wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 15:42:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,375 Commits 12 Branches 184 Tags
ed390e472df568d2181ea30e37c606da385d54b4
Commit Graph

9216 Commits

Author SHA1 Message Date
Daniel Pouzzner
f7abd7cb25 opensslcoexist fixes: add WOLFSSL_EVP_MD_FLAG_XOF, and use WC_MD4_BLOCK_SIZE, not MD4_BLOCK_SIZE. 2025-01-24 20:14:39 -06:00
Daniel Pouzzner
e6b87c2e54 src/ssl.c: work around false positive from scan-build in wolfSSL_writev(), long ago annotated with PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\""). 
wolfcrypt/src/misc.c: fix typo, max_size_t_() -> max_size_t().
 2025-01-24 17:55:55 -06:00
Daniel Pouzzner
1b338abb2d fix wolfSSL_read_ex() prototype with size_t sz, not int sz, for consistency with OpenSSL; 
fix internal functions wolfSSL_read_internal() and ReceiveData() to likewise accept size_t sz;

add negative sz checks where needed to other functions that call wolfSSL_read_internal() and ReceiveData();

add min_size_t() and max_size_t() to misc.c/misc.h.
 2025-01-24 16:16:43 -06:00
Daniel Pouzzner
93ac482772 linuxkm/module_hooks.c: in wolfssl_init(), #ifdef HAVE_FIPS, wc_RunAllCast_fips(); 
wolfcrypt/src/aes.c: add missing parens in GHASH_ONE_BLOCK_SW() to mollify clang-tidy;

wolfssl/wolfcrypt/fips_test.h: add FIPS_CAST_AES_ECB;

wolfssl/wolfcrypt/settings.h: #ifdef WOLFSSL_LINUXKM, #undef HAVE_LIMITS_H.
 2025-01-24 16:09:43 -06:00
Daniel Pouzzner
09ac8c69db fixes for clang-tidy complaints with NO_ERROR_STRINGS. 2025-01-24 16:09:43 -06:00
David Garske
20ae10fd8c Merge pull request #8360 from philljj/dual_alg_mldsa 
Update ssl code for ML_DSA.
 2025-01-24 11:55:04 -08:00
David Garske
2e87dfc207 Merge pull request #8345 from JacobBarthelmeh/python_update 
Python update to 3.12.6
 2025-01-24 11:37:10 -08:00
David Garske
7ad4131b13 Merge pull request #8343 from anhu/maxq_pkcs11 
New additions for MAXQ with wolfPKCS11
 2025-01-24 11:34:27 -08:00
Anthony Hu
18396c4740 New additions for MAXQ with wolfPKCS11 
- Support using MAXQ for:
    - AES-ECB
    - AES-CCM
    - AES-CBC
    - ECC Key Generation and ECDH
- in wc_ecc_import_private_key_ex():
    - check to make sure devId is not invalid before calling wc_MAXQ10XX_EccSetKey().
    - This is because the raspberry pi sometimes need to sign stuff.
- in aes_set_key() and ecc_set_key():
    - delete a key in case it already exists; ignore error since it might not exist.
    - unlock, lock the HW mutex around ECDSA_sign() because it needs access to rng
- in wolfSSL_MAXQ10XX_CryptoDevCb:
    - allow maxq1065 to call the crypto callback.
    - do not set the key during signing; use pre provisioned one instead (DEVICE_KEY_PAIR_OBJ_ID)
 2025-01-24 13:53:27 -05:00
JacobBarthelmeh
69be9aa211 fix to not stomp on sz with XOF function, restore comment, remove early XFREE call 2025-01-24 11:40:53 -07:00
JacobBarthelmeh
