Commit Graph

1893 Commits (3cad38a1ca87fe794b726575d44b3e9d66b449e9)

Author SHA1 Message Date
Sean Parkinson b7c1e1cf35 Regression testing: fixes
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.

wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'

tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'

tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
2024-12-20 09:25:03 +10:00
JacobBarthelmeh d7e40e7413
Merge pull request #8264 from dgarske/various_20241206
Various cleanups and fixes
2024-12-13 13:48:10 -07:00
Daniel Pouzzner d257a59087 add support for WOLFSSL_NO_OPTIONS_H:
* activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o.
* refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG.
* add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H).
* for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c.
2024-12-10 13:02:37 -06:00
David Garske c4e319b092 Cleanup the gating for `WOLFSSL_NO_AES_CFB_1_8`. 2024-12-09 13:51:51 -08:00
David Garske 017f931f8b Various cleanups and fixes:
* Fix to properly set configure.ac LMS/XMSS enables and build of those code files.
* Remove duplicate aes.c `wc_AesSetKeyLocal` call to `wc_AesSetIV`. Moved earlier in function in commit a10260ca5f.
* Benchmark missing time.h with NO_ASN_TIME.
* Added option to support disabling AES CFB 1/8 `WOLFSSL_NO_AES_CFB_1_8`.
* Fixes for building with combinations of `WOLFSSL_RSA_VERIFY_ONLY` and `WOLFSSL_RSA_PUBLIC_ONLY`.
* Fix for building `--enable-stacksize=verbose` with single threaded.
* Various tab and formatting cleanups.
ZD 18996
2024-12-06 16:45:33 -08:00
JacobBarthelmeh 42afede3fc
Merge pull request #8235 from dgarske/fix_sp_rsa_publiconly
Fixes for building with SP RSA small and RSA Public only
2024-12-02 10:39:08 -07:00
David Garske 57e1bf9fba Fixes for building with SP RSA small and RSA Public only. ZD 18996 2024-11-27 13:26:45 -08:00
Daniel Pouzzner b65d3fff56 fixes for OPENSSL_COEXIST with FIPS and with/without TEST_OPENSSL_COEXIST. 2024-11-26 19:38:32 -06:00
Daniel Pouzzner bfeb0ad48e expand opensslcoexist to all low level crypto APIs. 2024-11-22 19:27:56 -06:00
Daniel Pouzzner d85c108952 wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: add WC_FAILURE ("wolfCrypt generic failure") with value -1, for traceable error return of -1 in wolfCrypt.
configure.ac: add OPENSSL_EXTRA to --enable-wolfsentry.

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, wolfssl/ssl.h: accommodate backward dependencies for wolfSSL_X509_NAME_add_entry_by_NID, wolfSSL_X509_NAME_free, and wolfSSL_X509_NAME_new_ex.

linuxkm/lkcapi_glue.c: if CONFIG_CRYPTO_MANAGER, assert match of CONFIG_CRYPTO_FIPS and HAVE_FIPS.

src/ssl_crypto.c, wolfcrypt/src/wc_lms.c, wolfcrypt/src/wc_lms_impl.c, wolfcrypt/src/wc_xmss.c, wolfcrypt/test/test.c: add missing casts for XMALLOC()s.

src/ssl_crypto.c: in wolfSSL_AES_decrypt(), fix gate for wc_AesDecryptDirect() return type.

wolfcrypt/test/test.c: smallstack refactor in test_dilithium_decode_level().

