390908bccc
Merge pull request #5236 from SparkiDev/mem_zero
...
Check memory is zeroized
2022-06-17 12:01:34 -07:00
1b29f7353a
Check memory is zeroized
...
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.
wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.
Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
2022-06-16 10:22:32 +10:00
7e1549c684
Cleanup the RSA consistency check. Should only be enabled for FIPS v2 (3389), FIPS v5 or later. Can be forcefully enabled for non-FIPS using `WOLFSSL_RSA_KEY_CHECK`. The existing `WOLFSSL_NO_RSA_KEY_CHECK` macro will also disable it. This change was introduced in PR #4359 .
2022-06-15 14:46:23 -07:00
f1ce0cc95d
Memory zeroization fixes
...
Zeroize secrets in stack buffers and allocated memory.
mp_forcezero to ensure private MP integers are zeroized.
Fix whitespace and add some comments.
2022-06-15 11:26:11 +10:00
364bf482eb
adjust wolfCrypt test/benchmark Android log TAG name, reset malloc/free counts in memcb_test()
2022-06-13 09:42:02 -06:00
802e3127c0
Merge pull request #5145 from JacobBarthelmeh/caam
...
CAAM support with QNX i.MX8, add AES-CTR crypto callback
2022-06-03 15:24:10 -07:00
aca199cb05
Fix to compile with c89
...
strncasecmp and snprintf are unavailable in C89
use // static analyzer suppressions
2022-05-27 14:20:37 -05:00
da1cbfda46
Merge pull request #5178 from cconlon/nounaligned
...
Add define to skip SHA-512 unaligned memory test in test.c
2022-05-25 09:55:29 -07:00
321d404d6b
add define to skip unaligned memory tests in test.c
2022-05-24 11:55:21 -06:00
b66fa1680a
fix whitespace.
2022-05-24 12:13:14 -05:00
b5d65b9579
Merge pull request #5159 from kareem-wolfssl/fipsv3HmacMd5
...
Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary.
2022-05-20 18:40:29 -07:00
832a7a40a6
Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary.
2022-05-19 12:06:20 -07:00
54a96cef06
add test case
2022-05-18 11:16:10 +09:00
c1f117413f
get crypto only compiled with openssl extra
2022-05-18 11:16:03 +09:00
7305616452
Merge pull request #5080 from JacobBarthelmeh/DH
...
with WOLFSSL_NO_DH186 restriction allow odd DH param size generations
2022-05-13 08:57:33 -07:00
5caef7eaba
avoid dead store with test case
2022-05-11 11:53:17 -06:00
26673a0f28
where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp;
...
add macro XSTRCASECMP();
update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
421f54e60a
Merge pull request #5118 from douzzer/20220405-declaration-after-statement
...
20220405 declaration after statement
2022-05-06 16:16:52 -07:00
99b44f15ef
fix various -Wdeclaration-after-statement, with and without --enable-smallstack.
2022-05-06 13:34:32 -05:00
ffe5599013
Fix testsuite 32-bit build
2022-05-05 08:08:09 -07:00
ca955032a0
Fix 32-bit enable-trackmemory build
2022-05-03 20:48:38 -07:00
3294a3f8f8
Certificate Extension Generation Test
...
The test for certificate extensions requires both the test certs option
and the certificate generation option to run. The certs for the test are
generated by wolfCrypt. This disables the extensions test if
certificate generation is disabled.
2022-04-27 13:08:28 -07:00
c0d7f3b2e6
add support for i.MX8 with QNX CAAM
2022-04-27 02:27:05 -07:00
704a18d103
Merge pull request #5079 from tmael/rsa_vfg
...
Fix no malloc RSA test
2022-04-26 08:11:44 -07:00
9bf4a94796
with WOLFSSL_NO_DH186 restriction allow odd DH param size generations
2022-04-25 15:13:24 -06:00
85ef91ce6d
Move up local variable at the beginning
2022-04-25 12:40:31 -07:00
34d541109d
Additional scan-build warning fixes.
2022-04-25 09:55:36 -07:00
18a6a7c4a7
Fix RSA nomalloc test
2022-04-25 09:50:50 -07:00
84a33183a6
Various scan-build fixes.
2022-04-22 16:02:54 -07:00
659d33fdaf
Fixes for minor sniffer and async issues:
...
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra.
* Fix bound warning with strncpy in sniffer.c.
* Fix for async DH issue.
* Fix for SP math all not initializing raw big int.
* Fix for array bounds warning with "-O3" on SetEccPublicKey.
* Fix a sniffer async edge case with TLS v1.2 static RSA and extended master.
* Improved the sniffer test script detection of features.
* Disable ECC custom curve test with Intel QuickAssist.
2022-04-18 11:46:40 -07:00
284ebacc57
Merge pull request #4916 from JacobBarthelmeh/hsm
...
Add SECO use and expand cryptodev
2022-04-07 10:21:32 +10:00
1b5af2fdd9
Merge pull request #5022 from SparkiDev/wycheproof_fixes
...
Wycheproof fixes/changes
2022-04-06 10:29:17 -07:00
2a0b726c15
add AES init functions to ECB test case
2022-04-06 09:42:38 -07:00
91d883d99f
macro guard on ECB test case and use realloc for hash
2022-04-06 07:04:17 -07:00
e9187f5f00
Wycheproof fixes/changes
...
Allow Chachac20-Poly1305 to take an empty msg.
Allow AES-SIV to have an empty nonce.
Don't allow the length to be malleable. Must use the smallest number of
bytes to represent value.
ECDSA and DSA signature values are positive.
Add Sha512-224 and Sha512-256 OIDs.
ASN template - ensure the ECDSA/DSA signature uses all data.
Curve25519/Curve448 - WOLFSSL_ECDHX_SHARED_NOT_ZERO means shared secret
can't be 0.
Curve25519/Curve448 - check public value is less than order.
ECC - x or y may be zero but not both.
Ed25519/Ed448 - check S is less than order.
Ed448 - ge_p3_dbl can be simplified for ASM.
Prime check (integer.c/tfm.c/sp_int.c): Don't allow negative values and
make sure random candidate doesn't have bits higher than those in a set
when bits not a multiple of 8.
RSA: support Sha512-224 and Sha512-256.
RSA: Fix check for invalid in decryption. Affects plaintexts 256 bytes
and longer.
RSA: Don't allow base be larger than modulus.
RSA: Check small ciphertext (1 or 0) on decrypt when not using OAEP.
RSA: WOLFSSL_RSA_DECRYPT_TO_0_LEN allows decrypted value to be 0.
SP math all: fix div to handle large a and d when checking size of
remainder.
SP math all: set sign of result in sp_mod_2d()
2022-04-06 15:35:01 +10:00
a338b4c933
refactor SHA grew function, revert benchmark devid, increase SHA_CTX size, add AES ECB cryptocb test
2022-04-05 14:45:18 -07:00
4f5aa81031
Merge pull request #5000 from ejohnstown/tls13-wctest
...
Add TLSv1.3 KDF to wolfCrypt Test
2022-04-05 10:45:35 -07:00
eefc0f2f57
Add TLSv1.3 KDF to wolfCrypt Test
...
Added a test for the TLSv1.3 KDF to the wolfcrypt test. It uses 6
different test cases from the CAVP tests. A set of 8 session keys are
generated using multiple exporters.
2022-04-05 08:56:15 -07:00
b2a2a8af4a
fix whitespace.
2022-04-05 08:09:48 -05:00
c3a9520eb5
Merge pull request #5016 from dgarske/async_fixes
...
Fixes for async in wolfCrypt test
2022-04-05 07:56:08 +10:00
8e4abb0011
addressed code review comment
2022-04-02 09:18:28 +09:00
6ec0c22a28
Fixes for async in wolfCrypt test.
2022-04-01 12:04:31 -07:00
99af84f1e2
Whitespace cleanups.
2022-04-01 09:36:53 +09:00
d3a379adac
add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC
2022-04-01 09:36:52 +09:00
c905c613e9
Support for Intel QuickAssist ECC KeyGen acceleration.
2022-03-30 13:07:47 -07:00
008c8509c6
multi-test fixes: whitespace in wolfcrypt/src/random.c and wolfcrypt/test/test.c, bugprone-macro-parentheses and -Wenum-compare in WS_RETURN_CODE() (wolfssl/ssl.h), and clang-analyzer-deadcode.DeadStores in api.c.
2022-03-25 13:26:41 -05:00
7eb95674ee
Merge pull request #4966 from dgarske/kcapi
...
Fixes for KCAPI AES GCM and ECC
2022-03-25 10:18:16 +10:00
14522f25ff
Merge pull request #4904 from kaleb-himes/OE22_NS9210_FIX
...
Fix up random.h conflicts with cert 3389 releases and some NETOS issues
2022-03-24 16:07:23 -07:00
6e550c8d75
Fix for KCAPI ECC KeyGen. Disable ECC consistency checks with KCAPI. Allow public `AddSignature` (used to be public). Fix KCAPI ECC SharedSecret output size.
2022-03-23 09:37:50 -07:00
5fe6f1c875
For KCAPI do not force enable ECC curves, set K or seed callback, disable AES GCM tests with non standard IV.
2022-03-23 09:37:50 -07:00
b90df0a6aa
Merge pull request #4951 from ejohnstown/wolfrand
...
wolfRand for AMD
2022-03-21 09:09:19 -07:00
55b42dd85a
Add SECO use and expand cryptodev
2022-03-17 12:04:52 -06:00
f80faebfe5
wolfRand for AMD
...
