Commit Graph

483 Commits

Author SHA1 Message Date
John Safranek d866144fb1 Merge branch 'master' into merge-fips-builds 2023-09-05 16:52:36 -07:00
John Safranek db858fd052 Merge tag 'v5.2.1-stable' into merge-fips-builds
Check-in FIPS 140-3 PILOT
2023-09-05 13:50:29 -07:00
Sean Parkinson 0638ec234b AES ARM32 and Thumb2 ASM: fixup ARM32 and add Thumb2
Fix which functions and data are compiled in depending on defines.
Better handing of constants.
Also fix Aarch64 ed25519 inline assembly.
2023-08-30 20:34:51 +10:00
kaleb-himes c98ce0d18c FIPS 140-3 Pilot Program Check-in 2023-08-24 14:29:32 -07:00
Sean Parkinson 36b92a4cef Thumb2 ASM, Curve25519
Add support for compiling ASM for Thumb2
Add Curve25519 ASM for Thumb2
Limit assembly code compiled when Ed25519 not required.
Rework all assembly implementations to replace ge_*() functions instead
of having fe_ge_*() versions that take many parameters.
Get ARM32 inline asm working.
2023-08-24 17:43:03 +10:00
Andras Fekete b31e485dc9 Remove 'HAVE_FIPS_VERSION < 2' blocks 2023-08-02 17:08:03 -04:00
JacobBarthelmeh 681a75da24 fix for AES-GCM use with petalinux 2023-07-25 22:08:20 -06:00
JacobBarthelmeh 1285ae7816 Merge pull request #6506 from DimitriPapadopoulos/codespell
Fix typos found by codespell
2023-07-24 10:34:29 -06:00
JacobBarthelmeh 8065ba18f9 Merge pull request #6620 from douzzer/20230714-WC_DO_NOTHING
20230714-WC_DO_NOTHING
2023-07-18 17:04:02 -06:00
Daniel Pouzzner f6f8d2eda3 add WC_DO_NOTHING macro to wolfssl/wolfcrypt/types.h, with default expansion "do {} while (0)", and globally refactor to use the macro where appropriate, annotating intended-null macros-with-args with "/* null expansion */";
tweak several #includes of settings.h to include types.h instead (all of these are for clarity, as types.h is indirectly included by later #includes), and add #include <wolfssl/wolfcrypt/types.h> where missing;

remove trailing semicolons from PRAGMA*() macro invocations as they are unneeded and can be harmful (inducing frivolous -Wdeclaration-after-statement etc.).
2023-07-14 09:50:01 -05:00
David Garske 00add89deb Fix for unused AesDecrypt in aes.c with SiLabs AES acceleration enabled (WOLFSSL_SILABS_SE_ACCEL). ZD15874 2023-07-13 13:50:15 -07:00
gojimmypi 57546405c0 refactor WROOM32 ESP32 2023-07-07 15:47:00 -07:00
Dimitri Papadopoulos 50752f5a2b Fix typos found by codespell 2023-07-04 07:21:27 +02:00
Sean Parkinson e2424e6744 SM2/SM3/SM4: Chinese cipher support
Add support for:
 - SM2 elliptic curve and SM2 sign/verify
 - SM3 digest
 - SM4 cipher with modes ECB/CBC/CTR/GCM/CCM

Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
2023-07-04 13:36:28 +10:00
John Bland c72d008a5c add STM32_HW_CLOCK_AUTO which turns the stm32 hw
accleration clock on and off automatically
2023-06-27 17:16:46 -04:00
Daniel Pouzzner 03a6eed037 wolfcrypt/src/{aes.c,blake2b.c,siphash.c}: fix W64LIT() arguments to not have improper 'U' suffix;
wolfssl/wolfcrypt/types.h: add 'U' suffix to W64LIT() macro defs, and add SW64LIT() macro defs (not yet used anywhere);

wolfcrypt/src/asn.c: add !WOLFSSL_ECC_CURVE_STATIC gate around DataToHexStringAlloc() to resolve -Wunused;

wolfcrypt/src/ecc.c: guard against zero-valued "len" arg to wc_ecc_get_curve_id_from_oid();

wolfcrypt/src/wc_port.c: fix several argument implicit sign changes in USE_WINDOWS_API paths;

wolfssl/wolfcrypt/ecc.h: remove const attribute from inline buffers in WOLFSSL_ECC_CURVE_STATIC struct ecc_set_type.
2023-06-12 23:15:08 -05:00
Sean Parkinson ed01b14356 cppcheck: fixes from scan
wolfssl_sce_unit_test.c:
  sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
  wolfSSL_i2t_ASN1_OBJECT(): done is not needed
  MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
  Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
  KcapiRsa_Decrypt(): fix ret check by using else
  KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
  KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
  XFREE checks for NULL