tests/api.c: fix uninited vars and "embedding a directive within macro arguments is not portable" in test_wc_dilithium_der().
2024-11-21 21:59:26 -06:00
Brett Nicholas cceeb776f7 gate dilithium OID autodetection on FIPS 204 draft mode 2024-11-21 09:38:11 -08:00
David Garske 18f52b2573
Merge pull request #8177 from bigbrett/dilithium-get-algo-from-der
ML-DSA/Dilithium: obtain security level from DER when decoding
2024-11-19 07:32:39 -08:00
Brett Nicholas 48dcbe9caf fix typo in comment 2024-11-18 16:50:35 -07:00
Brett Nicholas d50fb63071 add macros for dilithium DER export buffer sizes 2024-11-18 16:14:26 -07:00
Brett Nicholas 63deea57e0 properly protect test.c calls to dilithium public/private API 2024-11-18 15:47:00 -07:00
Daniel Pouzzner ebfde75d91 fixes for misspelled/malformed macro names, and add missing BUILD_AESCCM setup in wolfssl/internal.h 2024-11-15 15:33:51 -06:00
Brett Nicholas f672105d55 - Move automatic OID detection from Dilithium code into ASN code 2024-11-13 15:31:59 -07:00
Daniel Pouzzner 0ebd86d668 add second wolfCrypt error code span, and add DEADLOCK_AVERTED_E. 2024-11-13 13:01:00 -06:00
Brett Nicholas 0e6ac11d15 - Add ability to obtain Dilithium security level (parameters) from a DER
encoded key based on the algorithm type OID
- Add test coverage for decoding DER keys without level specified
2024-11-12 14:19:12 -07:00
Daniel Pouzzner 165b4afbeb
Merge pull request #8143 from SparkiDev/kyber_plus_mlkem
Kyber/ML-KEM: make both available
2024-11-09 00:09:51 -06:00
Daniel Pouzzner aa18bbca55 assorted cleanups and refactors for C89 conformance, codespell and check-source-text, and consistent heap shim usage.
.github/workflows/codespell.yml: remove */README_jp.txt from "skip" list.

IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt: convert from SHIFT_JIS to UTF-8.

cmake/options.h.in: use "#cmakedefine HAVE_PTHREAD 1" to avoid conflict with config.h.

configure.ac: add --enable-c89, and remove !ENABLED_OPENSSLEXTRA dependency from AM_CONDITIONAL([BUILD_CRYPTONLY],...).

wolfcrypt/src/asn.c: refactor SetOthername() for efficiency, and add PRAGMA_GCC to suppress false positive -Wstringop-overflow associated with -fstack-protector.

wolfssl/wolfcrypt/rsa.h: add WC_ prefixes to RSA_PKCS1_PADDING_SIZE and RSA_PKCS1_OAEP_PADDING_SIZE, and define unprefixed compat aliases only if !OPENSSL_COEXIST.

wolfssl/wolfcrypt/types.h:

  #ifdef WOLF_C89, #define WC_BITFIELD unsigned;
  enhance WOLF_ENUM_DUMMY_LAST_ELEMENT() to include the line number, to construct unique labels given a per-filename argument, to accommodate anonymous enums.

examples/asn1/asn1.c:
examples/client/client.c:
examples/pem/pem.c:
examples/server/server.c:
wolfcrypt/src/sp_dsp32.c:
wolfcrypt/src/wc_port.c:
wolfssl/test.h:

  use XMALLOC/XREALLOC/XFREE consistently, not malloc/realloc/free.

wolfcrypt/benchmark/benchmark.c:
wolfcrypt/src/memory.c:
wolfcrypt/test/test.c:
wolfssl/wolfcrypt/mem_track.h:
wolfssl/wolfcrypt/settings.h:
wolfssl/wolfcrypt/types.h:

  annotate intentional native heap access with "/* native heap */".

wolfcrypt/src/asn.c:
wolfssl/callbacks.h:
wolfssl/openssl/ec.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/hpke.h:
wolfssl/wolfcrypt/types.h:

  fix enum trailing commas.

wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/rsa.h:
wolfssl/openssl/ssl.h:

  use WC_BITFIELD in bitfield elements, not byte or word16, to allow for pedantic C89 conformant builds.

wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/pem.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/logging.h:
avoid variadic macros wherever possible, and where unavoidable, #ifdef WOLF_NO_VARIADIC_MACROS, define them with empty arg lists, rather than ..., to support Watcom compiler.

