Commit Graph

7355 Commits

Author SHA1 Message Date
Daniel Pouzzner 855175da47 wolfcrypt/src/fe_448.c: fix several out-of-order declarations in fe448_mul_8(). 2024-04-17 00:43:41 -05:00
Daniel Pouzzner 9f55dba2f2 wolfcrypt/src/aes.c: in AES-XTS AESNI, use cautious strategy as in AESGCM_STREAM for SAVE_VECTOR_REGISTERS, due to random failures seen with DEBUG_VECTOR_REGISTER_ACCESS_FUZZING using the old per-call fallback strategy. 2024-04-17 00:43:41 -05:00
Daniel Pouzzner b2f594e84b fixes for --enable-32bit CFLAGS=-m32 --enable-fips=v6 (fixes "#error ED448 requires SHAKE256"). 2024-04-17 00:43:41 -05:00
Sean Parkinson 8e9810e87e ssl.c: Move functions out to separate files
Moved E[CD][25519||448] APIs to pk.c
Move public key PEM APIs to pk.c.
Move wolfSSL loading and using of private keys and certificates to
ssl_load.c
Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c.
Move session and session cache APIs to ssl_sess.c.
Other minor fixes.
2024-04-16 10:30:59 +10:00
Daniel Pouzzner 6e0a90190f fixes for v5 and v6+ FIPS builds, including linuxkm v6+ builds. 2024-04-15 14:11:21 -05:00
JacobBarthelmeh 8b656d5a5f Merge pull request #7295 from kaleb-himes/SRTP-KDF-FS
SRTP-KDF FS Preview
2024-04-11 13:41:05 -06:00
JacobBarthelmeh ff09f418c0 Merge pull request #7408 from SparkiDev/asn_templ_rid
X.509 RID ASN template behaviour
2024-04-10 11:42:07 -06:00
kaleb-himes 264dcd4e15 Fix a file mode and more overlong lines 2024-04-10 10:18:49 -06:00
Sean Parkinson b48b5c47f4 X.509 RID ASN template behaviour
Don't set the DNS entry for RID unless OPENSSL_ALL is defined to match
the behaviour of original ASN code.
2024-04-10 10:39:45 +10:00
kaleb-himes b8d31b042f Windows support 2024-04-09 13:55:05 -06:00
kaleb-himes 71e83cdd19 Resolve armasm fips wrappers and sanity 2024-04-09 11:41:41 -06:00
kaleb-himes e45867bbc3 WIN fips section refactor / wolfEntropy API syntax adjustment 2024-04-09 09:48:33 -06:00
kaleb-himes ef2a636610 Expose additional features of opensslall in a compliant way 2024-04-09 09:48:33 -06:00
kaleb-himes 2e63ae750d Comments for SP800-38E TODO, wolfEntropy optional setup and remove forced errors api.c 2024-04-09 09:48:33 -06:00
kaleb-himes 4df091ae2a Restore debug messages that were cluttering up logs 2024-04-09 09:48:33 -06:00
kaleb_himes 81f5ac7f6c SRTP-KDF FS Preview 2024-04-09 09:48:33 -06:00
Daniel Pouzzner a518f493b5 Merge pull request #7388 from JacobBarthelmeh/x509_cases
check for critical policy extension when not supported
2024-04-05 15:59:03 -04:00
JacobBarthelmeh 8b587b563c Merge pull request #7286 from Frauschi/hybrid_signatures
Improvements to dual algorithm certificates
2024-04-03 13:37:16 -06:00
David Garske 57603823e3 Merge pull request #7387 from JacobBarthelmeh/sm2
fix for oss-fuzz sm2 test build
2024-04-03 10:08:46 -07:00
JacobBarthelmeh f6a24efe23 Merge pull request #7389 from dgarske/nxp_mmcau_sha256
Fix the NXP MMCAU HW acceleration for SHA2-256
2024-04-03 10:39:04 -06:00
David Garske d7c6d7af44 Fix the NXP MMCAU HW acceleration for SHA2-256. Broken with LMS SHA2 refactor. 2024-04-02 19:32:41 -07:00
JacobBarthelmeh 75da69911c Merge pull request #7369 from dgarske/infineon_modustoolbox
Support for Infineon Modus Toolbox with wolfSSL
2024-04-02 17:34:07 -06:00
JacobBarthelmeh 983616afa0 check for critical policy extension when not supported 2024-04-02 16:46:47 -06:00
JacobBarthelmeh d4f5825fd2 fix for sp build with ecc_map_ex 2024-04-02 11:40:53 -06:00
jordan b65e42bf4d Used codespell and fixed obvious typos. 2024-04-02 10:19:39 -05:00
Daniel Pouzzner 092dba4593 wolfcrypt/src/asn.c: fix for benign identicalInnerCondition in ParseCertRelative(). 2024-04-01 23:50:05 -05:00
Anthony Hu 10d210ce26 Parenthesis 2024-04-01 19:05:59 -04:00
Anthony Hu 2d532dd6b8 Clean up after another round of analyzer execution. 2024-04-01 18:56:44 -04:00
Anthony Hu 8f599defe0 Add check inspired by original implementation of asn. 2024-04-01 17:37:03 -04:00
Tobias Frauenschläger 136eaae4f1 Improvements to dual alg certificates
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
	(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
  file/buffer
* More API support for alternative private keys

