Commit Graph

2687 Commits

Author SHA1 Message Date
toddouska b8dc772ef8 Merge pull request #2105 from dgarske/fix_stm_aesgcm
Fix for STM32 AES GCM
2019-02-20 09:23:11 -08:00
toddouska 3013cdd925 Merge pull request #2095 from SparkiDev/asm_macosx
Get Mac OS X working with the x86_64 assembly files
2019-02-20 09:19:29 -08:00
toddouska 025fba8ec6 Merge pull request #2093 from dgarske/tls13_async_dh
Fix for TLSv1.3 with DH key share when using QAT
2019-02-20 09:16:54 -08:00
David Garske ba14564c49 Fix for STM32 AES GCM, which was incorrectly using software crypto when authInSz != 16. The wc_AesGcmEncrypt_STM32 and wc_AesGcmDecrypt_STM32 functions correctly handle all variations of authInSz. 2019-02-19 15:38:09 -08:00
David Garske dc1f0d7822 Fix for DH with QuickAssist to only use hardware for supported key sizes. Fix in random.c for seed devId when building async without crypto callbacks. 2019-02-19 11:57:55 -08:00
Sean Parkinson e3997558a9 Fixes from review and added REAMEs and setup.sh
Add README.md and setup.sh.
Add READMEs with license information.
2019-02-19 11:47:45 +10:00
Sean Parkinson 5e1eee091a Add threaded samples using buffers and sockets 2019-02-19 11:47:45 +10:00
Sean Parkinson 2c447b24cd Fixes from review and add IDE files 2019-02-19 11:47:44 +10:00
Sean Parkinson 3366acc9ce Zephyr port of crypto 2019-02-19 11:47:44 +10:00
Sean Parkinson 16f31cf8c6 Get Mac OS X working with the x86_64 assembly files 2019-02-15 15:08:47 +10:00
David Garske a9f29dbb61 Adds strict checking of the ECDSA signature DER encoding length. With this change the total signature size should be (sequence + r int + s int) as ASN.1 encoded. While I could not find any "must" rules for the signature length I do think this is a good change.
If the old length checking method is desired `NO_STRICT_ECDSA_LEN` can be used. This would allow extra signature byes at the end (unused and not altering verification result). This is kept for possible backwards compatibility.

Per RFC6979: `How a signature is to be encoded is not covered by the DSA and ECDSA standards themselves; a common way is to use a DER-encoded ASN.1 structure (a SEQUENCE of two INTEGERs, for r and s, in that order).`

ANSI X9.62: ASN.1 Encoding of ECDSA:

```
ECDSA-Sig-Value ::= SEQUENCE {
  r INTEGER,
  s INTEGER
}
```

