tweak several #includes of settings.h to include types.h instead (all of these are for clarity, as types.h is indirectly included by later #includes), and add #include <wolfssl/wolfcrypt/types.h> where missing;
remove trailing semicolons from PRAGMA*() macro invocations as they are unneeded and can be harmful (inducing frivolous -Wdeclaration-after-statement etc.).
Address PR comments + other cleanup
Addressing PR comments
Minor change
Make sure the last line gets output as well
Add in ARIA SHA256 session to internal structure
Add in ARIA SHA384 session to internal structure
Add necessary function for ARIA to extract key
Fix unit tests
Rename HAVE_ARIAGCM to HAVE_ARIA
Move aria.* to wolfcrypt/port/aria
Separate out aria-crypt init functions
Adding in ECC+SHA callbacks
Avoid using AC_CHECK_FILE
Rename Aria to wc_Aria
Don't need special cases
Addressing PR comments
Code cleanup
C89 support
Remove TODO
Add documentation about buffer size
Clean up header files
Use ARIA_DEVID by default if available
Dummy update call to make MagicCrypto happy
Fix for detecting what algo type to use
Documentation
Use the appropriate sign/verify
Collect MagicCrypto functions together (and avoid leaks)
Fall back on other implementations on failure
Fix issue when compiling without CRYPTOCB
Addressing PR comments
Better cleanup
Addressing PR comments
Cleaner exit in case of error
Add support for:
- SM2 elliptic curve and SM2 sign/verify
- SM3 digest
- SM4 cipher with modes ECB/CBC/CTR/GCM/CCM
Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
Fix: ./configure --disable-shared --enable-smallstack --enable-all
CFLAGS=-DNO_ASN_TIME
Don't compile mp_test when compiling for SP Math All and RSA
verification only - very few functions available.
ssl.c:
wolfSSL_Rehandshake(): wolfSSL_UseSessionTicket only available when
not NO_WOLFSSL_CLIENT
api.c:
test_wolfSSL_ticket_keys(): meant to be tested on server
* set dev ID with signature check
* refactor devId use and add API to set devId in WOLFSSL_CERT_MANAGER structure
* add api.c call to set devid with WOLFSSL_CERT_MANAGER
* resolving devID CRL issue and CM pointer
* add device find callback
* add simple test case
- Add CONFIG_PTHREAD_IPC when using threads
- Add logging config suggestions
- test.c: fix undefined `ret` error
- Increase stack size for samples
- Ignore ASN_BEFORE_DATE_E in examples
- wc_port.h: add missing posix thread includes
- wc_port.h: move definitions to relevant section
- benchmark.c: fix missing `arc` and `argv` errors
- benchmark.c: fflush does not work on stdout in Zephyr
- Update z_fs_open implementation to support flags
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
* Add introspection for math build.
* Raise build error if more than one multi-precision math library used.
* Fix ESP32 to support using any multi-precision math option.
* Refactor math headers to use `wolfmath.h`
* Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32).
* Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`.
* Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings.
Applies To:
```
WOLFSSL_ESPWROOM32
WOLFSSL_ESPWROOM32SE
MICROCHIP_PIC32
WOLFSSL_PICOTCP_DEMO
WOLFSSL_UTASKER
WOLFSSL_NRF5x
FREERTOS_TCP
WOLFSSL_TIRTOS
EBSNET
FREESCALE_COMMON
FREESCALE_KSDK_BM
WOLFSSL_DEOS
MICRIUM
WOLFSSL_SGX
```
* wolfcrypt/test/test.{c,h}: refactor to capture and encode error retvals using WC_TEST_RET_*() macros (based on line numbers), and print line and return code in err_sys().
* wolfcrypt/test/test.h: cast back to int in WC_TEST_RET_ENC(), to fix MSVC warning.
* configure.ac: add shake128 and shake256 to enable-all and enable-all-crypto;
* wolfcrypt/benchmark/benchmark.c: fix gating for bench_shake128() from !defined(WOLFSSL_NO_SHAKE128) to defined(WOLFSSL_SHAKE128).
