WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
11,848 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

3968 Commits (52a2222c79d4fc96d5f65fb785ab64fb8f35f823)

Author SHA1 Message Date
JacobBarthelmeh 81dc0ac56f
Merge pull request #2956 from tmael/hkdf 
Check HKDF-Expand length of output <= 255*HashLen
 2020-05-08 16:36:40 -06:00
kaleb-himes 82c86447e7 Fix failing build for rsa_verify_only example 2020-05-08 16:18:30 -06:00
toddouska 6b930d996c
Merge pull request #2958 from julek-wolfssl/ASN_IP_TYPE-without-openssl 
Support IP alternative subject name without OpenSSL
 2020-05-08 13:27:27 -07:00
toddouska 4a44b7b781
Merge pull request #2954 from SparkiDev/sp_rsa_pq_len 
Only use SP for RSA private operations if P and Q half bits
 2020-05-08 08:30:30 -07:00
Juliusz Sosinowicz b5886e0e37 Add option `--enable-ip-alt-name` 
This commit adds the configure option `--enable-ip-alt-name` that enables support for the IP alternative subject name parsing in `wolfcrypt/src/asn.c:DecodeAltNames`.
 2020-05-08 13:20:24 +02:00
Tesfa Mael b39e384cfd Review comment 2020-05-07 13:39:53 -07:00
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
Sean Parkinson b331804c27 SP C: Fix array size for cache resistant modexp 2020-05-07 10:00:14 +10:00
Tesfa Mael 2ab478f8fd Check length of output <= 255*HashLen 2020-05-06 15:47:39 -07:00
Sean Parkinson c4af5db4b9 Only use SP for RSA private operations if P and Q half bits 2020-05-07 08:46:48 +10:00
toddouska be3c39ed1c
Merge pull request #2948 from JacobBarthelmeh/SanityChecks 
update armv8 aes gcm sanity checks
 2020-05-06 10:31:09 -07:00
toddouska 5e45767cc3
Merge pull request #2943 from JacobBarthelmeh/Testing 
check on length of unwrap before memmove
 2020-05-05 11:09:06 -07:00
Jacob Barthelmeh 0f6fef8384 update armv8 aes gcm sanity checks 2020-05-05 09:47:05 -06:00
Sean Parkinson 74040c62af
Merge pull request #2944 from dgarske/sp_cacheres 
Fixes for C32/C64 SP math with `WOLFSSL_SP_CACHE_RESISTANT`
 2020-05-05 10:43:00 +10:00
David Garske 174b4d5159 Cleanup of SP with small stack. Expand support for `WOLFSSL_SP_NO_MALLOC`. Fix for evp.c when included directly. 2020-05-04 14:23:32 -07:00
David Garske 8e0f5ef8ce Fixes for `WOLFSSL_SP_CACHE_RESISTANT` with small stack. 2020-05-04 11:22:12 -07:00
David Garske c28ad38b16 Fix for cast issue caused by PR #2900. Applies to `WOLFSSL_SP_CACHE_RESISTANT` and c32/c64 versions only. 2020-05-04 10:49:59 -07:00
Jacob Barthelmeh 082e51d778 check on length of unwrap before memmove 2020-05-04 10:32:05 -06:00
Jacob Barthelmeh 9f735b4d6e sanity check on PemToDer type 2020-05-01 16:41:18 -06:00
toddouska 3944c8eb73
Merge pull request #2935 from ejohnstown/hush-tfm 
Hush TFM Warnings
 2020-05-01 08:26:42 -07:00
John Safranek b6bd86d2b1
TFM Warnings 
When building in VS, the MSC will complain about some constants getting
implicitly promoted to 64-bit. Added some type-casts to hush the warnings.
 2020-04-30 19:43:18 -07:00
toddouska f772bc8d9a
Merge pull request #2923 from dgarske/pic32mz 
Fixes for PIC32MZ crypto hardware cache and large hash
 2020-04-30 16:22:13 -07:00
toddouska a1489d981c
Merge pull request #2930 from JacobBarthelmeh/SanityChecks 
check on tag length for AES-CCM
 2020-04-30 14:51:20 -07:00
Jacob Barthelmeh 505fbed4df fix AES-CCM tag size check on decryption 2020-04-29 15:15:54 -06:00
Sean Parkinson e9b433a998
Merge pull request #2928 from julek-wolfssl/evp-aes-gcm-fix 
Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
 2020-04-29 09:00:04 +10:00
Jacob Barthelmeh b73e52f33f move AES-CCM tag check into a local function 2020-04-28 14:46:06 -06:00
toddouska f770d28ff0
Merge pull request #2916 from dgarske/testfixes 
Improvements to ECC key decode and tests
 2020-04-28 09:57:44 -07:00
toddouska cb6fc56f3b
Merge pull request #2921 from dgarske/fixes_g++ 
Fixes for G++ and enable-all
 2020-04-28 09:51:34 -07:00
Juliusz Sosinowicz c02c408409 Only 80 characters a line 2020-04-28 12:38:02 +02:00
Jacob Barthelmeh c85a53c631 add macro guard for fips and selftest builds 2020-04-27 15:36:53 -06:00
