Daniel Pouzzner
1b907d05ed
WOLFSSL_DEBUG_TRACE_ERROR_CODES: restore several initializations, one because needed (in wolfSSL_UseSecureRenegotiation()), the rest in an abundance of caution, and rearrange wolfSSL_CryptHwMutexInit() and wolfSSL_CryptHwMutexUnLock() in a similar abundance of caution.
2024-06-10 13:44:03 -05:00
Daniel Pouzzner
b3e8f0ad24
add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES.
2024-06-08 16:39:53 -05:00
David Garske
e960a00650
Merge pull request #7625 from JacobBarthelmeh/x509
...
sanity check on non conforming serial number of 0
2024-06-07 08:33:38 -07:00
JacobBarthelmeh
467b3cb561
add parsing 0 serial numbers for certs with python
2024-06-06 16:24:48 -06:00
Daniel Pouzzner
71db561c96
wolfcrypt/src/port/riscv/riscv-64-aes.c: fix trailing whitespace.
2024-06-06 16:25:50 -05:00
Daniel Pouzzner
ef925b8b30
wolfcrypt/src/wc_kyber_poly.c: fix bugprone-macro-parentheses for FROM_MSG_BIT.
2024-06-06 16:21:32 -05:00
Daniel Pouzzner
d80f05bf77
Merge pull request #7624 from gasbytes/stack-on-calcdx
...
update CalcDX with small-stack support
2024-06-06 16:05:56 -04:00
JacobBarthelmeh
690d8f7f89
sanity check on non conforming serial number of 0
2024-06-06 13:22:57 -06:00
David Garske
b69482ffac
Merge pull request #7569 from SparkiDev/riscv_aes_asm
...
AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM
2024-06-06 08:11:31 -07:00
Sean Parkinson
acd604db3d
AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM
...
Add implementations of AES for ECB/CBC/CTR/GCM/CCM for RISC-V using
assembly.
Assembly with standard/scalar cryptography/vector cryptographt
instructions.
2024-06-06 13:16:00 +10:00
David Garske
5132a17fab
Merge pull request #7613 from SparkiDev/kyber_fixes_2
...
Kyber: fix kyber_from_msg()
2024-06-05 17:28:39 -07:00
Daniel Pouzzner
92bbd651b6
rename wolfcrypt/src/fe_x25519_128.i to wolfcrypt/src/fe_x25519_128.h to avoid appearance as a cleanable intermediate.
2024-06-05 16:56:03 -05:00
gasbytes
589353f346
update CalcDX with small-stack support
2024-06-05 18:53:34 +02:00
Sean Parkinson
df44face56
Kyber: fix kyber_from_msg()
...
New compilers with specific optimization levels will produce
non-constant time code for kyber_from_msg().
Add in an optimization blocker that stops the compiler from assuming
anything about the value to be ANDed with KYBER_Q_1_HALF.
2024-06-04 22:20:22 +10:00
John Safranek
e8e6eaeb4d
Import Raw Rsa Key
...
1. Add API for importing an RSA private key, `wc_RsaPrivateKeyDecodeRaw()`,
when all you have are the components of the key in raw arrays. Also
recalculates dP and dQ if missing.
2. Add API test for `wc_RsaPrivateKeyDecodeRaw()`.
2024-06-03 09:03:29 -07:00
gojimmypi
4d2ce1131a
Fix for #7606 : ESP_LOGI typo
2024-05-31 15:33:46 -07:00
JacobBarthelmeh
40562a0cb3
Merge pull request #7599 from dgarske/asn_checkcertsig
...
Expose `wc_CheckCertSigPubKey` with `WOLFSSL_SMALL_CERT_VERIFY`
2024-05-31 09:20:35 -06:00
David Garske
0789ecb808
Fix the CheckCertSignature API mess.
2024-05-31 06:58:35 -07:00
Sean Parkinson
4b77d4caa1
Merge pull request #7589 from rizlik/sp800_56c
...
wolfcrypt: support NIST 800-56C Option 1 KDF
2024-05-31 11:55:12 +10:00
Sean Parkinson
fc8a509b06
Merge pull request #7597 from ColtonWilley/max_altnames_and_name_constraints
...
Max limits on number of alternative names and name constraints
2024-05-31 11:24:30 +10:00
David Garske
7fadd4ed9f
Merge pull request #7595 from JacobBarthelmeh/static
...
Pull in some staticmemory features
2024-05-30 16:31:54 -07:00
JacobBarthelmeh
ebdc8b9a32
rename of macros, add descriptions, minor fixes
2024-05-30 14:48:52 -06:00
JacobBarthelmeh
34ca03770f
still compile in wc_RsaKeyToDer with keygen but NO_CERTS
2024-05-30 09:58:25 -06:00
Marco Oliverio
174456437e
wolcrypt: NIST_SP_800_56C address reviewer's comments
2024-05-30 11:39:49 +02:00
Colton Willey
a17677c946
Remove trailing whitespace
2024-05-29 21:29:55 -07:00
Colton Willey
af537a6ae3
Move definition to beginning of block
2024-05-29 17:02:29 -07:00
David Garske
0b7f293691
Expose wc_CheckCertSigPubKey with WOLFSSL_SMALL_CERT_VERIFY.
