wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 15:52:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,332 Commits 12 Branches 184 Tags
562fcd3916688041a05eff732fd3833eed3f41c3
Commit Graph

5982 Commits

Author SHA1 Message Date
Sean Parkinson
b436262cdf ARMASM, SHA-3: fixup when not using crypto instructions 2022-02-09 09:36:00 +10:00
David Garske
ed1fc9fc51 Merge pull request #4833 from SparkiDev/sha3_arm_crypto 
SHA-3, ARM64: add assembly support for crypto instructions
 2022-02-08 11:05:35 -08:00
Daniel Pouzzner
1f69c52ce8 Merge pull request #4830 from dgarske/no_hmac 
Fixes for building without HMAC
 2022-02-07 22:26:38 -06:00
Sean Parkinson
0042a2594c SHA-3, ARM64: add assembly support for crypto instructions 
Add ability to compile ARM assembly from inline C code.
 2022-02-08 12:21:38 +10:00
David Garske
56c562a516 Fixes for building with ./configure --enable-opensslextra --enable-cryptonly CFLAGS="-DNO_HMAC" && make. Found this testing a customers configuration with latest. Also fixes some trailing whitespace. 2022-02-07 15:10:21 -08:00
Anthony Hu
e47dd675af Fix tests to properly gate on ! NO_PWDBASED && ! NO_SHA 2022-02-07 14:44:26 -05:00
David Garske
dd2e0064b2 Merge pull request #4827 from SparkiDev/sp_int_dw_asm 
SP math, Aarch64, ARM32: div word asm fixup
 2022-02-07 11:32:14 -08:00
David Garske
54e7db0a9a Merge pull request #4739 from rizlik/psa 
support Platform Security Architecture (PSA) API
 2022-02-07 10:40:21 -08:00
Chris Conlon
4c8f0709fc Merge pull request #4720 from dgarske/fips_compat 2022-02-07 09:56:24 -07:00
Lealem Amedie
f9ff551992 Fix for OpenSSL x509_NAME_hash mismatch 2022-02-04 16:59:51 -08:00
David Garske
1f8ff7d9fe Merge pull request #4822 from embhorn/zd13613 
Fix warnings in VS
 2022-02-04 15:37:31 -08:00
Marco Oliverio
b8635efda7 psa: add README.md and doxygen header 2022-02-04 21:45:38 +01:00
Marco Oliverio
0cb2cc1705 psa: support pk callbacks for ECDSA, ECDH, HKDF 2022-02-04 21:45:38 +01:00
Marco Oliverio
630b244cee psa: introduce global lock 2022-02-04 21:45:38 +01:00
Marco Oliverio
a7165907da psa: support AES 2022-02-04 21:45:38 +01:00
Marco Oliverio
9ccfc81f26 psa: support PSA SHA1/SHA256/SHA224 2022-02-04 21:45:38 +01:00
Marco Oliverio
06915b6fa3 psa: support PSA random generator 2022-02-04 21:45:38 +01:00
Marco Oliverio
08fbcf5eae autoconf: add PSA options 2022-02-04 12:12:04 +01:00
Sean Parkinson
bd1b58dd7f SP math, Aarch64, ARM32: div word asm fixup 
ASM code is dividing by top half of divisor. If this value is very small
then bad results are calculated.
Moved the divisor up by a quarter of the width if top quarter of divisor
is 0.
 2022-02-04 11:59:31 +10:00
Hayden Roche
b850cc89b0 Fix IV length bug in EVP AES-GCM code. 
In `wolfSSL_EVP_CipherInit`, `ctx`'s `ivSz` field isn't being accounted for.
A common OpenSSL EVP AES-GCM flow looks like this:

- `EVP_CIPHER_CTX_new`
- `EVP_EncryptInit_ex`
- `EVP_CIPHER_CTX_ctrl` with command `EVP_CTRL_GCM_SET_IVLEN` to set the IV
length to 16 (AES block size) instead of the default 12
- `EVP_EncryptInit_ex` again to set the key and IV
- `EVP_EncryptUpdate` however many times
- `EVP_EncryptFinal`

In fact, we test this flow in our unit test `test_wolfssl_EVP_aes_gcm`. However,
in our implementation, the second call to `EVP_EncryptInit_ex` unconditionally
resets the IV length back to 12. This doesn't cause a test failure because
decryption has the same problem, so both sides of the equation have the same
wrong view of the IV.

The solution is to preserve the IV length in wolfSSL_EVP_CipherInit if ctx->ivSz
is non-zero. Otherwise, use the default of 12 (`GCM_NONCE_MID_SZ`).