1. Add configure option to enable AMD's RDSEED.
2. Add seed parameters when building specifically for AMD using RDSEED.
3. Update the wolfCrypt test to play nice with the larger seed size.
2022-03-15 15:20:08 -07:00
2c1ecacbfc
TLS 1.3 script test: wait for server to write file
...
Also fixes for:
./configure --enable-psk --disable-rsa --disable-ecc --disable-dh
C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-shared --enable-curve448 --enable-ed448
--disable-rsa --disable-dh --enable-tls13 --disable-ecc --enable-certgen
--enable-keygen
2022-03-14 14:42:47 +10:00
385ece92d8
ECCSI and SAKKE: fix smallstackcache memory leaks in library, and blue-moon undefined behavior bugs in test.c eccsi_test(() and sakke_test().
2022-03-11 10:06:18 -06:00
7006efe97f
Merge pull request #4861 from JacobBarthelmeh/ECC
...
Deterministic ECDSA: fix for larger curve sizes
2022-03-07 08:26:35 +10:00
a4a4bdc20f
fix typo, add macro guard, remove dead code path
2022-03-04 10:49:11 -07:00
d1212f9247
add P521 test case and fix for k generation
2022-03-03 10:44:24 -07:00
1aff4399d1
Merge pull request #4899 from dgarske/kcapi
...
Improvements to KCAPI support
2022-03-01 08:52:55 +10:00
9644a04db2
Peer review fix.
2022-02-28 11:32:12 -08:00
ac7bd0aae8
Fix up random.h conflicts with cert 3389 releases and some NETOS issues
2022-02-28 12:09:50 -07:00
cc2eb0ab71
KCAPI Testing fixes.
2022-02-25 15:16:55 -08:00
a2381ba954
Adds CSR userId support in subject name. Minor build fixes for ASN template.
2022-02-25 14:22:59 -08:00
bb50777f1a
ASN template: handle short OIDs
...
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
2022-02-24 15:36:56 +10:00
2eb044dc60
SP: Add support for P521
2022-02-23 14:51:47 +10:00
a5ce2a33eb
add macro guard around test case
2022-02-15 11:58:59 -07:00
f0a0cd1078
fix for larger curve sizes with deterministic ECC sign
2022-02-14 09:55:38 -07:00
cbc253d713
wolfcrypt/test/test.c: gate ecc_encrypt_e2e_test() on !HAVE_FIPS || FIPS_VERSION_GE(5,3).
2022-02-10 16:00:52 -06:00
d1267b5203
Merge pull request #4805 from SparkiDev/ecies_aes_ctr
...
ECIES: add support for more encryption algorithms
2022-02-10 07:04:24 -08:00
e50f661639
ECIES: add support for more encryption algorithms
...
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
2022-02-10 09:54:22 +10:00
1f69c52ce8
Merge pull request #4830 from dgarske/no_hmac
...
Fixes for building without HMAC
2022-02-07 22:26:38 -06:00
56c562a516
Fixes for building with `./configure --enable-opensslextra --enable-cryptonly CFLAGS="-DNO_HMAC" && make`. Found this testing a customers configuration with latest. Also fixes some trailing whitespace.
2022-02-07 15:10:21 -08:00
e47dd675af
Fix tests to properly gate on ! NO_PWDBASED && ! NO_SHA
2022-02-07 14:44:26 -05:00
a7165907da
psa: support AES
2022-02-04 21:45:38 +01:00
cebb127ac3
test: don't free AesXts struct in-between tests that reuse the key
2022-02-02 10:46:40 +01:00
9ea40f3a9c
Purge IDEA cipher
2022-01-31 15:29:25 -05:00
5bdaf44354
Merge pull request #4774 from anhu/kill_rabbit
...
Purge Rabbit cipher
2022-01-31 09:17:23 -08:00
40fff86807
Merge pull request #4801 from tmael/cert_rr
...
cert subset improvements
2022-01-28 11:00:55 -08:00
b957a6e872
Purge Rabbit cipher
2022-01-28 13:13:53 -05:00
30b2073228
test.c: fix gating on wc_ecc_encrypt_ex() for FIPS <5.3 --enable-all.
2022-01-27 19:54:07 -06:00
b890a2f15d
ECIES: allow compressed public keys
...
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
2022-01-27 12:10:59 +10:00
1c1bd413e0
cert subset SHA2-256, ecc-256, cert gen, cryptocb
2022-01-26 17:11:00 -08:00
a718637c6f
AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2).
2022-01-24 11:44:16 -06:00
3d63e41653
SP int: sp_modinv fixes for sizes
...
sp_invmod with even modulus requires a multiplication by modulus. Don't
let modulus overflow result variable 'r'.
Fix allocation of temporary sp_ints to be correct size.
Add test for maximum modulus size in test.c.
Remove leading spaces on functions so git correctly determines which
function has changed.
Put in Thumb code for more sizes of _sp_mul_*().
2022-01-24 15:18:20 +10:00
386aac9694
AES-SIV:
...
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;
in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
2022-01-21 01:26:33 -06:00
5e33da8147
fix whitespace.
2022-01-21 01:25:48 -06:00
6a56d3e131
jumbo patch of fixes for clang-tidy gripes (with some bug fixes).
...
defect/gripe statistics:
configured --enable-all --enable-sp-math-all --enable-intelasm
with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result
[note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]
pre-patch warning count per file, with suppressions:
clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c
clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c
bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c
bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c
readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c
readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c
readability-redundant-preprocessor 9 wolfssl/src/ssl.c
readability-redundant-preprocessor 2 wolfssl/src/tls13.c
readability-redundant-preprocessor 18 wolfssl/tests/api.c
readability-redundant-preprocessor 3 wolfssl/src/internal.c
readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c
readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c
readability-named-parameter 7 wolfssl/src/internal.c
readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c
readability-named-parameter 1 wolfssl/testsuite/testsuite.c
readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c
misc-no-recursion 3 wolfssl/src/ssl.c
readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c
readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c
readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c
bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c
bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c
bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c
bugprone-signed-char-misuse 2 wolfssl/src/ssl.c
bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c
bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c
bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c
bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c
bugprone-macro-parentheses 1 wolfssl/src/tls.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c
bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c
bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c
bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c
bugprone-macro-parentheses 15 wolfssl/src/ssl.c
bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c
bugprone-macro-parentheses 8 wolfssl/tests/api.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c
bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c
bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c
bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c
bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c
bugprone-macro-parentheses 2 wolfssl/tests/suites.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c
bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c
bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c
bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c
readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c
readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c
pre-patch warning count summaries, with suppressions:
clang-analyzer-security.insecureAPI.strcpy 8
bugprone-suspicious-missing-comma 6
readability-redundant-preprocessor 45
readability-named-parameter 21
misc-no-recursion 3
readability-uppercase-literal-suffix 18
bugprone-too-small-loop-variable 7
bugprone-signed-char-misuse 8
bugprone-macro-parentheses 601
readability-inconsistent-declaration-parameter-name 2
pre-patch warning count summaries, without suppressions:
clang-analyzer-security.insecureAPI.strcpy 8
bugprone-branch-clone 152
readability-non-const-parameter 118
bugprone-suspicious-missing-comma 6
bugprone-suspicious-include 52
readability-magic-numbers 22423
readability-redundant-preprocessor 45
readability-named-parameter 21
readability-function-cognitive-complexity 845
readability-else-after-return 398
bugprone-implicit-widening-of-multiplication-result 595
readability-function-size 21
readability-isolate-declaration 1090
misc-redundant-expression 2
bugprone-narrowing-conversions 994
misc-no-recursion 3
readability-uppercase-literal-suffix 18
bugprone-reserved-identifier 56
readability-suspicious-call-argument 74
bugprone-too-small-loop-variable 7
bugprone-easily-swappable-parameters 437
bugprone-signed-char-misuse 8
readability-misleading-indentation 94
bugprone-macro-parentheses 601
readability-inconsistent-declaration-parameter-name 2
bugprone-suspicious-string-compare 495
readability-redundant-control-flow 20
readability-braces-around-statements 11483
clang-analyzer-valist.Uninitialized 1
clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
2022-01-21 01:25:48 -06:00
888bd2b304
Fix AES-SIV test with g++.
...
The string initializers for the AES-SIV test vector fields needed an extra byte
for the null terminator expected by g++.
2022-01-20 19:22:25 -08:00
609d6442b1
Merge pull request #4753 from SparkiDev/siphash
...
Add SipHash algorithm
2022-01-19 18:51:44 -08:00
a6485a228d
Add SipHash algorithm
2022-01-20 09:41:18 +10:00
62b07d8806
Add AES-SIV (RFC 5297).
...
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
2022-01-19 14:32:33 -08:00
7adbf59f22
Merge pull request #4767 from anhu/kill_hc128
...
Get rid of HC-128
2022-01-19 12:20:18 -08:00
2984cb5abf
Merge pull request #4768 from SparkiDev/sp_invmod_nr
...
SP math: sp_invmod changed to not call itself
2022-01-18 16:20:37 -06:00
e745de657f
Merge pull request #4761 from haydenroche5/time_cb
...
Add time callback functionality.
2022-01-18 16:49:19 +10:00
1b0926a3b8
Add time callback functionality.
...
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
2022-01-17 17:49:51 -08:00
fc861f3d6d
SP math: sp_invmod changed to not call itself
...
When the modulus is even, calculate m^-1 mod a instead and fixup after.
