9ea40f3a9c
Purge IDEA cipher
2022-01-31 15:29:25 -05:00
5bdaf44354
Merge pull request #4774 from anhu/kill_rabbit
...
Purge Rabbit cipher
2022-01-31 09:17:23 -08:00
40fff86807
Merge pull request #4801 from tmael/cert_rr
...
cert subset improvements
2022-01-28 11:00:55 -08:00
b957a6e872
Purge Rabbit cipher
2022-01-28 13:13:53 -05:00
30b2073228
test.c: fix gating on wc_ecc_encrypt_ex() for FIPS <5.3 --enable-all.
2022-01-27 19:54:07 -06:00
b890a2f15d
ECIES: allow compressed public keys
...
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
2022-01-27 12:10:59 +10:00
1c1bd413e0
cert subset SHA2-256, ecc-256, cert gen, cryptocb
2022-01-26 17:11:00 -08:00
a718637c6f
AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2).
2022-01-24 11:44:16 -06:00
3d63e41653
SP int: sp_modinv fixes for sizes
...
sp_invmod with even modulus requires a multiplication by modulus. Don't
let modulus overflow result variable 'r'.
Fix allocation of temporary sp_ints to be correct size.
Add test for maximum modulus size in test.c.
Remove leading spaces on functions so git correctly determines which
function has changed.
Put in Thumb code for more sizes of _sp_mul_*().
2022-01-24 15:18:20 +10:00
386aac9694
AES-SIV:
...
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;
in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
2022-01-21 01:26:33 -06:00
5e33da8147
fix whitespace.
2022-01-21 01:25:48 -06:00
6a56d3e131
jumbo patch of fixes for clang-tidy gripes (with some bug fixes).
...
defect/gripe statistics:
configured --enable-all --enable-sp-math-all --enable-intelasm
with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result
[note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]
pre-patch warning count per file, with suppressions:
clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c
clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c
bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c
bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c
readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c
readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c
readability-redundant-preprocessor 9 wolfssl/src/ssl.c
readability-redundant-preprocessor 2 wolfssl/src/tls13.c
readability-redundant-preprocessor 18 wolfssl/tests/api.c
readability-redundant-preprocessor 3 wolfssl/src/internal.c
readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c
readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c
readability-named-parameter 7 wolfssl/src/internal.c
readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c
readability-named-parameter 1 wolfssl/testsuite/testsuite.c
readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c
misc-no-recursion 3 wolfssl/src/ssl.c
readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c
readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c
readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c
bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c
bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c
bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c
bugprone-signed-char-misuse 2 wolfssl/src/ssl.c
bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c
bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c
bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c
bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c
bugprone-macro-parentheses 1 wolfssl/src/tls.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c
bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c
bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c
bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c
bugprone-macro-parentheses 15 wolfssl/src/ssl.c
bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c
bugprone-macro-parentheses 8 wolfssl/tests/api.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c
bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c
bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c
bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c
bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c
bugprone-macro-parentheses 2 wolfssl/tests/suites.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c
bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c
bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c
bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c
readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c
readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c
pre-patch warning count summaries, with suppressions:
clang-analyzer-security.insecureAPI.strcpy 8
bugprone-suspicious-missing-comma 6
readability-redundant-preprocessor 45
readability-named-parameter 21
misc-no-recursion 3
readability-uppercase-literal-suffix 18
bugprone-too-small-loop-variable 7
bugprone-signed-char-misuse 8
bugprone-macro-parentheses 601
readability-inconsistent-declaration-parameter-name 2
pre-patch warning count summaries, without suppressions:
clang-analyzer-security.insecureAPI.strcpy 8
bugprone-branch-clone 152
readability-non-const-parameter 118
bugprone-suspicious-missing-comma 6
bugprone-suspicious-include 52
readability-magic-numbers 22423
readability-redundant-preprocessor 45
readability-named-parameter 21
readability-function-cognitive-complexity 845
readability-else-after-return 398
bugprone-implicit-widening-of-multiplication-result 595
readability-function-size 21
readability-isolate-declaration 1090
misc-redundant-expression 2
bugprone-narrowing-conversions 994
misc-no-recursion 3
readability-uppercase-literal-suffix 18
bugprone-reserved-identifier 56
readability-suspicious-call-argument 74
bugprone-too-small-loop-variable 7
bugprone-easily-swappable-parameters 437
bugprone-signed-char-misuse 8
readability-misleading-indentation 94
bugprone-macro-parentheses 601
readability-inconsistent-declaration-parameter-name 2
bugprone-suspicious-string-compare 495
readability-redundant-control-flow 20
readability-braces-around-statements 11483
clang-analyzer-valist.Uninitialized 1
clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-21 01:25:48 -06:00
888bd2b304
Fix AES-SIV test with g++.
