Commit Graph

6123 Commits

Author SHA1 Message Date
Sean Parkinson 7eb95674ee Merge pull request #4966 from dgarske/kcapi
Fixes for KCAPI AES GCM and ECC
2022-03-25 10:18:16 +10:00
John Safranek 14522f25ff Merge pull request #4904 from kaleb-himes/OE22_NS9210_FIX
Fix up random.h conflicts with cert 3389 releases and some NETOS issues
2022-03-24 16:07:23 -07:00
Sean Parkinson feb58a8455 Merge pull request #4956 from julek-wolfssl/bind-9.18.0
bind 9.18.0 fixes
2022-03-25 08:27:34 +10:00
Anthony Hu ceae169a34 Merge pull request #4969 from dgarske/pk_pubkey 2022-03-24 12:40:03 -04:00
Juliusz Sosinowicz 29c0c9bf48 Rebase fixes 2022-03-24 13:41:50 +01:00
Juliusz Sosinowicz ae9b01c5b8 bind 9.18.0 fixes
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
2022-03-24 12:16:59 +01:00
David Garske 6e550c8d75 Fix for KCAPI ECC KeyGen. Disable ECC consistency checks with KCAPI. Allow public AddSignature (used to be public). Fix KCAPI ECC SharedSecret output size. 2022-03-23 09:37:50 -07:00
David Garske 8bafa7f601 Fix for KCAPI ECC sign (was not returning the signature, since ret always 0). 2022-03-23 09:37:50 -07:00
David Garske c9e3094cb0 Fixes for KCAPI ECC verify. Cleanup of the pubkey_raw. Fix KCAPI AES possible used uninitialized. 2022-03-23 09:37:50 -07:00
David Garske 8d695f97c9 Fix for KCAPI KcapiEcc_LoadKey parameter to kcapi_kpp_keygen. Added option to release handle on load. Fixes for KCAPI sign output length. Added additional argument checking. 2022-03-23 09:37:50 -07:00
David Garske 318350f63b Fix for ecc_check_privkey_gen with KCAPI. Fix KCAPI ECDSA to ensure we don't leak handle for multiple sign/verify calls. 2022-03-23 09:37:50 -07:00
David Garske 9f2dc408a0 Fixes for KCAPI AES GCM. Add guards for algorithm macros on KCAPI. 2022-03-23 09:37:50 -07:00
David Garske 1b0e5f4806 Allow disabling DRBG with KCAPI. Add KCAPI /dev/hwrng support. 2022-03-23 09:37:50 -07:00
David Garske 5fe6f1c875 For KCAPI do not force enable ECC curves, set K or seed callback, disable AES GCM tests with non standard IV. 2022-03-23 09:37:50 -07:00
David Garske 59665a44b5 Fixes for allowing server to have a public key set when using external key with PK callbacks. 2022-03-21 13:14:24 -07:00
David Garske 29c120356e Sniffer asynchronous support.
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807.
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
2022-03-21 12:05:08 -07:00
David Garske c213c725d7 Merge pull request #4971 from SparkiDev/fp_div2_mod_ct_oob
TFM fp_div_2_ct: rework to avoid overflow
2022-03-21 09:11:41 -07:00
David Garske 08d6474878 Merge pull request #4954 from SparkiDev/rsa_fermat
RSA: check for small difference between p and q
2022-03-21 09:09:38 -07:00
David Garske b90df0a6aa Merge pull request #4951 from ejohnstown/wolfrand
wolfRand for AMD
2022-03-21 09:09:19 -07:00
Juliusz Sosinowicz 9763030675 Merge pull request #4845 from cconlon/pkcs7compat 2022-03-21 15:26:37 +01:00
Sean Parkinson 8dbd8b0ad6 RSA: check for small difference between p and q 2022-03-21 10:58:14 +10:00
Sean Parkinson aa14607a6f TFM fp_div_2_ct: rework to avoid overflow
Don't set the overflow word. Instead integrate the div by 2 into the
function so that the overflow word doesn't need to be stored.