Don't call self to do inverse.
2022-01-18 10:45:57 +10:00
c2860cb311
Get rid of HC-128
2022-01-17 18:11:54 -05:00
d06cf97d73
Old Compiler Warning Cleanup (GCC 4.0.2)
...
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
the build. And matched the guards to the call of the function. The
issue is a test that fails only in a cert 3389 build using Arm
assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
2022-01-16 22:08:35 -08:00
15c5ac880e
PKCS7 Test Output
...
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
2022-01-12 14:51:11 -08:00
33f0e2eda5
In the wolfCrypt test, fix a few filenames to use the VPATH versions.
2022-01-12 14:50:43 -08:00
ff0eb5a41e
wolfcrypt/test/test.c: in wolfcrypt_test(), tweak formatting of CheckRunTimeSettings() to resolve invalidPrintfArgType_uint from cppcheck --force.
2022-01-08 01:35:46 -06:00
a4444e6c3e
wolfcrypt/test/test.c: in rsa_oaep_padding_test(), remove accidentally repeated MEMORY_E check.
2022-01-08 01:10:02 -06:00
29fcbb0b19
wolfcrypt/test/test.c: fixes for cppcheck complaints: memleakOnRealloc nullPointerRedundantCheck uninitvar invalidPrintfArgType_uint
2022-01-08 00:33:54 -06:00
7edc916057
wolfcrypt/wolfssl: tests: adding missing wc_Aes*Free()
...
In some Aes implementation this may leak resources
2021-12-30 20:30:33 +01:00
c4e50ef086
fix for libz test with pkcs7
2021-12-23 09:37:09 -08:00
9d137668c7
Merge pull request #4675 from julek-wolfssl/openssh-8.8
...
Fix macro name conflicts with openssh
2021-12-22 08:31:36 -08:00
8435eb4644
Add `WC_` namespace to variable handling defines
2021-12-22 12:16:02 +01:00
dd9b1afb72
Remove magic numbers from `WOLFSSL_ASN_TEMPLATE` code ( #4582 )
...
* pkcs8KeyASN and other misc asn fixes
- Test fixes for testing with `USE_CERT_BUFFERS_1024`
* intASN
* bitStringASN
* objectIdASN
* algoIdASN
* rsaKeyASN
* pbes2ParamsASN
* pbes1ParamsASN
* pkcs8DecASN
* p8EncPbes1ASN
* rsaPublicKeyASN
* dhParamASN
* dhKeyPkcs8ASN
* dsaKeyASN
* dsaPubKeyASN
- Add `wc_SetDsaPublicKey` without header testing
* dsaKeyOctASN
* rsaCertKeyASN
* eccCertKeyASN
* rdnASN
* certNameASN
* digestInfoASN
* otherNameASN
* altNameASN
* basicConsASN
* crlDistASN
* accessDescASN
* authKeyIdASN
* keyUsageASN
* keyPurposeIdASN
* subTreeASN
* nameConstraintsASN
* policyInfoASN
* certExtHdrASN
* certExtASN
* x509CertASN
* reqAttrASN
* strAttrASN
* certReqASN
* eccPublicKeyASN
* edPubKeyASN
* ekuASN
* nameASN
* certExtsASN
* sigASN
* certReqBodyASN_IDX_EXT_BODY
* dsaSigASN
* eccSpecifiedASN
* eccKeyASN
* edKeyASN
* singleResponseASN
* respExtHdrASN
* ocspRespDataASN
* ocspBasicRespASN
* ocspResponseASN
* ocspNonceExtASN
* ocspRequestASN
* revokedASN
* crlASN
* pivASN
* pivCertASN
* dateASN
* `wc_SetDsaPublicKey` was not including `y` in the sequence length
* All index names changed to uppercase
* Shorten names in comments
* Make sure extensions have sequence header when in cert gen
* Fix/refactor size calc in `SetNameEx`
* Pad blocks for encryption
* Add casting for increased enum portability
* Use stack for small ASN types
2021-12-22 11:28:01 +10:00
360a513696
Merge pull request #4553 from SparkiDev/sp_mont_inv_order_fix
...
SP: fix when mont_mul_order is defined
2021-12-20 15:09:08 -08:00
ce4f436d0f
Merge pull request #4587 from SparkiDev/dis_algs_fix_1
...
Disable algorithms: fixes
2021-12-19 20:12:30 -08:00
5172130287
add wc_GetPubKeyDerFromCert(), get pub key DER from DecodedCert
2021-12-15 11:04:52 -07:00
355b779a3e
feature gating tweaks to better support --disable-rsa --disable-dh --disable-dsa. also a whitespace fix in ssl.c.
2021-12-11 14:08:04 -06:00
6da0cc1ced
Merge pull request #4600 from dgarske/cust_oid
...
Support for Custom OID in subject and CSR request extension
2021-12-09 11:24:30 +10:00
baee7bace4
Merge pull request #4584 from ethanlooney/nxp_se050_curve25519
...
Added curve25519 support for NXP SE050
2021-12-02 02:47:36 -08:00
9f611e8b80
Merge pull request #4589 from JacobBarthelmeh/native-lwip
...
Native LwIP support update
2021-12-01 10:37:13 -08:00
43ac0d3684
adjust test file for pritnf and test_pass
2021-11-30 16:41:02 -07:00
a33ae21801
whitespace cleanups and portability/pedantic fixes
2021-11-29 23:58:39 -06:00
7221e06ff7
Merge pull request #4588 from miyazakh/sce_protect_mode_e2studio
2021-11-29 15:32:48 -07:00
fb4e39f00a
addressed review comments prt1
2021-11-26 16:03:42 +09:00
b2c0bacb06
Fix Cryptocell ecc
2021-11-24 19:22:40 -08:00
7396a0cb3a
Resolves all peer review comments. Fixes to get Curve25519 working on real hardware. Regression testing fixes for ECC.
2021-11-23 15:03:53 -08:00
7524ededd3
Support for Custom OID in subject and CSR request extension:
...
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
2021-11-23 09:51:13 -08:00
5a72fee3df
Disable algorithms: fixes
...
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
- mp_cond_copy not available unless ECC compiled in
- wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
2021-11-19 16:56:33 +10:00
7e2fab6f4a
warning with keil build and native lwip want read case
2021-11-18 22:58:50 -07:00
f50fcd918e
support Renesas RA SCE protect mode on RA6M4 evaluation board
2021-11-19 14:22:16 +09:00
33a6b8c779
Merge pull request #4531 from dgarske/cryptocb_aesccm
...
Added crypto callback support for AES CCM
2021-11-16 22:45:11 +10:00
1559e92dca
Add crypto callback AES CCM test case.
2021-11-15 16:22:10 -08:00
a626a4fb02
Fixes for spelling errors.
2021-11-12 10:27:49 -08:00
341bd7bbbc
mp_test: when SP_INT_DIGITS is even calc was wrong
2021-11-10 09:33:14 +10:00
ff3179012d
SP: fix when mont_mul_order is defined
...
Customer configuration that failed:
./configure --enable-cryptonly --enable-ecc --enable-sp=yes,asm
--disable-rsa --disable-dh --disable-sha3 --disable-sha224 --disable-md5
--disable-sha --disable-pkcs12 --disable-memory --disable-chacha
--disable-poly1305 --disable-sha512 --disable-sha384 --disable-aesgcm
--disable-aescbc --disable-aes --disable-rng CFLAGS="-DNO_SIG_WRAPPER
-DWOLFSSL_PUBLIC_MP -DECC_USER_CURVES -DNO_ECC_SIGN -DNO_ECC_DHE
-DNO_ECC_KEY_EXPORT"
2021-11-09 17:50:21 +10:00
03d5c4e6d3
test.c: fix whitespace.
2021-11-08 18:24:42 -06:00
95bed1cdfd
test.c: smallstack refactors for idea_test(), ed448_test(), and verifyBundle() (fixes various error-dependent leaks too).
2021-11-08 17:35:10 -06:00
f8565f26e2
fixes for --disable-harden.
2021-11-08 17:35:10 -06:00
27d4bb304c
test.c add smallstack refactor of pkcs7enveloped_run_vectors().
2021-11-08 17:35:10 -06:00
26cc534dd2
wolfcrypt/test/test.c: fix memory leaks in pkcs7signed_run_[SingleShot]Vectors() added in smallstack refactor.
2021-11-08 17:35:10 -06:00
8b3048a0ea
wolfcrypt/test/test.c: smallstack refactors for pkcs7authenveloped_run_vectors(), pkcs7signed_run_vectors(), and pkcs7signed_run_SingleShotVectors(); typographic&whitespace cleanup.
2021-11-08 17:35:10 -06:00
dd833807d8
Merge pull request #4523 from dgarske/nxp_se050_fixes
...
Fixes for NXP SE050 ECC create and key store id
2021-11-09 08:56:03 +10:00
5a4577eb6c
Merge pull request #4541 from SparkiDev/mp_hexchar_asm
...
SP, TFM: fixes
2021-11-08 14:49:02 -08:00
dc911b94e7
SP, TFM: fixes
...
HexCharToByte must be cast to a signed char as a char is unsigned on
some platforms.
Redefine the __asm__ and __volatile__ for ICC and KEIL in sp_int.c
mp_test: don't use large bit lengths if unsupported.
2021-11-05 11:49:24 +10:00
d8faa22194
Fix for `ecc_def_curve_test` test changes.
2021-11-04 11:54:09 -07:00
60a86157c7
Fix building with NO_ECC_KEY_EXPORT.
