Commit Graph

10747 Commits

Author SHA1 Message Date
John Safranek 90a5bde0f2 FIPS Revalidation
1. Update the const data and code segment tags for the Windown builds.
2018-05-16 15:47:12 -04:00
John Safranek 4b3933aa1b FIPS Revalidation
1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
2018-05-16 15:47:12 -04:00
John Safranek 4bcd7b7986 AES-GCM
1. Updated the wolfCrypt GMAC test to leave out the test case with the 15-byte tag when building for FIPS.
2. Replace tabs with spaces.
2018-05-16 15:47:12 -04:00
John Safranek eb1a76bf2a FIPS Revalidation
1. Updated CMAC to allow tag length from 4 to 16 bytes, inclusive.
2018-05-16 15:47:12 -04:00
John Safranek fe8d46da95 FIPS Revalidation
1. Added new AES-GCM Encrypt API for FIPS where the IV is generated internally.
2. Fix the AES-NI guard flags so it can be used when FIPS enabled.
2018-05-16 15:47:12 -04:00
John Safranek be61204fd7 FIPS Revalidation
1. Added CMAC to the boundary.
2. Added DHE to the boundary.
2018-05-16 15:47:12 -04:00
John Safranek f6fe3744a7 FIPS Update
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
2018-05-16 15:47:12 -04:00
John Safranek df4d748f59 FIPS Update
1. Move SHA-224 and SHA-256 into FIPSv2.
2. Move HMAC into FIPSv2.
3. Move Hash_DRBG into FIPSv2.
2018-05-16 15:47:12 -04:00
John Safranek 6352208e04 FIPS Update
1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2.
2. Tweak the SHA-3 header to follow the new FIPS pattern.
2018-05-16 15:47:12 -04:00
John Safranek 0c5d704c7f AES-CCM FIPS
1. Add new error code for the AES-CCM FIPS KAT failure.
2. When enabling FIPSv2, force enable AES-CCM.
2018-05-16 15:47:12 -04:00
Jacob Barthelmeh d373844a18 fix sequence with pkcs12 shrouded keybag creation 2018-05-16 10:16:15 -06:00
Jacob Barthelmeh 566bb4cefe version for PBE SHA1 DES oid 2018-05-16 08:38:50 -06:00
Jacob Barthelmeh 1ca62ee0a1 add error return for unsuported version 2018-05-15 22:51:11 -06:00
David Garske f021375c4b Fixes for fsanitize reports. 2018-05-15 17:23:35 -07:00
Jacob Barthelmeh d1192021a5 alter search behavior for testing if URI is a absolute path 2018-05-09 14:43:52 -06:00
Chris Conlon c910d84507 Merge pull request #1527 from kojo1/RenesasCSPlus
Renesas CS+ projects
2018-05-09 10:07:16 -06:00
Takashi Kojo 66e59e4a6a Rollback #if condition 2018-05-09 10:58:10 +09:00
Jacob Barthelmeh 4ee957afa3 fix for relative URI detection 2018-05-08 10:19:51 -06:00
Takashi Kojo ecd2e75564 #ifndef FREESCALE_LTC_ECC with fe_init 2018-05-04 07:34:47 +09:00
Chris Conlon bb7bcfd877 expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined 2018-05-03 13:41:23 -06:00
toddouska 3ad708fb20 Merge pull request #1514 from dgarske/certdates
Enhancements and cleanup to ASN date/time
2018-04-30 11:14:38 -07:00
Takashi Kojo 22a2b45108 duplicated fe_init for non-configure based IDE 2018-04-28 05:07:00 +09:00
Takashi Kojo a91ac55e24 define valiable before exec statements 2018-04-28 05:05:45 +09:00
David Garske fc02003f76 Added new signature wrapper functions to allow direct use of hash wc_SignatureVerifyHash and wc_SignatureGenerateHash. These new function abstract existing signature wrapper code, so minimal code size increase. Added test cases for new functions for RSA (with and without DER encoding) and ECC. 2018-04-25 13:10:53 -07:00
David Garske 65c9277213 More fixes from Jenkins testing. 2018-04-24 14:01:33 -07:00
David Garske e63afa08bd Fix a couple of minor Jenkins issues. 2018-04-24 13:25:28 -07:00
David Garske 56025f38b9 Enhancements and cleanup to ASN date/time:
* Refactor the ASN get date logic to combine shared code.
* Added new API `wc_GetDateInfo` to get raw date, format and length.
* Added new API `wc_GetCertDates` to extract certificate before/after dates as `struct tm` type.
* Added new API `wc_GetDateAsCalendarTime` which parses the raw date string and convers to `struct tm`.
* Added tests for new API's.
* Added missing tests for `wc_SetAltNames`, `wc_SetAltNamesBuffer` and `wc_SetDatesBuffer`.
* Fixed build for older `NO_TIME_H` macro.
