Commit Graph

96 Commits

Author SHA1 Message Date
Jeremiah Mackey c417a1ce1e zero sensitive state before free 2026-04-20 17:20:54 +00:00
Jeremiah Mackey 3aa9a58b74 move length check before dispatch 2026-04-13 15:52:45 +00:00
Jeremiah Mackey a77e1ff5ac reject non-block-aligned CBC cipher input 2026-04-13 15:50:52 +00:00
David Garske 4c75a866d9 Add inline documentation for missing macros and fix spelling errors 2026-03-16 17:09:13 -07:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Ruby Martin 7b7c658668 add null check to wc_Des_CbcEncrypt 2025-07-09 09:59:46 -06:00
jordan 9ac480a60d linuxkm fedora: fix uninitialized build errors. 2025-07-02 10:00:28 -05:00
JacobBarthelmeh 6f1fe2e4b9 add sanity check on des cbc decrypt, CID 512990 2025-05-08 13:50:02 -06:00
Daniel Pouzzner ed5d8f8e6b update several files in wolfcrypt/src/port/arm to include libwolfssl_sources.h;
update wolfcrypt/src/port/af_alg, wolfcrypt/src/port/devcrypto, and wolfcrypt/src/port/kcapi to include libwolfssl_sources.h;

remove a slew of includes across lib sources made redundant by libwolfssl_sources.h.
2025-04-11 13:57:23 -05:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Andrew Hutchings 5d0ee8c9f3 Initial support for STM32MP13 HAL
This adds support for the STM32MP13 HAL, tested on the STM32MP135F MPU.

Using the HAL this modifies our previous RNG, AES-CBC, AES-GCM, HASH,
ECDSA and DES3 ST HAL acceleration to work with the MPU. It also works
around bugs found in the AES-GCM code of the HAL.

The HAL does not appear to have support for MD5 HASH at the moment, so
this has been given a flag to disable it on this MPU.
2024-11-26 14:15:57 +00:00
night1rider e912aff7e5 DES ECB using mmcau HW Library, and DES ECB basic test 2024-09-09 15:32:21 -06:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Daniel Pouzzner b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
kaleb-himes e45867bbc3 WIN fips section refactor / wolfEntropy API syntax adjustment 2024-04-09 09:48:33 -06:00
Andras Fekete ad9779cdc1 Explicitly define code with WOLFCRYPT_ASYNC_CRYPT_SW 2023-09-19 13:10:16 -04:00
Andras Fekete b31e485dc9 Remove 'HAVE_FIPS_VERSION < 2' blocks 2023-08-02 17:08:03 -04:00
Andras Fekete 25f542adb4 Clean up compile errors 2023-08-01 15:46:18 -04:00
Sean Parkinson ed01b14356 cppcheck: fixes from scan
wolfssl_sce_unit_test.c:
  sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
  wolfSSL_i2t_ASN1_OBJECT(): done is not needed
  MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
  Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
  KcapiRsa_Decrypt(): fix ret check by using else
  KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
  KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
  XFREE checks for NULL

Reduce scope of varialbes.
Condition same.
2023-06-07 17:27:51 +10:00
Juliusz Sosinowicz b91f3063ea Use xorbuf in 3des for FREESCALE_MMCAU 2023-04-19 17:05:03 +02:00
Daniel Pouzzner 4b9302cdb3 another batch of -Wconversion fixes. 2023-04-18 12:23:24 -05:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Hayden Roche 959386422e Migrate async names from "test" to "software."
See async PR 52.
2022-09-01 17:53:18 -07:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Sean Parkinson 59e19cfd6c Merge pull request #5258 from dgarske/stm32u5_bench
Fixes for STM32 Hash/PKA and additional benchmark
2022-06-20 08:33:25 +10:00
David Garske 92fcea39db Fix for DES3 with STM32 and STM32_CRYPTO_AES_ONLY (broken in #5223) . Add U5 PKA support and benchmarks. Fix MD5 with OPENSSL_EXTRA and HAVE_MD5_CUST_API. 2022-06-17 11:50:29 -07:00
Sean Parkinson 1b29f7353a Check memory is zeroized
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.

wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.

Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
2022-06-16 10:22:32 +10:00
David Garske fb10c90935 Fix for Cube HAL v2 back-to-back DES/DES3. Whitespace. Enable the new FIFO 16 block logic for all hardware that supports it. 2022-06-14 11:48:51 +02:00
David Garske c52c2e5dfb Fixes for STM32H7 hash and crypto. 2022-06-14 11:48:51 +02:00
David Garske ad3f7e1de2 The STM32U5 does not support DES3 or AES 192-bit (only 128/256 bit) 2022-06-14 11:48:51 +02:00
Eric Blankenhorn 29c18a110b Fix to init ctx in wc_Des3_SetKey 2021-12-22 17:05:58 -06:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
John Safranek df859d30f3 FIPS 140-3
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
   testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
   EccMakeKey().
2021-10-26 20:24:24 -05:00
John Safranek f1bd79ac50 FIPS 140-3
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
Daniel Pouzzner ec21dd6d13 miscellaneous buildability fixes:
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;

wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);

configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;

configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;

tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;

tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);

wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;

wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;

src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
2021-09-20 13:38:52 -05:00
Elms 3a885aba23 Refactor pointer manipulation to be independent of datatype width
Tested with `./configure CFLAGS="-DNO_64BIT" --disable-sha512
--disable-sha384 --enable-harden` on a 64-bit machine
2021-06-15 21:08:49 -07:00
Sean Parkinson 2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
David Garske ea5af87de3 Revert of uint32_t and uint8_t changes in PR #3658, which caused warnings. 2021-01-19 13:54:26 -08:00
Sean Parkinson ac76ef8ee7 Curve25519: replace uint64_t with word64
Remove usages of stdint.h types
Added a sword type for signed words.
2021-01-18 17:30:36 +10:00
Martin Akman 1f8d4149a5 Merge in master 2020-07-23 21:39:18 +10:00
David Garske 13e6462ea7 Fixes for build with STM32 Standard Periperal Library (StdPeriLib). 2020-05-19 17:42:36 -07:00
Sean Parkinson 411aee6e05 Fixes from cppcheck
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
Martin Akman 20c0beb9e5 'WOLFSSL_USE_FLASHMEM' to store constant tables in flash memory 2020-01-31 23:43:17 +10:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
David Garske b676c69561 Fix for DES mutex return code. Fix TLS bench thread shutdown. README.md updates. 2019-11-18 06:46:20 -08:00