wolfssl/wolfcrypt/settings.h: if defined(__WATCOMC__), define WOLF_NO_VARIADIC_MACROS.
2024-11-07 22:36:24 -06:00
Sean Parkinson 7d42ddae48 Kyber/ML-KEM: make both available
Make Kyber and ML-KEM individually available as well as at the same
time.
Modified TLS layer to support both Kyber and ML-KEM.
Added new identifiers in TLS layer for ML-KEM.
2024-11-04 23:51:51 +10:00
David Garske 836b741402
Merge pull request #8132 from douzzer/20241024-opensslcoexist-opensslextra
20241024-opensslcoexist-opensslextra
2024-11-01 14:34:11 -07:00
Sean Parkinson 24003b265a
Merge pull request #8129 from bigbrett/curve25519-generic-keyparsing
Curve25519 generic keyparsing
2024-11-01 09:04:50 +10:00
Sean Parkinson 76e421b557
Merge pull request #8118 from bigbrett/wc-test-ecc-zero-digest-disable
wolfcrypt tests: disable ecc sign/verify of all zero digest
2024-11-01 09:03:39 +10:00
David Garske 652f7059ce
Merge pull request #8061 from wolfSSL/NDS_fix
Libnds : Added more descriptive README for IDE/NDS and MelonDS C-flag
2024-10-31 14:53:22 -07:00
Brett Nicholas aafd07d79a remove ECC_SHAMIR macro protection for ECC sign/verify of zero digest 2024-10-31 14:20:57 -06:00
Brett Nicholas 325221707c address review feedback 2024-10-31 13:02:21 -06:00
Brett Nicholas 17c7b6cc3a moved some macro logic from test.c to settings.h 2024-10-31 10:51:51 -06:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
Brett Nicholas 20cf6b74c1 fix curve25519 test sanitizer errors 2024-10-30 14:02:38 -06:00
Brett Nicholas 62d7e90352 added additional curve25519 generic test 2024-10-30 12:56:10 -06:00
Brett Nicholas 97a370ed08 added generic curve25519 encode/decode functions that can handle combined keypairs 2024-10-30 09:37:16 -06:00
Brett Nicholas cac11e3d09 add non-feature-specific macro to disable ECC sign/verify of all-zero digest 2024-10-28 12:22:10 -06:00
Daniel Pouzzner 6e14889758
Merge pull request #8094 from JacobBarthelmeh/coverity
minor fixes for Coverity reports
2024-10-23 11:26:33 -05:00
JacobBarthelmeh f21a763ae9 return out of test function if failing RNG init 2024-10-22 14:22:46 -06:00
JacobBarthelmeh 18150a11aa CID 426062,426063 initialization and free check 2024-10-22 00:24:29 -06:00
jordan 5690af82dc wolfcrypt test: fix double free. 2024-10-21 15:57:24 -05:00
Daniel Pouzzner 996986d0c1 refactor wc_AesDelete, wc_curve25519_delete, wc_ed25519_delete, wc_HashDelete, and wc_DeleteRsaKey to take two arguments, the first a required pointer to the object, the second an optional pointer to the pointer to be zeroed upon successful deletion, for the benefit of calling from C# without unsafe code.
wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs: update for new calling conventions around wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey, and the corresponding delete functions.
2024-10-18 21:13:38 -05:00
Daniel Pouzzner f44d12026a wolfssl/wolfcrypt/{aes.h,curve25519.h,ed25519.h,hash.h,rsa.h}: remove unneeded .isAllocated member from struct definitions, and add int *result_code argument to constructor prototypes;
wolfssl/wolfcrypt/aes.h: add Aes.streamData_sz;

src/tls13.c: fix devId passed to wc_HmacInit() in CreateCookieExt() and TlsCheckCookie();

src/keys.c: in SetKeys(), call wc_HmacInit() on hmacs only if newly allocated;

wolfcrypt/src/aes.c:
* in wc_Gmac(), wc_GmacVerify(), and AesSivCipher(), use wc_AesNew() and wc_AesDelete();
* in wc_AesInit(), zero the object on entry, and remove superseded piecemeal initializations to zero;
* in wc_AesFree(), zero aes->streamData, and zero the entire object as final cleanup;

wolfcrypt/src/curve25519.c: in wc_curve25519_free(), zero the entire object rather than zeroing piecemeal;

wolfcrypt/test/test.c:
* add fallback implementations (for old FIPS) of wc_HashNew(), wc_HashDelete(), wc_curve25519_new(), wc_curve25519_delete(), wc_ed25519_new(), and wc_ed25519_delete();
* update constructor calls throughout for new semantics;
* refactor ed25519_test() for proper cleanup and error encoding.
2024-10-18 17:49:28 -05:00
Daniel Pouzzner 984d16b727 refactor wolfcrypt constructors:
add delete APIs, matching recently added wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey:
* wc_AesDelete()
* wc_HashDelete()
* wc_DeleteRsaKey()
* wc_curve25519_delete()
* wc_ed25519_delete()