2022-03-21 10:43:06 +10:00
Sean Parkinson 2f52d3cd20 Merge pull request #4965 from dgarske/aes_win_clang
Fixes for Windows AESNI with clang
2022-03-21 08:24:21 +10:00
Hayden Roche dcaa218ed8 Merge pull request #4927 from cconlon/upRef 2022-03-18 18:10:36 -07:00
Chris Conlon c491a6c829 EVP_PKEY_copy_parameters: correctly mark inner struct owned 2022-03-18 16:37:45 -06:00
Chris Conlon 582f0d82e4 address review feedback for PKCS7 compat additions 2022-03-18 12:07:44 -06:00
JacobBarthelmeh bfee3dffc6 Merge pull request #4967 from dgarske/pubkey_size
Fix for `wc_EccPublicKeyToDer` incorrectly requiring too much buffer
2022-03-18 09:22:52 -06:00
David Garske bb27fa4555 Fix for wc_EccPublicKeyToDer incorrectly requiring too much buffer. Merge error included old ASN code and incorrectly excluded ASN template. ZD13904. 2022-03-17 18:51:37 -07:00
Sean Parkinson ef66a12a24 Merge pull request #4961 from dgarske/cust_fixups
Various portability improvements (Time, DTLS epoch size, IV alloc)
2022-03-18 11:38:57 +10:00
David Garske b546b2a5ec Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID. 2022-03-17 14:48:30 -07:00
David Garske f954aef973 Fixes for Windows AESNI with clang. Improve 32-bit support. 2022-03-17 14:05:24 -07:00
David Garske 3fba5d17c3 Various portability improvements:
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
2022-03-17 14:00:55 -07:00
David Garske aa8e5a29d4 Merge pull request #4947 from cconlon/compatSmallStack
Stack/smallstack cleanup for OpenSSL compatibility functions
2022-03-15 16:47:23 -07:00
Chris Conlon a52539c489 Merge pull request #4958 from TakayukiMatsuo/example 2022-03-15 17:39:07 -06:00
John Safranek f80faebfe5 wolfRand for AMD
1. Add configure option to enable AMD's RDSEED.
2. Add seed parameters when building specifically for AMD using RDSEED.
3. Update the wolfCrypt test to play nice with the larger seed size.
2022-03-15 15:20:08 -07:00
Anthony Hu fbfb1fee91 Add Post-quantum KEM benchmark for STM32 2022-03-15 14:49:40 -04:00
TakayukiMatsuo 365a4de154 Fix settings and removed warnings 2022-03-16 02:12:45 +09:00
Chris Conlon ce514e6fc5 add PKCS7_sign, PKCS7_final, SMIME_write_PKCS7. add signer cert verify support to PKCS7_verify, support for PKCS7_TEXT, PKCS7_DETACHED, PKCS7_STREAM 2022-03-15 10:21:22 -06:00
David Garske 2febed01a5 Merge pull request #4949 from SparkiDev/ssl_move_conf
ssl.c: move TXT and CONF APIs out into conf.c
2022-03-15 09:02:42 -07:00
Chris Conlon 062003916c stack/smallstack reduction for wolfssl_x509_make_der(), d2iGenericKey(), PrintPubKeyEC(), wolfSSL_EC_POINT_add() 2022-03-15 09:40:48 -06:00
Sean Parkinson 343e8bccdd ssl.c: move TXT and CONF APIs out into conf.c 2022-03-15 12:09:24 +10:00
David Garske 4ec49d2189 Merge pull request #4943 from SparkiDev/sp_arm64_perf_1
SP ASM performance improvements
2022-03-14 18:40:51 -07:00
Sean Parkinson eeb7f72a07 AES-GCM: stack alignment issues
Don't expect stack to be aligned.
vmovdqu is no longer slower than vmovdqa.
2022-03-15 08:49:43 +10:00
Sean Parkinson 2c1ecacbfc TLS 1.3 script test: wait for server to write file
Also fixes for:
./configure --enable-psk --disable-rsa --disable-ecc --disable-dh
C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK
./configure --disable-shared --enable-curve448 --enable-ed448
--disable-rsa --disable-dh --enable-tls13 --disable-ecc --enable-certgen
--enable-keygen
2022-03-14 14:42:47 +10:00
Daniel Pouzzner 4966eb7897 Merge pull request #4944 from douzzer/20220310-asn-template-EncodeExtensions-overrun
wolfcrypt/src/asn.c: fix buffer underrun in EncodeExtensions() and leak in ParseCRL_Extensions()
2022-03-13 21:21:07 -05:00
Sean Parkinson 20562b3f78 DecodeNameConstraints (ASN Template): free ASNGetData 2022-03-14 09:14:19 +10:00
David Garske a816f329cc Merge pull request #4856 from anhu/stm32u5
Enable support for STM32U585 and PQC for STM32
2022-03-11 14:49:46 -08:00
Chris Conlon 9fff321e3e address PR review feedback on EVP_PKEY changes 2022-03-11 10:11:02 -07:00
Daniel Pouzzner 385ece92d8 ECCSI and SAKKE: fix smallstackcache memory leaks in library, and blue-moon undefined behavior bugs in test.c eccsi_test(() and sakke_test(). 2022-03-11 10:06:18 -06:00
Sean Parkinson c3eab0dcdd Fixes from sanitizer build
Fix OID index in SetNameRdnItems for multi attributes.
Stop warning about strncpy to small.
Fix casting in ASN1_SIMPLE to use consistent type.
2022-03-11 14:27:50 +10:00