John Safranek
425cee64a7
AES assembly file name change
...
Some versions of GCC on the Mac will not run the file aes_asm.s through the preprocessor. There are some ifdefs in the file that are included when they shouldn't be. This is not a problem on Linux. Renaming the file to have a capital S extension forces the assembler to run with the preprocessor.
2018-04-12 16:47:58 -07:00
toddouska
eacd98fe4e
Merge pull request #1491 from dgarske/config
...
Configure improvements and new options
2018-04-12 13:48:20 -07:00
David Garske
1f7b954d47
Fix for `wc_GetCTC_HashOID` in FIPS mode. Uses the new `wc_HashTypeConvert` to handle conversion from unique WC_ALGO (`int`) to WC_HASH_TYPE_ALGO (`enum wc_HashType`).
2018-04-12 06:51:23 -07:00
David Garske
ce6728951f
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-11 13:54:07 -07:00
David Garske
ee5d78f84f
Added new `wc_OidGetHash` API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated `wc_GetCTC_HashOID` to use `wc_HashGetOID` and maintain back compat.
2018-04-11 13:53:30 -07:00
David Garske
83bfdb1594
Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API `wc_HashTypeConvert` to handle the conversion between `enum wc_HashType` and `int`. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location).
2018-04-11 09:30:30 -07:00
David Garske
3f3e332a3a
Fix for evp.c `statement will never be executed` in `wolfSSL_EVP_CIPHER_CTX_block_size`.
2018-04-11 08:18:39 -07:00
David Garske
a38576146e
* Added support for disabling PEM to DER functionality using `WOLFSSL_PEM_TO_DER`. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.
...
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
2018-04-09 13:28:15 -07:00
David Garske
5a46bdf6f6
Added unit test for using encrypted keys with TLS. Only works with `--enable-des3`, since the keys are all encrypted with DES3 (also requires either `--enable-opensslextra or --enable-enckeys`).
2018-04-09 13:28:15 -07:00
David Garske
98c186017a
Fixes for build failures. Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. Added enum for unique cipher types. Added `CHACHA_MAX_KEY_SZ` for ChaCha.
2018-04-09 13:28:15 -07:00
David Garske
2c72f72752
Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability.
2018-04-09 13:28:15 -07:00
David Garske
1f00ea2115
Fixes for various build issues with type casting and unused functions. Moved `mystrnstr` to wc_port.c. Added some additional argument checks on pwdbased.
2018-04-09 13:28:15 -07:00
David Garske
6de8348918
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-04-09 13:28:15 -07:00
David Garske
1315fad7dc
Added ForceZero on the password buffer after done using it.
2018-04-09 13:28:15 -07:00
David Garske
3a8b08cdbf
Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz.
2018-04-09 13:28:15 -07:00
David Garske
c83e63853d
Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming.
2018-04-09 13:28:15 -07:00
David Garske
264496567a
Improvements to EncryptedInfo. Added build option `WOLFSSL_ENCRYPTED_KEYS` to indicate support for EncryptedInfo. Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option.
2018-04-09 13:28:15 -07:00
David Garske
f9e830bce7
First pass at changes to move PemToDer into asn.c.
2018-04-09 13:28:14 -07:00
toddouska
6090fb9020
Merge pull request #1483 from dgarske/winvs
...
Fixes for unused `heap` warnings
2018-04-06 09:01:49 -07:00
toddouska
e56209cee4
Merge pull request #1482 from dgarske/nourand
...
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`
2018-04-06 09:00:37 -07:00
David Garske
bab62cc435
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. Added better named define `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay.
2018-04-05 09:34:43 -07:00
David Garske
ede006b3e1
Merge pull request #1479 from JacobBarthelmeh/HardwareAcc
...
Fix PIC32 AES-CBC and add test case
2018-04-05 09:15:08 -07:00
Jacob Barthelmeh
815219b589
fix pic32 AES-CBC and add test case
2018-04-04 16:09:11 -06:00
David Garske
a78c6ba4ea
Fix for unused `heap` warnings.
2018-04-04 12:51:45 -07:00
toddouska
2deb977ecf
Merge pull request #1473 from dgarske/pkcs7_norsa
...
Enabled PKCS7 support without RSA
2018-04-04 10:33:11 -07:00
toddouska
960d2ec031
Merge pull request #1471 from JacobBarthelmeh/Fuzzer
...
sanity check on buffer read
2018-04-04 10:31:55 -07:00
David Garske
c288d0815d
Added support for building and using PKCS7 without RSA (assuming ECC is enabled).