2018-04-24 13:04:36 -07:00
David Garske 289a282183 Fixes to resolve issues with c99 compliance (building with ./configure CFLAGS="-std=c99").
* Fix for ReadDir checking for file flag to use `S_ISREG(ctx->s.st_mode)` syntax.
* Added macro for strsep `XSTRSEP`. Added wolf implementation as `wc_strsep` enabled as C99 or `USE_WOLF_STRSEP`.
* Fix to use `gethostbyname` for c99 instead of `getaddrinfo`.
* For c99 use wolf strtok `wc_strtok`.
* Exposed API's for `wc_strtok` and `wc_strsep` when available.
* Include `sys/time.h` when available from autocon `HAVE_SYS_TIME_H` or c99.
* include `<strings.h>` when `HAVE_STRINGS_H` or c99.
2018-04-23 13:47:22 -07:00
Eric Blankenhorn 568d24c63c Coverity fixes (#1509)
* Coverity fixes 3
2018-04-23 09:20:28 -07:00
Sean Parkinson 6689ee965a Key derivation for encrypted PEM uses salt length of 8 in OpenSSL 2018-04-18 12:37:06 +10:00
toddouska 09706a4ed2 Merge pull request #1488 from SparkiDev/tls13_perf
Changes for interop and performance
2018-04-16 09:16:13 -07:00
toddouska 942c720dc4 Merge pull request #1499 from ejohnstown/aes-asm
AES assembly file name change
2018-04-13 11:23:03 -07:00
Eric Blankenhorn a0d8327320 Coverity fixes 2 (#1493)
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
2018-04-13 05:35:18 -07:00
Sean Parkinson 9600266483 WOLFSSL_FUNC_TIME changes
Warning in code about using this define.
Remove usage of WOLFSSL_FUNC_TIME from server.c.
2018-04-13 12:13:31 +10:00
Sean Parkinson 0b47811c46 Changes for interop and performance
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
2018-04-13 12:01:20 +10:00
John Safranek 425cee64a7 AES assembly file name change
Some versions of GCC on the Mac will not run the file aes_asm.s through the preprocessor. There are some ifdefs in the file that are included when they shouldn't be. This is not a problem on Linux. Renaming the file to have a capital S extension forces the assembler to run with the preprocessor.
2018-04-12 16:47:58 -07:00
toddouska eacd98fe4e Merge pull request #1491 from dgarske/config
Configure improvements and new options
2018-04-12 13:48:20 -07:00
David Garske 1f7b954d47 Fix for wc_GetCTC_HashOID in FIPS mode. Uses the new wc_HashTypeConvert to handle conversion from unique WC_ALGO (int) to WC_HASH_TYPE_ALGO (enum wc_HashType). 2018-04-12 06:51:23 -07:00
David Garske ce6728951f Added a new --enable-opensslall option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build. 2018-04-11 13:54:07 -07:00
David Garske ee5d78f84f Added new wc_OidGetHash API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated wc_GetCTC_HashOID to use wc_HashGetOID and maintain back compat. 2018-04-11 13:53:30 -07:00
David Garske 83bfdb1594 Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API wc_HashTypeConvert to handle the conversion between enum wc_HashType and int. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location). 2018-04-11 09:30:30 -07:00
David Garske 3f3e332a3a Fix for evp.c statement will never be executed in wolfSSL_EVP_CIPHER_CTX_block_size. 2018-04-11 08:18:39 -07:00
David Garske a38576146e * Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests.
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
2018-04-09 13:28:15 -07:00
David Garske 5a46bdf6f6 Added unit test for using encrypted keys with TLS. Only works with --enable-des3, since the keys are all encrypted with DES3 (also requires either --enable-opensslextra or --enable-enckeys). 2018-04-09 13:28:15 -07:00
David Garske 98c186017a Fixes for build failures. Added new WC_MAX_SYM_KEY_SIZE macro for helping determine max key size. Added enum for unique cipher types. Added CHACHA_MAX_KEY_SZ for ChaCha. 2018-04-09 13:28:15 -07:00
David Garske 2c72f72752 Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability. 2018-04-09 13:28:15 -07:00
David Garske 1f00ea2115 Fixes for various build issues with type casting and unused functions. Moved mystrnstr to wc_port.c. Added some additional argument checks on pwdbased. 2018-04-09 13:28:15 -07:00
David Garske 6de8348918 Fixes for various build configurations. Added --enable-enckeys option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN CryptKey function to wc_encrypt.c as wc_CryptKey. Fixup some missing heap args on XMALLOC/XFREE in asn.c. 2018-04-09 13:28:15 -07:00
David Garske 1315fad7dc Added ForceZero on the password buffer after done using it. 2018-04-09 13:28:15 -07:00
David Garske 3a8b08cdbf Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz. 2018-04-09 13:28:15 -07:00