Commit Graph

2227 Commits

Author SHA1 Message Date
David Garske 925e5e3484 Fixes typo issue with heap in hmac and small stack enabled. Fixed "never read" scan-build warnings with typeH and verify when RSA is disabled. 2016-08-26 10:33:01 -07:00
David Garske a9278fe492 Added check for GetLength result in asn GetIntRsa function. Fixed return code in random.c for "wolfAsync_DevCtxInit" due to copy/paste error. Added RSA wc_RsaCleanup to make sure allocated tmp buffer is always free'd. Eliminated invalid RSA key type checks and "RSA_CHECK_KEYTYPE". 2016-08-23 11:31:15 -07:00
Daniele Lacamera 3d3f8c9dd3 Support for Frosted OS 2016-08-18 14:56:14 +02:00
David Garske 3e6be9bf2c Fix in "wc_InitRsaKey_ex" for normal math so mp_init isn't called to defer allocation. 2016-08-15 14:07:16 -06:00
David Garske 17a34c5899 Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com. 2016-08-15 13:59:41 -06:00
Jacob Barthelmeh b502d9dcf7 help static analysis tools 2016-08-10 14:23:27 -06:00
David Garske 317a7f2662 Change misc.c error to warning and exclude the misc.c code from being compiled. Most people include all .c files and by default inlining is allowed, which in turn causes an #error in misc.c and it must be excluded. Since we know its already been properly included there is no reason to throw error here. Instead, show warning and exclude code in .c file. 2016-08-08 13:13:59 -07:00
toddouska 49fb0d56b0 Merge pull request #516 from dgarske/fix_asn_wo_hmac
Fix build issue with ASN enabled and no HMAC
2016-08-06 10:07:00 -07:00
toddouska c8cfe1ffa1 Merge pull request #511 from dgarske/openssl_compat_fixes
Various improvements to support openssl compatibility
2016-08-06 09:59:31 -07:00
toddouska dd03af2cf4 Merge pull request #512 from dgarske/fix_crl_pad
Fixed issue with CRL check and zero pad
2016-08-06 09:56:59 -07:00
dgarske cc462e2c50 Merge pull request #513 from kojo1/Der2Pem
Adds "wc_DerToPem" CRL_TYPE support
2016-08-05 14:35:15 -07:00
David Garske d8c63b8e66 Various improvements to support openssl compatibility.
* Fixed bug with "wolfSSL_get_cipher_name_internal" for loop using incorrect max length for "cipher_name_idx" (this caused fault when library built with NO_ERROR_STRINGS and calling it).
* Adds new "GetCipherNameInternal" function to get cipher name using internal "cipherSuite" index only (for scenario where WOLFSSL object does not exist).
* Implements API's for "wolf_OBJ_nid2sn" and "wolf_OBJ_sn2nid". Uses the ecc.c "ecc_sets" table to locate NID (ECC ID and NID are same).
* Added "WOLFSSL*" to HandShakeInfo.
* Allowed "SetName" to be exposed.
* Added "wolfSSL_X509_load_certificate_buffer". Refactor "wolfSSL_X509_load_certificate_file" to use new function (no duplicate code).
2016-08-05 14:15:47 -07:00
David Garske 6b1ff8e9d7 Only try and return serial number or check padding if the serial number size is greater than 1. 2016-08-05 12:53:26 -07:00
David Garske a17bc2a42e Fix build issue with ASN enabled and no HMAC (missing MAX_DIGEST_SIZE). Switch to using WC_MAX_DIGEST_SIZE from hash.h, which is always available. Added small stack option for digest in MakeSignature. Fixed build error with unused "testVerifyCount" if "NO_ECC_SIGN" or "NO_ECC_VERIFY". 2016-08-05 12:19:30 -07:00
David Garske 96da2df7ec Additional max index and serial number size checks in "GetSerialNumber". 2016-08-03 17:04:44 -07:00
David Garske 2c1309ffc7 Fixes for warnings when cross-compiling with GCC ARM. 2016-08-03 16:53:53 -07:00
Takashi Kojo ed4cd2438f CRL_Type to wc_DerToPem 2016-08-03 10:53:54 +09:00
David Garske 9ddfe93c43 Fixed issue with CRL check and zero pad (the GetRevoked function was not trimming pad). Added new ASN "GetSerialNumber" function and implemented it in three places in asn.c. 2016-08-02 16:47:21 -07:00
JacobBarthelmeh dcc0f87ce6 Merge pull request #506 from toddouska/del_point
fix remaining non fpecc ecc_del_point w/o heap
2016-07-27 18:54:46 -06:00
dgarske 303561c1a1 Merge pull request #505 from toddouska/timing
fix scan-build warning on ecc memory alloc failure
2016-07-27 15:52:01 -07:00
toddouska a94f34c8e2 fix remaining non fpecc ecc_del_point w/o heap 2016-07-27 14:24:34 -07:00
toddouska 7cf0b8fe85 fix scan-build warning on ecc memory alloc failure 2016-07-27 11:20:08 -07:00
David Garske b0e72dd692 Fix for "OID Check Failed". This restores behavior to what it was prior to commit "7a1acc7". If an OID is not known internally skip the verify and return success and the OID sum. 2016-07-27 10:39:42 -07:00
John Safranek 993838153e Merge pull request #487 from moisesguimaraes/fix-ocspstapling-getca
fixes ocsp signer lookup in the cert manager.