* remove handling in corresponding preexisting free APIs for recently added .isAllocated member -- this restores preexisting semantics;

* add WC_NO_CONSTRUCTORS gate, and auto-activate it when NO_WOLFSSL_MEMORY && WOLFSSL_NO_MALLOC (unless preempted by XMALLOC_USER or XMALLOC_OVERRIDE);

* exclude recently added .isAllocated members from wolfcrypt structs when defined(WC_NO_CONSTRUCTORS);

* adjust wolfcrypt/test/test.c for consistency with the above, and fix cleanup codes/dynamics in several tests.
2024-10-17 18:48:07 -05:00
jordan d6fe15af8c coverity: check mp_sub_d return values. 2024-10-16 11:23:33 -05:00
Daniel Pouzzner 4fd33b6b5d
Merge pull request #8014 from SparkiDev/lms_sha256_192
LMS: SHA-256/192 parameters
2024-10-15 17:24:46 -05:00
Sean Parkinson ae46f52a66 LMS: SHA-256/192 parameters
Add support for parameter sets with SHA-256/192.
2024-10-16 07:15:18 +10:00
philljj 6cde74436e
Merge pull request #8065 from douzzer/20241010-WOLFSSL_NO_MALLOC
20241010-WOLFSSL_NO_MALLOC
2024-10-15 17:03:25 -04:00
jordan f5074772da infer: fix more uninitialized value errors. 2024-10-15 12:41:09 -05:00
Daniel Pouzzner 0d5d05d44d more WOLFSSL_NO_MALLOC fixes:
wolfcrypt/src/dh.c: in wc_DhGenerateParams(), use named constant for buf size, and only XFREE it if !WOLFSSL_NO_MALLOC;

wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h: in wc_ecc_new_point_ex(), remove !WOLFSSL_NO_MALLOC gate around XMALLOC(), and if XMALLOC()ed, set ecc_point.isAllocated, then in wc_ecc_del_point_ex, XFREE() iff ecc_point.isAllocated;

wolfcrypt/src/pkcs7.c: in wc_PKCS7_RsaVerify(), when WOLFSSL_NO_MALLOC, jumbo-size the digest buffer to cope with in-place dynamics in RsaUnPad();

wolfcrypt/test/test.c: add !WOLFSSL_NO_MALLOC gates around various XFREE()s of objects that are on the stack in WOLFSSL_NO_MALLOC builds;

wolfssl/wolfcrypt/types.h: add an unconditional include of memory.h (itself guarded against multiple inclusion) to assure availability of WC_DEBUG_CIPHER_LIFECYCLE prototypes/macros.
2024-10-14 14:21:29 -05:00
Daniel Pouzzner 886ebb6ec0 fixes for enable-all-crypto enable-cryptonly WOLFSSL_NO_MALLOC:
wolfcrypt/src//asn.c: add stack buffer codepaths in ParseKeyUsageStr(), SetKeyIdFromPublicKey(), and EncodePolicyOID;

wolfcrypt/src/dh.c: add stack buffer codepath in wc_DhGenerateParams();

wolfcrypt/src/ecc.c: add always-fail codepath to find_hole() to preempt heap allocation attempts;

wolfcrypt/test/test.c: gate out several heap-dependent subtests when defined(WOLFSSL_NO_MALLOC), and add a stack buffer codepath in ed448_test();

