In defense against attack, assume the imported public key is not trusted
and check it matches the private key if set.
Added APIs that allow application to explicitly trust public key.
Original APIs default to not trusting public key.
fasthugemath means turn on fastmath
Use sp_int_digit and not sp_digit in sp_int.c.
test.c needs to use large static buffer when SP Math used like fastmath.
When building static memroy, SP math all without WOLFSSL_SP_NO_MALLOC is
a valid configuration.
Fix freeing of bigint in sp_int.c.
Cast x to a signed value to negate and then back to unsigned. (For
Windows builds.)
Remove warning about empty file on Windows about integer.obj.
Allow RSA verify only and RSA public only to be used with other public
key algorithms.
If building for FIPS, then older versions of RSA and ECC require SP Math
to support negative numbers.
Get old FIPS files building with SP int.
Disallow --enable-sp-math and --enable-sp-math-all.
When just --enable-sp-math on configuration line then disable SP Math
all.
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.
wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.
Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
The test for certificate extensions requires both the test certs option
and the certificate generation option to run. The certs for the test are
generated by wolfCrypt. This disables the extensions test if
certificate generation is disabled.
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra.
* Fix bound warning with strncpy in sniffer.c.
* Fix for async DH issue.
* Fix for SP math all not initializing raw big int.
* Fix for array bounds warning with "-O3" on SetEccPublicKey.
* Fix a sniffer async edge case with TLS v1.2 static RSA and extended master.
* Improved the sniffer test script detection of features.
* Disable ECC custom curve test with Intel QuickAssist.
Allow Chachac20-Poly1305 to take an empty msg.
Allow AES-SIV to have an empty nonce.
Don't allow the length to be malleable. Must use the smallest number of
bytes to represent value.
ECDSA and DSA signature values are positive.
Add Sha512-224 and Sha512-256 OIDs.
ASN template - ensure the ECDSA/DSA signature uses all data.
Curve25519/Curve448 - WOLFSSL_ECDHX_SHARED_NOT_ZERO means shared secret
can't be 0.
Curve25519/Curve448 - check public value is less than order.
ECC - x or y may be zero but not both.
Ed25519/Ed448 - check S is less than order.
Ed448 - ge_p3_dbl can be simplified for ASM.
Prime check (integer.c/tfm.c/sp_int.c): Don't allow negative values and
make sure random candidate doesn't have bits higher than those in a set
when bits not a multiple of 8.
RSA: support Sha512-224 and Sha512-256.
RSA: Fix check for invalid in decryption. Affects plaintexts 256 bytes
and longer.
RSA: Don't allow base be larger than modulus.
RSA: Check small ciphertext (1 or 0) on decrypt when not using OAEP.
RSA: WOLFSSL_RSA_DECRYPT_TO_0_LEN allows decrypted value to be 0.
SP math all: fix div to handle large a and d when checking size of
remainder.
SP math all: set sign of result in sp_mod_2d()
Added a test for the TLSv1.3 KDF to the wolfcrypt test. It uses 6
different test cases from the CAVP tests. A set of 8 session keys are
generated using multiple exporters.
1. Add configure option to enable AMD's RDSEED.
2. Add seed parameters when building specifically for AMD using RDSEED.
3. Update the wolfCrypt test to play nice with the larger seed size.
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
sp_invmod with even modulus requires a multiplication by modulus. Don't
let modulus overflow result variable 'r'.
Fix allocation of temporary sp_ints to be correct size.
Add test for maximum modulus size in test.c.
Remove leading spaces on functions so git correctly determines which
function has changed.
Put in Thumb code for more sizes of _sp_mul_*().
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
the build. And matched the guards to the call of the function. The
issue is a test that fails only in a cert 3389 build using Arm
assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
- mp_cond_copy not available unless ECC compiled in
- wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
HexCharToByte must be cast to a signed char as a char is unsigned on
some platforms.
Redefine the __asm__ and __volatile__ for ICC and KEIL in sp_int.c
mp_test: don't use large bit lengths if unsupported.
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
Makefile.am: clean .build_params file;
ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();
move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);
fix new unused-label defect in wc_ecc_shared_secret_gen_sync();
fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);
fix NO_INLINE ForceZero() prototype;
ecc.c: add missing if (err == MP_OKAY) in build_lut();
wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;
ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;
WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
as a default callback.
2. Modify all the tests and examples to use the default seed callback if
the seed callback is enabled.
Fix no new line
Change comment style in testsuite.c
Add include for proper socket header in wolfio.h
Add dc_log_printf support to benchmark application
Pull in changes for examples
Refector NETOS check in test.c
Fix format and remove settings used only for validation testing
Implement peer review feedback
Address last items noted in peer review
Add new README to include.am
Adjust comment style on TODO
Gate changes in client and server properly
Add static on customer feedback
Fix settings include
Update latest peer feedback
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
* Not all STM32 RTCs support subseconds in the time struct, so this is
now ifdef'd using the only obvious define which exists when subseconds
exist.
* Let wc_GenerateSeed detect STM32's without RNG correctly.
* wolfCrypt test was attempting to use variables that don't exist when
both WOLFSSL_SMALL_STACK and WC_NO_RNG is defined.
