wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 08:52:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,162 Commits 12 Branches 184 Tags
2bb8427ab2b31328a46a8744fc00a8fd4e1ca5fd
Commit Graph

938 Commits

Author SHA1 Message Date
toddouska
8753b5b947 Merge pull request #3257 from kojo1/user-mutex 
fix guard, user define mutex
 2020-09-03 15:21:53 -07:00
toddouska
a626ac39f2 Merge pull request #3253 from SparkiDev/chacha20_stream_fix 
ChaCha20: Enable streaming with Intel x86_64 asm
 2020-09-03 15:18:00 -07:00
Sean Parkinson
54c8774103 ChaCha20: Enable streaming with Intel x86_64 asm 2020-08-31 09:06:51 +10:00
David Garske
21d17b17d0 Fix typo in code comment for ECC curve cache. Fix for valgrind report of possible use of uninitialized value with ChaCha/Poly AEAD test. 2020-08-27 12:01:24 -07:00
David Garske
6d5731b8e9 Fixes for HMAC_CTX cleanup not being called to free SHA2 resources with WOLFSSL_SMALL_STACK_CACHE. Added return code checking and cleanup for openssl_test. 2020-08-26 09:45:26 -07:00
David Garske
083f143c89 Fixes for warnings with minimum ECC build. 2020-08-21 15:47:02 -07:00
David Garske
79c0fd3f29 Fix for ECC make key test not waiting for async completion. 2020-08-20 14:25:05 -07:00
David Garske
0011b7b376 Fix possible ECC curve cache leak for custom curves. Fix possible memory leak with wc_DhKeyDecode and WOLFSSL_DH_EXTRA. Fix leak in dh_test with new call to DH key import. 2020-08-20 14:25:05 -07:00
John Safranek
3f6861ee82 FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
Sean Parkinson
6467de5a88 Randomize z ordinates in scalar mult when timing resistant 
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
 2020-08-11 16:12:47 +10:00
toddouska
462f4f9e45 Merge pull request #3196 from cconlon/cavpmarvell 
Add fips-check.sh target for marvell-linux-selftest, selftest v2 support
 2020-08-06 10:45:03 -07:00
David Garske
4a167c0f2c Merge pull request #3119 from tmael/do178-fix 
DO-178 fix
 2020-08-05 16:30:00 -07:00
toddouska
a536e8acd6 Merge pull request #3187 from SparkiDev/config_fix_1 
Fixes for different configurations
 2020-08-03 16:41:50 -07:00
toddouska
bfb4b2079b Merge pull request #3163 from dgarske/nrf52 
Fixes for building against latest nRF52 SDK
 2020-08-03 16:33:49 -07:00
Sean Parkinson
d0969ea1ce Fixes for different configurations 
Fix SkipInt() to work with DSA.
Fix protection around SetBitString16Bit() - when WOLFSSL_CERT_GEN and
WOLFSSL_CERT_EXT defined is only use.
WOLFSSL_RSA_VERIFY_ONLY and PSS means testing of PSS won't work.
Fix g++ build around ASN1_SEQUENCE - const variable required to be
initialized.
 2020-08-03 14:55:09 +10:00
David Garske
776b1a2d17 Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools. 2020-07-31 15:17:53 -07:00
Tesfa Mael
4cc7f9e4a9 Check correct returned value 2020-07-30 09:18:45 -07:00
Chris Conlon
c6b4fa3be3 add selftest version for newer 4.1.0 validation 2020-07-29 15:10:47 -06:00
David Garske
9160a126e4 Fixes for running wolfCrypt test/benchmark with SECP256R1 disabled. Improved detection of ECC key generation size. 2020-07-28 11:43:48 -07:00
David Garske
25fcd082d7 Improve the mutex_test test with pthreads. Fixes #3109 2020-07-28 08:19:32 -07:00
David Garske
8417e0b725 Fixes for building against latest nRF52 SDK. Allow nRF5x AES GCM to be enabled (uses software, but ECB is accelerated). Fix in wolfCrypt test for building AES GSM only with NO_AES_DECRYPT. 2020-07-24 15:46:17 -07:00
toddouska
e84defb268 Merge pull request #3044 from dgarske/sniffer_tls13 
TLS v1.3 sniffer support
 2020-07-24 11:46:38 -07:00
David Garske
9268ae1397 Fix line length issues. Add debug msg in test to show number of non-blocking iterations. 
```
$ ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" --enable-debug && make
$ ./wolfcrypt/test/testwolfcrypt
...
