mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,821 Commits 5 Branches 160 Tags 771 MiB
Commit Graph

2162 Commits

Author SHA1 Message Date
John Safranek 425cee64a7 AES assembly file name change 
Some versions of GCC on the Mac will not run the file aes_asm.s through the preprocessor. There are some ifdefs in the file that are included when they shouldn't be. This is not a problem on Linux. Renaming the file to have a capital S extension forces the assembler to run with the preprocessor.
 2018-04-12 16:47:58 -07:00
toddouska eacd98fe4e
Merge pull request #1491 from dgarske/config 
Configure improvements and new options
 2018-04-12 13:48:20 -07:00
David Garske 1f7b954d47 Fix for `wc_GetCTC_HashOID` in FIPS mode. Uses the new `wc_HashTypeConvert` to handle conversion from unique WC_ALGO (`int`) to WC_HASH_TYPE_ALGO (`enum wc_HashType`). 2018-04-12 06:51:23 -07:00
David Garske ce6728951f Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build. 2018-04-11 13:54:07 -07:00
David Garske ee5d78f84f Added new `wc_OidGetHash` API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated `wc_GetCTC_HashOID` to use `wc_HashGetOID` and maintain back compat. 2018-04-11 13:53:30 -07:00
David Garske 83bfdb1594 Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API `wc_HashTypeConvert` to handle the conversion between `enum wc_HashType` and `int`. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location). 2018-04-11 09:30:30 -07:00
David Garske 3f3e332a3a Fix for evp.c `statement will never be executed` in `wolfSSL_EVP_CIPHER_CTX_block_size`. 2018-04-11 08:18:39 -07:00
David Garske a38576146e * Added support for disabling PEM to DER functionality using `WOLFSSL_PEM_TO_DER`. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests. 
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
 2018-04-09 13:28:15 -07:00
David Garske 5a46bdf6f6 Added unit test for using encrypted keys with TLS. Only works with `--enable-des3`, since the keys are all encrypted with DES3 (also requires either `--enable-opensslextra or --enable-enckeys`). 2018-04-09 13:28:15 -07:00
David Garske 98c186017a Fixes for build failures. Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. Added enum for unique cipher types. Added `CHACHA_MAX_KEY_SZ` for ChaCha. 2018-04-09 13:28:15 -07:00
David Garske 2c72f72752 Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability. 2018-04-09 13:28:15 -07:00
David Garske 1f00ea2115 Fixes for various build issues with type casting and unused functions. Moved `mystrnstr` to wc_port.c. Added some additional argument checks on pwdbased. 2018-04-09 13:28:15 -07:00
David Garske 6de8348918 Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c. 2018-04-09 13:28:15 -07:00
David Garske 1315fad7dc Added ForceZero on the password buffer after done using it. 2018-04-09 13:28:15 -07:00
David Garske 3a8b08cdbf Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz. 2018-04-09 13:28:15 -07:00
David Garske c83e63853d Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming. 2018-04-09 13:28:15 -07:00
David Garske 264496567a Improvements to EncryptedInfo. Added build option `WOLFSSL_ENCRYPTED_KEYS` to indicate support for EncryptedInfo. Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. 2018-04-09 13:28:15 -07:00
David Garske f9e830bce7 First pass at changes to move PemToDer into asn.c. 2018-04-09 13:28:14 -07:00
toddouska 6090fb9020
Merge pull request #1483 from dgarske/winvs 
Fixes for unused `heap` warnings
 2018-04-06 09:01:49 -07:00
toddouska e56209cee4
Merge pull request #1482 from dgarske/nourand 
Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`
 2018-04-06 09:00:37 -07:00
David Garske bab62cc435 Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. Added better named define `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. 2018-04-05 09:34:43 -07:00