David Garske 6185e0f477 Remove execute bit on files. 2020-04-27 11:16:02 -07:00
David Garske 327cdefc24 Fix for SP math with `RSA_LOW_MEM`, which was broken in PR #2892. 2020-04-27 08:59:54 -07:00
Juliusz Sosinowicz 01a6dded72 Fix AES-GCM in EVP layer to have compatiblity with OpenSSL 
- Tag checking in AES-GCM is done in Final call
- Reset `WOLFSSL_EVP_CIPHER_CTX` structure after Final call
- Don't zero `ctx->authTag` struct in Init call so that user can get the AES-GCM tag using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)`
- `ctx->authTag` is only zeroed before authenticated, non-confidential data Update call since this means we are entering a new Udate-Final cycle. This doesn't need to be done in the decrypt case since the tag should be supplied by the user before the final call using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)`
 2020-04-27 15:52:01 +02:00
David Garske 1e726e19a4 Fix for XMALLOC cast. 2020-04-27 06:48:41 -07:00
David Garske 3c93a7b757 Fix `Value stored to 'ret' is never read`. 2020-04-24 11:31:12 -07:00
David Garske a4caa42793 Improve the Base64 line size for `NO_ASN` case. Fix report of unread `ret`. 2020-04-24 11:26:55 -07:00
David Garske 589712f870 PIC32MZ Fix for cache coherency to enable write-through (no write allocation) to resolve descriptor corruption. ZD 10212. 2020-04-24 09:13:28 -07:00
David Garske 0f11369680 PIC32MZ Fix for `WOLFSSL_PIC32MZ_LARGE_HASH`: Only submit to hardware if update data provided matches expected. ZD 10211. 2020-04-24 09:01:51 -07:00
David Garske cfc0aeb857 Fix for RSA and KeyGen only in test.c. 2020-04-24 08:56:31 -07:00
David Garske 41fc208195 Fixes for `isHMAC` checks. 2020-04-24 08:51:56 -07:00
David Garske 5fa7bb5b9f Fix possible unused args. 2020-04-24 07:48:41 -07:00
David Garske 6d025f8c0f Refactor of the EVP `macType` to use `enum wc_HashType` to resolve issues with invalid casting. 2020-04-24 07:43:44 -07:00
David Garske 28b686a8ca * Exposed useful sizes `MAX_X509_HEADER_SZ` and `PEM_LINE_SZ` 
* Refactor the PEM saving code in `test.c`, so its not using large 4K buffer and calculates based on DER.
* Enable ECC key generation test even without `WOLFSSL_KEY_GEN`.
* Added `ECC_KEYGEN_SIZE` macro for ECC key generation testing.
* Refactor ECC DER key generation to use `ECC_BUFSIZE`.
 2020-04-23 16:11:54 -07:00
David Garske 81f959336b Added support for important private key DER using `wc_EccPublicKeyDecode`. Added ECC key generation and decode test case. 2020-04-23 16:07:43 -07:00
David Garske 5376763638
Merge pull request #2913 from SparkiDev/sp_cortexm4_ecc 
Improve performance of SP Cortex M asm
 2020-04-23 09:47:05 -07:00
toddouska 7318121d3a
Merge pull request #2915 from dgarske/async_v4.4.0 
Fixes for async release v4.4.0
 2020-04-23 09:26:08 -07:00
toddouska 54aa50e628
Merge pull request #2912 from SparkiDev/sp_movbe 
Only use Intel instruction movbe when available
 2020-04-23 09:25:02 -07:00
Sean Parkinson 7a0cbe084e Improve performance of SP Cortex M asm 2020-04-23 11:05:42 +10:00
John Safranek a064cb3943 Fix a couple of wolfCrypt test issues found during the long release build test. 2020-04-22 11:30:57 -07:00
David Garske 36a556f927 Resolve issues with the openssl compatibility `CRYPTO_malloc` and `CRYPTO_free`. 2020-04-22 10:15:16 -07:00
John Safranek bf680b4a92
Fix for QAT with Shake256. Fix for XFREE missing semicolon. 2020-04-21 10:38:27 -07:00
John Safranek ccd096e1bb
Memory Leak Fix 
1. In `wolfSSL_d2i_DHparams()`, when setting the internal key on a
   WOLFSSL_KEY, set the flag inSet.
2. Not a leak, but in `wolfSSL_EVP_PKEY_set1_DH()`, only allocate one
   buffer to store the flat key. Saves an alloc, memcpy, and free.
 2020-04-21 10:21:59 -07:00
John Safranek 61f3783111
Fixes to test.c for the following build configurations: 
1. ./configure --disable-rsa --enable-certgen --enable-certreq
2. ./configure --disable-ecc --enable-pkcs7
 2020-04-21 10:21:59 -07:00
John Safranek 7cbf496329
Encrypt key requirements check 
The file wc_encrypt.c offers a function named wc_CryptKey(), which
requires PWDBASED and ASN. Added the check for ASN.
