7592241a46
Merge pull request #8007 from billphipps/fix_cmac_cryptocb
...
Update to separate CMAC and AES conditional compiles. Correct update.
2024-09-25 08:43:27 -06:00
60dbe38226
Update cmac.c to eliminate extra spaces
2024-09-24 18:34:19 -04:00
13b26bc46b
Update cryptocb.c to fix comment
2024-09-24 18:27:58 -04:00
967dc443fa
remove trailing whitespace
2024-09-24 12:58:01 -06:00
c6124d573a
asn: tiny peer review cleanup.
2024-09-24 13:01:13 -05:00
8aa63e3aad
One more time to quiet clang tidy
2024-09-24 13:43:56 -04:00
5e1db686e1
Update logic to avoid clang-tidy warning.
2024-09-24 13:14:00 -04:00
35442d27b5
Fixed overlong lines. Thanks clang-tidy
2024-09-24 12:48:54 -04:00
17261467a6
Revert "FP SmallStack Fix"
...
This reverts commit 47e51400bb
2024-09-24 09:19:43 -07:00
0d158fc663
Updates due to peer review
2024-09-24 12:06:19 -04:00
0f646b6e4b
asn: cleanup around edPubKeyASN.
2024-09-23 23:24:36 -05:00
c16ebaeb47
Update to seperate CMAC and AES conditional compiles. Correct update.
2024-09-23 15:33:52 -04:00
e5022e3ef0
Fix broken endif
2024-09-23 12:11:04 -07:00
183aef241c
CRL improvements, add parsing for CRL number, do not allow CRL duplicates, add callback for when CRL entry is updated.
2024-09-23 11:52:39 -07:00
67528f91b3
Dilithium: fixes
...
Fixes to hint error dectection.
Fix public key decode to fail when DER length is zero for the public key
data.
2024-09-23 09:05:17 +10:00
bc6881974d
Merge pull request #8001 from ejohnstown/ecc-test-fix
...
ECC Test Fix
2024-09-20 20:53:28 -05:00
735c0f6b3a
ECC Test Fix
...
The ECC key generation test was failing due not using large enough of a
buffer. Fixed to use a better size.
1. Set the shared digest/sig buffer size in
_ecc_pairwise_consistency_test() to the maximum possible based on the
math in wc_ecc_sig_sz().
2024-09-20 17:25:21 -07:00
a9cc880f65
Merge pull request #7993 from miyazakh/renesas_rx65n_rsk_update
...
Update TSIP driver version to v1.21 for RX65N RSK
2024-09-20 17:07:21 -07:00
3c67abc664
Merge pull request #7954 from JacobBarthelmeh/pkcs7
...
add option to set custom SKID with PKCS7 bundle creation
2024-09-20 17:05:44 -07:00
554d52b069
Merge pull request #7777 from night1rider/MAX32666-port
...
MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback Support
2024-09-20 17:14:34 -06:00
3f0a17b331
Update TSIP driver version to v1.21
...
Use ASN_TEMPLATE
Extracting YEAR and MONTH from __DATE__
2024-09-21 06:23:59 +09:00
55cd8a800f
FIPS v5 gating fixes:
...
configure.ac:
* fix logic in "Forcing off" test expressions, first flubbed in 19106a9510;
* fix auto-enable of compkey to exclude v5 even if v5-dev.
src/tls13.c: fix gating for HKDF _ex() variants (>=6.0, not >=5.3).
wolfcrypt/src/error.c: snip out stray spaces at start of several ECC error message strings.
wolfcrypt/test/test.c:
* in render_error_message(), use wolfSSL_ERR_reason_error_string() if available rather than wc_GetErrorString(), to render non-wolfcrypt error strings;
* in ecc_test_deterministic_k(), ecc384_test_deterministic_k(), ecc521_test_deterministic_k(), on FIPS <6.0, gate out SHA384 and SHA512 tests (FIPS v5 only supports SHA256 in wc_ecc_gen_deterministic_k());
* in cmac_test(), gate use of wc_AesCmacGenerate_ex() and wc_AesCmacVerify_ex() on >=6.0, not >=5.3.
2024-09-20 13:53:36 -05:00
9881edfabe
Crypto Callback Support for ARM ASM: AES-ECB/CBC, SHA-1/256/384/512 + Fix SP SHA CB Bug
2024-09-20 09:42:53 -06:00
1cb324affa
Expanding mutexing and Adding in AES Callbacks for HW
2024-09-20 09:42:53 -06:00
8f8b4e6665
Addressing Feedback, Adding Null Checks and Mutex Around TRNG
2024-09-20 09:42:53 -06:00
fe7987f241
Adding SHA-384/512 support, Null Checks, RNG Health Test for HW, and MAA call update for MAX3266X Port.
2024-09-20 09:42:52 -06:00
d714e55a2b
Addressing PR comments typos and cleanup and support HAVE_AES_ECB, Sha1, and Sha224
2024-09-20 09:42:52 -06:00
2e8cf39feb
Initial PR for MAX32665 and MAX32666 TPU HW Support
2024-09-20 09:42:52 -06:00
8017c816bb
check on RNG init return with test, and make input const
2024-09-20 08:34:28 -07:00
5adad7d869
fix for sanity check of null input
2024-09-20 08:34:28 -07:00
ca3b1a1412
add test case
2024-09-20 08:34:28 -07:00
7a23cff27f
add PKCS7 set custom SKID
2024-09-20 08:34:28 -07:00
bddb83b62a
Merge pull request #7992 from ejohnstown/ecc-pct-ss
...
Small Stack ECC Pairwise Consistency Test
2024-09-20 09:13:21 -06:00
bbbc40dacc
Merge pull request #7996 from julek-wolfssl/move-mymemmem
...
memmem is only being used in testing so move it there
Failing test is disabled in: 5be198fa0e
2024-09-20 09:08:44 -04:00
212708e3b4
wolfssl/wolfcrypt/ecc.h and wolfcrypt/src/ecc.c: refactor ecc_sets and ecc_sets_count using accessor functions, to fix linker relocation errors in Fedora packaging test.
2024-09-19 17:03:07 -05:00
d7303664b5
memmem is only being used in testing so move it there
2024-09-19 15:54:20 +02:00
a81efc0f6f
Small Stack ECC Pairwise Consistency Test
...
1. Update the ECC PCT to use the key's heap to allocate any buffers for
the test. This is similar to how RSA does it.
2. Put the buffers on the stack if not using small stack option.
2024-09-18 15:14:52 -07:00
072c5311a5
m4/ax_atomic.m4: fixes for C++ compatibility.
...
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API attribute to wolfSSL_Atomic_Int_Init, wolfSSL_Atomic_Int_FetchAdd, and wolfSSL_Atomic_Int_FetchAdd, and add fallback definitions for them, allowing elimination of SINGLE_THREADED implementations of wolfSSL_Ref*(), and allowing ungated use of wolfSSL_Atomic_* calls in api.c.
wolfcrypt/src/dh.c: in wc_DhAgree_ct(), remove frivolous XMEMSET() and stray semicolon.
wolfcrypt/benchmark/benchmark.c: fix bench_rsaKeyGen() to skip tests of key sizes below RSA_MIN_SIZE, and add 4096 bit benchmark if RSA_MAX_SIZE is big enough.
tests/unit.h:
* adopt definitions of TEST_FAIL, TEST_SUCCESS, and TEST_SKIPPED from unit.c, remap TEST_SKIPPED from -7777 to 3, and add TEST_SUCCESS_NO_MSGS, TEST_SKIPPED_NO_MSGS, EXPECT_DECLS_NO_MSGS(), and EXPECT_FAILURE_CODEPOINT_ID, to support existing and future expected-particular-failure test cases without log noise.
* rename outer gate from CyaSSL_UNIT_H to TESTS_UNIT_H.
tests/api.c:
* use EXPECT_DECLS_NO_MSGS() in test_ssl_memio_setup(), test_ssl_memio_read_write(), and test_wolfSSL_client_server_nofail_memio(), and globally update affected expected error codes to correspond.
* use atomics for {client,server}SessRemCount{Malloc,free} to fix races in SessRemCtxCb() and SessRemSslSetupCb().
2024-09-18 16:25:26 -05:00
337456cc1e
Add support for (DevkitPro)libnds
2024-09-18 21:27:53 +02:00
ffd0fb23f7
Merge pull request #7979 from SparkiDev/sp_x86_64_no_avx_fix
...
SP x86_64 asm: check for AVX2 support
2024-09-18 10:23:12 -06:00
1e75a2367c
Address code review
2024-09-18 10:35:29 +02:00
8ce6f17144
Add dtls 1.3 cid api test
2024-09-18 10:35:29 +02:00
47e51400bb
FP SmallStack Fix
...
The function _fp_exptmod_nct() is using WOLFSSL_NO_MALLOC to guard
using stack allocation vs malloc. It's twin function _fp_exptmod_ct()
is using WOLFSSL_SMALL_STACK for this. This is causing inappropriate use
of malloc() in a small stack environment. The no-malloc case will also
be kept so static memory and no-malloc fix still works.
1. Change the guards for `#ifndef WOLFSSL_NO_MALLOC` in the function
`_fp_exptmod_nct()` to `#if defined(WOLFSSL_SMALL_STACK) &&
!defined(WOLFSSL_NO_MALLOC)`.
2024-09-17 10:55:11 -07:00
aa41e09937
SP x86_64 asm: check for AVX2 support
...
Check for AVX2 as well as BMI2 and ADX.
Some virtual machines may not have AVX2 with the others.
2024-09-17 14:14:27 +10:00
04c781ad9b
wolfcrypt/src/dh.c: in wc_DhAgree_ct(), implement failsafe constant-time key size fixup, to work around sp-math constant-time key clamping.
...
also fix a -Wunused in src/ssl_load.c:DataToDerBuffer() teased out by configuration permutations.
2024-09-16 17:33:25 -05:00
52030f182b
Merge pull request #7972 from miyazakh/renesas_tsip_update_
...
Renesas TSIP version update
2024-09-14 00:41:19 -05:00
990d38a068
Merge pull request #7974 from dgarske/noasn
...
Support for NO_ASN when wildcard *.c is used
2024-09-14 00:34:15 -05:00
80f3b0d3d8
Merge pull request #7926 from philljj/x509_acert_support
...
x509 attribute cert support
2024-09-14 00:30:29 -05:00
4545a9b4a2
Merge pull request #7960 from night1rider/mmcau-DesEcb
...
