John Safranek
4d0a061acb
FIPS Revalidation
...
1. Updated the segment tags in the aes_asm.asm file so that it is linked in order between aes.obj and des3.obj.
2018-05-16 15:47:13 -04:00
John Safranek
f7fa648f77
Test Fixes
...
1. Found a problem in AES-GCM encrypt where it could step on the ciphertext with the correct sized IV.
2018-05-16 15:47:13 -04:00
John Safranek
dde1f87de9
Test Fixes
...
1. The intrinsic versions of AES_GCM_encrypt and AES_GCM_decrypt needed updates for variable length tags.
2018-05-16 15:47:13 -04:00
John Safranek
6d4777f3ca
Test Fixes
...
1. MSC doesn't allow for inline assembly. Restore the intrinsic version of AES_GCM_encrypt and AES_GCM_decrypt for MSC AES-NI builds. This is lacking AVX.
2018-05-16 15:47:13 -04:00
John Safranek
b120a27c3e
FIPS Revalidation
...
1. Update the GenerateSeed() function for RDSEED on Windows to use the intrinsic function instead of inline assembly.
2018-05-16 15:47:13 -04:00
John Safranek
4f1dd3b9a7
Test Fixes
...
1. Update gitignore with some more VS outputs.
2. Update the Windows IDE user settings with FIPSv2 settings.
3. Remove redundant _InitHmac() function from ssl.c.
4. In wc_DhGenerateParams(), initialize the groupSz and bufSz to 0.
5. In wc_DhExportParamsRaw(), initialize pLen, qLen, and gLen to 0.
6. In wc_MakeRsaKey(), initialize isPrime to 0.
7. In ecc_test_make_pub(), initialize exportBuf and tmp to NULL and initialize the ECC key before any chance of trying to free it.
8. In fips_test.h header, update types.h include to use the wolfCrypt types rather than ctaocrypt types.
9. In fips_test.h header, change the visibility tags on all the function prototypes to use the WOLFSSL tags rather than CYASSL.
10. Change the wolfCrypt visibility tags to use CyaSSL's tags for old FIPS and the regular tags for new FIPS and non-FIPS builds.
2018-05-16 15:47:13 -04:00
John Safranek
eea4d6da50
Test Fixes
...
1. Modify RSA-PSS to be able to sign and verify SHA-384 and SHA-512 hashes with 1024-bit RSA keys.
2018-05-16 15:47:12 -04:00
John Safranek
dc31dbaeaf
FIPS Revalidation/Test Fixes
...
1. Added APIs to perform RSA-PSS verify and padding operation in the same call.
2. Change to RsaPSS sign and verify to pick the proper salt length if the key is 1024-bits and the hash is SHA-512.
2018-05-16 15:47:12 -04:00
John Safranek
27470aa704
FIPS Revalidation/Test Fixes
...
1. For FIPSv2 builds, changed the FP_MAX_BITS to 6144.
2. Fixed bug in HMAC-SHA-3 where the digest size was being used instead of the block size for processing the key.
2018-05-16 15:47:12 -04:00
John Safranek
8fb3a0c078
FIPS Revalidation
...
1. Add a copy of the DSA parameter generation function to DH for use without DSA.
2018-05-16 15:47:12 -04:00
John Safranek
6796ab5f8c
FIPS Revalidation
...
1. Bug fixes to AES-GCM. Separated out the internal and external IV set functions.
2018-05-16 15:47:12 -04:00
John Safranek
6d7599cf47
FIPS Revalidation
...
1. Add new APIs for AES-GCM so it can manage the IV per SP 800-38D.
2. Add new APIs for AES-CCM so it can manage the IV, similar to the behavior in AES-GCM.
3. Add new APIs for GMAC that use the new AES-GCM APIs.
2018-05-16 15:47:12 -04:00
John Safranek
4ba026c0bf
Test Fixes
...
