df20daa1ae
Support RSA and ECC in wolfSSL_DigestSign/Verify*
2018-09-12 16:31:39 +10:00
7ddc756d15
eliminate double semi-colon
2018-09-12 10:13:30 +09:00
d280359548
added option to print wolfcrypt benchmark tests in CSV format
2018-09-11 14:49:54 -06:00
01dc018cda
Make DecodedCert elements available with WOLFSSL_CERT_EXT
2018-09-11 10:41:12 -05:00
330a7048c7
Add more compatability APIs.
...
d2i_ECDSA_SIG, i2d_ECDSA_SIG, EVP_DigestVerifyInit,
EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_PKEY_id,
PEM_read_bio_PUBKEY
2018-09-11 09:28:03 +10:00
f48e2067ae
Added new API `wolfSSL_CTX_load_verify_chain_buffer_format` for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID.
2018-09-10 08:15:17 -07:00
2c5b0d82da
Fix for dh_test to make sure the provided agree size is populated. This resolves issue with async and QuickAssist DH.
2018-09-10 07:13:52 -07:00
a2be7590d1
Fixes for NXP LTC support with K82. Fix for SHA384/512. Fix for AES CBC not storing previous IV. Fix for `wc_AesSetKey` arg check. Fix for AES GCM IV != 12 test. Changed LTC default in settings.h to not enable SHA512 and Ed/Curve25519. Tested using Rowley Crossworks v4.2.0 on a FRDM-K82F. There is an initial stack pointer issue with the arm-startup code here for Rowley still outstanding, but these fixes are valid as-is.
2018-09-10 07:13:32 -07:00
412eecd51a
Add wc_SetIssuerRaw and EncodeCert with raw fields ( #1798 )
...
* Make cert with raw issuer
* Add wc_SetIssuerRaw
* Use issuer raw in EncodeCert
2018-09-07 16:22:23 -07:00
27555d6eb7
Fix old-style function definitions
2018-09-07 09:13:20 +02:00
ae3d8d3779
* Fixed `wolfSSL_CTX_load_verify_locations` to continue loading if there is an error (ZD 4265).
...
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
2018-09-06 12:51:22 -07:00
d998d10f02
Merge pull request #1805 from dgarske/fix_csr
...
Fix for CSR generation email value
2018-09-05 19:44:41 -07:00
b8605fa544
Fixed typo in fp_mul_comba_7
2018-09-05 14:51:50 -06:00
d432d346aa
Merge pull request #1809 from cconlon/stm32rngfix
...
enable RNG clock when WOLFSSL_STM32F427_RNG is defined
2018-09-04 17:21:01 -07:00
28ad8e591d
Adding comment for empty case in GetNameType
2018-09-04 18:08:40 -05:00
bac8b78a8c
Merge pull request #1803 from SparkiDev/tfm_stack
...
Small stack for fast math code
2018-09-04 15:57:59 -07:00
8e67ef33b2
Merge pull request #1799 from SparkiDev/cert_vfy_small
...
Smaller dynamic memory usage in TLS
2018-09-04 15:40:11 -07:00
d3ea903c55
enable RNG clock when WOLFSSL_STM32F427_RNG is defined
2018-09-04 16:13:09 -06:00
17a70aee1b
Added test and minor fixes for CheckCertSignature
2018-09-03 10:50:47 +10:00
4d0478a287
Fix fp_div_2d to return remainder correctly
...
If a == c are then a and c don't equal d:
calculate d before c
If a != c then a doesn't change in calculating c:
calculate d after c
2018-09-03 08:32:55 +10:00
6171e29fe8
Fix for CSR generation after PR ( https://github.com/wolfSSL/wolfssl/pull/1734 ). This resolves issue with email name in CSR. (Thanks to Forum post https://www.wolfssl.com/forums/post4137.html ).
...