 2020-04-21 10:21:58 -07:00
Jacob Barthelmeh 231c488ddf check on tag length for AES-CCM 2020-04-20 13:44:41 -06:00
JacobBarthelmeh 0cfde0794b
Merge pull request #2848 from julek-wolfssl/wpa-supplicant-openssl-compat 
Added partial support for wpa_supplicant, hostapd, and cjose:
 2020-04-20 12:17:55 -06:00
Sean Parkinson 75c14e4c8e Only use Intel instruction movbe when available 2020-04-20 09:09:45 +10:00
John Safranek f87f09fcd7
Merge pull request #2910 from embhorn/zd10169 
Fix forbidden iv length 0 with AES-GCM
 2020-04-16 16:01:03 -07:00
Eric Blankenhorn 6b3642db36 Fix forbidden iv length 0 with AES-GCM 2020-04-16 13:48:56 -05:00
Juliusz Sosinowicz dd68074104 Fix merge issues 2020-04-16 10:09:15 +02:00
Stanislav Klima eab451339c Fixed dereference after null check. 2020-04-16 09:52:02 +02:00
Sean Parkinson da5d9a923b SP ARM64 - use fewer registers in mont_reduces 2020-04-16 09:20:04 +10:00
Juliusz Sosinowicz 36403c1dad Merge remote-tracking branch 'wolfSSL/master' into wpa-supplicant-openssl-compat 2020-04-15 16:55:03 +02:00
Stanislav Klima 68a2e03bd4 Fixed resource leak. 2020-04-15 16:27:34 +02:00
Stanislav Klima 1a80975d9e Fixed resource leaks. 2020-04-15 15:47:32 +02:00
Stanislav Klima 74893edaf0 Fix of size constraint for parsing. 2020-04-15 14:36:36 +02:00
Juliusz Sosinowicz 1d3fd5cd07 Code review 
- make `wc_ecc_export_point_der_compressed` a local function
- use `int` for `shortKeySize` in `wc_ecc_import_point_der_ex`
- check for null return value from `wolfSSL_OBJ_nid2obj` and `wolfSSL_d2i_PUBKEY`
- add comments to `ssl.c`
- check `lnlen` in `wolfSSL_OBJ_ln2nid`
 2020-04-15 12:53:38 +02:00
Eric Blankenhorn d9472b895f Fix conflicts after rebase 2020-04-14 15:24:52 -05:00
Eric Blankenhorn 1487917214 Fix EVP_MD_CTX_type to return NID 2020-04-14 14:27:21 -05:00
toddouska 9c1b90170a
Merge pull request #2903 from SparkiDev/test_4096 
Fix testing using 4096 bits keys and parameters
 2020-04-14 09:25:00 -07:00
toddouska 06c6e583c8
Merge pull request #2891 from julek-wolfssl/refactor-evp-functions 
Move EVP functions to evp.c
 2020-04-14 09:22:51 -07:00
Juliusz Sosinowicz dad0bc0159 Keep compatibility with old OPENSSL_EXTRA_X509_SMALL functions 2020-04-14 12:52:23 +02:00
Juliusz Sosinowicz 0b3a331265 Revert wc_OBJ_sn2nid 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 20e669a65a New API 
Add `wc_ecc_import_point_der_ex` for correct importing DER ECC point and keep `wc_ecc_import_point_der` old functionality
 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 18093a6b0b Code review changes 
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 9722082372 Fix `nid2*` and `*2nid` functions 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 680a481e61 Test fixes 
Remove redundant macros
 2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz 9ced70edc1 Test fixes 
Free `x509->key.pkey` in `FreeX509
Fix type conversions
Fix memory leaks and use of uninitialized memory
 2020-04-14 11:45:32 +02:00
Juliusz Sosinowicz 73b4d78d5b Added partial support for wpa_supplicant, hostapd, and cjose: 
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
 2020-04-14 11:45:32 +02:00
Sean Parkinson ba401c9bde Fix testing using 4096 bits keys and parameters 
RSA PKCS #1.5 padding for signing is not reliant on a random.
 2020-04-14 12:03:51 +10:00
Sean Parkinson 416f0775d3
Merge pull request #2900 from dgarske/sp_no_malloc 
Added option to build SP small without malloc
 2020-04-14 09:40:11 +10:00
toddouska 3cb0c600ba
Merge pull request #2894 from SparkiDev/ecc_cr_fix 
Change constant time and cache resistant ECC mulmod
 2020-04-13 16:36:22 -07:00
JacobBarthelmeh f309173518
Merge pull request #2899 from embhorn/zd9564 
Adding check for invalid SAN ext with no entries
 2020-04-13 15:31:06 -06:00
toddouska aadec345ab
Merge pull request #2871 from vaintroub/master 
Fix clang warnings (issue #2870)
 2020-04-13 09:02:51 -07:00
David Garske 1f5a7bffaa Build fixes for `WOLFSSL_NO_MALLOC` in wolfCrypt test. 2020-04-13 07:39:06 -07:00
David Garske b01ce168ea Fixes for SP small with no malloc in `sp_256_ecc_mulmod_10` and `sp_384_ecc_mulmod_15`. 2020-04-13 07:19:06 -07:00
toddouska 4748254b60
Merge pull request #2896 from embhorn/zd9916 
Fix wc_KeyPemToDer with PKCS1 and empty key
 2020-04-10 15:38:07 -07:00
David Garske d412ccb6f8 Added new option `WOLFSSL_SP_NO_MALLOC` for building small SP without malloc. Added SP documentation. Added `./configure --enable-sp=yes,nomalloc` supprt. https://github.com/wolfSSL/scripts/pull/79 2020-04-10 11:13:55 -07:00
Eric Blankenhorn 8644fdca7d Update from review 2020-04-10 08:29:31 -05:00
Sean Parkinson ffd06e359f Change constant time and cache resistant ECC mulmod 
Ensure points being operated on change to make constant time.