DES ECB using mmcau HW Library, and DES ECB basic test
2024-09-14 00:07:18 -05:00
84f0800b96
configure.ac:
...
* set DEFAULT_ENABLED_ALL_ASM=no if enable_afalg or ENABLED_32BIT;
* omit enable_srtp_kdf from enable-all-crypto if enable_afalg.
linuxkm: add GetCAByAKID to wolfssl_linuxkm_pie_redirect_table.
src/x509.c: in GenerateDNSEntryIPString(), use XMEMSET() to initialize tmpName, not = {0}, to avoid unmaskable compiler emission of memset() call.
wolfssl/openssl/ssl.h: add OPENSSL_EXTRA to an existing OPENSSL_ALL-gated section, consistent with gating of correspinding section in wolfssl/ssl.h.
wolfssl/wolfcrypt/settings.h: adopt setup for WOLFSSL_SP_NO_UMAAL from wolfssl/wolfcrypt/sp_int.h now that it's used by wolfcrypt/src/port/arm/thumb2-poly1305-asm.S.
2024-09-13 18:01:11 -05:00
8cea8283db
Support for NO_ASN when wildcard *.c is used. Added `STM32H743xx` support.
2024-09-13 13:52:21 -07:00
7df446bf4e
cleanup: fix cast warning, and small cleanup.
2024-09-13 09:26:19 -05:00
7faed6cded
X509 attribute cert (acert) support.
2024-09-13 08:03:55 -05:00
c49f1e22bd
Update TSIP version for RX72N and GR-ROSE
...
fix readme
2024-09-13 14:12:39 +09:00
4fa20cb770
Merge pull request #7965 from ColtonWilley/pkcs12_use_indef_len
...
Use context specific for PKCS7 encrypted data encoding
2024-09-13 12:17:08 +10:00
b0ddccc802
Change PKCS7 encrypted content encoding to use ASN_CONTEXT_SPECIFIC
2024-09-12 16:46:35 -07:00
171ab4b13a
Merge pull request #7967 from douzzer/20240910-configure-enable-all-asm-and-sp-cleanup
...
20240910-configure-enable-all-asm-and-sp-cleanup
2024-09-13 09:18:37 +10:00
f6d40ad229
Merge pull request #7955 from gojimmypi/pr-espressif-port-updates
...
Update Espressif sha, util, mem, time helpers
2024-09-12 18:15:25 -05:00
eb53a95f57
wolfcrypt/src/asn.c:DecodeSingleResponse(): fix gating for "at" working var, by refactoring gating for WOLFSSL_OCSP_PARSE_STATUS sections for clarity.
2024-09-12 14:38:50 -05:00
53c4c0095a
wolfcrypt/src/sp_cortexm.c: update from scripts#423.
2024-09-12 13:29:02 -05:00
8d0047fedf
SP: fixes for several bugprone-macro-parentheses and -Wconversions.
2024-09-12 13:29:01 -05:00
e227b2ad7d
wolfcrypt/src/sp_int.c: fix bugprone-too-small-loop-variable in _sp_mul().
2024-09-12 13:29:01 -05:00
5b8e9e692f
wolfcrypt/src/siphash.c: fixes for bugprone-macro-parentheses.
2024-09-12 13:29:01 -05:00
20e2e33e25
Merge pull request #7939 from SparkiDev/thumb2_poly1305
...
undefined
2024-09-12 11:15:53 -07:00
9e2a7b3653
Feature/multiple aes siv ads ( #7911 )
...
* Proposed new interface for AesSivEncrypt with number of ADs != 1.
* Implement AES SIV S2V computation with a number of ADs not equal to 1.
* Add Example A.1 from RFC5297 to AES SIV test vectors.
* Add tests for new AES SIV interface, and add test vectors for examples given in RFC5297.
* Include the nonce in count of maximum number of ADs.
* Addressing review comments.
* Addressing review comments: Use uppercase 'U' suffix on unsigned constant.
* Rename local variables named 'ad0' to 'ad', since the zero makes no sense, especially since in the RFC 5297 document they're actually counting the ADs from 1.
2024-09-12 07:55:29 -07:00
27033c225f
Thumb-2 ChaCha, Poly1305: implemention in assembly
...
Implementation of ChaCha algorithm for ARM Thumb-2.
Implementation of Poly1305 algorithm for ARM Thumb-2.
2024-09-12 10:59:01 +10:00
d23bfd2eb9
Merge pull request #7963 from anhu/p11nopin
...
Check for PIN before saving it.
2024-09-12 10:20:47 +10:00
88d1ed7393
Modify pkcs8 pbe encryption to use indefinite length encoding, making it consistent with both old ASN code and openssl
2024-09-11 15:55:05 -07:00
246228e410
Check for PIN before saving it.
2024-09-11 14:39:03 -04:00
1c8f1e6921
Merge pull request #7802 from douzzer/20240725-wc_DhAgree_ct
...
20240725-wc_DhAgree_ct
2024-09-11 08:06:58 +10:00
10c1fa2088
Merge pull request #7931 from barracuda156/powerpc-darwin
...
Fixes for PowerPC
2024-09-10 10:34:09 +10:00
500a3b41e4
Merge pull request #7932 from barracuda156/dispatch
...
Fixes for earlier macOS
2024-09-10 10:29:45 +10:00
e912aff7e5
DES ECB using mmcau HW Library, and DES ECB basic test
2024-09-09 15:32:21 -06:00
49a680540c
add constant time DH key agreement APIs:
...
* adds wc_DhAgree_ct().
* adds wolfSSL_DH_compute_key_padded(), using wc_DhAgree_ct() if available, with fallback fixup code.
* adds unit test coverage in api.c:test_wolfSSL_DH() for expected-success calls to wolfSSL_DH_compute_key() and wolfSSL_DH_compute_key_padded().
2024-09-09 16:24:07 -05:00
c81c9be9ce
error code fixes:
...
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
2024-09-06 19:33:48 -05:00
b57fcd0bd8
Update Espressif sha, util, mem, time helpers
2024-09-06 16:33:04 -07:00
80a63a3fce
Merge pull request #7924 from anhu/pqm4_purge
...
Get rid of pqm4 in favour our own Kyber/MLDSA implementation
2024-09-06 12:00:26 -07:00
5f40f9a140
Thumb-2 ChaCha: implemention in assembly
...
Implementation of ChaCha algorithm for ARM Thumb-2.
2024-09-06 10:16:45 +10:00
96e2c51f07
Merge pull request #7907 from ColtonWilley/rsa_pad_crypto_cb
...
Add new crypto callback for RSA with padding.
2024-09-06 08:48:36 +10:00
6fc9dcae07
Merge pull request #7947 from douzzer/20240905-mp_sign_t
...
20240905-mp_sign_t
2024-09-06 08:46:23 +10:00
dcaff9dff4
Merge pull request #7944 from JacobBarthelmeh/pkcs12
...
add parsing over optional PKCS8 attributes
2024-09-05 16:55:44 -05:00
887c5abcb1
Merge pull request #7949 from douzzer/20240905-whitespace-and-utf8-cleanup
...
20240905-whitespace-and-utf8-cleanup
2024-09-05 14:38:19 -07:00
9f6a75cdfd
Merge pull request #7934 from rizlik/ocsp-get-ca-keyhash-fix
...
ocsp: search CA by key hash instead of ext key id
2024-09-05 15:03:54 -05:00
a3fb5029f8
clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text.
2024-09-05 14:52:18 -05:00
603c03c0be
MPI: add mp_sign_t and sp_sign_t.
2024-09-05 10:37:02 -05:00
9a8573afc9
touch up pkcs8 create function and test case warning
2024-09-04 15:48:44 -06:00
2a1165460e
add parsing over optional PKCS8 attributes
2024-09-04 15:15:53 -06:00
a31733db85
Merge pull request #7909 from SparkiDev/dilithium_fips204_draft
...
Dilithium: Support FIPS 204 Draft
2024-09-04 14:34:59 -05:00
c9ff15da21
Merge pull request #7901 from SparkiDev/memusage_8
...
Memory usage improvements
2024-09-04 12:34:44 -05:00
7c7de235d8
Merge pull request #7937 from douzzer/20240903-missing-WC_NO_ERR_TRACEs
...
20240903-missing-WC_NO_ERR_TRACEs
2024-09-04 08:07:19 -07:00
88c3e0af22
Memory usage improvements
...
kdf.c: wc_PRF() - No need for previous, reuse current.
sha256.c: Transform_Sha256() - Add slow but small version for many
register implementation.
sp_int.h: Change 'used' and 'size' fields to 16-bit types when possible.
sp_int.c: Fixes for 16-bit used.
2024-09-04 22:51:31 +10:00
b26fa6cf59
Merge pull request #7918 from SparkiDev/type_conversion_fixes_3
...
Type conversion fixes
2024-09-03 20:18:00 -05:00
121b8c52f8
Merge pull request #7869 from julek-wolfssl/libspdm-x509
...
libspdm x509 parts
2024-09-03 20:09:31 -05:00
806df85477
backfill more missing WC_NO_ERR_TRACE()s on error code operands, and refactor away the obsolete GEN_MEM_ERR macro mechanism in wolfcrypt/src/ecc.c.
2024-09-03 17:44:11 -05:00
b7a6c6c314
Fixes for building RISCV ASM with enable-all.
...
* Fix type warning for SHA512 ByteReverseWords call
* Fix issue with riscv-asm and xchacha.
2024-09-03 09:37:01 -07:00
293719c168
ocsp: search CA by key hash instead of ext key id
2024-09-02 15:25:53 +00:00
ed7beb4e0e
Type conversion fixes
...
Changes to get compilation with -Wconversion passing on the files.
2024-09-02 19:19:23 +10:00
2c9a3c5c1c
Missing libspdm features
...
- RsaFunctionPrivate: detect when only n,e,d are available
- wolfSSL_EVP_add_digest: return success
- wolfSSL_EVP_add_cipher: return success
- wolfSSL_BN_bin2bn: accept NULL data if len is 0 (checked in mp_read_unsigned_bin)
- wolfssl_read_bio: advance correct bio
- wolfSSL_X509_set_ext: return raw extension data for BASIC_CA_OID
- Implement
- sk_X509_EXTENSION_free
- d2i_EC_PUBKEY_bio
- d2i_RSA_PUBKEY_bio
- d2i_X509_REQ_INFO
- X509_REQ_INFO_free
- ASN1_TIME_set_string_X509
2024-09-02 10:01:12 +02:00
2ddfe15c4f
Fix libdispatch usage condition
2024-09-01 21:03:18 +08:00
ef2424336c
sp_int.c: fix ppc asm for macOS
2024-09-01 20:17:11 +08:00
b6bfae9c24
asm.c: fix ppc asm for macOS
2024-09-01 20:17:11 +08:00
2bcfff3497
Expand testing to include SW implementation of RSA with padding callback, code cleanup to address review comments.