David Garske ede006b3e1
Merge pull request #1479 from JacobBarthelmeh/HardwareAcc 
Fix PIC32 AES-CBC and add test case
 2018-04-05 09:15:08 -07:00
Jacob Barthelmeh 815219b589 fix pic32 AES-CBC and add test case 2018-04-04 16:09:11 -06:00
David Garske a78c6ba4ea Fix for unused `heap` warnings. 2018-04-04 12:51:45 -07:00
toddouska 2deb977ecf
Merge pull request #1473 from dgarske/pkcs7_norsa 
Enabled PKCS7 support without RSA
 2018-04-04 10:33:11 -07:00
toddouska 960d2ec031
Merge pull request #1471 from JacobBarthelmeh/Fuzzer 
sanity check on buffer read
 2018-04-04 10:31:55 -07:00
David Garske c288d0815d Added support for building and using PKCS7 without RSA (assuming ECC is enabled). 2018-04-03 09:26:57 -07:00
David Garske 0c898f513d Nitrox V fixes and additions: 
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
 2018-04-03 09:14:20 -07:00
Jacob Barthelmeh 6a1013888f sanity check on buffer read 2018-04-02 14:30:58 -06:00
Takashi Kojo c60d9ff983 if(ret != 1) error 2018-04-01 13:27:08 +09:00
Takashi Kojo 1c0b84d47d openSSL compatibility, EVP_CipherUpdate, if(inlen == 0)return 1; 2018-04-01 12:13:18 +09:00
David Garske c9d840ed8d Fix for the `HAVE_THEAD_LS` case with `FP_ECC` where starting a new thead and doing ECC operations and not calling `wc_ecc_fp_free`. Added missing `wolfCrypt_Init` to API docs. 2018-03-27 14:29:39 -07:00
toddouska 504b13530e
Merge pull request #1459 from cconlon/selftest_fixes 
Fix for wolfCrypt test and CAVP selftest build
 2018-03-27 13:27:28 -07:00
toddouska 9f231e0020
Merge pull request #1453 from dgarske/ecc508a_linux 
Support for building with `WOLFSSL_ATECC508A` on other targets
 2018-03-27 09:57:39 -07:00
Chris Conlon 021560035b fix unused var warning for extNameConsOid with IGNORE_NAME_CONSTRAINTS 2018-03-26 09:43:37 -06:00
Chris Conlon d2aa7d0a37 exclude ecc_import_unsigned test when building for CAVP selftest 2018-03-23 16:31:17 -06:00
Chris Conlon c08f5b86cf
Merge pull request #1444 from jrblixt/unitTest_api_addPkcs-PR03162018 
Unit test functions for PKCS#7.
 2018-03-23 10:00:33 -06:00
toddouska aee6f4d0ca
Merge pull request #1457 from dgarske/base16 
Base16/64 improvements
 2018-03-22 15:14:57 -07:00
toddouska a92696edec
Merge pull request #1454 from dgarske/noprivkey 
Support for not loading a private key when using `HAVE_PK_CALLBACKS`
 2018-03-22 12:47:22 -07:00
David Garske 3bf325290d Base16/64 improvements: 
* Add define `WOLFSSL_BASE16` to explicitly expose base16 support.
* Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally).
* Added base16 tests in test.c `base16_test`.
* Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
 2018-03-22 10:36:56 -07:00
David Garske 0cff2f8b10 Replace use of `PUB_KEY_SIZE` (from CryptoAuthLib) with new `ECC_MAX_CRYPTO_HW_PUBKEY_SIZE`. 2018-03-22 09:45:27 -07:00
David Garske 8c4bfd825a Support for building the ATECC508A without `WOLFSSL_ATMEL` defined, which enables features specific to Atmel Studio Framework (ASF) and an embedded target. This allows for building with `WOLFSSL_ATECC508A` defined on other targets such as Linux. 2018-03-22 09:39:21 -07:00
toddouska 104f7a0170
Merge pull request #1451 from JacobBarthelmeh/Optimizations 
Adjust X509 small build and add more macro guards
 2018-03-21 15:15:27 -07:00
toddouska f3d0879ed7
Merge pull request #1449 from dgarske/asn_nullterm 
ASN improvements for building header/footer in `wc_DerToPemEx`
 2018-03-21 15:13:46 -07:00
toddouska 2a356228be
Merge pull request #1445 from SparkiDev/wpas_fix 
Fixes for wpa_supplicant
 2018-03-21 15:11:43 -07:00
David Garske dbb34126f6 * Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. Tested with all cipher suites, TLS 1.2/1.3, client/server certs, RSA/ECC/ED25519. 