 2020-04-10 09:28:20 +10:00
toddouska cf8459e518
Merge pull request #2892 from SparkiDev/cppcheck_fixes_4 
Fixes from cppcheck
 2020-04-09 16:01:11 -07:00
Eric Blankenhorn 7d82c4e3f2 Adding check for invalid SAN ext with no entries 2020-04-09 16:49:52 -05:00
Eric Blankenhorn c3e0575914 Fix from review 2020-04-09 12:52:32 -05:00
Juliusz Sosinowicz f6b9b2e0eb Remove redundant guards 2020-04-09 18:26:23 +02:00
Juliusz Sosinowicz 9cbbd164e0 Fix test errors 2020-04-09 14:54:09 +02:00
Eric Blankenhorn 4d6e33b1dd Fix wc_KeyPemToDer with PKCS1 and empty key 2020-04-08 11:34:24 -05:00
Sean Parkinson 411aee6e05 Fixes from cppcheck 
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
 2020-04-08 09:46:22 +10:00
toddouska 9e08efe8e0
Merge pull request #2885 from SparkiDev/sp_x64_ecc_tweak 
Tweak the SP x86_64 ECC assembly
 2020-04-07 14:27:12 -07:00
Juliusz Sosinowicz 4c0ea10e45 Move EVP functions to evp.c 2020-04-07 22:36:50 +02:00
toddouska ebcf86070d
Merge pull request #2883 from miyazakh/esp_aescounter 
add aes counter on esp32
 2020-04-07 13:24:53 -07:00
toddouska 77b75ef3a2
Merge pull request #2881 from dgarske/ecc_asn 
Fixes for building ECC without ASN
 2020-04-07 13:09:37 -07:00
toddouska f742693062
Merge pull request #2867 from SparkiDev/aes-ccm-aesni 
For CCM using AES-NI, do 4 blocks at a time if possible
 2020-04-07 13:03:23 -07:00
Sean Parkinson 9c67bc2864 For CCM using AES-NI, do 4 blocks at a time if possible 2020-04-06 11:11:28 +10:00
Sean Parkinson 7dad0d3965 Tweak the SP x86_64 ECC assembly 
Put back fixes undone in previous commits:
 - Fix casting warning in SP when mp_digit < sp_digit
 - SP fix check for NULL in EC point_new
 2020-04-06 11:02:30 +10:00
Hideki Miyazaki 302e1d6818 add aes counter on esp32 2020-04-04 14:04:44 +09:00
David Garske 1831193c20 * Fixes for building ECC without ASN. 
* Fix to expose `wc_ecc_import_private_key_ex` and its ability to import a private key even when `NO_ASN` is defined.
* Remove execute bit on CSharp files.
 2020-04-03 10:55:31 -07:00
toddouska 8128a269f3
Merge pull request #2876 from SparkiDev/sp_arm64 
Improve speed of AArch64 assembly
 2020-04-02 14:26:48 -07:00
toddouska 86adb7f9c5
Merge pull request #2873 from SparkiDev/aes_small 
Smaller table version of the AES encrypt/decrypt
 2020-04-02 09:50:58 -07:00
toddouska 5df5ab5931
Merge pull request #2862 from dgarske/iar_ropi 
Support for IAR with position independent code (ROPI)
 2020-04-02 09:49:00 -07:00
toddouska 06442c410d
Merge pull request #2861 from dgarske/zynqmp 
Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
 2020-04-02 09:46:48 -07:00
Sean Parkinson df1819b79f Improve speed of AArch64 assembly 
Improve point_dbl and point_dbl_n for all platforms.
 2020-04-01 15:06:50 +10:00
David Garske 47d1cb8415 Changes to support IAR with position independent code (ROPI). Updated example wolfSSL IAR project to use "ropi" (Position indipendance for code and read-only data). 2020-03-31 08:17:09 -07:00
Martin Akman 568ce62b81 Updates from code review 2020-03-31 18:29:06 +10:00
Sean Parkinson 9339808ea1 Smaller table version of the AES encrypt/decrypt 
Use WOLFSSL_AES_SMALL_TABLES.
Much slower. Decrypt much slower then encrypt.
 2020-03-27 15:53:01 +10:00
toddouska ddb4b5eb89
Merge pull request #2872 from SparkiDev/rsa_pub_fix 
Fix performance of RSA public key ops with TFM
 2020-03-26 11:56:23 -07:00
toddouska 16fa1a4747
Merge pull request #2855 from JacobBarthelmeh/PKCS12 
maintenance to PKCS12 create for outputting encrypted bundles
 2020-03-26 10:41:04 -07:00
Sean Parkinson c82531a41a Fix performance of RSA public key ops with TFM 
Have a constant and non-constant time modular exponentation available in
tfm.c.
Call the non-constant time version explicitly when performing RSA public
key mod exp.
 2020-03-26 17:33:07 +10:00
David Garske a6034a38c7 Fix for building with `WOLFSSL_SMALL_STACK_CACHE` only (no `WOLFSSL_SMALL_STACK`). 2020-03-25 16:04:45 -07:00
Vladislav Vaintroub d57d194de3 Fix clang warnings (issue #2870) 
The warning was "comparison of array 'ecc_sets[i].name' not equal to a null
pointer is always true [-Wtautological-pointer-compare]"

Compiler is correct, ecc_sets[i].name  is an array of size 16, thus
can't be NULL

Also, fix build error on Windows by changing uint8_t to "unsigned char"
(alternative fix could be including stdint.h)
 2020-03-25 23:07:12 +01:00
David Garske 70773f3b3e Added "WOLFSSL_ARMASM" ifdef checks on ARMv8 port files. 2020-03-25 12:54:40 -07:00
Jacob Barthelmeh 59ab600d76 refactor decrypt content with PKCS12 and fix for AES-256 + HMAC SHA256 case 2020-03-24 22:23:44 -06:00
toddouska 26f539400a
Merge pull request #2866 from SparkiDev/curve448_gcc_bug 
Curve448 - 128-bit impl workaround for compiler
 2020-03-24 09:55:43 -07:00
toddouska e66334e56b
Merge pull request #2865 from SparkiDev/sp_cast_fix 
Fix casting warning in SP when mp_digit < sp_digit
 2020-03-24 09:52:26 -07:00
Sean Parkinson c95e7f88aa Curve448 - 128-bit impl workaround for compiler 
Old gcc compilers can keep track of the 128-bit multiplication and left
shift results' size.
