Commit Graph

10747 Commits

Author SHA1 Message Date
Sean Parkinson 35c993e55d AES-GCM AES-NI code now handles different tag lengths
Encrypt and decrypt code modified.
AES-NI, AVX1 and AVX2 code modified.
Test of 15 byte tag added.
2018-02-09 17:21:06 +10:00
John Safranek 6907241180 Add AES-GCM Test Case
Added a new AES-GCM test case where the provided IV is of length 1 byte.
2018-02-08 11:37:21 -08:00
Sean Parkinson a3a4f2d59c Minimal implementation of MP when using SP.
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
2018-02-08 15:50:17 +10:00
David Garske fbdcd3c67f Fix for missing ret in some wc_AesGcmEncrypt functions due to refactor in commit 0765aa0. 2018-02-07 15:40:28 -08:00
David Garske c2a0de93b8 Fix to resolve wolfCrypt test for `cert_test nameConstraints test. Fixed ASN check to properly determine if certificate is CA type. 2018-02-07 12:48:33 -08:00
David Garske 4a6bb20ba6 Refactor the VERIFY_AND_SET_OID macro to simplify so it works on older C compilers like Visual Studio. 2018-02-07 12:17:03 -08:00
David Garske d78e45dbb6 Added check to enforce RFC 5280 Sec 4.2: "A certificate MUST NOT include more than one instance of a particular extension". Refactor of the DecodedCert struct to combine bit type options into bit-fields. Fix for wolfCrypt test for error codes to allow -161. 2018-02-07 11:15:22 -08:00
David Garske d9002bb072 Fix to enforce RFC 5280 Sec 4.2.1.6: "The name MUST NOT be a relative URI". Verifies the URI contains "://". Can be disabled using WOLFSSL_NO_ASN_STRICT. 2018-02-07 11:15:22 -08:00
David Garske f4ad808d12 Added check to enforce RFC 5280 Sec 4.2.1.10 rule: "The name constraints extension, which MUST be used only in a CA certificate". Added new define WOLFSSL_NO_ASN_STRICT to restore old behavior for compatability. Fix wc_port time HAVE_RTP_SYS (noticed it was missed during ASN time move to wc_port). 2018-02-07 11:15:22 -08:00
David Garske 3e05118995 * Added the tls_bench example to the build output when threading is supported.
* Fixed some `tls_bench` build issues with various configure options.
* Moved the `WOLFSSL_PACK` and `WC_NORETURN` macros into types.h.
* Added support for `__builtin_bswap32` and `__builtin_bswap64`. Since the performance of the builtins varries by platform its off by default, but can be enabled by customer using `WOLF_ALLOW_BUILTIN`. Quick check on x86 showed the 32-bit swap performance matched, but 64-bit swap was slower.
2018-02-07 11:13:13 -08:00
toddouska 69db17fcda Merge pull request #1352 from dgarske/freertos_static
Fix to allow `FREERTOS` and `WOLFSSL_STATIC_MEMORY`
2018-02-07 10:06:51 -08:00
toddouska 7769ba83ad Merge pull request #1346 from dgarske/stm32_hash_ctx
STM32 Hashing Improvements
2018-02-07 10:03:50 -08:00
David Garske 9afd26e853 Fixes for better supporting FREERTOS with and without static memory. Added fallback case to use pvPortMalloc/vPortFree when heap ptr not available. 2018-02-06 09:28:27 -08:00
David Garske 0be1c10fcd Moved the STM32 functions to their own .c file. Added GPL header. Finished testing on STM32 CubeMX with F4 and F7 and StdPeriLib with F4. 2018-02-05 12:57:06 -08:00
Jacob Barthelmeh a196fac0c2 itterate through certificates with PKCS7 2018-02-05 10:52:54 -07:00
toddouska 0765aa0f20 Merge pull request #1342 from SparkiDev/aes_gcm_sb2
Improve performance of AES-GCM for AVX1 and AVX2
2018-02-02 10:56:14 -08:00
toddouska 02ef52c3cd Merge pull request #1340 from dgarske/ecc_pub_import_wcurve
Adds curve information to public key import for `wc_EccPublicKeyDecode`
2018-02-02 10:52:06 -08:00
toddouska d63373066b Merge pull request #1331 from JacobBarthelmeh/Compatibility-Layer
add comments and better error checking for PKCS8 strip
2018-02-02 10:50:29 -08:00
toddouska c66ebb6748 Merge pull request #1317 from SparkiDev/chacha20_sb_avx2
Improve performance of chacha20-poly1305 on AVX and AVX2.
