4d259da60a
PQC: CryptoCb support for KEM algorithm Kyber
...
Add support for crypto callback and device id for all three Kyber PQC KEM
function calls.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com >
2024-01-18 17:02:49 +01:00
8e6d151403
PQC: CryptoCb support for signature algorithms
...
Add initial support of the crypto callback API to the two PQC signature
algorithms Dilithium and Falcon. This ultimatelly enables the usage of
external hardware modules (e.g. secure elements) for these algorithms.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com >
2024-01-18 17:02:38 +01:00
41ea1109ec
update uses of wolfSSL_X509_new and wolfSSL_X509_d2i
...
where heap doesn't require a new ex function or struct field to avoid size increase
2024-01-17 18:46:24 -05:00
64667a5595
src/crl.c: fix "null pointer passed as argument 2" in new XMEMCPY() call in WC_RSA_PSS path of DupCRL_Entry(), added in b140f93b17, detected by gcc 14.0.0_pre20240107 p15 with sanitizers.
2024-01-17 13:38:05 -06:00
03f32b623f
update based on PR comments
2024-01-17 13:22:58 -05:00
d1a3646d5c
add heap hint support for a few of the x509 functions
2024-01-17 11:26:52 -05:00
089468fbf1
Merge pull request #7132 from ejohnstown/x25519-ecdhe-psk
...
ECDHE-PSK with x25519
2024-01-16 20:16:01 -08:00
11029127df
Merge pull request #7119 from JacobBarthelmeh/crl
...
support for RSA-PSS signatures with CRL
2024-01-16 15:23:16 -08:00
746ffac84a
ECDHE-PSK with x25519
...
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
2024-01-16 15:18:05 -08:00
b140f93b17
refactor sigParams allocation and adjust test file name
2024-01-16 14:41:24 -07:00
114d11a8d8
adding RSA-PSS macro guard around CRL use
2024-01-15 15:33:01 -07:00
909b437571
cleared ticket and ticketNonce
2024-01-11 19:59:12 +01:00
e63c50b1f3
fixed double free happening during EvictSessionFromCache
2024-01-11 19:52:03 +01:00
8c6de41eb9
Merge pull request #7051 from JacobBarthelmeh/mb
...
fix and enhancement for AES-GCM use with Xilsecure
2024-01-12 03:44:43 +10:00
06a32d3437
Merge pull request #7097 from lealem47/removeUserCrypto
...
Remove user-crypto functionality and Intel IPP support
2024-01-09 17:33:28 -08:00
cd07e32b13
update crl files and add in compat support for RSA-PSS
2024-01-08 16:38:11 -08:00
74f0625c89
add native asn template RSA-PSS support with CRL
2024-01-05 14:25:12 -08:00
d5d476a3a1
Merge pull request #7113 from bandi13/codeSonarFixes
...
Leak
2024-01-05 12:38:17 -05:00
f84fa8dd8d
Uninitialized variable
...
Warning 581199.5810097
2024-01-04 17:13:28 -05:00
7f53bcc4d0
fixes for clang-tidy reported defects and misstylings --with-liboqs:
...
* readability-named-parameter (style)
* bugprone-sizeof-expression (true bugs)
* clang-analyzer-deadcode.DeadStores (true bugs)
* clang-analyzer-core.NonNullParamChecker (true bug)
* clang-diagnostic-newline-eof (style)
* clang-diagnostic-shorten-64-to-32 (true but benign in practice)
fixes for sanitizer reported defects --with-liboqs: null pointer memcpy()s in TLSX_KeyShare_GenPqcKey() and server_generate_pqc_ciphertext().
fixes for silent crypto-critical failure in wolfSSL_liboqsGetRandomData(): refactor to accommodate oversize numOfBytes, and abort() if wc_RNG_GenerateBlock() returns failure.
2024-01-04 15:57:09 -06:00
9e468a900b
Merge pull request #7096 from julek-wolfssl/zd/17219
...
Add fencing to ClientSessionToSession()
2024-01-05 07:24:00 +10:00
14c812cdb7
Code review
...
Add server side check
2024-01-04 13:19:44 +01:00
5bdcfaa5d0
server: allow reading 0-RTT data after writing 0.5-RTT data
2024-01-04 13:19:44 +01:00
9db20774d8
Merge pull request #7099 from jpbland1/tls13-bounds-check
...
TLS13 padding bounds check
2024-01-04 01:09:36 -05:00
b37716f5ce
refactor and remove word16 index
2024-01-03 19:19:13 -05:00
245c87fe8f
clean up variable definitions
2024-01-03 17:39:20 -05:00
e1435e96d2
do bounds check on full word32 size to match
...
inputBuffer length
2024-01-03 17:21:08 -05:00
bcfaf0372c
Merge pull request #7026 from Frauschi/liboqs
...
Improve liboqs integration
2024-01-03 16:20:26 -05:00
52db533d9b
Merge pull request #7106 from bandi13/20231114-codesonar-fixes
...
20231114 codesonar fixes
2024-01-04 07:16:33 +10:00
7e60b029c2
Merge branch 'master' into liboqs
2024-01-03 15:56:05 -05:00
e5d8ce9983
Fix memset size
2024-01-03 11:09:20 -05:00
d164a6c543
Buffer Overrun
...
