Commit Graph

87 Commits

Author SHA1 Message Date
JacobBarthelmeh 6f1fe2e4b9 add sanity check on des cbc decrypt, CID 512990 2025-05-08 13:50:02 -06:00
Daniel Pouzzner ed5d8f8e6b update several files in wolfcrypt/src/port/arm to include libwolfssl_sources.h;
update wolfcrypt/src/port/af_alg, wolfcrypt/src/port/devcrypto, and wolfcrypt/src/port/kcapi to include libwolfssl_sources.h;

remove a slew of includes across lib sources made redundant by libwolfssl_sources.h.
2025-04-11 13:57:23 -05:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Andrew Hutchings 5d0ee8c9f3 Initial support for STM32MP13 HAL
This adds support for the STM32MP13 HAL, tested on the STM32MP135F MPU.

Using the HAL this modifies our previous RNG, AES-CBC, AES-GCM, HASH,
ECDSA and DES3 ST HAL acceleration to work with the MPU. It also works
around bugs found in the AES-GCM code of the HAL.

The HAL does not appear to have support for MD5 HASH at the moment, so
this has been given a flag to disable it on this MPU.
2024-11-26 14:15:57 +00:00
night1rider e912aff7e5 DES ECB using mmcau HW Library, and DES ECB basic test 2024-09-09 15:32:21 -06:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Daniel Pouzzner b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
kaleb-himes e45867bbc3 WIN fips section refactor / wolfEntropy API syntax adjustment 2024-04-09 09:48:33 -06:00
Andras Fekete ad9779cdc1 Explicitly define code with WOLFCRYPT_ASYNC_CRYPT_SW 2023-09-19 13:10:16 -04:00
Andras Fekete b31e485dc9 Remove 'HAVE_FIPS_VERSION < 2' blocks 2023-08-02 17:08:03 -04:00
Andras Fekete 25f542adb4 Clean up compile errors 2023-08-01 15:46:18 -04:00
Sean Parkinson ed01b14356 cppcheck: fixes from scan
wolfssl_sce_unit_test.c:
  sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
  wolfSSL_i2t_ASN1_OBJECT(): done is not needed
  MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
  Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
  KcapiRsa_Decrypt(): fix ret check by using else
  KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
  KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
  XFREE checks for NULL

Reduce scope of varialbes.
Condition same.
2023-06-07 17:27:51 +10:00
Juliusz Sosinowicz b91f3063ea Use xorbuf in 3des for FREESCALE_MMCAU 2023-04-19 17:05:03 +02:00
Daniel Pouzzner 4b9302cdb3 another batch of -Wconversion fixes. 2023-04-18 12:23:24 -05:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Hayden Roche 959386422e Migrate async names from "test" to "software."
See async PR 52.
2022-09-01 17:53:18 -07:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Sean Parkinson 59e19cfd6c Merge pull request #5258 from dgarske/stm32u5_bench
Fixes for STM32 Hash/PKA and additional benchmark
2022-06-20 08:33:25 +10:00
David Garske 92fcea39db Fix for DES3 with STM32 and STM32_CRYPTO_AES_ONLY (broken in #5223) . Add U5 PKA support and benchmarks. Fix MD5 with OPENSSL_EXTRA and HAVE_MD5_CUST_API. 2022-06-17 11:50:29 -07:00
Sean Parkinson 1b29f7353a Check memory is zeroized
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.

wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.

Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
2022-06-16 10:22:32 +10:00
David Garske fb10c90935 Fix for Cube HAL v2 back-to-back DES/DES3. Whitespace. Enable the new FIFO 16 block logic for all hardware that supports it. 2022-06-14 11:48:51 +02:00
David Garske c52c2e5dfb Fixes for STM32H7 hash and crypto. 2022-06-14 11:48:51 +02:00
David Garske ad3f7e1de2 The STM32U5 does not support DES3 or AES 192-bit (only 128/256 bit) 2022-06-14 11:48:51 +02:00
Eric Blankenhorn 29c18a110b Fix to init ctx in wc_Des3_SetKey 2021-12-22 17:05:58 -06:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
John Safranek df859d30f3 FIPS 140-3
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
   testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
   EccMakeKey().
2021-10-26 20:24:24 -05:00
John Safranek f1bd79ac50 FIPS 140-3
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
Daniel Pouzzner ec21dd6d13 miscellaneous buildability fixes:
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;

wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);

configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;

configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;

tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;

tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);

wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;

wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;

src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
2021-09-20 13:38:52 -05:00
Elms 3a885aba23 Refactor pointer manipulation to be independent of datatype width
Tested with `./configure CFLAGS="-DNO_64BIT" --disable-sha512
--disable-sha384 --enable-harden` on a 64-bit machine
2021-06-15 21:08:49 -07:00
Sean Parkinson 2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
Jacob Barthelmeh c729318ddd update copyright date 2021-03-11 13:42:46 +07:00
David Garske ea5af87de3 Revert of uint32_t and uint8_t changes in PR #3658, which caused warnings. 2021-01-19 13:54:26 -08:00
Sean Parkinson ac76ef8ee7 Curve25519: replace uint64_t with word64
Remove usages of stdint.h types
Added a sword type for signed words.
2021-01-18 17:30:36 +10:00
Martin Akman 1f8d4149a5 Merge in master 2020-07-23 21:39:18 +10:00
David Garske 13e6462ea7 Fixes for build with STM32 Standard Periperal Library (StdPeriLib). 2020-05-19 17:42:36 -07:00
Sean Parkinson 411aee6e05 Fixes from cppcheck
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
2020-04-08 09:46:22 +10:00
Martin Akman 20c0beb9e5 'WOLFSSL_USE_FLASHMEM' to store constant tables in flash memory 2020-01-31 23:43:17 +10:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
David Garske b676c69561 Fix for DES mutex return code. Fix TLS bench thread shutdown. README.md updates. 2019-11-18 06:46:20 -08:00
David Garske 27d95d1dfd Add mutex protection on STM32 RNG, AES/DES and Hashing crypto hardware calls for thread safety. Fixes #2580 2019-11-15 12:08:11 -08:00
David Garske 7386bd4df1 Fixes for building with ./configure --enable-asynccrypt --enable-all CFLAGS="-DWC_ASYNC_NO_CRYPT" 2019-10-22 13:37:16 -07:00
David Garske 5c07391f1b Various fixes for asynchronous mode:
* Fix for AES CBC issue with IV (QAT only).
* Fix for test cases with QAT.
* Remove poorly placed debug for AES CFB.
2019-10-15 11:18:55 -07:00
John Safranek 9a5eb1bb67 Synchronous Quick Assist Support for Sniffer
1. Add configure option for sync IntelQA that uses the crypto callback API.
2. Refactor the IntelQA configure checks so they are usable by both the sync and async options.
3. Make a synchonous copy of the quickassist files.
4. Replace the printfs in the code with a logging macro.
5. Added padding to the AES_KEY structure for WOLF_CRYPTO_CB.
6. Tie in the crypto device to the sniffer.
7. When setting up the symmetric operation, add a build case for the sniffer to use malloc instead of realloc. Sniffer usually uses the middle of another buffer for the input data rather than the beginning of the buffer as it has the TCP/IP data to handle as well.
8. Add the raw key to the DES3 structure.
9. Copy the functions from qa_mem over to qa_sync.
2019-10-02 10:08:46 -07:00
David Garske d5f3fa2ff8 Added DES3 Crypto callback support. 2019-07-02 10:15:53 -07:00
John Safranek 246c444b93 Updates for v4.0.0
Update the copyright dates on all the source files to the current year.
2019-03-15 10:37:36 -07:00
John Safranek 586874b997 Rename INLINE
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
2018-06-26 15:17:46 -07:00
John Safranek 90a5bde0f2 FIPS Revalidation
1. Update the const data and code segment tags for the Windown builds.
2018-05-16 15:47:12 -04:00
John Safranek f6fe3744a7 FIPS Update
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-05-16 15:47:12 -04:00