2021-11-03 16:03:26 -07:00
b84edb5c67
Fixes for NXP SE050 testing with hardware.
2021-11-03 12:47:07 -07:00
8a8a6cf17f
Merge pull request #4515 from kareem-wolfssl/zd13006
...
wc_scrypt: Check for underflow in blocksSz calculation.
2021-10-29 08:23:37 -07:00
39c9fa96bc
wc_scrypt: Code review feedback.
2021-10-28 15:02:53 -07:00
c162196b27
Add x509 name attributes and extensions to DER parsing and generation
...
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
2021-10-28 14:50:53 +02:00
75df6508e6
Add a read enable for private keys when in FIPS mode.
2021-10-26 20:24:29 -05:00
85a8c06062
linuxkm: add DEBUG_VECTOR_REGISTER_ACCESS (debug feature switch), ASSERT_SAVED_VECTOR_REGISTERS, and ASSERT_RESTORED_VECTOR_REGISTERS macros, and move the fallback no-op definitions of the SAVE_VECTOR_REGISTERS and RESTORE_VECTOR_REGISTERS to types.h. also fixed several ASCII TAB characters in types.h.
2021-10-26 20:24:28 -05:00
31f13a7f41
wolfcrypt/test/test.c: when HAVE_FIPS, wrap wc_MakeRsaKey() calls in infinite iteration while ret == PRIME_GEN_E, to inhibit nondeterministic failure mode from FIPS-limited _CheckProbablePrime() iteration.
2021-10-26 20:24:28 -05:00
c0778e5ad9
gate access to wc_Sha512.devId on !NO_SHA2_CRYPTO_CB.
2021-10-26 20:24:28 -05:00
0f407b4bfc
test.c: fix indirection flubs in _ASYNC_CRYPT parts of ecc_test_sign_vectors().
2021-10-26 20:24:27 -05:00
b77000bcfb
add smallstack codepath to ecc_test_sign_vectors(), and add missing rc2.h include to linuxkm/module_exports.c.template.
2021-10-26 20:24:27 -05:00
67db7b7f32
fixes for issues identified by Jenkins run:
...
Makefile.am: clean .build_params file;
ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();
move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);
fix new unused-label defect in wc_ecc_shared_secret_gen_sync();
fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);
fix NO_INLINE ForceZero() prototype;
ecc.c: add missing if (err == MP_OKAY) in build_lut();
wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;
ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;
WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
2021-10-26 20:24:27 -05:00
87578262aa
wolfcrypt smallstack refactors:
...
rsa.c: wc_CompareDiffPQ()
dh.c: wc_DhGenerateParams()
dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()
srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()
ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()
test.c: GenerateNextP() dh_generate_test() GenerateP()
2021-10-26 20:24:27 -05:00
2bf711341b
wolfcrypt/test/test.c: use HAVE_FIPS_VERSION, not FIPS_VERSION.
2021-10-26 20:24:26 -05:00
8de8af8b43
wolfcrypt/test/test.c: disable hmac_md5_test() for FIPS 140-3, and rename hkdf_test to wc_hkdf_test to eliminate namespace collision.
2021-10-26 20:24:26 -05:00
b673622322
FIPS 140-3 misc fixes including fixes for rebase errors.
2021-10-26 20:24:26 -05:00
b615309a7b
update FFDHE4096 test with the updated usage
2021-10-26 20:24:26 -05:00
b00b95ef6c
Cofactor flag in wolfcrypt test needed a guard.
2021-10-26 20:24:26 -05:00
f53a4db4e7
Unwind a few changes adding guards so it'll build with old FIPS.
2021-10-26 20:24:26 -05:00
aa3fb6f0d0
Update visibility on a SP math function for DH.
2021-10-26 20:24:26 -05:00
04ffd2ab45
Fixes:
...
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
3eaeaf3a57
Add sign/verify PCT to ECC.
2021-10-26 20:24:25 -05:00
908ec9b14a
Modify ffdhe to not return addresses.
2021-10-26 20:24:25 -05:00
c0e6a55aaa
Skip the small key DH test for SP and FFDHE builds.
2021-10-26 20:24:25 -05:00
2de6b3b2bd
Move the KDF functions into their own source file.
2021-10-26 20:24:25 -05:00
f78887d2ab
Add 'static' to the test vector arrays for the SSH KDF test.
2021-10-26 20:24:25 -05:00
a967cbcb7b
56Ar3 Testing Updates
...
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
2021-10-26 20:24:25 -05:00
976402e04b
RNG Update
...
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
as a default callback.
2. Modify all the tests and examples to use the default seed callback if
the seed callback is enabled.
2021-10-26 20:24:25 -05:00
c47e354eed
Add callback option for RNG seeding.
2021-10-26 20:24:25 -05:00
c7ea896759
Add prototype for the ssh-kdf test in the wolfCrypt test.
2021-10-26 20:24:24 -05:00
de4af35f89
KDF Update
...
1. Move wolfSSH's KDF into wolfCrypt.
2021-10-26 20:24:24 -05:00
5810e45cb7
fix CAVP selftest v2 build error in test.c
2021-10-26 10:33:05 -06:00
905683c98c
Merge pull request #4496 from dgarske/sniffer_keywatch
...
Fix for sniffer key watch callback
2021-10-26 09:55:17 +10:00
e4da9c6f48
Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA.
2021-10-22 14:29:06 -07:00
5859779ddf
Check-in non-FIPS specific porting changes for OE22
...
Fix no new line
Change comment style in testsuite.c
Add include for proper socket header in wolfio.h
Add dc_log_printf support to benchmark application
Pull in changes for examples
Refector NETOS check in test.c
Fix format and remove settings used only for validation testing
Implement peer review feedback
Address last items noted in peer review
Add new README to include.am
Adjust comment style on TODO
Gate changes in client and server properly
Add static on customer feedback
Fix settings include
Update latest peer feedback
2021-10-22 15:01:14 -06:00
864f913454
Make several changes to support OpenSSH 8.5p1.
...
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
2021-10-20 11:00:42 -07:00
892685ac59
Merge pull request #4472 from utzig/ksdk-port-koblitz
...
nxp: ksdk: add support for Koblitz curves
2021-10-19 21:14:38 -07:00
d880403207
SP int: handle even modulus with exponentiation
...
Fix testing of mp_int to only call when implementation included.
2021-10-20 08:21:26 +10:00
d297a06c25
Fix for wolfCrypt test with custom curves without Brainpool. Tested all changes on NXP K82 LTC.
2021-10-19 13:12:12 -07:00
498884eadb
Fix for missing `dhKeyFile` and `dhKeyPubFile` with file system enabled, `WOLFSSL_DH_EXTRA` and `USE_CERT_BUFFERS_2048` set.
2021-10-19 13:06:37 -07:00
97883d78ac
Minor STM32F1 fixes
...
* Not all STM32 RTCs support subseconds in the time struct, so this is
now ifdef'd using the only obvious define which exists when subseconds
exist.
* Let wc_GenerateSeed detect STM32's without RNG correctly.
* wolfCrypt test was attempting to use variables that don't exist when
both WOLFSSL_SMALL_STACK and WC_NO_RNG is defined.
2021-10-12 16:20:36 +01:00
854512105f
Merge pull request #4314 from SparkiDev/libkcapi
...
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
e0abcca040
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
...
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
9d2082f7e1
Fixes and improvements for crypto callbacks with TLS (mutual auth) ( #4437 )
...
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.
* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.
* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.
* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.
* Fix to use proper devId in `ProcessBufferTryDecode`.
* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.
* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.
* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
2021-10-07 11:12:06 +10:00
33cb823148
Remove legacy NTRU and OQS ( #4418 )
...
* Remove NTRU and OQS
* Keep the DTLS serialization format backwards compatible.
* Remove n from mygetopt_long() call.
* Fix over-zealous deletion.
* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
83e0e19e03
linuxkm feature additions:
...
add build-time support for module signing using native Linux facility;
add support for alternative licenses using WOLFSSL_LICENSE macro;
improve load-time kernel log messages;
add support for sp-math-all asm/AVX2 acceleration;
add error-checking and return in SAVE_VECTOR_REGISTERS();
implement support for x86 accelerated crypto from interrupt handlers, gated on WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED:
* wolfcrypt_irq_fpu_states
* am_in_hard_interrupt_handler()
* allocate_wolfcrypt_irq_fpu_states()
* free_wolfcrypt_irq_fpu_states()
* save_vector_registers_x86()
* restore_vector_registers_x86()
add WOLFSSL_LINUXKM_SIMD, WOLFSSL_LINUXKM_SIMD_X86, and WOLFSSL_LINUXKM_SIMD_ARM macros for more readable gating.
2021-09-20 10:27:13 -05:00
4380e8b94a
Merge pull request #4391 from JacobBarthelmeh/Sniffer
...
add sanity check on buffer size
2021-09-16 09:36:48 -07:00
71e8d3ca3c
Merge pull request #4358 from SparkiDev/arm_sha512_crypto
...
AARCH64 SHA512: implementation using crypto instructions added
2021-09-15 09:51:09 -07:00
17c2e9e1cd
AARCH64 SHA512: implementation using crypto instructions added
...
Use --enable-armasm=sha512-crypto or define WOLFSSL_ARMASM_CRYPTO_SHA512
to use SHA512 cryptographic instructions.
Checks system register for the feature before using the SHA512
instructions.
Added SHA512 input data alignment test.
Add support for SHA512/224 and SHA512/256 to ARM port.