Reduce scope of varialbes.
Condition same.
2023-06-07 17:27:51 +10:00
Daniel Pouzzner 59a7c0d7e4 move definitions of XASM_LINK() from wolfcrypt/src/aes.c, wolfcrypt/src/asm.c, and wolfcrypt/src/cpuid.c, to wolfssl/wolfcrypt/types.h, and use __asm__() instead of asm() if __GNUC__, for compatibility with -std=c99. 2023-05-31 15:48:52 -05:00
Sean Parkinson 98a717e1d5 Memory usage: reduce stack usage
AES C impl: don't align to 32 bytes, align to 16 as buffer is 16 bytes
long.
SP int: Don't call _sp_mulmod but call sp_mul and _sp_div to do mod
operation. For RSA, fewer calls for mod operation means less stack used
at deepest point.
2023-05-22 16:57:07 +10:00
David Garske 0530ee774f Merge pull request #6418 from douzzer/20230517-linuxkm-benchmarks
20230517-linuxkm-benchmarks
2023-05-17 15:00:49 -07:00
Daniel Pouzzner fffff657de cleanups: line length, WOLFSSL_SMALL_STACK_STATIC, and SAVE_VECTOR_REGISTERS() failure trap in benchmark.c, proper path to benchmark.c in linuxkm/module_hooks.c, and proper casting in aes.c. also harmonized semantics and prototype of bench_ripemd(). 2023-05-17 13:00:46 -05:00
Daniel Pouzzner a18dc7f10a wolfcrypt/src/aes.c: in wc_AesSetKeyLocal(), add an alignment check in the haveAESNI path for WOLFSSL_LINUXKM, because the failure mode is module crash. 2023-05-17 01:07:47 -05:00
Eric Blankenhorn 0a5a5a65a2 Fix valgrind issue with memcpy 2023-05-16 14:38:51 -05:00
David Garske dbb5ee3b1e Merge pull request #6389 from JacobBarthelmeh/devid
always call crypto cb when compiled in
2023-05-11 11:48:30 -07:00
Daniel Pouzzner 3c06638115 wolfcrypt/src/aes.c: fixes for bugprone-macro-parentheses;
wolfcrypt/src/ecc.c: fix for nullPointerRedundantCheck ("possible null pointer dereference").
2023-05-11 11:51:27 -05:00
JacobBarthelmeh bab35c4de2 add WOLF_CRYPTO_CB_FIND macro to guard find device ID callback 2023-05-10 15:28:19 -07:00
JacobBarthelmeh 04e831fa63 Merge pull request #6309 from SparkiDev/aes_cache_touch_lines
AES: touch each cache line when getting offset from table
2023-05-10 09:56:27 -06:00
JacobBarthelmeh 71cbc019d7 always call crypto cb when compiled in 2023-05-08 09:49:50 -07:00
Sean Parkinson 9b404fcc5b AES touch cache lines
Change implementation to get from each line of a table once for each 4
variables.
Only enable WOLFSSL_AES_TOUCH_LINES, by default, when RISC-V.
2023-05-04 16:34:42 +10:00
Daniel Pouzzner 8f610bb156 fix for retval overwrite (warned by clang-analyzer-deadcode.DeadStores) in sha.c:wc_ShaFinal();
fix for benign clang-analyzer-deadcode.DeadStores in aes.c:wc_AesFeedbackEncrypt();

