mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,608 Commits 5 Branches 162 Tags 807 MiB
27db083733
Commit Graph

2506 Commits

Author SHA1 Message Date
Sean Parkinson
783c4a0c5e Make ALT_ECC_SIZE with SP work 
Change to more relevant dynamic types in SP also.
 2018-08-22 16:02:51 +10:00
David Garske
9ae4ef2d5c Build fixes for --enable-async --enable-all --with-intelqa. Resolves conflict for stat variable name. Fix for DH with async. Fix for async devSize. 2018-08-21 19:51:13 -07:00
Takashi Kojo
08c2d94011 return value check of XFSEEK 2018-08-22 10:46:46 +09:00
Sean Parkinson
31bd844d6f Fix for clang builds with configs not using inline funcs 2018-08-22 11:16:57 +10:00
John Safranek
a0f1c9dbe4 Make the check of the certificate extension critical flag optional based on compile option. 2018-08-21 10:57:04 -07:00
Sean Parkinson
1ab17ac827 More changes to minimize dynamic memory usage. 
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
 2018-08-21 14:41:01 +10:00
Sean Parkinson
506c858ed6 Add memory usage tracking and logging 
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
 2018-08-21 08:54:57 +10:00
John Safranek
e4757f1283 Prime Test Bug Fix 
Using the wrong size for the MR test check value. Converting from size
of FP_MAX_BITS to the DH prime size, dividing too much. Switched it to
its own constant.
 2018-08-20 11:43:06 -07:00
toddouska
f3c4d5442e
Merge pull request #1757 from dgarske/pkcs8_pad 
Fix to resolve padding issue with PKCS 8 encryption.
 2018-08-20 09:32:34 -07:00
toddouska
0e1b8b7bd8
Merge pull request #1760 from dgarske/atmel_asf 
Fixes for building with Atmel ASF (`WOLFSSL_ATMEL`)
 2018-08-20 09:20:01 -07:00
toddouska
683182f494
Merge pull request #1765 from SparkiDev/sp_fixes_1 
Fixes for SP
 2018-08-20 09:18:31 -07:00
toddouska
3e08c27512
Merge pull request #1715 from SparkiDev/disable_aescbc 
Config option to disable AES-CBC
 2018-08-20 09:08:19 -07:00
Aaron Jense
79590f3310 silence warning for unreachable statement from some compilers. 2018-08-17 15:13:06 -06:00
Sean Parkinson
2ac2c24f22 Fixes for SP 
More places to mask shifted n.
Fix conditional check on NO_3072 in sp_int.h
Disable prime checking when using SP maths.
Add support for mp_tohex to SP maths.
Fix wolfmath.c to support including SP maths.
 2018-08-17 10:13:29 +10:00
Aaron Jense
93546694ca modify for readability 2018-08-16 17:04:32 -06:00
Aaron Jense
aeb9ab8aea Combine if statements 2018-08-16 16:25:53 -06:00
Aaron Jense
eb08c6f6fc Fix error with wolfCrypt-JNI having ECC_PRIVATEKEY_ONLY and d != NULL 2018-08-16 15:29:46 -06:00
Sean Parkinson
f487b0d96a Config option to disable AES-CBC 
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
 2018-08-16 08:25:13 +10:00
David Garske
9db7ba2f0d Fix for cast mismatch and spelling of state. 2018-08-15 12:00:44 -07:00
David Garske
c6e075f077 Fixes for building with Atmel ASF and no ECC508A. 2018-08-15 12:00:44 -07:00
David Garske
3d16f891d4 Fix to check for buffer overrrun with the additional padding in PKCS12 EncryptContent function. 2018-08-14 19:20:24 -06:00
David Garske
cdff2869c2 Fixes for building with WC_NO_RNG (applies to wolfCrypt only builds). Tested with ./configure --enable-cryptonly CFLAGS="-DWC_NO_RNG" && make. 2018-08-14 18:53:25 -06:00
Eric Blankenhorn
2420af3cf2
Merge pull request #1758 from dgarske/certext 
Fix for building certext without certgen
 2018-08-14 17:00:51 -05:00
toddouska
9ad059542a
Merge pull request #1745 from dgarske/ecc_export_hex 
Added new ECC export API's to support export as hex string
 2018-08-14 14:19:23 -07:00
David Garske
d1e13a973c Fix for building WOLFSSL_CERT_EXT without WOLFSSL_CERT_GEN due to missing CTC_MAX_EKU_OID_SZ. Change to allow --enable-certext without certgen. 2018-08-14 15:00:56 -06:00
David Garske
1c297b3ac4 Cleanup of some macro logic for enabling the mp_toradix. 2018-08-14 12:58:00 -06:00
David Garske
6ca56ee98c Fix to handle carriage return case in PEM end of line character handling (for Windows). Cleanup to consolidate duplicate end of line character handling code. 2018-08-14 12:22:18 -06:00
David Garske
7b83db0f65 Fix for PemToDer which was not properly handling extra new lines at end of file. 2018-08-14 12:22:18 -06:00
David Garske
be33e69b22 Refactor to rename wc_ecc_export_int to wc_export_int for generic API for exporting an mp_int as hex string or unsigned bin. 2018-08-14 12:17:20 -06:00
David Garske
368227be2c Fix to make sure fp_div_d is available. 2018-08-14 12:05:22 -06:00
David Garske
c073aee87c Added new ECC export API's to support export as hex string. New API's are wc_ecc_export_ex and wc_ecc_export_int. For hex string use ECC_TYPE_HEX_STR as encType arg. Refactor to reduce duplicate code. Build fixes for NO_ECC_KEY_EXPORT. 2018-08-14 12:05:22 -06:00
David Garske
04c2b51b4d Fix for padding size calculation and cast warning. 2018-08-14 11:49:21 -06:00
David Garske
d823d6f7b6 Fix to resolve padding issue with PKCS 8 encryption. 2018-08-14 10:51:04 -06:00
Kaleb Himes
64f553d944
Merge pull request #1755 from ejohnstown/scan-build-fix 
Scan-Build Fix
 2018-08-14 10:11:02 -06:00
David Garske
aee4aea64d
Merge pull request #1748 from JacobBarthelmeh/Testing 
call hamc init with blake2 software test
 2018-08-14 10:07:01 -06:00
toddouska
d4f908c372
Merge pull request #1728 from JacobBarthelmeh/HardwareAcc 
Add build for AF_ALG
 2018-08-13 16:27:51 -07:00
John Safranek
91d2b17139 Scan-Build Fix 
1. Initialize the sz variable in wc_BerToDer().
 2018-08-13 14:37:04 -07:00
Jacob Barthelmeh
b71c2ddf38 call hamc init with blake2 software test 2018-08-13 08:58:01 -06:00
David Garske
93a7b76da5 Fix missing RSA_MIN_SIZE and RSA_MAX_SIZE and case where HAVE_FIPS_VERSION is not defined. 2018-08-13 08:18:51 -06:00
David Garske
80e46253d9 Fix for FIPS v1 CAVP case so the wc_RsaExportKey and wc_CheckProbablePrime functions are available. Cleanup to remove unused ERROR_OUT. 2018-08-13 06:25:55 -06:00
Eric Blankenhorn
bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734) 
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
 2018-08-12 12:53:29 -07:00
David Garske
30d6c0c1fc
Merge pull request #1737 from ejohnstown/ocsp-free 
OCSP Free
 2018-08-06 09:08:01 -07:00
Jacob Barthelmeh
30e787b10c create buffer with structure copy and set fd after close 2018-08-03 16:46:15 -06:00
Jacob Barthelmeh
7726786998 fix comment and remove duplicate free 2018-08-03 15:04:37 -06:00
toddouska
b88d60ecbb
Merge pull request #1665 from ejohnstown/mr 
Prime Number Testing
 2018-08-03 12:50:27 -07:00
John Safranek
368b5b1072
Merge pull request #1729 from kaleb-himes/init-array 
Initialize array to zero(s)
 2018-08-02 16:33:37 -07:00
John Safranek
5ae45436f4 OSCP 
1. Added a missed attr files for the OSCP status files. Bare minimum attr.
2. Added the attr files to the automake include.
3. Fix out of bounds read with the OCSP URL.
 2018-08-02 14:50:59 -07:00
kaleb-himes
93c2f3b170 Initialize array to zero(s) 2018-08-02 09:21:09 -06:00
John Safranek
6527c2a724 DH SP Fix 
When doing the sp_2048_mod_exp_*() is processed, one of the index
variables is masked with 0x1f when it was updated. Added the masking to
the initial set of the index.
 2018-08-01 16:32:22 -07:00
John Safranek
7647d52d77 Prime Number Testing 
1. Remove a copy-paste error when clearing up the RNG used to test a prime.
2. Tag a some const test values as static in the wolfCrypt test.
 2018-08-01 14:49:06 -07:00
JacobBarthelmeh
244d931e75
Merge pull request #1721 from kaleb-himes/cleanup-debug 
Cleanup debug errors
 2018-08-01 15:01:25 -06:00
toddouska
8bc5bc227d
Merge pull request #1634 from ejohnstown/gcc-8-fixes 
GCC-8 String Fixes
 2018-08-01 12:13:10 -07:00
toddouska
da096497e0
Merge pull request #1727 from dgarske/memdocs 
Documented memory build options
 2018-08-01 12:12:34 -07:00
Jacob Barthelmeh
ce5e787afc formating and sanity check on pointer with test case 2018-08-01 11:57:36 -06:00
JacobBarthelmeh
cb756397b3 inital AES-CBC with af_alg 
progress on AES-GCM with AF_ALG and add SHA256

