Sean Parkinson
d273d1dc81
Fixes from review
2018-09-24 08:44:31 +10:00
Sean Parkinson
3a72cf7996
Fixes from review
2018-09-24 08:41:25 +10:00
Sean Parkinson
f7f158cbd9
Fix encode and decoding of EC signature
2018-09-24 08:41:25 +10:00
Sean Parkinson
77a81057be
Casting fixes
2018-09-24 08:41:25 +10:00
Sean Parkinson
5744e4227d
Rewrote the public pkcs11 headers
...
Fixed file name in comment.
2018-09-24 08:41:25 +10:00
Sean Parkinson
8a5a03ea35
Support for PKCS#11
...
Support for RSA, ECDSA and AES-GCM operations.
2018-09-24 08:41:25 +10:00
Chris Conlon
0591b18339
fix daysValid seconds calculation
2018-09-21 11:04:39 -06:00
David Garske
dfb9db2b8d
Merge pull request #1832 from JacobBarthelmeh/HardwareAcc
...
Linux /dev/crypto SHA256 and AES
2018-09-20 18:05:35 -07:00
Jacob Barthelmeh
fe2f9d4aa4
minor adjustments and add README
2018-09-20 15:59:29 -06:00
Jacob Barthelmeh
96a7e366bc
testing with valgrind and static analysis tools
2018-09-19 14:29:33 -06:00
Jacob Barthelmeh
2e88151cfd
crypto only sha256 cryptodev
...
formating and refactoring
update configure for devcrypto
add AES algorithms to cyrptodev port
increase structure size for compatibility AES with cryptodev
add wc_devcrypto.h to install path
2018-09-19 10:41:29 -06:00
John Safranek
951bd5a01a
FIPSv2: RNG Update
...
1. Put the SeedTest function in the HASH_DRBG scope.
2018-09-19 07:22:04 -07:00
John Safranek
8972867ada
FIPSv2: RNG Update
...
1. Updated the IDE/WIN10 user settings to enable RDSEED by default.
2. Updated the Windows GenerateSeed() function to take into account the
RDSEED enabled setting.
3. Exclude the TestSeed() function check for the "selftest" build as
well as old FIPS.
2018-09-18 16:08:35 -07:00
John Safranek
582cf3182e
FIPSv2: RNG Update
...
1. Update the SEED_BLOCK_SZ to 4 for non-FIPS builds.
2. Change fips-check.sh to skip copying over the random.{c,h} files for
now. Need the tagged versions of the other files and the new random for
now.
2018-09-18 14:36:43 -07:00
John Safranek
4aa85f956f
FIPSv2: RNG Update
...
1. The wolfcrypt test shouldn't check TestSeed() for old FIPS builds.
2018-09-18 14:36:42 -07:00
John Safranek
b9a850575f
FIPSv2: RNG Update
...
1. For non-FIPS builds, lower the entropy request size to the old value.
2. Added a consistency check to the result of the entropy source. The test
involves requesting an additional 64-bits, then doing a running
comparison of each block of 64-bits. The first block of bits is ignored.
3. Refactored the RNG seeding a bit. Renamed all variables with
"entropy" in the name as "seed". Renamed the constants for entropy sizes
as seed sizes. Changed the security strength to its actual value and
introduced an entropy scaling factor for the number of bits of entropy
per bit and a size for the NDRBG block size.
4. Changed it so the user can change the parameters for the RNG at the
build configuration. If using FIPSv2, triggers an error if the paramters
are changed.
2018-09-18 14:36:42 -07:00
Chris Conlon
085daa78cd
Merge pull request #1833 from dgarske/norng_fixes
...
Fixes for building without RNG enabled
2018-09-18 14:52:21 -06:00
David Garske
b832b7bad3
Fixes for building with ./configure --enable-opensslextra --disable-hashdrbg --disable-rng --enable-cryptonly --disable-dh --disable-rsa --disable-ecc.
2018-09-17 09:38:45 -07:00
David Garske
2e4c07ed93
Fixes and improvements for handling the --disable-rng case. Valid make check tests requires wolfCrypt only and no asymmetric crypto (./configure --disable-rng --enable-cryptonly --disable-dh --disable-rsa --disable-ecc).
2018-09-14 14:09:27 -07:00
kaleb-himes
301e91e4d3
mp_set pre-processor logic in fastmath breaking existing builds, normal math not effected
2018-09-14 14:29:19 -06:00
Chris Conlon
fb699acec4
Merge pull request #1831 from MJSPollard/benchmarkCSV
...
added option to print wolfcrypt benchmark tests in CSV format
2018-09-13 16:16:09 -06:00
toddouska
e071f1ca7e
Merge pull request #1825 from SparkiDev/compat_apis_1
...
Add more compatability APIs.
2018-09-13 13:13:12 -07:00
Chris Conlon
8a6a9e7620
Merge pull request #1820 from kojo1/portingAid
...
Porting aid
2018-09-13 11:06:55 -06:00
MJSPollard
d4d6346ee5
fixed unused variable error
2018-09-13 08:47:01 -06:00
MJSPollard
7457ab3e14
added define to work with certain enabled options
2018-09-12 23:37:31 -06:00
MJSPollard
037151eae0
Merge branch 'master' of https://github.com/wolfSSL/wolfssl into benchmarkCSV
2018-09-12 23:32:45 -06:00
Sean Parkinson
0275366fb6
Fixes from code review
...
Document how length of ECDSA signature calculated.
Check parameter not NULL before use.