1. Added error code for ECDHE FIPS KAT failure.
2018-05-16 15:47:12 -04:00
John Safranek
3685b7b176
Test Fixes
...
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
2018-05-16 15:47:12 -04:00
John Safranek
13ff245166
FIPS Revalidation
...
1. AES-GCM encrypt IV length allowed to be 8-bits.
2018-05-16 15:47:12 -04:00
John Safranek
90a5bde0f2
FIPS Revalidation
...
1. Update the const data and code segment tags for the Windown builds.
2018-05-16 15:47:12 -04:00
John Safranek
4b3933aa1b
FIPS Revalidation
...
1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
2018-05-16 15:47:12 -04:00
John Safranek
4bcd7b7986
AES-GCM
...
1. Updated the wolfCrypt GMAC test to leave out the test case with the 15-byte tag when building for FIPS.
2. Replace tabs with spaces.
2018-05-16 15:47:12 -04:00
John Safranek
eb1a76bf2a
FIPS Revalidation
...
1. Updated CMAC to allow tag length from 4 to 16 bytes, inclusive.
2018-05-16 15:47:12 -04:00
John Safranek
fe8d46da95
FIPS Revalidation
...
1. Added new AES-GCM Encrypt API for FIPS where the IV is generated internally.
2. Fix the AES-NI guard flags so it can be used when FIPS enabled.
2018-05-16 15:47:12 -04:00
John Safranek
be61204fd7
FIPS Revalidation
...
1. Added CMAC to the boundary.
2. Added DHE to the boundary.
2018-05-16 15:47:12 -04:00
John Safranek
f6fe3744a7
FIPS Update
...
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-05-16 15:47:12 -04:00
John Safranek
df4d748f59
FIPS Update
...
1. Move SHA-224 and SHA-256 into FIPSv2.
2. Move HMAC into FIPSv2.
3. Move Hash_DRBG into FIPSv2.
2018-05-16 15:47:12 -04:00
John Safranek
6352208e04
FIPS Update
...
1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2.
2. Tweak the SHA-3 header to follow the new FIPS pattern.
2018-05-16 15:47:12 -04:00
John Safranek
0c5d704c7f
AES-CCM FIPS
...
1. Add new error code for the AES-CCM FIPS KAT failure.
2. When enabling FIPSv2, force enable AES-CCM.
2018-05-16 15:47:12 -04:00
Jacob Barthelmeh
d373844a18
fix sequence with pkcs12 shrouded keybag creation
2018-05-16 10:16:15 -06:00
Jacob Barthelmeh
566bb4cefe
version for PBE SHA1 DES oid
2018-05-16 08:38:50 -06:00
Jacob Barthelmeh
1ca62ee0a1
add error return for unsuported version
2018-05-15 22:51:11 -06:00
David Garske
f021375c4b
Fixes for fsanitize reports.
2018-05-15 17:23:35 -07:00
Jacob Barthelmeh
d1192021a5
alter search behavior for testing if URI is a absolute path
2018-05-09 14:43:52 -06:00
Chris Conlon
c910d84507
Merge pull request #1527 from kojo1/RenesasCSPlus
...
Renesas CS+ projects
2018-05-09 10:07:16 -06:00
Takashi Kojo
66e59e4a6a
Rollback #if condition
2018-05-09 10:58:10 +09:00
Jacob Barthelmeh
4ee957afa3
fix for relative URI detection
2018-05-08 10:19:51 -06:00
Takashi Kojo
ecd2e75564
#ifndef FREESCALE_LTC_ECC with fe_init
2018-05-04 07:34:47 +09:00
Chris Conlon
bb7bcfd877
expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined
2018-05-03 13:41:23 -06:00
toddouska
3ad708fb20
Merge pull request #1514 from dgarske/certdates
...