add aes-gcm test cases and finish logic of aes-gcm with AF_ALG

formating of tabs and white space

add files to dist

adding ecb and ctr mode with af_alg

make length of buffers for ctr be AES_BLOCK_SIZE

formating and add support for sha256 copy/gethash

sanity checks on arguments

cast return values and valgrind tests

make it easier to use sha256 with af_alg

remove hard tabs

add endif for after rebase
 2018-08-01 08:54:20 -06:00
John Safranek
f5b3de6b54 GCC-8 string fixes 
1. Found one more case where a string is copied, potentially without the null. In wc_ports w.r.t. directory and file names.
 2018-07-31 14:02:44 -07:00
John Safranek
7053830628 GCC-8 string fixes 
Fix for the Windows directory search code.
 2018-07-31 14:02:44 -07:00
John Safranek
af89458af0 GCC-8 string fixes 
1. strncpy needs to include the source string's NULL.
2. Deleted a few redundant string modifications.
 2018-07-31 14:02:44 -07:00
John Safranek
2e1a1681ec GCC-8 string fixes 
1. strncat() does not like to copy single byte strings with "n = 1", as it won't null-terminate.
2. strncpy()'s len parameter is the size of the dst not the src.
3. Replaced the echoserver HTTP response composition of const strings with a copy of a single string.
 2018-07-31 14:02:44 -07:00
John Safranek
50372b7033 Memory Callback 
1. Allow SetAllocators to use NULL as a callback. Memory wrappers will use default with NULL.
2. Remove the ResetAllocators function. Use SetAllocators with NULL.
3. Modify memory tracker to save the old allocators on init and restore them on cleanup.
 2018-07-31 09:30:03 -07:00
David Garske
0e1588f4ad Documented memory build options. Added logging for normal wolf malloc/free opterations when using WOLFSSL_DEBUG_MEMORY and WOLFSSL_DEBUG_MEMORY_PRINT (previously only worked with WOLFSSL_STATIC_MEMORY and WOLFSSL_TRACK_MEMORY). Changed WOLFSSL_MALLOC_CHECK option to use WOLFSSL_MSG. 2018-07-31 09:03:40 -07:00
kaleb-himes
fe08b98117 Adjust guards following peer review 2018-07-31 09:50:44 -06:00
toddouska
f18351fef5
Merge pull request #1718 from dgarske/memtest 
New memory testing feature and fixes for null checks
 2018-07-31 07:56:29 -07:00
David Garske
0f86494161 * Added support for STM32L4 AES hardware crypto. 
* Added reference PK callbacks functions for ECC sign, verify and shared secret used by TLS in `wolfcrypt/src/port/st/stsafe.c`.
* Fix for wolfcrypt_test to not require args to be provided.
* Fix for wolfCrypt `ecc_test_buffers` to poperly init ecc_key (resolves devId issue).
* Fix for STM32 AES CBC Decrypt with CubeMX, which was not capturing the first input block for next IV.
* Refactor to combine STM32 hardware init code.
 2018-07-30 13:58:19 -07:00
David Garske
4eff7b641b First pass at bugs found with ./scripts/memtest.sh. Fixes for NULL pointer checks, making sure free'd pointers are reset, making sure pointers are initialized and making sure memory is always free'd. Fix for TicketInit() which was using non-thread safe RNG and key_ctx. Fix for possible double free case in wolfSSL_PEM_read_X509_CRL. 2018-07-30 13:53:54 -07:00
David Garske
2c3475c1d6 Added new build option --enable-memtest or WOLFSSL_FORCE_MALLOC_FAIL_TEST which enables random malloc failures for testing. This test supresses the abort() calls to detect seg faults. A new script ./scripts/memtest.sh starts the test. If an issue is found it can be reviewed with the ./scripts/memtest.txt log and reproduced using the seed printed at top of unit test as --- RNG MALLOC FAIL AT 295--- and rerun using ./tests/unit.test 295. 2018-07-30 13:53:35 -07:00
toddouska
62cb69ded6
Merge pull request #1724 from dgarske/pemtoder 
Added API's to expose alloc/free of DerBuffer and new unit tests
 2018-07-30 13:50:19 -07:00
toddouska
335f467b8c
Merge pull request #1714 from dgarske/pic32hashleak 
Fixes for PIC32MZ hash memory leak
 2018-07-30 13:48:59 -07:00
David Garske
0ef63048a0 Fix for new report in wc_BerToDer with uninitialized derSz. 2018-07-30 11:51:26 -07:00
David Garske
309d7a9d0d Added API's to expose alloc/free of DerBuffer using wc_AllocDer and wc_FreeDer. Added unit tests for new API's and missing ones for wc_PemToDer and wc_CertPemToDer. ZD 4185. 2018-07-30 11:19:59 -07:00
kaleb-himes
166330030c Handle case where external unassigned 2018-07-29 06:46:07 -06:00
Naruto TAKAHASHI
861fec1dc6 porting mynewt 2018-07-28 18:03:20 +09:00
kaleb-himes
afb2180e80 Cleanup debug errors 2018-07-27 14:00:19 -06:00
John Safranek
4b2a591a93 Prime Number Testing 
1. Added calls to wc_DhSetCheckKey() on the client side of TLS.
2. Added an API test to the wolfCrypt test.
3. Fixed a bug in the prime test found with the API test. Misuse of tertiary operator.
 2018-07-26 14:43:04 -07:00
David Garske
efbabbfb29 Further improvements to hashing code to make sure wc_*Free is always called including wc_HashFree. Added new defines to disable PIC32MZ hardware features using NO_PIC32MZ_HASH, NO_PIC32MZ_RNG and NO_PIC32MZ_CRYPT. 2018-07-26 14:41:30 -07:00
toddouska
90367df13c
Merge pull request #1710 from SparkiDev/ed25519_only 
Changes to build with X25519 and Ed25519 only
 2018-07-25 14:24:03 -07:00
David Garske
92cb8f06ea Fixes to make sure hash free is always called (resolves memory leaks with PIC32MZ hashing hardware). Only print Alloc/Free messages with track memory when WOLFSSL_DEBUG_MEMORY_PRINT is defined. Added test for ForceZero with 0 length. 2018-07-25 11:22:03 -07:00
David Garske
beceab2734 Fix for leak with WOLFSSL_PIC32MZ_HASH and TLS. The PIC32 update cache buffer was not always being free'd. 2018-07-25 11:22:03 -07:00
JacobBarthelmeh
74fbd06817
Merge pull request #1686 from cconlon/nucleus-update 
Nucleus port and PB changes
 2018-07-25 09:17:40 -06:00
toddouska
17c7ecb2bc
Merge pull request #1711 from dgarske/memtrack 
Fix for memory tracking cleanup
 2018-07-24 11:53:08 -07:00
toddouska
92bc891713
Merge pull request #1709 from SparkiDev/rsa_low_mem_fix 
Fix for RSA_LOW_MEM and other configurations
 2018-07-23 16:15:28 -07:00
toddouska
e618f34c2f
Merge pull request #1707 from kaleb-himes/ARM_GCC_EX_FIXES 
Fixes for building without DRBG and ForceZero test
 2018-07-23 16:14:43 -07:00
David Garske
ef076a68d3 Added new API wolfSSL_ResetAllocators to allow reset of memory callbacks to defaults. Added new CleanupMemoryTracker which restores memory callback functions. This resolves issue with trying to free memory allocated prior to InitMemoryTracker. 2018-07-23 16:03:08 -07:00
toddouska
ab3ffaa26a
Merge pull request #1706 from SparkiDev/sha384_not_sha512 
Allow SHA384 to be compiled in without SHA512
 2018-07-23 09:47:49 -07:00
Sean Parkinson
6d3e145571 Changes to build with X25519 and Ed25519 only 
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
 2018-07-23 10:20:18 +10:00
Sean Parkinson
06b888a997 Fix for RSA_LOW_MEM and other configurations 
Also cast return of XMALLOCs.
 2018-07-23 08:47:11 +10:00
kaleb-himes
887e3deee8 Move ForceZero test to api.c and turn on tests when inline disabled 2018-07-20 13:30:06 -06:00
kaleb-himes
027f18919a Resolving some unwanted dependencies 2018-07-20 11:54:36 -06:00
Chris Conlon
7f19f914c0 create WOLFSSL_NUCLEUS_1_2 for older 1.2 version 2018-07-20 10:51:15 -06:00
Sean Parkinson
9433fcb820 Allow SHA384 to be compiled in without SHA512 2018-07-20 09:42:01 +10:00
David Garske
