Commit Graph

22336 Commits (b83d8f0cf609fb52b786b258e68e768358be6dd8)

Author SHA1 Message Date
JacobBarthelmeh 757fcbcc25
Merge pull request #7236 from julek-wolfssl/get-sig-nid
Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid
2024-02-20 02:46:37 +07:00
JacobBarthelmeh 565a4e6773
Merge pull request #7256 from douzzer/20240217-fixes
20240217-fixes
2024-02-20 01:54:32 +07:00
Daniel Pouzzner 8d894fb01b wolfssl/wolfcrypt/types.h: add WC_ARRAY_ARG() and WC_HEAP_ARRAY_ARG() constructors, for passing arrays declared by WC_DECLARE_ARRAY() and WC_DECLARE_HEAP_ARRAY(). used this to refactor bench_rsa_helper() arg list, fixing a cppcheck argumentSize warning.
wolfcrypt/test/test.c: revert overeager constification of xmss_msg and xmss_sig.
2024-02-17 15:24:55 -06:00
David Garske 7f18338322
Merge pull request #7255 from ejohnstown/ocsp-date
OCSP Date Checks
2024-02-16 20:58:20 -08:00
John Safranek 52f4dcd7aa
OCSP Date Checks
When calling DecodeResponseData(), no matter the return value, if it is
not success, it is assigned to ASN_PARSE_E. This isn't the pattern for
other branch parsing. Return the value returned.

This is seen when decoding an OCSP response that is past the
next-available time.
2024-02-16 12:12:27 -08:00
David Garske e4ea2651a3
Merge pull request #7252 from douzzer/20240215-benchmark-smallstack-refactors
20240215-benchmark-smallstack-refactors
2024-02-16 11:45:59 -08:00
Daniel Pouzzner af620513f1 wolfssl/wolfcrypt/types.h: fix bugprone-macro-parentheses in smallstack WC_ALLOC_VAR(). 2024-02-16 12:39:25 -06:00
David Garske 815c290293
Merge pull request #7231 from anhu/maxqrng
Use the MAXQ1065/1080 rng when available.
2024-02-16 09:43:46 -08:00
Daniel Pouzzner 3676dc02a6 wolfcrypt/benchmark/benchmark.c: mollify scan-build with XMEMSET()s in several false positives around WC_DECLARE_ARRAY(). 2024-02-16 10:27:06 -06:00
Daniel Pouzzner 44e0ee1ecd wolfssl/wolfcrypt/types.h:
* fix overallocation in WC_DECLARE_ARRAY() macro in the !WOLFSSL_SMALL_STACK path.
* rename WC_INIT_ARRAY() to WC_ALLOC_ARRAY() for clarity (it doesn't initialize any memory).
* rename WC_DECLARE_ARRAY_DYNAMIC_DEC(), WC_DECLARE_ARRAY_DYNAMIC_EXE(), and WC_FREE_ARRAY_DYNAMIC() to WC_DECLARE_HEAP_ARRAY(), WC_ALLOC_HEAP_ARRAY(), and WC_FREE_HEAP_ARRAY(), respectively, also for clarity, and refactor out the duplicate definitions.
* add WC_ALLOC_VAR(), and move the XMALLOC() in smallstack WC_DECLARE_VAR() into it.  smallstack WC_DECLARE_VAR() now initializes the pointer to NULL, like smallstack WC_DECLARE_ARRAY(), assuring all pointers are valid upon shortcircuit to cleanup for a failed allocation (see WC_ALLOC_DO_ON_FAILURE below).
* add a new hook "WC_ALLOC_DO_ON_FAILURE" in WC_ALLOC_VAR(), WC_ALLOC_ARRAY(), and WC_DECLARE_ARRAY_DYNAMIC_EXE(), which is invoked when an allocation fails.  by default the hook is defined to WC_DO_NOTHING.
* add basic safety to WC_*_HEAP_ARRAY() by recording/detecting allocation state via idx##VAR_NAME.
* add macros WC_ARRAY_OK() and WC_HEAP_ARRAY_OK() to test if allocation succeeded.
* add macros WC_CALLOC_ARRAY() and WC_CALLOC_HEAP_ARRAY() which zero the objects.
* add macro WC_CALLOC_VAR() which zeros the object.

ED448: smallstack refactor of ge448_scalarmult_base().

src/tls.c tests/api.c wolfcrypt/test/test.c: update WC_DECLARE_VAR()s with now-required matching WC_ALLOC_VAR()s.

wolfcrypt/benchmark/benchmark.c:
* no functional changes in default error-free behavior.
* add definition of WC_ALLOC_DO_ON_FAILURE() that prints error message, sets ret, and does goto exit.
* add BENCH_NTIMES and BENCH_AGREETIMES overrideeable macros, to allow fast sanitizer runs and slow high-precision runs.
* smallstack refactor of all declarations of stack arrays of the form foo[BENCH_MAX_PENDING], using WC_DECLARE_ARRAY() (35 in all).
* additional smallstack refactors, using WC_DECLARE_VAR(), for bench_aesxts(), bench_ed448KeyGen(), bench_eccsi*(), and bench_sakke*().
* fixes for various unhandled error conditions around malloc failures.