2024-08-30 13:41:51 -07:00
13ec0f0694
Merge pull request #7916 from SparkiDev/riscv-sha3-asm
...
RISC-V ASM: SHA-3
2024-08-30 09:06:36 -07:00
d475ecc8d3
Merge pull request #7917 from douzzer/20240828-WOLFSSL_DEBUG_TRACE_ERROR_CODES-TLS
...
20240828-WOLFSSL_DEBUG_TRACE_ERROR_CODES-TLS
2024-08-30 14:12:20 +10:00
4b4000bf61
Merge pull request #7903 from SparkiDev/ecc_sigalgo_params_null
...
Certificates: ECC signature algorithm parameter
2024-08-29 16:16:08 -05:00
17870d4159
src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E.
...
wolfssl/ssl.h, wolfssl/error-ssl.h, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c, and src/internal.c:
* fix values of WOLFSSL_ERROR_SSL and WOLFSSL_ERROR_WANT_X509_LOOKUP to match OpenSSL values;
* move legacy CyaSSL compat layer error codes from ssl.h to error-ssl.h and renumber them to conform to existing sequence;
* move enum IOerrors from ssl.h to error-ssl.h to get picked up by support/gen-debug-trace-error-codes.sh;
* add to enum wolfSSL_ErrorCodes negative counterparts for several positive error return constants;
* include error-ssl.h from ssl.h;
* add label (wolfCrypt_ErrorCodes) to error-crypt.h enum, and in wc_GetErrorString(), use switch ((enum wolfCrypt_ErrorCodes)error) to activate switch warnings for missing enums;
* in wolfSSL_ERR_reason_error_string(), use switch((enum wolfSSL_ErrorCodes)error) to activate switch warnings for missing enums;
* in ssl.h, add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* in error-crypt.h, add missing WOLFSSL_API attribute to wc_backtrace_render(); and
* harmonize gating of error codes, ssl.h / error-ssl.h / internal.c:wolfSSL_ERR_reason_error_string() / api.c:error_test().
tests/api.c:
* add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().
* in post_auth_version_client_cb(), add missing !NO_ERROR_STRINGS gating.
add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-29 14:22:56 -05:00
844d0ec558
Get rid of pqm4 in favour our own Kyber/MLDSA implementation
2024-08-29 13:23:39 -04:00
109e4c3dfb
added missing wolfSSL_X509_NAME_free(dName)
2024-08-29 17:59:02 +02:00
7c3d66ecd6
RISC-V ASM: SHA-3
...
Add assembly implementations of SHA-3.
Use VSRL_VX instead of two VSRL_VI operations as immediate is only 5
bits.
2024-08-29 17:58:02 +10:00
b178138d83
src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
...
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().
wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().
add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
a3e239c2ad
Certificates: ECC signature algorithm parameter
...
Allow, with a define, ECC signature algorithm parameters to be NULL and
not just empty.
Only for interop.
2024-08-28 11:10:41 +10:00
652158fcac
Dilithium: Support FIPS 204 Draft
...
Compile with WOLFSSL_DILITHIUM_FIPS204_DRAFT to get code that implements
the FIPS-204 August 2023 DRAFT.
Alternatively, --enable-dilithium=draft or
--enable-dilithium=fips204-draft
2024-08-28 11:02:01 +10:00
b7299a23c0
Add new crypto callback for RSA with padding.
2024-08-27 13:09:23 -07:00
90152fedda
Merge pull request #7902 from gasbytes/wc_pkcs7_decodeauthenvelopeddata-problem
...
Added check on error out from wc_PKCS7_EncodeAuthEnvelopedData
2024-08-27 00:40:21 -05:00
2537e08a99
Merge pull request #7890 from embhorn/zd18463
...
Various Coverity fixes
2024-08-26 23:34:23 -05:00
25dd8b641e
added check on error out from wc_PKCS7_EncodeAuthEnvelopedData
2024-08-26 19:29:06 +02:00
60f438f0c3
Dilithum, Kyber: Update to final specification
...
FIPS 203 and FIPS 204 final specification changes.
2024-08-26 17:42:27 +10:00
3f0ba97d1e
Merge pull request #7893 from gojimmypi/pr-asn-allow-zero-serial
...
Introduce WOLFSSL_ASN_ALLOW_0_SERIAL
2024-08-23 21:09:41 -05:00
1d34b565fa
Merge pull request #7891 from SparkiDev/test_fixes_2
...
Test fixes
2024-08-23 21:08:44 -05:00
a39f521f7f
Merge pull request #7884 from dgarske/x86_notwindows
...
Fixes for building x86 in Visual Studio for non-windows OS
2024-08-23 17:38:30 -05:00
6dab58266d
Various Coverity fixes
2024-08-23 16:09:18 -05:00
8baf39310f
Introduce WOLFSSL_ASN_ALLOW_0_SERIAL
2024-08-22 12:30:15 -07:00
08d8a74992
Test fixes
...
api.c:
Update #ifdefs.
sp_int.c:
Fix free call when hardening is disabled.
2024-08-22 16:09:22 +10:00
e99bbf9429
Merge pull request #7875 from douzzer/20240814-debug-trace-errcodes-MP
...
20240814-debug-trace-errcodes-MP
2024-08-22 10:10:45 +10:00
05c4955316
linuxkm: add support for WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES using dump_stack().
2024-08-20 23:36:07 -05:00
0da78a7ee2
move several MP error codes from wolfssl/wolfcrypt/sp_int.h, wolfssl/wolfcrypt/tfm.h, and wolfssl/wolfcrypt/integer.h, to wolfssl/wolfcrypt/error-crypt.h, harmonizing their names and numbers.
...
wolfssl/wolfcrypt/error-crypt.h: add WC_FIRST_E.
wolfcrypt/src/error.c: add MP error code strings.
wolfssl/error-ssl.h: add WOLFSSL_FIRST_E and WOLFSSL_LAST_E.
wolfcrypt/test/test.c: update error_test() for new error code layout, refactoring the "missing" check.
src/internal.c: use WC_FIRST_E and WC_LAST_E in wolfSSL_ERR_reason_error_string().
src/ssl.c: fix wolfSSL_ERR_GET_REASON() to identify in-range error codes using WC_FIRST_E, WC_LAST_E, WOLFSSL_FIRST_E, and WOLFSSL_LAST_E.
sp_int.h: provide for WOLFSSL_DEBUG_TRACE_ERROR_CODES, and refactor MP error codes as enums, for consistency with other error codes.
wolfcrypt/src/ecc.c: fix 2 identicalInnerCondition's.
2024-08-20 14:09:06 -05:00
3260a9b680
Address code review
2024-08-20 10:53:44 +02:00
294362a0b7
Fixes for building x86 in Visual Studio for non-windows OS.
2024-08-19 13:00:41 -07:00
a6a40de249
init sssd support
...
- Refactor OCSP to separate IO callback
- wolfSSL_BIO_reset: fix return
- CheckCertCRL_ex: return CRL_CERT_DATE_ERR instead of ASN_AFTER_DATE_E
- CheckCertCRL_ex: return most relevant error code
- i2d/d2i APIs: correct parameters handling and return codes
- Custom ASN1 structures: major refactor to make it much more versatile
- Use WOLFSSL_ASSERT_SIZEOF_GE where applicable
- wolfSSL_EVP_SignFinal: implement ecc
- wolfSSL_EVP_VerifyFinal: implement ecc
- OBJ_NAME_do_all: bring closer to OpenSSL functionality
- Correct return of *_push api
- Implement:
- OCSP_REQ_CTX API
- d2i_ECPKParameters
- wolfSSL_sk_insert
- OCSP_parse_url
- X509_STORE_set1_param
- X509_get0_subject_key_id
- X509_OBJECT_retrieve_by_subject
- OCSP_sendreq_nbio
2024-08-16 17:22:41 +02:00
1190d1bafe
Merge pull request #7873 from SparkiDev/riscv-poly1305-asm
...
RISC-V 64 ASM: Add Poly1305 implementation
2024-08-15 09:40:06 -07:00
ccd8b9aa8d
Merge pull request #7872 from douzzer/20240814-linuxkm-kyber-asm
...
20240814-linuxkm-kyber-asm
2024-08-15 14:46:55 +10:00
003ea8bff0
Merge pull request #7868 from dgarske/pq_xms_lmss
...
Fixes for building wolfBoot sources for PQ LMS/XMSS
2024-08-14 23:28:12 -05:00
a2acc41b3f
wolfcrypt/src/wc_kyber.c: in kyberkey_encapsulate(), don't overallocate "at" for USE_INTEL_SPEEDUP.
2024-08-14 21:51:12 -05:00
3ade7a875e
RISC-V 64 ASM: Add Poly1305 implementation
...
Implementation using standard and vector instructions.
2024-08-15 09:01:34 +10:00
7a29b1e4fd
add comments explaining dependence on idempotency for race-free dynamics re checkedAESNI, haveAESNI, intel_flags, and sha_method. see #7863 .
2024-08-14 15:23:48 -05:00
1fa2d2d625
ASN: move DecodedCert.extSubjKeyIdSz and .extAuthKeyIdSz out of the OPENSSL_EXTRA gate. fixes test.c:certext_test(), broken by f8c968d8d1 for some valid configs.
2024-08-14 14:45:11 -05:00
21484ec75a
linuxkm: add asm support for Kyber.
2024-08-14 14:45:11 -05:00
498dadad97
Ensure correct issuer is copied into PKCS7 struct during verification
2024-08-14 11:29:02 -04:00
ee966beb77
wolfcrypt/src/evp.c: add wolfSSL_EVP_PKEY_is_a() and test_EVP_PKEY_is_a(). also add test_EVP_CIPHER_key_length() and add missing RC4 clause to wolfSSL_EVP_Cipher_key_length().
2024-08-14 09:23:02 -05:00
01eaa56290
Fixes for building wolfBoot sources for PQ LMS/XMSS.
...
* Don't throw `#error "This code requires libxmss"`, just gate ext_xmss on HAVE_LIBXMSS. Same for LMS.