2021-09-15 12:05:48 +10:00
142c7a9892
cppcheck fixes and a config fix
...
./configure --disable-rsa --disable-ecc --disable-dsa
--enable-curve25519 --disable-ed25519 --disable-curve448
--disable-ed448 --enable-cryptonly
suites.c, testsuite.c: ensure port is an integer for snprintf.
unit.c: make memFailCount an integer for printf.
aes.c:
Reduce variable scope.
Check aes is not NULL before use in GHASH implementations.
XTS check sz is greater than or equal to a AES_BLOCK_SIZE rather than
0 as another block is processed.
wc_AesXtsEncrypt, wc_AesXtsEncrypt - simplify braces and ifdefs
wc_AesEcbEncrypt - subtracting from sz is unnecessary as is unused
after.
asn.c:
StoreKey, StoreEccKey - compiler doesn't see ret != 0 when publicKey
is NULL.
DecodeAuthInfo - count is not used when after break.
DecodeSubtree - don't use min and max as variables (already macros).
SetEccPublicKey - initialize pubSz and set sz regardless for
compiler's sake.
wc_EncodeName_ex - use unique variable 'namesASN'; ret isn't set after
last check.
SetEccPublicKey - simplify code by using else rather than check ret
wasn't set.
DecodeAsymKey - ret not modified in non-template implementaiton.
SetAsymKeyDer - ret still at initialized value here.
DecodeResponseData - ensure dataASN is freed when single->next->status
failed to allocate.
test.c:
curve255519_der_test() can't be compiled when NO_ASN is defined.
types.h:
cast to the appropriate type in EXIT_TEST
test.h
don't return anything when THREAD_RETURN is void and EXIT_TEST is for
threading with stack size.
2021-09-14 16:08:26 +10:00
33028de0de
SRP test; increase size of N
...
SHA512 digest was sometimes too big for the 1024-bit N.
Increase N to 1536 bits to ensure no intermittent fails.
2021-09-13 09:18:26 +10:00
602ec188ad
sanity checks on ed25519 private key decode
2021-09-10 21:51:18 -06:00
ae4766ae96
add sanity check on buffer size
2021-09-10 16:49:42 -06:00
35cef831bf
Fix for missing heap hint with RSA PSS and `WOLFSSL_PSS_LONG_SALT` ( #4363 )
...
* Fix for missing heap hint with RSA PSS and `WOLFSSL_PSS_LONG_SALT`. This fix will only allocate buffer if it exceeds the local buffer. Added `wc_RsaPSS_CheckPadding_ex2` to support heap hint if required. Fixed asn.c build issue with `NO_CERTS`. Fixed several spelling errors in asn.c. ZD12855.
* Improve the dynamic memory NULL checking in `wc_RsaPSS_CheckPadding_ex2` with `WOLFSSL_PSS_LONG_SALT` defined.
2021-09-03 15:42:31 +10:00
a9a1158f46
Remove test cases not supported by ARM64_ASM in FIPS mode - OE25 ( #4342 )
2021-09-03 08:37:34 +10:00
56843fbefd
Add support for EVP_sha512_224/256 ( #4257 )
2021-09-02 14:05:07 +10:00
9b6cf56a6e
Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer ( #4335 )
...
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
2021-09-01 09:28:24 +10:00
cb3f42482b
Merge pull request #4332 from dgarske/zd12791
...
Improve CRL error codes
2021-08-25 13:57:46 -07:00
700b1c56c1
Improve CRL error codes. Add `--enable-crl=io` option. ZD 12791
2021-08-24 11:12:12 -07:00
9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only
...
SP RSA verify only: fix to compile
2021-08-23 14:42:56 -07:00
dbb03cb5a3
SP RSA verify only: fix to compile
...
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
2021-08-20 13:16:58 +10:00
e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template
...
ASN1 Template: stricter and simpler DER/BER parsing/construction
2021-08-19 12:47:04 -07:00
3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) ( #4276 )
...
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
2021-08-19 09:15:52 -07:00
17a569d4dd
SRP test: use proper SRP hash type for g++
2021-08-19 11:40:43 +10:00
d486b89c61
ASN1 Template: stricter and simpler DER/BER parsing/construction
...
Reduce debug output noise
2021-08-19 11:32:41 +10:00
c5f9e55567
Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.
2021-08-18 11:30:18 -07:00
d6f5f815e1
Fix for `srp_test_digest` return code checking. Added GCC-ARM TLS server example.
2021-08-17 11:12:40 -07:00
89904ce82e
Fixes for building without AES CBC and support for PKCS7 without AES CBC.
2021-08-17 10:47:19 -07:00
e1f603301b
Fixes for SRP with heap hint.
2021-08-17 10:45:50 -07:00
9066ab6051
SRP test: increase size of N to support larger digests
...
Test all digests supported by SRP.
2021-08-17 09:15:07 +10:00
b4131f355e
Add a test/example for parsing the date from a certificate
2021-08-06 14:51:57 +02:00
f1377ed861
Merge pull request #4215 from lealem47/Md2HashTest
...
Added wc_Md2Hash() unit testing to test.c
2021-08-03 16:51:05 -06:00
71cf55a947
Added wc_Md2Hash() unit testing to test.c
2021-07-28 13:45:02 -06:00
d49d8a9286
Merge pull request #4204 from SparkiDev/ecies_sec1
...
ECIES: SEC.1 and ISO 18033 support
2021-07-27 09:43:53 -07:00
31dde4706e
ECIES: Support SEC 1 and ISO 18033
...
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
2021-07-27 09:30:53 +10:00
9f99253a8b
Merge pull request #4219 from SparkiDev/math_neg_mod_2d
...
Maths: mp_mod_2d supports negative value now
2021-07-23 08:40:56 -07:00
ffd69f6426
Merge pull request #4141 from kaleb-himes/FIPS_ANDROID_v454
...
Changes to support Android app with wolfCrypt module v4.5.4
2021-07-21 11:23:42 -06:00
ed6e173fc3
Maths: mp_mod_2d supports negative value now
...
SRP: don't clear an mp_int that hasn't been initialized
2021-07-20 18:33:55 +10:00
4df6fb74b0
fix sanitizer-detected uninitialized/null data accesses: wc_SrpComputeKey(), XChaCha20Poly1305_test().
2021-07-19 16:29:43 -05:00
5e8da2348f
ED: add --enable-ed25519-stream and --enable-ed448-stream to configure.ac, disabled by default, and add them to --enable-all and --enable-all-crypto lists, along with --enable-aesgcm-stream; report AES-GCM and ED* streaming API options in feature summary rendered at end;
...
refactor ED routines to pivot on WOLFSSL_ED*_PERSISTENT_SHA and WOLFSSL_ED*_STREAMING_VERIFY macros, with sha state in the key struct only when WOLFSSL_ED*_PERSISTENT_SHA, otherwise on the stack as before;
add ed*_hash_init() and ed*_hash_free() local helpers;
ED* peer review: fix line lengths, remove superfluous retval checks, tweaks for efficiency, and add ED448_PREHASH_SIZE to ed448.h.
2021-07-16 13:49:47 -05:00
9b43e57ccf
ED: add streaming API to the ED verify routines: wc_ed*_verify_msg_init(), wc_ed*_verify_msg_update(), wc_ed*_verify_msg_final();
...
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
2021-07-16 13:49:47 -05:00
f408eeb5bb
Implement peer review suggestions
2021-07-16 09:57:11 -06:00
af98e64b88
Merge pull request #4208 from dgarske/leaks
...
Fixes for possible leaks with ECCSI and DH test
2021-07-16 08:59:11 +10:00
6458a8cedd
Merge pull request #4187 from SparkiDev/sp_math_mod_red_fix
...
SP math: montgomery reduction edge case
2021-07-15 14:33:26 +07:00
fbbb290d9e
Fixes for possible leaks with `HAVE_WOLF_BIGINT` used by async in ECCSI and DH test. Fixes for GCC `-fsanitize=address` with `--enable-all`.
2021-07-14 14:57:32 -07:00
b5eef78cdb
Merge pull request #4176 from SparkiDev/sp_math_read_bin_max
...
SP math all: allow reading of bin up to max digit size
2021-07-14 16:03:32 +07:00
08ebd34f31
SP math: montgomery reduction edge case
...
4 and 6 word specific implementations now handle rare overflow correctly
in last mul-add of loop.
2021-07-06 10:03:24 +10:00
43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7
...
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
2021-07-01 17:03:56 -07:00
dc7beab784
address errors with `-fsanitize=undefined`
...
- fix null dereferences or undefined `memcpy` calls
- fix alignment in `myCryptoDevCb`
- fix default dtls context assignment
- add align configure option to force data alignment
TESTED:
`./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
2021-06-30 21:58:30 -07:00
4cff893c5f
SP math all: allow reading of bin up to max digit size
2021-07-01 14:29:58 +10:00
80480e5d1f
Merge pull request #4163 from lealem47/rsa-test
...
Rsa test
2021-06-25 13:12:58 -07:00
729fea6b71
unused variable fix in rsa_oaep_padding_test fix
2021-06-25 08:39:44 -06:00
5038a27cda
add test cases and set content oid with decode encrypted data
2021-06-25 21:16:01 +07:00
873f10b0cf
Simplifying rsa_test() by extracting sections as separate functions
2021-06-24 20:47:14 -06:00
8592053856
Regression test fixes
...
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
2021-06-25 09:18:06 +10:00
2fb80ceb59
Merge pull request #4133 from dgarske/crypto_cb_25519
...