c5a44c083a
Merge pull request #1703 from cconlon/truestudio 
Fix Atollic TrueSTUDIO warning, add WOLFSSL_STM32F427_RNG
 2018-07-19 15:59:11 -07:00
John Safranek
c9434c5ad8 FIPS build and ECC fixes 
1. The fips-check script was missing the ecc file when building the FIPSv2 test directory. The correct file was sent in for testing.
2. When building with ECC import validation enabled, one usage of the ALLOC_CURVE_SPECS macro had an extra parameter. (copy-and-paste error)
 2018-07-19 10:02:14 -07:00
Chris Conlon
5c940351b7 add include for task.h for FREERTOS in benchmark.c 2018-07-18 16:52:16 -06:00
Chris Conlon
5b9fbb5d42 add WOLFSSL_STM32F427_RNG support 2018-07-18 16:44:30 -06:00
Chris Conlon
27b7791f5e fix TrueSTUDIO warning in PKCS12_create_key_bag() 2018-07-18 16:15:33 -06:00
David Garske
70dfb9af72
Merge pull request #1700 from embhorn/zd4110 
Move #if blocking wc_PubKeyPemToDer
 2018-07-18 12:33:01 -07:00
toddouska
aa2d6f8060
Merge pull request #1699 from dgarske/ecc508a_pkcb 
Added reference PK callbacks for ATECC508A to support TLS
 2018-07-18 09:35:58 -07:00
Eric Blankenhorn
0c59aa8e31 Move #if blocking wc_PubKeyPemToDer 2018-07-18 11:15:06 -05:00
John Safranek
17d5b6a42b
Merge pull request #1694 from SparkiDev/stack_ecc 
Small stack support in ECC
 2018-07-18 08:57:35 -07:00
David Garske
74c391d138 Added reference PK callbacks (HAVE_PK_CALLBACKS) for ATECC508A device for wolfSSL TLS. 2018-07-17 19:02:56 -07:00
toddouska
1840ae7013
Merge pull request #1693 from SparkiDev/stack_rsa 
Small stack fixes and ignore RSA fields in RSA_LOW_MEM
 2018-07-17 12:24:00 -07:00
toddouska
f693c9cc8b
Merge pull request #1692 from SparkiDev/stack_hashalgs 
Stack hashalgs
 2018-07-17 12:20:02 -07:00
Sean Parkinson
e6c22fbd85 Small stack support in ECC 
Small stack builds now dynamically allocate large stack variables.
Cache option added to avoid repeated allocation of temporaries in add
points, double point and map.
Cached memory allocated in mulmod and mul2add.
 2018-07-17 16:39:53 +10:00
Sean Parkinson
c01c79349e Small stack fixes and ignore RSA fields in RSA_LOW_MEM 
Fix asn.c and rsa.c small stack to not have large stack variables.
In RSA code don't load or store dP, dQ or u when using RSA_LOW_MEM as
they are not used.
Fix SP to recognize RSA_LOW_MEM means to use d, private exponent.
Fix wc_CheckRsaKey to work with SP.
Fix sp_int to support mp_set_int for wc_CheckRsaKey().
 2018-07-17 11:05:38 +10:00
Sean Parkinson
6ef800e5f7 Cache Sha256 for small stack when asked in random 
Small stack builds see SHA-256 allocating W a lot.
Cache the SHA-256 object in DRBG when WOLFSSL_SMALL_STACK_CACHE is
defined.
Call free function on SHA-256 object now that it is required.
 2018-07-17 09:33:24 +10:00
Sean Parkinson
88a2531652 Cache the data allocated in SHA-2 Transform functions 
SHA-2 algorithms allocate W each call to transform when using
WOLFSSL_SMALL_STACK.
Put a pointer into the SHA-2 object to cache W.
Change code to call the SHA-2 Free functions now that they are required.
Only cache when WOLFSSL_SMALL_STACK_CACHE is defined.
 2018-07-17 09:17:39 +10:00
Sean Parkinson
514a949557 Small stack fixes 
Changes to DH and SSL/TLS code to dynamically allocate large stack
variables when compiled with WOLFSSL_SMALL_STACK.
 2018-07-17 09:04:00 +10:00
John Safranek
00fd7ff8de Prime Number Testing 
1. Added some new ifdef clauses to tfc and integer so that
the prime checking is available when using RSA, DSA, or DH.
A couple functions used were dependent on ECC being enabled.
 2018-07-13 17:42:35 -07:00
Chris Conlon
f59fb0df8e add custom print to test.c for PB 2018-07-13 14:58:48 -06:00
Chris Conlon
eeb50099d9 initial Nucleus port with PB changes 2018-07-13 14:58:37 -06:00
toddouska
6c1778d373
Merge pull request #1669 from cconlon/mqxfixes 
fixes for MQX classic 4.0 with IAR-EWARM
 2018-07-13 11:59:28 -07:00
Eric Blankenhorn
9bc0e0c4fc Static analysis fixes (#1658) 
* Static analysis fixes
* Fixes for zd4071, zd4074, zd4093-zd4094, zd4096, zd4097-zd4104.
* Add test cases.
 2018-07-13 09:02:09 -07:00
John Safranek
771e349925 Prime Number Testing 
1. Moved a few functions around in tfm.c and integer.c.
2. Added some new ifdef clauses to tfc and integer so that the prime checking is available when using RSA, DSA, or DH.
3. Added an internal version of function wc_DhSetKey and wc_DsaImportParamsRaw that always checks to see if the prime value is prime. Modified the original function to be a wrapper.
 2018-07-12 17:22:44 -07:00
John Safranek
997a377310 Prime Number Testing 
1. In wc_DhGenerateParams(), changed the call to mp_prime_is_prime() to
mp_prime_is_prime_ex().
2. In wc_MakeDsaParameters(), changed the call to mp_prime_is_prime() to
mp_prime_is_prime_ex().
3. Added wc_CheckProbablePrime_ex in RSA that also takes an RNG to call
mp_prime_is_prime_ex(). If RNG is NULL, call mp_prime_is_prime().
4. Rewrite wc_CheckProbablePrime() in terms of
wc_CheckProbablePrime_ex().
 2018-07-12 15:00:13 -07:00
Chris Conlon
cadd556b3a cast result of bitwise not back to original type to prevent compiler warnings 2018-07-12 13:46:55 -06:00
John Safranek
d486df50aa fix an error where mp_copy was used instead of mp_sub_d 2018-07-12 11:03:41 -07:00
John Safranek
5908230d20 Prime Number Testing 
1. Fixed variable name typo in DH for the FFDHE 8192-bit q value.
2. Updated some error strings in wolfSSL_BN_is_prime_ex().
3. Changed the calls to mp_prime_is_prime_ex() in fp_randprime() and
mp_randprime() so they go back to the 8 rounds of MR, which is more than
adequate in this situation.
 2018-07-11 16:24:41 -07:00
Chris Conlon
0f2b5ca181 fixes for MQX classic 4.0 with IAR-EWARM 2018-07-11 10:54:24 -06:00
toddouska
df6c496c4e
Merge pull request #1671 from SparkiDev/x25519_asm_fix 
Fix for Curve25519 ASM
 2018-07-11 09:50:57 -07:00
Sean Parkinson
9281f30deb Fix for Curve25519 ASM 
On rare occasions, multiplication and/or squaring result had top bit set
after overflow add - must to be reduced in that case.
 2018-07-11 11:53:53 +10:00
David Garske
e2dec618d8
Merge pull request #1667 from ejohnstown/certgentime 
Cert Gen Time
 2018-07-10 14:40:37 -07:00
John Safranek
0e06f6413d Prime Number Testing 
1. Update the function wolfSSL_BN_is_prime_ex to use mp_prime_is_prime_ex.
2. Modified fast and normal mp_prime_is_prime_ex() to use random numbers
that are in the range 2 < a < n-2.
 2018-07-10 14:30:53 -07:00
John Safranek
f1c3098bdc Prime Number Testing 
Made modifications to the primality testing so that the Miller-Rabin tests check against up to 40 random numbers rather than a fixed list of small primes.
 2018-07-09 16:33:26 -07:00
toddouska
90cf4ad7ad
Merge pull request #1648 from embhorn/pkcb 
Add PK_CALLBACK support for RSA/ECC verify to ConfirmSignature
 2018-07-09 11:05:48 -07:00
John Safranek
5cc8771b43 Cert Gen Time 
When generating the times for a generated certificate, calculate the
time differences based on the seconds from epoch rather then converting
back and forth between tm structures. One particular RTOS calculates the
date change when generating a certificate on the first of the month. It
leaves the certificate valid on the zeroth of the month.
 2018-07-06 15:31:34 -07:00
David Garske
32f1b0a9c2 Added separate context for each SignatureCtx verify callback. Added missing ssl info to callback context. 2018-07-06 09:28:46 -07:00