Failed examples:
```
145:d=5 hl=2 l= 16 prim: EOC
0000 - 69 6e 66 6f 40 77 6f 6c-66 73 73 6c 2e 63 6f 6d info@wolfssl.com
```
```
SET {
138 23: SEQUENCE {
140 3: OBJECT IDENTIFIER objectClass (2 5 4 0)
: Error: Spurious EOC in definite-length item.
```
Success Examples:
```
140:d=5 hl=2 l= 9 prim: OBJECT :emailAddress
151:d=5 hl=2 l= 16 prim: IA5STRING :info@wolfssl.com
```
```
SET {
138 29: SEQUENCE {
140 9: OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
151 16: IA5String 'info@wolfssl.com'
```
2018-08-31 11:20:04 -07:00
41ab3d91fd
Small stack for fast math code
...
Any large stack usages have been changed to dynamic memory allocations
when WOLFSSL_SMALL_STACK is defined.
Modified functions to return error codes.
2018-08-31 17:55:49 +10:00
d86fc2dbbe
Smaller dynamic memory usage in TLS
...
Code doesn't require a DecodedCert which saves on dynamic memory usage.
WOLFSSL_SMALL_CERT_VERIFY: Don't have a DecodedCert allocated and verify
certificate signature in ProcessPeerCerts as this is maximum dynamic
memory usage.
WOLFSSL_SMALL_CERT_VERIFY is enabled with 'lowresource' configuration
option.
Fix sp_clear to work with NULL parameter.
Define a new function HashId that maps to the hashing function
available.
Set MAX_CERT_VERIFY_SZ to be the maximum based on what algorithms are
compiled in.
Fix usage of MAX_CERT_VERIFY_SZ in functions sending certificate verify
messages.
2018-08-31 08:29:28 +10:00
31e37ea5df
Merge pull request #1797 from SparkiDev/stack_size
...
Small stack usage fixes
2018-08-29 16:19:46 -07:00
d084a4bcb8
Merge pull request #1794 from SparkiDev/sp_armasm_modexp
...
Fix for SP ASM arm and no DH
2018-08-29 16:13:34 -07:00
03fbad22a6
Merge pull request #1792 from SparkiDev/gcc_8_fixes
...
GCC 8 new warnings in -Wall fix
2018-08-29 16:12:19 -07:00
e4ccb2fe83
Merge pull request #1784 from dgarske/stsafe_server
...
Added ST-Safe PK callback example for Key Generation (TLS server only)
2018-08-29 16:07:14 -07:00
4dbe86f1fd
Small stack usage fixes
...
Stack pointer logging added.
2018-08-29 10:16:51 +10:00
57620caac8
Fix for SP ASM arm and no DH
...
Fix mod exp in ARM asm to work for different size exponents.
In ASM code, mont_norm is not used in RSA so protect from no DH.
2018-08-28 11:24:38 +10:00
551201c00c
GCC 8 new warnings in -Wall fix
2018-08-27 12:51:01 +10:00
bd5e507617
OID
...
1. When checking an OID sum against an OID string based on context, skip the unknown OIDs instead of treating them as parse errors.
2. When getting an OID, pass the lower error upstream instead of just PARSE error.
2018-08-24 11:51:25 -07:00
347fdccf1c
Added missing README.md.
2018-08-24 11:11:30 -07:00
c96aeb4550
Added documentation and benchmarks for STM32 and STSAFE-A100 support.
2018-08-24 11:03:14 -07:00
88e6bd2915
Added ST-Safe server side PK callback example for key gen. Added helper API's for setting up the PK callbacks and custom context.
2018-08-23 15:57:14 -07:00
c7dde6c682
Merge pull request #1656 from danielinux/contiki-port
...
Contiki port
2018-08-23 12:31:56 -07:00
cc39f3211a
Merge pull request #1780 from dgarske/pkcs7_ex
...
