Commit Graph

306 Commits

Author SHA1 Message Date
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Josh Holtrop c36c39af0a RSA API: use const pointers and clean up some comments 2025-10-02 15:28:43 -04:00
gojimmypi d64ef34ef8 Introduce WOLFSSL_DEBUG_CERTS Certificate Debug Messages 2025-08-06 13:57:53 -07:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Sean Parkinson f1cb4d579c Regression testing
Fixes to get WOLFSSL_PUBLIC_MP testing passing.
Fix DH constant time agreement:
  - implement constant time encoding to big-endian byte array in TFM
- only force x to be zero for SP math as others implementations ensure
unused words are zero
- exponentiate in constant time to the smallest number of words
possible
- no need to encode into separate buffer anymore as encoding is
constant time and front padded
- make requested_sz be the maximum size for the parameters and check
against agreeSz
- update agreeSz to be the maximum valid size instead of filling all
the buffer which may be many times too big
- fix SP result to front pad when doing constant time
2025-06-26 21:21:05 +10:00
Sean Parkinson a1442cf3a1 Merge pull request #8643 from kaleb-himes/KH-SRTP-REVIEW-rev1
Explicit API redirects for FIPS moving forward
2025-04-09 07:08:52 +10:00
kaleb-himes 8c0ef0b1f5 Explicit API redirects for FIPS moving forward 2025-04-07 11:06:52 -06:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Sean Parkinson 9d8a3cc352 TFM: explicit cast of -1 to fp_digit
When -1 is needed as an fp_digit, as a mask. cast to fp_digit.
2024-11-15 08:25:44 +10:00
John Safranek 17261467a6 Revert "FP SmallStack Fix"
This reverts commit 47e51400bb.

Turns out we don't want to put those fp_ints on the stack unless
absolutely necessary.
2024-09-24 09:19:43 -07:00
John Safranek 47e51400bb FP SmallStack Fix
The function _fp_exptmod_nct() is using WOLFSSL_NO_MALLOC to guard
using stack allocation vs malloc. It's twin function _fp_exptmod_ct()
is using WOLFSSL_SMALL_STACK for this. This is causing inappropriate use
of malloc() in a small stack environment. The no-malloc case will also
be kept so static memory and no-malloc fix still works.

1. Change the guards for `#ifndef WOLFSSL_NO_MALLOC` in the function
   `_fp_exptmod_nct()` to `#if defined(WOLFSSL_SMALL_STACK) &&
   !defined(WOLFSSL_NO_MALLOC)`.
2024-09-17 10:55:11 -07:00
Daniel Pouzzner 806df85477 backfill more missing WC_NO_ERR_TRACE()s on error code operands, and refactor away the obsolete GEN_MEM_ERR macro mechanism in wolfcrypt/src/ecc.c. 2024-09-03 17:44:11 -05:00
Daniel Pouzzner 0da78a7ee2 move several MP error codes from wolfssl/wolfcrypt/sp_int.h, wolfssl/wolfcrypt/tfm.h, and wolfssl/wolfcrypt/integer.h, to wolfssl/wolfcrypt/error-crypt.h, harmonizing their names and numbers.
wolfssl/wolfcrypt/error-crypt.h: add WC_FIRST_E.

wolfcrypt/src/error.c: add MP error code strings.

wolfssl/error-ssl.h: add WOLFSSL_FIRST_E and WOLFSSL_LAST_E.

wolfcrypt/test/test.c: update error_test() for new error code layout, refactoring the "missing" check.

src/internal.c: use WC_FIRST_E and WC_LAST_E  in wolfSSL_ERR_reason_error_string().

src/ssl.c: fix wolfSSL_ERR_GET_REASON() to identify in-range error codes using WC_FIRST_E, WC_LAST_E, WOLFSSL_FIRST_E, and WOLFSSL_LAST_E.

sp_int.h: provide for WOLFSSL_DEBUG_TRACE_ERROR_CODES, and refactor MP error codes as enums, for consistency with other error codes.