2018-04-03 09:26:57 -07:00
David Garske
0c898f513d
Nitrox V fixes and additions:
...
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 09:14:20 -07:00
Jacob Barthelmeh
6a1013888f
sanity check on buffer read
2018-04-02 14:30:58 -06:00
Takashi Kojo
c60d9ff983
if(ret != 1) error
2018-04-01 13:27:08 +09:00
Takashi Kojo
1c0b84d47d
openSSL compatibility, EVP_CipherUpdate, if(inlen == 0)return 1;
2018-04-01 12:13:18 +09:00
David Garske
c9d840ed8d
Fix for the `HAVE_THEAD_LS` case with `FP_ECC` where starting a new thead and doing ECC operations and not calling `wc_ecc_fp_free`. Added missing `wolfCrypt_Init` to API docs.
2018-03-27 14:29:39 -07:00
toddouska
504b13530e
Merge pull request #1459 from cconlon/selftest_fixes
...
Fix for wolfCrypt test and CAVP selftest build
2018-03-27 13:27:28 -07:00
toddouska
9f231e0020
Merge pull request #1453 from dgarske/ecc508a_linux
...
Support for building with `WOLFSSL_ATECC508A` on other targets
2018-03-27 09:57:39 -07:00
Chris Conlon
021560035b
fix unused var warning for extNameConsOid with IGNORE_NAME_CONSTRAINTS
2018-03-26 09:43:37 -06:00
Chris Conlon
d2aa7d0a37
exclude ecc_import_unsigned test when building for CAVP selftest
2018-03-23 16:31:17 -06:00
Chris Conlon
c08f5b86cf
Merge pull request #1444 from jrblixt/unitTest_api_addPkcs-PR03162018
...
Unit test functions for PKCS#7.
2018-03-23 10:00:33 -06:00
toddouska
aee6f4d0ca
Merge pull request #1457 from dgarske/base16
...
Base16/64 improvements
2018-03-22 15:14:57 -07:00
toddouska
a92696edec
Merge pull request #1454 from dgarske/noprivkey
...
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
2018-03-22 12:47:22 -07:00
David Garske
3bf325290d
Base16/64 improvements:
...
* Add define `WOLFSSL_BASE16` to explicitly expose base16 support.
* Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally).
* Added base16 tests in test.c `base16_test`.
* Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
2018-03-22 10:36:56 -07:00
David Garske
0cff2f8b10
Replace use of `PUB_KEY_SIZE` (from CryptoAuthLib) with new `ECC_MAX_CRYPTO_HW_PUBKEY_SIZE`.
2018-03-22 09:45:27 -07:00
David Garske
8c4bfd825a
Support for building the ATECC508A without `WOLFSSL_ATMEL` defined, which enables features specific to Atmel Studio Framework (ASF) and an embedded target. This allows for building with `WOLFSSL_ATECC508A` defined on other targets such as Linux.
2018-03-22 09:39:21 -07:00
toddouska
104f7a0170
Merge pull request #1451 from JacobBarthelmeh/Optimizations
...
Adjust X509 small build and add more macro guards
2018-03-21 15:15:27 -07:00
toddouska
f3d0879ed7
Merge pull request #1449 from dgarske/asn_nullterm
...
ASN improvements for building header/footer in `wc_DerToPemEx`
2018-03-21 15:13:46 -07:00
toddouska
2a356228be
Merge pull request #1445 from SparkiDev/wpas_fix
...
Fixes for wpa_supplicant
2018-03-21 15:11:43 -07:00
David Garske
dbb34126f6
* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519.
...
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
2018-03-21 11:27:08 -07:00
Jacob Barthelmeh
90f97f4a5a
fix for unused variable
2018-03-21 09:16:43 -06:00
Jacob Barthelmeh
0aa3b5fa0e
macros for conditionally compiling code
2018-03-21 00:09:29 -06:00
Jacob Barthelmeh
087df8f1cd
more macro guards to reduce size
2018-03-20 17:15:16 -06:00
Jacob Barthelmeh
4d65e4cc1e
add WOLFSSL_NO_DH186 macro to optionally compile out DH186 function
2018-03-20 15:31:20 -06:00
Jacob Barthelmeh
df6ea54cd5
add support for PKCS8 decryption to OPENSSL_EXTRA_X509_SMALL build
2018-03-20 15:06:35 -06:00
David Garske
764aec071c
Further improvement to the null termination and newline logic in `wc_DerToPemEx`.