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
 2018-03-21 11:27:08 -07:00
Jacob Barthelmeh 90f97f4a5a fix for unused variable 2018-03-21 09:16:43 -06:00
Jacob Barthelmeh 0aa3b5fa0e macros for conditionally compiling code 2018-03-21 00:09:29 -06:00
Jacob Barthelmeh 087df8f1cd more macro guards to reduce size 2018-03-20 17:15:16 -06:00
Jacob Barthelmeh 4d65e4cc1e add WOLFSSL_NO_DH186 macro to optionally compile out DH186 function 2018-03-20 15:31:20 -06:00
Jacob Barthelmeh df6ea54cd5 add support for PKCS8 decryption to OPENSSL_EXTRA_X509_SMALL build 2018-03-20 15:06:35 -06:00
David Garske 764aec071c Further improvement to the null termination and newline logic in `wc_DerToPemEx`. 2018-03-19 22:58:18 -07:00
David Garske 59aa893260 Cleanup ECC point import/export code. Added new API `wc_ecc_import_unsigned` to allow importing public x/y and optional private as unsigned char. Cleanup `wc_ecc_sign_hash` to move the hardware crypto code into a separate function. Added missing tests for `wc_ecc_export_public_raw`, `wc_ecc_export_private_raw` and new test for `wc_ecc_import_unsigned`. 2018-03-19 13:28:57 -07:00
toddouska 1040cf9caa
Merge pull request #1437 from dgarske/eccrsrawtosig 
Added new ECC API `wc_ecc_rs_raw_to_sig`
 2018-03-19 09:12:39 -07:00
toddouska 7ce2efd572
Merge pull request #1431 from JacobBarthelmeh/Optimizations 
more aes macro key size guards
 2018-03-19 09:07:05 -07:00
Sean Parkinson b325e0ff91 Fixes for wpa_supplicant 2018-03-19 11:46:38 +10:00
John Safranek 465f1d491f
Merge pull request #1443 from cconlon/dhagree 
check z against 1 in wc_DhAgree()
 2018-03-17 20:15:31 -07:00
David Garske 250cd3b7eb
Merge pull request #1433 from SparkiDev/sp_size 
Fix size on Intel and improve 32-bit C code performance
 2018-03-16 17:05:46 -07:00
jrblixt 1aba6e9b44 Prepare for PR. 2018-03-16 17:07:28 -06:00
Chris Conlon 3118c8826b check z against 1 in wc_DhAgree() 2018-03-16 15:59:48 -06:00
JacobBarthelmeh f70351242b
Merge pull request #1432 from kojo1/mdk5 
3.14.0 update on mdk5 pack
 2018-03-15 14:47:14 -06:00
Jacob Barthelmeh a207cae0f4 add some more macro guards to reduce size 2018-03-14 17:24:23 -06:00
Sean Parkinson 4d1986fc21 Improve speed of 32-bit C code 2018-03-15 08:33:04 +10:00
David Garske 9ccf876a21 Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. 2018-03-14 10:59:25 -07:00
Takashi Kojo 1de291be8d macro INLINE 2018-03-14 07:14:07 +09:00
Sean Parkinson c4dfa41088 SP improvements 
Tag functions to not be inlined so llvm doesn't make huge builds.
Add sp_mod to support new DH key generation function.
 2018-03-13 14:16:48 +10:00
Jacob Barthelmeh 8fb3ccacb7 opensslextra fixs and warning for unused variable 2018-03-12 18:05:24 -06:00
Jacob Barthelmeh 6b04ebe3a4 fix for compiling with different build settings 2018-03-12 16:12:10 -06:00
Jacob Barthelmeh fa21fb4a27 more aes macro key size guards 2018-03-12 15:44:48 -06:00
Jacob Barthelmeh 8fdb99443a fix for build with NTRU and certgen 2018-03-09 14:21:43 -07:00
toddouska 0ab4166a80
Merge pull request #1421 from JacobBarthelmeh/Optimizations 
trim out more strings and fix DN tag
 2018-03-08 14:03:10 -08:00
Chris Conlon 0ac833790d check q in wc_CheckPubKey_ex() if available in DhKey 2018-03-08 10:17:52 -07:00
Chris Conlon 6f95677bb8 add wc_DhSetKey_ex() with support for q and SP 800-56A 2018-03-08 09:36:44 -07:00
Jacob Barthelmeh a9c6385fd1 trim out more strings and fix DN tag 2018-03-07 10:35:31 -07:00
David Garske a4000ba196
Merge pull request #1418 from SparkiDev/sp_armasm 
Add assembly code for ARM and 64-bit ARM
 2018-03-07 09:18:16 -08:00
toddouska cd940ccb5c
Merge pull request #1417 from dgarske/asn_x509_header 
Cleanup of the ASN X509 header logic
 2018-03-07 08:50:00 -08:00
Sean Parkinson 89182f5ca9 Add assembly code for ARM and 64-bit ARM 
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
 2018-03-07 11:57:09 +10:00
David Garske b879d138af Fix for using non-const as array sizer (resolves build error with VS). 2018-03-06 09:04:12 -08:00
David Garske 57e9b3c994 Cleanup of the ASN X509 header and XSTRNCPY logic. 2018-03-05 16:11:12 -08:00
David Garske d75b3f99ac Proper fix for Pluton ECC sign. 2018-03-05 15:29:34 -08:00
toddouska 53c0bf6a20
Merge pull request #1408 from JacobBarthelmeh/Release 
Testing in preparation for release
 2018-03-02 10:12:27 -08:00
toddouska e698084eac
Merge pull request #1406 from dgarske/mmcau_sha256_cast 
Fix for cast warning with NXP CAU and SHA256.