Warning 545843.5806721
2024-01-03 10:00:31 -05:00
c404df78b1
Uninitialized variable
...
Warning 581196.3236230
2024-01-03 09:59:18 -05:00
e175004f85
Fix Infer Uninitialized Values.
2024-01-02 12:16:20 -06:00
567243d257
touch up autoconf build with xilinx and sp macro guards
2024-01-02 08:50:59 -08:00
b17ec3b4bc
cppcheck-2.13.0 mitigations peer review:
...
* add explanation in DoSessionTicket() re autoVariables.
* re-refactor ECC_KEY_MAX_BITS() in ecc.c to use two separate macros, ECC_KEY_MAX_BITS() with same definition as before, and ECC_KEY_MAX_BITS_NONULLCHECK().
* in rsip_vprintf() use XVSNPRINTF() not vsnprintf().
* in types.h, fix fallthrough definition of WC_INLINE macro in !NO_INLINE cascade to be WC_MAYBE_UNUSED as it is when NO_INLINE.
2023-12-28 16:38:47 -06:00
44b18de704
fixes for cppcheck-2.13.0 --force:
...
* fix null pointer derefs in wc_InitRsaKey_Id() and wc_InitRsaKey_Label() (nullPointerRedundantCheck).
* fix use of wrong printf variant in rsip_vprintf() (wrongPrintfScanfArgNum).
* fix wrong printf format in bench_xmss_sign_verify() (invalidPrintfArgType_sint).
* add missing WOLFSSL_XFREE_NO_NULLNESS_CHECK variants of XFREE() (WOLFSSL_LINUXKM, FREESCALE_MQX, FREESCALE_KSDK_MQX).
* suppress false-positive uninitvar on "limit" in CheckTLS13AEADSendLimit().
* suppress true-but-benign-positive autoVariables in DoClientHello().
* in wolfcrypt/src/ecc.c, refactor ECC_KEY_MAX_BITS() as a local function to resolve true-but-benign-positive identicalInnerCondition.
* refactor flow in wc_ecc_sign_hash_ex() to resolve true-but-benign-positive identicalInnerCondition.
2023-12-28 15:06:21 -06:00
457188f55e
Merge pull request #7070 from dgarske/cryptocb_moreinfo
...
Fixes for TLS with crypto callbacks
2023-12-27 18:55:56 -05:00
1c4d7285d3
Add documentation for HKDF functions. Improve param comments for devId.
2023-12-27 13:56:40 -08:00
e641c6b738
when removing the padding for the TLS13 verify message
...
step, check that the index doesn't wrap around due to a malformed packet
2023-12-27 16:06:40 -05:00
837452b1ca
Remove user-crypto functionality and Intel IPP support
2023-12-27 12:24:19 -07:00
0d057099af
Fix line lengths.
2023-12-27 10:12:52 -08:00
b86dfffdbe
Improve the TLS v1.3 expand key label warning for possible use of uninitialized "hash".
2023-12-27 09:52:56 -08:00
4b21cf3efc
Add fencing to ClientSessionToSession()
...
Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized.
Fixes ZD17219
Co-authored-by: Daniele Lacamera <dan@danielinux.net >
2023-12-27 16:23:52 +01:00
e68facd889
src/ssl.c: in wolfSSL_curve_is_disabled(), fix shiftTooManyBitsSigned.
2023-12-25 00:27:49 -06:00
d9ac8b5422
Peer review fixes. Fix issues with Tls13HKDFExpandKeyLabel. Fix crypto callback line lengths.
2023-12-22 14:16:59 -08:00
e65e9f11c7
fixes for clang -Wunreachable-code-aggressive (-Wunreachable-code/clang-diagnostic-unreachable-code in src/ssl.c:wolfSSL_CTX_load_verify_buffer_ex() and -Wunreachable-code/clang-diagnostic-unreachable-code-return in api.c:myCEKwrapFunc()).
2023-12-22 14:12:13 -06:00
0d212d8055
Further cleanup for Hashes.sha when not required. Gate all TLS SHA-1 on either old TLS or WOLFSSL_ALLOW_TLS_SHA1.
2023-12-21 09:41:29 -08:00
f2d573f01f
wolfssl/wolfcrypt/asn.h, src/ssl.c: add "ANONk" to enum Key_Sum, and use the new value in wolfSSL_get_sigalg_info(), fixing clang-analyzer-optin.core.EnumCastOutOfRange.
...
add suppressions in tests for expected clang-analyzer-optin.core.EnumCastOutOfRange's.
2023-12-19 18:14:29 -06:00
41d4f4a972
Fix TLS v1.2 case where SHA-1 could be used uninitialized. Exclude the SHA1 struct from HS_Hashes when not needed. Fixes mix-match of the SHA-1 with NO_OLD_TLS and WOLFSSL_ALLOW_TLS_SHA1.
2023-12-19 12:30:53 -08:00
Tobias Frauenschläger
John Bland
Daniel Pouzzner
David Garske
John Safranek
JacobBarthelmeh
Stanislav Klima
Sean Parkinson
Andras Fekete
Juliusz Sosinowicz
jordan
Lealem Amedie