wolfcrypt/test/test.c: opportunistically constify several (42) static constants, moving them to the readonly data segment.

linuxkm/Makefile: if ENABLED_LINUXKM_BENCHMARKS, add wolfcrypt/benchmark/benchmark.o to WOLFSSL_OBJ_FILES.

linuxkm/Kbuild: enable FPU for benchmark.o, and remove enablement for module_hooks.o.

linuxkm/module_hooks.c: remove inline include of benchmark.c.
2024-02-16 10:26:21 -06:00
András Fekete 92b8196059
Merge pull request #7251 from miyazakh/ra6m4_jenkins
fix ra6m4 nightly jenkins failure
2024-02-16 09:09:12 -05:00
Juliusz Sosinowicz 469760e186 wc_ecc_shared_secret_ssh fix
- wc_ecc_shared_secret_ssh should either be declared or not. Having two different signatures for the same function is error prone.
- Don't use wc_ecc_shared_secret_ssh in our code. Use wc_ecc_shared_secret directly.
2024-02-16 13:38:35 +01:00
Juliusz Sosinowicz 44de6dfdd3 Return correct values in get_signature APIs and write tests 2024-02-16 11:32:22 +01:00
Juliusz Sosinowicz 98e328dafc Enable master openvpn testing
Depends on https://github.com/wolfSSL/wolfssl/pull/7236
2024-02-16 11:32:04 +01:00
Juliusz Sosinowicz 6537c7163c Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid 2024-02-16 11:32:04 +01:00
Hideki Miyazaki 72d8acf5aa fix ra6m4 nightly jenkins failure 2024-02-16 15:45:32 +09:00
David Garske d34b254247
Merge pull request #7249 from bandi13/missingOpenVPNDependencies
Add in dependencies when compiling with OpenVPN
2024-02-15 15:38:07 -08:00
David Garske f0a162c265
Merge pull request #7250 from lealem47/ecbAsync
Fix for AES-ECB benchmark livelock with Async
2024-02-15 15:37:46 -08:00
Marco Oliverio c8f3a8f14b
fix: negotiate handshake until the end in wolfSSL_read/wolfSSL_write (#7237)
* tls: negotiate until hs is complete in wolfSSL_read/wolfSSL_write

Don't rely on ssl->options.handShakeSate == HANDSHAKE_DONE to check if
negotiation is needed. wolfSSL_Connect() or wolfSSL_Accept() job may not yet be
completed and/or some messages may be waiting in the buffer because of
non-blocking I/O.

* tests: test case for handshake with wolfSSL_read()/wolfSSL_write()

* doc: clarify wolfSSL_write()