2eb42f1cea adjust behavior when calling non XOF digest final function with XOF digest type 2025-01-23 16:30:08 -07:00
JacobBarthelmeh
fc563f2e20 cast data input to const and resolve overlong line length 2025-01-23 16:30:08 -07:00
JacobBarthelmeh
49c515ac58 add some unit test cases 2025-01-23 16:30:08 -07:00
JacobBarthelmeh
28bed8d634 fix for SN (short name) of digests to match expected values 2025-01-23 16:30:07 -07:00
JacobBarthelmeh
c6974a921d fix for return values of write_ex/read_ex, propogate PARAMS, handle CRL with load_verify_locations, fix for get verified/unverified chain 2025-01-23 16:30:07 -07:00
JacobBarthelmeh
d8a9aaad16 add key mismatch error 2025-01-23 16:30:07 -07:00
JacobBarthelmeh
3b23a05157 flush out x509 object stack deep copy and md get flag 2025-01-23 16:30:07 -07:00
JacobBarthelmeh
f9e289881b stub out all functions needed for Python port update 2025-01-23 16:30:07 -07:00
JacobBarthelmeh
0ebb5f7238 add short name WC_SN macros 2025-01-23 16:30:07 -07:00
Lealem Amedie
161da6046c Skip MQX InitMutex call if FIPS module is in Init Mode 2025-01-23 14:00:00 -07:00
jordan
2ef90b1f89 ML-DSA/Dilithium: update ssl code for ML_DSA final. 2025-01-23 15:33:26 -05:00
David Garske
f61d276f3b Merge pull request #8362 from JacobBarthelmeh/copyright 
update copyright date to 2025
 2025-01-21 16:23:49 -08:00
JacobBarthelmeh
d94c043b09 misc. spelling fixes 2025-01-21 16:18:28 -07:00
David Garske
c456cbdfbc Merge pull request #8351 from anhu/lms_guards_256256 
Better guarding for LMS SHA256_256 vs LMS SHA256_192
 2025-01-21 10:56:13 -08:00
David Garske
5df6989eab Merge pull request #8350 from embhorn/zd19220 
Check r and s len before copying
 2025-01-21 10:36:54 -08:00
JacobBarthelmeh
a4c58614b9 Merge pull request #8324 from julek-wolfssl/ntp-4.2.8p17 
ntp 4.2.8p17 additions
 2025-01-21 10:02:23 -08:00
JacobBarthelmeh
2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Eric Blankenhorn
9c4ef7cd30 Use BUFFER_E instead of ASN_PARSE_E when buffer is too small 2025-01-20 08:40:36 -06:00
Sean Parkinson
6e383547dd Entropy Apple: change time function called 
Use clock_gettime_nsec_np and get the raw monotonic counter.
 2025-01-16 04:14:55 +10:00
Anthony Hu
4ca65f0ce7 Better guarding for LMS SHA256_256 vs LMS SHA256_192 2025-01-10 17:24:05 -05:00
Daniel Pouzzner
dc2ada117e wolfcrypt/benchmark/benchmark.c: fix check_for_excessive_stime() to accept the algo and strength, for proper rendering on asym algs. 2025-01-10 15:48:24 -06:00
Daniel Pouzzner
b16bedf82a more fixes guided by clang-tidy heap analyzer using clang-20.0.0_pre20250104: 
wolfcrypt/src/integer.c: add additional guards against OOB access from uint wraps and null derefs of mp_int.dp, and refactor mp_grow() and mp_init_size() to use XMEMSET, for the benefit of clang-tidy.  in mp_grow(), fix the condition for the realloc to assure always evaluated if a->alloc == 0.