Enhancements and cleanup to ASN date/time
2018-04-30 11:14:38 -07:00
Takashi Kojo
22a2b45108
duplicated fe_init for non-configure based IDE
2018-04-28 05:07:00 +09:00
Takashi Kojo
a91ac55e24
define valiable before exec statements
2018-04-28 05:05:45 +09:00
David Garske
fc02003f76
Added new signature wrapper functions to allow direct use of hash `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash`. These new function abstract existing signature wrapper code, so minimal code size increase. Added test cases for new functions for RSA (with and without DER encoding) and ECC.
2018-04-25 13:10:53 -07:00
David Garske
65c9277213
More fixes from Jenkins testing.
2018-04-24 14:01:33 -07:00
David Garske
e63afa08bd
Fix a couple of minor Jenkins issues.
2018-04-24 13:25:28 -07:00
David Garske
56025f38b9
Enhancements and cleanup to ASN date/time:
...
* Refactor the ASN get date logic to combine shared code.
* Added new API `wc_GetDateInfo` to get raw date, format and length.
* Added new API `wc_GetCertDates` to extract certificate before/after dates as `struct tm` type.
* Added new API `wc_GetDateAsCalendarTime` which parses the raw date string and convers to `struct tm`.
* Added tests for new API's.
* Added missing tests for `wc_SetAltNames`, `wc_SetAltNamesBuffer` and `wc_SetDatesBuffer`.
* Fixed build for older `NO_TIME_H` macro.
2018-04-24 13:04:36 -07:00
David Garske
289a282183
Fixes to resolve issues with c99 compliance (building with `./configure CFLAGS="-std=c99"`).
...
* Fix for ReadDir checking for file flag to use `S_ISREG(ctx->s.st_mode)` syntax.
* Added macro for strsep `XSTRSEP`. Added wolf implementation as `wc_strsep` enabled as C99 or `USE_WOLF_STRSEP`.
* Fix to use `gethostbyname` for c99 instead of `getaddrinfo`.
* For c99 use wolf strtok `wc_strtok`.
* Exposed API's for `wc_strtok` and `wc_strsep` when available.
* Include `sys/time.h` when available from autocon `HAVE_SYS_TIME_H` or c99.
* include `<strings.h>` when `HAVE_STRINGS_H` or c99.
2018-04-23 13:47:22 -07:00
Eric Blankenhorn
568d24c63c
Coverity fixes ( #1509 )
...
* Coverity fixes 3
2018-04-23 09:20:28 -07:00
Sean Parkinson
6689ee965a
Key derivation for encrypted PEM uses salt length of 8 in OpenSSL
2018-04-18 12:37:06 +10:00
toddouska
09706a4ed2
Merge pull request #1488 from SparkiDev/tls13_perf
...
Changes for interop and performance
2018-04-16 09:16:13 -07:00
toddouska
942c720dc4
Merge pull request #1499 from ejohnstown/aes-asm
...
AES assembly file name change
2018-04-13 11:23:03 -07:00
Eric Blankenhorn
a0d8327320
Coverity fixes 2 ( #1493 )
...
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
2018-04-13 05:35:18 -07:00
Sean Parkinson
9600266483
WOLFSSL_FUNC_TIME changes
...
Warning in code about using this define.
Remove usage of WOLFSSL_FUNC_TIME from server.c.
2018-04-13 12:13:31 +10:00
Sean Parkinson
0b47811c46
Changes for interop and performance
...
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-13 12:01:20 +10:00
John Safranek
425cee64a7
AES assembly file name change
...
Some versions of GCC on the Mac will not run the file aes_asm.s through the preprocessor. There are some ifdefs in the file that are included when they shouldn't be. This is not a problem on Linux. Renaming the file to have a capital S extension forces the assembler to run with the preprocessor.
2018-04-12 16:47:58 -07:00
toddouska
eacd98fe4e
Merge pull request #1491 from dgarske/config
...
Configure improvements and new options
2018-04-12 13:48:20 -07:00
David Garske
1f7b954d47
Fix for `wc_GetCTC_HashOID` in FIPS mode. Uses the new `wc_HashTypeConvert` to handle conversion from unique WC_ALGO (`int`) to WC_HASH_TYPE_ALGO (`enum wc_HashType`).