Formatting fix.
Also, disable RSA test of EVP_DigestSign/Verify* when HAVE_USER_RSA.
2018-09-13 08:47:09 +10:00
toddouska
581f72adf8
Merge pull request #1822 from dgarske/fixes_async
...
Fix for dh_test to make sure the provided agree size is populated
2018-09-12 13:03:04 -07:00
toddouska
5b985c7dbd
Merge pull request #1821 from dgarske/nxp-ltc
...
Fixes for NXP LTC support with K82
2018-09-12 13:02:21 -07:00
Sean Parkinson
df20daa1ae
Support RSA and ECC in wolfSSL_DigestSign/Verify*
2018-09-12 16:31:39 +10:00
Takashi Kojo
7ddc756d15
eliminate double semi-colon
2018-09-12 10:13:30 +09:00
MJSPollard
d280359548
added option to print wolfcrypt benchmark tests in CSV format
2018-09-11 14:49:54 -06:00
Eric Blankenhorn
01dc018cda
Make DecodedCert elements available with WOLFSSL_CERT_EXT
2018-09-11 10:41:12 -05:00
Sean Parkinson
330a7048c7
Add more compatability APIs.
...
d2i_ECDSA_SIG, i2d_ECDSA_SIG, EVP_DigestVerifyInit,
EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_PKEY_id,
PEM_read_bio_PUBKEY
2018-09-11 09:28:03 +10:00
David Garske
f48e2067ae
Added new API wolfSSL_CTX_load_verify_chain_buffer_format for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID.
2018-09-10 08:15:17 -07:00
David Garske
2c5b0d82da
Fix for dh_test to make sure the provided agree size is populated. This resolves issue with async and QuickAssist DH.
2018-09-10 07:13:52 -07:00
David Garske
a2be7590d1
Fixes for NXP LTC support with K82. Fix for SHA384/512. Fix for AES CBC not storing previous IV. Fix for wc_AesSetKey arg check. Fix for AES GCM IV != 12 test. Changed LTC default in settings.h to not enable SHA512 and Ed/Curve25519. Tested using Rowley Crossworks v4.2.0 on a FRDM-K82F. There is an initial stack pointer issue with the arm-startup code here for Rowley still outstanding, but these fixes are valid as-is.
2018-09-10 07:13:32 -07:00
Eric Blankenhorn
412eecd51a
Add wc_SetIssuerRaw and EncodeCert with raw fields ( #1798 )
...
* Make cert with raw issuer
* Add wc_SetIssuerRaw
* Use issuer raw in EncodeCert
2018-09-07 16:22:23 -07:00
Daniele Lacamera
27555d6eb7
Fix old-style function definitions
2018-09-07 09:13:20 +02:00
David Garske
ae3d8d3779
* Fixed wolfSSL_CTX_load_verify_locations to continue loading if there is an error (ZD 4265).
...
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
2018-09-06 12:51:22 -07:00
David Garske
d998d10f02
Merge pull request #1805 from dgarske/fix_csr
...
Fix for CSR generation email value
2018-09-05 19:44:41 -07:00
Quinn Miller
b8605fa544
Fixed typo in fp_mul_comba_7
2018-09-05 14:51:50 -06:00
David Garske
d432d346aa
Merge pull request #1809 from cconlon/stm32rngfix
...
enable RNG clock when WOLFSSL_STM32F427_RNG is defined
2018-09-04 17:21:01 -07:00
Eric Blankenhorn
28ad8e591d
Adding comment for empty case in GetNameType
2018-09-04 18:08:40 -05:00
toddouska
bac8b78a8c
Merge pull request #1803 from SparkiDev/tfm_stack
...
Small stack for fast math code
2018-09-04 15:57:59 -07:00
toddouska
8e67ef33b2
Merge pull request #1799 from SparkiDev/cert_vfy_small
...
Smaller dynamic memory usage in TLS
2018-09-04 15:40:11 -07:00
Chris Conlon
d3ea903c55
enable RNG clock when WOLFSSL_STM32F427_RNG is defined
2018-09-04 16:13:09 -06:00
Sean Parkinson
17a70aee1b
Added test and minor fixes for CheckCertSignature
2018-09-03 10:50:47 +10:00
Sean Parkinson
4d0478a287
Fix fp_div_2d to return remainder correctly
...
If a == c are then a and c don't equal d:
calculate d before c
If a != c then a doesn't change in calculating c:
calculate d after c
2018-09-03 08:32:55 +10:00
David Garske
6171e29fe8
Fix for CSR generation after PR ( https://github.com/wolfSSL/wolfssl/pull/1734 ). This resolves issue with email name in CSR. (Thanks to Forum post https://www.wolfssl.com/forums/post4137.html ).
...
Failed examples:
```
145:d=5 hl=2 l= 16 prim: EOC
0000 - 69 6e 66 6f 40 77 6f 6c-66 73 73 6c 2e 63 6f 6d info@wolfssl.com
```
```
SET {
138 23: SEQUENCE {
140 3: OBJECT IDENTIFIER objectClass (2 5 4 0)
: Error: Spurious EOC in definite-length item.
```
Success Examples:
```
140:d=5 hl=2 l= 9 prim: OBJECT :emailAddress
151:d=5 hl=2 l= 16 prim: IA5STRING :info@wolfssl.com
```
```
SET {
138 29: SEQUENCE {
140 9: OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
151 16: IA5String 'info@wolfssl.com '
```
2018-08-31 11:20:04 -07:00