* wolfcrypt/test/test.h: add WC_TEST_RET_TAG_* and WC_TEST_RET_DEC_TAG(), and refactor WC_TEST_RET_{ENC,DEC}_*() macros to implement the tag mechanism;
* add render_error_message() with tag-specific rendering of error strings;
* wolfcrypt/test/test.c: smallstack refactor of shake128_test() and shake128_absorb_test();
* wolfcrypt/test/test.c: change gating around mp_test() and related routines from defined(HAVE_VALGRIND) to defined(WOLFSSL_PUBLIC_MP);
* smallstack refactor of mp_test();
* refactor a slew of WC_TEST_RET_ENC_NC associated with XFOPEN/XFREAD to be WC_TEST_RET_ENC_ERRNO, and add error detection for XFREAD (previously silently tolerating zero retvals).
* wolfcrypt/test/test.c: build mp_test() only if WOLFSSL_SP_MATH_ALL or USE_FAST_MATH (in addition to WOLFSSL_PUBLIC_MP), because many general purpose functions such as sp_mulmod() are gated out in SP builds without WOLFSSL_SP_MATH_ALL.
* wolfcrypt/test/test.c: fix array bounds flubs in shake128_test();
* don't print_fiducials() in wolfcrypt_test() header, but rather, after render_error_message() in err_sys().
* wolfcrypt/test/test.{c,h}: wrap some overlong lines, and fix an unused-variable warning in mp_test_set_is_bit().
* wolfcrypt/test/test.c: fixes for several misplaced and several missing WC_TEST_RET_ENC_EC()s.
* set the client state correctly when wc_ecc_ctx_set_kdf_salt is called
* add test that covers wc_ecc_ctx_set_kdf_salt
* use shared key and smallstack to reduce test stack usage
used and size have no reason to be negative - change type.
Change code to match unsigned change. Mostly change variables to be
unsigned where possible.
integer.c: Only have mp_rand_prime available when needed and
mp_prime_is_prime_ex is available.
Fixes from regression testing.
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;
fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();
fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);
fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());
also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1.
* Cleanups for `XREALLOC` and new `WOLFSSL_NO_REALLOC` to force undef of `XREALLOC`.
* Change STM32 Cube to default to `NO_TLS_UART_TEST`.
mp_to_unsigned_len checks length and front pads with zeros.
Return MP_VAL when length is too small in all implemenations.
Make TFM implementation check length.
Add test case.
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
Enabling SP with ASM didn't enable SP or error out when SP wasn't
configured. Now enables SP when '' and errors when 'no'.
SAKKE modinv used large amounts of stack. Change to have more temporary
memory allocated increased to cover the usage.
ECC, SAKKE: sp_<bits>_ecc_mulmod_<cpu><words>() used large amounts of
stack. Allocate when WOLFSSL_SMALL_STACK.
wc_DhCheckKeyPair() not available when HAVE_SELFTEST.
Wasn't compiled in before as WOLFSSL_HAVE_SP_DH wasn't defined.
Make sp_rshd not available when WOLFSSL_SP_MATH in header.
sp_rshd is not required by any wolfCrypt code.
Fix sp_rshd comment on #endif
Make sp_div publicly available in some WOLFSSL_SP_MATH builds.
Delare sp_div for some WOLFSSL_SP_MATH builds.
Fix test.c to compile with WOLFSL_SP_MATH and HAVE_VALGRIND.
Tidy up Espressif ESP32 test and benchmark examples:
* add VisualGDB project and solution files for server and client
* "hardware in use revert to software" is now verbose level message
* Remove (void) TAG; - not needed to appease compiler
* include esp_log.h lib with defined(WOLFSSL_ESPIDF)
* large ESP32 default stack size
* check for max number of arguments assembled into array
* cleanup & comments per code review
* wolfssl_test VisualGDB updates
* Espressif wolfssl_test default stack 55,000 bytes
1. Add a flag to the DH test to indicate that the second key is initted.
2. Add a flag to the DH test to indicate that the RNG is initted.
Fixes an issue where the DH wolfCrypt test can crash or lock up when
the DH parameters file is missing. Localized to the test only.
Added new x86 assembly for AES.
AES-CBC decrypt only 4 blocks at a time (not 6 or 8) due to reduces
register count.
GCM implementation for AVX2, AVX1 and AESNI only.
Disabled looking for other assembly files for x86.
* add Versal specific glue
The same structure of an "XSecure client" is used throughout the API's,
therefor define it once and re-use in all clients.
* integrate Versal AES-GCM engine
* integrate Versal SHA3-384 engine
* add versal support to tests
- There's no intermediate-hash API for Versal.
* add specific test with large AAD
Test only with `n*16 byte` wide chunks of AAD, so it gets processed in the
hardware engine.