2018-03-19 22:58:18 -07:00
David Garske
59aa893260
Cleanup ECC point import/export code. Added new API `wc_ecc_import_unsigned` to allow importing public x/y and optional private as unsigned char. Cleanup `wc_ecc_sign_hash` to move the hardware crypto code into a separate function. Added missing tests for `wc_ecc_export_public_raw`, `wc_ecc_export_private_raw` and new test for `wc_ecc_import_unsigned`.
2018-03-19 13:28:57 -07:00
toddouska
1040cf9caa
Merge pull request #1437 from dgarske/eccrsrawtosig
...
Added new ECC API `wc_ecc_rs_raw_to_sig`
2018-03-19 09:12:39 -07:00
toddouska
7ce2efd572
Merge pull request #1431 from JacobBarthelmeh/Optimizations
...
more aes macro key size guards
2018-03-19 09:07:05 -07:00
Sean Parkinson
b325e0ff91
Fixes for wpa_supplicant
2018-03-19 11:46:38 +10:00
John Safranek
465f1d491f
Merge pull request #1443 from cconlon/dhagree
...
check z against 1 in wc_DhAgree()
2018-03-17 20:15:31 -07:00
David Garske
250cd3b7eb
Merge pull request #1433 from SparkiDev/sp_size
...
Fix size on Intel and improve 32-bit C code performance
2018-03-16 17:05:46 -07:00
jrblixt
1aba6e9b44
Prepare for PR.
2018-03-16 17:07:28 -06:00
Chris Conlon
3118c8826b
check z against 1 in wc_DhAgree()
2018-03-16 15:59:48 -06:00
JacobBarthelmeh
f70351242b
Merge pull request #1432 from kojo1/mdk5
...
3.14.0 update on mdk5 pack
2018-03-15 14:47:14 -06:00
Jacob Barthelmeh
a207cae0f4
add some more macro guards to reduce size
2018-03-14 17:24:23 -06:00
Sean Parkinson
4d1986fc21
Improve speed of 32-bit C code
2018-03-15 08:33:04 +10:00
David Garske
9ccf876a21
Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format.
2018-03-14 10:59:25 -07:00
Takashi Kojo
1de291be8d
macro INLINE
2018-03-14 07:14:07 +09:00
Sean Parkinson
c4dfa41088
SP improvements
...
Tag functions to not be inlined so llvm doesn't make huge builds.
Add sp_mod to support new DH key generation function.
2018-03-13 14:16:48 +10:00
Jacob Barthelmeh
8fb3ccacb7
opensslextra fixs and warning for unused variable
2018-03-12 18:05:24 -06:00
Jacob Barthelmeh
6b04ebe3a4
fix for compiling with different build settings
2018-03-12 16:12:10 -06:00
Jacob Barthelmeh
fa21fb4a27
more aes macro key size guards
2018-03-12 15:44:48 -06:00
Jacob Barthelmeh
8fdb99443a
fix for build with NTRU and certgen
2018-03-09 14:21:43 -07:00
toddouska
0ab4166a80
Merge pull request #1421 from JacobBarthelmeh/Optimizations
...
trim out more strings and fix DN tag
2018-03-08 14:03:10 -08:00
Chris Conlon
0ac833790d
check q in wc_CheckPubKey_ex() if available in DhKey
2018-03-08 10:17:52 -07:00
Chris Conlon
6f95677bb8
add wc_DhSetKey_ex() with support for q and SP 800-56A
2018-03-08 09:36:44 -07:00
Jacob Barthelmeh
a9c6385fd1
trim out more strings and fix DN tag
2018-03-07 10:35:31 -07:00
David Garske
a4000ba196
Merge pull request #1418 from SparkiDev/sp_armasm
...
Add assembly code for ARM and 64-bit ARM
2018-03-07 09:18:16 -08:00
toddouska
cd940ccb5c
Merge pull request #1417 from dgarske/asn_x509_header
...
Cleanup of the ASN X509 header logic
2018-03-07 08:50:00 -08:00
Sean Parkinson
89182f5ca9
Add assembly code for ARM and 64-bit ARM
...
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
2018-03-07 11:57:09 +10:00
David Garske
b879d138af
Fix for using non-const as array sizer (resolves build error with VS).
2018-03-06 09:04:12 -08:00
David Garske
57e9b3c994
Cleanup of the ASN X509 header and XSTRNCPY logic.
