wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 07:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,871 Commits 12 Branches 184 Tags
ed58cfdc0f599feb6ecb011803d92caa1b292e44
Commit Graph

183 Commits

Author SHA1 Message Date
Daniel Pouzzner
607a24b499 fixes for clang-tidy and sanitizer hygiene with --disable-fastmath. 2022-04-14 21:06:04 -05:00
Sean Parkinson
e9187f5f00 Wycheproof fixes/changes 
Allow Chachac20-Poly1305 to take an empty msg.
Allow AES-SIV to have an empty nonce.
Don't allow the length to be malleable. Must use the smallest number of
bytes to represent value.
ECDSA and DSA signature values are positive.
Add Sha512-224 and Sha512-256 OIDs.
ASN template - ensure the ECDSA/DSA signature uses all data.
Curve25519/Curve448 - WOLFSSL_ECDHX_SHARED_NOT_ZERO means shared secret
can't be 0.
Curve25519/Curve448 - check public value is less than order.
ECC - x or y may be zero but not both.
Ed25519/Ed448 - check S is less than order.
Ed448 - ge_p3_dbl can be simplified for ASM.
Prime check (integer.c/tfm.c/sp_int.c): Don't allow negative values and
make sure random candidate doesn't have bits higher than those in a set
when bits not a multiple of 8.
RSA: support Sha512-224 and Sha512-256.
RSA: Fix check for invalid in decryption. Affects plaintexts 256 bytes
and longer.
RSA: Don't allow base be larger than modulus.
RSA: Check small ciphertext (1 or 0) on decrypt when not using OAEP.
RSA: WOLFSSL_RSA_DECRYPT_TO_0_LEN allows decrypted value to be 0.
SP math all: fix div to handle large a and d when checking size of
remainder.
SP math all: set sign of result in sp_mod_2d()
 2022-04-06 15:35:01 +10:00
kaleb-himes
fc92584bd2 Address the one that was missed 2022-03-11 08:36:36 -07:00
kaleb-himes
0eef90f951 Fix for ZD13795 and also remove all-caps parameter 2022-03-10 11:40:32 -07:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Daniel Pouzzner
f126e6add5 wolfcrypt/src/integer.c: fixes for cppcheck complaints: nullPointerRedundantCheck[false positive; added suppression] 2022-01-08 00:30:20 -06:00
David Garske
ce4f436d0f Merge pull request #4587 from SparkiDev/dis_algs_fix_1 
Disable algorithms: fixes
 2021-12-19 20:12:30 -08:00
Juliusz Sosinowicz
574d171357 Fix leak when mp_int = 0 in integer.c 2021-12-07 12:46:24 +01:00
Sean Parkinson
5a72fee3df Disable algorithms: fixes 
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
 - mp_cond_copy not available unless ECC compiled in
 - wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
 2021-11-19 16:56:33 +10:00
Daniel Pouzzner
0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Daniel Pouzzner
67db7b7f32 fixes for issues identified by Jenkins run: 
Makefile.am: clean .build_params file;

ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();

move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);

fix new unused-label defect in wc_ecc_shared_secret_gen_sync();

fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);

fix NO_INLINE ForceZero() prototype;

ecc.c: add missing if (err == MP_OKAY) in build_lut();

wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;

ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;

WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
 2021-10-26 20:24:27 -05:00
Guido Vranken
0522e19fc1 Check return value of mp_grow in mp_mod_2d 
ZD13048
 2021-10-10 21:02:03 +02:00
Sean Parkinson
ed6e173fc3 Maths: mp_mod_2d supports negative value now 
SRP: don't clear an mp_int that hasn't been initialized
 2021-07-20 18:33:55 +10:00
Guido Vranken
e0f268e522 Simplify mp_invmod_slow fix 2021-07-06 02:29:31 +02:00
Guido Vranken
9783d64f7e Add missing return value check in mp_invmod_slow 2021-07-06 02:13:42 +02:00
Sean Parkinson
3180ec96a5 Merge pull request #3963 from dgarske/nxp_ltc_rsa 
Fixes for NXP LTC ECC/RSA
 2021-06-14 08:29:24 +10:00
David Garske
64ae0a827c Fixes for RSA with NXP LTC. The invmod function must reduce if A > B. Added RSA Key Generation acceleration. 2021-05-25 15:58:22 -07:00
Sean Parkinson
2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
Guido Vranken
2ecaa3c4c6 Use unsigned integers in mp_is_bit_set 
ZD 12012
 2021-04-01 00:57:06 +02:00
toddouska
95b91d8913 Merge pull request #3886 from DKubasekRA/fix/RA/v4.7.0-coverity 
RA - Fixes for Coverity issues
 2021-03-31 10:41:54 -07:00
toddouska
3ac03d3d66 Merge pull request #3805 from JacobBarthelmeh/copyright 
update copyright date to 2021
 2021-03-15 16:16:50 -07:00
Sean Parkinson
a55e94cf6f ECCSI and SAKKE: add support 
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
 2021-03-12 09:31:22 +10:00
Jacob Barthelmeh
c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
Sean Parkinson
419b426a1b MP int: fix word range check in mp_is_bit_set() 2021-03-08 15:45:04 +10:00
Sean Parkinson
298ebd6024 MP small: read radix set result to 0 on all errors 2021-03-05 10:02:07 +10:00
Martin Kinčl
9ea66868d8 Fixed CID 536133. 2021-03-03 20:37:29 +01:00
Martin Kinčl
05156083ec Fixed CID 529770. 2021-03-03 20:29:21 +01:00
toddouska
4c1a94a6ad Merge pull request #3768 from SparkiDev/mp_add_d_too_big 
MP small: mp_add_d doesn't support adding a digit greater than MP_DIG…
 2021-02-25 16:56:23 -08:00
Sean Parkinson
982ba6c1e0 Math: GCD(0,0) is undefined and LCM(0,*) is undefined. 
All integers divide 0 so there is no greatest common divisor.
0 is not in the set of numbers for LCM.
 2021-02-25 09:29:21 +10:00
Sean Parkinson
7ce3860e19 MP small: mp_add_d doesn't support adding a digit greater than MP_DIGIT_MAX 2021-02-17 09:24:22 +10:00
David Garske
53e79f1053 Fix for mp_radix_size with radix 2 and mp_int equal to zero. Fix applies to normal and fast math only. ZD11419. 2020-12-21 12:41:32 -08:00
Daniel Pouzzner
b0ec2bf058 wolfcrypt/src/integer.c: fix mp_read_unsigned_bin() accounting on mp_int.used_bits to avoid spurious .used > .alloc condition at loop exit. 2020-12-18 02:05:18 -06:00
Daniel Pouzzner
ef1284165f wolfcrypt/src/integer.c: fix sub-byte clearing step of mp_mod_2d() to work when DIGIT_BIT != sizeof(mp_digit)*8. 2020-12-10 23:50:30 -06:00
Sean Parkinson
a075540343 Merge pull request #3552 from tmael/shiftNeg 
Check shift value
 2020-12-11 10:19:27 +10:00
Tesfa Mael
9042843e42 Fix shift and clear digits 2020-12-10 16:13:30 -08:00
Daniel Pouzzner
5286cb1a46 optimize domain check in wolfcrypt/src/integer.c and wolfcrypt/src/tfm.c. 2020-12-10 14:16:20 -06:00
Sean Parkinson
9bbef90546 MP integer: fix map string for toradix and read_radix 2020-12-07 09:12:53 +10:00
Sean Parkinson
91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
Sean Parkinson
f5561b926c rshb: handle cases of shift amount being multiple of DIGIT_BIT 
tfm.c and integer.c fixed
 2020-11-11 10:04:14 +10:00
John Safranek
d24add10f2 Nightly Test Fix 
When performing a fast_mp_montgomery_reduce(), scan-build didn't like
that the destination buffer was fully zeroed out. We were only zeroing
what was expected to be used. This zeroes only the expected to be used
section of the output buffer.
 2020-11-01 18:58:05 -08:00
Elms
86b2118550 Address some cppcheck issues 2020-10-19 11:47:53 -07:00
Sean Parkinson
f0db2c177e ECC mulmod: some curves can't do order-1 
Change implementation of timing resistant scalar multiplication to use
Joye double-add ladder.
No longer have fake operations being performed therefore can remove the
order adding operations.
Still need to check for boundary condition: order-1 wil not work with
SECP256K1 as it results in an add of order/2 and (order/2)+1 times base
point which are the negatives of each other. The sum is infinity and not
handled by maths.
Added mp_cond_swap_t - Conditionally swap in constant time.
 2020-10-13 09:55:35 +10:00
Daniel Pouzzner
453698ba27 add explanatory comments for do_div(), used when WOLFSSL_LINUXKM. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
03d5a4eadd wolfcrypt/src/integer.c: mp_div_d(): refactor another 64 bit division to use do_div() when WOLFSSL_LINUXKM. 2020-09-23 18:32:15 -05:00
Eric Blankenhorn
5d69c9f1dc Move neg check 2020-09-15 09:12:45 -05:00
Eric Blankenhorn
4688f5fa59 Handle leading zero 2020-09-11 08:39:34 -05:00
Eric Blankenhorn
78a1670334 Fix mp_radix_size off by 1 error 2020-09-10 09:58:26 -05:00
Sean Parkinson
4f44df96dc MP: integer OOB write fix 
mp_to_unsigned_bin_len() now checks length passed in is greater than or
equal length to write.
 2020-08-24 22:48:52 +10:00
Sean Parkinson
9ef9671886 ECC uses CT vers of addmod, submod and div_2_mod 
The TFM implementations of mp_submod_ct, mp_addmod_ct,
mp_div_2_mod_t are more resilient to side-channels.
 2020-08-11 16:12:10 +10:00
Martin Akman
1f8d4149a5 Merge in master 2020-07-23 21:39:18 +10:00