Commit Graph

1304 Commits

Author SHA1 Message Date
Daniel Pouzzner 386aac9694 AES-SIV:
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;

in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
2022-01-21 01:26:33 -06:00
Daniel Pouzzner 5e33da8147 fix whitespace. 2022-01-21 01:25:48 -06:00
Daniel Pouzzner 6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes).
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
2022-01-21 01:25:48 -06:00
Hayden Roche 888bd2b304 Fix AES-SIV test with g++.
The string initializers for the AES-SIV test vector fields needed an extra byte
for the null terminator expected by g++.
2022-01-20 19:22:25 -08:00
David Garske 609d6442b1 Merge pull request #4753 from SparkiDev/siphash
Add SipHash algorithm
2022-01-19 18:51:44 -08:00
Sean Parkinson a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
Hayden Roche 62b07d8806 Add AES-SIV (RFC 5297).
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
2022-01-19 14:32:33 -08:00
David Garske 7adbf59f22 Merge pull request #4767 from anhu/kill_hc128
Get rid of HC-128
2022-01-19 12:20:18 -08:00
Daniel Pouzzner 2984cb5abf Merge pull request #4768 from SparkiDev/sp_invmod_nr
SP math: sp_invmod changed to not call itself
2022-01-18 16:20:37 -06:00
Sean Parkinson e745de657f Merge pull request #4761 from haydenroche5/time_cb
Add time callback functionality.
2022-01-18 16:49:19 +10:00
Hayden Roche 1b0926a3b8 Add time callback functionality.
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
2022-01-17 17:49:51 -08:00
Sean Parkinson fc861f3d6d SP math: sp_invmod changed to not call itself
When the modulus is even, calculate m^-1 mod a instead and fixup after.
Don't call self to do inverse.
2022-01-18 10:45:57 +10:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
John Safranek d06cf97d73 Old Compiler Warning Cleanup (GCC 4.0.2)
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
   the build. And matched the guards to the call of the function. The
   issue is a test that fails only in a cert 3389 build using Arm
   assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
2022-01-16 22:08:35 -08:00
John Safranek 15c5ac880e PKCS7 Test Output
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
2022-01-12 14:51:11 -08:00
John Safranek 33f0e2eda5 In the wolfCrypt test, fix a few filenames to use the VPATH versions. 2022-01-12 14:50:43 -08:00
Daniel Pouzzner ff0eb5a41e wolfcrypt/test/test.c: in wolfcrypt_test(), tweak formatting of CheckRunTimeSettings() to resolve invalidPrintfArgType_uint from cppcheck --force. 2022-01-08 01:35:46 -06:00
Daniel Pouzzner a4444e6c3e wolfcrypt/test/test.c: in rsa_oaep_padding_test(), remove accidentally repeated MEMORY_E check. 2022-01-08 01:10:02 -06:00
Daniel Pouzzner 29fcbb0b19 wolfcrypt/test/test.c: fixes for cppcheck complaints: memleakOnRealloc nullPointerRedundantCheck uninitvar invalidPrintfArgType_uint 2022-01-08 00:33:54 -06:00
Marco Oliverio 7edc916057 wolfcrypt/wolfssl: tests: adding missing wc_Aes*Free()
In some Aes implementation this may leak resources
2021-12-30 20:30:33 +01:00
JacobBarthelmeh c4e50ef086 fix for libz test with pkcs7 2021-12-23 09:37:09 -08:00
David Garske 9d137668c7 Merge pull request #4675 from julek-wolfssl/openssh-8.8
Fix macro name conflicts with openssh
2021-12-22 08:31:36 -08:00
Juliusz Sosinowicz 8435eb4644 Add WC_ namespace to variable handling defines 2021-12-22 12:16:02 +01:00
Juliusz Sosinowicz dd9b1afb72 Remove magic numbers from WOLFSSL_ASN_TEMPLATE code (#4582)
* pkcs8KeyASN and other misc asn fixes