...
The string initializers for the AES-SIV test vector fields needed an extra byte
for the null terminator expected by g++.
2022-01-20 19:22:25 -08:00
609d6442b1
Merge pull request #4753 from SparkiDev/siphash
...
Add SipHash algorithm
2022-01-19 18:51:44 -08:00
a6485a228d
Add SipHash algorithm
2022-01-20 09:41:18 +10:00
62b07d8806
Add AES-SIV (RFC 5297).
...
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
2022-01-19 14:32:33 -08:00
7adbf59f22
Merge pull request #4767 from anhu/kill_hc128
...
Get rid of HC-128
2022-01-19 12:20:18 -08:00
2984cb5abf
Merge pull request #4768 from SparkiDev/sp_invmod_nr
...
SP math: sp_invmod changed to not call itself
2022-01-18 16:20:37 -06:00
e745de657f
Merge pull request #4761 from haydenroche5/time_cb
...
Add time callback functionality.
2022-01-18 16:49:19 +10:00
1b0926a3b8
Add time callback functionality.
...
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
2022-01-17 17:49:51 -08:00
fc861f3d6d
SP math: sp_invmod changed to not call itself
...
When the modulus is even, calculate m^-1 mod a instead and fixup after.
Don't call self to do inverse.
2022-01-18 10:45:57 +10:00
c2860cb311
Get rid of HC-128
2022-01-17 18:11:54 -05:00
d06cf97d73
Old Compiler Warning Cleanup (GCC 4.0.2)
...
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
the build. And matched the guards to the call of the function. The
issue is a test that fails only in a cert 3389 build using Arm
assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
2022-01-16 22:08:35 -08:00
15c5ac880e
PKCS7 Test Output
...
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
2022-01-12 14:51:11 -08:00
33f0e2eda5
In the wolfCrypt test, fix a few filenames to use the VPATH versions.
2022-01-12 14:50:43 -08:00
ff0eb5a41e
wolfcrypt/test/test.c: in wolfcrypt_test(), tweak formatting of CheckRunTimeSettings() to resolve invalidPrintfArgType_uint from cppcheck --force.
2022-01-08 01:35:46 -06:00
a4444e6c3e
wolfcrypt/test/test.c: in rsa_oaep_padding_test(), remove accidentally repeated MEMORY_E check.
2022-01-08 01:10:02 -06:00
29fcbb0b19
wolfcrypt/test/test.c: fixes for cppcheck complaints: memleakOnRealloc nullPointerRedundantCheck uninitvar invalidPrintfArgType_uint
2022-01-08 00:33:54 -06:00
7edc916057
wolfcrypt/wolfssl: tests: adding missing wc_Aes*Free()
...
In some Aes implementation this may leak resources
2021-12-30 20:30:33 +01:00
c4e50ef086
fix for libz test with pkcs7
2021-12-23 09:37:09 -08:00
9d137668c7
Merge pull request #4675 from julek-wolfssl/openssh-8.8
...
Fix macro name conflicts with openssh
2021-12-22 08:31:36 -08:00
8435eb4644
Add `WC_` namespace to variable handling defines
2021-12-22 12:16:02 +01:00
dd9b1afb72
Remove magic numbers from `WOLFSSL_ASN_TEMPLATE` code ( #4582 )
...