2024-08-13 14:10:45 -07:00
3875a1855e
Merge pull request #7859 from SparkiDev/aarch64_poly1305_asm_improv
...
Aarch64 Poly1305 ASM: Improve performance
2024-08-12 18:35:49 -05:00
7fac450c92
Merge pull request #7860 from dgarske/have_config
...
Add missing config.h on .c files
2024-08-12 18:33:04 -05:00
537827ebde
Add missing config.h on some .c files.
2024-08-12 09:29:07 -07:00
3725594020
Aarch64 Poly1305 ASM: Improve performance
...
Do as many multiplications in base 64 rather than 26 with normal integer
registers.
2024-08-12 12:47:44 +10:00
85bab19090
Merge pull request #7845 from ColtonWilley/pkcs7_digest_absent_params
...
Add option for absent hash params in PKCS7
2024-08-09 15:56:28 -06:00
656ba24de5
Merge pull request #7852 from SparkiDev/sp_no_rng_fix
...
SP: no RNG fix
2024-08-09 15:00:15 -05:00
e142b16ae2
Merge pull request #7848 from miyazakh/fips_wcPBKDF2ex
...
Check klen in byte in wc_PBKDF2_ex
2024-08-09 14:49:53 -05:00
034e13298f
Merge pull request #7847 from SparkiDev/sp_xfree_2
...
SP: Remove check of NULL before XFREE
2024-08-09 14:47:05 -05:00
17a09d9853
SP: no RNG fix
...
Don't use RNG API when WC_NO_RNG is defined.
2024-08-09 10:18:12 +10:00
24e34aa41a
wolfcrypt/src/logging.c: in WOLFSSL_BUFFER(), on averted overrun, log a buffer error rather than silently failing; in wc_backtrace_render(), fix !WOLFSSL_MUTEX_INITIALIZER race mitigation code.
2024-08-08 10:49:05 -05:00
f5e775fe95
wolfcrypt/src/wc_kyber.c: fixes for null derefs (nullPointerRedundantCheck) in wc_KyberKey_MakeKeyWithRandom() and wc_KyberKey_Decapsulate() added in d350ba6c41.
2024-08-08 09:13:56 -05:00
763ced668e
fixes for defects identified by cppcheck and clang-tidy on --enable-debug builds: null deref in tests/api.c:load_pem_key_file_as_der(), redundant declarations in wolfcrypt/benchmark/benchmark.c, and numerous unchecked XSNPRINTF()s in wolfcrypt/src/logging.c and src/internal.c.
2024-08-08 09:00:42 -05:00
5f6067c3e1
add --enable-debug-trace-errcodes=backtrace.
...
* uses libbacktrace to enhance existing "ERR TRACE" messages with backtraces, rendered in same format as the sanitizers.
* adds wc_backtrace_render() and some related callbacks to wolfcrypt/src/logging.c.
* adds an overrideable WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE to the WC_ERR_TRACE() mechanism in wolfssl/wolfcrypt/error-crypt.h.
2024-08-08 09:00:42 -05:00
180ad206fc
check klen in byte
2024-08-08 08:52:08 +09:00
abc910c03c
SP: Remove check of NULL before XFREE
...
Removed more checks of NULL before XFREE.
Formatting fixes as well.
2024-08-08 09:36:05 +10:00
92952a5538
Merge pull request #7839 from bandi13/noIfXFREE
...
No if xfree
2024-08-07 17:08:12 -05:00
38d191c159
More PR comment fixes
2024-08-07 16:56:57 -04:00
75c3030554
Add option for absent hash params in PKCS7
2024-08-07 11:07:45 -07:00
a31d8c5ce7
Addressing PR comments
2024-08-07 11:14:15 -04:00
632d9653da
Merge pull request #7842 from embhorn/zd18417
...
Fix template DecodeSubjDirAttr to set extSubjDirAttr data
2024-08-07 18:29:04 +10:00
18aa2b8d78
Merge pull request #7843 from dgarske/fix_sp_small_gcc
...
Fix for SP small calling label with GCC
2024-08-07 09:23:46 +10:00
6116d5edb4
Merge pull request #7824 from anhu/maxq10xx_update
...
Update to the maxq10xx support
2024-08-06 18:01:39 -05:00
2cc5ecf117
Merge pull request #7759 from JacobBarthelmeh/poly1305
...
w64wrapper for poly1305
2024-08-07 07:31:25 +10:00
91ea7ab206
Fix for SP small calling label with GCC (broken in PR #7753 ).
2024-08-06 11:05:40 -07:00
a30d9c9818
Merge pull request #7833 from SparkiDev/riscv-sha512-asm
...
RISC-V 64: Add assembly code for SHA-512
2024-08-06 10:39:10 -07:00
29a5cc39f2
Duplicate code removed
2024-08-06 10:19:09 -07:00
3cf3f297ba
Update to the maxq10xx support
2024-08-06 10:19:09 -07:00
1c2b47d8ad
Fix template DecodeSubjDirAttr to set extSubjDirAttr data
2024-08-06 11:34:14 -05:00
f1ace62363
add null sanity check and adjust add
2024-08-06 09:12:17 -06:00
f419e2351b
Remove NULL test with 'ptr = NULL' at the end
2024-08-06 10:55:37 -04:00
d350ba6c41
remove NULL test with XFREE arguments with dereference
2024-08-06 10:44:59 -04:00
d6a7187538
Programmatically remove NULL test with { XFREE() }
2024-08-06 10:37:43 -04:00
eb0c64d79a
Remove NULL test when there is a dereference
2024-08-06 10:29:02 -04:00
d7a0f49906
Programmatically remove NULL test before XFREE
2024-08-06 10:20:45 -04:00
4062b94fb3
RISC-V 64: Add assembly code for SHA-512
...
Cleanup RISC-V 64 SHA-256 by removing unused rev_idx.
2024-08-06 10:21:48 +10:00
cc2ed4a75b
add w64Add for build with word64
2024-08-05 16:47:35 -06:00
fc19c36bf8
Dilithium: fix check hint
...
When all indeces are 0, then don't check hints against indeces.
2024-08-06 08:22:47 +10:00
d65be7af21
wolfcrypt/src/asn.c and wolfssl/wolfcrypt/asn.h: in SetDNSEntry(), defer XFREE(dnsEntry, ...) until end (fixes double free); add PBE_NONE to enum PBESTypes; in EncryptContent(), initialize id to PBE_NONE to fix a -Wmaybe-uninitialized (CheckAlgo() can leave it unchanged even when returning success).
2024-08-04 15:41:52 -05:00
9aa0742baa
Merge pull request #7798 from dgarske/asn_macros
...
ASN macro simplification
merged with github CI tests failing due to unrelated upstream changes (same tests all previously succeeded on this PR, with only 25d14f193715e99c8eff
2024-08-02 16:36:50 -05:00
25d14f1937
Fail with NOT_COMPILED_IN if someone tries to use ConfirmSignature with NO_ASN_CRYPT. Also default to signature failed.
2024-08-02 08:25:15 -07:00
423c1d3e57
fixup
2024-08-02 11:58:50 +10:00
65283fb9bb
Improvement for the --enable-asn=nocrypt. Note: This option skips certificate signature checking, so make check TLS expected failures do not pass. Cleanup of the api.c headers / macros.
2024-08-01 10:27:22 -07:00
ebb49b6e68
RISC-V ChaCha20: assembly implementations
...
ChaCha20:
scalar and vector implementations
vector implementations doing 6, 4, 2, 1 block at a time.
scalar implemetations using roriw and pack
vector implementations using VROR_VI and roriw.
RISC-V SHA-256: avoid using s0 if it can be helped.
2024-08-01 17:51:59 +10:00
1bc085358a
Merge pull request #7817 from dgarske/wildcard_c
...
Fix for .c files to ensure macro guards for wildcard
2024-08-01 08:46:35 +10:00
1dd94bb0cb
Fix for .c files to ensure macro guards for wildcard.
2024-07-31 14:23:05 -07:00
6017c86e5d
wolfcrypt/src/wc_port.c: fix -Wconversions in wc_strdup_ex().
2024-07-31 19:36:59 +00:00
548a2c6d8e
Fixed issues building with nocrypt. Improved logic on `ASN_BER_TO_DER`. Improved logic on unknown extension callback (new `WC_ASN_UNKNOWN_EXT_CB` gate).
2024-07-31 09:42:46 -07:00
6a1139a6ee
Merge pull request #7758 from SparkiDev/riscv-sha256-asm
...
RISC-V 64: Add assembly code for SHA-256
2024-07-30 16:23:57 -07:00
bbbc1e074c
Fixes for clang-tidy.
2024-07-30 10:35:21 -07:00
afb6fe6c5f
Fixes for building due to missing OCSP and DecodePolicyOID (`--enable-curl` and `--enable-openssh`).
2024-07-30 10:35:21 -07:00
20f7d6f9f4
ASN macro simplification. Added new `--enable-asn=all` and `WOLFSSL_ASN_ALL` option. Added granular macros for ASN features like: `WOLFSSL_ASN_CA_ISSUER`, `WOLFSSL_ASN_PARSE_KEYUSAGE`, `WOLFSSL_ASN_TIME_STRING`, `WOLFSSL_OCSP_PARSE_STATUS`.
2024-07-30 10:35:20 -07:00
50d60bf0e7
Code sonar cleanup ( #7782 )
...
* Fix Warning 826814.9284764
* Fix Warning 826836.9285316
Co-authored-by: Andras Fekete <andras@wolfssl.com>
2024-07-30 09:42:43 -07:00
f1e01e4636
RISC-V 64: Add assembly code for SHA-256
...
Move common defines out of AES file to header file.
2024-07-30 12:21:13 +10:00
f9dc5e9f4d
Fixes for uses of deprecated sprintf. If C89 remap XSNPRINTF to use sprintf.
2024-07-29 14:03:44 -07:00
034af8d99c
Merge pull request #7787 from dgarske/stm32u5a
...
Fix STM32 Hash FIFO and add support for STM32U5A9xx
2024-07-29 17:36:52 +10:00
3b74a64029
Merge pull request #7791 from aidangarske/privkeytoder_fix2
...
`api.c` and `asn.c` changes to allow 0 to be passed in and expanded coverage on test cases.
2024-07-29 09:40:20 +10:00
b1765ca6b4
Merge pull request #7785 from dgarske/asn_original
...
Fixes for ASN original
2024-07-26 14:49:13 -04:00
f7094ff3c4
Dilithium: add option to precalc with small sign ( #7744 )
...
WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC added.
It allocates memory for and pre-calculates s1, s2 and t0.
This saves decoding the vectors repeatedly in each signature trial.
2024-07-26 11:46:55 -07:00
c3b5322f86
Merge pull request #7753 from SparkiDev/cortexm_label_fix_2
...
Cortex-M/Thumb2 ASM: fix label
2024-07-26 11:45:09 -07:00
b40913e80c
wolfcrypt/src/random.c: restore outer cast in array_add() to avoid -Wconversion added in b28e22aef0, itself a fix for a defect added in ed11669f3c (root cause of warning is implicit type promotion).
2024-07-25 15:25:32 -05:00
55540d03e7
fix for PR#7786 BUFFER_E bad case
2024-07-25 09:03:19 -07:00
b28e22aef0
fix for casting with add
2024-07-25 09:16:05 -06:00
dace3acd4d
api.c and asn.c changes to allow 0 to be passed in and expanded coverage on test cases
...
(cherry picked from commit 8572f67e60d419ddd74d4a2b7051dcaa7d0ca6b4)
2024-07-25 08:09:37 -07:00
c4f73f5955
Peer review cleanups.
2024-07-24 16:57:51 -07:00
42403a526e
Fix to resolve STM32 hash FIFO. Simplify logic for ensuring FIFO gets filled before doing a save/restore. ZD 18294
2024-07-24 16:06:04 -07:00
3a4788b7bb
Merge pull request #7783 from douzzer/20240723-AesGcmXcrypt-NULL-in-checks
...
20240723-AesGcmXcrypt-NULL-in-checks
2024-07-24 15:33:42 -06:00
7f7d94abd5
Fixes for ASN original (old) to support checking int leading 0 and invalid OID. Disable invalid UTF8 test for old ASN (only supported with newer ASN template).
2024-07-24 12:35:37 -07:00
007f9ea39d
Fix to restore `--enable-asn=original`. Fixes for building with ASN original (old). Add the new limit checks for alt names and subtree to the old ASN code.
2024-07-24 08:28:25 -07:00
d0782a97ce
Merge pull request #7773 from Laboratory-for-Safe-and-Secure-Systems/kyber_compat
...
Kyber fixes
2024-07-24 07:37:10 -07:00
e2b642d4ab
WolfSSL Kyber and CMake fixes
...
* Make sure wc_kyber implementation is compiled using CMake (also for
Zephyr)
* Fix compilation issue when Liboqs is also enabled
* Fix WOLFSSL_INTEL_ASM and WOLFSSL_ARM_ASM CMake options
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
2024-07-24 09:55:29 +02:00
f8726148df
wolfcrypt/src/aes.c: in wc_AesGcmEncrypt() and wc_AesGcmDecrypt(), check and return BAD_FUNC_ARG for nonzero sizes associated with null pointers.
2024-07-23 19:07:32 -05:00
3284f53574
Cortex-M/Thumb2 ASM: fix label
...
IAR doesn't like %=.
Fix code to be consistent in use of labels and branch instructions.
2024-07-24 09:20:40 +10:00
a34ea32f52
Merge pull request #7730 from anhu/unknownExtCallbackEx
...
Extend the unknown extension callback.
2024-07-24 08:37:44 +10:00
6ee22de999
linuxkm: initial support for cross-compilation.
...
also, additional backward-compatibility measures around cp and clean recipe in linuxkm/Makefile.
also, in sp_int.c, tweak DECL_DYN_SP_INT_ARRAY() to use an explicit XMEMSET() to clear n[], to avoid unshimmable implicit memset() from gcc on aarch64.
2024-07-23 10:29:03 -05:00
8f908e76f9
Merge pull request #7776 from douzzer/20240722-fixes
...
20240722-fixes
2024-07-23 06:46:38 -07:00
7c6eb7c4a1
Merge pull request #7751 from SparkiDev/ecc_koblitz_ssl
...
ECC key load: fixes
2024-07-22 16:40:59 -07:00
367508f498
wolfcrypt/src/asn.c: in EccSpecifiedECDomainDecode(), in calls to DataToHexString(), cast curve->size to word32 to resolve -Wconversion.
...
wolfcrypt/src/dh.c: in GeneratePrivateDh186(), add explicit suppression of uninitvar for "cBuf" arg that isn't fully initialized.
wolfcrypt/test/test.c: in mp_test_param(), explicitly initialize "buffer" to avoid uninitvar warning.
configure.ac: in FIPS builds, don't include enable_cryptocb in --enable-all or --enable-all-crypto. (they can still be enabled explicitly in FIPS builds with --enable-cryptocb, but the combination is not currently supported.)
2024-07-22 18:21:36 -05:00
575df43889
Merge pull request #7768 from JacobBarthelmeh/copyright
...
update copyright to 2024
2024-07-19 14:27:39 -07:00
f5ed2460df
cast to larger type for multiplication
2024-07-19 13:59:05 -06:00
e13a8ddcfb
fixes for null derefs in native Dilithium and Kyber implementations, detected by unit.test and cppcheck.
2024-07-19 14:35:39 -05:00
0aa0f26289
wolfcrypt/src/dilithium.c: fix null deref in wc_dilithium_init_ex().
2024-07-19 14:25:53 -05:00
31a6a2bf59
update copyright to 2024
2024-07-19 13:15:05 -06:00
8a9c893c6f
fix for initialization of high value and funtction signature
2024-07-19 11:03:44 -06:00
74d4ae0075
Merge pull request #7704 from aidangarske/PKCS7_PEM
...
Added PKCS7 PEM support:
2024-07-19 07:39:51 -07:00
8bf2fb0ae0
Merge pull request #7765 from Laboratory-for-Safe-and-Secure-Systems/dilithium_fixes
...
Dilithium fixes
2024-07-19 07:36:05 -07:00
f87849b6f6
Dilithium fixes
...
* Fixed incorrect XFREE calls
* Use key->heap where possible
* Fixed compilation with WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM and
WC_DILITHIUM_CACHE_PUB_VECTORS
* Fixed compilation with WOLFSSL_DILITHIUM_ASSIGN_KEY (const pointers)
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
2024-07-19 07:52:14 +02:00
8356b349a5
minor asn update: comments, code format, dateType check in CheckDate.
2024-07-18 18:25:53 -07:00
e6fcd488a6
Merge pull request #7685 from dgarske/renesas_rx_tsip
...
Renesas RX TSIP ECDSA support
2024-07-19 10:53:00 +10:00
4eab0f1231
Fix hard coded values in TSIP ECC verify. Fix issues with tab indentation and spelling.
2024-07-18 16:45:27 -07:00
4bc04673d1
suppress 4 uninitvar warnings, all associated with passing partially written arrays (true but benign positives). newly detected by cppcheck 2.14.2.
2024-07-18 17:22:17 -05:00
04ab561a65
add smallstack support for poly1305 w64wrapper
2024-07-18 07:30:08 -06:00
902087df6f
add w64wrapper support in poly1305
2024-07-18 07:21:57 -06:00
c36ab59f24
fixes for defects identified by nightly testing:
...
* ecc.c: in wc_ecc_free(), fix gating around handling for key->sign_k to resolve memory leak, and in wc_ecc_gen_deterministic_k(), fix -Wconversion.
* test.c: add missing mp_free()s to ecdsa_test_deterministic_k_rs() and ecc521_test_deterministic_k().
* wc_HashType: change several occurrences of int to enum wc_HashType, including ecc_key.hashType and API wc_ecc_set_deterministic_ex(), to resolve C++ warnings.
* fixes for various C++ warnings/errors in crypto and TLS layers and test and benchmark code -- implicit casts, negative initializers for unsigned type, jumped initializers, and missing enums in switch()es.
2024-07-17 18:07:08 -05:00
bbd8fdfc38
Cleanup Renesas RX default devId and improve logic for overflow check.
2024-07-16 17:48:16 -07:00
5298039d09
fixes from peer review: move OS-specific code from wolfSSL_BIO_read() and wolfSSL_BIO_write() to wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), and wolfIO_SendTo(); add SOCKET_ETIMEDOUT definitions to wolfio.h; misc cleanups.
2024-07-16 19:12:19 -05:00
41efa0492c
add ASN_ prefixes to ISSUER, SUBJECT, BEFORE, and AFTER enum constants defined in wolfssl/wolfcrypt/asn.h.
2024-07-16 19:12:18 -05:00
0f3ebedba0
Merge pull request #7700 from aidangarske/ECDSA_deterministic_k
...
ecc.c and test.c changes to add support in ecc_sign_determinsitic.c
2024-07-17 09:12:32 +10:00
237df2cb11
Hash Type selection changes to `ecc.c`.
2024-07-16 15:17:40 -07:00
500951f059
Dilithium: support fixed size arays in dilithium_key
...
Support fixed size arrays for pre-generated matrix and vectors.
Define: WC_DILITHIUM_FIXED_ARRAY
2024-07-17 07:36:14 +10:00
96af77d757
Hash Type selection changes to `ecc.c`.
2024-07-16 11:12:29 -07:00
bbd769d43a
Merge pull request #7728 from SparkiDev/poly1305_aarch64_uniq_name
...
Poly1305 AArch64: unique naming of asm funcs
2024-07-16 10:10:54 -06:00
e002b6efd3
Merge pull request #7742 from embhorn/zd18240
...
Fix ParseCRL_AuthKeyIdExt setting extAuthKeyIdSet
2024-07-16 09:38:54 +10:00
f2f3a8273d
Merge pull request #7732 from kaleb-himes/NUCLEUS-FIPS-SRTP-KDF
...
Check-in Nucleus Plus 2.3 port work
2024-07-16 09:37:15 +10:00
137831367d
Merge pull request #7710 from anhu/preTBS_altsigalg_fix
...
Stop stripping out the sequence header on the AltSigAlg extension.
2024-07-16 09:35:11 +10:00
2b4acf5027
Revert built-in `wc_GenerateSeed` support for RX TSIP removed in #6851 .
2024-07-15 10:10:38 -07:00
93ca213a68
Merge pull request #7736 from space88man/fix-pkcs11-slot
...
wolfcrypt/src/wc_pkcs11.c: iterate correctly over slotId
2024-07-15 15:52:40 +10:00
dc86dad26b
ECC key load: fixes
...
asn.c:
Return the curve OID sum with alg_id for ECC keys.
ssl_load.c:
Don't permanently strip the PKCS#8 information as it contains the
curve OID.