2018-03-05 16:11:12 -08:00
David Garske
d75b3f99ac
Proper fix for Pluton ECC sign.
2018-03-05 15:29:34 -08:00
toddouska
53c0bf6a20
Merge pull request #1408 from JacobBarthelmeh/Release
...
Testing in preparation for release
2018-03-02 10:12:27 -08:00
toddouska
e698084eac
Merge pull request #1406 from dgarske/mmcau_sha256_cast
...
Fix for cast warning with NXP CAU and SHA256.
2018-03-02 10:10:14 -08:00
Jacob Barthelmeh
f6869dfe09
AES ECB build with ARMv8 instructions enabled
2018-03-02 09:30:43 -07:00
David Garske
f6d770b5bd
Fix for pluton ECC sign.
2018-03-02 07:57:22 +01:00
Jacob Barthelmeh
223facc46a
sanity check on index before reading from input
2018-03-01 18:03:21 -07:00
Jacob Barthelmeh
ae21c03d69
check on certificate index when getting Name
2018-03-01 18:00:52 -07:00
Jacob Barthelmeh
e7b0fefd7a
add sanity check on read index
2018-03-01 18:00:52 -07:00
Jacob Barthelmeh
df1c73c8e5
check for case that BER to DER API is available
2018-03-01 18:00:52 -07:00
Jacob Barthelmeh
db18e49920
gcc-7 warning about misleading indentation
2018-03-01 18:00:52 -07:00
David Garske
59c8d3cdf7
Fix for cast warning with NXP CAU and SHA256.
2018-03-01 08:06:29 +01:00
Chris Conlon
1b2e43478d
Merge pull request #1405 from ejohnstown/selftest-errors
...
added error codes for the FIPS pairwise agreement tests in the POST
2018-02-28 14:16:59 -07:00
John Safranek
d035c1dd81
added error code for the FIPS DH agreement KAT test in the POST
2018-02-28 10:54:53 -08:00
toddouska
b6aae0c2d1
Merge pull request #1402 from JacobBarthelmeh/Testing
...
Improve bounds and sanity checks
2018-02-28 09:45:19 -08:00
Jacob Barthelmeh
25e7dbd17a
add comment on sanity check
2018-02-27 23:30:50 -07:00
John Safranek
5cc046eb6d
added error codes for the FIPS pairwise agreement tests in the POST
2018-02-27 12:42:25 -08:00
Jacob Barthelmeh
00b6419964
use XSTRLEN and revert adding outLen parameter
2018-02-26 16:52:09 -07:00
Jacob Barthelmeh
e6c95a0854
sanity check on input size
2018-02-26 14:41:00 -07:00
Jacob Barthelmeh
5ef4296b3d
sanity check on buffer length with ASNToHexString
2018-02-26 14:25:39 -07:00
Jacob Barthelmeh
e4f40fb6c0
add sanity checks and change index increment
2018-02-26 13:55:56 -07:00
toddouska
f7d70e4650
Merge pull request #1401 from kaleb-himes/NETOS-SV
...
possible shadowed global variable declaration in NETOS
2018-02-26 12:21:13 -08:00
toddouska
442430d39e
Merge pull request #1392 from ejohnstown/rsa-decrypt-check
...
RSA Decrypt Bounds Checking
2018-02-26 12:19:37 -08:00
kaleb-himes
f58619bb9f
possible shadowed global variable declaration in NETOS
2018-02-26 11:48:33 -07:00
toddouska
b527f6fb81
Merge pull request #1397 from JacobBarthelmeh/Optimizations
...
Optimizations
2018-02-26 08:43:22 -08:00
toddouska
73dbc8f6e7
Merge pull request #1395 from JacobBarthelmeh/Certs
...
Add support for writing multiple OUs, DCs and for writing a unique EKU OID
2018-02-26 08:39:58 -08:00
John Safranek
a49553df6a
RSA Decrypt Bounds Checking
...
1. Added some bounds checking on the ciphertext passed into the RSA decrypt function. NIST SP 800-56B specifies that the ciphertext shouldn't be a number larger than the modulus.