2018-04-12 06:51:23 -07:00
David Garske
ce6728951f
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-11 13:54:07 -07:00
David Garske
ee5d78f84f
Added new `wc_OidGetHash` API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated `wc_GetCTC_HashOID` to use `wc_HashGetOID` and maintain back compat.
2018-04-11 13:53:30 -07:00
David Garske
83bfdb1594
Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API `wc_HashTypeConvert` to handle the conversion between `enum wc_HashType` and `int`. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location).
2018-04-11 09:30:30 -07:00
David Garske
3f3e332a3a
Fix for evp.c `statement will never be executed` in `wolfSSL_EVP_CIPHER_CTX_block_size`.
2018-04-11 08:18:39 -07:00
David Garske
a38576146e
* Added support for disabling PEM to DER functionality using `WOLFSSL_PEM_TO_DER`. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.
...
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
2018-04-09 13:28:15 -07:00
David Garske
5a46bdf6f6
Added unit test for using encrypted keys with TLS. Only works with `--enable-des3`, since the keys are all encrypted with DES3 (also requires either `--enable-opensslextra or --enable-enckeys`).
2018-04-09 13:28:15 -07:00
David Garske
98c186017a
Fixes for build failures. Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. Added enum for unique cipher types. Added `CHACHA_MAX_KEY_SZ` for ChaCha.
2018-04-09 13:28:15 -07:00
David Garske
2c72f72752
Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability.
2018-04-09 13:28:15 -07:00
David Garske
1f00ea2115
Fixes for various build issues with type casting and unused functions. Moved `mystrnstr` to wc_port.c. Added some additional argument checks on pwdbased.
2018-04-09 13:28:15 -07:00
David Garske
6de8348918
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-04-09 13:28:15 -07:00
David Garske
1315fad7dc
Added ForceZero on the password buffer after done using it.
2018-04-09 13:28:15 -07:00
David Garske
3a8b08cdbf
Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz.
2018-04-09 13:28:15 -07:00
David Garske
c83e63853d
Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming.
2018-04-09 13:28:15 -07:00
David Garske
264496567a
Improvements to EncryptedInfo. Added build option `WOLFSSL_ENCRYPTED_KEYS` to indicate support for EncryptedInfo. Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option.
2018-04-09 13:28:15 -07:00
David Garske
f9e830bce7
First pass at changes to move PemToDer into asn.c.
2018-04-09 13:28:14 -07:00
toddouska
6090fb9020
Merge pull request #1483 from dgarske/winvs
...
Fixes for unused `heap` warnings
2018-04-06 09:01:49 -07:00
toddouska
e56209cee4
Merge pull request #1482 from dgarske/nourand
...
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`
2018-04-06 09:00:37 -07:00
David Garske
bab62cc435
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. Added better named define `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay.
2018-04-05 09:34:43 -07:00
David Garske
ede006b3e1
Merge pull request #1479 from JacobBarthelmeh/HardwareAcc
...
Fix PIC32 AES-CBC and add test case
2018-04-05 09:15:08 -07:00
Jacob Barthelmeh
815219b589
fix pic32 AES-CBC and add test case
2018-04-04 16:09:11 -06:00
David Garske
a78c6ba4ea
Fix for unused `heap` warnings.
2018-04-04 12:51:45 -07:00
toddouska
2deb977ecf
Merge pull request #1473 from dgarske/pkcs7_norsa
...
Enabled PKCS7 support without RSA
2018-04-04 10:33:11 -07:00
toddouska
960d2ec031
Merge pull request #1471 from JacobBarthelmeh/Fuzzer
...
sanity check on buffer read
2018-04-04 10:31:55 -07:00
David Garske
c288d0815d
Added support for building and using PKCS7 without RSA (assuming ECC is enabled).
2018-04-03 09:26:57 -07:00
David Garske
0c898f513d
Nitrox V fixes and additions:
...
