Commit Graph

2227 Commits

Author SHA1 Message Date
David Garske 6171e29fe8 Fix for CSR generation after PR (https://github.com/wolfSSL/wolfssl/pull/1734). This resolves issue with email name in CSR. (Thanks to Forum post https://www.wolfssl.com/forums/post4137.html).
Failed examples:

```
145:d=5  hl=2 l=  16 prim: EOC
      0000 - 69 6e 66 6f 40 77 6f 6c-66 73 73 6c 2e 63 6f 6d   info@wolfssl.com
```

```
SET {
138  23:         SEQUENCE {
140   3:           OBJECT IDENTIFIER objectClass (2 5 4 0)
       :             Error: Spurious EOC in definite-length item.
```

Success Examples:

```
140:d=5  hl=2 l=   9 prim: OBJECT            :emailAddress
  151:d=5  hl=2 l=  16 prim: IA5STRING         :info@wolfssl.com
```

```
SET {
138  29:         SEQUENCE {
140   9:           OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
151  16:           IA5String 'info@wolfssl.com'
```
2018-08-31 11:20:04 -07:00
Sean Parkinson 41ab3d91fd Small stack for fast math code
Any large stack usages have been changed to dynamic memory allocations
when WOLFSSL_SMALL_STACK is defined.
Modified functions to return error codes.
2018-08-31 17:55:49 +10:00
Sean Parkinson d86fc2dbbe Smaller dynamic memory usage in TLS
Code doesn't require a DecodedCert which saves on dynamic memory usage.
WOLFSSL_SMALL_CERT_VERIFY: Don't have a DecodedCert allocated and verify
certificate signature in ProcessPeerCerts as this is maximum dynamic
memory usage.
WOLFSSL_SMALL_CERT_VERIFY is enabled with 'lowresource' configuration
option.
Fix sp_clear to work with NULL parameter.
Define a new function HashId that maps to the hashing function
available.
Set MAX_CERT_VERIFY_SZ to be the maximum based on what algorithms are
compiled in.
Fix usage of MAX_CERT_VERIFY_SZ in functions sending certificate verify
messages.
2018-08-31 08:29:28 +10:00
toddouska 31e37ea5df Merge pull request #1797 from SparkiDev/stack_size
Small stack usage fixes
2018-08-29 16:19:46 -07:00
toddouska d084a4bcb8 Merge pull request #1794 from SparkiDev/sp_armasm_modexp
Fix for SP ASM arm and no DH
2018-08-29 16:13:34 -07:00
toddouska 03fbad22a6 Merge pull request #1792 from SparkiDev/gcc_8_fixes
GCC 8 new warnings in -Wall fix
2018-08-29 16:12:19 -07:00
toddouska e4ccb2fe83 Merge pull request #1784 from dgarske/stsafe_server
Added ST-Safe PK callback example for Key Generation (TLS server only)
2018-08-29 16:07:14 -07:00
Sean Parkinson 4dbe86f1fd Small stack usage fixes
Stack pointer logging added.
2018-08-29 10:16:51 +10:00
Sean Parkinson 57620caac8 Fix for SP ASM arm and no DH
Fix mod exp in ARM asm to work for different size exponents.
In ASM code, mont_norm is not used in RSA so protect from no DH.
2018-08-28 11:24:38 +10:00
Sean Parkinson 551201c00c GCC 8 new warnings in -Wall fix 2018-08-27 12:51:01 +10:00
John Safranek bd5e507617 OID
1. When checking an OID sum against an OID string based on context, skip the unknown OIDs instead of treating them as parse errors.
2. When getting an OID, pass the lower error upstream instead of just PARSE error.
2018-08-24 11:51:25 -07:00
David Garske 347fdccf1c Added missing README.md. 2018-08-24 11:11:30 -07:00
David Garske c96aeb4550 Added documentation and benchmarks for STM32 and STSAFE-A100 support. 2018-08-24 11:03:14 -07:00
David Garske 88e6bd2915 Added ST-Safe server side PK callback example for key gen. Added helper API's for setting up the PK callbacks and custom context. 2018-08-23 15:57:14 -07:00
David Garske c7dde6c682 Merge pull request #1656 from danielinux/contiki-port
Contiki port
2018-08-23 12:31:56 -07:00
toddouska cc39f3211a Merge pull request #1780 from dgarske/pkcs7_ex
Added new PKCS7 ex API's to support signing and validation of large data
2018-08-23 08:41:25 -07:00
toddouska 5d8a2a7702 Merge pull request #1778 from SparkiDev/sp_mem
Make ALT_ECC_SIZE with SP work
2018-08-23 08:25:44 -07:00
toddouska 0d171e591b Merge pull request #1776 from SparkiDev/inline_cmpl_fix
Fix for clang builds with configs not using inline funcs
2018-08-23 08:22:39 -07:00
toddouska 8477d5ba1b Merge pull request #1773 from ejohnstown/critical-option
Certificate Extension Critical Check Optionality
2018-08-23 08:21:19 -07:00
David Garske 57d72028f6 Fix for missing return code on wc_Pic32HashFree. 2018-08-22 16:38:55 -07:00
David Garske d0d28c82cd Added new PKCS7 ex API's for supporting signing and validation of large data blobs. New API's are wc_PKCS7_EncodeSignedData_ex and wc_PKCS7_VerifySignedData_ex. Includes header docx and unit tests for new API's. Cleanup for the PKCS7 small stack and const oid's. 2018-08-22 15:46:37 -07:00