2. Added an API test to check that the direct RSA decrypt function returns an error with a "bad" message.
3. Added an ifndef guard to disable the bounds check. Default is to keep the bounds check.
4. RSA Decrypt bounds check only checked the first time into wc_RsaFunction().
2018-02-23 17:04:05 -08:00
Jacob Barthelmeh
942f39de3b
cast return from XSTRLEN
2018-02-23 17:35:44 -07:00
Jacob Barthelmeh
9391c608cc
remove error string function when no error strings is defined
2018-02-23 17:31:20 -07:00
Jacob Barthelmeh
f2cbab95b0
change _EncodeName, add test with wc_MakeCertReq, add XMEMSET with Cert init
2018-02-23 17:22:48 -07:00
toddouska
1c2506f94c
Merge pull request #1393 from SparkiDev/sp_math_dh
...
DH public key check working with sp-math
2018-02-23 16:15:15 -08:00
toddouska
22e55e72c1
Merge pull request #1394 from cconlon/selftest
...
Add CAVP-only Self Test for special build
2018-02-23 15:50:06 -08:00
Jacob Barthelmeh
79f13478df
add AES macro guards and reduce code in GetName
2018-02-23 13:45:42 -07:00
Jacob Barthelmeh
453aa16e8d
Add support for writing multiple OUs, DCs and for writing a unique EKU OID
2018-02-23 10:46:26 -07:00
Chris Conlon
ad53037852
add CAVP selftest option for special build
2018-02-23 10:14:56 -07:00
Sean Parkinson
30e8429a3f
DH public key check working with sp-math
2018-02-23 15:10:54 +10:00
David Garske
6500c40015
Merge pull request #1386 from JacobBarthelmeh/RSA
...
add WC_RSA_NO_PADDING macro and WC_RSA_NO_PAD enum
2018-02-22 13:34:20 -08:00
Chris Conlon
de4893486e
add wc_DhCheckPubKey_ex() with checks against large prime q
2018-02-22 11:09:06 -07:00
Jacob Barthelmeh
63802849a1
remove magic number
2018-02-22 09:55:20 -07:00
toddouska
dda7dbd7fd
Merge pull request #1389 from JacobBarthelmeh/CAAM
...
fix unused function warning with CAAM and AES
2018-02-22 08:51:34 -08:00
toddouska
06abc12d40
Merge pull request #1384 from SparkiDev/sp_math_dh
...
Enable DH public key check code with sp-math
2018-02-22 08:41:25 -08:00
Sean Parkinson
6bf5f06397
Fixes from code review
2018-02-22 14:59:19 +10:00
Sean Parkinson
7160384a19
Explicit curve data in public ECC key
...
Certificate's public key data contains more of the encoding.
PKCS #7 using public key from certificates calls proper decode.
2018-02-22 14:59:19 +10:00
Sean Parkinson
274110a10c
Added tests and fixes from testing
2018-02-22 14:58:37 +10:00
Sean Parkinson
76b0464a3b
Fixes from review
2018-02-22 08:31:19 +10:00
Jacob Barthelmeh
312d1a2aaf
fix unused function warning with CAAM and AES
2018-02-21 15:21:07 -07:00
Jacob Barthelmeh
08e199d78a
add support for async with wc_RsaDirect function
2018-02-21 11:09:38 -07:00
Jacob Barthelmeh
7374e2e751
add WC_RSA_NO_PADDING macro and WC_RSA_NO_PAD enum
2018-02-21 10:10:35 -07:00
Sean Parkinson
7d4c693d7e
Enable DH public key check code with sp-math
2018-02-21 09:13:00 +10:00
Sean Parkinson
3dfc2d87f3
Fix leak when wc_PKCS7_InitWithCert is called in verify
2018-02-21 08:29:50 +10:00
Sean Parkinson
6dad94c0fa
Change wc_BerToDer signature to have length as param
...
Clean up code to make readable
2018-02-21 08:29:50 +10:00
Sean Parkinson
d09f26a69f
Support indefinite length BER encodings in PKCS #7
2018-02-21 08:29:50 +10:00
toddouska
7a2aa6bc13
Merge pull request #1382 from dgarske/cleanup_strncpy
...
Fixes for ensuring null termination on all strncpy calls
2018-02-20 08:18:08 -08:00
Jacob Barthelmeh
33b699f81a
macro guards on PEM strings
2018-02-19 17:32:39 -07:00
David Garske
e4df21df94
More cleanup for const strings.