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 09:14:20 -07:00
Jacob Barthelmeh
6a1013888f
sanity check on buffer read
2018-04-02 14:30:58 -06:00
Takashi Kojo
c60d9ff983
if(ret != 1) error
2018-04-01 13:27:08 +09:00
Takashi Kojo
1c0b84d47d
openSSL compatibility, EVP_CipherUpdate, if(inlen == 0)return 1;
2018-04-01 12:13:18 +09:00
David Garske
c9d840ed8d
Fix for the `HAVE_THEAD_LS` case with `FP_ECC` where starting a new thead and doing ECC operations and not calling `wc_ecc_fp_free`. Added missing `wolfCrypt_Init` to API docs.
2018-03-27 14:29:39 -07:00
toddouska
504b13530e
Merge pull request #1459 from cconlon/selftest_fixes
...
Fix for wolfCrypt test and CAVP selftest build
2018-03-27 13:27:28 -07:00
toddouska
9f231e0020
Merge pull request #1453 from dgarske/ecc508a_linux
...
Support for building with `WOLFSSL_ATECC508A` on other targets
2018-03-27 09:57:39 -07:00
Chris Conlon
021560035b
fix unused var warning for extNameConsOid with IGNORE_NAME_CONSTRAINTS
2018-03-26 09:43:37 -06:00
Chris Conlon
d2aa7d0a37
exclude ecc_import_unsigned test when building for CAVP selftest
2018-03-23 16:31:17 -06:00
Chris Conlon
c08f5b86cf
Merge pull request #1444 from jrblixt/unitTest_api_addPkcs-PR03162018
...
Unit test functions for PKCS#7.
2018-03-23 10:00:33 -06:00
toddouska
aee6f4d0ca
Merge pull request #1457 from dgarske/base16
...
Base16/64 improvements
2018-03-22 15:14:57 -07:00
toddouska
a92696edec
Merge pull request #1454 from dgarske/noprivkey
...
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
2018-03-22 12:47:22 -07:00
David Garske
3bf325290d
Base16/64 improvements:
...
* Add define `WOLFSSL_BASE16` to explicitly expose base16 support.
* Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally).
* Added base16 tests in test.c `base16_test`.
* Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
2018-03-22 10:36:56 -07:00
David Garske
0cff2f8b10
Replace use of `PUB_KEY_SIZE` (from CryptoAuthLib) with new `ECC_MAX_CRYPTO_HW_PUBKEY_SIZE`.
2018-03-22 09:45:27 -07:00
David Garske
8c4bfd825a
Support for building the ATECC508A without `WOLFSSL_ATMEL` defined, which enables features specific to Atmel Studio Framework (ASF) and an embedded target. This allows for building with `WOLFSSL_ATECC508A` defined on other targets such as Linux.
2018-03-22 09:39:21 -07:00
toddouska
104f7a0170
Merge pull request #1451 from JacobBarthelmeh/Optimizations
...
Adjust X509 small build and add more macro guards
2018-03-21 15:15:27 -07:00
toddouska
f3d0879ed7
Merge pull request #1449 from dgarske/asn_nullterm
...
ASN improvements for building header/footer in `wc_DerToPemEx`
2018-03-21 15:13:46 -07:00
toddouska
2a356228be
Merge pull request #1445 from SparkiDev/wpas_fix
...
Fixes for wpa_supplicant
2018-03-21 15:11:43 -07:00
David Garske
dbb34126f6
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
...
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
Jacob Barthelmeh
90f97f4a5a
fix for unused variable
2018-03-21 09:16:43 -06:00
Jacob Barthelmeh
0aa3b5fa0e
macros for conditionally compiling code
2018-03-21 00:09:29 -06:00
Jacob Barthelmeh
087df8f1cd
more macro guards to reduce size
2018-03-20 17:15:16 -06:00
Jacob Barthelmeh
4d65e4cc1e
add WOLFSSL_NO_DH186 macro to optionally compile out DH186 function
2018-03-20 15:31:20 -06:00
Jacob Barthelmeh
df6ea54cd5
add support for PKCS8 decryption to OPENSSL_EXTRA_X509_SMALL build
2018-03-20 15:06:35 -06:00
David Garske
764aec071c
Further improvement to the null termination and newline logic in `wc_DerToPemEx`.