David Garske 53af520911 Fix to resolve issue with PIC32MZ crypto hardware (AES/DES3 only) where an unaligned input/output buffer was not handled correctly. This results in a BUFFER_E. This was seen with DTLS v1.0 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA cipher suite. Fix is to allocate a dynamic buffer from heap if the input/output are not aligned. Tested and verified with a PIC32MZ2048EFM144 and the wolfssl_udp_client example for Harmony using DTLS v1.0 and the setudppacketoptions 192.168.0.107 11111 hello -> sendudppacket commands. Cleanups in older ctoacrypt/settings.h for PIC32MZ. 2018-08-22 13:39:03 -07:00
Daniele Lacamera 3d27a8dc53 Contiki port 2018-08-22 09:15:09 +02:00
Sean Parkinson 783c4a0c5e Make ALT_ECC_SIZE with SP work
Change to more relevant dynamic types in SP also.
2018-08-22 16:02:51 +10:00
Takashi Kojo 08c2d94011 return value check of XFSEEK 2018-08-22 10:46:46 +09:00
Sean Parkinson 31bd844d6f Fix for clang builds with configs not using inline funcs 2018-08-22 11:16:57 +10:00
John Safranek a0f1c9dbe4 Make the check of the certificate extension critical flag optional based on compile option. 2018-08-21 10:57:04 -07:00
Sean Parkinson 1ab17ac827 More changes to minimize dynamic memory usage.
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
Sean Parkinson 506c858ed6 Add memory usage tracking and logging
Add WOLFSSL_MEMORY_TRACKING to report allocations and frees with the
type.
Fix places where memory can be freed earlier.
2018-08-21 08:54:57 +10:00
John Safranek e4757f1283 Prime Test Bug Fix
Using the wrong size for the MR test check value. Converting from size
of FP_MAX_BITS to the DH prime size, dividing too much. Switched it to
its own constant.
2018-08-20 11:43:06 -07:00
toddouska f3c4d5442e Merge pull request #1757 from dgarske/pkcs8_pad
Fix to resolve padding issue with PKCS 8 encryption.
2018-08-20 09:32:34 -07:00
toddouska 0e1b8b7bd8 Merge pull request #1760 from dgarske/atmel_asf
Fixes for building with Atmel ASF (`WOLFSSL_ATMEL`)
2018-08-20 09:20:01 -07:00
toddouska 683182f494 Merge pull request #1765 from SparkiDev/sp_fixes_1
Fixes for SP
2018-08-20 09:18:31 -07:00
toddouska 3e08c27512 Merge pull request #1715 from SparkiDev/disable_aescbc
Config option to disable AES-CBC
2018-08-20 09:08:19 -07:00
Aaron Jense 79590f3310 silence warning for unreachable statement from some compilers. 2018-08-17 15:13:06 -06:00
Sean Parkinson 2ac2c24f22 Fixes for SP
More places to mask shifted n.
Fix conditional check on NO_3072 in sp_int.h
Disable prime checking when using SP maths.
Add support for mp_tohex to SP maths.
Fix wolfmath.c to support including SP maths.
2018-08-17 10:13:29 +10:00
Aaron Jense 93546694ca modify for readability 2018-08-16 17:04:32 -06:00
Aaron Jense aeb9ab8aea Combine if statements 2018-08-16 16:25:53 -06:00
Aaron Jense eb08c6f6fc Fix error with wolfCrypt-JNI having ECC_PRIVATEKEY_ONLY and d != NULL 2018-08-16 15:29:46 -06:00
Sean Parkinson f487b0d96a Config option to disable AES-CBC
AEAD only detection and removeal of code.
Also in single threaded builds, reference the ctx suites in ssl object
if it exists.
2018-08-16 08:25:13 +10:00
David Garske 9db7ba2f0d Fix for cast mismatch and spelling of state. 2018-08-15 12:00:44 -07:00
David Garske c6e075f077 Fixes for building with Atmel ASF and no ECC508A. 2018-08-15 12:00:44 -07:00
David Garske 3d16f891d4 Fix to check for buffer overrrun with the additional padding in PKCS12 EncryptContent function. 2018-08-14 19:20:24 -06:00
David Garske cdff2869c2 Fixes for building with WC_NO_RNG (applies to wolfCrypt only builds). Tested with ./configure --enable-cryptonly CFLAGS="-DWC_NO_RNG" && make. 2018-08-14 18:53:25 -06:00
toddouska 9ad059542a Merge pull request #1745 from dgarske/ecc_export_hex
Added new ECC export API's to support export as hex string
2018-08-14 14:19:23 -07:00
David Garske 1c297b3ac4 Cleanup of some macro logic for enabling the mp_toradix. 2018-08-14 12:58:00 -06:00
David Garske 6ca56ee98c Fix to handle carriage return case in PEM end of line character handling (for Windows). Cleanup to consolidate duplicate end of line character handling code. 2018-08-14 12:22:18 -06:00
David Garske 7b83db0f65 Fix for PemToDer which was not properly handling extra new lines at end of file. 2018-08-14 12:22:18 -06:00
David Garske be33e69b22 Refactor to rename wc_ecc_export_int to wc_export_int for generic API for exporting an mp_int as hex string or unsigned bin. 2018-08-14 12:17:20 -06:00
David Garske 368227be2c Fix to make sure fp_div_d is available. 2018-08-14 12:05:22 -06:00