2018-02-19 17:32:39 -07:00
Jacob Barthelmeh
772651c17a
update tests and benchmark for HAVE_AES_DECRYPT
2018-02-19 17:32:39 -07:00
Jacob Barthelmeh
4614bd4e56
scan-build warning and AES key size builds for ARMv8
2018-02-19 17:32:39 -07:00
Jacob Barthelmeh
94b7ab92f3
fix for unused variable
2018-02-19 17:32:39 -07:00
Jacob Barthelmeh
2a15b3912b
revert pkcs7 attrib structure for scep and add more macro guards for AES key size
2018-02-19 17:32:39 -07:00
Jacob Barthelmeh
8006b68cac
more macro guards
2018-02-19 17:32:39 -07:00
Jacob Barthelmeh
c9525d9c1d
add opensslextra=x509small build option
2018-02-19 17:32:39 -07:00
Jacob Barthelmeh
e187ce42da
more macro guards for asn
2018-02-19 17:28:53 -07:00
Jacob Barthelmeh
16a4aef18e
clean up of macro guards on OIDs
2018-02-19 17:28:53 -07:00
Jacob Barthelmeh
02753e53a5
add some of AES key size macros to benchmark.c and test.c
2018-02-19 17:28:53 -07:00
Jacob Barthelmeh
7143b09786
pack PKCS7 structure
2018-02-19 17:28:53 -07:00
Jacob Barthelmeh
c2f660c0fc
first round of adding AES key size macros
2018-02-19 17:23:49 -07:00
toddouska
08696449f6
Merge pull request #1349 from JacobBarthelmeh/PKCS7
...
pkcs7 attribute parsing
2018-02-19 15:36:55 -08:00
David Garske
44079e4bb8
Fixes for ensuring null termination on all strncpy calls. Cleanup of the null termination character '\0'; for char types.
2018-02-19 13:33:16 -08:00
David Garske
ae5dac8994
Fixes for GCC 7 build errors with evp.c and switch fall through. General EVP code formatting cleanup. Fix for wolfCrypt test un-used var when `HAVE_AES_CBC` not defined. Fix for async in `test_wolfSSL_SESSION` with `err` not being initialized.
2018-02-16 09:32:40 -08:00
toddouska
74ebf510a3
Merge pull request #1374 from dgarske/pub_ecc_mul2add
...
Add option for `ecc_mul2add` to be made as exposed API
2018-02-15 14:21:42 -08:00
toddouska
cbd7612324
Merge pull request #1375 from dgarske/ifm_feedback
...
Add support for `WOLFSSL_NO_MALLOC` with memory callbacks
2018-02-15 14:19:21 -08:00
John Safranek
d8eff923f1
Merge pull request #1372 from JacobBarthelmeh/UnitTests
...
clear error node queue after test case and initialize logging buffer
2018-02-15 08:40:45 -08:00
David Garske
8c8ed06202
Added the `WOLFSSL_NO_MALLOC` option for the realloc callback as well.
2018-02-15 07:15:30 -08:00
David Garske
32547e280a
Added `ecc_mul2add` to ecc.h header and is exposed as an API if `WOLFSSL_PUBLIC_ECC_ADD_DBL` is defined.
2018-02-15 07:04:29 -08:00
David Garske
8285648e46
Fix to support using memory callbacks with no malloc / free using `WOLFSSL_NO_MALLOC`. Fix to only include <errno.h> if `LWIP_PROVIDE_ERRNO` is not defined.
2018-02-15 06:54:14 -08:00
Jacob Barthelmeh
1b98ccbac8
add else condition for logging string with OPENSSL_EXTRA
2018-02-14 17:21:42 -07:00
David Garske
9ff97997a6
Merge pull request #1360 from SparkiDev/sp_math
...
Minimal implementation of MP when using SP.
2018-02-14 15:49:23 -08:00
David Garske
a7a8ce8721
Merge pull request #1371 from ejohnstown/asn-fix
...
Update wc_GetKeyOID()
2018-02-14 15:10:01 -08:00
John Safranek
0853fcb202
Update wc_GetKeyOID()
...
1. Check that the algoID is not NULL.
2. Initialize algoID to 0.
3. Moved the key variables around.
2018-02-14 12:43:02 -08:00
toddouska
9a4fe0fe4e
Merge pull request #1353 from dgarske/asn_strict
...
Added RFC 5280 "must" checks
2018-02-14 10:01:58 -08:00
Sean Parkinson
b18fdea2ce
Fixes from code review
2018-02-14 11:09:20 +10:00
John Safranek
e48eb1ded8
added hmac-sha-3
2018-02-12 13:24:06 -08:00
toddouska
95ed1a88ed
Merge pull request #1364 from SparkiDev/aesni_authtagsz
...