* add specific test with misaligned AES-GCM arguments
* integrate Versal RSA engine
* disable failing RSA test-case when Xilinx Crypto is enabled
* introduce define `WOLFSSL_XILINX_CRYPT_VERSAL`
* integrate Versal TRNG engine
* allow using Versal TRNG w/o wolfcrypt DRBG
Versal TRNG already provides a HRNG mode which does the same as the
wolfcrypt DRBG implementation.
* add support for user-supplied nonce to Versal TRNG
* add `wc_XsecureErrorToString()` to map PLM error codes to messages.
* integrate Versal EcDSA engine
* update tests to work with Versal EcDSA
If deterministic K is enabled, the tests failed here since the Versal
EcDSA engine doesn't support the SECP256R1 curve yet.
* Xilinx crypto engines like aligned memory very much
Make this a default choice, not via the user configuration.
* add Xilinx-specific `WOLFSSL_MSG()` equivalent
`WOLFSSL_XIL_MSG()` does the same as `WOLFSSL_MSG()` besides waiting for
1 second before printing to stdout, since the PLM maybe prints to same and
outputs would be mixed up.
This waiting can be disabled by defining `WOLFSSL_XIL_MSG_NO_SLEEP`.
* add option to enable DPA CounterMeasures in AES-GCM crypto engine
* add "command mode" to Xilinx bare-metal example
* update Xilinx default user settings
* add script to execute benchmarks
* add scripts to create graphics
* add Vitis 2022.1 example projects
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
* fix compilation warning
* adjust SHA3-384 test error-codes
The way the codes were constructed before, they were not unique.
* unify code
Instead of having `ifdef`'s in the code, define our own wrapper around
the keysource as required.
* add CMake option for help-text in wolfCrypt tests
* expose test `main()` as `wolfcrypt_test_main()`
* Don't overwrite previously set errors
* add FreeRTOS support for Xilinx demo
* move `fp_reverse` from `tfm.c` to `wolfmath.c` and rename to
`mp_reverse`.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Add x86_64 assembly code:
- BMI2
- AVX2 (using ymm, slower than BMI2)
- AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
P-256/384/521.
New functions:
- sp_ecc_make_key_256_nb
- sp_ecc_make_key_384_nb
- sp_ecc_make_key_521_nb
- sp_ecc_secret_gen_256_nb
- sp_ecc_secret_gen_384_nb
- sp_ecc_secret_gen_521_nb
This commit also tweaks the testing for ECDSA testing in test.c. Instead of
testing with one of P-256/384/521, we test with all that are available.
Fix handling of counter to support incrementing across all bytes in
ARM32 crypto asm.
Added test cases for wrapping of counter when 2 blocks are being
encrypted to check assembly alternative path.
Fix handling of counter to support incrementing across all bytes in ARM
crypto asm.
Added test cases for wrapping of counter.
Extracted ARM ASM for AES-CTR.
Use ASM to created encrypted temporary block.
* PSA: set AES key bits, define PSA_ALG_NONE/PSA_KEY_ID_NULL if needed
* Zephyr: add TimeNowInMilliseconds() for tls13.c, clock_settime() for test.c, update CMakeLists.txt
* Skip including unistd.h for Zephyr in benchmark.c
* Zephyr: update README, add nRF5340dk support to wolfssl_test sample app
* Zephyr: add wolfCrypt benchmark sample app
* Zephyr: add nRF5340 support to tls_thread sample app
* PSA: use specific hash algo with psa_sign/verify_hash()
* Zephyr: add support for PSA Crypto API with PK callbacks to wolfssl_tls_threaded sample app
* Zephyr: add new files to zephyr/include.am
added numerous missing _SMALL_STACK code paths (PK objects on the stack);
in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override);
fixes for unsafe strcat()s in tests/quic.c;
fix for unsafe macro WOLFSSL_IS_QUIC();
fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds);
fix for signed/unsigned clash in wolfSSL_quic_receive().
add wolfCrypt error codes IO_FAILED_E "Input/output failure" and SYSLIB_FAILED_E "System/library call failed";
tests/api.c and tests/unit.c: flush stdout for error message in Fail() macro, add fflush(stdout) after printf()s, print success message at end of unit_test(), and send several error messages to stderr instead of stdout;
wolfcrypt/test/test.c: add fallthrough macro definition of printf() that pairs it with fflush(stdout);
unit.h: in definition of macro AssertPtr(), add PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"");
sp_int.c: refactor several lingering instances of "if (0) { ... }" code pattern to #if 0 ... #endif.