2018-03-19 22:58:18 -07:00
David Garske
59aa893260
Cleanup ECC point import/export code. Added new API `wc_ecc_import_unsigned` to allow importing public x/y and optional private as unsigned char. Cleanup `wc_ecc_sign_hash` to move the hardware crypto code into a separate function. Added missing tests for `wc_ecc_export_public_raw`, `wc_ecc_export_private_raw` and new test for `wc_ecc_import_unsigned`.
2018-03-19 13:28:57 -07:00
toddouska
1040cf9caa
Merge pull request #1437 from dgarske/eccrsrawtosig
...
Added new ECC API `wc_ecc_rs_raw_to_sig`
2018-03-19 09:12:39 -07:00
toddouska
7ce2efd572
Merge pull request #1431 from JacobBarthelmeh/Optimizations
...
more aes macro key size guards
2018-03-19 09:07:05 -07:00
Sean Parkinson
b325e0ff91
Fixes for wpa_supplicant
2018-03-19 11:46:38 +10:00
John Safranek
465f1d491f
Merge pull request #1443 from cconlon/dhagree
...
check z against 1 in wc_DhAgree()
2018-03-17 20:15:31 -07:00
David Garske
250cd3b7eb
Merge pull request #1433 from SparkiDev/sp_size
...
Fix size on Intel and improve 32-bit C code performance
2018-03-16 17:05:46 -07:00
jrblixt
1aba6e9b44
Prepare for PR.
2018-03-16 17:07:28 -06:00
Chris Conlon
3118c8826b
check z against 1 in wc_DhAgree()
2018-03-16 15:59:48 -06:00
JacobBarthelmeh
f70351242b
Merge pull request #1432 from kojo1/mdk5
...
3.14.0 update on mdk5 pack
2018-03-15 14:47:14 -06:00
Jacob Barthelmeh
a207cae0f4
add some more macro guards to reduce size
2018-03-14 17:24:23 -06:00
Sean Parkinson
4d1986fc21
Improve speed of 32-bit C code
2018-03-15 08:33:04 +10:00
David Garske
9ccf876a21
Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format.
2018-03-14 10:59:25 -07:00
Takashi Kojo
1de291be8d
macro INLINE
2018-03-14 07:14:07 +09:00
Sean Parkinson
c4dfa41088
SP improvements
...
Tag functions to not be inlined so llvm doesn't make huge builds.
Add sp_mod to support new DH key generation function.
2018-03-13 14:16:48 +10:00
Jacob Barthelmeh
8fb3ccacb7
opensslextra fixs and warning for unused variable
2018-03-12 18:05:24 -06:00
Jacob Barthelmeh
6b04ebe3a4
fix for compiling with different build settings
2018-03-12 16:12:10 -06:00
Jacob Barthelmeh
fa21fb4a27
more aes macro key size guards
2018-03-12 15:44:48 -06:00
Jacob Barthelmeh
8fdb99443a
fix for build with NTRU and certgen
2018-03-09 14:21:43 -07:00
toddouska
0ab4166a80
Merge pull request #1421 from JacobBarthelmeh/Optimizations
...
trim out more strings and fix DN tag
2018-03-08 14:03:10 -08:00
Chris Conlon
0ac833790d
check q in wc_CheckPubKey_ex() if available in DhKey
2018-03-08 10:17:52 -07:00
Chris Conlon
6f95677bb8
add wc_DhSetKey_ex() with support for q and SP 800-56A
2018-03-08 09:36:44 -07:00
Jacob Barthelmeh
a9c6385fd1
trim out more strings and fix DN tag
2018-03-07 10:35:31 -07:00
David Garske
a4000ba196
Merge pull request #1418 from SparkiDev/sp_armasm
...