David Garske
9bf8122af7
Merge pull request #1660 from JacobBarthelmeh/ARMv8 
adjust macro guards for additional functions
 2018-07-06 09:02:35 -07:00
David Garske
3cbcc872c1 Improved PK callback support for ConfirmSignature so certificate verification uses the callbacks. Retained wolfSSL/wolfCrypt isolation (I.E. no wolfSSL references from wolfCrypt). 2018-07-05 14:04:06 -07:00
Jacob Barthelmeh
e44cb91a3b keep length value after call to wc_BerToDer 2018-07-05 14:35:35 -06:00
Jacob Barthelmeh
c8e118cd12 adjust macro guards for additional functions 2018-07-03 16:52:29 -06:00
toddouska
f809a6a17b
Merge pull request #1651 from dgarske/pkcs7_dynamic 
Added PKCS7 dynamic allocation support
 2018-07-02 16:26:03 -07:00
toddouska
fbd5a4f67f
Merge pull request #1650 from dgarske/fix_armv8_aes 
Fix ARMv8 AES code build error
 2018-07-02 16:23:32 -07:00
toddouska
e17a16a45a
Merge pull request #1600 from dgarske/lighttpd 
Changes to support Lighttpd 1.4.49
 2018-07-02 16:18:41 -07:00
John Safranek
cf191a4d96 Fixed a memory leak in the wolfCrypt test for DH key generation. 2018-07-02 13:31:13 -07:00
David Garske
fb3d3dce0e Fix for use of unititlized PKCS7.isDynamic case in unit test. Added return code checks for wc_PKCS7_Init. 2018-07-02 09:38:14 -07:00
David Garske
733cb74ea8 Updated all PKCS7 XMALLOC/XFREE to use heap pointer (even small stack). 2018-06-29 15:05:37 -07:00
David Garske
07401d909c Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free. Updated the test examples to use the dynamic method. Add API unit test for wc_PKCS7_New. 2018-06-29 15:04:28 -07:00
toddouska
33b72a3dfe
Merge pull request #1647 from ejohnstown/akid-not-crit 
Add error case for critical Auth Key ID extension
 2018-06-29 10:41:04 -07:00
David Garske
44c4e33290 Fix ARMv8 AES code to use the shared aes.h CTR_SZ and GCM_NONCE_MID_SZ. 2018-06-29 10:22:25 -07:00
toddouska
54f2c3fe18
Merge pull request #1646 from dgarske/stm32l4_iar 
Added support for the STM32L4 and fixed mixed enum warnings
 2018-06-28 15:34:33 -07:00
John Safranek
6fa92fdd71 Add error case for critical Auth Key ID extension 2018-06-28 13:03:16 -07:00
David Garske
66c2c65444 Changes to support Lighttpd 1.4.49: 
* Fix for `wolfSSL_CTX_set_options` to work correctly when no certificate has been set for WOLFSSL_CTX, otherwise this operation fails with `Server missing certificate`.
* Fix for bad argument name `time`.
* Fix for `warning: type of bit-field`: Allowed types for bit-fields are int and unsigned int only.
* Exposed `ERR_remove_thread_state` and `SSL_CTX_set_tmp_ecdh` for lighttpd
* Renamed `WOLFSSL_ERR_remove_thread_state` to `wolfSSL_ERR_remove_thread_state` and setup old name macro.
* Add missing newline on asn1.h.
* Whitespace cleanup in ssl.c.
 2018-06-27 19:44:34 -07:00
David Garske
7ae9e4359d Added support for the STM32L4 with AES/SHA hardware acceleration. Fixed a few minor compiler warnings with mis-matched enum types. 2018-06-27 19:40:03 -07:00
Sean Parkinson
7fbe1d3049 Fix support for OCSP and Nginx 
Store DER copy of CA certificate with signer when
WOLFSSL_SIGNER_DER_CERT is defined.
Keep the bad issuer error for later when compiling for OpenSSL
compatability.
Authority Info string needs to be passed back with a nul terminator.
 2018-06-28 08:48:06 +10:00
toddouska
5d767aa004
Merge pull request #1641 from ejohnstown/rename-inline 
Rename INLINE
 2018-06-27 09:34:41 -07:00
toddouska
0c74e778dc
Merge pull request #1633 from dgarske/bench_3072 
Benchmark support for 3072-bit RSA and DH
 2018-06-27 07:17:53 -07:00
John Safranek
586874b997 Rename INLINE 
1. Renamed the macro INLINE as WC_INLINE.
2. For FIPS and the "selftest" build, define INLINE as WC_INLINE. Allows the FIPS code to work unchanged.
 2018-06-26 15:17:46 -07:00
Chris Conlon
d8086ded6a
Merge pull request #1639 from ejohnstown/selftest-fixes 
netbsd-selftest fix
 2018-06-26 15:38:03 -06:00
toddouska
d9b5948947
Merge pull request #1605 from dgarske/asyncfsanitize 
Fixes for async to resolve runtime fsanitize issues
 2018-06-26 14:27:07 -07:00
John Safranek
4151af4b4a A few new functions in AES-GCM and DH don't exist in the netbsd-selftest build of wolfSSL. Option them out of the wolfCrypt self-test. 2018-06-25 17:49:11 -07:00
John Safranek
e6c7952f50 Merge master into fipsv2. Resolved a conflict in api.c. 2018-06-22 09:52:26 -07:00
David Garske
ed1c56a4fc Benchmark support for 3072-bit RSA and DH when USE_CERT_BUFFERS_3072 is defined. 2018-06-22 09:30:33 -07:00
David Garske
1cb5bbf8ea Fixes for some async issues. Fixes an async issue with BuildMessage. Fixes for PKCS7 tests to not use async since it is not supported. 2018-06-22 09:30:25 -07:00
David Garske
71606dde45 Fixes for a few wolfCrypt test memory leaks. Fix for HMAC with empty input not supported on QuickAssist. 2018-06-22 09:30:25 -07:00
David Garske
ec132cd3f4 Fix fsanitize issue for mp_rand. 2018-06-22 09:30:25 -07:00
David Garske
64ba151c35 Experimental fixes for async to resolve runtime fsanitize issues with invalid memory access due to attempting realloc on non NUMA type. Tested with ./configure --with-intelqa=../QAT1.6 --enable-asynccrypt CC="clang -fsanitize=address" --enable-debug --disable-shared --enable-trackmemory CFLAGS="-DWOLFSSL_DEBUG_MEMORY -DWOLFSSL_DEBUG_MEMORY_PRINT" && make and sudo ./tests/unit.test. 2018-06-22 09:30:25 -07:00
toddouska
9d86d323ef
Merge pull request #1628 from JacobBarthelmeh/Fuzzer 
sanity check on hashing size
 2018-06-20 17:46:38 -07:00
Jacob Barthelmeh
777c89a257 sanity check on pointer 2018-06-20 09:37:36 -06:00
toddouska
d481a3fb92
Merge pull request #1625 from JacobBarthelmeh/Testing 
memory management with test cases
 2018-06-19 14:41:18 -07:00
Jacob Barthelmeh
d8e278b6b3 revert free on sig and add comment 2018-06-18 18:15:26 -06:00
toddouska
e348522353
Merge pull request #1627 from ejohnstown/pkcs7-verify 
Fix PKCS7 Sign Verify
 2018-06-18 15:32:18 -07:00
toddouska
4e6a88caf9
Merge pull request #1626 from JacobBarthelmeh/UnitTests 
fix for implicit declaration error
 2018-06-18 15:30:06 -07:00
John Safranek
2fd000532a A length value was set to zero in a situation where the existing value was needed. 2018-06-18 11:48:45 -07:00
Jacob Barthelmeh
c98aca32c4 static analysis report fixes 2018-06-15 17:00:45 -06:00
Jacob Barthelmeh
bade35bd76 update return value 2018-06-15 16:25:09 -06:00
Jacob Barthelmeh
0f9063d2a9 fix for implicit declaration error 2018-06-15 16:14:22 -06:00
Jacob Barthelmeh
a1295b3148 memory management with test cases 2018-06-15 15:43:42 -06:00
toddouska
c78a552eb3
Merge pull request #1598 from JacobBarthelmeh/Nucleus 
wolfCrypt only Nucleus
 2018-06-15 14:23:54 -07:00
Jacob Barthelmeh
b90fa909ef add warning for source of entropy 2018-06-15 11:40:05 -06:00
David Garske
5b2bb44bc8 Fixes for build with WOLFSSL_ATECC508A defined. 2018-06-13 20:10:01 -07:00
toddouska
15348d4936
Merge pull request #1612 from dgarske/fixmatchdomainname 
Fixes for `MatchDomainName` to properly detect failures
 2018-06-13 13:13:52 -07:00
David Garske
1f16b36402 Fixes for MatchDomainName to properly detect failures: 
* Fix `MatchDomainName` to also check for remaining len on success check.
* Enhanced `DNS_entry` to include actual ASN.1 length and use it thoughout (was using XSTRLEN).