wolfcrypt/src/asn.c: fix wc_CreatePKCS8Key() so that *outSz is always assigned when LENGTH_ONLY_E is returned.

wolfcrypt/src/pkcs7.c: remove redundant inner condition in wc_PKCS7_EncodeAuthEnvelopedData(), added in previous commit and caught on review by Jacob (thanks!).

wolfcrypt/src/sp_int.c: in sp_mont_norm(), add another suppression for the same false positive in sp_mul() suppressed in previous commit.

wolfcrypt/src/srp.c: refactor SrpHashSize() to return ALGO_ID_E rather than 0 when unknown/uncompiled alg is requested.
 2025-01-10 15:48:05 -06:00
Daniel Pouzzner
7cd2fd3617 numerous fixes for memory errors reported by clang-tidy, most of them true positives, unmasked by CPPFLAGS=-DNO_WOLFSSL_MEMORY: clang-analyzer-unix.Malloc, clang-analyzer-core.NullDereference, clang-analyzer-core.uninitialized.Assign, clang-analyzer-core.UndefinedBinaryOperatorResult, and clang-analyzer-optin.portability.UnixAPI (re malloc(0)). 
several fixes for defects reported by cppcheck:

wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;

wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.
 2025-01-10 14:30:42 -06:00
Eric Blankenhorn
53831d0f32 Add test 2025-01-10 10:06:14 -06:00
Eric Blankenhorn
139504b9fd Check r and s len before copying 2025-01-10 08:46:40 -06:00
Sean Parkinson
aa8a2144c8 Aarch64 CPU Id: FreeBSD/OpenBSD fix 
Fix name and flags set.
 2025-01-10 08:28:45 +10:00
Daniel Pouzzner
8d85ab964d wolfcrypt/src/pkcs12.c: fix resource leak in PKCS12_CoalesceOctetStrings(). 2025-01-08 13:39:33 -06:00
Daniel Pouzzner
fd664fd597 wolfcrypt/src/integer.c: add sanity checks to mollify clang-tidy 20.0.0_pre20250104: in mp_grow(), error if the mp_int has a null .dp but nonzero .alloc; in s_mp_add() and s_mp_sub(), error if either operand has a null .dp but the constant of iteration (from .used) is positive. these fix 6 distinct clang-analyzer-core.NullDereferences, of undetermined accuracy (possibly benign). 2025-01-08 11:09:27 -06:00
Daniel Pouzzner
632d1c7ada wolfcrypt/src/wc_xmss_impl.c: fix error-checking comparisons in wc_xmss_bds_state_load() and wc_xmss_bds_state_store(), and remove no-longer-needed suppression in wc_xmss_sign(). 
.wolfssl_known_macro_extras: remove unneeded WOLFSSL_GAISLER_BCC and WOLFSSL_NO_AES_CFB_1_8.

wolfcrypt/src/dh.c: reformat overlong lines.
 2025-01-07 17:37:11 -06:00
Daniel Pouzzner
b6ce89c429 wolfcrypt/src/pkcs7.c: in wc_PKCS7_BuildSignedAttributes(), clear cannedAttribs[idx] before it's conditionally populated, to prevent possible uninited data read in subsequent EncodeAttributes(). 2025-01-07 15:03:18 -06:00
Daniel Pouzzner
8c32238733 wolfcrypt/src/wc_xmss_impl.c: guided by clang-tidy 20.0.0_pre20250104, add some error-checking to wc_xmss_bds_state_load() and wc_xmss_bds_state_store(), but ultimately, suppress a pair of stubborn apparently-false "function call argument is an uninitialized value" warnings, one in wc_xmss_bds_state_store() and one in wc_xmss_sign(). 2025-01-07 14:04:01 -06:00
David Garske
a3d879f1c6 Merge pull request #8336 from douzzer/20250107-clang-tidy-null-derefs 
20250107-clang-tidy-null-derefs
 2025-01-07 08:07:06 -08:00
David Garske
4a12351a82 Merge pull request #8335 from douzzer/20250106-_DhSetKey-FFDHE-short-circuit 
20250106-_DhSetKey-FFDHE-short-circuit
 2025-01-07 08:06:37 -08:00
David Garske
d2ea3c67c5 Merge pull request #8329 from douzzer/20250103-Sha512Final-no-scratch-digest 
20250103-Sha512Final-no-scratch-digest
 2025-01-07 08:05:31 -08:00
Daniel Pouzzner
d6ead1b3e5 src/tls.c: fix possible null deref in TLSX_UseCertificateStatusRequestV2(). 
wolfcrypt/src/pkcs12.c: fix possible null deref in PKCS12_CoalesceOctetStrings(), and fix spelling of PKCS12_ConcatenateContent().
 2025-01-07 00:00:48 -06:00
Daniel Pouzzner
fffafe661a wolfcrypt/src/dh.c: in _DhSetKey(), add short-circuit comparisons to RFC 7919 known-good moduli, preempting overhead from mp_prime_is_prime(). 
wolfcrypt/test/test.c: in dh_ffdhe_test(), when defined(HAVE_PUBLIC_FFDHE), use wc_DhSetKey_ex() rather than wc_DhSetKey() to exercise the primality check in _DhSetKey().
 2025-01-06 14:52:42 -06:00
Daniel Pouzzner
5172ff7ee3 wolfcrypt/src/sha512.c: in Sha512FinalRaw() and wc_Sha384FinalRaw(), refactor out the scratch digest -- ByteReverseWords64() is safe in-place, and the scratch digest caused a SEGV in the XMEMCPY() on AVX512-capable targets built with gcc -march=native unless XALIGN(64), due to gcc bug(s). 2025-01-06 11:06:56 -06:00
Sean Parkinson
13ce92cc1f SP int: stop CodeSonar complaining about i being negatve 
n is checked for negative and fail out in that case.
i is n devided by a positive constant and can never be negative.
 2025-01-06 10:04:14 +10:00
Sean Parkinson
7d3ee74a71 Aarch64 ASM: Use CPU features for more 
AES GCM streaming - fix GHASH_ONE_BLOCK to use CPU feature information.
AES-GCM uses EOR3 (SHA-3 instruction) - split assembly code.
Kyber uses SQRDMLSH - split assembly code.

Changed define from WOLFSSL_AARCH64_NO_SQRMLSH to
WOLFSSL_AARCH64_NO_SQRDMLSH to match instruction.

Improved array data format for inline assembly code.
 2025-01-02 19:56:04 +10:00
Juliusz Sosinowicz
af96f294fa Add MD4 to EVP layer 2024-12-31 16:58:58 +01:00