Commit Graph

104 Commits

Author SHA1 Message Date
HIDEKI MIYAZAKI 319f1d699d fix clamp iterations <= 0 to 1 instead of returning an error 2026-05-20 07:25:35 -07:00
Daniel Pouzzner b2a56e7947 wolfcrypt/src/pwdbased.c:
* fix typography of wc_PBKDF_max_iterations_set() and wc_PBKDF_max_iterations_get() (peer review).
* refactor overflow prevention in wc_PKCS12_PBKDF_ex() to use WC_SAFE_SUM_UNSIGNED().

wolfcrypt/test/test.c: in pwdbased_test(), omit "INT_MAX MAC iterations" test if WOLFSSL_NO_MALLOC (uses wc_PKCS12_new_ex()).
2026-05-11 15:57:23 -05:00
Daniel Pouzzner f248b272db rename WC_PBKDF_MAX_ITERATIONS to WC_PBKDF_DEFAULT_MAX_ITERATIONS, raise it to 10000000, add wc_PBKDF_max_iterations_set() and wc_PBKDF_max_iterations_get(), and restore new negative tests in pwdbased_test(). 2026-05-11 15:57:22 -05:00
Anthony Hu 1cd9caca02 Line length fixup and repro in second impl. 2026-05-11 15:57:22 -05:00
Anthony Hu 3f6c8316c7 Add upper limit to PBKDF iteration count
Add WC_PBKDF_MAX_ITERATIONS (default 100000) to cap the iteration
count in wc_PBKDF1_ex(), wc_PBKDF2_ex(), and wc_PKCS12_PBKDF_ex().
2026-05-11 15:57:22 -05:00
David Garske 7de26312e6 Merge pull request #10378 from rlm2002/fenrir
Various PKCS12 Fixes
2026-05-05 12:07:17 -07:00
Ruby Martin 001939d663 Call ForceZero on sensitive buffers 2026-05-01 13:36:33 -06:00
Mattia Moffa bfd8834b31 Additional minor fixes 2026-04-28 18:34:32 +02:00
Colton Willey 37d66b8be9 Guard against negative length in BIO, I/O callbacks and PKCS12 PBKDF
- src/bio.c: Add BIO self-cycle UAF guard and negative nread/nwrite checks
- src/wolfio.c: Add negative sz guards to EmbedSend/EmbedReceive
- wolfcrypt/src/pwdbased.c: Add pLen/sLen/totalLen overflow checks in
  wc_PKCS12_PBKDF_ex
2026-04-28 18:34:32 +02:00
Colton Willey 58a27848a8 Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
Harden OpenSSL compatibility layer against NULL pointers, negative lengths,
and buffer overflows across EVP, OCSP, and X509 APIs. Fix DSA SignFinal
write-before-check overflow, add missing i2d_OCSP_RESPONSE allocation path,
and fix unaligned keyUsage access.
2026-04-13 20:29:50 -07:00
Daniel Pouzzner ec61e07d18 wolfcrypt/src/pwdbased.c: in wc_PKCS12_PBKDF_ex(), refactor the "Increment B by 1" loop to avoid bugprone-inc-dec-in-conditions. 2026-03-24 12:07:04 -05:00
Sean Parkinson f15199906d SP int: fixes from AI review
Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to
unit.test.

sp_int.c:
  Fixes to comments.
  Added more define build options documentation to top of file.
  Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined.
Fixes for when a->used is 0 and no underflow - not actually a problem
but cleaner code.
  sp_sub has different checks on a->used when values are only positive.
  sp_dic_2d  missing check for e less than zero.
sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i
to int to handle a->used of 0 and make code tidier.

Configuration testing fixes.
Fix formatting in test.c.
Added 128-bit types word128 and sword128 for cleaner PKCS#12 code.
2026-03-24 10:49:58 +10:00
jordan 7726f5cc7f pwdbased: fix cast warning. 2026-03-06 09:59:43 -06:00
jordan 3e39a5c11e pwdbased: add missing ForceZero for blocks, v, y. 2026-03-05 13:09:26 -06:00
aidan garske 3295a6521c Fix Fenrir issues in wolfcrypt 2026-02-24 18:51:58 -08:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Ruby Martin 86abe793d7 address undefined shift behavior and overflow 2025-09-16 11:03:21 -06:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Daniel Pouzzner ed5d8f8e6b update several files in wolfcrypt/src/port/arm to include libwolfssl_sources.h;
update wolfcrypt/src/port/af_alg, wolfcrypt/src/port/devcrypto, and wolfcrypt/src/port/kcapi to include libwolfssl_sources.h;

remove a slew of includes across lib sources made redundant by libwolfssl_sources.h.
2025-04-11 13:57:23 -05:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Daniel Pouzzner 7cd2fd3617 numerous fixes for memory errors reported by clang-tidy, most of them true positives, unmasked by CPPFLAGS=-DNO_WOLFSSL_MEMORY: clang-analyzer-unix.Malloc, clang-analyzer-core.NullDereference, clang-analyzer-core.uninitialized.Assign, clang-analyzer-core.UndefinedBinaryOperatorResult, and clang-analyzer-optin.portability.UnixAPI (re malloc(0)).
several fixes for defects reported by cppcheck:

wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;

wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.
2025-01-10 14:30:42 -06:00
Daniel Pouzzner 122502e2b1 wolfCrypt -Wconversion expansion: fix numerous warnings, all benign, from -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion. 2024-12-18 11:51:06 -06:00
Hideki Miyazaki 180ad206fc check klen in byte 2024-08-08 08:52:08 +09:00
Andras Fekete d7a0f49906 Programmatically remove NULL test before XFREE 2024-08-06 10:20:45 -04:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
kaleb-himes 76527c3eaa Address a report from multi-test about 8-bit chars 2024-05-15 15:21:41 -04:00
kaleb-himes 6719909f4e Add logging.h header in pwdbased.c when DEBUG_WOLFSSL 2024-05-15 14:02:44 -04:00
kaleb-himes 7047991cda Log when iterations LT 1000 but take no action 2024-05-15 14:02:44 -04:00
kaleb-himes a9511e118a Add SP800-132 112 bit minimum applicable after stretch/strengthen 2024-05-15 14:02:44 -04:00
kaleb-himes b8d31b042f Windows support 2024-04-09 13:55:05 -06:00
kaleb-himes e45867bbc3 WIN fips section refactor / wolfEntropy API syntax adjustment 2024-04-09 09:48:33 -06:00
kaleb_himes 81f5ac7f6c SRTP-KDF FS Preview 2024-04-09 09:48:33 -06:00
Daniel Pouzzner a10260ca5f refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.

wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(),  wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).

wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.

wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.

wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.

wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.

linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().

wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().

configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."

wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).

wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).

wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).

wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().

wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.

wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).

wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.

wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
Sean Parkinson 2c9609039d Type conversion fixes: make explicit
Changed to types and casting so that there are no implcit conversion
warnings (gcc -Wconversion) in these files.
2023-07-13 08:36:02 +10:00
Daniel Pouzzner f396989d20 more -Wconversion fixes, now covering everything inside the 140-3 boundary with default build options, everything in wolfcrypt with default build options, all modes of AES, builds with/without intelasm, all permutations of c89/c99 32/64 bit, and much of the crypto-all-cryptonly boundary;
also a gating fix for asn.c:SetShortInt().
2023-04-19 15:26:05 -05:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
David Garske 22a5a5c45e Add introspection for math build and math cleanups:
* Add introspection for math build.
* Raise build error if more than one multi-precision math library used.
* Fix ESP32 to support using any multi-precision math option.
* Refactor math headers to use `wolfmath.h`
* Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32).
* Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`.
* Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings.

Applies To:
```
WOLFSSL_ESPWROOM32
WOLFSSL_ESPWROOM32SE
MICROCHIP_PIC32
WOLFSSL_PICOTCP_DEMO
WOLFSSL_UTASKER
WOLFSSL_NRF5x
FREERTOS_TCP
WOLFSSL_TIRTOS
EBSNET
FREESCALE_COMMON
FREESCALE_KSDK_BM
WOLFSSL_DEOS
MICRIUM
WOLFSSL_SGX
```
2023-03-30 14:42:55 -07:00
Daniel Pouzzner 9dd23fca25 wolfcrypt/src/pwdbased.c: refactor copy in scryptSalsa() as a memcpy(), for efficiency and to work around a bug in clang-17; also fix scratch buffer x in scryptBlockMix() to have correct alignment. 2023-02-08 21:31:56 -06:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
David Garske 56c562a516 Fixes for building with ./configure --enable-opensslextra --enable-cryptonly CFLAGS="-DNO_HMAC" && make. Found this testing a customers configuration with latest. Also fixes some trailing whitespace. 2022-02-07 15:10:21 -08:00
John Safranek 5ddf4392df Old Compiler Warning Cleanup (GCC 4.0.2)
pwdbased.c: Simplified some arithmetic to fix a variable promotion
warning.
2022-01-14 17:36:12 -08:00
Kareem 39c9fa96bc wc_scrypt: Code review feedback. 2021-10-28 15:02:53 -07:00
Kareem 0ecb81e74a wc_scrypt: Check for underflow in blocksSz calculation. 2021-10-28 14:18:22 -07:00
Daniel Pouzzner 87578262aa wolfcrypt smallstack refactors:
rsa.c: wc_CompareDiffPQ()

dh.c: wc_DhGenerateParams()

dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()

srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()

ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()

test.c: GenerateNextP() dh_generate_test() GenerateP()
2021-10-26 20:24:27 -05:00
Daniel Pouzzner 6d715130a2 linuxkm: cleanups and smallstack refactors related to WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED, associated linuxkm-SIMD-IRQ PR, and associated peer review:
smallstack refactors for wolfcrypt/src/rsa.c:wc_CheckProbablePrime_ex() and wolfcrypt/src/pwdbased.c:wc_PKCS12_PBKDF_ex();

add WARN_UNUSED_RESULT macro to types.h;

text format cleanup;

fix internal.c:LowResTimer() implementation.

refactor tls13.c:TimeNowInMilliseconds() for kernel 4.9 and 3.16 compat.

use ktime_get_coarse_real_ts64() only for kernel 5.x+.  in kernel 4.x, use its older form, current_kernel_time64(), and in 3.x, use getnstimeofday().

linuxkm/module_hooks.c: fix wolfssl_init() pie code to be compatible with kernel 4.4-;

fix allocate_wolfcrypt_irq_fpu_states() return codes to all be wolfcrypt codes, and in calling code, pass up that code (suggested by dgarske peer review).
2021-09-20 13:46:51 -05:00
Guido Vranken 4e318ade36 In wc_PBKDF1_ex, break out of outer loop on error 2021-06-07 16:21:02 +02:00