AES-GCM AES-NI code now handles different tag lengths
2018-02-09 13:19:14 -08:00
toddouska
44be47a83b
Merge pull request #1358 from dgarske/fix_aesgcm_emb
...
Fix for missing `ret` in some `wc_AesGcmEncrypt` functions
2018-02-09 13:16:21 -08:00
toddouska
a27d2448e2
Merge pull request #1344 from dgarske/portability_cleanups
...
Portability cleanups and `tls_bench` fixes
2018-02-09 13:15:47 -08:00
toddouska
d827e93af9
Merge pull request #1329 from JacobBarthelmeh/PKCS12
...
PKCS12 reverse order that certificates are compared for keypair
2018-02-09 13:15:07 -08:00
Chris Conlon
fa676d96cf
detect and set keyAgreeOID from CMS EnvelopedData if user has not set
2018-02-09 09:37:51 -07:00
Sean Parkinson
35c993e55d
AES-GCM AES-NI code now handles different tag lengths
...
Encrypt and decrypt code modified.
AES-NI, AVX1 and AVX2 code modified.
Test of 15 byte tag added.
2018-02-09 17:21:06 +10:00
John Safranek
6907241180
Add AES-GCM Test Case
...
Added a new AES-GCM test case where the provided IV is of length 1 byte.
2018-02-08 11:37:21 -08:00
Sean Parkinson
a3a4f2d59c
Minimal implementation of MP when using SP.
...
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
2018-02-08 15:50:17 +10:00
David Garske
fbdcd3c67f
Fix for missing `ret` in some `wc_AesGcmEncrypt` functions due to refactor in commit 0765aa0
.
2018-02-07 15:40:28 -08:00
David Garske
c2a0de93b8
Fix to resolve wolfCrypt test for `cert_test nameConstraints test. Fixed ASN check to properly determine if certificate is CA type.
2018-02-07 12:48:33 -08:00
David Garske
4a6bb20ba6
Refactor the `VERIFY_AND_SET_OID` macro to simplify so it works on older C compilers like Visual Studio.
2018-02-07 12:17:03 -08:00
David Garske
d78e45dbb6
Added check to enforce RFC 5280 Sec 4.2: "A certificate MUST NOT include more than one instance of a particular extension". Refactor of the `DecodedCert` struct to combine bit type options into bit-fields. Fix for wolfCrypt test for error codes to allow `-161`.
2018-02-07 11:15:22 -08:00
David Garske
d9002bb072
Fix to enforce RFC 5280 Sec 4.2.1.6: "The name MUST NOT be a relative URI". Verifies the URI contains "://". Can be disabled using `WOLFSSL_NO_ASN_STRICT`.
2018-02-07 11:15:22 -08:00
David Garske
f4ad808d12
Added check to enforce RFC 5280 Sec 4.2.1.10 rule: "The name constraints extension, which MUST be used only in a CA certificate". Added new define `WOLFSSL_NO_ASN_STRICT` to restore old behavior for compatability. Fix wc_port time `HAVE_RTP_SYS` (noticed it was missed during ASN time move to wc_port).
2018-02-07 11:15:22 -08:00
David Garske
3e05118995
* Added the `tls_bench` example to the build output when threading is supported.
...
* Fixed some `tls_bench` build issues with various configure options.
* Moved the `WOLFSSL_PACK` and `WC_NORETURN` macros into types.h.
* Added support for `__builtin_bswap32` and `__builtin_bswap64`. Since the performance of the builtins varries by platform its off by default, but can be enabled by customer using `WOLF_ALLOW_BUILTIN`. Quick check on x86 showed the 32-bit swap performance matched, but 64-bit swap was slower.
2018-02-07 11:13:13 -08:00
toddouska
69db17fcda
Merge pull request #1352 from dgarske/freertos_static
...
Fix to allow `FREERTOS` and `WOLFSSL_STATIC_MEMORY`
2018-02-07 10:06:51 -08:00
toddouska
7769ba83ad
Merge pull request #1346 from dgarske/stm32_hash_ctx
...
STM32 Hashing Improvements
2018-02-07 10:03:50 -08:00
David Garske
9afd26e853
Fixes for better supporting FREERTOS with and without static memory. Added fallback case to use pvPortMalloc/vPortFree when `heap` ptr not available.