 2018-03-02 10:10:14 -08:00
Jacob Barthelmeh f6869dfe09 AES ECB build with ARMv8 instructions enabled 2018-03-02 09:30:43 -07:00
David Garske f6d770b5bd Fix for pluton ECC sign. 2018-03-02 07:57:22 +01:00
Jacob Barthelmeh 223facc46a sanity check on index before reading from input 2018-03-01 18:03:21 -07:00
Jacob Barthelmeh ae21c03d69 check on certificate index when getting Name 2018-03-01 18:00:52 -07:00
Jacob Barthelmeh e7b0fefd7a add sanity check on read index 2018-03-01 18:00:52 -07:00
Jacob Barthelmeh df1c73c8e5 check for case that BER to DER API is available 2018-03-01 18:00:52 -07:00
Jacob Barthelmeh db18e49920 gcc-7 warning about misleading indentation 2018-03-01 18:00:52 -07:00
David Garske 59c8d3cdf7 Fix for cast warning with NXP CAU and SHA256. 2018-03-01 08:06:29 +01:00
Chris Conlon 1b2e43478d
Merge pull request #1405 from ejohnstown/selftest-errors 
added error codes for the FIPS pairwise agreement tests in the POST
 2018-02-28 14:16:59 -07:00
John Safranek d035c1dd81 added error code for the FIPS DH agreement KAT test in the POST 2018-02-28 10:54:53 -08:00
toddouska b6aae0c2d1
Merge pull request #1402 from JacobBarthelmeh/Testing 
Improve bounds and sanity checks
 2018-02-28 09:45:19 -08:00
Jacob Barthelmeh 25e7dbd17a add comment on sanity check 2018-02-27 23:30:50 -07:00
John Safranek 5cc046eb6d added error codes for the FIPS pairwise agreement tests in the POST 2018-02-27 12:42:25 -08:00
Jacob Barthelmeh 00b6419964 use XSTRLEN and revert adding outLen parameter 2018-02-26 16:52:09 -07:00
Jacob Barthelmeh e6c95a0854 sanity check on input size 2018-02-26 14:41:00 -07:00
Jacob Barthelmeh 5ef4296b3d sanity check on buffer length with ASNToHexString 2018-02-26 14:25:39 -07:00
Jacob Barthelmeh e4f40fb6c0 add sanity checks and change index increment 2018-02-26 13:55:56 -07:00
toddouska f7d70e4650
Merge pull request #1401 from kaleb-himes/NETOS-SV 
possible shadowed global variable declaration in NETOS
 2018-02-26 12:21:13 -08:00
toddouska 442430d39e
Merge pull request #1392 from ejohnstown/rsa-decrypt-check 
RSA Decrypt Bounds Checking
 2018-02-26 12:19:37 -08:00
kaleb-himes f58619bb9f possible shadowed global variable declaration in NETOS 2018-02-26 11:48:33 -07:00
toddouska b527f6fb81
Merge pull request #1397 from JacobBarthelmeh/Optimizations 
Optimizations
 2018-02-26 08:43:22 -08:00
toddouska 73dbc8f6e7
Merge pull request #1395 from JacobBarthelmeh/Certs 
Add support for writing multiple OUs, DCs and for writing a unique EKU OID
 2018-02-26 08:39:58 -08:00
John Safranek a49553df6a RSA Decrypt Bounds Checking 
1. Added some bounds checking on the ciphertext passed into the RSA decrypt function. NIST SP 800-56B specifies that the ciphertext shouldn't be a number larger than the modulus.