2024-07-15 15:46:05 +10:00
d6731f0f84
Fix ParseCRL_AuthKeyIdExt setting extAuthKeyIdSet
2024-07-12 07:43:23 -05:00
f84ea01f72
Get rid of macro test
2024-07-11 21:52:52 -04:00
1cf96eb72c
Merge pull request #7741 from douzzer/20240714-asn-Wconversion
...
20240714-asn-Wconversion
2024-07-11 16:48:52 -06:00
baec0ced59
Merge pull request #7731 from ColtonWilley/zephyr_tls_support
...
Changes needed for default TLS support in zephyr kernel
2024-07-11 16:46:43 -06:00
e0494b5f04
Merge pull request #7738 from dgarske/pkcs11_rsakeygen
...
Fix to support PKCS11 without RSA key generation
2024-07-12 08:45:53 +10:00
76f669b1cc
wolfcrypt/src/asn.c: fix -Wconversion in GetLength_ex() added in fea7a89b86.
2024-07-11 14:47:58 -05:00
3cc7bbea67
Merge pull request #7737 from JacobBarthelmeh/staticmemory-singlethreaded
...
fix for staticmemory and singlethreaded build
2024-07-11 09:57:08 +10:00
41cf8c090b
Fix compiler issues with unused variable and printf.
2024-07-10 16:07:43 -07:00
fe2a826ede
Better guarding.
2024-07-10 18:28:22 -04:00
6456281b41
Add support for uknown certificate extensions in PKCS7
2024-07-10 16:15:45 -04:00
28db1b19e1
Fix to support PKCS11 without RSA key generation. Fixed `Pkcs11Rsa` where `ret` failure could be ignored.
2024-07-10 11:17:02 -07:00
e581930cb7
Extend the unknown extension callback.
...
This will allow the user to pass in a context pointer. Allows them to avoid
global variables.
We also add unknown extensions callback when processing a CA in cert manager
as CA certs can have unknown extensions as well.
Fixes ZD 18252
2024-07-10 13:22:19 -04:00
204668778b
Merge pull request #7733 from SparkiDev/coverity_3
...
Coverity fixes
2024-07-10 10:01:29 -06:00
6703a58c51
fix for staticmemory and singlethreaded build
2024-07-10 09:44:10 -06:00
fdd03fa909
wolfcrypt/src/wc_pkcs11.c: iterate correctly over slotId when searching for token
...
Addresses #7734
2024-07-10 21:01:35 +08:00
fea7a89b86
Coverity fixes
...
pk.c:
EncryptDerKey - setting wrong ret value on allocation failure.
wolfssl_rsa_generate_key_native - now checks e is a valid long
before passing in.
Fix formatting.
ssl_load.c:
ProcessBufferPrivPkcs8Dec - now checking password is not NULL
before zeroizing. Allocation may fail and ForceZero doesn't check for
NULL.
Fix formatting.
tests/api.c:
test_RsaSigFailure_cm - Check cert_sz is greater than zero
before use.
send_new_session_ticket - assert that building the message
doesn't return error or 0.
test_ticket_nonce_malloc - fix setting of medium and big to use
preprocessor. Fix big to be medium + 20.
asn.c:
GetLength_ex - Fix type of bytes so that it can go negative.
sp_int.h:
sp_clamp - add one to ii while it is a signed.
Fix formatting.
2024-07-10 11:40:48 +10:00
c333fdf545
Check-in Nucleus Plus 2.3 port work
2024-07-09 15:53:00 -06:00
4ec07bb5a8
Changes needed for default TLS support in zephyr kernel
2024-07-09 12:00:34 -07:00
90836c782b
Poly1305 AArch64: unique naming of asm funcs
...
Change function names to ensure no clash with OpenSSL.
Specifically: poly1305_blocks()
2024-07-09 11:02:10 +10:00
d1e26b4f5d
Dilithium: fixes
...
Fix inclusion of functions dilithium_vec_check_low() in build:
--enable-dilithium=verify-only,44,65,87
CFLAGS=-DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
Fix memory leaks in unit.test:
--enable-dilithium CFLAGS=-DWC_DILITHIUM_CACHE_MATRIX_A 'CC=clang
-fsanitize=address'
2024-07-08 15:02:43 +10:00
e35e713c4a
wolfcrypt/src/asn.c: fix for copy-paste error in FillSigner() WOLFSSL_DUAL_ALG_CERTS path.
2024-07-06 10:04:26 -05:00
c8a9bdbe15
wolfcrypt/src/asn.c: fix for -Wconversion in FillSigner().
2024-07-05 20:42:32 -05:00
88af1a2932
fixes for Coverity #394680 , #394682 , #394693 , #394712 .
2024-07-05 20:42:32 -05:00
de20bb7ba9
fix for coverity issue 394677
2024-07-05 15:13:28 -06:00
c880fcf822
add check on padSz return, coverity issue 394711
2024-07-05 12:07:42 -06:00
50a7243486
fix for coverity issue 394670 possible overflow
2024-07-05 11:53:19 -06:00
fbdb064a4b
coverity issue 394701 possible derefernce before null check
2024-07-05 11:24:42 -06:00
ac52660d5b
Merge pull request #7713 from SparkiDev/dilithium_sign_small_alloc
...
Dilithium: add implementation of signing that allocated less
2024-07-05 10:38:19 -06:00
8946e3fb4b
Merge pull request #7702 from rizlik/ocspv2
...
ocsp stapling improvements
2024-07-05 10:29:25 -06:00
5ca9b2f8a4
Merge pull request #7712 from SparkiDev/kyber_ml_kem
...
KYBER/ML-KEM: make ML-KEM available
2024-07-05 09:15:08 -06:00
4ae277d21e
Fixes for building RX TSIP with e2Studio project. Fixed tsip_Tls13GenEccKeyPair incorrect free of key if TSIP not used (ZD18222).
2024-07-05 07:44:00 -07:00
44a5e1a398
Dilithium: add implementation of signing that allocated less
...
Added implementation of signing that allocates less memory by doing the
matrix/vector loops in the sign code - WOLFSSL_DILITHIUM_SIGN_SMALL_MEM.
Split out vector operations into vector and polynomial operations so
that small mem signing can call them.
Fix benchmark to be able to compile with only Dilithium and no
asymmetric algorithms.
2024-07-05 16:20:06 +10:00
f91d0a2925
Remove hash type check not required for ECDSA deterministic k. Fix `_HMAC_K` devId.
2024-07-04 14:49:20 -07:00
1fd9f2af91
KYBER/ML-KEM: make ML-KEM available
...
Added ML-KEM instead of Kyber implementation with WOLFSSL_ML_KEM.
Tests added from NIST for ML-KEM operations.
2024-07-04 23:51:23 +10:00
387f36657c
Dilithium: Add KATs and fix key generation
...
Add KATs from NIST and fix key generation to produce output of KATs.
2024-07-04 22:22:11 +10:00
fe932b893c
fixup! csrv2multi: pending ca list
2024-07-04 10:21:20 +02:00
f5e27bfb0c
Stop stripping out the sequence header on the AltSigAlg extension.
2024-07-03 19:02:04 -04:00
4335dac794
Add `wc_ecc_set_deterministic_ex` to support custom hash type for deterministic sign or verify.
2024-07-03 15:13:29 -07:00
ba1eedb46b
Merge pull request #7697 from SparkiDev/arm32_ldrd_strd_fix
...
ARM32 SHA-3 ASM: fix ldrd/strd for ARMv6
2024-07-02 17:18:06 -06:00
d7b0aa92cb
Merge pull request #7694 from SparkiDev/sp_x64_asm_fix_3
...
SP Intel x64 ASM: fix get_from_table ASM
2024-07-02 17:13:49 -06:00
804f25d76b
Sha3.c wc_Sha3Update and wc_Sha3Final changes so that hash type is determined in the processing functions.
2024-07-02 10:32:57 -07:00
c065e4a854
Added PKCS7 PEM support: "-----BEGIN PKCS7-----" and "-----END PKCS7-----"
2024-07-02 07:58:01 -07:00
b5206e8504
csrv2multi: pending ca list
2024-07-02 09:51:34 +02:00
7ad0248558
Fix for RX TSIP ECDSA Verify hash padding/truncation. Fix to set ECDSA crypto callback "res" on success.
2024-07-01 13:43:26 -07:00
32066373c2
Merge pull request #7695 from dgarske/compat_realloc
...
Fixes for building the compatibility layer with no realloc
2024-07-01 11:37:52 -06:00
ac7f44b0dc
Fix the async tests for deterministic sign. The _ex versions cannot be called again. Fix possible leak with async and deterministic sign.
2024-07-01 10:13:28 -07:00
b5b0e17587
ecc.c and test.c changes to add support in ecc_sign_determinsitic.c for SHA256, SHA384, and SHA512 for SECP256R1, SECP384R1, SECP521R1.
2024-07-01 08:43:32 -07:00
45442db047
ARM32 SHA-3 ASM: fix ldrd/strd for ARMv6
...
LDRD/STRD not available with ARMv6 and the alternative is two ldr/str
operations. Pointer was 64-bits causing second ldr/str to be 8 bytes
passed first and not 4 bytes. Fixed in asm to add 4 rather than index.
2024-07-01 15:23:53 +10:00
864a9d0598
Dilithium: fixes
...
TLS uses DER API now and needs to be protected with the right #ifdefs.
Do the right check of size in wc_Dilithium_PrivateKeyDecode().
Don't require public key when doing private DER.
2024-06-28 10:55:16 +10:00
2a86ca43f8
Fixes for building the compatibility layer with `WOLFSSL_NO_REALLOC`. Tested using `./configure --enable-opensslextra CFLAGS="-DWOLFSSL_NO_REALLOC"`.
...
Improve benchmark FreeRTOS default tick rate logic. For example Xilinx FreeRTOS uses 10ms tick (not default 1ms), so include `configTICK_RATE_HZ` in calculation if available.
Fix test.c warning around too many parens with no realloc.
2024-06-27 16:02:28 -07:00
4dc52484f6
SP Intel x64 ASM: fix get_from_table ASM
...
Use movdqu instead of vmovdqu so that function works on SSE2 only CPUs.
2024-06-28 07:42:56 +10:00
4d56cc1790
Regression testing: memory allocation failure
...
Fixes from memory allocation failure testing.
Also:
fix asn.c to have ifdef protection around code compiled in with dual
algorithm certificates.
fix test_tls13_rpk_handshake() to support no TLS 1.2 or no TLS 1.3.
fix wc_xmss_sigsleft() to initialize the index to avoid compilation
error.