Split all multiplication and left shift results into separate variables.
Add/subtract into the correct variable at end.
Don't want variable declarations after statements so reduce doesn't use
'tr' anymore.
 2020-03-24 16:28:14 +10:00
Sean Parkinson a7d265bf46 Fix casting warning in SP when mp_digit < sp_digit 2020-03-24 12:41:25 +10:00
David Garske 7fabd74a90
Merge pull request #2859 from SparkiDev/tfm_ec_invmod_ct 
Constant time EC map to affine for private operations
 2020-03-23 19:16:45 -07:00
David Garske 2706d6d48a Improve the benchmark to use snprintf then printf. Resolve issue showing results with xil_printf. 2020-03-20 12:34:08 -07:00
David Garske 3127a7e9e5 Fixes for building with bare-metal on Xilinx SDK with zynqmp. Added Zynqmp benchmark timer support. 2020-03-20 12:22:47 -07:00
toddouska 9b8752e314
Merge pull request #2858 from SparkiDev/netscape_cert_ext 
Recognise Netscape Certificate Type extension
 2020-03-19 16:33:25 -07:00
toddouska 0c3667ba93
Merge pull request #2857 from SparkiDev/sp_null_check 
SP fix check for NULL in EC point_new
 2020-03-19 16:30:59 -07:00
toddouska 33b95b8ad7
Merge pull request #2854 from JacobBarthelmeh/Certs 
add +1 for string null terminator
 2020-03-19 16:24:42 -07:00
toddouska f4a8430115
Merge pull request #2851 from JacobBarthelmeh/SanityChecks 
add space for null terminator and check on header pointer
 2020-03-19 16:00:57 -07:00
Sean Parkinson 1de07da61f Constant time EC map to affine for private operations 
For fast math, use a constant time modular inverse when mapping to
affine when operation involves a private key - key gen, calc shared
secret, sign.
 2020-03-20 08:59:41 +10:00
Jacob Barthelmeh ce6aeebdb4 fixes for static analysis checks 2020-03-19 16:34:02 -06:00
Sean Parkinson 62a593e72e Recognise Netscape Certificate Type extension 
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
 2020-03-19 12:43:03 +10:00
Sean Parkinson c776a4219a SP fix check for NULL in EC point_new 2020-03-19 08:56:52 +10:00
Jacob Barthelmeh 09dedfbe17 maintenance to PKCS12 create for outputting encrypted bundles 2020-03-18 12:00:57 -06:00
Jacob Barthelmeh 2bf39307f1 add +1 for string null terminator 2020-03-18 10:25:56 -06:00
toddouska d0767164c8
Merge pull request #2846 from SparkiDev/sp_rsa_priv_fix 
Fix SP RSA private op
 2020-03-17 13:28:11 -07:00
JacobBarthelmeh 9fc8c8e0b6 add space for null terminator and check on header pointer 2020-03-16 15:14:29 -07:00
JacobBarthelmeh 74781a3d45
Merge pull request #2829 from cconlon/pkcs7multioctets 
PKCS7/CMS EnvelopedData support for fragmented encrypted content
 2020-03-16 13:12:23 -06:00
Jacob Barthelmeh 2d950f1ab4 sanity check on IV size 2020-03-15 18:46:11 -06:00
toddouska bcc720ef68
Merge pull request #2773 from SKlimaRA/master 
Coverity issues fixes.
 2020-03-13 10:20:45 -07:00
Sean Parkinson 6321eabf86 Fix SP RSA private op 
tmpa - tmpb can be less than -p.
Need to conditionally add p twice.
C and multiple platform fix.
 2020-03-12 09:33:52 +10:00
toddouska 87ff2fa47d
Merge pull request #2839 from ejohnstown/hmac-init 
HMAC Init
 2020-03-06 11:05:30 -08:00
Chris Conlon 4ad8a2bacb store wc_PKCS7_DecodeEnvelopedData encryptedContentTotalSz in existing variable instead of adding another 2020-03-06 10:50:00 -07:00
John Safranek 9fe2ddacf4
HMAC Init 
1. wc_HmacSetKey() has a check against the hmac's type that assumes one
has called wc_HmacInit() on the object first. In FIPS Ready builds we
do not have wc_HmacInit() in the boundary. This change removes that check
and action when making a FIPS build. The free called doesn't do anything
in the FIPS build case.
2. Initialize the Hmac's macType to WC_HASH_TYPE_NONE. Check the macType
against that rather than 0. There are some build configs where none isn't
0.
 2020-03-05 13:38:02 -08:00
toddouska 59b9483cde
Merge pull request #2837 from SparkiDev/sp_x64_rsa_priv 
Fix SP x64 RSA Private op
 2020-03-05 08:33:11 -08:00
toddouska f24622596f
Merge pull request #2827 from kaleb-himes/ZD9976 
Fix infinite loop with small sha1 inputs. Thanks to Peter W. on ZD997…
 2020-03-05 08:32:14 -08:00
Sean Parkinson 3707eea2f3 Fix SP x64 RSA Private op 
tmpa - tmpb can be less than -p.