* internal.c: rename: need_negotiate -> ssl_in_handshake
2024-02-15 13:48:19 -08:00
Lealem Amedie 4cc960787f Fix for AES-ECB benchmark livelock with Async 2024-02-15 12:51:22 -07:00
Andras Fekete 71fd4782c0 Add in dependencies when compiling with OpenVPN 2024-02-15 13:48:33 -05:00
David Garske 585f0f1956
Merge pull request #7248 from lealem47/ARMASM_UnitTest
Fix unit test failure for FIPS 140-2 + WOLFSSL_ARMASM
2024-02-15 08:25:42 -08:00
Lealem Amedie b87f544af6 Reviewer feedback 2024-02-14 16:43:01 -07:00
Lealem Amedie 152c8565b9 Fix unit test failure for FIPS 140-2 + WOLFSSL_ARMASM 2024-02-14 16:24:58 -07:00
David Garske d39cf1e499
Merge pull request #7246 from kareem-wolfssl/zd17176
Only include CRL monitor definitions when building with HAVE_CRL_MONITOR.
2024-02-14 13:45:23 -08:00
Kareem 6dc6d58c04 Remove redundant ifdefs. 2024-02-14 11:22:32 -07:00
David Garske 375415d042
Merge pull request #7229 from kaleb-himes/win-code-up
Windows doesn't like code before variables
2024-02-14 09:50:34 -08:00
Kareem c119826e75 Only include CRL monitor definitions when building with HAVE_CRL_MONITOR. 2024-02-13 15:37:36 -07:00
Sean Parkinson 3b6a7691c5
Merge pull request #7235 from julek-wolfssl/gh/7228
Send alert on bad psk binder
2024-02-14 07:24:52 +10:00
David Garske 6f88ed0901
Merge pull request #7177 from gojimmypi/PR-Arduino-Update
Improved Arduino Support: ESP32, Due
2024-02-13 09:43:42 -08:00
David Garske c8d0bb0bd8
Merge pull request #7212 from SparkiDev/eddsa_check_priv
EdDsa: check private value after sign
2024-02-13 09:27:34 -08:00
Sean Parkinson e28d6a7b71 EdDsa: check private value after sign
Check the private value hasn't changed during signing with EdDSA.
2024-02-13 22:11:48 +10:00
Sean Parkinson 94680991a9
Merge pull request #7243 from douzzer/20240213-aes256_test-leak
20240213-aes256_test-leak
2024-02-13 22:03:49 +10:00
gojimmypi 68fb183fa6 Update TLS client example for Espressif ESP8266 2024-02-13 03:01:40 -08:00
Daniel Pouzzner 9b7decada0 wolfcrypt/test/test.c: fix Aes init/free lifecycle in aes192_test() and aes256_test(). 2024-02-13 01:23:11 -06:00
David Garske 2ebc897e31
Merge pull request #7241 from ejohnstown/ocsp-revoke-reason
Decode OCSP Revocation Reason
2024-02-12 15:11:26 -08:00
David Garske 2b9e9955c3
Merge pull request #7242 from SparkiDev/ct_valgrind_fixes_3
RSA ct test: force RsaFunctionCheckIn to not be inlined
2024-02-12 15:10:47 -08:00
Sean Parkinson f031d034df RSA ct test: force RsaFunctionCheckIn to not be inlined
In non-debug compilation, RsaFunctionCheckIn may be inlined.
The function operates on the input - value to exponentiate.
Constant time testing excludes all operations in this function.
2024-02-13 07:37:24 +10:00
John Safranek c17fb7498b
OCSP Revocation Reason
1. The ASN.1 parser wasn't handling the OCSP response correctly when
   there was a revocation reason included in the response. The encoded
   reason value is constructed, and was getting marked as not
   constructed in the parser. Changed the flag to mark it as
   constructed.
2024-02-12 13:11:51 -08:00
David Garske 06f04def1b
Merge pull request #7222 from rizlik/early_data_fix
tls13: wolfSSL_read_early_data() set outSz to 0 if no early data and update doc
2024-02-12 11:38:46 -08:00
Marco Oliverio 7b0fefbceb doc: update new wolfSSL_read_early_data() behavior 2024-02-12 17:20:15 +01:00
Marco Oliverio e923d4c151 tls13: read_early_data: set outSz to 0 if no early data
If not data is read, set outSz to 0. This way the
caller can detect if no early data was read.
2024-02-12 17:20:15 +01:00
JacobBarthelmeh 83ae7245b0
Merge pull request #7151 from lealem47/pic24
MICROCHIP PIC24 support and example project
2024-02-12 23:15:10 +07:00
Juliusz Sosinowicz 9a08296fa0 Fix openssl client psk key so that psk actually works 2024-02-12 15:07:46 +01:00
Sean Parkinson d5142d8553
Merge pull request #7234 from douzzer/20240208-test-config-and-linuxkm-tweaks
20240208-test-config-and-linuxkm-tweaks
2024-02-12 22:50:28 +10:00
Sean Parkinson 9f0aa38120
Merge pull request #7223 from gojimmypi/PR-debug-messages
Add wolfSSL debug messages
2024-02-12 07:35:50 +10:00
Daniel Pouzzner 2e970f53c5
Merge pull request #7232 from bandi13/moreDependencies
Add in dependencies of tests
2024-02-10 02:17:28 -05:00
Daniel Pouzzner 13021708d4
Merge pull request #7227 from julek-wolfssl/gh-retention-days
Increase retention days to make re-running easier
2024-02-10 02:16:34 -05:00
Daniel Pouzzner c1931f78de
Merge pull request #7225 from bandi13/fixStaticAnalysisError
Static analyzers complain that a->size is never initialized
2024-02-10 02:15:37 -05:00
Daniel Pouzzner 63fe12efe3 wolfcrypt/src/aes.c: fix WOLFSSL_AESGCM_STREAM && WC_AES_C_DYNAMIC_FALLBACK: establish AESNI status dynamically at time of wc_AesGcmSetKey(), and stick to it (or return failure) until the next wc_AesGcmSetKey(). this matches the semantics of the Linux kernel in-tree implementation, allowing safe registration of the wolfCrypt AESNI implementation with the LKCAPI.
configure.ac: move enable_aesgcm_stream=yes clauses in enable-all and enable-all-crypto to the main section, from the !ENABLED_LINUXKM_DEFAULTS section, and in ENABLED_LINUXKM_LKCAPI_REGISTER setup, remove the !ENABLED_AESNI from the condition for forcing on ENABLED_AESGCM_STREAM.

linuxkm/lkcapi_glue.c:
* remove all special-casing for AES-GCM with AESNI.
* add support for a LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING macro.

wolfssl/wolfcrypt/memory.h: add missing definition of SAVE_VECTOR_REGISTERS2() when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS.

wolfcrypt/src/memory.c:
* define SAVE_VECTOR_REGISTERS2_fuzzer() if DEBUG_VECTOR_REGISTER_ACCESS_FUZZING, regardless of DEBUG_VECTOR_REGISTER_ACCESS.
* add a DEBUG_VECTOR_REGISTER_ACCESS clause to the !HAVE_THREAD_LS version of SAVE_VECTOR_REGISTERS2_fuzzer().

wolfcrypt/test/test.c: remove several errant wc_AesFree()s in aes256_test().
2024-02-10 01:09:15 -06:00