mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,444 Commits 5 Branches 162 Tags
Commit Graph

6463 Commits

Author SHA1 Message Date
Daniel Pouzzner
b7ec529f61 wolfcrypt/src/siphash.c: in wc_SipHash(), use FALL_THROUGH macro, not /* fall-through */. 2022-06-30 17:07:35 -05:00
Chris Conlon
867a1f7afa
Merge pull request #5289 from TakayukiMatsuo/tls13 2022-06-30 15:49:53 -06:00
TakayukiMatsuo
ba19737627 Add support for TLS1.3 2022-06-30 23:00:05 +09:00
David Garske
e8e35c9a92
Merge pull request #5301 from SparkiDev/aes_gcm_word_ct 
AES-GCM: make word implementation of GMULT constant time
 2022-06-29 20:26:33 -07:00
Sean Parkinson
8b93d4510d AES-GCM: make word implementation of GMULT constant time 
If performance is impacted then define: AES_GCM_GMULT_NCT
 2022-06-30 09:29:04 +10:00
Sean Parkinson
0159f17692 SP int math; submod fix 
Fix for sp_submod() to reduce by modulus when a or b are equal to
modulus as well as when greater.
 2022-06-30 08:53:25 +10:00
Daniel Pouzzner
5adf7e4eb7 wolfcrypt/src/asn.c wc_BuildEccKeyDer(): fix for clang-analyzer-deadcode.DeadStores. 2022-06-28 19:14:58 -05:00
Daniel Pouzzner
90aaeb283e wolfcrypt/src/siphash.c: add missing !WOLFSSL_NO_ASM clause in gate around inline asm. 2022-06-28 18:19:58 -05:00
Daniel Pouzzner
ce61653a9a wolfcrypt/src/asn.c: fixes for ARM portability (GetASN_Items()), unintended fallthrough (OidFromId()), and uninitialized variable (DecodeSubjInfoAcc()). 2022-06-28 18:18:42 -05:00
David Garske
f51c29d3ca
Merge pull request #5293 from SparkiDev/asnt_setecc 
ASN template: Handle HAVE_OID_ENCODING
 2022-06-28 15:45:13 -07:00
Sean Parkinson
092b37f709
Merge pull request #5287 from haydenroche5/aes_ctr_clear_left_on_iv_set 
Clear the leftover byte count in Aes struct when setting IV.
 2022-06-29 08:30:01 +10:00
David Garske
741393e84f
Merge pull request #5291 from kaleb-himes/FRDM-K64-Fixes 
Add necessary includes for cross-builds
 2022-06-28 09:35:06 -07:00
David Garske
d4d7e2e5f2
Merge pull request #5294 from SparkiDev/sp_math_all_no_128bit 
SP math all: don't use sp_int_word when SQR_MUL_ASM available
 2022-06-28 07:38:42 -07:00
Sean Parkinson
22336d30e5 SP math all: don't use sp_int_word when SQR_MUL_ASM available 
1. _WIN64 doesn't have 128-bit type but now can use 64-bit sp_int_digit
when assembly code snippets are being used.
2. Fix sp_div() to support values closer to maximum size.
3. Fix builds to work for more configurations.
4. Have ECC uncompressed code keep intermediate values in range of
maximum (x^3 calculation fixed).
5. Fix configuation.ac's check of FIPS for using signed SP Math All.
Default now not signed as intended.
 2022-06-28 15:51:53 +10:00
Sean Parkinson
3c3a90c988 ASN template: Handle HAVE_OID_ENCODING 
When HAVE_OID_ENCODING is defined, the named curve OID is encoded rather
than the full OID.
Use SetCurve to get the OID encoding in ASN template implemenation.
 2022-06-28 09:04:42 +10:00
kaleb-himes
9d11e9092f Add necessary includes for cross-builds 2022-06-27 13:50:27 -06:00
David Garske
94e7eacc5f
Merge pull request #5072 from JacobBarthelmeh/Compatibility-Layer 
add support for importing private only EC key to a WOLFSSL_EVP_PKEY s…
 2022-06-27 12:34:00 -07:00
David Garske
456e463640
Merge pull request #5283 from SparkiDev/sp_arm32_asm_rework 
SP ASM ARM32: reworked generation using common asm ruby code
 2022-06-27 09:17:20 -07:00
David Garske
b84b808b1b
Merge pull request #5167 from ejohnstown/cac-ext 
Add support for some FPKI certificate cases, UUID, FASC-N, PIV extension
 2022-06-27 09:06:15 -07:00
Sean Parkinson
999fa8394e SP ASM ARM32: reworked generation using common asm ruby code 
Add support for ARMv6 and ARMv3.
 2022-06-27 11:19:50 +10:00
Hayden Roche
10dfd8d129 Clear the leftover byte count in Aes struct when setting IV. 
Setting the key already does this. The same needs to be done when setting the
IV.
 2022-06-26 15:56:05 +04:00
Daniel Pouzzner
9211825121 sp_int.c: fix refactor of undefined-semantics shift in _sp_mul(). 2022-06-24 18:04:51 -05:00
Jacob Barthelmeh
49740c5543 initialize variables 2022-06-24 15:21:20 -06:00
Daniel Pouzzner
047c662af8 fix math errors unmasked by change to sp-math-all as default math back end. 2022-06-24 15:56:54 -05:00
Jacob Barthelmeh
1977a13754 improve comment for FPKI additions 2022-06-24 12:04:26 -06:00
David Garske
00b82888bc
Merge pull request #4759 from dgarske/sp_math_default 
Enable wolfSSL SP Math all (sp_int.c) by default
 2022-06-23 16:14:54 -07:00
JacobBarthelmeh
4de90efbe2 clear out PKEY when setting new key 2022-06-23 14:21:53 -07:00
Jacob Barthelmeh
79ea30a957 memory free on failure, spelling, better function name 2022-06-23 13:40:45 -06:00
David Garske
78d3284c3c Fix for FIPS 140-2 and older ACVP math selection. Fix for building with "--disable-sp-math-all --disable-fastmath". Fix for building SAKKE with HAVE_WOLF_BIGINT. 2022-06-23 11:10:44 -07:00
Sean Parkinson
ee12c12e98 Fixes required to make SP Math default 
fasthugemath means turn on fastmath
Use sp_int_digit and not sp_digit in sp_int.c.
test.c needs to use large static buffer when SP Math used like fastmath.
When building static memroy, SP math all without WOLFSSL_SP_NO_MALLOC is
a valid configuration.
Fix freeing of bigint in sp_int.c.
Cast x to a signed value to negate and then back to unsigned. (For
Windows builds.)
Remove warning about empty file on Windows about integer.obj.
Allow RSA verify only and RSA public only to be used with other public
key algorithms.
If building for FIPS, then older versions of RSA and ECC require SP Math
to support negative numbers.
Get old FIPS files building with SP int.
Disallow --enable-sp-math and --enable-sp-math-all.
When just --enable-sp-math on configuration line then disable SP Math
all.
 2022-06-23 14:15:54 +10:00
Sean Parkinson
8d804f6378
Merge pull request #5260 from dgarske/sp_ecc_nb_hash 
Fix for SP math ECC non-blocking to always check `hashLen`
 2022-06-23 07:59:28 +10:00
David Garske
74d692d6d5 Fix for SP math ECC non-blocking to always check hashLen. ZD14141 2022-06-21 15:54:01 -07:00
Chris Conlon
9e1ecf3fb5
Merge pull request #5194 from TakayukiMatsuo/heaphint 2022-06-21 16:39:07 -06:00
Chris Conlon
bd536d3c9d
Merge pull request #5229 from miyazakh/sce_example_update 2022-06-21 16:33:54 -06:00
Daniel Pouzzner
69ca1d37c0 fixes for defects identified by wolfssl-multi-test: whitespace, missing void in arg lists, and -Wunused-but-set-variable found by clang-15 (prerelease). 2022-06-20 10:54:55 -05:00
Sean Parkinson
59e19cfd6c
Merge pull request #5258 from dgarske/stm32u5_bench 
Fixes for STM32 Hash/PKA and additional benchmark
 2022-06-20 08:33:25 +10:00
David Garske
390908bccc
Merge pull request #5236 from SparkiDev/mem_zero 
Check memory is zeroized
 2022-06-17 12:01:34 -07:00
David Garske
92fcea39db Fix for DES3 with STM32 and STM32_CRYPTO_AES_ONLY (broken in #5223) . Add U5 PKA support and benchmarks. Fix MD5 with OPENSSL_EXTRA and HAVE_MD5_CUST_API. 2022-06-17 11:50:29 -07:00
David Garske
9c5821569f For STM32 hashing to wait for hash done on block size + 1 word. Updated the STM32U5 benchmarks. Added note about new GCM_TABLE_4BIT. 2022-06-17 09:07:45 -07:00
David Garske
e34dda9383 Fix to expose the RSA public DER export function with certgen. The core function SetRsaPublicKey was being compiled, but the wrappers wc_RsaKeyToPublicDer and wc_RsaKeyToPublicDer_ex were not included. 2022-06-16 16:36:17 -07:00
Hideki Miyazaki
fe8169c830
Add multi thread use case for RA6M4 
fix devId conflict while using multi threads

