WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
12,773 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

984 Commits (91d23d3f5aad1a0c7ee4622f0a57d0bbf0900227)

Author SHA1 Message Date
Daniel Pouzzner b52d50d903 test.c: various improvements and fixes pursuant to dgarske's comments on PR #3244 2020-09-23 18:32:16 -05:00
Daniel Pouzzner a80b0c1982 test.c: don't exclude prime_test when -DOLD_PRIME_CHECK, but to exclude it when -DWOLFSSL_LINUXKM. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner e8b69f8a6a dh_test(): fix missing casts for XMALLOC(). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner f440089e92 dh_test(): fix typo (undersized dynamic buffers). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner f106fea0d8 rsa_no_pad_test(): fix uninited pointer. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 4ea8b46177 dh_test(): refactor remaining bare returns to ERROR_OUT(). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 2ee218761e dh_test(): missed a spot in last commit. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner ca1a991de5 wolfcrypt/test/test.c: fix an error-path leak in dh_test(), and deal with possible -Wdeclaration-after-statement for `XFILE file`. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner a7381f8a48 test.c:rsa_test(): fix uninited pointer 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 426de2101a more work on DECLARE_VAR -- proper handling of failed allocations. WIP. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 9b7c753165 wolfssl/wolfcrypt/types.h: make DECLARE_VAR() et al use heap allocation not only when WOLFSSL_ASYNC_CRYPT but also when WOLFSSL_SMALL_STACK. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner 571bf897c4 wolfcrypt/test/test.c: stack->heap refactor for dh_test(). 2020-09-23 18:32:15 -05:00
David Garske 66b59bda9b Fix for expected fail test in `openssl_test` for partial block. Fix for `mp_test` with ECC disabled, which uses `mp_init_copy`. 2020-09-23 18:32:15 -05:00
David Garske 0f8cf32122 Fix for possible leak in `openssl_test` because EVP free not called with `WOLFSSL_SMALL_STACK_CACHE` (SHA256/SHA512). Added return code checking to the openssl_test in wolfCrypt test. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner 32e30d23c6 wolfcrypt/test/test.c: fix uninitialized values in aesofb_test(). 2020-09-23 18:32:15 -05:00
Daniel Pouzzner f56c6d1d8f wolfcrypt/test/test.c and wolfssl/test.h: implement DEBUG_STACK_SIZE_VERBOSE, measuring and reporting stack usage separately for each test. to use, ./configure --enable-stacksize && make CFLAGS+=-DDEBUG_STACK_SIZE_VERBOSE; also, remove a throwaway dev pragma that snuck into an earlier commit. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner 925afe3b74 cast XMALLOC() return values assiduously, for Visual Studio compatibility. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner 535822f4df wolfcrypt/test/test.c: refactor for stack size and namespace control, allowing embedding of wolfcrypt_test() in kernel module. 2020-09-23 18:32:15 -05:00
toddouska 8753b5b947
Merge pull request #3257 from kojo1/user-mutex 
fix guard, user define mutex
 2020-09-03 15:21:53 -07:00
toddouska a626ac39f2
Merge pull request #3253 from SparkiDev/chacha20_stream_fix 
ChaCha20: Enable streaming with Intel x86_64 asm
 2020-09-03 15:18:00 -07:00
Sean Parkinson 54c8774103 ChaCha20: Enable streaming with Intel x86_64 asm 2020-08-31 09:06:51 +10:00
David Garske 21d17b17d0 Fix typo in code comment for ECC curve cache. Fix for valgrind report of possible use of uninitialized value with ChaCha/Poly AEAD test. 2020-08-27 12:01:24 -07:00
David Garske 6d5731b8e9 Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with `WOLFSSL_SMALL_STACK_CACHE`. Added return code checking and cleanup for `openssl_test`. 2020-08-26 09:45:26 -07:00
David Garske 083f143c89 Fixes for warnings with minimum ECC build. 2020-08-21 15:47:02 -07:00
David Garske 79c0fd3f29 Fix for ECC make key test not waiting for async completion. 2020-08-20 14:25:05 -07:00
David Garske 0011b7b376 Fix possible ECC curve cache leak for custom curves. Fix possible memory leak with `wc_DhKeyDecode` and `WOLFSSL_DH_EXTRA`. Fix leak in `dh_test` with new call to DH key import. 2020-08-20 14:25:05 -07:00
John Safranek 3f6861ee82
FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
Sean Parkinson 6467de5a88 Randomize z ordinates in scalar mult when timing resistant 
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
 2020-08-11 16:12:47 +10:00
toddouska 462f4f9e45
Merge pull request #3196 from cconlon/cavpmarvell 
Add fips-check.sh target for marvell-linux-selftest, selftest v2 support
 2020-08-06 10:45:03 -07:00
David Garske 4a167c0f2c
Merge pull request #3119 from tmael/do178-fix 
DO-178 fix
 2020-08-05 16:30:00 -07:00
toddouska a536e8acd6
Merge pull request #3187 from SparkiDev/config_fix_1 
Fixes for different configurations
 2020-08-03 16:41:50 -07:00
toddouska bfb4b2079b
Merge pull request #3163 from dgarske/nrf52 
Fixes for building against latest nRF52 SDK
 2020-08-03 16:33:49 -07:00
Sean Parkinson d0969ea1ce Fixes for different configurations 
Fix SkipInt() to work with DSA.
