WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
14,898 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

1166 Commits (cb3f42482b7f1258666239b093437c99d79adfba)

Author SHA1 Message Date
John Safranek cb3f42482b
Merge pull request #4332 from dgarske/zd12791 
Improve CRL error codes
 2021-08-25 13:57:46 -07:00
David Garske 700b1c56c1 Improve CRL error codes. Add `--enable-crl=io` option. ZD 12791 2021-08-24 11:12:12 -07:00
John Safranek 9c541568fc
Merge pull request #4313 from SparkiDev/rsa_vfy_only 
SP RSA verify only: fix to compile
 2021-08-23 14:42:56 -07:00
Sean Parkinson dbb03cb5a3 SP RSA verify only: fix to compile 
Configurations:
./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math-all

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=small2048 --enable-sp-math --enable-sp-asm

./configure --disable-asn --disable-filesystem --enable-cryptonly
--disable-dh --disable-sha224 --disable-ecc CFLAGS=-DWOLFSSL_PUBLIC_MP
--enable-rsavfy --enable-sp=2048 --enable-sp-math --enable-sp-asm
 2021-08-20 13:16:58 +10:00
John Safranek e7ef48d2b7
Merge pull request #3869 from SparkiDev/asn1_template 
ASN1 Template: stricter and simpler DER/BER parsing/construction
 2021-08-19 12:47:04 -07:00
Daniel Pouzzner 3226e69649
--enable-linuxkm-pie (FIPS Linux kernel module) (#4276) 
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
 2021-08-19 09:15:52 -07:00
Sean Parkinson 17a569d4dd SRP test: use proper SRP hash type for g++ 2021-08-19 11:40:43 +10:00
Sean Parkinson d486b89c61 ASN1 Template: stricter and simpler DER/BER parsing/construction 
Reduce debug output noise
 2021-08-19 11:32:41 +10:00
David Garske c5f9e55567 Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled. 2021-08-18 11:30:18 -07:00
David Garske d6f5f815e1 Fix for `srp_test_digest` return code checking. Added GCC-ARM TLS server example. 2021-08-17 11:12:40 -07:00
David Garske 89904ce82e Fixes for building without AES CBC and support for PKCS7 without AES CBC. 2021-08-17 10:47:19 -07:00
David Garske e1f603301b Fixes for SRP with heap hint. 2021-08-17 10:45:50 -07:00
Sean Parkinson 9066ab6051 SRP test: increase size of N to support larger digests 
Test all digests supported by SRP.
 2021-08-17 09:15:07 +10:00
Juliusz Sosinowicz b4131f355e Add a test/example for parsing the date from a certificate 2021-08-06 14:51:57 +02:00
Chris Conlon f1377ed861
Merge pull request #4215 from lealem47/Md2HashTest 
Added wc_Md2Hash() unit testing to test.c
 2021-08-03 16:51:05 -06:00
Lealem Amedie 71cf55a947 Added wc_Md2Hash() unit testing to test.c 2021-07-28 13:45:02 -06:00
David Garske d49d8a9286
Merge pull request #4204 from SparkiDev/ecies_sec1 
ECIES: SEC.1 and ISO 18033 support
 2021-07-27 09:43:53 -07:00
Sean Parkinson 31dde4706e ECIES: Support SEC 1 and ISO 18033 
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
 2021-07-27 09:30:53 +10:00
David Garske 9f99253a8b
Merge pull request #4219 from SparkiDev/math_neg_mod_2d 
Maths: mp_mod_2d supports negative value now
 2021-07-23 08:40:56 -07:00
Chris Conlon ffd69f6426
Merge pull request #4141 from kaleb-himes/FIPS_ANDROID_v454 
Changes to support Android app with wolfCrypt module v4.5.4
 2021-07-21 11:23:42 -06:00
Sean Parkinson ed6e173fc3 Maths: mp_mod_2d supports negative value now 
SRP: don't clear an mp_int that hasn't been initialized
 2021-07-20 18:33:55 +10:00
Daniel Pouzzner 4df6fb74b0 fix sanitizer-detected uninitialized/null data accesses: wc_SrpComputeKey(), XChaCha20Poly1305_test(). 2021-07-19 16:29:43 -05:00
Daniel Pouzzner 5e8da2348f ED: add --enable-ed25519-stream and --enable-ed448-stream to configure.ac, disabled by default, and add them to --enable-all and --enable-all-crypto lists, along with --enable-aesgcm-stream; report AES-GCM and ED* streaming API options in feature summary rendered at end; 
refactor ED routines to pivot on WOLFSSL_ED*_PERSISTENT_SHA and WOLFSSL_ED*_STREAMING_VERIFY macros, with sha state in the key struct only when WOLFSSL_ED*_PERSISTENT_SHA, otherwise on the stack as before;

add ed*_hash_init() and ed*_hash_free() local helpers;

ED* peer review: fix line lengths, remove superfluous retval checks, tweaks for efficiency, and add ED448_PREHASH_SIZE to ed448.h.
 2021-07-16 13:49:47 -05:00
Daniel Pouzzner 9b43e57ccf ED: add streaming API to the ED verify routines: wc_ed*_verify_msg_init(), wc_ed*_verify_msg_update(), wc_ed*_verify_msg_final(); 
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;

track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;

add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;

add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.