update README

Fix TSIP examples bcause of updating user context
 2022-06-17 07:44:12 +09:00
Sean Parkinson
2834c22ce0
Merge pull request #5204 from lealem47/basicConst 
Encoding the X509 Basic Constraint when CA:FALSE
 2022-06-17 08:33:57 +10:00
David Garske
8c0157c035
Merge pull request #5253 from rizlik/clang_uninit 
kdf: fix clang uninitialized.Assign
 2022-06-16 11:06:43 -07:00
John Safranek
8f7db87f01
Merge pull request #5249 from dgarske/rsa_ifc 
Cleanup the RSA consistency check
 2022-06-16 09:14:08 -07:00
Lealem Amedie
5e63740c6c Ensuring that X509 Basic Constraint is set when CA:FALSE 2022-06-16 08:46:52 -07:00
Marco Oliverio
621f4f14af kdf: fix clang uninitialized.Assign 
commit f1ce0cc95d22569640bc522354025fbc16c88e43 tigger static analyzer warnings
about unitialized assign.
 2022-06-16 13:55:46 +02:00
David Garske
6d2a41b9fd Enable wolfSSL SP Math all (sp_int.c) by default. If --enable-fastmath or USE_FAST_MATH is set the older tfm.c fast math will be used. To use the old integer.c heap math use --enable-heapmath or USE_INTEGER_HEAP_MATH. 2022-06-16 10:57:30 +10:00
Sean Parkinson
8145ee6cef TFM: mp_exptmod_ex didn't handle exceptional cases 
fp_exptmod_ex() changed to match execptional case handling in
fp_exptmod().
 2022-06-16 10:47:00 +10:00
Sean Parkinson
1b29f7353a Check memory is zeroized 
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.

wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.

Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
 2022-06-16 10:22:32 +10:00
David Garske
7e1549c684 Cleanup the RSA consistency check. Should only be enabled for FIPS v2 (3389), FIPS v5 or later. Can be forcefully enabled for non-FIPS using WOLFSSL_RSA_KEY_CHECK. The existing WOLFSSL_NO_RSA_KEY_CHECK macro will also disable it. This change was introduced in PR #4359. 2022-06-15 14:46:23 -07:00