wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 00:29:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,197 Commits 12 Branches 184 Tags
bfada558bd85e7d498f71a361a19979307b920cd
Commit Graph

16197 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
bfada558bd remove extraneous build gates and fix whitespace justification in a comment (peer review re PR #4772). 2022-01-21 01:26:44 -06:00
Daniel Pouzzner
386aac9694 AES-SIV: 
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;

in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
 2022-01-21 01:26:33 -06:00
Daniel Pouzzner
84f7d812d3 linuxkm/module_exports.c.template: include siphash.h. 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
10b8f56fec wolfio.c: in wolfIO_TcpConnect(), test for usability of gethostbyname_r by (__GLIBC__ >= 2) && defined(__USE_MISC), not defined(__GNUC__). 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
5e33da8147 fix whitespace. 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
bb07d0a490 wolfio.c: refactor wolfIO_TcpConnect(() to use gethostbyname_r() if GNUC && !SINGLE_THREADED, for thread safety. 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Sean Parkinson
30e9d2813e Merge pull request #4782 from haydenroche5/aes_siv_gpp 
Fix AES-SIV test with g++.
 2022-01-21 15:37:12 +10:00
Hayden Roche
888bd2b304 Fix AES-SIV test with g++. 
The string initializers for the AES-SIV test vector fields needed an extra byte
for the null terminator expected by g++.
 2022-01-20 19:22:25 -08:00
Sean Parkinson
848f5eeb0c Merge pull request #4755 from dgarske/dtls_srtp 
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
 2022-01-21 10:43:47 +10:00
David Garske
d1a23a3285 Merge pull request #4758 from kareem-wolfssl/asioOldTls 
Fix building ASIO with Old TLS disabled.
 2022-01-20 10:44:41 -08:00
David Garske
427b67d51b Merge pull request #4756 from kareem-wolfssl/noBio 
Fix building with OPENSSL_EXTRA and NO_BIO defined.
 2022-01-20 10:41:22 -08:00
David Garske
5ea23d389c Merge pull request #4778 from haydenroche5/chrony 
Add --enable-chrony configure option.
 2022-01-20 08:46:00 -08:00
Marco Oliverio
40f573df72 dtls-srtp: NIT: fix EKM size in comments 2022-01-20 16:55:44 +01:00
Marco Oliverio
46c0809f5a dtls-srtp: add script to test interop with OpenSSL 2022-01-20 16:55:44 +01:00
Marco Oliverio
d5aa76b161 dtsl-srtp: use PRF according to the DTLS version used 
RFC 5764 sec 4.1.2
 2022-01-20 16:55:30 +01:00
Marco Oliverio
cdb2936244 dtls-srtp: PRF: fix correct order of client/server random in seed 
see RFC 5705 Section 4
 2022-01-20 16:12:04 +01:00
Marco Oliverio
231a0bbb84 dtls-srtp: no ekm cross check on single threaded/no pthread conf 2022-01-20 16:12:04 +01:00
David Garske
d728a7f0e6 Merge pull request #4777 from SparkiDev/sp_modinv_even_fix 
SP int: fix rework of sp_invmod
 2022-01-19 20:32:48 -08:00
Hayden Roche
a05b1b012f Add --enable-chrony configure option. 
This turns on the necessary features for using the chrony NTP package with
wolfSSL.
 2022-01-19 19:13:34 -08:00
David Garske
95efdccd7f Merge pull request #4751 from SparkiDev/sp_int_thumb_asm 
SP int: ARM Thumb asm snippets
 2022-01-19 18:52:02 -08:00
David Garske
609d6442b1 Merge pull request #4753 from SparkiDev/siphash 
Add SipHash algorithm
 2022-01-19 18:51:44 -08:00
David Garske
fcce4f7a92 Merge pull request #4765 from haydenroche5/aes_siv 
Add AES-SIV (RFC 5297).
 2022-01-19 18:51:12 -08:00
Sean Parkinson
b767857abb SP int: fix rework of sp_invmod 
Simplify code and check for m mod a == 0 which means there is no
inverse.
 2022-01-20 10:37:31 +10:00
Sean Parkinson
a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
Sean Parkinson
a1185adf2c SP int: ARM Thumb asm snippets 2022-01-20 09:16:45 +10:00
Hayden Roche
62b07d8806 Add AES-SIV (RFC 5297). 