Need to conditionally add p twice.
 2020-03-04 15:54:17 +10:00
Chris Conlon 44d2fc55e6 scan-build fixes for wc_PKCS7_DecodeEnvelopedData() 2020-03-03 10:27:22 -07:00
Chris Conlon d8eeefb4b7 initialize explicitOctet to 0 in pwc_PKCS7_DecodeEnvelopedData() 2020-03-02 09:13:11 -07:00
Chris Conlon debb792690 fix PKCS7 encrypted content decoding for streaming API usage 2020-02-28 17:55:19 -07:00
toddouska 805034bca3
Merge pull request #2830 from SparkiDev/sp_ff_x86_64 
Improve performance of RSA/DH ops on x64
 2020-02-28 09:03:22 -08:00
Sean Parkinson 441027a502 Improve performance of RSA/DH ops on x64 
Focus on 3072-bit ops but others improved as well.
 2020-02-28 10:42:37 +10:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
Chris Conlon d21e370822 add support for PKCS7/CMS EnvelopedData with fragmented encrypted content 2020-02-27 14:42:57 -07:00
toddouska c7a2510d97
Merge pull request #2823 from SparkiDev/sp_div_fix 
Fix for SP x64 div
 2020-02-27 12:57:35 -08:00
toddouska b7d0b81443
Merge pull request #2818 from dgarske/rsa_sha3only 
RSA with SHA-3 only and RSA 4096-bit tests
 2020-02-27 12:44:29 -08:00
toddouska 6dabe82c65
Merge pull request #2814 from SparkiDev/curve25519_x64_fix 
Curve25519 x64 asm: Fix negate and add fe_sq_n
 2020-02-27 12:21:53 -08:00
toddouska ed7a5b17d8
Merge pull request #2808 from dgarske/mdk5 
Fix for minor typos in the MDK5 examples
 2020-02-27 12:06:50 -08:00
kaleb-himes d9e221806b Fix infinite loop with small sha1 inputs. Thanks to Peter W. on ZD9976 for the report 2020-02-27 09:39:22 -07:00
Sean Parkinson 2a5d7a2ac3 Fix for SP x64 div 
Check the top half of number being divided to see if it is greater than
or equal.
If it is then the first div_word may crash as the result is more than
64-bits. So subtract modulus from the top to keep value small.
 2020-02-26 10:53:35 +10:00
Martin Akman 3bbd8be5c9 ATECC: Don't init transport key if not used 2020-02-25 22:03:55 +10:00
David Garske da882f3912 Added wolfCrypt RSA 4096-bit test support using `USE_CERT_BUFFERS_4096` build option (`./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"`). 2020-02-23 18:40:13 -08:00
David Garske c8e618a817 Fix build for `WOLFSSL_RSA_VERIFY_ONLY`. 2020-02-23 15:58:28 -08:00
David Garske e80c696d5f Fix for RSA with SHA3 only (resolves warning with unsed RsaMGF1. 2020-02-23 13:54:48 -08:00
Sean Parkinson c9ce065f8a Curve25519 x64 asm: Fix negate and add fe_sq_n 2020-02-21 11:37:45 +10:00
Eric Blankenhorn b74dac6171 Fix WIN test 2020-02-20 17:28:34 -06:00
Eric Blankenhorn b4563e6af3 Fix CFB and OFB 2020-02-20 17:28:34 -06:00
Eric Blankenhorn a64e1540ba Adding EVP support for SHA3 2020-02-20 17:28:34 -06:00
Eric Blankenhorn 95f973a5be Adding test and dox for ERR_print_errors_cb 2020-02-20 17:28:34 -06:00
Eric Blankenhorn 936312f77e Adding ERR_print_errors_cb 2020-02-20 17:28:33 -06:00
Jacob Barthelmeh a0ddb05a07 change evp with cfb1 expect input size in bytes 2020-02-20 17:28:33 -06:00
Eric Blankenhorn 1a96558b6e Adding macro and XTS support functions 2020-02-20 17:28:33 -06:00
Eric Blankenhorn 922b308029 Fix from review 2020-02-20 17:28:33 -06:00
Jacob Barthelmeh b67ade5164 account for cavp build 2020-02-20 17:28:33 -06:00
Eric Blankenhorn 258382048d Fix test failures 2020-02-20 17:28:33 -06:00
Eric Blankenhorn 64dcf5740a Fix for AES_XTS 2020-02-20 17:28:33 -06:00
Jacob Barthelmeh d7c1b9561f fix for cfb1 mode and add EVP tests 2020-02-20 17:28:33 -06:00
Jacob Barthelmeh d6be24c4f7 add 192/256 key size tests of EVP cfb8 2020-02-20 17:28:33 -06:00
Jacob Barthelmeh d4428ebc0c add EVP cfb1 test and update some EVP code 2020-02-20 17:28:32 -06:00
Jacob Barthelmeh 887eeb3c47 add EVP tests for cfb128 2020-02-20 17:28:32 -06:00
Jacob Barthelmeh 9d61ba6c62 initial cfb1/cfb8 support added 2020-02-20 17:28:32 -06:00
Eric Blankenhorn 9c4e0807e2 Adding EVP_aes_###_xts tests (not complete) 2020-02-20 17:28:32 -06:00
Eric Blankenhorn 16ce670897 Revert "Testing aes_*_xts" 
This reverts commit 776eeb756c70b052849323d7645622a3f1d2b76a.