wolfcrypt/src/ecc.c: fix 2 identicalInnerCondition's.
2024-08-20 14:09:06 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
JacobBarthelmeh d71776aced coverity CID 352930, fix for out of bounds write 2024-03-17 23:31:37 +07:00
gojimmypi bebfb120d7 Enable TFM mp_sqr even when HAVE_ECC disabled 2024-03-13 16:36:30 -07:00
kaleb-himes f5670082b6 Windows doesn't like code before variables 2024-02-08 14:12:02 -07:00
Juliusz Sosinowicz be90fe073e tfm and integer: skip whitespace at end in radix read 2024-02-02 14:38:40 +01:00
Juliusz Sosinowicz 335c51987e openssh 9.6p1 fixes
- wolfSSL_DSA_set0_key: allow setting just the public key
- radix16: allow skipping the end of line whitespace
- Add openssh action
2024-02-01 11:39:56 +01:00
Chris Conlon fb6b022f42 Merge pull request #7020 from SparkiDev/ecc_gen_k_by_reject
ECC: generate values in range of order by rejection
2023-12-14 14:54:39 -07:00
Sean Parkinson 21f53f37a1 ECC: generate values in range of order by rejection
When generating private key and nonce for ECDSA, use rejection sampling.
Note: SP uses this algorithm
2023-12-12 14:55:56 +10:00
Eric Blankenhorn 27e93276de Check for neg size in fp_read_unsigned_bin 2023-12-07 14:26:12 -06:00
JacobBarthelmeh 61a2d2de3d Merge pull request #6955 from SparkiDev/rsa_dec_inv_blind_mul_mont
RSA private exponentiation: multiply blinding invert in Mont
2023-11-28 11:08:57 -07:00
gojimmypi 7e69030df1 Espressif ESP32-C3 ESP32-C6 ESP32-S2 Hardware Acceleration 2023-11-20 18:05:18 -08:00
Sean Parkinson d3448e2c1a RSA private exponentiation: multiply blinding invert in Mont
When blinding, multiply result of exponentiation my blinding invert in
Montgomery form to make code more constant time.
2023-11-17 15:19:51 +10:00
Andras Fekete 49b9764c52 Can guarantee not to modify arguments of mp_isodd and mp_iszero 2023-11-02 16:00:57 -04:00
gojimmypi 9398fa0736 Espressif HW Improvements (#6624)
* Espressif HW Improvements
* revised AES HW/SW fallback logic for ESP32
2023-09-19 08:21:13 -07:00
jordan df58c4dea7 tfm fp_exptmod_nct: handle special cases better 2023-07-15 10:00:50 -05:00
jordan 1afc0df83d tfm fp_exptmod_nct: set result to zero when base is zero 2023-07-14 13:57:29 -05:00
gojimmypi 57546405c0 refactor WROOM32 ESP32 2023-07-07 15:47:00 -07:00
Kareem fb9e036d5b Add NULL check in TFM's fp_forcezero. 2023-07-06 14:47:18 -07:00
Sean Parkinson e2424e6744 SM2/SM3/SM4: Chinese cipher support
Add support for:
 - SM2 elliptic curve and SM2 sign/verify
 - SM3 digest
 - SM4 cipher with modes ECB/CBC/CTR/GCM/CCM

Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
2023-07-04 13:36:28 +10:00
David Garske 70c3e84735 Merge pull request #6503 from SparkiDev/mp_test_tfm_mips
TFM: fix big endian reading a zero length buffer
2023-06-21 11:05:40 -07:00
Sean Parkinson e17f86d145 TFM: fix big endian reading a zero length buffer
Bail early as big endian implementation doesn't handle it.
2023-06-16 10:58:51 +10:00
Sean Parkinson 7153dd70a6 Math, Encrypted Memory: mod exp fix
The modular exponentiation implementations in sp_int.c and tfm.c are not
safe when using Encrypted Memory.
Cannot have two pieces of memory where one changes and the other doesn't
based on private value.
Use extra variable to hold the two new values and assign them both back
at the same time in a safe manner.