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2024-04-01 17:37:03 -04:00
Daniel Pouzzner d930825a92 Merge pull request #7362 from jpbland1/rsa-make-key-no-malloc
fix wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC
2024-03-30 03:19:27 -04:00
John Bland d8e9e90f9d refactor rawLen to avoid unused warning 2024-03-30 02:12:32 -04:00
Daniel Pouzzner 3f3dd4743a Merge pull request #7365 from rizlik/ecc_cmp_param_cleanup
wc_ecc_cmp_param cleanup
2024-03-29 01:48:46 -04:00
David Garske 83dc3dfac1 Add support for the Infineon/Cypress HAL TRNG. 2024-03-28 13:57:26 -07:00
gojimmypi 5bffbdb20c Initialize some Kyber client variables 2024-03-28 09:14:53 -07:00
John Bland 4f51183b45 fix bad indenting 2024-03-28 02:54:49 -04:00
John Bland 305f87561d break out of loop on failure instead of return 2024-03-28 02:54:49 -04:00
John Bland fb784a2ac9 more changes from PR comments 2024-03-28 02:54:49 -04:00
John Bland 0bd8775eae update based on PR comments 2024-03-28 02:54:49 -04:00
John Bland d9d3f9a4f4 fix wc_MakeRsaKey and wc_RsaKeyToDer to work with
WOLFSSL_NO_MALLOC
2024-03-28 02:54:49 -04:00
Daniel Pouzzner 42a0cb23ac Merge pull request #7364 from gojimmypi/PR-Kyber-Init
Initialize some Kyber variables
2024-03-28 00:13:43 -04:00
Marco Oliverio 0a03940f5a wolfcrypt: wc_ecc_cmp_param: check string len before strncmp
also return -1 on param mismatch.
2024-03-26 14:59:41 +01:00
gojimmypi 01ae240fe8 Initialize some Kyber variables 2024-03-25 14:08:47 -07:00
Sean Parkinson d4b1995a2c ASN.1 testing: add tests of bad DER encodings
Certificates with bad DER encoded ASN.1 added to testing.
Fix comment in asn.c.
2024-03-22 08:51:17 +10:00
John Safranek 6462986bf2 OCSP Extension Encoding Fix
1. Removed redundant check for the output being NULL in
   `EncodeOcspRequestExtensions()`. The chuck of code being protected
   only cared about the value of ret, not the pointer. The code was
   supposed to calculate the size of the data without writing it.
2024-03-19 09:13:28 -07:00
David Garske 790e39ec03 Merge pull request #7350 from JacobBarthelmeh/scan_build_fix
scan-build fixes for pkcs7
2024-03-18 12:31:00 -07:00
JacobBarthelmeh d51bef3d43 fix for memory leak on error 2024-03-19 00:58:32 +07:00
JacobBarthelmeh b9619c3f0b Merge pull request #7343 from douzzer/20240315-pq-experimental
20240315-pq-experimental
2024-03-19 00:54:56 +07:00
JacobBarthelmeh 4751af9b89 scan-build fixes for pkcs7 2024-03-18 22:55:51 +07:00
David Garske 69bc5c1c19 Merge pull request #7345 from JacobBarthelmeh/coverity
Coverity fixes
2024-03-18 08:15:59 -07:00