Added new PKCS7 ex API's to support signing and validation of large data
2018-08-23 08:41:25 -07:00
5d8a2a7702
Merge pull request #1778 from SparkiDev/sp_mem
...
Make ALT_ECC_SIZE with SP work
2018-08-23 08:25:44 -07:00
554d40a62e
Merge pull request #1777 from dgarske/async_fixes
...
Build fixes for async
2018-08-23 08:23:20 -07:00
0d171e591b
Merge pull request #1776 from SparkiDev/inline_cmpl_fix
...
Fix for clang builds with configs not using inline funcs
2018-08-23 08:22:39 -07:00
8477d5ba1b
Merge pull request #1773 from ejohnstown/critical-option
...
Certificate Extension Critical Check Optionality
2018-08-23 08:21:19 -07:00
57d72028f6
Fix for missing return code on `wc_Pic32HashFree`.
2018-08-22 16:38:55 -07:00
d0d28c82cd
Added new PKCS7 ex API's for supporting signing and validation of large data blobs. New API's are `wc_PKCS7_EncodeSignedData_ex` and `wc_PKCS7_VerifySignedData_ex`. Includes header docx and unit tests for new API's. Cleanup for the PKCS7 small stack and const oid's.
2018-08-22 15:46:37 -07:00
53af520911
Fix to resolve issue with PIC32MZ crypto hardware (AES/DES3 only) where an unaligned input/output buffer was not handled correctly. This results in a BUFFER_E. This was seen with DTLS v1.0 and `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` cipher suite. Fix is to allocate a dynamic buffer from heap if the input/output are not aligned. Tested and verified with a PIC32MZ2048EFM144 and the `wolfssl_udp_client` example for Harmony using DTLS v1.0 and the `setudppacketoptions 192.168.0.107 11111 hello` -> `sendudppacket` commands. Cleanups in older ctoacrypt/settings.h for PIC32MZ.
2018-08-22 13:39:03 -07:00
3d27a8dc53
Contiki port
2018-08-22 09:15:09 +02:00
783c4a0c5e
Make ALT_ECC_SIZE with SP work
...
Change to more relevant dynamic types in SP also.
2018-08-22 16:02:51 +10:00
9ae4ef2d5c
Build fixes for `--enable-async --enable-all --with-intelqa`. Resolves conflict for `stat` variable name. Fix for DH with async. Fix for async devSize.
2018-08-21 19:51:13 -07:00
08c2d94011
return value check of XFSEEK
2018-08-22 10:46:46 +09:00
31bd844d6f
Fix for clang builds with configs not using inline funcs
2018-08-22 11:16:57 +10:00
a0f1c9dbe4
Make the check of the certificate extension critical flag optional based on compile option.
2018-08-21 10:57:04 -07:00
1ab17ac827
More changes to minimize dynamic memory usage.
...
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
506c858ed6
Add memory usage tracking and logging
...
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
2018-08-21 08:54:57 +10:00
e4757f1283
Prime Test Bug Fix
...
Using the wrong size for the MR test check value. Converting from size
of FP_MAX_BITS to the DH prime size, dividing too much. Switched it to
its own constant.
2018-08-20 11:43:06 -07:00
f3c4d5442e
Merge pull request #1757 from dgarske/pkcs8_pad
...
Fix to resolve padding issue with PKCS 8 encryption.
2018-08-20 09:32:34 -07:00
0e1b8b7bd8
Merge pull request #1760 from dgarske/atmel_asf
...
Fixes for building with Atmel ASF (`WOLFSSL_ATMEL`)
2018-08-20 09:20:01 -07:00
683182f494
Merge pull request #1765 from SparkiDev/sp_fixes_1
...
Fixes for SP
2018-08-20 09:18:31 -07:00
3e08c27512
Merge pull request #1715 from SparkiDev/disable_aescbc
...
Config option to disable AES-CBC
2018-08-20 09:08:19 -07:00
79590f3310
silence warning for unreachable statement from some compilers.