2024-05-29 16:32:31 -07:00
JacobBarthelmeh
cf61df129c
fix typo with NO_CERTS macro
2024-05-29 17:08:01 -06:00
Colton Willey
b00ae2ac69
Initial implementation of max limits on number of alternative names and name constraints
2024-05-29 15:55:17 -07:00
JacobBarthelmeh
6cca3a0d92
tie in static memory debug callback
2024-05-29 15:50:14 -06:00
JacobBarthelmeh
288fe430f5
tying in lean staticmemory build with --enable-staticmemory=small
2024-05-29 15:50:11 -06:00
JacobBarthelmeh
18d80864b9
add lean static memory build
2024-05-29 15:44:09 -06:00
Marco Oliverio
5306a85465
wolfcrypt: support NIST 800-56C Option 1 KDF
2024-05-28 14:40:52 +02:00
Daniel Pouzzner
8de00d7651
fix benign clang-analyzer-deadcode.DeadStores in pq crypto files introduced in 9a58301ab1.
2024-05-24 14:24:02 -05:00
Tobias Frauenschläger
d28dd602e5
Various fixes for dual algorithm certificates ( #7577 )
...
This commit adds varios fixes for the implementation of hybrid
certificates with two algorithms:
* Support for Certificate Signing Requests (both creating hybrid ones
and also verifying ones)
* Fix for SAN fields in the DecodedCert and PreTBS generation
* Fix related to WOLFSSL_SMALL_STACK
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com >
2024-05-23 15:03:55 -04:00
Anthony Hu
b98e4e0093
Merge pull request #7576 from Frauschi/pqc_private_key_fix
...
Fix PQC and hybrid certificate regressions
2024-05-23 15:03:16 -04:00
David Garske
40db521f8b
Merge pull request #7575 from josepho0918/cmac
...
Simplify CMAC verification logic
2024-05-23 10:37:57 -07:00
Tobias Frauenschläger
9a58301ab1
Fix PQC and hybrid certificate regressions
...
Due to recent changes in the logic to decode private keys and to parse
the TLS1.3 CertificateVerify message, some regressions regarding PQC
private keys and hybrid certificates have been introduced:
* Decoding PQC private keys fails as the PKCS8 header of a decoded DER
file is now already removed before parsing the key.
* The key size wasn't properly stored in the context for PQC keys after
decoding a certificate (always the maximum size)
* The two 16-bit size values in case of a hybrid signature in the
CertificateVerify message have been incorrectly decoded as 32-bit
values instead of 16-bit values. This resulted in wrong values,
leading to segmentation faults.
All three regressions are fixed with the changes in this commit.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com >
2024-05-23 16:01:28 +02:00
Joseph Chen
8a7e3ba52e
Simplify CMAC verification logic
2024-05-23 15:12:10 +08:00
Daniel Pouzzner
110f4ec737
wolfcrypt/src/sha256.c: in WC_NO_INTERNAL_FUNCTION_POINTERS code path (linuxkm), fix oversight whereby Transform_Sha256_AVX1_Sha() was used on targets with false IS_INTEL_SHA(intel_flags). the former SHA256_AVX1 method id is now split into SHA256_AVX1_SHA and SHA256_AVX1_NOSHA, with corresponding fixes in Sha256_SetTransform(), inline_XTRANSFORM() and inline_XTRANSFORM_LEN().
2024-05-22 15:39:46 -05:00
Daniel Pouzzner
c5ce984966
wolfcrypt/src/wc_xmss_impl.c:wc_xmssmt_sign_next_idx(): use (XmssIdx)1, not (word32)1, for a shift-by-height operand;
...
src/ssl.c:set_curves_list(): don't attempt to enable curves that are out-of-range for word32 disabled.
2024-05-21 13:57:40 -05:00
Sean Parkinson
43b2c80862
Merge pull request #7552 from dgarske/ecies_own_salt
...
Add option for using a custom salt for ourselves
2024-05-21 09:19:12 +10:00
David Garske
5a0594d257
Match wc_ecc_ctx_set_kdf_salt argument names between header and implementation.
2024-05-20 08:38:23 -07:00
Daniel Pouzzner
d0e73783f1
wolfcrypt/src/aes.c and wolfssl/wolfcrypt/aes.h: add FIPS_AES_XTS_MAX_BYTES_PER_TWEAK and struct XtsAesStreamData, with improved error checking on streaming AES-XTS APIs;
...
wolfcrypt/test/test.c and linuxkm/lkcapi_glue.c: update AES-XTS streaming calls to use struct XtsAesStreamData;
linuxkm/lkcapi_glue.c: add handling for CONFIG_CRYPTO_MANAGER*.
2024-05-18 22:00:00 -05:00
Daniel Pouzzner
5c6218696b
wolfcrypt/src/misc.c: fix -Wconversions in CopyString();
...
src/ssl.c: fix missing semicolon in wolfSSL_CTX_check_private_key().
2024-05-18 02:31:58 -05:00
David Garske
391431c7d8
Merge pull request #7539 from bandi13/fixConversionPart2
...
Fix conversion part2
2024-05-17 12:29:46 -07:00
David Garske
95095f5bc4
Add option for using a custom salt for ourselves. ZD 17988
2024-05-17 08:16:04 -07:00
Sean Parkinson
c0015cbda6
Merge pull request #7549 from douzzer/20240516-wc_AesXtsEnDecryptFinal
...
20240516-wc_AesXtsEnDecryptFinal
2024-05-17 09:43:26 +10:00
David Garske
219a338107
Merge pull request #7547 from philljj/spelling_cleanup
...
Used codespell and fixed some obvious typos.
2024-05-16 14:10:19 -07:00
Daniel Pouzzner
6d0f611ab5
AES-XTS: add wc_AesXtsEncryptFinal() and wc_AesXtsDecryptFinal() for API consistency, and add error-checking (block alignment check) to wc_AesXtsEncryptUpdate() and wc_AesXtsDecryptUpdate().
2024-05-16 15:20:37 -05:00