 2020-02-20 17:28:32 -06:00
Eric Blankenhorn 3197d67e62 Testing aes_*_xts 2020-02-20 17:28:32 -06:00
Jacob Barthelmeh ab49120652 add aesofb benchmark 2020-02-20 17:28:32 -06:00
Jacob Barthelmeh df0d5f3b08 add EVP_aes_*_ofb implementation and tests, add support for inline with OFB 2020-02-20 17:28:32 -06:00
Jacob Barthelmeh e837894578 add AES-OFB mode 2020-02-20 17:28:32 -06:00
Eric Blankenhorn 62f20db48e Adding more EVP and SSL API 2020-02-20 17:28:32 -06:00
Eric Blankenhorn 0abc814792 EVP_MD_CTX_reset and EVP_aes fixes 2020-02-20 17:28:31 -06:00
David Garske 49a9239cf2
Merge pull request #2804 from SparkiDev/sp_cache_resist_fix 
Fix cache resist compile to work with SP C code
 2020-02-20 15:05:18 -08:00
kaleb-himes 1f003967df Fix failing FIPS tests in master stemming from PR #2733 2020-02-20 09:20:59 -07:00
Sean Parkinson c62f31cd27 Fix cache resist compile to work with SP C code 2020-02-20 10:10:05 +10:00
David Garske 75183262ad Minor typos and fixes to the MDK5 examples. 2020-02-19 12:03:14 -08:00
Juliusz Sosinowicz 26e2d6eacf Adressing Todd's comments 
Check for HAVE_GETADDRINFO beside WOLF_C99
Move STR_SIZEOF to wolfssl/wolfcrypt/types.h and rename to XSTR_SIZEOF to prevent collision in client projects
Remove wolfssl/openssl/ssl.h and wolfssl/internal.h from crypto layer
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 5a766bd5bb Change STR_SIZEOF declaration file 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 3fcec191a4 Refactor wolfSSL_RSA_To_Der 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 43ce272cb3 Variable declaration at start of scope 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz f765b711bf More macro preproc stuff 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 480227704d Fix missing stuff in headers 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 59b001c484 Fix header definitions when running CAVP self test 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz e6547c75cd Reimplement external data as it was before: a fixed size vector. This makes external data implementation easier as it doesn't require allocation or cleanup. Only zeroing the entire structure that it is in (which happens in all structures anyway) and then calling the appropriate getter and setter functions to manipulate external data. 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 9a0d3ba369 Check boundaries in B64 decode 
ERR_get_error will always return a positive error code
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz d6a160c637 Fix error codes for OpenSSL compatiblity 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 6e72a299d7 Don't undef HAVE_GETADDRINFO as it disables defines in projects using wolfSSL 
Change test_wolfssl_EVP_aes_gcm so that changing the tag will fail the authentication check
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz ae948e2a07 Pass try-ciphers 
define EVP_CIPHER_CTX_set_iv as wolfSSL_EVP_CIPHER_CTX_set_iv
add wolfSSL_GetLoggingCb functionality when compiling without enable-debug
fix initialization vector handling of all cipher modes when using our EVP layer. The IV was incorrectly handled in initialization as well as not being updated after processing
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz fbedabe601 OpenSSH changes 
- increase FP_MAX_BITS for OpenSSH
- Add helpful loggin API (names are self-explanatory)
-- wolfSSL_GetLoggingCb
-- WOLFSSL_IS_DEBUG_ON
- Define WOLFSSL_EC_METHOD as an alias of WOLFSSL_EC_GROUP
- Add wolfSSL_EC_GROUP_method_of which really just returns the group itself
- Add wolfSSL_EC_METHOD_get_field_type which gets the curve type of the WOLFSSL_EC_GROUP(remember that WOLFSSL_EC_METHOD is an alias of WOLFSSL_EC_GROUP for now)
- Modify Base64_Decode so that it accepts arbitrary PEM line length
- Modify PemToDer so that it accepts private keys with a custom -----BEGIN * PRIVATE KEY----- header
 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 84a2ca7a4e Map the Jacobian point back to affine space in wolfSSL_EC_POINT_get_affine_coordinates_GFp 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 41de1bb156 WIP 2020-02-18 21:36:26 +01:00
Stanislav Klima 6f3623f220 Moved infinite loop check to the other bad func arg check. 2020-02-18 09:59:59 +01:00
toddouska 2566986d41
Merge pull request #2632 from SparkiDev/sp_p384 
Add support for P384 curve into SP
 2020-02-17 11:46:09 -08:00
toddouska bf1ec3004a
Merge pull request #2787 from dgarske/size_reduc 
Adds options to disable the hash wrappers and base64 decode
 2020-02-17 11:44:37 -08:00
toddouska f2e1266f2d
Merge pull request #2791 from dgarske/async_fixes 
Fixes for asynchronous crypto issues
 2020-02-17 11:43:13 -08:00
toddouska 14b7355411
Merge pull request #2792 from SparkiDev/rsa_kg_blind_fix 
Fix for rsa key gen blinding - don't call lcm
 2020-02-17 11:42:25 -08:00
Sean Parkinson 8972bf6278 Add support for P384 curve into SP 2020-02-17 15:46:34 +10:00
Tesfa Mael aaaa191937 Trim trailing padding byte 2020-02-14 12:54:35 -08:00
Chris Conlon b62064f6a8
Merge pull request #2737 from JacobBarthelmeh/dks7g2 
changes for build with s7g2
 2020-02-13 14:07:44 -07:00
toddouska cabe30828c
Merge pull request #2786 from cconlon/android-debug 
add Android debug for logcat
 2020-02-13 10:12:40 -08:00
Jacob Barthelmeh 0814f61b11 fix code formating and turn on HW acc. by default 2020-02-12 10:31:34 -07:00
Stanislav Klima 1b13178182 Fixes possible compile error if NO_PKCS7_STREAM is defined. 2020-02-12 13:46:12 +01:00
Stanislav Klima 1a38c26097 Prevent infinite loop. 2020-02-12 13:29:33 +01:00
Sean Parkinson 669d9b1ae4 Fix for rsa key gen blinding - don't call lcm 2020-02-10 08:51:43 +10:00
David Garske f322b71526 wolfCrypt fixes for asynchronous (--enable-asynccrypt): 
* Fix for ECC and using NULL curve->order (wasn't loaded).