Fixes #2088
2019-02-14 12:05:34 -08:00
Sean Parkinson 5856d6b3dc Fix PKCS #11 AES-GCM and handling of unsupported algorithms 2019-02-14 17:06:15 +10:00
toddouska 46bb2591c8 Merge pull request #2070 from dgarske/fix_cryptocb
Fixes and improvements to Crypto Callbacks and STM32 RNG performance
2019-02-13 12:44:19 -08:00
David Garske d98ebc4da2 Reverted the Hmac_UpdateFinal change to call final as it causing constant timing issues. Improved the wc_HmacFree to handle the case were final isn't called for Crypto callbacks. 2019-02-13 10:24:53 -08:00
toddouska 272181bc2e Merge pull request #2086 from dgarske/atecc_makekey
Fix for ATECC make key case when `curve_id == 0`
2019-02-13 09:52:54 -08:00
toddouska 817b82e453 Merge pull request #2084 from cconlon/cmsFeb19
Changes for CMS signedData default signed attributes
2019-02-13 09:49:55 -08:00
David Garske c9521b56f2 Fix warning about HAL_RNG_GenerateRandomNumber type. 2019-02-12 16:03:10 -08:00
David Garske eb8a2f3a03 Minor fixes to CryptoCb wolfCrypt test for AES test and hash support for update/final in same callback. 2019-02-12 16:03:10 -08:00
David Garske 454687f429 Fix for TLS HMAC constant timing to ensure final is called for dummy operations. Added devCtx to AES for CryptoCb. 2019-02-12 16:03:10 -08:00
David Garske dcdb1d7094 Added flag to indicate if hash is copied. 2019-02-12 16:03:10 -08:00
David Garske e7b23646a5 Updates to HMAC crypto callback support to capture raw KEY and require hmac struct. 2019-02-12 16:03:10 -08:00
David Garske 838652c03b Added flags build option to hashing algorithms. This allows indicator to determine if hash will be "copied" as done during a TLS handshake. 2019-02-12 16:03:10 -08:00
David Garske 40a7bcfc20 Fix for new random seed crypto callback to properly reset error code in NOT_COMPILED_IN case. 2019-02-12 16:03:10 -08:00
David Garske 88d3abb1e6 Added Crypto callback HMAC support. 2019-02-12 16:03:10 -08:00
David Garske 18d5b3393c Correct NULL cryptocb case. 2019-02-12 16:03:10 -08:00
David Garske 891abe130a Added Crypto callback support for ASN CalcHashId. Added arg checking to cryptocb functions. 2019-02-12 16:03:10 -08:00
David Garske 9fc0610720 Fix to ensure hash devCtx is cleared. 2019-02-12 16:03:10 -08:00
David Garske dad88b4c81 Improvements to the STM32L4 random generation code for improved performance and error handling. Added new WOLFSSL_STM32_RNG_NOLIB define to support generic STM32 series RNG without external ST library. 2019-02-12 16:03:10 -08:00
Kaleb Himes f824c8c769 Merge pull request #2077 from ejohnstown/ocsp-ecdsa
OCSP and ECDSA Signers
2019-02-12 09:50:37 -07:00
David Garske acb983a154 Fix for ATECC make key case when curve_id == 0 (default). ZD 4383 2019-02-12 08:34:34 -08:00
Sean Parkinson 66ab6d8c22 Check FindObjectFinal call for error 2019-02-12 09:07:14 +10:00
Chris Conlon fb6aaf2ae2 rearrange order of default CMS SignedData signed attributes for better interop compatibility 2019-02-11 14:48:37 -07:00
Chris Conlon 56736a3563 always include default signed attributes for CMS SignedData bundles, add function to remove if needed 2019-02-11 14:41:32 -07:00
Sean Parkinson e86aae00ed Change to allow setting of devId for private key 2019-02-11 12:37:44 +10:00
Sean Parkinson 47922a4d87 Support in SSL for setting a private key id
Works with PKCS #11 to use key on device.
2019-02-11 10:38:38 +10:00
John Safranek 6298074f93 OCSP and ECDSA Signers
OCSP uses an identified hash of the issuer's public key to identify the
certificate's signer. (Typically this is SHA-1, but can be any SHA
hash.) The AKID/SKID for the certificates usually are the SHA-1 hash of
the public key, but may be anything. We cannot depend on the AKID for
OCSP purposes. For OCSP lookups, wolfSSL calculates the hash of the
public key based on the copy saved for use with the handshake signing.
For RSA, that was fine. For ECDSA, we use the whole public key including
the curve ID, but for OCSP the curve ID isn't hashed. Stored the hash of
the public key at the point where we are looking at the key when reading
in the certificate, and saving the hash in the signer record.
2019-02-07 17:34:25 -08:00
toddouska 4f4d16d9e5 Merge pull request #2068 from dgarske/pkcs7_verify_degenerate
Fixes to handle degenerate PKCS 7 with BER encoding
2019-02-07 15:00:21 -08:00
Jacob Barthelmeh ec28376e7f add PKCS7 BER verify test and fix for streaming 2019-02-06 11:05:15 -07:00
toddouska 4a5652f318 Merge pull request #2061 from SparkiDev/x86_asm_not_in_c
Pull out x86_64 ASM into separate files
2019-02-01 10:01:34 -08:00
toddouska 1258467b0a Merge pull request #2054 from SparkiDev/pkcs11_rng
Add support for random and getting entropy (seed) with PKCS#11
2019-02-01 09:59:12 -08:00
toddouska 4a177a8a30 Merge pull request #1997 from tmael/portingDeos
Initial Deos RTOS port
2019-02-01 09:56:55 -08:00
David Garske c82d11f47d Cleanup of the PKCS7 stream long rc and braces. 2019-01-31 14:37:25 -08:00
David Garske 3a0afc3506 Fixes to handle degenerate PKCS 7 with BER encoding in PKCS7_VerifySignedData. Fix for PKCS7 API unit test with SHA512 disabled. ZD 4757. 2019-01-31 14:36:46 -08:00
Sean Parkinson 7822cef1ac Pull out x86_64 ASM into separate files 2019-01-29 13:08:24 +10:00
toddouska 0d8ca06928 Merge pull request #2052 from dgarske/atecc_fixes
Fixes for ATECC with PMS outlen and `ATECC_MAX_SLOT`
2019-01-25 14:26:09 -08:00
Sean Parkinson 743f8b576f Add support for random and getting entropy (seed) with PKCS#11
Getting the seed from a device has been added.
If the HASH_DRBG is available, PKCS#11 will be used for generating the
seed.
Otherwise, all generated random data will come from PKCS#11 device.
2019-01-25 08:01:30 +10:00
toddouska d16c2ca7c6 Merge pull request #1865 from JacobBarthelmeh/Optimizations
--enable-afalg=xilinx
2019-01-22 14:19:54 -08:00
David Garske 7c4fa33937 Improve the error handling for non ECC_SECP256R1 curve in wc_ecc_make_key_ex. 2019-01-22 14:04:18 -08:00
David Garske 7ce255aa4d Fixes for ATECC with PMS outlen and ATECC_MAX_SLOT. 2019-01-21 18:45:42 -08:00
David Garske eaf5c3042d Merge pull request #2050 from toddouska/sub
remove outdated submission note
2019-01-21 18:41:38 -08:00