Fix protection around SetBitString16Bit() - when WOLFSSL_CERT_GEN and
WOLFSSL_CERT_EXT defined is only use.
WOLFSSL_RSA_VERIFY_ONLY and PSS means testing of PSS won't work.
Fix g++ build around ASN1_SEQUENCE - const variable required to be
initialized.
 2020-08-03 14:55:09 +10:00
David Garske 776b1a2d17 Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools. 2020-07-31 15:17:53 -07:00
Tesfa Mael 4cc7f9e4a9 Check correct returned value 2020-07-30 09:18:45 -07:00
Chris Conlon c6b4fa3be3 add selftest version for newer 4.1.0 validation 2020-07-29 15:10:47 -06:00
David Garske 9160a126e4 Fixes for running wolfCrypt test/benchmark with SECP256R1 disabled. Improved detection of ECC key generation size. 2020-07-28 11:43:48 -07:00
David Garske 25fcd082d7 Improve the `mutex_test` test with pthreads. Fixes #3109 2020-07-28 08:19:32 -07:00
David Garske 8417e0b725 Fixes for building against latest nRF52 SDK. Allow nRF5x AES GCM to be enabled (uses software, but ECB is accelerated). Fix in wolfCrypt test for building AES GSM only with `NO_AES_DECRYPT`. 2020-07-24 15:46:17 -07:00
toddouska e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13 
TLS v1.3 sniffer support
 2020-07-24 11:46:38 -07:00
David Garske 9268ae1397 Fix line length issues. Add debug msg in test to show number of non-blocking iterations. 
```
$ ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" --enable-debug && make
$ ./wolfcrypt/test/testwolfcrypt
...
ECC non-block sign: 18063 times
ECC non-block verify: 35759 times
ECC      test passed!
```
 2020-07-21 10:41:25 -07:00
David Garske 1b051d9c5b TLS v1.3 sniffer support: 
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
 2020-07-17 15:22:35 -07:00
David Garske 90ee12f51a Added test case for ECC non-blocking. `./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" && make`. 2020-07-17 15:13:50 -07:00
Tesfa Mael 890500c1b1 Fix Coverity 2020-07-08 08:20:43 -07:00
Takashi Kojo fd257ee8b9 fix guard 2020-07-03 05:42:44 +09:00
David Garske 6b1a6309ce Fixes for CryptoCell. Fix for signature wrapper signing to allow larger signing input buffer. Cleanup of some duplicate code. Fix for bad cryptocell ECC make key result check (-9628). Fixes #3059. Thanks Sylwester. 2020-06-18 13:40:30 -07:00
toddouska 248b8c9b62
Merge pull request #3057 from kaleb-himes/FIPSv2_plus_OPENSSLALL 
Resolve issues with FIPSv2 when opensslall set
 2020-06-18 10:12:06 -07:00
kaleb-himes e2fb4c55b8 Resolve issues with FIPSv2 when opensslall set 2020-06-17 14:03:02 -06:00
Sean Parkinson 6bb73fb25d Fix ED448 calls to use context and correct variable name 
Added basic test of OpenSSL compatability APIs:
  - wolfSSL_ED25519_generate_key
  - wolfSSL_ED25519_sign
  - wolfSSL_ED25519_verify
  - wolfSSL_ED2448_generate_key
  - wolfSSL_ED448_sign
  - wolfSSL_ED448_verify
 2020-06-17 10:05:50 +10:00
toddouska 29bdc7d8b5
Merge pull request #3015 from tmael/cov-fix 
Coverity fix in wolfSSL 4.4.0
 2020-06-10 17:07:47 -07:00
toddouska e993cb6cc0
Merge pull request #2942 from dgarske/tls13_on 
Enable TLS v1.3 by default
 2020-06-09 13:30:02 -07:00
Sean Parkinson d543e305f1 Fix optimized AES-CCM - counter 
AES-NI optimized 4 block at a time was not incrementing counter
poprerly.