2018-08-17 15:13:06 -06:00
2ac2c24f22
Fixes for SP
...
More places to mask shifted n.
Fix conditional check on NO_3072 in sp_int.h
Disable prime checking when using SP maths.
Add support for mp_tohex to SP maths.
Fix wolfmath.c to support including SP maths.
2018-08-17 10:13:29 +10:00
93546694ca
modify for readability
2018-08-16 17:04:32 -06:00
aeb9ab8aea
Combine if statements
2018-08-16 16:25:53 -06:00
eb08c6f6fc
Fix error with wolfCrypt-JNI having ECC_PRIVATEKEY_ONLY and d != NULL
2018-08-16 15:29:46 -06:00
f487b0d96a
Config option to disable AES-CBC
...
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
9db7ba2f0d
Fix for cast mismatch and spelling of state.
2018-08-15 12:00:44 -07:00
c6e075f077
Fixes for building with Atmel ASF and no ECC508A.
2018-08-15 12:00:44 -07:00
3d16f891d4
Fix to check for buffer overrrun with the additional padding in PKCS12 `EncryptContent` function.
2018-08-14 19:20:24 -06:00
cdff2869c2
Fixes for building with `WC_NO_RNG` (applies to wolfCrypt only builds). Tested with `./configure --enable-cryptonly CFLAGS="-DWC_NO_RNG" && make`.
2018-08-14 18:53:25 -06:00
2420af3cf2
Merge pull request #1758 from dgarske/certext
...
Fix for building certext without certgen
2018-08-14 17:00:51 -05:00
9ad059542a
Merge pull request #1745 from dgarske/ecc_export_hex
...
Added new ECC export API's to support export as hex string
2018-08-14 14:19:23 -07:00
d1e13a973c
Fix for building `WOLFSSL_CERT_EXT` without `WOLFSSL_CERT_GEN` due to missing `CTC_MAX_EKU_OID_SZ`. Change to allow --enable-certext without certgen.
2018-08-14 15:00:56 -06:00
1c297b3ac4
Cleanup of some macro logic for enabling the mp_toradix.
2018-08-14 12:58:00 -06:00
6ca56ee98c
Fix to handle carriage return case in PEM end of line character handling (for Windows). Cleanup to consolidate duplicate end of line character handling code.
2018-08-14 12:22:18 -06:00
7b83db0f65
Fix for PemToDer which was not properly handling extra new lines at end of file.
2018-08-14 12:22:18 -06:00
be33e69b22
Refactor to rename `wc_ecc_export_int` to `wc_export_int` for generic API for exporting an `mp_int` as hex string or unsigned bin.
2018-08-14 12:17:20 -06:00
368227be2c
Fix to make sure `fp_div_d` is available.
2018-08-14 12:05:22 -06:00
c073aee87c
Added new ECC export API's to support export as hex string. New API's are `wc_ecc_export_ex` and `wc_ecc_export_int`. For hex string use `ECC_TYPE_HEX_STR` as `encType` arg. Refactor to reduce duplicate code. Build fixes for `NO_ECC_KEY_EXPORT`.
2018-08-14 12:05:22 -06:00
04c2b51b4d
Fix for padding size calculation and cast warning.
2018-08-14 11:49:21 -06:00
d823d6f7b6
Fix to resolve padding issue with PKCS 8 encryption.
2018-08-14 10:51:04 -06:00
64f553d944
Merge pull request #1755 from ejohnstown/scan-build-fix
...
Scan-Build Fix
2018-08-14 10:11:02 -06:00
aee4aea64d
Merge pull request #1748 from JacobBarthelmeh/Testing
...
call hamc init with blake2 software test
2018-08-14 10:07:01 -06:00
d4f908c372
Merge pull request #1728 from JacobBarthelmeh/HardwareAcc
...
Add build for AF_ALG
2018-08-13 16:27:51 -07:00
91d2b17139
Scan-Build Fix
...