Add assembly code for ARM and 64-bit ARM
2018-03-07 09:18:16 -08:00
toddouska
cd940ccb5c
Merge pull request #1417 from dgarske/asn_x509_header
...
Cleanup of the ASN X509 header logic
2018-03-07 08:50:00 -08:00
Sean Parkinson
89182f5ca9
Add assembly code for ARM and 64-bit ARM
...
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
2018-03-07 11:57:09 +10:00
David Garske
b879d138af
Fix for using non-const as array sizer (resolves build error with VS).
2018-03-06 09:04:12 -08:00
David Garske
57e9b3c994
Cleanup of the ASN X509 header and XSTRNCPY logic.
2018-03-05 16:11:12 -08:00
David Garske
d75b3f99ac
Proper fix for Pluton ECC sign.
2018-03-05 15:29:34 -08:00
toddouska
53c0bf6a20
Merge pull request #1408 from JacobBarthelmeh/Release
...
Testing in preparation for release
2018-03-02 10:12:27 -08:00
toddouska
e698084eac
Merge pull request #1406 from dgarske/mmcau_sha256_cast
...
Fix for cast warning with NXP CAU and SHA256.
2018-03-02 10:10:14 -08:00
Jacob Barthelmeh
f6869dfe09
AES ECB build with ARMv8 instructions enabled
2018-03-02 09:30:43 -07:00
David Garske
f6d770b5bd
Fix for pluton ECC sign.
2018-03-02 07:57:22 +01:00
Jacob Barthelmeh
223facc46a
sanity check on index before reading from input
2018-03-01 18:03:21 -07:00
Jacob Barthelmeh
ae21c03d69
check on certificate index when getting Name
2018-03-01 18:00:52 -07:00
Jacob Barthelmeh
e7b0fefd7a
add sanity check on read index
2018-03-01 18:00:52 -07:00
Jacob Barthelmeh
df1c73c8e5
check for case that BER to DER API is available
2018-03-01 18:00:52 -07:00
Jacob Barthelmeh
db18e49920
gcc-7 warning about misleading indentation
2018-03-01 18:00:52 -07:00
David Garske
59c8d3cdf7
Fix for cast warning with NXP CAU and SHA256.
2018-03-01 08:06:29 +01:00
Chris Conlon
1b2e43478d
Merge pull request #1405 from ejohnstown/selftest-errors
...
added error codes for the FIPS pairwise agreement tests in the POST
2018-02-28 14:16:59 -07:00
John Safranek
d035c1dd81
added error code for the FIPS DH agreement KAT test in the POST
2018-02-28 10:54:53 -08:00
toddouska
b6aae0c2d1
Merge pull request #1402 from JacobBarthelmeh/Testing
...
Improve bounds and sanity checks
2018-02-28 09:45:19 -08:00
Jacob Barthelmeh
25e7dbd17a
add comment on sanity check
2018-02-27 23:30:50 -07:00
John Safranek
5cc046eb6d
added error codes for the FIPS pairwise agreement tests in the POST
2018-02-27 12:42:25 -08:00
Jacob Barthelmeh
00b6419964
use XSTRLEN and revert adding outLen parameter
2018-02-26 16:52:09 -07:00
Jacob Barthelmeh
e6c95a0854
sanity check on input size
2018-02-26 14:41:00 -07:00
Jacob Barthelmeh
5ef4296b3d
sanity check on buffer length with ASNToHexString
2018-02-26 14:25:39 -07:00
Jacob Barthelmeh
e4f40fb6c0
add sanity checks and change index increment
2018-02-26 13:55:56 -07:00
toddouska
f7d70e4650
Merge pull request #1401 from kaleb-himes/NETOS-SV
...
possible shadowed global variable declaration in NETOS
2018-02-26 12:21:13 -08:00