Added additional tests for matching on domain name:
* Check for bad common name with embedded null (CN=localhost\0h, Alt=None) - Note: Trouble creating cert with this criteria
* Check for bad alternate name with embedded null (CN=www.nomatch.com, Alt=localhost\0h)
* Check for bad common name (CN=www.nomatch.com, Alt=None)
* Check for bad alternate name (CN=www.nomatch.com, Alt=www.nomatch.com)
* Check for good wildcard common name (CN=*localhost, Alt=None)
* Check for good wildcard alternate name (CN=www.nomatch.com, Alt=*localhost)
 2018-06-12 14:15:34 -07:00
Tim
d043b2c559 Merge branch 'addAMDFunk' of github.com:TimParrish/wolfssl into addAMDFunk 2018-06-12 13:17:53 -06:00
Tim
d518e0b7f6 Merge branch 'master' of https://github.com/wolfSSL/wolfssl into addAMDFunk 2018-06-12 13:16:01 -06:00
John Safranek
5e516cc2e0 Merge branch 'master' into fipsv2 2018-06-12 10:10:50 -07:00
toddouska
83ffb64cda
Merge pull request #1599 from dgarske/pkcs7free 
Fixes for PKCS7 error case that might leak memory
 2018-06-12 08:28:19 -07:00
toddouska
f2a20c4232
Merge pull request #1573 from SparkiDev/tls_pad_vfy 
Constant time padding and HMAC verification in TLS
 2018-06-12 08:22:32 -07:00
toddouska
35c8ba3188
Merge pull request #1601 from SparkiDev/ecdsa_sign 
Change ECDSA signing to use blinding.
 2018-06-11 14:13:24 -07:00
David Garske
7e5c41ca35 Fixes for some async issues in FIPSv2. 2018-06-11 12:41:15 -07:00
John Safranek
10070bb5fd FIPS Revalidation (acceptance fixes) 
1. Backed out some changes to AES-GCM with respect PIC32 only code. (This change will not be in the FIPS boundary.)
 2018-06-11 10:21:19 -07:00
Tim Parrish
c6e2585fbc added check for AMD processor to asm.c 2018-06-07 10:35:54 -06:00
David Garske
e673cdf2d2
Merge pull request #1594 from kojo1/openSSL-Compat-CRL-STORE 
FILE* to XFILE
 2018-06-06 16:34:59 -07:00
Tim
59067825fc Update cpuid.c to optimize intelasm for performance 2018-06-06 16:44:46 -06:00
John Safranek
7e9a32fffd FIPS Revalidation 
Merge branch 'master' into fipsv2. Using a merge instead of a rebase to retain commit IDs and tags.
 2018-06-06 12:43:15 -07:00
Sean Parkinson
9b9568d500 Change ECDSA signing to use blinding. 2018-06-06 11:52:04 +10:00
David Garske
ab319ae599 Fixed a couple of places in PKCS7 error cases where key free (wc_FreeRsaKey or wc_ecc_free) might not be called. 2018-06-05 14:32:17 -07:00
David Garske
5eca844e01 Fix for possible leak with normal math and verify fail for R and S in ECC verify. 2018-06-04 11:05:14 -07:00
Takashi Kojo
3ff8c45aa8 FILE to XFILE 2018-06-01 09:30:20 +09:00
Jacob Barthelmeh
0c2199084e single threaded wolfcrypt only Nucleus port 2018-05-31 15:04:44 -06:00
toddouska
70b3ba1c04
Merge pull request #1591 from ejohnstown/release-3.15.0 
Release v3.15.0 Preparation
 2018-05-31 12:07:43 -07:00
toddouska
c43a84547a
Merge pull request #1572 from dgarske/cryptodev 
Added crypto device framework
 2018-05-31 10:28:58 -07:00
John Safranek
8a61b7303a Remove execute bit from a few files. 2018-05-31 10:14:47 -07:00
David Garske
33d416a060 Fix two more scan-build issues with set but not used. 2018-05-30 13:23:08 -07:00
David Garske
d7b560f2ab Fix for scan-build warning about value being stored and not used. Changed the wc_RsaFunction API to public. Added ability to expose wc_RsaDirect with new define WC_RSA_DIRECT. 2018-05-30 12:44:55 -07:00
Chris Conlon
5d99079603 fix HAVE_SELFTEST build for CAVP selftest 2018-05-30 11:08:18 -06:00
David Garske
fc482235b0 Improved the CryptoDev test to include example callback with context. 2018-05-30 09:11:44 -07:00
Go Hosohara
b84f111d51 rebase with master branch and fix some code. 2018-05-30 17:15:07 +09:00
Go Hosohara
36ced360cb Add Renesas CS+ project files. 2018-05-30 11:53:18 +09:00
Sean Parkinson
fb7d74c197 FinalRaw parameter hash may not be aligned. 2018-05-30 09:10:46 +10:00
Sean Parkinson
e684156a1e Constant time padding and HMAC verification in TLS 2018-05-30 09:10:46 +10:00
Kaleb Himes
cc58d3160f
Merge pull request #1579 from C-Treff/Tenasys_Review 
time 64bit, test update
 2018-05-29 14:06:44 -07:00
John Safranek
92dd231c27
Merge pull request #1585 from SparkiDev/new_compiler 
New compilers
 2018-05-29 12:25:56 -07:00
Chris Conlon
16738f1449
Merge pull request #1569 from kojo1/openSSL-Compat-CRL-STORE 
openSSL compatibility APIs: X509_CRL, STORE
 2018-05-29 09:47:22 -06:00
Sean Parkinson
f871bafe3a Fix uninitialized 2018-05-29 11:06:26 +10:00
Sean Parkinson
68666101b7 Fix for g++ 7.3 - macro strings in asm 2018-05-29 09:25:38 +10:00
Takashi Kojo
3939eadf9c get derLen by RsaPublicKeyDerSize 2018-05-26 10:55:17 +09:00
toddouska
453daee965
Merge pull request #1523 from SparkiDev/ed25519_key 
Allow Ed25519 private-only keys to work in TLS
 2018-05-24 09:56:17 -07:00
C-Treff
5d693b263d removed more tabs 2018-05-24 09:56:54 +02:00
C-Treff
06e9354629 removed tabs 2018-05-24 09:48:18 +02:00
C-Treff
1d281ce515 replace memset by XMEMSET 
replaced memset with XMEMSET as requested by @dgarske