1. Initialize the sz variable in wc_BerToDer().
2018-08-13 14:37:04 -07:00
b71c2ddf38
call hamc init with blake2 software test
2018-08-13 08:58:01 -06:00
93a7b76da5
Fix missing `RSA_MIN_SIZE` and `RSA_MAX_SIZE` and case where `HAVE_FIPS_VERSION` is not defined.
2018-08-13 08:18:51 -06:00
80e46253d9
Fix for FIPS v1 CAVP case so the `wc_RsaExportKey` and `wc_CheckProbablePrime` functions are available. Cleanup to remove unused ERROR_OUT.
2018-08-13 06:25:55 -06:00
bb574d28b2
Support for more cert subject OIDs and raw subject access ( #1734 )
...
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
30d6c0c1fc
Merge pull request #1737 from ejohnstown/ocsp-free
...
OCSP Free
2018-08-06 09:08:01 -07:00
30e787b10c
create buffer with structure copy and set fd after close
2018-08-03 16:46:15 -06:00
7726786998
fix comment and remove duplicate free
2018-08-03 15:04:37 -06:00
b88d60ecbb
Merge pull request #1665 from ejohnstown/mr
...
Prime Number Testing
2018-08-03 12:50:27 -07:00
368b5b1072
Merge pull request #1729 from kaleb-himes/init-array
...
Initialize array to zero(s)
2018-08-02 16:33:37 -07:00
5ae45436f4
OSCP
...
1. Added a missed attr files for the OSCP status files. Bare minimum attr.
2. Added the attr files to the automake include.
3. Fix out of bounds read with the OCSP URL.
2018-08-02 14:50:59 -07:00
93c2f3b170
Initialize array to zero(s)
2018-08-02 09:21:09 -06:00
6527c2a724
DH SP Fix
...
When doing the sp_2048_mod_exp_*() is processed, one of the index
variables is masked with 0x1f when it was updated. Added the masking to
the initial set of the index.
2018-08-01 16:32:22 -07:00
7647d52d77
Prime Number Testing
...
1. Remove a copy-paste error when clearing up the RNG used to test a prime.
2. Tag a some const test values as static in the wolfCrypt test.
2018-08-01 14:49:06 -07:00
244d931e75
Merge pull request #1721 from kaleb-himes/cleanup-debug
...
Cleanup debug errors
2018-08-01 15:01:25 -06:00
8bc5bc227d
Merge pull request #1634 from ejohnstown/gcc-8-fixes
...
GCC-8 String Fixes
2018-08-01 12:13:10 -07:00
da096497e0
Merge pull request #1727 from dgarske/memdocs
...
Documented memory build options
2018-08-01 12:12:34 -07:00
ce5e787afc
formating and sanity check on pointer with test case
2018-08-01 11:57:36 -06:00
cb756397b3
inital AES-CBC with af_alg
...
progress on AES-GCM with AF_ALG and add SHA256
add aes-gcm test cases and finish logic of aes-gcm with AF_ALG
formating of tabs and white space
add files to dist
adding ecb and ctr mode with af_alg
make length of buffers for ctr be AES_BLOCK_SIZE
formating and add support for sha256 copy/gethash
sanity checks on arguments
cast return values and valgrind tests
make it easier to use sha256 with af_alg
remove hard tabs
add endif for after rebase
2018-08-01 08:54:20 -06:00
f5b3de6b54
GCC-8 string fixes
...
1. Found one more case where a string is copied, potentially without the null. In wc_ports w.r.t. directory and file names.
2018-07-31 14:02:44 -07:00
Sean Parkinson
Takashi Kojo
MJSPollard
Eric Blankenhorn
David Garske
Daniele Lacamera
Quinn Miller
toddouska
Chris Conlon
John Safranek
Aaron Jense
Kaleb Himes
Jacob Barthelmeh