 2020-06-08 10:48:19 +10:00
David Garske 4d8cf5b571 Fixes for building TLSv1.3 with FIPS v1 (no RSA PSS or HKDF). 2020-06-04 15:31:18 -07:00
Tesfa Mael 6176f8537f Typecast to fix conversion loses 2020-06-02 22:06:14 -07:00
Tesfa Mael d5241bbcc6 Coverity fix 2020-06-02 15:35:27 -07:00
toddouska dc1472692a
Merge pull request #3011 from dgarske/nomalloc 
Fixes for using static memory with no malloc
 2020-06-02 11:46:29 -07:00
David Garske 7ce7d244f8 Fix for using static memory AES GCM test. 2020-05-28 15:12:01 -07:00
Chris Conlon 896fcd9aec add WOLFSSL_ATECC6088A, Trust&GO support, PIC32 HAL compatibility, 608A expansions 2020-05-27 16:49:29 -06:00
JacobBarthelmeh d09b947478 update for test case and sha3 2020-05-19 19:27:38 -06:00
JacobBarthelmeh 6a7a8fa5b7 updated RSA calls to Xilsecure 2020-05-19 19:27:21 -06:00
Chris Conlon 9efd9afdfb fix minor IAR warnings in test.c 2020-05-19 14:12:13 -06:00
Tesfa Mael f894d4c0d2 FIPS on Solaris 2020-05-14 10:11:54 -07:00
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
toddouska a1489d981c
Merge pull request #2930 from JacobBarthelmeh/SanityChecks 
check on tag length for AES-CCM
 2020-04-30 14:51:20 -07:00
Jacob Barthelmeh c85a53c631 add macro guard for fips and selftest builds 2020-04-27 15:36:53 -06:00
David Garske 1e726e19a4 Fix for XMALLOC cast. 2020-04-27 06:48:41 -07:00
David Garske cfc0aeb857 Fix for RSA and KeyGen only in test.c. 2020-04-24 08:56:31 -07:00
David Garske 5fa7bb5b9f Fix possible unused args. 2020-04-24 07:48:41 -07:00
David Garske 28b686a8ca * Exposed useful sizes `MAX_X509_HEADER_SZ` and `PEM_LINE_SZ` 
* Refactor the PEM saving code in `test.c`, so its not using large 4K buffer and calculates based on DER.
* Enable ECC key generation test even without `WOLFSSL_KEY_GEN`.
* Added `ECC_KEYGEN_SIZE` macro for ECC key generation testing.
* Refactor ECC DER key generation to use `ECC_BUFSIZE`.