* Fix for typo on heap.
* Fix for QT case where GetInt failure retry did not "init" the mp_int.
 2020-02-07 13:34:43 -08:00
John Safranek 7648997e37
ABI Additions 
Added the functions wolfSSL_GetRNG(), wolfSSL_CTX_GetDevId(),
      wc_ecc_import_x963(), and wc_RNG_GenerateBlock() to the ABI
      testing.
 2020-02-06 13:33:38 -08:00
JacobBarthelmeh 61a5fe3108 add macro for trng and gce driver names 2020-02-06 09:20:07 -08:00
David Garske ba9dc11e62 Adds options to disable the hash wrappers (`NO_HASH_WRAPPER`) and base64 decode (`NO_WOLFSSL_BASE64_DECODE`). 2020-02-05 11:58:44 -05:00
Stanislav Klima bbfefd3cde Sanity check NULL dereference. 2020-02-05 16:59:20 +01:00
JacobBarthelmeh e75b1b5cb9 add suport for AES acceleration 2020-02-04 16:10:20 -08:00
JacobBarthelmeh b7d772700a update sha256 support for endian 2020-02-04 16:03:45 -08:00
Chris Conlon b8b0b7da03 add Android debug for logcat 2020-02-04 10:07:26 -07:00
Tesfa Mael b67fd249e2 Fix for cppcheck 2020-02-04 08:55:37 -08:00
Chris Conlon b29fe41a35
Merge pull request #2738 from SparkiDev/cppcheck_fixes_3 
Changes to clear issues raised by cppcheck
 2020-02-03 17:02:40 -07:00
toddouska 63a73be3f0
Merge pull request #2777 from dgarske/constchar 
Fixes for char strings not marked as const.
 2020-02-03 11:12:55 -08:00
toddouska 6f2230e459
Merge pull request #2774 from SparkiDev/sp_x86_64_asm 
Improve performance of SP Intel 64-bit asm
 2020-02-03 11:08:17 -08:00
toddouska 61e78880a5
Merge pull request #2769 from dgarske/zd9791 
Fix for `wc_EccPublicKeyDecode` to use the length from ASN sequence
 2020-02-03 11:05:17 -08:00
JacobBarthelmeh 6ec136208c add sha256 hardware acceleration 2020-01-31 14:26:04 -08:00
Martin Akman 20c0beb9e5 'WOLFSSL_USE_FLASHMEM' to store constant tables in flash memory 2020-01-31 23:43:17 +10:00
Martin Akman 6c1e0ff049 ATECC: Option to disable I2C transport key 2020-01-31 23:32:48 +10:00
Martin Akman 14dc5fe2e3 Fixes for 16bit processors 2020-01-31 23:32:48 +10:00
JacobBarthelmeh aa498a7956
Merge pull request #2767 from dgarske/freertos 
Fix for evp.c included and FREERTOS realloc
 2020-01-30 15:53:05 -07:00
David Garske 928f641064 Fixes for char strings not marked as const. The `const` is an optimization to allow use from flash, which saves RAM space on embedded devices. 2020-01-30 13:53:06 -08:00
David Garske 32f478d335 Better fix for using the ASN.1 provided length, not provided `inSz`. Confirmed `CheckBitString` will check case where `inSz < ASN.1 length`. 2020-01-30 08:38:22 -08:00
toddouska 75e30a33f1
Merge pull request #2764 from SparkiDev/rsa_q_modinv_p 
Constant time q modinv p in RSA key gen
 2020-01-30 08:08:07 -08:00
David Garske e5426f85c9 Fix for evp.c when being included directly due to improperly placed WOLFSSL_EVP_INCLUDED. Fix for `FREERTOS` to expose XREALLOC for normal math. 2020-01-30 06:22:08 -08:00
David Garske 9bfbdfe695 Fix for `wc_EccPublicKeyDecode` to use the length from ASN sequence, not the provided `inSz`. Also checked the case where the sequence number is larger than supplied `inSz` and it will properly return ASN_PARSE_E. ZD 9791 2020-01-30 06:20:29 -08:00
Sean Parkinson 55ea2facdd Changes to clear issues raised by cppcheck 2020-01-30 14:24:32 +10:00
Sean Parkinson 81bebd8e5c Improve performance of SP Intel 64-bit asm 
RSA: Only constant time copy out when doing private key op
Improve performance of sp_count_bits
 2020-01-30 12:23:38 +10:00
Stanislav Klima c3fabb1da6 NULL dereference. 2020-01-29 17:33:21 +01:00