wolfssl/wolfcrypt/types.h: harmonize macro definitions of XFREE() to use do { ... } while (0) wrappers to assure syntactic indivisibility.
2024-10-14 14:21:28 -05:00
Jack Tjaden 864eaaeef9 Added more discriptive README for NDS and MelonDS C-flag 2024-10-10 12:50:09 -06:00
Daniel Pouzzner bcc65a09ca wolfcrypt/test/test.c: harmonize gating for hpke_test() and berder_test(), so that --enable-all-crypto passes -DWOLFCRYPT_TEST_LINT. 2024-10-10 01:06:05 -05:00
Daniel Pouzzner b5475f3d81 wolfcrypt/test/test.c: add WOLFSSL_WOLFCRYPT_TEST_LINT, allowing testing for -Wunused-function in enable-all configurations. No functional changes, but several missing or inconsistent gates fixed. 2024-10-10 00:25:39 -05:00
Daniel Pouzzner 8b2a26a691
Merge pull request #8054 from bandi13/fixUncalledTest
Test was never called
2024-10-10 00:00:07 -05:00
Daniel Pouzzner 74d14d9687 wolfcrypt/test/test.c: fix for FIPS <6.0.0 with WOLFSSL_SMALL_STACK. 2024-10-09 16:40:48 -05:00
Andras Fekete d3f143aa2a Test was never called 2024-10-09 09:20:17 -04:00
David Garske 59389a0ef5 Fix possible AES leaks detected with sanitizer and clang-tidy. 2024-10-05 11:52:22 -07:00
David Garske b9de3bbf1a Fixes for memory leaks in test.c with wc_AesNew and wc_HashNew. 2024-10-05 11:44:59 -07:00
David Garske 7989dd8713 Refactor the AES ECB/Direct, CBC and CTR tests. 2024-10-05 11:44:58 -07:00
Aidan Garske e10c943bf3 wolfCrypt CSharp Wrapper:
* Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
* Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
* Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
* Fixes for several scan-build warnings.
2024-10-05 11:44:58 -07:00
Daniel Pouzzner a25c0244a7 wolfssl/wolfcrypt/types.h: refactor static_assert*() as wc_static_assert*() to avoid conflicts with target-native static_assert(), and add additional coverage for C23 and MSVC C11.
wolfcrypt/test/test.c: in render_error_message(), in tests for strerror_r(), test for __USE_GNU.
2024-10-04 16:41:33 -05:00
jordan c3410f2cb8 dilithium: support building dilithium with wolfboot. 2024-10-03 16:38:12 -05:00
Daniel Pouzzner e814d1baea
Merge pull request #8016 from SparkiDev/dilithium_draft_final_fix
Dilithium: Final and draft available in one build
2024-10-02 14:02:00 -05:00
Reda Chouk 10f0885d88
Merge branch 'master' into fix-conversion 2024-10-02 17:14:06 +02:00
Sean Parkinson 50bbdbbe42 Dilithium: Final and draft available in one build
Make draft version of ML-DSA compiled in with final.
Use WC_ML_DSA_44_DRAFT, WC_ML_DSA_65_DRAFT and WC_ML_DSA_87_DRAFT for
the level to get the draft implementation.
2024-10-02 22:23:25 +10:00
JacobBarthelmeh 45b88048c2 make macro unique to wolfSSL 2024-09-25 15:59:57 -06:00
JacobBarthelmeh d72c0b372c
Merge pull request #7990 from buchstabenwurst/master
Add support for (DevkitPro)libnds
2024-09-25 15:52:34 -06:00
JacobBarthelmeh 79b5ec86f6
Merge pull request #8015 from gojimmypi/pr-mp_read_radix
gate test mp_read_radix on OPENSSL_EXTRA or !NO_DSA or HAVE_ECC
2024-09-25 11:35:57 -06:00
jordan e5109b3f41 misc cleanup: extra spaces, typos. 2024-09-25 09:51:48 -05:00
gojimmypi 393072037a
gate test mp_read_radix on OPENSSL_EXTRA || !NO_DSA || HAVE_ECC 2024-09-24 17:23:04 -07:00
Joshua Okeleke 1896b47399 Change comment style 2024-09-24 16:35:29 +02:00
JacobBarthelmeh 554d52b069
Merge pull request #7777 from night1rider/MAX32666-port
MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback Support
2024-09-20 17:14:34 -06:00
Daniel Pouzzner 55cd8a800f FIPS v5 gating fixes:
configure.ac:
* fix logic in "Forcing off" test expressions, first flubbed in 19106a9510;
* fix auto-enable of compkey to exclude v5 even if v5-dev.