2. Added an API test to check that the direct RSA decrypt function returns an error with a "bad" message.
3. Added an ifndef guard to disable the bounds check. Default is to keep the bounds check.
4. RSA Decrypt bounds check only checked the first time into wc_RsaFunction().
 2018-02-23 17:04:05 -08:00
Jacob Barthelmeh 942f39de3b cast return from XSTRLEN 2018-02-23 17:35:44 -07:00
Jacob Barthelmeh 9391c608cc remove error string function when no error strings is defined 2018-02-23 17:31:20 -07:00
Jacob Barthelmeh f2cbab95b0 change _EncodeName, add test with wc_MakeCertReq, add XMEMSET with Cert init 2018-02-23 17:22:48 -07:00
toddouska 1c2506f94c
Merge pull request #1393 from SparkiDev/sp_math_dh 
DH public key check working with sp-math
 2018-02-23 16:15:15 -08:00
toddouska 22e55e72c1
Merge pull request #1394 from cconlon/selftest 
Add CAVP-only Self Test for special build
 2018-02-23 15:50:06 -08:00
Jacob Barthelmeh 79f13478df add AES macro guards and reduce code in GetName 2018-02-23 13:45:42 -07:00
Jacob Barthelmeh 453aa16e8d Add support for writing multiple OUs, DCs and for writing a unique EKU OID 2018-02-23 10:46:26 -07:00
Chris Conlon ad53037852 add CAVP selftest option for special build 2018-02-23 10:14:56 -07:00
Sean Parkinson 30e8429a3f DH public key check working with sp-math 2018-02-23 15:10:54 +10:00
David Garske 6500c40015
Merge pull request #1386 from JacobBarthelmeh/RSA 
add WC_RSA_NO_PADDING macro and WC_RSA_NO_PAD enum
 2018-02-22 13:34:20 -08:00
Chris Conlon de4893486e add wc_DhCheckPubKey_ex() with checks against large prime q 2018-02-22 11:09:06 -07:00
Jacob Barthelmeh 63802849a1 remove magic number 2018-02-22 09:55:20 -07:00
toddouska dda7dbd7fd
Merge pull request #1389 from JacobBarthelmeh/CAAM 
fix unused function warning with CAAM and AES
 2018-02-22 08:51:34 -08:00
toddouska 06abc12d40
Merge pull request #1384 from SparkiDev/sp_math_dh 
Enable DH public key check code with sp-math
 2018-02-22 08:41:25 -08:00
Sean Parkinson 6bf5f06397 Fixes from code review 2018-02-22 14:59:19 +10:00
Sean Parkinson 7160384a19 Explicit curve data in public ECC key 
Certificate's public key data contains more of the encoding.
PKCS #7 using public key from certificates calls proper decode.
 2018-02-22 14:59:19 +10:00
Sean Parkinson 274110a10c Added tests and fixes from testing 2018-02-22 14:58:37 +10:00
Sean Parkinson 76b0464a3b Fixes from review 2018-02-22 08:31:19 +10:00
Jacob Barthelmeh 312d1a2aaf fix unused function warning with CAAM and AES 2018-02-21 15:21:07 -07:00
Jacob Barthelmeh 08e199d78a add support for async with wc_RsaDirect function 2018-02-21 11:09:38 -07:00
Jacob Barthelmeh 7374e2e751 add WC_RSA_NO_PADDING macro and WC_RSA_NO_PAD enum 2018-02-21 10:10:35 -07:00
Sean Parkinson 7d4c693d7e Enable DH public key check code with sp-math 2018-02-21 09:13:00 +10:00
Sean Parkinson 3dfc2d87f3 Fix leak when wc_PKCS7_InitWithCert is called in verify 2018-02-21 08:29:50 +10:00
Sean Parkinson 6dad94c0fa Change wc_BerToDer signature to have length as param 
Clean up code to make readable
 2018-02-21 08:29:50 +10:00
Sean Parkinson d09f26a69f Support indefinite length BER encodings in PKCS #7 2018-02-21 08:29:50 +10:00
toddouska 7a2aa6bc13
Merge pull request #1382 from dgarske/cleanup_strncpy 
Fixes for ensuring null termination on all strncpy calls