fix for cppcheck:selfAssignment in chacha.c:wc_Chacha_wordtobyte().
2023-04-19 15:53:48 -05:00
Daniel Pouzzner f396989d20 more -Wconversion fixes, now covering everything inside the 140-3 boundary with default build options, everything in wolfcrypt with default build options, all modes of AES, builds with/without intelasm, all permutations of c89/c99 32/64 bit, and much of the crypto-all-cryptonly boundary;
also a gating fix for asn.c:SetShortInt().
2023-04-19 15:26:05 -05:00
Juliusz Sosinowicz 3c57228197 aes.c: Use xorbufout when possible 2023-04-19 17:06:25 +02:00
Daniel Pouzzner a4aef0e55d refinements from peer review for #6303. 2023-04-18 12:23:24 -05:00
Daniel Pouzzner 4b9302cdb3 another batch of -Wconversion fixes. 2023-04-18 12:23:24 -05:00
gojimmypi 98b718f91b wolfcrypt polish: init, checks, corrections (#6249)
* wolfcrypt polish: init, checks, corrections
2023-04-18 09:41:42 -07:00
Sean Parkinson a5c220d034 AES: touch each cache line when getting offset from table 2023-04-18 12:46:56 +10:00
Daniel Pouzzner edf95dbcbd add WOLF_C89 clauses to the W64LIT() definitions in wolfssl/wolfcrypt/types.h, and wrap several long long numeric literals with W64LIT() in wolfcrypt/src/{aes.c,blake2b.c,siphash.c};
add WOLF_C89 handling to SP_ULONG_BITS and SP_ULLONG_BITS setup in wolfssl/wolfcrypt/sp_int.h.
2023-04-14 13:29:26 -05:00
David Garske 72c6429276 Better fixes for pedantic to resolve (error: comparison of unsigned expression >= 0 is always true). Also overlong lines. 2023-04-12 01:37:09 -05:00
David Garske 6418e3cbfe Fixes for implicit casts.
Tested with `./configure --disable-asm --enable-32bit --enable-asn=original --enable-cryptonly CFLAGS="-Wconversion -pedantic" && make`. Some progress with ASN template, but not complete.
2023-04-12 01:37:09 -05:00
JacobBarthelmeh a121a5c270 Merge pull request #6225 from SparkiDev/memzero_check_fixes_1
MemZero check fixes
2023-03-23 21:04:39 +07:00
Sean Parkinson d1e4349661 MemZero check fixes
ForceZero the client and server secret regardless of whether TLS 1.3 as
it may change but have been copied in.
ForceZero the input buffer in wolfSSL_Clear() when encryption was on.

Changed wc_PRF_TLS to only check the parts of data used.
Changed where scatch is added for checking in wc_AesCtrEncrypt.
Change wc_MakeRsaKey to memset p, q, tmp1, tmp2 and tmp3 to all zeros so
that MemZero check works. Memset not needed otherwise.
Changes for new compiler - thinks uninitialized.
2023-03-23 12:27:38 +10:00
Sean Parkinson 1fa75a5503 AES-GCM streaming: EVP needs to set IV with wc_AesGcmInit
Store IV if it is small enough to fit in aes->reg - was a copy of the
aes->reg in the first place.
2023-03-23 09:28:22 +10:00
JacobBarthelmeh 0486db8a2e Merge pull request #6188 from SparkiDev/aes_gcm_streaming_long_nonce
AES-GCM streaming: fix IV caching
2023-03-15 11:39:37 -06:00
Sean Parkinson 3b5310d186 AES-GCM streaming: fix IV caching
AES-GCM stremaing was caching IV even when larger than buffer copying
into.
Instead, require calls to wc_AesGcmSetIV() or wc_AesGcmSetExtIV() to
cache IV.
wc_AesGcmInit() now uses passed in IV or retrieves from cache.
2023-03-15 07:52:06 +10:00
Sean Parkinson 397537e691 AES-GCM: MSVC use generated assembly instead of inline
AES-GCM for MSVC was using inline assembly.
Add MSVC version of AES-GCM assembly and use it instead.
Removed inline assembly.
2023-02-28 14:56:29 +10:00
Sean Parkinson b359dd27e4 AES ECB/CTR/XTS: enable AES-NI usage
Perform multiple blocks of encryption/decryption in assembly call with
ECB.
This improves performance of ECB, CTR and XTS on Intel x64.
2023-02-10 11:14:06 +10:00
Daniel Pouzzner 38c057a084 fix resource leak (missing calls to wc_AesFree()) in wolfSSL_EVP_CIPHER_CTX_cleanup();
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;

fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();

fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);

fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());

also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
2023-02-01 00:49:34 -06:00
Sean Parkinson e9af0136b9 AES XTS: encrypt not handling in-place properly
Fix AES XTS in-place encrypt to work when ciphertext stealing.
2023-01-25 09:32:37 +10:00
tim-weller-wolfssl cf9b865e33 Update AES-GCM stream decryption setup to allow long IV values (already allowed by encryption APIs) 2023-01-20 20:35:39 +00:00
Sean Parkinson 0a2ee6c530 AES SIV: Allocate memory for AES as late as possbile
AES will be initialized if memory allocation succeeded.
2023-01-14 05:41:24 +10:00