2018-02-06 09:28:27 -08:00
David Garske
0be1c10fcd
Moved the STM32 functions to their own .c file. Added GPL header. Finished testing on STM32 CubeMX with F4 and F7 and StdPeriLib with F4.
2018-02-05 12:57:06 -08:00
Jacob Barthelmeh
a196fac0c2
itterate through certificates with PKCS7
2018-02-05 10:52:54 -07:00
toddouska
0765aa0f20
Merge pull request #1342 from SparkiDev/aes_gcm_sb2
...
Improve performance of AES-GCM for AVX1 and AVX2
2018-02-02 10:56:14 -08:00
toddouska
02ef52c3cd
Merge pull request #1340 from dgarske/ecc_pub_import_wcurve
...
Adds curve information to public key import for `wc_EccPublicKeyDecode`
2018-02-02 10:52:06 -08:00
toddouska
d63373066b
Merge pull request #1331 from JacobBarthelmeh/Compatibility-Layer
...
add comments and better error checking for PKCS8 strip
2018-02-02 10:50:29 -08:00
toddouska
c66ebb6748
Merge pull request #1317 from SparkiDev/chacha20_sb_avx2
...
Improve performance of chacha20-poly1305 on AVX and AVX2.
2018-02-02 10:46:39 -08:00
Jacob Barthelmeh
19ce41c3cc
pkcs7 attribute parsing
2018-02-02 09:01:32 -07:00
David Garske
a4a5f4f27a
STM32 refactor to move hashing code into `wolfssl/wolfcrypt/port/stm32.h`. Supports CubeMX HAL or StdPeriLib with MD5, SHA1, SHA224 and SHA256. Detects if hardware supports SHA2. Adds hashing context save/restore and hashing clock/power optimizations. Fix for building *.c in wolfcrypt/src/port for `caam_driver.c`. Fix for warning with `wolfSSL_CryptHwMutexUnLock` when no threading defined and return code not checked.
2018-01-31 11:25:20 -08:00
Sean Parkinson
3d3b9f69a6
Test larger variable data size if available
2018-01-30 12:21:25 +10:00
Sean Parkinson
e82e3d3d6e
Improve performance of AES-GCM for AVX1 and AVX2
2018-01-30 12:00:13 +10:00
David Garske
9d7374348b
Fix the `ecc_decode_test` to use a real OID (instead of 1), so the tests work properly.
2018-01-29 15:58:04 -08:00
David Garske
90a3daa887
Adds curve information to public key import for `wc_EccPublicKeyDecode`. Cleanup to remove the `ECC_CHECK_PUBLIC_KEY_OID` define. The call to `wc_ecc_get_oid` does the same check as `CheckCurve`.
2018-01-29 12:09:12 -08:00
Chris Conlon
d179e442b4
Merge pull request #1337 from dgarske/pkcs7_pad
...
Expose the PKCS 7 pad functionality `wc_PKCS7_PadData`
2018-01-26 10:01:07 -08:00
David Garske
058c2a7a25
Made public the `wc_PKCS7_GetPadSize` API. Cleanup to use GetPadSize for the `wc_PKCS7_PadData`.
2018-01-25 08:14:56 -08:00
Sean Parkinson
4d75f337bb
Fix AVX2 final func to reset state
2018-01-24 16:36:44 -08:00
dgarske
776e222143
Merge pull request #1336 from SparkiDev/sha256_freescale
...
Transform_Sha256 no longer passed a buffer - fix for FREESCALE
2018-01-23 14:51:30 -08:00
David Garske
138bc3e6cc
Enhancement to expose the PKCS 7 pad functionality (wc_PKCS7_PadData).
2018-01-23 13:21:56 -08:00
Sean Parkinson
11ea2689d8
Transform_Sha256 no longer passed a buffer - fix for FREESCALE
2018-01-23 12:45:17 -08:00
David Garske
4e10173eed
Fix for possible leak in error case for `wc_RsaKeyToDer`.
2018-01-22 16:17:08 -08:00
Jacob Barthelmeh
1428934ad5
add comments and better error checking for PKCS8 strip
2018-01-19 16:53:12 -07:00
toddouska
f06abdb3ae
Revert "Improve AES-GCM code for Intel AVX1 and AVX2"
2018-01-19 15:12:08 -08:00
toddouska
085d3dae14
Merge pull request #1315 from SparkiDev/aes_gcm_sb
...
Improve AES-GCM code for Intel AVX1 and AVX2
2018-01-19 15:09:34 -08:00