 2018-02-20 08:18:08 -08:00
Jacob Barthelmeh 33b699f81a macro guards on PEM strings 2018-02-19 17:32:39 -07:00
David Garske e4df21df94 More cleanup for const strings. 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 772651c17a update tests and benchmark for HAVE_AES_DECRYPT 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 4614bd4e56 scan-build warning and AES key size builds for ARMv8 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 94b7ab92f3 fix for unused variable 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 2a15b3912b revert pkcs7 attrib structure for scep and add more macro guards for AES key size 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 8006b68cac more macro guards 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh c9525d9c1d add opensslextra=x509small build option 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh e187ce42da more macro guards for asn 2018-02-19 17:28:53 -07:00
Jacob Barthelmeh 16a4aef18e clean up of macro guards on OIDs 2018-02-19 17:28:53 -07:00
Jacob Barthelmeh 02753e53a5 add some of AES key size macros to benchmark.c and test.c 2018-02-19 17:28:53 -07:00
Jacob Barthelmeh 7143b09786 pack PKCS7 structure 2018-02-19 17:28:53 -07:00
Jacob Barthelmeh c2f660c0fc first round of adding AES key size macros 2018-02-19 17:23:49 -07:00
toddouska 08696449f6
Merge pull request #1349 from JacobBarthelmeh/PKCS7 
pkcs7 attribute parsing
 2018-02-19 15:36:55 -08:00
David Garske 44079e4bb8 Fixes for ensuring null termination on all strncpy calls. Cleanup of the null termination character '\0'; for char types. 2018-02-19 13:33:16 -08:00
David Garske ae5dac8994 Fixes for GCC 7 build errors with evp.c and switch fall through. General EVP code formatting cleanup. Fix for wolfCrypt test un-used var when `HAVE_AES_CBC` not defined. Fix for async in `test_wolfSSL_SESSION` with `err` not being initialized. 2018-02-16 09:32:40 -08:00
toddouska 74ebf510a3
Merge pull request #1374 from dgarske/pub_ecc_mul2add 
Add option for `ecc_mul2add` to be made as exposed API
 2018-02-15 14:21:42 -08:00
toddouska cbd7612324
Merge pull request #1375 from dgarske/ifm_feedback 
Add support for `WOLFSSL_NO_MALLOC` with memory callbacks
 2018-02-15 14:19:21 -08:00
John Safranek d8eff923f1
Merge pull request #1372 from JacobBarthelmeh/UnitTests 
clear error node queue after test case and initialize logging buffer
 2018-02-15 08:40:45 -08:00
David Garske 8c8ed06202 Added the `WOLFSSL_NO_MALLOC` option for the realloc callback as well. 2018-02-15 07:15:30 -08:00
David Garske 32547e280a Added `ecc_mul2add` to ecc.h header and is exposed as an API if `WOLFSSL_PUBLIC_ECC_ADD_DBL` is defined. 2018-02-15 07:04:29 -08:00
David Garske 8285648e46 Fix to support using memory callbacks with no malloc / free using `WOLFSSL_NO_MALLOC`. Fix to only include <errno.h> if `LWIP_PROVIDE_ERRNO` is not defined. 2018-02-15 06:54:14 -08:00
Jacob Barthelmeh 1b98ccbac8 add else condition for logging string with OPENSSL_EXTRA 2018-02-14 17:21:42 -07:00
David Garske 9ff97997a6
Merge pull request #1360 from SparkiDev/sp_math 
Minimal implementation of MP when using SP.
 2018-02-14 15:49:23 -08:00
David Garske a7a8ce8721
Merge pull request #1371 from ejohnstown/asn-fix 
Update wc_GetKeyOID()
 2018-02-14 15:10:01 -08:00
John Safranek 0853fcb202 Update wc_GetKeyOID() 