src/tls13.c: fix gating for HKDF _ex() variants (>=6.0, not >=5.3).

wolfcrypt/src/error.c: snip out stray spaces at start of several ECC error message strings.

wolfcrypt/test/test.c:
* in render_error_message(), use wolfSSL_ERR_reason_error_string() if available rather than wc_GetErrorString(), to render non-wolfcrypt error strings;
* in ecc_test_deterministic_k(), ecc384_test_deterministic_k(), ecc521_test_deterministic_k(), on FIPS <6.0, gate out SHA384 and SHA512 tests (FIPS v5 only supports SHA256 in wc_ecc_gen_deterministic_k());
* in cmac_test(), gate use of wc_AesCmacGenerate_ex() and wc_AesCmacVerify_ex() on >=6.0, not >=5.3.
2024-09-20 13:53:36 -05:00
night1rider 1cb324affa Expanding mutexing and Adding in AES Callbacks for HW 2024-09-20 09:42:53 -06:00
Daniel Pouzzner 212708e3b4 wolfssl/wolfcrypt/ecc.h and wolfcrypt/src/ecc.c: refactor ecc_sets and ecc_sets_count using accessor functions, to fix linker relocation errors in Fedora packaging test. 2024-09-19 17:03:07 -05:00
Joshua Okeleke 337456cc1e Add support for (DevkitPro)libnds 2024-09-18 21:27:53 +02:00
Reda Chouk 949565f156
Merge branch 'wolfSSL:master' into fix-conversion 2024-09-18 17:16:48 +02:00
Reda Chouk be88ddda15 more Wconversion fixes: api/test* block 2024-09-18 16:53:39 +02:00
András Fekete 9666394b73
Merge pull request #7977 from billphipps/have_rsa_fix
Update to remove HAVE_RSA references.  Correct NO_MALLOC RSA test bug.
2024-09-16 16:26:26 -04:00
Bill Phipps 92f3a808b0 Update to remove HAVE_RSA references. Correct NO_MALLOC RSA test bug. 2024-09-16 13:29:38 -04:00
Sean Parkinson e6b466dd71
Merge pull request #7923 from embhorn/rsa2048_min
Set RSA_MIN_SIZE default to 2048 bits
2024-09-16 21:38:19 +10:00
Daniel Pouzzner 4545a9b4a2
Merge pull request #7960 from night1rider/mmcau-DesEcb
DES ECB using mmcau HW Library, and DES ECB basic test
2024-09-14 00:07:18 -05:00
Eric Blankenhorn 91e411b4b9 Set RSA_MIN_SIZE default to 2048 bits 2024-09-13 16:02:05 -05:00
David Garske 20e2e33e25
Merge pull request #7939 from SparkiDev/thumb2_poly1305
undefined
2024-09-12 11:15:53 -07:00
Siert Wieringa 9e2a7b3653
Feature/multiple aes siv ads (#7911)
* Proposed new interface for AesSivEncrypt with number of ADs != 1.

* Implement AES SIV S2V computation with a number of ADs not equal to 1.

* Add Example A.1 from RFC5297 to AES SIV test vectors.

* Add tests for new AES SIV interface, and add test vectors for examples given in RFC5297.

* Include the nonce in count of maximum number of ADs.

* Addressing review comments.

* Addressing review comments: Use uppercase 'U' suffix on unsigned constant.