2018-02-02 10:46:39 -08:00
Jacob Barthelmeh 19ce41c3cc pkcs7 attribute parsing 2018-02-02 09:01:32 -07:00
David Garske a4a5f4f27a STM32 refactor to move hashing code into wolfssl/wolfcrypt/port/stm32.h. Supports CubeMX HAL or StdPeriLib with MD5, SHA1, SHA224 and SHA256. Detects if hardware supports SHA2. Adds hashing context save/restore and hashing clock/power optimizations. Fix for building *.c in wolfcrypt/src/port for caam_driver.c. Fix for warning with wolfSSL_CryptHwMutexUnLock when no threading defined and return code not checked. 2018-01-31 11:25:20 -08:00
Sean Parkinson 3d3b9f69a6 Test larger variable data size if available 2018-01-30 12:21:25 +10:00
Sean Parkinson e82e3d3d6e Improve performance of AES-GCM for AVX1 and AVX2 2018-01-30 12:00:13 +10:00
David Garske 9d7374348b Fix the ecc_decode_test to use a real OID (instead of 1), so the tests work properly. 2018-01-29 15:58:04 -08:00
David Garske 90a3daa887 Adds curve information to public key import for wc_EccPublicKeyDecode. Cleanup to remove the ECC_CHECK_PUBLIC_KEY_OID define. The call to wc_ecc_get_oid does the same check as CheckCurve. 2018-01-29 12:09:12 -08:00
Chris Conlon d179e442b4 Merge pull request #1337 from dgarske/pkcs7_pad
Expose the PKCS 7 pad functionality `wc_PKCS7_PadData`
2018-01-26 10:01:07 -08:00
David Garske 058c2a7a25 Made public the wc_PKCS7_GetPadSize API. Cleanup to use GetPadSize for the wc_PKCS7_PadData. 2018-01-25 08:14:56 -08:00
Sean Parkinson 4d75f337bb Fix AVX2 final func to reset state 2018-01-24 16:36:44 -08:00
dgarske 776e222143 Merge pull request #1336 from SparkiDev/sha256_freescale
Transform_Sha256 no longer passed a buffer - fix for FREESCALE
2018-01-23 14:51:30 -08:00
David Garske 138bc3e6cc Enhancement to expose the PKCS 7 pad functionality (wc_PKCS7_PadData). 2018-01-23 13:21:56 -08:00
Sean Parkinson 11ea2689d8 Transform_Sha256 no longer passed a buffer - fix for FREESCALE 2018-01-23 12:45:17 -08:00
David Garske 4e10173eed Fix for possible leak in error case for wc_RsaKeyToDer. 2018-01-22 16:17:08 -08:00
Jacob Barthelmeh 1428934ad5 add comments and better error checking for PKCS8 strip 2018-01-19 16:53:12 -07:00
toddouska f06abdb3ae Revert "Improve AES-GCM code for Intel AVX1 and AVX2" 2018-01-19 15:12:08 -08:00
toddouska 085d3dae14 Merge pull request #1315 from SparkiDev/aes_gcm_sb
Improve AES-GCM code for Intel AVX1 and AVX2
2018-01-19 15:09:34 -08:00
toddouska 9045a2562a Merge pull request #1316 from JacobBarthelmeh/Testing
Fix for AES-CFB with --enable-armasm and fix for windows fips tests
2018-01-19 15:02:53 -08:00
toddouska 8d27a2720c Merge pull request #1325 from SparkiDev/bench_rsa
Added option to benchmark RSA sign/verify instead of enc/dec
2018-01-19 14:52:40 -08:00
toddouska 0059266b21 Merge pull request #1328 from dgarske/fix_async_rsapss
Fixes for wolfCrypt test RSA PSS with async enabled
2018-01-19 14:52:09 -08:00
toddouska d5c1cf4fc7 Merge pull request #1327 from dgarske/ignore_file_warn
Added `WOLFSSL_IGNORE_FILE_WARN` option
2018-01-19 14:51:31 -08:00
toddouska 2efe7f6d96 Merge pull request #1319 from JacobBarthelmeh/Compatibility-Layer-Part5
Compatibility layer part4
2018-01-19 14:49:12 -08:00
Jacob Barthelmeh 213a2d0a7d reverse order that certificates are compared with private key when parsing PKCS12 2018-01-19 15:41:52 -07:00
David Garske 8a0bbb0faf Fixes for wolfCrypt test RSA PSS with async enabled. 2018-01-18 15:35:21 -08:00
dgarske 5d52466d6f Merge pull request #1326 from ejohnstown/rsa-test-fix
RSA Key Generation Test Fix
2018-01-18 15:01:55 -08:00
dgarske f61e56e5b6 Merge pull request #1312 from kojo1/mdk5
CMSIS pack 3.13.0
2018-01-18 14:48:37 -08:00
John Safranek 9654f19075 RSA Key Gen Test Fix
A recent change to the RSA key generation process is capping the number of attempts of finding a probable prime to a multiple of the prime's size, in FIPS builds. This means it might fail once in a while. (It could also fail for a couple other reasons but this is the most likely.) The API is changed to retry key generation until it succeeds. Non-FIPS builds keep trying until they find a prime.
2018-01-18 12:20:25 -08:00
Jacob Barthelmeh 377f5c304c update for async build and include for getenv 2018-01-18 09:05:21 -07:00
Sean Parkinson f2079ca792 Added option to benchmark RSA sign/verify instead of enc/dec 2018-01-18 11:35:19 +10:00
Jacob Barthelmeh a0f5126076 build option fixes 2018-01-17 16:40:06 -07:00
Takashi Kojo f79a3e9ddb Reverse ByteReversWOrd64 2018-01-18 07:10:55 +09:00
David Garske 1276d21d8e Added WOLFSSL_IGNORE_FILE_WARN option to ignore warning for .c files that do not need to be included. 2018-01-17 13:27:59 -08:00