add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;

add macro asserts near top of ed*.h to assure the required hash functions are available;

fix {NO,HAVE}_ED*_{SIGN,VERIFY};

wolfcrypt/test/test.c: add missing key initializations in ed*_test();

wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
 2021-07-16 13:49:47 -05:00
kaleb-himes f408eeb5bb Implement peer review suggestions 2021-07-16 09:57:11 -06:00
Sean Parkinson af98e64b88
Merge pull request #4208 from dgarske/leaks 
Fixes for possible leaks with ECCSI and DH test
 2021-07-16 08:59:11 +10:00
JacobBarthelmeh 6458a8cedd
Merge pull request #4187 from SparkiDev/sp_math_mod_red_fix 
SP math: montgomery reduction edge case
 2021-07-15 14:33:26 +07:00
David Garske fbbb290d9e Fixes for possible leaks with `HAVE_WOLF_BIGINT` used by async in ECCSI and DH test. Fixes for GCC `-fsanitize=address` with `--enable-all`. 2021-07-14 14:57:32 -07:00
JacobBarthelmeh b5eef78cdb
Merge pull request #4176 from SparkiDev/sp_math_read_bin_max 
SP math all: allow reading of bin up to max digit size
 2021-07-14 16:03:32 +07:00
Sean Parkinson 08ebd34f31 SP math: montgomery reduction edge case 
4 and 6 word specific implementations now handle rare overflow correctly
in last mul-add of loop.
 2021-07-06 10:03:24 +10:00
David Garske 43f8c5ba1b
Merge pull request #4121 from JacobBarthelmeh/PKCS7 
wc_PKCS7_DecodeCompressedData optionally handle a packet without cont…
 2021-07-01 17:03:56 -07:00
Elms dc7beab784 address errors with `-fsanitize=undefined` 
- fix null dereferences or undefined `memcpy` calls
 - fix alignment in `myCryptoDevCb`
 - fix default dtls context assignment
 - add align configure option to force data alignment

TESTED:
 `./configure CFLAGS=-fsanitize=undefined\ -DWOLFSSL_GENERAL_ALIGNMENT=1 --enable-all`
 2021-06-30 21:58:30 -07:00
Sean Parkinson 4cff893c5f SP math all: allow reading of bin up to max digit size 2021-07-01 14:29:58 +10:00
David Garske 80480e5d1f
Merge pull request #4163 from lealem47/rsa-test 
Rsa test
 2021-06-25 13:12:58 -07:00
Lealem Amedie 729fea6b71 unused variable fix in rsa_oaep_padding_test fix 2021-06-25 08:39:44 -06:00
Jacob Barthelmeh 5038a27cda add test cases and set content oid with decode encrypted data 2021-06-25 21:16:01 +07:00
Lealem Amedie 873f10b0cf Simplifying rsa_test() by extracting sections as separate functions 2021-06-24 20:47:14 -06:00
Sean Parkinson 8592053856 Regression test fixes 
./configure --enable-all --disable-rsa
./configure --disable-chacha --disable-asm
./configure --disable-rsa --disable-ecc --disable-dh --enable-curve25519
--enable-cryptonly (and ed25519, curve448, ed448)
./configure --disable-tls13 --enable-psk --disable-rsa --disable-ecc
--disable-dh C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-oldtls --enable-psk -disable-rsa --disable-dh
-disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
--enable-lowresource --enable-singlethreaded --disable-asm
--disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224
--disable-sha384 --disable-sha512 --disable-sha --disable-md5
-disable-aescbc --disable-chacha --disable-poly1305 --disable-coding
Various build combinations with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
 2021-06-25 09:18:06 +10:00
Sean Parkinson 2fb80ceb59
Merge pull request #4133 from dgarske/crypto_cb_25519 
Adds crypto callback support for Ed/Curve25519 and SHA2-512/384
 2021-06-18 09:47:30 +10:00
David Garske 18fc1b7e63
Merge pull request #4006 from elms/refactor_pointer_manipulation 2021-06-17 16:37:03 -07:00
David Garske 258e0c10da
Merge pull request #4142 from elms/fix/memtest 
test: Fix memtest callbacks
 2021-06-17 14:01:21 -07:00
David Garske 5440b6c63c Fix for intel asm SHA512 where `HAVE_INTEL_AVX1` or `HAVE_INTEL_AVX2` is defined, but `USE_INTEL_SPEEDUP` is not. Fix for scan-build error with test.c ret not used. 2021-06-17 13:50:09 -07:00
Elms ad59b8af45 test: Fix memtest callbacks 2021-06-17 10:15:11 -07:00
David Garske b6ec698a83 Fix for FIPS case with hkdf_test. 2021-06-17 08:15:44 -07:00
David Garske 14b845a9a5 Fixes for wolfCrypt HMAC test without SHA1/SHA2. Added NO RNG option to cube pack configuration template. 2021-06-17 08:15:44 -07:00
kaleb-himes b29fa9bd33 Changes to support Android app with wolfCrypt module v4.5.4 2021-06-17 08:11:40 -06:00
David Garske 98147de422 Fix for wolfCrypt test not calling init for ed25519 tests. 2021-06-16 16:44:28 -07:00
David Garske 15d761a0c2 Added ED25519 and Curve25519 crypto callback support. 2021-06-16 11:49:24 -07:00
David Garske 9c24731e3c Added SHA2-384/512 crypto callback support. 2021-06-16 11:49:24 -07:00
Elms 3a885aba23 Refactor pointer manipulation to be independent of datatype width 
Tested with `./configure CFLAGS="-DNO_64BIT" --disable-sha512
--disable-sha384 --enable-harden` on a 64-bit machine
 2021-06-15 21:08:49 -07:00