* pkcs8KeyASN and other misc asn fixes
- Test fixes for testing with `USE_CERT_BUFFERS_1024`
* intASN
* bitStringASN
* objectIdASN
* algoIdASN
* rsaKeyASN
* pbes2ParamsASN
* pbes1ParamsASN
* pkcs8DecASN
* p8EncPbes1ASN
* rsaPublicKeyASN
* dhParamASN
* dhKeyPkcs8ASN
* dsaKeyASN
* dsaPubKeyASN
- Add `wc_SetDsaPublicKey` without header testing
* dsaKeyOctASN
* rsaCertKeyASN
* eccCertKeyASN
* rdnASN
* certNameASN
* digestInfoASN
* otherNameASN
* altNameASN
* basicConsASN
* crlDistASN
* accessDescASN
* authKeyIdASN
* keyUsageASN
* keyPurposeIdASN
* subTreeASN
* nameConstraintsASN
* policyInfoASN
* certExtHdrASN
* certExtASN
* x509CertASN
* reqAttrASN
* strAttrASN
* certReqASN
* eccPublicKeyASN
* edPubKeyASN
* ekuASN
* nameASN
* certExtsASN
* sigASN
* certReqBodyASN_IDX_EXT_BODY
* dsaSigASN
* eccSpecifiedASN
* eccKeyASN
* edKeyASN
* singleResponseASN
* respExtHdrASN
* ocspRespDataASN
* ocspBasicRespASN
* ocspResponseASN
* ocspNonceExtASN
* ocspRequestASN
* revokedASN
* crlASN
* pivASN
* pivCertASN
* dateASN
* `wc_SetDsaPublicKey` was not including `y` in the sequence length
* All index names changed to uppercase
* Shorten names in comments
* Make sure extensions have sequence header when in cert gen
* Fix/refactor size calc in `SetNameEx`
* Pad blocks for encryption
* Add casting for increased enum portability
* Use stack for small ASN types
2021-12-22 11:28:01 +10:00
360a513696
Merge pull request #4553 from SparkiDev/sp_mont_inv_order_fix
...
SP: fix when mont_mul_order is defined
2021-12-20 15:09:08 -08:00
ce4f436d0f
Merge pull request #4587 from SparkiDev/dis_algs_fix_1
...
Disable algorithms: fixes
2021-12-19 20:12:30 -08:00
5172130287
add wc_GetPubKeyDerFromCert(), get pub key DER from DecodedCert
2021-12-15 11:04:52 -07:00
355b779a3e
feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c.
2021-12-11 14:08:04 -06:00
6da0cc1ced
Merge pull request #4600 from dgarske/cust_oid
...
Support for Custom OID in subject and CSR request extension
2021-12-09 11:24:30 +10:00
baee7bace4
Merge pull request #4584 from ethanlooney/nxp_se050_curve25519
...
Added curve25519 support for NXP SE050
2021-12-02 02:47:36 -08:00
9f611e8b80
Merge pull request #4589 from JacobBarthelmeh/native-lwip
...
Native LwIP support update
2021-12-01 10:37:13 -08:00
43ac0d3684
adjust test file for pritnf and test_pass
2021-11-30 16:41:02 -07:00
a33ae21801
whitespace cleanups and portability/pedantic fixes
2021-11-29 23:58:39 -06:00
7221e06ff7
Merge pull request #4588 from miyazakh/sce_protect_mode_e2studio
2021-11-29 15:32:48 -07:00
fb4e39f00a
addressed review comments prt1
2021-11-26 16:03:42 +09:00
b2c0bacb06
Fix Cryptocell ecc
2021-11-24 19:22:40 -08:00
7396a0cb3a
Resolves all peer review comments. Fixes to get Curve25519 working on real hardware. Regression testing fixes for ECC.
2021-11-23 15:03:53 -08:00
7524ededd3
Support for Custom OID in subject and CSR request extension:
...
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
2021-11-23 09:51:13 -08:00
5a72fee3df
Disable algorithms: fixes
...
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
- mp_cond_copy not available unless ECC compiled in
- wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
2021-11-19 16:56:33 +10:00
7e2fab6f4a
warning with keil build and native lwip want read case
2021-11-18 22:58:50 -07:00
f50fcd918e
support Renesas RA SCE protect mode on RA6M4 evaluation board
2021-11-19 14:22:16 +09:00
Anthony Hu
David Garske
Daniel Pouzzner
Sean Parkinson
Tesfa Mael
Hayden Roche
John Safranek
Marco Oliverio
JacobBarthelmeh
Juliusz Sosinowicz
Juliusz Sosinowicz
Chris Conlon
Daniele Lacamera
Hideki Miyazaki