* Rename local variables named 'ad0' to 'ad', since the zero makes no sense, especially since in the RFC 5297 document they're actually counting the ADs from 1.
2024-09-12 07:55:29 -07:00
Sean Parkinson 27033c225f Thumb-2 ChaCha, Poly1305: implemention in assembly
Implementation of ChaCha algorithm for ARM Thumb-2.
Implementation of Poly1305 algorithm for ARM Thumb-2.
2024-09-12 10:59:01 +10:00
night1rider e912aff7e5 DES ECB using mmcau HW Library, and DES ECB basic test 2024-09-09 15:32:21 -06:00
Daniel Pouzzner 49a680540c add constant time DH key agreement APIs:
* adds wc_DhAgree_ct().
* adds wolfSSL_DH_compute_key_padded(), using wc_DhAgree_ct() if available, with fallback fixup code.
* adds unit test coverage in api.c:test_wolfSSL_DH() for expected-success calls to wolfSSL_DH_compute_key() and wolfSSL_DH_compute_key_padded().
2024-09-09 16:24:07 -05:00
David Garske 80a63a3fce
Merge pull request #7924 from anhu/pqm4_purge
Get rid of pqm4 in favour our own Kyber/MLDSA implementation
2024-09-06 12:00:26 -07:00
Daniel Pouzzner a31733db85
Merge pull request #7909 from SparkiDev/dilithium_fips204_draft
Dilithium: Support FIPS 204 Draft
2024-09-04 14:34:59 -05:00
David Garske 7c7de235d8
Merge pull request #7937 from douzzer/20240903-missing-WC_NO_ERR_TRACEs
20240903-missing-WC_NO_ERR_TRACEs
2024-09-04 08:07:19 -07:00
Daniel Pouzzner b26fa6cf59
Merge pull request #7918 from SparkiDev/type_conversion_fixes_3
Type conversion fixes
2024-09-03 20:18:00 -05:00
Daniel Pouzzner 806df85477 backfill more missing WC_NO_ERR_TRACE()s on error code operands, and refactor away the obsolete GEN_MEM_ERR macro mechanism in wolfcrypt/src/ecc.c. 2024-09-03 17:44:11 -05:00
Sean Parkinson ed7beb4e0e Type conversion fixes
Changes to get compilation with -Wconversion passing on the files.
2024-09-02 19:19:23 +10:00
Juliusz Sosinowicz 2c9a3c5c1c Missing libspdm features
- RsaFunctionPrivate: detect when only n,e,d are available
- wolfSSL_EVP_add_digest: return success
- wolfSSL_EVP_add_cipher: return success
- wolfSSL_BN_bin2bn: accept NULL data if len is 0 (checked in mp_read_unsigned_bin)
- wolfssl_read_bio: advance correct bio
- wolfSSL_X509_set_ext: return raw extension data for BASIC_CA_OID
- Implement
  - sk_X509_EXTENSION_free
  - d2i_EC_PUBKEY_bio
  - d2i_RSA_PUBKEY_bio
  - d2i_X509_REQ_INFO
  - X509_REQ_INFO_free
  - ASN1_TIME_set_string_X509
2024-09-02 10:01:12 +02:00
Anthony Hu 844d0ec558 Get rid of pqm4 in favour our own Kyber/MLDSA implementation 2024-08-29 13:23:39 -04:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
Sean Parkinson 652158fcac Dilithium: Support FIPS 204 Draft
Compile with WOLFSSL_DILITHIUM_FIPS204_DRAFT to get code that implements
the FIPS-204 August 2023 DRAFT.
Alternatively, --enable-dilithium=draft or
--enable-dilithium=fips204-draft
2024-08-28 11:02:01 +10:00
Eric Blankenhorn dcea21a9a5
Merge pull request #7897 from douzzer/20240823-WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
20240823-WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
2024-08-27 15:41:20 -05:00
Sean Parkinson 60f438f0c3 Dilithum, Kyber: Update to final specification
FIPS 203 and FIPS 204 final specification changes.
2024-08-26 17:42:27 +10:00
Daniel Pouzzner 7725e75c42 add WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS flag for optional errcode tracing in apps, define it in wolfcrypt/test/test.c when defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES), and deploy WC_NO_ERR_TRACE() to test.c where needed. 2024-08-23 16:35:43 -05:00
Daniel Pouzzner 2448d482f4 wolfssl/wolfcrypt/error-crypt.h: move MPI error codes to range {-97, -100} to avoid collisions. 2024-08-20 23:37:21 -05:00