1. Check that the algoID is not NULL.
2. Initialize algoID to 0.
3. Moved the key variables around.
 2018-02-14 12:43:02 -08:00
toddouska 9a4fe0fe4e
Merge pull request #1353 from dgarske/asn_strict 
Added RFC 5280 "must" checks
 2018-02-14 10:01:58 -08:00
Sean Parkinson b18fdea2ce Fixes from code review 2018-02-14 11:09:20 +10:00
John Safranek e48eb1ded8 added hmac-sha-3 2018-02-12 13:24:06 -08:00
toddouska 95ed1a88ed
Merge pull request #1364 from SparkiDev/aesni_authtagsz 
AES-GCM AES-NI code now handles different tag lengths
 2018-02-09 13:19:14 -08:00
toddouska 44be47a83b
Merge pull request #1358 from dgarske/fix_aesgcm_emb 
Fix for missing `ret` in some `wc_AesGcmEncrypt` functions
 2018-02-09 13:16:21 -08:00
toddouska a27d2448e2
Merge pull request #1344 from dgarske/portability_cleanups 
Portability cleanups and `tls_bench` fixes
 2018-02-09 13:15:47 -08:00
toddouska d827e93af9
Merge pull request #1329 from JacobBarthelmeh/PKCS12 
PKCS12 reverse order that certificates are compared for keypair
 2018-02-09 13:15:07 -08:00
Chris Conlon fa676d96cf detect and set keyAgreeOID from CMS EnvelopedData if user has not set 2018-02-09 09:37:51 -07:00
Sean Parkinson 35c993e55d AES-GCM AES-NI code now handles different tag lengths 
Encrypt and decrypt code modified.
AES-NI, AVX1 and AVX2 code modified.
Test of 15 byte tag added.
 2018-02-09 17:21:06 +10:00
John Safranek 6907241180 Add AES-GCM Test Case 
Added a new AES-GCM test case where the provided IV is of length 1 byte.
 2018-02-08 11:37:21 -08:00
Sean Parkinson a3a4f2d59c Minimal implementation of MP when using SP. 
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
 2018-02-08 15:50:17 +10:00
David Garske fbdcd3c67f Fix for missing `ret` in some `wc_AesGcmEncrypt` functions due to refactor in commit 0765aa0. 2018-02-07 15:40:28 -08:00
David Garske c2a0de93b8 Fix to resolve wolfCrypt test for `cert_test nameConstraints test. Fixed ASN check to properly determine if certificate is CA type. 2018-02-07 12:48:33 -08:00
David Garske 4a6bb20ba6 Refactor the `VERIFY_AND_SET_OID` macro to simplify so it works on older C compilers like Visual Studio. 2018-02-07 12:17:03 -08:00
David Garske d78e45dbb6 Added check to enforce RFC 5280 Sec 4.2: "A certificate MUST NOT include more than one instance of a particular extension". Refactor of the `DecodedCert` struct to combine bit type options into bit-fields. Fix for wolfCrypt test for error codes to allow `-161`. 2018-02-07 11:15:22 -08:00
David Garske d9002bb072 Fix to enforce RFC 5280 Sec 4.2.1.6: "The name MUST NOT be a relative URI". Verifies the URI contains "://". Can be disabled using `WOLFSSL_NO_ASN_STRICT`. 2018-02-07 11:15:22 -08:00
David Garske f4ad808d12 Added check to enforce RFC 5280 Sec 4.2.1.10 rule: "The name constraints extension, which MUST be used only in a CA certificate". Added new define `WOLFSSL_NO_ASN_STRICT` to restore old behavior for compatability. Fix wc_port time `HAVE_RTP_SYS` (noticed it was missed during ASN time move to wc_port). 2018-02-07 11:15:22 -08:00
David Garske 3e05118995 * Added the `tls_bench` example to the build output when threading is supported. 
* Fixed some `tls_bench` build issues with various configure options.
* Moved the `WOLFSSL_PACK` and `WC_NORETURN` macros into types.h.
* Added support for `__builtin_bswap32` and `__builtin_bswap64`. Since the performance of the builtins varries by platform its off by default, but can be enabled by customer using `WOLF_ALLOW_BUILTIN`. Quick check on x86 showed the 32-bit swap performance matched, but 64-bit swap was slower.