 2020-04-23 16:11:54 -07:00
David Garske 81f959336b Added support for important private key DER using `wc_EccPublicKeyDecode`. Added ECC key generation and decode test case. 2020-04-23 16:07:43 -07:00
toddouska 7318121d3a
Merge pull request #2915 from dgarske/async_v4.4.0 
Fixes for async release v4.4.0
 2020-04-23 09:26:08 -07:00
John Safranek a064cb3943 Fix a couple of wolfCrypt test issues found during the long release build test. 2020-04-22 11:30:57 -07:00
David Garske 36a556f927 Resolve issues with the openssl compatibility `CRYPTO_malloc` and `CRYPTO_free`. 2020-04-22 10:15:16 -07:00
John Safranek 61f3783111
Fixes to test.c for the following build configurations: 
1. ./configure --disable-rsa --enable-certgen --enable-certreq
2. ./configure --disable-ecc --enable-pkcs7
 2020-04-21 10:21:59 -07:00
Jacob Barthelmeh 231c488ddf check on tag length for AES-CCM 2020-04-20 13:44:41 -06:00
JacobBarthelmeh 0cfde0794b
Merge pull request #2848 from julek-wolfssl/wpa-supplicant-openssl-compat 
Added partial support for wpa_supplicant, hostapd, and cjose:
 2020-04-20 12:17:55 -06:00
Eric Blankenhorn 6b3642db36 Fix forbidden iv length 0 with AES-GCM 2020-04-16 13:48:56 -05:00
Juliusz Sosinowicz 36403c1dad Merge remote-tracking branch 'wolfSSL/master' into wpa-supplicant-openssl-compat 2020-04-15 16:55:03 +02:00
toddouska 9c1b90170a
Merge pull request #2903 from SparkiDev/test_4096 
Fix testing using 4096 bits keys and parameters
 2020-04-14 09:25:00 -07:00
toddouska 06c6e583c8
Merge pull request #2891 from julek-wolfssl/refactor-evp-functions 
Move EVP functions to evp.c
 2020-04-14 09:22:51 -07:00
Juliusz Sosinowicz 20e669a65a New API 
Add `wc_ecc_import_point_der_ex` for correct importing DER ECC point and keep `wc_ecc_import_point_der` old functionality
 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 9ced70edc1 Test fixes 
Free `x509->key.pkey` in `FreeX509
Fix type conversions
Fix memory leaks and use of uninitialized memory
 2020-04-14 11:45:32 +02:00
Sean Parkinson ba401c9bde Fix testing using 4096 bits keys and parameters 
RSA PKCS #1.5 padding for signing is not reliant on a random.
 2020-04-14 12:03:51 +10:00
Sean Parkinson 416f0775d3
Merge pull request #2900 from dgarske/sp_no_malloc 
Added option to build SP small without malloc
 2020-04-14 09:40:11 +10:00
David Garske 1f5a7bffaa Build fixes for `WOLFSSL_NO_MALLOC` in wolfCrypt test. 2020-04-13 07:39:06 -07:00
toddouska cf8459e518
Merge pull request #2892 from SparkiDev/cppcheck_fixes_4 
Fixes from cppcheck
 2020-04-09 16:01:11 -07:00
Sean Parkinson 411aee6e05 Fixes from cppcheck 
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
 2020-04-08 09:46:22 +10:00
Juliusz Sosinowicz 4c0ea10e45 Move EVP functions to evp.c 2020-04-07 22:36:50 +02:00
David Garske 1831193c20 * Fixes for building ECC without ASN. 
* Fix to expose `wc_ecc_import_private_key_ex` and its ability to import a private key even when `NO_ASN` is defined.
* Remove execute bit on CSharp files.
 2020-04-03 10:55:31 -07:00
Sean Parkinson 62a593e72e Recognise Netscape Certificate Type extension 
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
 2020-03-19 12:43:03 +10:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
toddouska b7d0b81443
Merge pull request #2818 from dgarske/rsa_sha3only 
RSA with SHA-3 only and RSA 4096-bit tests
 2020-02-27 12:44:29 -08:00
David Garske da882f3912 Added wolfCrypt RSA 4096-bit test support using `USE_CERT_BUFFERS_4096` build option (`./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"`). 2020-02-23 18:40:13 -08:00
Eric Blankenhorn b74dac6171 Fix WIN test 2020-02-20 17:28:34 -06:00
Eric Blankenhorn b4563e6af3 Fix CFB and OFB 2020-02-20 17:28:34 -06:00
Eric Blankenhorn a64e1540ba Adding EVP support for SHA3 2020-02-20 17:28:34 -06:00
Jacob Barthelmeh a0ddb05a07 change evp with cfb1 expect input size in bytes 2020-02-20 17:28:33 -06:00
Jacob Barthelmeh b67ade5164 account for cavp build 2020-02-20 17:28:33 -06:00
Eric Blankenhorn 258382048d Fix test failures 2020-02-20 17:28:33 -06:00
Eric Blankenhorn 64dcf5740a Fix for AES_XTS 2020-02-20 17:28:33 -06:00