2016-07-26 12:42:47 -07:00
David Garske c80f1805f0 Fix for failing OID check with "ocspstapling2" enabled. Found OID type in "ToTraditional" that should be keyType, not sigType. Added optional OID decode function and optional OID info dump in "GetObjectId" (both off by default). 2016-07-26 10:35:40 -07:00
Jacob Barthelmeh e8f7d78fc4 add helper functions for choosing static buffer size 2016-07-21 12:11:15 -06:00
toddouska 1b980867d6 fix rsablind other builds 2016-07-20 11:35:57 -07:00
David Garske 5e2502fa95 ECC without Shamir has issues testing all zero's digest, so disable this test if not using Shamir method. Fixed comment about "NO_ECC_SECP". 2016-07-19 14:34:32 -07:00
toddouska 7a419ba6d8 Merge pull request #472 from dgarske/ecc_brainpool_koblitz
ECC and TLS support for all SECP, Koblitz and Brainpool curves
2016-07-19 11:44:53 -07:00
toddouska f88f501923 add unique RNG missing error 2016-07-18 18:10:38 -07:00
Moisés Guimarães e866b55bb7 removes fallback. 2016-07-18 22:02:41 -03:00
toddouska 1c71fb4ad1 scope tmpa/b with blinding, document RSA options 2016-07-18 17:37:03 -07:00
toddouska c2b55f69fa fix 32bit mp_add_d need 2016-07-18 12:49:31 -07:00
toddouska d235a5f0cc add WC_RSA_BLINDING, wc_RsaSetRNG() for RSA Private Decrypt which doesn't have an RNG 2016-07-18 11:57:47 -07:00
Moisés Guimarães dd329ac97b fixes ocsp signer lookup in the cert manager. 2016-07-15 17:12:04 -03:00
dgarske c20551cc56 Merge pull request #478 from toddouska/flatten-fix
fix rsa flatten eSz check
2016-07-13 08:50:39 -07:00
toddouska 7a906e47ed fix rsa flatten eSz check 2016-07-12 16:28:59 -06:00
Jacob Barthelmeh 92341292c7 remove hard tabs and replace with spaces 2016-07-12 14:12:44 -06:00
David Garske acc5389f9a Fixed possible issue with OID pointer returned from "wc_ecc_get_oid" if "HAVE_OID_ENCODING" enabled. Was previously returning static pointer, which was shared for all OID's. Now uses cache for each OID, which also improves performance on subsequent calls to the same OID. 2016-07-08 14:22:21 -07:00
David Garske 19db78fc76 Moved the ECC OID's into separate static const array to reduce ecc_sets size. Added "ecc_oid_t" typedef to determine "oid" size based on HAVE_OID_ENCODING option. Reduced the encoded variable size to word16. 2016-07-08 14:15:54 -07:00
toddouska 8da8c87fa4 don't include comba includes if FP_SIZE is too small for index 2016-07-08 12:29:38 -07:00
toddouska c7318c8576 fix fpecc thread local storage size with clang 2016-07-08 12:01:52 -07:00
toddouska 68d66d12d6 fix ecc timming missing variable 2016-07-08 11:57:24 -07:00
David Garske 7a1acc7e56 Added TLS support for all SECP and Brainpool curves. Added ECC curve specs for all Brainpool, Koblitz and R2/R3. Adds new "HAVE_ECC_BRAINPOOL", "HAVE_ECC_KOBLITZ", "HAVE_ECC_SECPR2" and "HAVE_ECC_SECPR3" options. ECC refactor to use curve_id in _ex functions. NID and ECC Id's match now. Added ability to encode OID (HAVE_OID_ENCODING), but leave off by default and will use pre-encoded value for best performance. 2016-07-07 10:59:45 -07:00
David Garske 5b3a72d482 Cleanup of stdlib function calls in the wolfSSL library to use our cross-platform "X*" style macros in types.h. 2016-06-29 11:11:25 -07:00
Jacob Barthelmeh f18ff8bfa4 update mysql patch 2016-06-27 15:44:52 -06:00
John Safranek 0d031fcbd7 added parameter checking to Generate and Verify 2016-06-23 15:34:09 -06:00
David Garske 47c1f4e68f Fix possible use of ForceZero with NULL pointer. Improve init of "kb" when small stack disabled, so memset isn't performed twice. 2016-06-22 07:22:30 -07:00
David Garske 69db94d668 Fix build error for un-initialized "kb" variable when built with fixed point cache and small stack enabled. 2016-06-22 07:06:07 -07:00
David Garske d294dc363e Fix scan-build warning with "redundant redeclaration of 'fp_isprime'". Changed "fp_isprime" and "fp_isprime_ex" to local static only. Also made "fp_gcd", "fp_lcm", and "fp_randprime" static functions. 2016-06-21 19:35:25 -07:00