This was discovered by a user migrating to the compatibility layer. As I
mentioned, it isn't exposed by our testing. It is exposed if you try to use the
same key and IV with OpenSSL and compare the resulting ciphertext with wolfSSL.
They won't be the same and thus won't interoperate.
 2022-02-03 17:40:26 -08:00
Eric Blankenhorn
7b2e457d04 Fix VS unreachable code warning 2022-02-03 15:53:35 -06:00
Marco Oliverio
cebb127ac3 test: don't free AesXts struct in-between tests that reuse the key 2022-02-02 10:46:40 +01:00
David Garske
99799a3e3e Merge pull request #4806 from anhu/kill_idea 
Purge IDEA cipher
 2022-02-01 12:27:55 -08:00
Hayden Roche
24a2ed7e9e Merge pull request #4780 from dgarske/ipsec_racoon 2022-01-31 15:10:58 -08:00
David Garske
df85ea7e87 Merge pull request #4800 from SparkiDev/sp_c_smul 
SP C: multiplication of two signed types with overflow is undefined in C
 2022-01-31 14:29:18 -08:00
Anthony Hu
9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Daniel Pouzzner
a7de880745 wolfcrypt/src/camellia.c: clang-tidy fixes (bugprone-macro-parentheses). 2022-01-31 14:21:54 -06:00
David Garske
ecb3f215b5 Merge pull request #4808 from lealem47/certreq 
Fix for certreq and certgen options with openssl compatability
 2022-01-31 10:16:22 -08:00
David Garske
5bdaf44354 Merge pull request #4774 from anhu/kill_rabbit 
Purge Rabbit cipher
 2022-01-31 09:17:23 -08:00
Lealem Amedie
e135ea7338 Fix for certreq and certgen options with openssl compatability 2022-01-28 12:39:00 -08:00
David Garske
40fff86807 Merge pull request #4801 from tmael/cert_rr 
cert subset improvements
 2022-01-28 11:00:55 -08:00
Anthony Hu
b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
David Garske
80ae237852 Fixes for building with ipsec-tools/racoon and openvpn: 
* Fix for `EVP_CIPHER_CTX_flags`, which mapped to a missing function (broke openvpn)
* Added stack of name entries for ipsec/racoon support.
* Added `X509_STORE_CTX_set_flags` stub.
* Added PKCS7 NID types.
* Improved FIPS "SHA" logic in `test_wolfSSL_SHA`
* Added some uncommon NID type definitions.
* Expose the DH `DH_set_length` and `DH_set0_pqg` with OPENSSL_ALL
 2022-01-28 09:21:03 -08:00
Daniel Pouzzner
30b2073228 test.c: fix gating on wc_ecc_encrypt_ex() for FIPS <5.3 --enable-all. 2022-01-27 19:54:07 -06:00
David Garske
667009007b Merge pull request #4799 from SparkiDev/file_gen_fixes 
Generated files: fixes
 2022-01-27 14:21:34 -08:00
Sean Parkinson
b890a2f15d ECIES: allow compressed public keys 
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
 2022-01-27 12:10:59 +10:00
Tesfa Mael
a37e17084d Use mp_iszero 2022-01-26 17:33:42 -08:00
Tesfa Mael
1c1bd413e0 cert subset SHA2-256, ecc-256, cert gen, cryptocb 2022-01-26 17:11:00 -08:00
Sean Parkinson
91b1e541c5 SP C: multiplication of two signed types with overflow is undefined in C 
Montgomery Reduction: cast variables to be unsigned where signed
multiplication with overflow is performed.
 2022-01-27 10:25:02 +10:00
Sean Parkinson
a242424abe Generated files: fixes 
Fixups from updating scripts that generate the files.
Include settings.h for ARM32 assembly.
ARM32 SHA-512 ASM has only one function, Transform_Sha512_Len(). The
implementation is dependent on defines.
 2022-01-27 10:05:45 +10:00
David Garske
9bbc5e07e6 Merge pull request #4733 from JacobBarthelmeh/ECC 
include hmac for deterministic ecc sign build
 2022-01-26 10:01:46 -08:00
Daniel Pouzzner
b7cecbacb2 update headers to resolve clang-tidy carping (mostly bugprone-macro-parentheses and readability-named-parameter). also disables MSC C4028 because incompatible with readability-avoid-const-params-in-decls. 2022-01-26 02:06:37 -06:00
Daniel Pouzzner
9250edc2ea wolfcrypt/src/fe_x25519_128.i: harmonize argument names in fe_cswap() and fe_cmov() with those used in fe_operations.c. 2022-01-26 02:05:26 -06:00
David Garske
588f4a11c9 Merge pull request #4785 from douzzer/20220120-aes-internal-error-handling 
20220120-aes-internal-error-handling
 2022-01-24 20:45:53 -08:00
David Garske
50e3565df6 Merge pull request #4779 from SparkiDev/dyn_cert 
Cert: allow allocation of fields even with WOLFSSL_NO_MALLOC
 2022-01-24 14:17:41 -08:00
Daniel Pouzzner
746c05ca44 AES: peer review: remove gating around sanity checks on aes->rounds in software wc_AesEncrypt() and wc_AesDecrypt(); 
use local variable crypto_cb_ret around WOLF_CRYPTO_CB calls for clarity;

fix line length.
 2022-01-24 15:47:23 -06:00
Daniel Pouzzner
f0041852b5 aes.c: add error catching and percolation for wc_AesGetKeySize() on FREESCALE_LTC in wc_AesEncrypt(), wc_AesDecrypt(), and wc_AesCtrEncrypt(). 2022-01-24 13:34:22 -06:00
Daniel Pouzzner
5ff1d98306 AES: fix linebreaks in newly overlong lines in aes.c and aes.h; add missing return code in armv8-aes.c wc_AesDecryptDirect(); add missing RESTORE_VECTOR_REGISTERS() in software wc_AesXtsEncrypt() (all pursuant to peer review in #4785 from Sean). 2022-01-24 12:32:25 -06:00
Daniel Pouzzner
565a7b0aab aes.c: in linuxkm clause of WOLFSSL_AES_DIRECT section, gate on WOLFSSL_LINUXKM && WOLFSSL_AESNI (with no-asm falling through to the generic definition), and use wolfssl-idiomatic WARN_UNUSED_RESULT, not linux-kernel-idiomatic __must_check. (thanks to John S peer review) 2022-01-24 11:44:16 -06:00
Daniel Pouzzner
a718637c6f AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2). 2022-01-24 11:44:16 -06:00