- Test fixes for testing with `USE_CERT_BUFFERS_1024`

* intASN

* bitStringASN

* objectIdASN

* algoIdASN

* rsaKeyASN

* pbes2ParamsASN

* pbes1ParamsASN

* pkcs8DecASN

* p8EncPbes1ASN

* rsaPublicKeyASN

* dhParamASN

* dhKeyPkcs8ASN

* dsaKeyASN

* dsaPubKeyASN

- Add `wc_SetDsaPublicKey` without header testing

* dsaKeyOctASN

* rsaCertKeyASN

* eccCertKeyASN

* rdnASN

* certNameASN

* digestInfoASN

* otherNameASN

* altNameASN

* basicConsASN

* crlDistASN

* accessDescASN

* authKeyIdASN

* keyUsageASN

* keyPurposeIdASN

* subTreeASN

* nameConstraintsASN

* policyInfoASN

* certExtHdrASN

* certExtASN

* x509CertASN

* reqAttrASN

* strAttrASN

* certReqASN

* eccPublicKeyASN

* edPubKeyASN

* ekuASN

* nameASN

* certExtsASN

* sigASN

* certReqBodyASN_IDX_EXT_BODY

* dsaSigASN

* eccSpecifiedASN

* eccKeyASN

* edKeyASN

* singleResponseASN

* respExtHdrASN

* ocspRespDataASN

* ocspBasicRespASN

* ocspResponseASN

* ocspNonceExtASN

* ocspRequestASN

* revokedASN

* crlASN

* pivASN

* pivCertASN

* dateASN

* `wc_SetDsaPublicKey` was not including `y` in the sequence length

* All index names changed to uppercase

* Shorten names in comments

* Make sure extensions have sequence header when in cert gen

* Fix/refactor size calc in `SetNameEx`

* Pad blocks for encryption

* Add casting for increased enum portability

* Use stack for small ASN types
2021-12-22 11:28:01 +10:00
David Garske 360a513696 Merge pull request #4553 from SparkiDev/sp_mont_inv_order_fix
SP: fix when mont_mul_order is defined
2021-12-20 15:09:08 -08:00
David Garske ce4f436d0f Merge pull request #4587 from SparkiDev/dis_algs_fix_1
Disable algorithms: fixes
2021-12-19 20:12:30 -08:00
Chris Conlon 5172130287 add wc_GetPubKeyDerFromCert(), get pub key DER from DecodedCert 2021-12-15 11:04:52 -07:00
Daniel Pouzzner 355b779a3e feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c. 2021-12-11 14:08:04 -06:00
Sean Parkinson 6da0cc1ced Merge pull request #4600 from dgarske/cust_oid
Support for Custom OID in subject and CSR request extension
2021-12-09 11:24:30 +10:00
Daniele Lacamera baee7bace4 Merge pull request #4584 from ethanlooney/nxp_se050_curve25519
Added curve25519 support for NXP SE050
2021-12-02 02:47:36 -08:00
David Garske 9f611e8b80 Merge pull request #4589 from JacobBarthelmeh/native-lwip
Native LwIP support update
2021-12-01 10:37:13 -08:00
JacobBarthelmeh 43ac0d3684 adjust test file for pritnf and test_pass 2021-11-30 16:41:02 -07:00
Daniel Pouzzner a33ae21801 whitespace cleanups and portability/pedantic fixes 2021-11-29 23:58:39 -06:00
Chris Conlon 7221e06ff7 Merge pull request #4588 from miyazakh/sce_protect_mode_e2studio 2021-11-29 15:32:48 -07:00
Hideki Miyazaki fb4e39f00a addressed review comments prt1 2021-11-26 16:03:42 +09:00
Tesfa Mael b2c0bacb06 Fix Cryptocell ecc 2021-11-24 19:22:40 -08:00
David Garske 7396a0cb3a Resolves all peer review comments. Fixes to get Curve25519 working on real hardware. Regression testing fixes for ECC. 2021-11-23 15:03:53 -08:00
David Garske 7524ededd3 Support for Custom OID in subject and CSR request extension:
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
2021-11-23 09:51:13 -08:00
Sean Parkinson 5a72fee3df Disable algorithms: fixes
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
 - mp_cond_copy not available unless ECC compiled in
 - wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
2021-11-19 16:56:33 +10:00
JacobBarthelmeh 7e2fab6f4a warning with keil build and native lwip want read case 2021-11-18 22:58:50 -07:00
Hideki Miyazaki f50fcd918e support Renesas RA SCE protect mode on RA6M4 evaluation board 2021-11-19 14:22:16 +09:00
Sean Parkinson 33a6b8c779 Merge pull request #4531 from dgarske/cryptocb_aesccm
Added crypto callback support for AES CCM
2021-11-16 22:45:11 +10:00
David Garske 1559e92dca Add crypto callback AES CCM test case. 2021-11-15 16:22:10 -08:00
David Garske a626a4fb02 Fixes for spelling errors. 2021-11-12 10:27:49 -08:00
Sean Parkinson 341bd7bbbc mp_test: when SP_INT_DIGITS is even calc was wrong 2021-11-10 09:33:14 +10:00
Sean Parkinson ff3179012d SP: fix when mont_mul_order is defined
Customer configuration that failed:
./configure --enable-cryptonly --enable-ecc --enable-sp=yes,asm
--disable-rsa --disable-dh --disable-sha3 --disable-sha224 --disable-md5
--disable-sha --disable-pkcs12 --disable-memory --disable-chacha
--disable-poly1305 --disable-sha512 --disable-sha384 --disable-aesgcm
--disable-aescbc --disable-aes --disable-rng CFLAGS="-DNO_SIG_WRAPPER
-DWOLFSSL_PUBLIC_MP -DECC_USER_CURVES -DNO_ECC_SIGN -DNO_ECC_DHE
-DNO_ECC_KEY_EXPORT"
2021-11-09 17:50:21 +10:00
Daniel Pouzzner 03d5c4e6d3 test.c: fix whitespace. 2021-11-08 18:24:42 -06:00
Daniel Pouzzner 95bed1cdfd test.c: smallstack refactors for idea_test(), ed448_test(), and verifyBundle() (fixes various error-dependent leaks too). 2021-11-08 17:35:10 -06:00
Daniel Pouzzner f8565f26e2 fixes for --disable-harden. 2021-11-08 17:35:10 -06:00
Daniel Pouzzner 27d4bb304c test.c add smallstack refactor of pkcs7enveloped_run_vectors(). 2021-11-08 17:35:10 -06:00