV: 
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;

in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
 2022-01-21 01:26:33 -06:00
Daniel Pouzzner
5e33da8147 fix whitespace. 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Sean Parkinson
b75fe633ad SP int: minor improvements to sp_invmod 2022-01-21 16:47:59 +10:00
Hayden Roche
888bd2b304 Fix AES-SIV test with g++. 
The string initializers for the AES-SIV test vector fields needed an extra byte
for the null terminator expected by g++.
 2022-01-20 19:22:25 -08:00
Sean Parkinson
1af3ea56c8 Cert: allow allocation of fields even with WOLFSSL_NO_MALLOC 
subjectCN and publicKey in a DecodedCert are needed by the certificate
store in some cases. For embedded, allow them to be allocated even with
WOLFSSL_NO_MALLOC defined.
 2022-01-20 16:16:09 +10:00
David Garske
d728a7f0e6 Merge pull request #4777 from SparkiDev/sp_modinv_even_fix 
SP int: fix rework of sp_invmod
 2022-01-19 20:32:48 -08:00
David Garske
95efdccd7f Merge pull request #4751 from SparkiDev/sp_int_thumb_asm 
SP int: ARM Thumb asm snippets
 2022-01-19 18:52:02 -08:00
David Garske
609d6442b1 Merge pull request #4753 from SparkiDev/siphash 
Add SipHash algorithm
 2022-01-19 18:51:44 -08:00
Jacob Barthelmeh
29513e1ec8 include hmac for deterministic ecc sign build 2022-01-20 09:25:32 +07:00
Sean Parkinson
b767857abb SP int: fix rework of sp_invmod 
Simplify code and check for m mod a == 0 which means there is no
inverse.
 2022-01-20 10:37:31 +10:00
Sean Parkinson
a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
Sean Parkinson
a1185adf2c SP int: ARM Thumb asm snippets 2022-01-20 09:16:45 +10:00
Hayden Roche
62b07d8806 Add AES-SIV (RFC 5297). 
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
 2022-01-19 14:32:33 -08:00