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.
* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.
* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.
* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.
* Fix to use proper devId in `ProcessBufferTryDecode`.
* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.
* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.
* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
* Remove NTRU and OQS
* Keep the DTLS serialization format backwards compatible.
* Remove n from mygetopt_long() call.
* Fix over-zealous deletion.
* Resolve problems found by @SparkiDev
add build-time support for module signing using native Linux facility;
add support for alternative licenses using WOLFSSL_LICENSE macro;
improve load-time kernel log messages;
add support for sp-math-all asm/AVX2 acceleration;
add error-checking and return in SAVE_VECTOR_REGISTERS();
implement support for x86 accelerated crypto from interrupt handlers, gated on WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED:
* wolfcrypt_irq_fpu_states
* am_in_hard_interrupt_handler()
* allocate_wolfcrypt_irq_fpu_states()
* free_wolfcrypt_irq_fpu_states()
* save_vector_registers_x86()
* restore_vector_registers_x86()
add WOLFSSL_LINUXKM_SIMD, WOLFSSL_LINUXKM_SIMD_X86, and WOLFSSL_LINUXKM_SIMD_ARM macros for more readable gating.
Use --enable-armasm=sha512-crypto or define WOLFSSL_ARMASM_CRYPTO_SHA512
to use SHA512 cryptographic instructions.
Checks system register for the feature before using the SHA512
instructions.
Added SHA512 input data alignment test.
Add support for SHA512/224 and SHA512/256 to ARM port.
./configure --disable-rsa --disable-ecc --disable-dsa
--enable-curve25519 --disable-ed25519 --disable-curve448
--disable-ed448 --enable-cryptonly
suites.c, testsuite.c: ensure port is an integer for snprintf.
unit.c: make memFailCount an integer for printf.
aes.c:
Reduce variable scope.
Check aes is not NULL before use in GHASH implementations.
XTS check sz is greater than or equal to a AES_BLOCK_SIZE rather than
0 as another block is processed.
wc_AesXtsEncrypt, wc_AesXtsEncrypt - simplify braces and ifdefs
wc_AesEcbEncrypt - subtracting from sz is unnecessary as is unused
after.
asn.c:
StoreKey, StoreEccKey - compiler doesn't see ret != 0 when publicKey
is NULL.
DecodeAuthInfo - count is not used when after break.
DecodeSubtree - don't use min and max as variables (already macros).
SetEccPublicKey - initialize pubSz and set sz regardless for
compiler's sake.
wc_EncodeName_ex - use unique variable 'namesASN'; ret isn't set after
last check.
SetEccPublicKey - simplify code by using else rather than check ret
wasn't set.
DecodeAsymKey - ret not modified in non-template implementaiton.
SetAsymKeyDer - ret still at initialized value here.
DecodeResponseData - ensure dataASN is freed when single->next->status
failed to allocate.
test.c:
curve255519_der_test() can't be compiled when NO_ASN is defined.
types.h:
cast to the appropriate type in EXIT_TEST
test.h
don't return anything when THREAD_RETURN is void and EXIT_TEST is for
threading with stack size.
* Fix for missing heap hint with RSA PSS and `WOLFSSL_PSS_LONG_SALT`. This fix will only allocate buffer if it exceeds the local buffer. Added `wc_RsaPSS_CheckPadding_ex2` to support heap hint if required. Fixed asn.c build issue with `NO_CERTS`. Fixed several spelling errors in asn.c. ZD12855.
* Improve the dynamic memory NULL checking in `wc_RsaPSS_CheckPadding_ex2` with `WOLFSSL_PSS_LONG_SALT` defined.
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
refactor ED routines to pivot on WOLFSSL_ED*_PERSISTENT_SHA and WOLFSSL_ED*_STREAMING_VERIFY macros, with sha state in the key struct only when WOLFSSL_ED*_PERSISTENT_SHA, otherwise on the stack as before;
add ed*_hash_init() and ed*_hash_free() local helpers;
ED* peer review: fix line lengths, remove superfluous retval checks, tweaks for efficiency, and add ED448_PREHASH_SIZE to ed448.h.
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
manual run of RNG init and JDKEK print
job ring does initial rng
is successful on some red key blob operations
caam red key blob test pass
ecdsa sign/verify
ecdsa ecdh/sign/verify with black secure key
ecdsa ecdh/sign/verify with black secure key
initial cmac addition
initial cmac addition
black blob encap
black keys with cmac
add invalidate memory
refactoring and clean up
more code cleanup
add files for dist and remove some printf's
remove unneeded macro guard
use resource manager
Sean Parkinson
David Garske
Chris Conlon
Tesfa Mael
Daniel Pouzzner
Kareem
Hideki Miyazaki
John Safranek
Jacob Barthelmeh
kaleb-himes
Anthony Hu
Marco Oliverio
Hayden Roche
Juliusz Sosinowicz
Juliusz Sosinowicz
Daniele Lacamera
Andrew Hutchings
Anthony Hu
TakayukiMatsuo
Lealem Amedie
Elms
Eric Blankenhorn
toddouska