Alternative implementations used when WC_PROTECT_ENCRYPTED_MEM is
defined.
2023-06-16 07:28:47 +10:00
jordan db28d38ea3 Fix fastmath and heapmath invmod to be consistent with sp-math. 2023-06-02 22:11:44 -05:00
jordan 8254112c9b Fix out-of-bounds write in fp_mod_2d. 2023-04-18 10:51:38 -05:00
Daniel Pouzzner 49cd3ff872 wolfssl/internal.h: fixes for -Wpedantic "redefinition of typedef" around typedef ... TLSX and Options;
src/internal.c: fix for -Wdeclaration-after-statement and clang-diagnostic-unreachable-code-break;

tests/api.c: fix for -Wunused-variable and clang-analyzer-deadcode.DeadStores;

olfcrypt/src/pkcs12.c: fixes for cppcheck uselessAssignmentPtrArg and arrayIndexThenCheck, and clang-tidy clang-analyzer-deadcode.DeadStores and clang-analyzer-core.NonNullParamChecker;

wolfssl/src/tls.c: fix for clang-analyzer-deadcode.DeadStores;

wolfcrypt/src/tfm.c: fix for clang-diagnostic-newline-eof;

src/tls13.c: fix for clang-analyzer-core.NonNullParamChecker.
2023-03-21 22:52:56 -05:00
gojimmypi 30106d82ea replace fp_init_copy to appease some compilers 2023-03-08 20:37:19 -08:00
Jacob Barthelmeh eb0bf7cd03 build checks on mp_read_radix 2023-03-07 13:55:10 -07:00
Sean Parkinson e4c2386b61 BN compatibility API: move implementation out to separate API
BN APIs from ssl.c have been moved out to ssl_bn.c that is included in
ssl.c.
Added defines for BN_rand() and BN_pseudo_rand() to indicate which bits
are to be set.
'internal' field now always maps to the ;mpi' field that is a MP
integer.
SetIndividualInternal/External renamed to wolfssl_bn_get/set_value.
Fixed BN APIs to work as closely to OpenSSL as possible.
Added tests.
Moved wolfssl_make_rng out to ssl.c as BN APIs are using it now.
SP int and TFM now check trials are in a valid range for
mp_prime_is_prime_ex().
2023-03-06 14:32:10 +10:00
philljj 5b8fda1ac6 Fix overflow in fp_to_unsigned_bin_len length check. (#6075)
* Fix overflow in fp_to_unsigned_bin_len length check.
* Add a second check when i == a->used - 1.
2023-02-10 08:46:37 -08:00
Sean Parkinson 90e24d8ba5 DSA sign: use mp_to_unsigned_bin_len
mp_to_unsigned_len checks length and front pads with zeros.

Return MP_VAL when length is too small in all implemenations.
Make TFM implementation check length.
Add test case.
2023-01-23 09:14:24 +10:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Steffen Jaeckel f4e258d196 Generic changes
* fix compilation warning
* adjust SHA3-384 test error-codes
   The way the codes were constructed before, they were not unique.
* unify code
   Instead of having `ifdef`'s in the code, define our own wrapper around
   the keysource as required.
* add CMake option for help-text in wolfCrypt tests
* expose test `main()` as `wolfcrypt_test_main()`
* Don't overwrite previously set errors
* add FreeRTOS support for Xilinx demo
* move `fp_reverse` from `tfm.c` to `wolfmath.c` and rename to
  `mp_reverse`.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-09-29 09:39:57 -06:00
David Garske 606f58a851 Spelling and whitespace cleanups. 2022-09-23 13:58:58 -07:00
tim-weller-wolfssl 62766b0758 Updates to remove warnings and build issues found with IAR tools. Update test function / example to avoid memory leak. Update to pass error codes along rather than mask them at lower levels.
Make logic to avoid masking return error conditionally compiled based on STSAFE configuration

Update logic at second crypto-callback location to return error code rather than mask it
2022-09-21 14:16:49 -05:00