2024-06-27 17:17:53 +10:00
73a1938e89
Added Renesas RX TSIP ECDSA Verify Crypto callback.
2024-06-26 17:39:29 -07:00
474b8a0673
Merge pull request #7682 from SparkiDev/dilithium_fix_1
...
Dilithium: fix public and private key decode
2024-06-26 00:03:03 -04:00
e81e18859b
Support for Renesas RX TSIP with ECDSA and Crypto Callbacks.
...
Fix building ECC with NO_ASN (`./configure --enable-cryptonly --disable-rsa --disable-asn --disable-examples`).
2024-06-25 17:43:16 -07:00
22abd37408
Merge pull request #7681 from SparkiDev/kyber_improv_1
...
Kyber: Improve performance
2024-06-25 15:25:51 -06:00
263eb6c60f
Merge pull request #7666 from SparkiDev/sp_x64_asm_fix_2
...
SP Intel x64 ASM: fixes
2024-06-25 10:18:31 -06:00
8bba660f9c
Dilithium: fix public and private key decode
...
Fixes to decoding to prevent accessing NULL key.
2024-06-25 19:37:11 +10:00
aa61f98955
Kyber: Improve performance
...
Unroll loops and use larger types.
Allow benchmark to run each kyber parameter separately.
Allow benchmark to have -ml-dsa specified which runs all parameters.
Fix thumb2 ASM C code to not have duplicate includes and ifdef checks.
Fix thumb2 ASM C code to include error-crypt.h to ensure no empty
translation unit.
Check for WOLFSSL_SHA3 before including Thumb2 SHA-3 assembly code.
2024-06-25 18:53:53 +10:00
7b029d3447
Fixes for building `WOLFSSL_RENESAS_TSIP_CRYPTONLY` and `NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH`.
2024-06-24 16:26:27 -07:00
5793f626ac
Merge pull request #7677 from Laboratory-for-Safe-and-Secure-Systems/mldsa_fixes
...
Fixes for WolfSSL ML-DSA implementation
2024-06-25 09:12:25 +10:00
be68ba4850
Merge pull request #7676 from SparkiDev/dilithium_opt_1
...
Dilithium: C code optimized
2024-06-24 12:09:29 -07:00
7cd610bc45
Fixes for WolfSSL ML-DSA implementation
...
* Update OIDs etc. to match OQS ML-DSA values (old ones were Dilithium
Round 3 values)
* Make sure private key files/buffers containing both the private and
the public key are parsed correctly
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
2024-06-24 15:00:44 +02:00
0900e00ee7
Merge pull request #7650 from kaleb-himes/SRTP-KDF-CODEREVIEWr2
...
Add sanity for case id'd in optesting review
2024-06-24 17:04:13 +10:00
75475ae624
Merge pull request #7633 from JacobBarthelmeh/netos
...
use WOLFSSL_NETOS_STACK_SZ for stack size when creating tx thread
2024-06-24 16:44:47 +10:00
f1b1483c63
Merge pull request #7669 from JacobBarthelmeh/x509_dn
...
sanity check for empty directory strings
2024-06-24 16:44:03 +10:00
a094831e1a
Dilithium: C code optimized
...
Changes to get best out of 32-bit ARM chips.
Fixes come compile errors when cutting out functions.
WOLFSSL_DILITHIUM_SIGN_CHECK_Y and WOLFSSL_DILITHIUM_SIGN_CHECK_W0 added
to speed up signing. No longer specification conformat when either used.
2024-06-24 16:37:43 +10:00
2312cb4563
Merge pull request #7667 from SparkiDev/sha3_thumb2_arm32_asm
...
SHA-3 Thumb2, ARM32 ASM: Add assembly implemention
2024-06-23 20:16:32 -07:00
b4e15d028c
WOLF_CRYPTO_CB && WOLFSSL_SHA3: add FIPS gating to wc_CryptoCb_Sha3Hash() and test routine myCryptoDevCb().
2024-06-22 11:20:53 -05:00
0cf5421e5a
Merge pull request #7673 from douzzer/20240621-fix-oqs_dilithium_make_key-leak
...
20240621-fix-oqs_dilithium_make_key-leak
2024-06-21 15:37:24 -06:00
c9d83babe0
Merge pull request #7363 from kaleb-himes/WinCE-supporting-work
...
Manually check-in pre-operational-testing changes for WinCE port effort
2024-06-21 14:02:48 -06:00
23f796c0b4
Cleanup excess line
2024-06-21 15:55:08 -04:00
871dc9c19b
Implement peer review feedback
2024-06-21 15:54:04 -04:00
f00e5247bb
Add sanity for case id'd in optesting review
2024-06-21 15:54:04 -04:00
e72db4a306
Merge pull request #7612 from dgarske/rsa_pad
...
Improvements to RSA padding to expose Pad/Unpad API's
2024-06-21 13:19:28 -06:00
25b72497d8
wolfcrypt/src/dilithium.c: add missing OQS_SIG_free() in oqs_dilithium_make_key() (liboqs wrapper).
2024-06-21 14:04:32 -05:00
94e031e905
Manually check-in pre-operational-testing changes for WinCE port effort
2024-06-21 09:52:57 -06:00
8734f1251d
SHA-3 Thumb2, ARM32 ASM: Add assembly implemention
...
Add SHA-3 assembly implementation for Thumb2 and ARM32.
2024-06-21 14:38:51 +10:00
e8c3a7dfce
fix for wolfcrypt/src/sha3.c (void)type
2024-06-20 15:03:51 -07:00
1ef9a8fe7c
Added crypto callback for SHA3 and extended the test.c tests for it in cryptocb_test.
2024-06-20 14:15:28 -07:00
8ee01ebaf2
sanity check for empty directory strings
2024-06-20 13:42:31 -06:00
75d06cd6f3
SP Intel x64 ASM: fixes
...
Don't use RIP relative with XMM/YMM instructions.
For MSVC asm, explicitly state type for pointer.
For MSVC asm, don't use vmodvqu for saving XMM registers unless this is
AVX2 code.
2024-06-20 08:33:05 +10:00
38c7327660
Merge pull request #7622 from SparkiDev/ml-dsa
...
Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87
2024-06-19 13:32:35 -04:00
3e3a00dafd
Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87
...
Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard.
Implementation include making a key, signing and verification.
Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.
2024-06-19 21:27:01 +10:00
24291b4147
Merge pull request #7600 from SparkiDev/wc_ecc_mulmod_zero_z1
...
ECC: when multiplying by zero, set z to 1
2024-06-18 16:36:35 -06:00
71be6524f7
Merge pull request #7649 from SparkiDev/cortexm_label_fix
...
Cortex-M inline assembly: labels with unique number appended
2024-06-18 15:31:13 -07:00
eef20ceb51
Merge pull request #7654 from SparkiDev/kyber_c_ntt_invntt_fast
...
Kyber: Improve performance of C implementation
2024-06-18 09:38:25 -06:00
f863513f37
Kyber: Improve performance of C implementation
...
Add larger faster implementations of NTT and inverse NTT.
Allow smaller but still fast implementations to be used as well.
2024-06-18 18:09:33 +10:00
187dbd9974
wolfcrypt/src/logging.c: address peer review for PR #7647 .
2024-06-17 23:37:13 -05:00
fbd69f9b48
ECC: when multiplying by zero, set z to 1
...
Make sure zero times a point is infinity but z is 1 as it is assumed
later on.
2024-06-18 11:30:57 +10:00
8aaf5670f4
Cortex-M inline assembly: labels with unique number appended
...
When functions are inlined, the labels need to be unique.
Putting '%=' on the end of the label ensures that the compilers appends
a unique number to the end.
2024-06-17 17:47:40 +10:00
2c69e4a56b
add --debug-code-points and WOLFSSL_DEBUG_CODEPOINTS,
...
add file_name and line_number args to wolfssl_log(),
and inside WOLFSSL_DEBUG_CODEPOINTS gates,
add WOLFSSL_MSG_EX2(), WOLFSSL_MSG2(), WOLFSSL_ENTER2(), and WOLFSSL_LEAVE2(), each with file and line args,
and add wrapper macros for WOLFSSL_MSG, WOLFSSL_MSG_EX, WOLFSSL_ENTER, and WOLFSSL_LEAVE, that pass in file and line.
2024-06-15 00:54:39 -05:00
1b907d05ed
WOLFSSL_DEBUG_TRACE_ERROR_CODES: restore several initializations, one because needed (in wolfSSL_UseSecureRenegotiation()), the rest in an abundance of caution, and rearrange wolfSSL_CryptHwMutexInit() and wolfSSL_CryptHwMutexUnLock() in a similar abundance of caution.
2024-06-10 13:44:03 -05:00
b3e8f0ad24
add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES.
2024-06-08 16:39:53 -05:00
1753d524d7
use WOLFSSL_NETOS_STACK_SZ for stack size when creating tx thread
2024-06-07 14:30:26 -06:00
e960a00650
Merge pull request #7625 from JacobBarthelmeh/x509
...
sanity check on non conforming serial number of 0
2024-06-07 08:33:38 -07:00
467b3cb561
add parsing 0 serial numbers for certs with python
2024-06-06 16:24:48 -06:00
71db561c96
wolfcrypt/src/port/riscv/riscv-64-aes.c: fix trailing whitespace.
2024-06-06 16:25:50 -05:00
ef925b8b30
wolfcrypt/src/wc_kyber_poly.c: fix bugprone-macro-parentheses for FROM_MSG_BIT.
2024-06-06 16:21:32 -05:00
d80f05bf77
Merge pull request #7624 from gasbytes/stack-on-calcdx
...
update CalcDX with small-stack support
2024-06-06 16:05:56 -04:00
690d8f7f89
sanity check on non conforming serial number of 0
2024-06-06 13:22:57 -06:00
b69482ffac
Merge pull request #7569 from SparkiDev/riscv_aes_asm
...
AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM
2024-06-06 08:11:31 -07:00
acd604db3d
AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM
...
Add implementations of AES for ECB/CBC/CTR/GCM/CCM for RISC-V using
assembly.
Assembly with standard/scalar cryptography/vector cryptographt
instructions.
2024-06-06 13:16:00 +10:00
5132a17fab
Merge pull request #7613 from SparkiDev/kyber_fixes_2
...