ECC non-block sign: 18063 times
ECC non-block verify: 35759 times
ECC      test passed!
```
 2020-07-21 10:41:25 -07:00
David Garske
1b051d9c5b TLS v1.3 sniffer support: 
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
 2020-07-17 15:22:35 -07:00
David Garske
90ee12f51a Added test case for ECC non-blocking. ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" && make. 2020-07-17 15:13:50 -07:00
Tesfa Mael
890500c1b1 Fix Coverity 2020-07-08 08:20:43 -07:00
Takashi Kojo
fd257ee8b9 fix guard 2020-07-03 05:42:44 +09:00
David Garske
6b1a6309ce Fixes for CryptoCell. Fix for signature wrapper signing to allow larger signing input buffer. Cleanup of some duplicate code. Fix for bad cryptocell ECC make key result check (-9628). Fixes #3059. Thanks Sylwester. 2020-06-18 13:40:30 -07:00
toddouska
248b8c9b62 Merge pull request #3057 from kaleb-himes/FIPSv2_plus_OPENSSLALL 
Resolve issues with FIPSv2 when opensslall set
 2020-06-18 10:12:06 -07:00
kaleb-himes
e2fb4c55b8 Resolve issues with FIPSv2 when opensslall set 2020-06-17 14:03:02 -06:00
Sean Parkinson
6bb73fb25d Fix ED448 calls to use context and correct variable name 
Added basic test of OpenSSL compatability APIs:
  - wolfSSL_ED25519_generate_key
  - wolfSSL_ED25519_sign
  - wolfSSL_ED25519_verify
  - wolfSSL_ED2448_generate_key
  - wolfSSL_ED448_sign
  - wolfSSL_ED448_verify
 2020-06-17 10:05:50 +10:00
toddouska
29bdc7d8b5 Merge pull request #3015 from tmael/cov-fix 
Coverity fix in wolfSSL 4.4.0
 2020-06-10 17:07:47 -07:00
toddouska
e993cb6cc0 Merge pull request #2942 from dgarske/tls13_on 
Enable TLS v1.3 by default
 2020-06-09 13:30:02 -07:00
Sean Parkinson
d543e305f1 Fix optimized AES-CCM - counter 
AES-NI optimized 4 block at a time was not incrementing counter
poprerly.
 2020-06-08 10:48:19 +10:00
David Garske
4d8cf5b571 Fixes for building TLSv1.3 with FIPS v1 (no RSA PSS or HKDF). 2020-06-04 15:31:18 -07:00
Tesfa Mael
6176f8537f Typecast to fix conversion loses 2020-06-02 22:06:14 -07:00
Tesfa Mael
d5241bbcc6 Coverity fix 2020-06-02 15:35:27 -07:00
toddouska
dc1472692a Merge pull request #3011 from dgarske/nomalloc 
Fixes for using static memory with no malloc
 2020-06-02 11:46:29 -07:00
David Garske
7ce7d244f8 Fix for using static memory AES GCM test. 2020-05-28 15:12:01 -07:00
Chris Conlon
896fcd9aec add WOLFSSL_ATECC6088A, Trust&GO support, PIC32 HAL compatibility, 608A expansions 2020-05-27 16:49:29 -06:00
JacobBarthelmeh
d09b947478 update for test case and sha3 2020-05-19 19:27:38 -06:00
JacobBarthelmeh
6a7a8fa5b7 updated RSA calls to Xilsecure 2020-05-19 19:27:21 -06:00
Chris Conlon
9efd9afdfb fix minor IAR warnings in test.c 2020-05-19 14:12:13 -06:00
Tesfa Mael
f894d4c0d2 FIPS on Solaris 2020-05-14 10:11:54 -07:00
Juliusz Sosinowicz
9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
toddouska
a1489d981c Merge pull request #2930 from JacobBarthelmeh/SanityChecks 
check on tag length for AES-CCM
 2020-04-30 14:51:20 -07:00
Jacob Barthelmeh
c85a53c631 add macro guard for fips and selftest builds 2020-04-27 15:36:53 -06:00
David Garske
1e726e19a4 Fix for XMALLOC cast. 2020-04-27 06:48:41 -07:00
David Garske
cfc0aeb857 Fix for RSA and KeyGen only in test.c. 2020-04-24 08:56:31 -07:00
David Garske
5fa7bb5b9f Fix possible unused args. 2020-04-24 07:48:41 -07:00