Adds crypto callback support for Ed/Curve25519 and SHA2-512/384
2021-06-18 09:47:30 +10:00
18fc1b7e63
Merge pull request #4006 from elms/refactor_pointer_manipulation
2021-06-17 16:37:03 -07:00
258e0c10da
Merge pull request #4142 from elms/fix/memtest
...
test: Fix memtest callbacks
2021-06-17 14:01:21 -07:00
5440b6c63c
Fix for intel asm SHA512 where `HAVE_INTEL_AVX1` or `HAVE_INTEL_AVX2` is defined, but `USE_INTEL_SPEEDUP` is not. Fix for scan-build error with test.c ret not used.
2021-06-17 13:50:09 -07:00
ad59b8af45
test: Fix memtest callbacks
2021-06-17 10:15:11 -07:00
b6ec698a83
Fix for FIPS case with hkdf_test.
2021-06-17 08:15:44 -07:00
14b845a9a5
Fixes for wolfCrypt HMAC test without SHA1/SHA2. Added NO RNG option to cube pack configuration template.
2021-06-17 08:15:44 -07:00
b29fa9bd33
Changes to support Android app with wolfCrypt module v4.5.4
2021-06-17 08:11:40 -06:00
98147de422
Fix for wolfCrypt test not calling init for ed25519 tests.
2021-06-16 16:44:28 -07:00
15d761a0c2
Added ED25519 and Curve25519 crypto callback support.
2021-06-16 11:49:24 -07:00
9c24731e3c
Added SHA2-384/512 crypto callback support.
2021-06-16 11:49:24 -07:00
3a885aba23
Refactor pointer manipulation to be independent of datatype width
...
Tested with `./configure CFLAGS="-DNO_64BIT" --disable-sha512
--disable-sha384 --enable-harden` on a 64-bit machine
2021-06-15 21:08:49 -07:00
b9715432f8
SP math all: sp_cmp handling of negative values
2021-06-15 09:44:06 +10:00
77df7d8630
Merge pull request #3968 from elms/pedantic_cleanup
...
Fixes for some `-pedantic` errors
2021-06-14 13:46:39 -07:00
3180ec96a5
Merge pull request #3963 from dgarske/nxp_ltc_rsa
...
Fixes for NXP LTC ECC/RSA
2021-06-14 08:29:24 +10:00
3ecb8d5a3e
Merge pull request #4062 from dgarske/dh_key
...
DH Key and Params Export cleanups and Apache httpd fixes
2021-06-10 20:54:32 +10:00
c6c7dfd5db
Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
...
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
50dca86dcf
Merge pull request #3878 from JacobBarthelmeh/ECC
...
add deterministic k generation for ECC sign
2021-06-09 09:47:19 +10:00
9b215c5138
Fixes for DH Pub key import/export and new test case. Improve `wc_DhParamsToDer`.
2021-06-08 09:27:30 -07:00
6db0b42c7f
* Refactor of DH key and param exports code (moved into asn.c) enabled with `WOLFSSL_DH_EXTRA`.
...
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
2021-06-08 09:27:26 -07:00
5c01613acb
Add GCC extension to bypass select `-pedantic` warnings
...
Add wrapper macro for `__extension__` to suppress pedantic warnings
2021-06-07 15:38:15 -07:00
94831eadf1
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-01 11:38:17 -06:00
3deb635155
skip memory callback tests with `STATIC_MEMORY` and `LINUXKM`
2021-05-27 14:46:45 -07:00
7a98c517e4
Fixes for some `-pedantic` errors
...
Some of the API with callbacks may not be compatible with pedantic
2021-05-27 14:46:45 -07:00
64ae0a827c
Fixes for RSA with NXP LTC. The invmod function must reduce if A > B. Added RSA Key Generation acceleration.
2021-05-25 15:58:22 -07:00
ceadb62d5b
Add support for running `wolfcrypt/test/testwolfcrypt` on Dolphin emulator
2021-05-20 21:07:50 +02:00
2c6285ccba
cppcheck: fixes from reviewing report
2021-05-20 17:55:06 +10:00
e247161b2e
Merge pull request #3992 from embhorn/zd12169
...
Allow parsing spaces in Base64_SkipNewline
2021-05-07 14:30:24 -07:00
ea2e2994af
Reversing hunk in test.c for DEOS (suspect that was in error).
2021-04-30 14:21:23 -07:00
f9a9b139ed
Fix a build err
2021-04-29 16:44:51 -07:00
cdede0515c
Allow parsing spaces in Base64_SkipNewline
2021-04-28 10:30:16 -05:00
bbda833909
Merge pull request #3720 from elms/deos/project_files
...
DEOS: Add project files for shared library
2021-04-23 15:44:33 -07:00
57f4adf438
DEOS: updated memory and add DTLS
...
Tested: DDC-I 9.2.0r94156 and OpenArbor on PPC hardware
2021-04-16 15:39:19 -07:00
03cfc3dc8f
addressed review comments part1
2021-04-14 11:15:23 +09:00
ad6f8e4246
added and modified compatibility layer APIs for Qt v5.15.2 part1
2021-04-12 18:34:07 +09:00
160faa851c
add deterministic k generation for ECC sign
2021-04-12 16:33:14 +08:00
86fe77d776
Merge pull request #3924 from dgarske/sp_math_all
...
Sp math all fixes
2021-04-07 16:21:58 -07:00
eb37953061
Fix for `WOLFSSL_SP_MATH_ALL` typo. Plus a few other minor ones.
2021-04-05 11:31:55 -07:00
9a86f133c8
additional fixes for reports with test cases
2021-04-05 21:26:52 +07:00
75abeebaf7
free memory in test case
2021-04-05 21:26:22 +07:00
1b832bf8fa
SHA-3: Improve SHAKE256 change to support longer output
...
Added tests for 1 complete block output and longer from NIST's CAVP
tests vectors.
2021-03-26 14:59:12 +10:00
08ea90ad94
Merge pull request #3905 from dgarske/sp_nb_sync
...
SP ECC: Fix for non-blocking test and synchronization of changes
2021-03-25 10:35:30 +10:00
a6851a44af
Fix for ECC non-blocking test R/S values not zero padded causing occasstional wolfCrypt test failures with `./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP"`.
2021-03-23 17:32:36 -07:00
1643bec05f
Merge pull request #3862 from kaleb-himes/WIN32_WCE_PORTING
...
_WIN32_WCE port of wolfCrypt - OE12
2021-03-23 14:40:48 -07:00
7cacfc53e6
ECCSI/SAKKE: fix for g++
...
Cast XMALLOC return.
2021-03-19 10:49:34 +10:00
a363077b1e
Merge pull request #3841 from SparkiDev/aes_gcm_stream
...
AES GCM: implement streaming
2021-03-18 14:36:55 -07:00
df2e0905e0
Merge pull request #3874 from dgarske/cryptocb_devctx
...
Fixes for for crypto callbacks (SHA1, HMAC and CMAC)
2021-03-16 21:26:50 +07:00
35659be06f
AES GCM: implement streaming
...
Updated EVP layer to use streaming API when enabled.
Assembly for x64 updated to include streaming.
2021-03-16 16:39:49 +10:00
3ac03d3d66
Merge pull request #3805 from JacobBarthelmeh/copyright
...
update copyright date to 2021
2021-03-15 16:16:50 -07:00
7a020e4bb6
Fix for FIPS and CMAC init.
2021-03-12 14:23:34 -08:00
697d34c80d
Fix for for crypto callback `devCtx` on symmetric algorithms (missing for SHA1 and CMAC). Fix for HMAC to use devId for hashing. Fixes for CMAC crypto callbacks and testing.
2021-03-12 11:49:25 -08:00
a55e94cf6f
ECCSI and SAKKE: add support
...
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
c729318ddd
update copyright date
2021-03-11 13:42:46 +07:00
16d55b0b86
_WIN32_WCE port of wolfCrypt - OE12
...
Add user_settings.h for OE12
Restrict LPCWSTR typecast to be WINCE specific
2021-03-10 17:02:21 -07:00
72eebd6e75
Merge pull request #3795 from JacobBarthelmeh/CAAM
...
Addition of QNX CAAM driver
2021-03-10 15:04:21 -08:00
25228cb6c0
Merge pull request #3798 from dgarske/no_hash
...
wolfcrypt: Fixes for building without hash or rng
2021-03-05 08:16:34 +10:00
7983734dcb
Merge pull request #3786 from tmael/cc310_ecc_importkey
...
Add Cryptocell wc_ecc_import_x963_ex
2021-03-04 13:59:54 -08:00
79ec07f5e1
adjustment after rebase
2021-03-03 18:45:40 +07:00
69a0b643be
removing some magic numbers
2021-03-03 18:45:40 +07:00
749425e1e8
first pre alpha code for QNX + CAAM
...
manual run of RNG init and JDKEK print
job ring does initial rng
is successful on some red key blob operations
caam red key blob test pass
ecdsa sign/verify
ecdsa ecdh/sign/verify with black secure key
ecdsa ecdh/sign/verify with black secure key
initial cmac addition
initial cmac addition
black blob encap
black keys with cmac
add invalidate memory
refactoring and clean up
more code cleanup
add files for dist and remove some printf's
remove unneeded macro guard
use resource manager
2021-03-03 18:45:40 +07:00
9d4d36f7fe
Fix hasty copy/paste with `privSz2`.
2021-03-01 16:02:51 -08:00
14faf16955
Dismiss unused warnings for dh_test.