INtime project files cleanup
 2018-05-24 09:35:46 +02:00
toddouska
d38a0039ed
Merge pull request #1549 from JacobBarthelmeh/Cert-Report1 
fix for relative URI detection
 2018-05-23 17:05:35 -07:00
toddouska
e4e0dfe9d3
Merge pull request #1564 from JacobBarthelmeh/PKCS12 
Pkcs12
 2018-05-23 16:59:13 -07:00
David Garske
6f221ff75c Fix possible leak in PKCS for failure case with small stack enabled. 2018-05-23 16:21:49 -07:00
Sean Parkinson
58f523beba Allow Ed25519 private-only keys to work in TLS 
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
 2018-05-24 08:43:28 +10:00
David Garske
72d168028e Fixes to better handle PKCS7 error cases. 2018-05-23 15:29:33 -07:00
David Garske
9a75e5cf68 Fixes in PKCS7 for handling hardware based devId and no private key. Fix to handle scenario where kari->decoded is allocated, but not initalized (was causing use of unitliaized in FreeDecodedCert). Fix to handle hardware base RSA key size. 2018-05-23 14:48:10 -07:00
Jacob Barthelmeh
9021091896 update comments 2018-05-23 14:04:41 -06:00
C-Treff
cd9f86d921 time 64bit, test update 
64bit settings for time is mandatory for INtime. Changed the project file.