Kyber: fix kyber_from_msg()
2024-06-05 17:28:39 -07:00
92bbd651b6
rename wolfcrypt/src/fe_x25519_128.i to wolfcrypt/src/fe_x25519_128.h to avoid appearance as a cleanable intermediate.
2024-06-05 16:56:03 -05:00
589353f346
update CalcDX with small-stack support
2024-06-05 18:53:34 +02:00
df44face56
Kyber: fix kyber_from_msg()
...
New compilers with specific optimization levels will produce
non-constant time code for kyber_from_msg().
Add in an optimization blocker that stops the compiler from assuming
anything about the value to be ANDed with KYBER_Q_1_HALF.
2024-06-04 22:20:22 +10:00
305a754de3
Improvements to RSA padding. Expose API's to support external pad/unpad.
2024-06-03 12:23:31 -07:00
e8e6eaeb4d
Import Raw Rsa Key
...
1. Add API for importing an RSA private key, `wc_RsaPrivateKeyDecodeRaw()`,
when all you have are the components of the key in raw arrays. Also
recalculates dP and dQ if missing.
2. Add API test for `wc_RsaPrivateKeyDecodeRaw()`.
2024-06-03 09:03:29 -07:00
4d2ce1131a
Fix for #7606 : ESP_LOGI typo
2024-05-31 15:33:46 -07:00
40562a0cb3
Merge pull request #7599 from dgarske/asn_checkcertsig
...
Expose `wc_CheckCertSigPubKey` with `WOLFSSL_SMALL_CERT_VERIFY`
2024-05-31 09:20:35 -06:00
0789ecb808
Fix the `CheckCertSignature` API mess.
2024-05-31 06:58:35 -07:00
4b77d4caa1
Merge pull request #7589 from rizlik/sp800_56c
...
wolfcrypt: support NIST 800-56C Option 1 KDF
2024-05-31 11:55:12 +10:00
fc8a509b06
Merge pull request #7597 from ColtonWilley/max_altnames_and_name_constraints
...
Max limits on number of alternative names and name constraints
2024-05-31 11:24:30 +10:00
7fadd4ed9f
Merge pull request #7595 from JacobBarthelmeh/static
...
Pull in some staticmemory features
2024-05-30 16:31:54 -07:00
ebdc8b9a32
rename of macros, add descriptions, minor fixes
2024-05-30 14:48:52 -06:00
34ca03770f
still compile in wc_RsaKeyToDer with keygen but NO_CERTS
2024-05-30 09:58:25 -06:00
174456437e
wolcrypt: NIST_SP_800_56C address reviewer's comments
2024-05-30 11:39:49 +02:00
a17677c946
Remove trailing whitespace
2024-05-29 21:29:55 -07:00
af537a6ae3
Move definition to beginning of block
2024-05-29 17:02:29 -07:00
0b7f293691
Expose `wc_CheckCertSigPubKey` with `WOLFSSL_SMALL_CERT_VERIFY`.
2024-05-29 16:32:31 -07:00
cf61df129c
fix typo with NO_CERTS macro
2024-05-29 17:08:01 -06:00
b00ae2ac69
Initial implementation of max limits on number of alternative names and name constraints
2024-05-29 15:55:17 -07:00
6cca3a0d92
tie in static memory debug callback
2024-05-29 15:50:14 -06:00
288fe430f5
tying in lean staticmemory build with --enable-staticmemory=small
2024-05-29 15:50:11 -06:00
18d80864b9
add lean static memory build
2024-05-29 15:44:09 -06:00
5306a85465
wolfcrypt: support NIST 800-56C Option 1 KDF
2024-05-28 14:40:52 +02:00
8de00d7651
fix benign clang-analyzer-deadcode.DeadStores in pq crypto files introduced in 9a58301ab1.
2024-05-24 14:24:02 -05:00
d28dd602e5
Various fixes for dual algorithm certificates ( #7577 )
...
This commit adds varios fixes for the implementation of hybrid
certificates with two algorithms:
* Support for Certificate Signing Requests (both creating hybrid ones
and also verifying ones)
* Fix for SAN fields in the DecodedCert and PreTBS generation
* Fix related to WOLFSSL_SMALL_STACK
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-05-23 15:03:55 -04:00
b98e4e0093
Merge pull request #7576 from Frauschi/pqc_private_key_fix
...
Fix PQC and hybrid certificate regressions
2024-05-23 15:03:16 -04:00
40db521f8b
Merge pull request #7575 from josepho0918/cmac
...
Simplify CMAC verification logic
2024-05-23 10:37:57 -07:00
9a58301ab1
Fix PQC and hybrid certificate regressions
...
Due to recent changes in the logic to decode private keys and to parse
the TLS1.3 CertificateVerify message, some regressions regarding PQC
private keys and hybrid certificates have been introduced:
* Decoding PQC private keys fails as the PKCS8 header of a decoded DER
file is now already removed before parsing the key.
* The key size wasn't properly stored in the context for PQC keys after
decoding a certificate (always the maximum size)
* The two 16-bit size values in case of a hybrid signature in the
CertificateVerify message have been incorrectly decoded as 32-bit
values instead of 16-bit values. This resulted in wrong values,
leading to segmentation faults.
All three regressions are fixed with the changes in this commit.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-05-23 16:01:28 +02:00
8a7e3ba52e
Simplify CMAC verification logic
2024-05-23 15:12:10 +08:00
110f4ec737
wolfcrypt/src/sha256.c: in WC_NO_INTERNAL_FUNCTION_POINTERS code path (linuxkm), fix oversight whereby Transform_Sha256_AVX1_Sha() was used on targets with false IS_INTEL_SHA(intel_flags). the former SHA256_AVX1 method id is now split into SHA256_AVX1_SHA and SHA256_AVX1_NOSHA, with corresponding fixes in Sha256_SetTransform(), inline_XTRANSFORM() and inline_XTRANSFORM_LEN().
2024-05-22 15:39:46 -05:00
c5ce984966
wolfcrypt/src/wc_xmss_impl.c:wc_xmssmt_sign_next_idx(): use (XmssIdx)1, not (word32)1, for a shift-by-height operand;
...
src/ssl.c:set_curves_list(): don't attempt to enable curves that are out-of-range for word32 disabled.
2024-05-21 13:57:40 -05:00
43b2c80862
Merge pull request #7552 from dgarske/ecies_own_salt
...
Add option for using a custom salt for ourselves
2024-05-21 09:19:12 +10:00
5a0594d257
Match `wc_ecc_ctx_set_kdf_salt` argument names between header and implementation.
2024-05-20 08:38:23 -07:00
d0e73783f1
wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: add FIPS_AES_XTS_MAX_BYTES_PER_TWEAK and struct XtsAesStreamData, with improved error checking on streaming AES-XTS APIs;
...
wolfcrypt/test/test.c and linuxkm/lkcapi_glue.c: update AES-XTS streaming calls to use struct XtsAesStreamData;
linuxkm/lkcapi_glue.c: add handling for CONFIG_CRYPTO_MANAGER*.
2024-05-18 22:00:00 -05:00
5c6218696b
wolfcrypt/src/misc.c: fix -Wconversions in CopyString();
...
src/ssl.c: fix missing semicolon in wolfSSL_CTX_check_private_key().
2024-05-18 02:31:58 -05:00
391431c7d8
Merge pull request #7539 from bandi13/fixConversionPart2
...
Fix conversion part2
2024-05-17 12:29:46 -07:00
95095f5bc4
Add option for using a custom salt for ourselves. ZD 17988
2024-05-17 08:16:04 -07:00
c0015cbda6
Merge pull request #7549 from douzzer/20240516-wc_AesXtsEnDecryptFinal
...
20240516-wc_AesXtsEnDecryptFinal
2024-05-17 09:43:26 +10:00
219a338107
Merge pull request #7547 from philljj/spelling_cleanup
...
Used codespell and fixed some obvious typos.
2024-05-16 14:10:19 -07:00
6d0f611ab5
AES-XTS: add wc_AesXtsEncryptFinal() and wc_AesXtsDecryptFinal() for API consistency, and add error-checking (block alignment check) to wc_AesXtsEncryptUpdate() and wc_AesXtsDecryptUpdate().
2024-05-16 15:20:37 -05:00
040e0c956a
Used codespell and fixed obvious typos.
2024-05-16 13:53:26 -05:00
d9f7629296
Add grpc support
...
- Fix BIO_BIO type
- Set retry flags correctly
- Add CRL callback
- Copy the alt names instead of trying to share a pointer
- Allow calling wolfSSL_get_servername on client side (to get the requested name)
- Return the chain in wolfSSL_X509_STORE_CTX_get_chain in the correct order
- Peer first, top CA last
- Fix leak in RebuildFullName
- Add CopyString helper function
- Implement
- X509_CRL_dup
- ASN1_UTCTIME_set
- X509_STORE_CTX_get0_param
- X509_STORE_get0_param
- X509_STORE_set_verify_cb
- X509_STORE_set_get_crl
- X509_set1_notAfter
- X509_set1_notBefore
2024-05-16 18:20:53 +02:00
21204244c5
Merge pull request #7394 from embhorn/zd17779
...
Add null check to wolfSSL_Free
2024-05-16 09:31:37 -06:00
7f1af2feb3
Fix PlatformIO freertos semphr.h include
2024-05-15 18:24:00 -07:00
76527c3eaa
Address a report from multi-test about 8-bit chars
2024-05-15 15:21:41 -04:00
4e5a98e65d
Fix from rebase
2024-05-15 14:03:12 -05:00
6719909f4e
Add logging.h header in pwdbased.c when DEBUG_WOLFSSL
2024-05-15 14:02:44 -04:00
7047991cda
Log when iterations LT 1000 but take no action
2024-05-15 14:02:44 -04:00
a9511e118a
Add SP800-132 112 bit minimum applicable after stretch/strengthen
2024-05-15 14:02:44 -04:00
Brett Nicholas
Bill Phipps
jordan
Bill Phipps
John Safranek
Colton Willey
Sean Parkinson
Daniel Pouzzner
David Garske
JacobBarthelmeh
Hideki Miyazaki
ZackLabPC
night1rider
msi-debian
András Fekete
Juliusz Sosinowicz
Joshua Okeleke
Siert Wieringa
Anthony Hu
gojimmypi
Marco Oliverio
Sergey Fedorov
Reda Chouk
Eric Blankenhorn
Andras Fekete
aidan garske
Kaleb Himes
Tobias Frauenschläger
S-P Chan
gasbytes
Anthony Hu
Joseph Chen