2021-03-01 10:14:28 -08:00
bc585e85b6
Dismiss unused warnings for rsa_test.
2021-02-25 11:23:21 -08:00
5cc8979309
Review feedback for unused `pubSz2.
2021-02-24 15:09:51 -08:00
3a3c0be43f
Fixes for build warnings for CryptoCell with ECC and RSA.
2021-02-24 15:05:27 -08:00
49a0f70c24
Fix errors from last commit.
2021-02-24 14:19:13 -08:00
9ebdc8d61c
Additional fixes for building without RNG. Fix for possible use of `key->dp == NULL` in `wc_ecc_export_ex`.
2021-02-24 13:21:54 -08:00
bf63b41465
Fixes for building without hash. If all hash algorithms are disabled `wc_HashAlg` could report empty union. ZD 11585.
2021-02-24 11:04:03 -08:00
3cdbc242b4
Merge pull request #3803 from dgarske/zd11759
...
Fix misplaced endif and brace
2021-02-24 09:04:38 +10:00
7a71ec4692
Merge pull request #3802 from tmael/pkcs8err
...
Fix PKCS8 build config
2021-02-23 13:42:17 -08:00
363185669a
Merge pull request #3776 from cconlon/pkcs7testfix
...
fix wolfCrypt PKCS#7 test when PKCS7_OUTPUT_TEST_BUNDLES is defined
2021-02-23 11:58:00 -08:00
244accece1
Merge pull request #3799 from SparkiDev/sp_gcd_protect
...
SP int: fix guard around sp_gcm and sp_lcm
2021-02-23 11:53:25 -08:00
6cc137dce0
Fix misplaced endif and brace.
2021-02-23 10:22:59 -08:00
b199c2e444
Fix PKCS8 test
2021-02-23 09:33:14 -08:00
22349e0539
Merge pull request #3800 from dgarske/zd11759
...
Fixes for warnings in Windows and failing `wc_BufferKeyEncrypt` test
2021-02-23 17:07:14 +10:00
b5239f97c4
Fixes for warnings in Windows. Fix for failing `wc_BufferKeyEncrypt` with PBKDF disabled. ZD 11759.
2021-02-22 16:51:17 -08:00
3ac40be091
Merge pull request #3797 from tmael/builderr
...
Correct a build error with a non-standard configurations
2021-02-22 16:33:01 -08:00
d2f9f4c4ce
SP int: fix guard around sp_gcm and sp_lcm
2021-02-23 10:21:32 +10:00
243c3ceacc
Fix build err
2021-02-22 13:36:21 -08:00
451b8ede51
tests: fix preprocessor test for gcd/lcm
...
Fixes `--enable-valgrind --enable-fpecc --enable-ecc` build
2021-02-22 09:53:55 -08:00
c7b1dc8f94
Fix Cryptocell ECC tests
2021-02-19 16:39:45 -08:00
8d7c61cf10
prep for Async release
2021-02-19 11:51:23 -07:00
4da0328e1a
fix wolfCrypt PKCS#7 test when PKCS7_OUTPUT_TEST_BUNDLES is defined
2021-02-18 12:14:48 -07:00
10be54054e
Minor fixes for build errors and bad macro names.
2021-02-18 10:55:47 -08:00
c62b48f7d0
Fixes for building with RSA public or verify only. Fixes issue with reserved "div" keyword as variable name. ZD11585
2021-02-18 07:47:00 -08:00
64bc4b663d
SP fixes: even mod testing, ECC compilation with SP
...
Even mod inversion will sometimes work with integer.c.
Don't call SP code to perform ECC ops unless WOLFSSL_HAVE_SP_ECC is
defined.
2021-02-10 14:38:58 +10:00
75d0496f77
Merge pull request #3722 from SparkiDev/sp_clang_fix
...
test.c: don't check key NULL when not small stack
2021-02-09 16:07:04 -08:00
47d5f6f624
Merge pull request #3714 from SparkiDev/sp_int_rsavfy
2021-02-09 07:28:40 -08:00
5818923762
Merge pull request #3723 from douzzer/AesCcmEncrypt-zero-inSz-null-in
...
AES-CCM null payload buffers with inSz zero
2021-02-09 17:22:03 +10:00
763f388471
SP int: get rsavfy and rsapub working again
2021-02-09 09:58:23 +10:00
7a583d5b4b
aesccm_test(): test for (and require) BAD_FUNC_ARG when in or out pointer to wc_AesCcm{En,De}crypt() is null and inSz > 0.
2021-02-08 16:43:38 -06:00
b8a019dedd
AES-CCM: allow null payload buffers in wc_AesCcmEncrypt() and wc_AesCcmDecrypt() when inSz is zero, and add to aesccm_test() a test for this, tolerating early BAD_FUNC_ARG (for FIPS and arch-specific 3rd party code), and a test for the zero-length string, that must succeed.
2021-02-08 16:34:09 -06:00
c17597a4fb
build: arbitrary path for `make check`
...
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
2021-02-05 12:10:32 -08:00
93ea355217
build: fix `make distcheck`
...
Need to check if `unit.test` was run from make process and set
different path to run unit test executable.
Writing files in the dist is not allowed during distcheck so write
files to subdirectory used build during distmake
2021-02-05 07:25:07 -08:00
c4afce76f7
test.c: don't check key NULL when not small stack
2021-02-05 14:57:00 +10:00
5577a2215f
Merge pull request #3708 from JacobBarthelmeh/Testing
2021-02-01 10:11:16 -08:00
a7066a9be2
add stdint to test.c if using non blocking ecc test
2021-02-01 23:07:03 +07:00
fd01f79f86
add guard for rsa public only
2021-01-31 23:43:53 +07:00
d14f4f8451
wolfcrypt/test/test.c: smallstack refactor of openssl test routines.
2021-01-30 00:01:15 -06:00
d0b20f90d5
wolfcrypt/test/test.c: use HEAP_HINT, not NULL, for XREALLOC() too.
2021-01-29 20:16:51 -06:00
a332cf36b5
add DYNAMIC_TYPE_AES and DYNAMIC_TYPE_CMAC to enum in types.h, and use these where appropriate;
...
in test.c: use use HEAP_HINT, not NULL in XMALLOC/XFREE calls;
fix a couple typos in aes_test() re WOLFSSL_ASYNC_CRYPT;
add various missing WOLFSSL_SMALL_STACK_STATIC qualifiers;
and streamline old smallstack refactor on-stack declarations declarations to use the much neater [1] construct.
2021-01-29 17:17:31 -06:00
0f6ae330da
wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table.
2021-01-28 22:51:28 -06:00
f91dcb950c
Merge pull request #3670 from dgarske/keil
...
Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`.
2021-01-25 14:57:05 -08:00
05e1ee1694
Cleanup to use fixed sizes from defines for `DECLARE_VAR`. Resolves issue with Visual Studio and using a variable (even const) to declare an array size.
2021-01-25 09:14:12 -08:00
46aee19de3
Fix for Visual Studio issue with non-cost in array declaration.
2021-01-22 10:44:38 -08:00
1ee40ad7bd
Fix to always init the variable (not just when from heap). Cleanup of the `DECLARE_` uses to make sure all allocations succeeded.
2021-01-21 17:12:29 -08:00
fd8527c15e
Fix FIPS compile errors
2021-01-21 15:27:42 -06:00
17f101ef13
Fix for ARM Keil MDK compiler issue with `DECLARE_VAR_INIT`.
2021-01-20 16:57:30 -08:00
5b7e6ccc14
Merge pull request #3613 from SparkiDev/sp_rand_prime_len
...
SP rand_prime: fix length check
2021-01-18 15:23:15 -08:00
563e3c6b60
Merge pull request #3628 from SparkiDev/even_mp_test
...
RSA/DH test: even number error check fixup
2021-01-18 13:39:54 -08:00
cd0670cbd7
RSA: verify only build fixes
...
configuration: --disable-ecc --disable-dh --disable-aes --disable-aesgcm
--disable-sha512 --disable-sha384 --disable-sha --disable-poly1305
--disable-chacha --disable-md5 --disable-sha3 --enable-cryptonly
--disable-inline --enable-rsavfy --disable-asn --disable-oaep
--disable-rng --disable-filesystem --enable-sp=rsa2048 --enable-sp-math
Fixes to make code build again.
2021-01-06 11:58:15 +10:00
10722fba14
RSA/DH test: even number error check fixup
...
Configuration: --enable-sp=3072
Test only enabled when SP is used.
Return codes checked are those we expect from SP.
Code, with configuration, is compiled so that 2048-bit operations are
not going to SP and the error returns were not correct.
2021-01-06 09:39:24 +10:00
40ab08be45
SP rand_prime: fix length check
...
-ve length indicates to use a BBS prime (last two bits set)
2021-01-04 12:31:59 +10:00
a2dec7ce9c
test.c: work around toolchain/ecosystem bug on aarch64 linux 4.14.0-xilinx-v2018.3.
2020-12-30 20:03:13 -06:00
3d88676ff1
test.c: add WOLFSSL_TEST_SUBROUTINE macro to qualify all previously global subtest handlers, defaulting to the empty string. this restores the version<=4.5 test.c namespace allowing end users to call the tests directly piecemeal. --enable-linuxkm[-defaults] sets -DWOLFSSL_TEST_SUBROUTINE=static for extra namespace hygiene.
2020-12-30 16:12:08 -06:00
fbcfc6adbf
test.c: rehab fail codes in ecc_test_curve_size().