Test for ecc_test_buffers was unreliable, as the structs were not initialized befor usage.
 2018-05-23 10:33:56 +02:00
Sean Parkinson
3bb4949e02 Improve coverage 
Renumber errors in test.c to be unique.
Fix stack usage to work in --enable-distro --enable-stacksize builds.
 2018-05-23 16:24:23 +10:00
Quinn Miller
f2ce8dcbca Added unit test for Blake2 2018-05-22 10:47:44 -06:00
Chris Conlon
be9ae9a3c4
Merge pull request #1570 from MJSPollard/MikePollardBranch 
added Poly1305SetKey Unit Test
 2018-05-21 16:35:15 -06:00
David Garske
85511067e4 Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option ./configure --enable-cryptodev or #define WOLF_CRYPTO_DEV. Added devId support to PKCS7. 2018-05-21 14:31:08 -07:00
toddouska
e7de654b61
Merge pull request #1558 from dgarske/fsanitize 
Fixes for fsanitize reports
 2018-05-21 14:18:07 -06:00
MJSPollard
fb247a5d8d added null check for key 2018-05-21 13:59:15 -06:00
MJSPollard
2b49f69f1b updated unit test 2018-05-21 12:44:59 -06:00
Sean Parkinson
3a27d85c4e Use sizeof instead of constant value 2018-05-21 21:26:25 +10:00
Takashi Kojo
6580a1fefa enable SetBitString, SetASNInt, SetASNIntMP with OPENSSL_EXTRA 2018-05-20 13:55:44 +09:00
Takashi Kojo
138f9f8f66 add wc_RsaKeyToPublicDer in asn.c when OPENSSL_EXTRA, fix wolfSSL_i2d_RSAPublicKey 2018-05-20 13:55:43 +09:00
Takashi Kojo
03846b2d2d d2i_RSAPublicKey, d2i_X509_CRL, d2i_X509_CRL_fp, X509_CRL_free, PEM_read_X509_CRL 2018-05-20 13:55:43 +09:00
David Garske
cf70b1a013 Revert ForceZero changes in favor of PR #1567. 2018-05-18 05:29:09 -07:00
John Safranek
dd0489db8c 1. Added the pair-wise consistency test to the RSA Key Gen. 
2. Modified an RSA key size test case so it didn't try to make a key that was too big.
 2018-05-17 17:41:34 -07:00
Sean Parkinson
d63da10c96 ForceZero - align 64-bit access on Intel 64-bit 
Test added to ensure ForceZero works.
 2018-05-18 10:38:21 +10:00
Jacob Barthelmeh
f67046f485 better bounds checking 2018-05-17 16:55:59 -06:00
Jacob Barthelmeh
b6a92a97ce convert to byte to fix warning 2018-05-17 08:55:07 -06:00
Jacob Barthelmeh
e1745428ac add set short int helper function 2018-05-16 20:16:40 -06:00
David Garske
dad574edb8 Fix to use proper type (size_t) for alignment check. 2018-05-16 14:34:16 -07:00
David Garske
52b66edf72 Fixes for a few more fsanitize issues. Added alignment for ForceZero. Added word32 aligned acceleration for ForceZeero. Added 'NO_ALIGNED_FORCEZERO' define to allow disabling aligned ForceZero acceleration. We cast the 24 left-shifts to word32 because compiler assumes signed int type, and a runtime value with MSB set results into runtime fsanitize error. 2018-05-16 13:27:13 -07:00
John Safranek
4dacd31ea4 Force to zero the buffer used to generate the DH private key. 2018-05-16 15:47:13 -04:00
John Safranek
6a31f103aa Test Fixes 
1. When building on VS, it didn't like using a variable for an array size. Fixed it so it was a constant.
2. In dh.c, there were a few #if that should have been #ifdef.
3. Tweaked a return value in the wolfCrypt test so it was read after being set.
 2018-05-16 15:47:13 -04:00
John Safranek
12edf80e2b FIPS Revalidation 
1. ForceZero the odd block when using RDSEED to seed the DRBG.
2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag.
3. Annotate the ecc key pair checking code with NIST process references.
4. Add function to pair-wise check the DH key.
5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919.
6. Enabled the ECC key checks by default for FIPS.
7. Added DH private key check function.
8. Enabled the DH key checks by default for FIPS.
 2018-05-16 15:47:13 -04:00
John Safranek
ceed6e08fd FIPS Revalidation 
1. Add second RNG initialization API to let caller pass in a nonce.
 2018-05-16 15:47:13 -04:00
John Safranek
20d8a4a376 FIPS Revalidation 
1. Added missing pair-wise consistency test for RSA keys.
Note: This function is not available to old FIPS and user RSA.
 2018-05-16 15:47:13 -04:00
John Safranek
1ff4ea1ec9 Test Fixes 
1. Changed the ecc_sets table for Windows builds to use arrays instead of pointers to strings.
2. Updated the initializer to play nice with the Windows and not-Windows versions of the ecc_sets table.