 2018-02-07 11:13:13 -08:00
toddouska 69db17fcda
Merge pull request #1352 from dgarske/freertos_static 
Fix to allow `FREERTOS` and `WOLFSSL_STATIC_MEMORY`
 2018-02-07 10:06:51 -08:00
toddouska 7769ba83ad
Merge pull request #1346 from dgarske/stm32_hash_ctx 
STM32 Hashing Improvements
 2018-02-07 10:03:50 -08:00
David Garske 9afd26e853 Fixes for better supporting FREERTOS with and without static memory. Added fallback case to use pvPortMalloc/vPortFree when `heap` ptr not available. 2018-02-06 09:28:27 -08:00
David Garske 0be1c10fcd Moved the STM32 functions to their own .c file. Added GPL header. Finished testing on STM32 CubeMX with F4 and F7 and StdPeriLib with F4. 2018-02-05 12:57:06 -08:00
Jacob Barthelmeh a196fac0c2 itterate through certificates with PKCS7 2018-02-05 10:52:54 -07:00
toddouska 0765aa0f20
Merge pull request #1342 from SparkiDev/aes_gcm_sb2 
Improve performance of AES-GCM for AVX1 and AVX2
 2018-02-02 10:56:14 -08:00
toddouska 02ef52c3cd
Merge pull request #1340 from dgarske/ecc_pub_import_wcurve 
Adds curve information to public key import for `wc_EccPublicKeyDecode`
 2018-02-02 10:52:06 -08:00
toddouska d63373066b
Merge pull request #1331 from JacobBarthelmeh/Compatibility-Layer 
add comments and better error checking for PKCS8 strip
 2018-02-02 10:50:29 -08:00
toddouska c66ebb6748
Merge pull request #1317 from SparkiDev/chacha20_sb_avx2 
Improve performance of chacha20-poly1305 on AVX and AVX2.
 2018-02-02 10:46:39 -08:00
Jacob Barthelmeh 19ce41c3cc pkcs7 attribute parsing 2018-02-02 09:01:32 -07:00
David Garske a4a5f4f27a STM32 refactor to move hashing code into `wolfssl/wolfcrypt/port/stm32.h`. Supports CubeMX HAL or StdPeriLib with MD5, SHA1, SHA224 and SHA256. Detects if hardware supports SHA2. Adds hashing context save/restore and hashing clock/power optimizations. Fix for building *.c in wolfcrypt/src/port for `caam_driver.c`. Fix for warning with `wolfSSL_CryptHwMutexUnLock` when no threading defined and return code not checked. 2018-01-31 11:25:20 -08:00
Sean Parkinson 3d3b9f69a6 Test larger variable data size if available 2018-01-30 12:21:25 +10:00
Sean Parkinson e82e3d3d6e Improve performance of AES-GCM for AVX1 and AVX2 2018-01-30 12:00:13 +10:00
David Garske 9d7374348b Fix the `ecc_decode_test` to use a real OID (instead of 1), so the tests work properly. 2018-01-29 15:58:04 -08:00
David Garske 90a3daa887 Adds curve information to public key import for `wc_EccPublicKeyDecode`. Cleanup to remove the `ECC_CHECK_PUBLIC_KEY_OID` define. The call to `wc_ecc_get_oid` does the same check as `CheckCurve`. 2018-01-29 12:09:12 -08:00
Chris Conlon d179e442b4
Merge pull request #1337 from dgarske/pkcs7_pad 
Expose the PKCS 7 pad functionality `wc_PKCS7_PadData`
 2018-01-26 10:01:07 -08:00
David Garske 058c2a7a25 Made public the `wc_PKCS7_GetPadSize` API. Cleanup to use GetPadSize for the `wc_PKCS7_PadData`. 2018-01-25 08:14:56 -08:00
Sean Parkinson 4d75f337bb Fix AVX2 final func to reset state 2018-01-24 16:36:44 -08:00
dgarske 776e222143
Merge pull request #1336 from SparkiDev/sha256_freescale 
Transform_Sha256 no longer passed a buffer - fix for FREESCALE
 2018-01-23 14:51:30 -08:00
David Garske 138bc3e6cc Enhancement to expose the PKCS 7 pad functionality (wc_PKCS7_PadData). 2018-01-23 13:21:56 -08:00
Sean Parkinson 11ea2689d8 Transform_Sha256 no longer passed a buffer - fix for FREESCALE 2018-01-23 12:45:17 -08:00
David Garske 4e10173eed Fix for possible leak in error case for `wc_RsaKeyToDer`. 2018-01-22 16:17:08 -08:00
Jacob Barthelmeh 1428934ad5 add comments and better error checking for PKCS8 strip 2018-01-19 16:53:12 -07:00
toddouska f06abdb3ae
Revert "Improve AES-GCM code for Intel AVX1 and AVX2" 2018-01-19 15:12:08 -08:00
toddouska 085d3dae14
Merge pull request #1315 from SparkiDev/aes_gcm_sb 
Improve AES-GCM code for Intel AVX1 and AVX2
 2018-01-19 15:09:34 -08:00