2020-12-28 21:56:39 -06:00
d5dd35c739
add --enable-trackmemory=verbose, and add WOLFSSL_TEST_MAX_RELATIVE_HEAP_{BYTES,ALLOCS} and -m/-a (runtime counterparts) to wolfcrypt_test(). also add -h to wolfcrypt_test() to print available options.
2020-12-23 12:03:06 -06:00
f06361ddf6
add WOLFSSL_SMALL_STACK_STATIC macro, and use it to conditionally declare const byte vectors in test.c static for stack depth control -- currently only enabled for linuxkm, but should be compatible with any target with a TLB (virtual memory).
2020-12-22 17:12:57 -06:00
56071ac21f
Fix for Cryptocell tests
2020-12-22 16:23:16 -06:00
ea3c385021
Merge pull request #3579 from SparkiDev/sp_math_all_4096
...
SP math all: enable 4096-bit support by default for x64
2020-12-18 14:14:36 -08:00
7f5a85ae85
Reduce stack usage
2020-12-18 13:15:50 +10:00
ce0a2f3bc9
Fixes for Cavium Nitrox and Intel QuickAssist.
2020-12-17 15:53:28 -08:00
420a040774
fix WOLFSSL_ASYNC_CRYPT usage in test.c, test_wolfSSL_OBJ_ln() in api.c
2020-12-17 11:08:36 -07:00
b0464c93e2
Merge pull request #3542 from SparkiDev/sp_mod_odd
...
SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops
2020-12-16 08:51:10 -08:00
6dc06993bf
SP: ensure modulus/prime is odd before performing RSA/DH/ModExp ops
2020-12-16 21:49:09 +10:00
972d6cfefc
Base64: Cache attack resistant decode
2020-12-15 17:22:02 +10:00
bd871280d7
Merge pull request #3497 from elms/erf32/se_acceleration
...
ERF32: HW acceleration
2020-12-14 15:43:15 -08:00
2804cb2521
wolfcrypt/test/test.c: more smallstack refactoring in aes_test().
2020-12-11 14:17:25 -06:00
53c6d33695
test.c:aes_test(): add WOLFSSL_SMALL_STACK codepaths for WOLFSSL_AESNI test.
2020-12-11 14:16:44 -06:00
1c0df61247
wolfssl/test.h and wolfcrypt/test/test.c: add STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(), recognize macro WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES, and add to wolfcrypt_test() runtime settability of relative cumulative stack depth assert threshold using "-s stacksize".
2020-12-11 14:16:44 -06:00
525382fb13
test.c:pkcs7authenveloped_run_vectors(): small stack refactor, and reenable for WOLFSSL_LINUXKM.
2020-12-11 14:16:44 -06:00
f47cdfcaed
wolfcrypt/test/test.c: fix skipped initialization warned by LLVM11 scan-build.
2020-12-10 14:16:21 -06:00
f49e9bf954
dsa.c, srp.c, wolfcrypt/test/test.c: smallstack refactors: wc_DsaExportKeyRaw(), wc_DsaSign(), wc_SrpSetKey(), ecc_test_cdh_vectors(), ecc_test_custom_curves().
2020-12-10 14:16:21 -06:00
f7bf0a78fb
test.c:ecc_test_curve_size(): use a macro, not a static const size_t, for size of exportBuf, to make MS Visual Studio happy.
2020-12-10 14:16:21 -06:00
e6b587772f
fix pointer type clash in wolfSSL_BN_mod_word(); restore accidentally removed WOLFSSL_KEY_GEN gate in dsa_test().
2020-12-10 14:16:21 -06:00
ad2cb67047
wolfcrypt/test/test.c: _SMALL_STACK refactors of dsa_test(), srp_test(), openssl_pkey1_test(), and ecc_test_curve_size(); add missing FIPS gates.
2020-12-10 14:16:20 -06:00
93fc37f87b
SiLabs: add cleanup and address PR comments
2020-12-09 16:28:39 -08:00
620fe2da14
SiLabs: Fix tests and wc_ecc_import_private_key
2020-12-08 12:22:35 -08:00
44243278a5
SiLabs: renable ecc_ssh_test and disable AES non-12Byte IV
2020-12-07 15:04:00 -08:00
0d87dfa493
EVP_Cipher should return length written.
2020-12-01 18:36:36 +01:00
099ed25da8
SiLabs: fixing compiler warnings and better error checking
2020-11-30 21:01:49 -08:00
9f7ef0b3e6
SiLabs: Add ECC hardware acceleration support
2020-11-30 21:01:49 -08:00
79c31a5f2c
SiLbs: SHA and AES-{GCM,CBC} hardware acceleration using se_manager
2020-11-30 21:01:49 -08:00
165cb443e7
Micrium v5.8 support
...
* OS error type change from uc OS3 to v5
* detect if network or TCP is available
* XMEMCMP change workaround
2020-11-30 16:32:30 -08:00
91d23d3f5a
Implement all relevant mp functions in sp_int
2020-11-19 11:58:14 +10:00
de6f1c1ae2
Merge pull request #3508 from JacobBarthelmeh/DH
...
fix for no filesystem build with DH test case
2020-11-18 16:15:42 -08:00
9bde34ef5b
Merge pull request #3438 from douzzer/harmonize-CCM8-cipher-names
...
add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
2020-11-18 15:52:52 -08:00
9cdbff8ee7
fix for no filesystem build with DH test case
2020-11-17 18:27:32 +07:00
710cb7c9f5
Fixes for ECC tests with `WOLFSSL_NO_MALLOC` defined.
2020-11-16 12:17:30 -08:00
e5a0a264b3
Fix for coverity report with possible use of uninitialized value "err" in `WC_ECC_NONBLOCK` case. More fixes for building with `WOLFSSL_NO_MALLOC`.
2020-11-16 12:17:28 -08:00
40387ab0a0
Fixes for building with `WOLFSSL_NO_MALLOC` and/or `NO_ASN_CRYPT` defined.
2020-11-16 12:17:28 -08:00
c7bb602a30
Merge pull request #3482 from douzzer/scan-build-fixes-20201110
...
scan-build fixes -- 1 null deref, 34 unused results
2020-11-12 07:45:45 -08:00
68ebca8573
wolfcrypt/test/test.c: fix typos in aesgcm_test() malloc checks.
2020-11-11 22:47:47 -06:00
5fe1586688
fix 34 deadcode.DeadStores detected by llvm11 scan-build.
2020-11-11 13:04:14 -06:00
1d531fe13b
Peer review fixes.
2020-11-10 09:47:37 -08:00
5de80d8e41
Further refactor the minimum ECC key size. Adds `--with-eccminsz=BITS` option. Fix for FIPSv2 which includes 192-bit support. If `WOLFSSL_MIN_ECC_BITS` is defined that will be used.
2020-11-10 09:47:37 -08:00
b13848e568
Fix tests to handle ECC < 224 not enabled.
2020-11-10 09:47:37 -08:00
4b1a779fcc
tests: fix for fips-test -Wunused-variable on "rng"
2020-11-09 11:54:49 -06:00
b76ac0b842
Merge pull request #3442 from SparkiDev/config_fix_2
...
Configuration fixes
2020-11-03 14:48:49 -08:00
3cce86d7a8
Merge pull request #3420 from dgarske/small_pk
...
ECC memory reductions with key and signature parsing
2020-11-03 14:42:43 -08:00
320afab227
Configuration fixes
...
--enable-sp --enable-sp-asm --disable-fastmath:
cpuid.h - check for WOLFSSL_SP_ASM as well
-enable-curve448 --enable-ed448 --disable-rsa --disable-dh
--enable-tls13 --disable-ecc --enable-certgen --enable-keygen:
api.c - certificate loaded that was RSA but RSA disabled
--enable-sp --enable-sp-asm --enable-sp-math:
cpuid.c - check for WOLFSSL_SP_ASM as well
--disable-shared --disable-ecc --disable-dh --enable-cryptonly
--enable-rsavfy --disable-asn --disable-rng --disable-filesystem:
test.c - rsa_test()
'CC=clang -fsanitize=address' '-enable-distro' '--enable-stacksize':
testsuit.c - echoclient_test_wrapper needs to free ECC FP cache when
it is in a separate thread
2020-10-29 16:21:06 +10:00
931eea30f5
Merge pull request #3397 from cconlon/rc2
...
RC2 ECB/CBC and PKCS#12 Integration
2020-10-28 15:06:47 -07:00
589057245f
Improvement to ECC `wc_ecc_rs_raw_to_sig` to reduce memory use (avoid the mp_int). Additional test cases. Fixes for previous function changes.
2020-10-23 11:00:46 -07:00
a7b325f542
Merge pull request #3414 from kabuobeid/wolfrand_build_fix
...
Fix wolfrand build failure.
2020-10-22 22:54:05 -07:00
42583b5270
Fix wolfrand build failure, caused by defining NO_ASN without NO_CERTS.
2020-10-22 14:48:37 -07:00
David Garske
Sean Parkinson
Chris Conlon
Tesfa Mael
Daniel Pouzzner
Kareem
Hideki Miyazaki
John Safranek
Jacob Barthelmeh
kaleb-himes
Anthony Hu
Marco Oliverio
Hayden Roche
Juliusz Sosinowicz
Juliusz Sosinowicz
Daniele Lacamera
Andrew Hutchings
Anthony Hu
TakayukiMatsuo
Lealem Amedie
Elms
Eric Blankenhorn
toddouska