This is a change for FIPS mode on Windows. The ecc_sets table has pointers to constants. When the FIPS POST runs, the pointers stored in the table are relocated pointers so the verify fails.
 2018-05-16 15:47:13 -04:00
John Safranek
a8dbdd6c28 Test Fixes 
1. Windows IDE project, clean up the preprocessor flags.
2. Add command line define to the MASM steps to set HAVE_FIPS and HAVE_FIPS_VERSION=2.
3. Disable the whole program optimization for the non-DLL builds for the file fips.c.
4. Tweaked the aes_asm.asm's code segment line to be dependant on the FIPS setting. Only place it specially for FIPSv2.
5. Reverted the Windows IDE project and copied the new setting to a WIN10 directory.
 2018-05-16 15:47:13 -04:00
John Safranek
4d0a061acb FIPS Revalidation 
1. Updated the segment tags in the aes_asm.asm file so that it is linked in order between aes.obj and des3.obj.
 2018-05-16 15:47:13 -04:00
John Safranek
f7fa648f77 Test Fixes 
1. Found a problem in AES-GCM encrypt where it could step on the ciphertext with the correct sized IV.
 2018-05-16 15:47:13 -04:00
John Safranek
dde1f87de9 Test Fixes 
1. The intrinsic versions of AES_GCM_encrypt and AES_GCM_decrypt needed updates for variable length tags.
 2018-05-16 15:47:13 -04:00
John Safranek
6d4777f3ca Test Fixes 
1. MSC doesn't allow for inline assembly. Restore the intrinsic version of AES_GCM_encrypt and AES_GCM_decrypt for MSC AES-NI builds. This is lacking AVX.
 2018-05-16 15:47:13 -04:00
John Safranek
b120a27c3e FIPS Revalidation 
1. Update the GenerateSeed() function for RDSEED on Windows to use the intrinsic function instead of inline assembly.
 2018-05-16 15:47:13 -04:00
John Safranek
4f1dd3b9a7 Test Fixes 
1. Update gitignore with some more VS outputs.
2. Update the Windows IDE user settings with FIPSv2 settings.
3. Remove redundant _InitHmac() function from ssl.c.
4. In wc_DhGenerateParams(), initialize the groupSz and bufSz to 0.
5. In wc_DhExportParamsRaw(), initialize pLen, qLen, and gLen to 0.
6. In wc_MakeRsaKey(), initialize isPrime to 0.
7. In ecc_test_make_pub(), initialize exportBuf and tmp to NULL and initialize the ECC key before any chance of trying to free it.
8. In fips_test.h header, update types.h include to use the wolfCrypt types rather than ctaocrypt types.
9. In fips_test.h header, change the visibility tags on all the function prototypes to use the WOLFSSL tags rather than CYASSL.
10. Change the wolfCrypt visibility tags to use CyaSSL's tags for old FIPS and the regular tags for new FIPS and non-FIPS builds.
 2018-05-16 15:47:13 -04:00