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
 2022-01-19 14:32:33 -08:00
David Garske
d668037541 Merge pull request #4746 from elms/gh/templates 
github: Initial templates
 2022-01-19 14:04:21 -08:00
David Garske
7adbf59f22 Merge pull request #4767 from anhu/kill_hc128 
Get rid of HC-128
 2022-01-19 12:20:18 -08:00
David Garske
c5d3581ac2 Merge pull request #4771 from SparkiDev/sp_c_mont_red 
SP C: fix corner case of P256 and P384 mont red
 2022-01-19 11:32:49 -08:00
David Garske
0175013604 Merge pull request #4770 from anhu/cve 
CVE-2022-23408
 2022-01-19 11:31:24 -08:00
elms
0f50ffb2ef github: Initial templates 2022-01-19 10:36:01 -08:00
David Garske
8e0ece920b Test cleanups. Fix possible leak in TLSX_UseSRTP. 2022-01-19 09:22:02 -08:00
Anthony Hu
af71aec77e Mention removal of HC-128 in README.md 2022-01-19 09:49:25 -05:00
Marco Oliverio
86ba0ef643 tests: support test for SRTP 
the test will check that the same Exported Keying Material is generated between
client and server
 2022-01-19 13:35:29 +01:00
Marco Oliverio
9b69f693e4 dtls-srtp: check that length of strings matched before memcomparing 
otherwise if profile_str_len is > strlen(gSrtpProfiles[i].name) we end up
comparing memory past gSrtpProfiles[i].name. -fsanitize=address catches this:

```
==100159==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f40d8d533b2 at pc 0x7f40d8eb014f bp 0x7f40d50fe240 sp 0x7f40d50fd9e8
READ of size 21 at 0x7f40d8d533b2 thread T107
    #0 0x7f40d8eb014e in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
    #1 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
    #2 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
    #3 0x7f40d8c2e830 in DtlsSrtpFindProfile src/ssl.c:1310
    #4 0x7f40d8c2e9ed in DtlsSrtpSelProfiles src/ssl.c:1347
    #5 0x7f40d8c2eada in wolfSSL_CTX_set_tlsext_use_srtp src/ssl.c:1359
    #6 0x563bf381b4c5 in server_test examples/server/server.c:2278
    #7 0x7f40d88f0258 in start_thread (/usr/lib/libpthread.so.0+0x9258)
    #8 0x7f40d88195e2 in __GI___clone (/usr/lib/libc.so.6+0xfe5e2)
```
 2022-01-19 13:14:58 +01:00
Sean Parkinson
c06ba390cd SP C: fix corner case of P256 and P384 mont red 2022-01-19 14:22:04 +10:00
Chris Conlon
4c05d35452 Merge pull request #4743 from miyazakh/tls_bench_onlymode 2022-01-18 15:41:48 -07:00
Daniel Pouzzner
2984cb5abf Merge pull request #4768 from SparkiDev/sp_invmod_nr 
SP math: sp_invmod changed to not call itself
 2022-01-18 16:20:37 -06:00
David Garske
65d1d32972 Merge pull request #4769 from SparkiDev/sp_mont_red_neg 
SP math neg: Mont Reduce fix
 2022-01-18 14:12:09 -08:00
Anthony Hu
884b8634af CVE-2022-23408 2022-01-18 16:06:08 -05:00
Anthony Hu
e6466f92b7 Counting properly 2022-01-18 15:41:16 -05:00
Anthony Hu
ff128c07a1 Remove extra references to Guid no longer required. Note that other count gaps exist so this should be fine. 2022-01-18 15:23:08 -05:00
David Garske
ba589955f7 Improve the DTLS SRTP client side parsing. 2022-01-18 11:23:13 -08:00
Sean Parkinson
e745de657f Merge pull request #4761 from haydenroche5/time_cb 
Add time callback functionality.
 2022-01-18 16:49:19 +10:00
Sean Parkinson
53a4903e2f SP math neg: Mont Reduce fix 
Compare the absolute value for negatives.
 2022-01-18 16:22:38 +10:00
JacobBarthelmeh
e11d484746 Merge pull request #4752 from LinuxJedi/fix-ber-der 
Fix buffer overflows in BERtoDER
 2022-01-17 21:05:39 -07:00
JacobBarthelmeh
84b06ac1b6 Merge pull request #4730 from embhorn/zd13475 
Document wc_AesCfbEncrypt and wc_AesCfbDecrypt
 2022-01-17 19:45:45 -07:00
Hayden Roche
1b0926a3b8 Add time callback functionality. 
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
 2022-01-17 17:49:51 -08:00
Sean Parkinson
fc861f3d6d SP math: sp_invmod changed to not call itself 
When the modulus is even, calculate m^-1 mod a instead and fixup after.
Don't call self to do inverse.
 2022-01-18 10:45:57 +10:00