In defense against attack, assume the imported public key is not trusted
and check it matches the private key if set.
Added APIs that allow application to explicitly trust public key.
Original APIs default to not trusting public key.
fasthugemath means turn on fastmath
Use sp_int_digit and not sp_digit in sp_int.c.
test.c needs to use large static buffer when SP Math used like fastmath.
When building static memroy, SP math all without WOLFSSL_SP_NO_MALLOC is
a valid configuration.
Fix freeing of bigint in sp_int.c.
Cast x to a signed value to negate and then back to unsigned. (For
Windows builds.)
Remove warning about empty file on Windows about integer.obj.
Allow RSA verify only and RSA public only to be used with other public
key algorithms.
If building for FIPS, then older versions of RSA and ECC require SP Math
to support negative numbers.
Get old FIPS files building with SP int.
Disallow --enable-sp-math and --enable-sp-math-all.
When just --enable-sp-math on configuration line then disable SP Math
all.
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.
wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.
Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
The test for certificate extensions requires both the test certs option
and the certificate generation option to run. The certs for the test are
generated by wolfCrypt. This disables the extensions test if
certificate generation is disabled.
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra.
* Fix bound warning with strncpy in sniffer.c.
* Fix for async DH issue.
* Fix for SP math all not initializing raw big int.
* Fix for array bounds warning with "-O3" on SetEccPublicKey.
* Fix a sniffer async edge case with TLS v1.2 static RSA and extended master.
* Improved the sniffer test script detection of features.
* Disable ECC custom curve test with Intel QuickAssist.
Allow Chachac20-Poly1305 to take an empty msg.
Allow AES-SIV to have an empty nonce.
Don't allow the length to be malleable. Must use the smallest number of
bytes to represent value.
ECDSA and DSA signature values are positive.
Add Sha512-224 and Sha512-256 OIDs.
ASN template - ensure the ECDSA/DSA signature uses all data.
Curve25519/Curve448 - WOLFSSL_ECDHX_SHARED_NOT_ZERO means shared secret
can't be 0.
Curve25519/Curve448 - check public value is less than order.
ECC - x or y may be zero but not both.
Ed25519/Ed448 - check S is less than order.
Ed448 - ge_p3_dbl can be simplified for ASM.
Prime check (integer.c/tfm.c/sp_int.c): Don't allow negative values and
make sure random candidate doesn't have bits higher than those in a set
when bits not a multiple of 8.
RSA: support Sha512-224 and Sha512-256.
RSA: Fix check for invalid in decryption. Affects plaintexts 256 bytes
and longer.
RSA: Don't allow base be larger than modulus.
RSA: Check small ciphertext (1 or 0) on decrypt when not using OAEP.
RSA: WOLFSSL_RSA_DECRYPT_TO_0_LEN allows decrypted value to be 0.
SP math all: fix div to handle large a and d when checking size of
remainder.
SP math all: set sign of result in sp_mod_2d()
Added a test for the TLSv1.3 KDF to the wolfcrypt test. It uses 6
different test cases from the CAVP tests. A set of 8 session keys are
generated using multiple exporters.
1. Add configure option to enable AMD's RDSEED.
2. Add seed parameters when building specifically for AMD using RDSEED.
3. Update the wolfCrypt test to play nice with the larger seed size.
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
sp_invmod with even modulus requires a multiplication by modulus. Don't
let modulus overflow result variable 'r'.
Fix allocation of temporary sp_ints to be correct size.
Add test for maximum modulus size in test.c.
Remove leading spaces on functions so git correctly determines which
function has changed.
Put in Thumb code for more sizes of _sp_mul_*().
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
the build. And matched the guards to the call of the function. The
issue is a test that fails only in a cert 3389 build using Arm
assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
jordan
Daniel Pouzzner
Sean Parkinson
Andras Fekete
David Garske
Dimitri Papadopoulos
gojimmypi
Chris Conlon
dell5060
Lealem Amedie
JacobBarthelmeh
Hideki Miyazaki
Juliusz Sosinowicz
Eric Blankenhorn
kaleb-himes
John Bland
Kareem
Anthony Tatowicz
Anthony Hu
John Safranek
Stefan Eissing
Hayden Roche
Steffen Jaeckel
Tesfa Mael
Marco Oliverio