wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-30 23:39:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
7,414 Commits 12 Branches 184 Tags
5fc70f2fa466acde852c247e32c6becfd53e36c7
Commit Graph

7414 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
John Safranek
5fc70f2fa4 FIPS Revalidation 
1. Add a copy of the DSA parameter generation function to DH for use without DSA.
 2018-04-13 09:40:09 -07:00
John Safranek
ea5ddd9d3f FIPS Revalidation 
1. Bug fixes to AES-GCM. Separated out the internal and external IV set functions.
 2018-04-13 09:40:09 -07:00
John Safranek
cc49fca9fd FIPS Revalidation 
1. Updated the configure.ac to add in the RSA direct function to FIPS builds
 2018-04-13 09:40:09 -07:00
John Safranek
72f8c8385f FIPS Revalidation 
1. Add new APIs for AES-GCM so it can manage the IV per SP 800-38D.
2. Add new APIs for AES-CCM so it can manage the IV, similar to the behavior in AES-GCM.
3. Add new APIs for GMAC that use the new AES-GCM APIs.
 2018-04-13 09:40:09 -07:00
John Safranek
4237a57659 Test Fixes 
1. Added error code for ECDHE FIPS KAT failure.
 2018-04-13 09:40:09 -07:00
John Safranek
f7ce741078 Test Fixes 
1. Removed redundant forward declaration of RsaKey from hmac.h.
2. Updated gitignore with the first and last files.
3. Updated autogen with touching the first and last files.
 2018-04-13 09:40:09 -07:00
John Safranek
8e75de88e8 Test Fixes 
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
 2018-04-13 09:40:09 -07:00
John Safranek
b966352bc4 FIPS Revalidation 
1. AES-GCM encrypt IV length allowed to be 8-bits.
 2018-04-13 09:40:09 -07:00
John Safranek
58b00b7293 FIPS Revalidation 
1. Update the const data and code segment tags for the Windown builds.
 2018-04-13 09:40:09 -07:00
John Safranek
c394020771 FIPS Revalidation 
1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
 2018-04-13 09:40:09 -07:00
John Safranek
2b30e651c4 FIPS Revalidation 
1. Change to configure.ac to automatically enable HKDF in FIPSv2 builds.
 2018-04-13 09:40:09 -07:00
John Safranek
db2d0c97b5 FIPS Revalidation 
1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.
 2018-04-13 09:40:09 -07:00
John Safranek
39ea69dbac AES-GCM 
1. Updated the wolfCrypt GMAC test to leave out the test case with the 15-byte tag when building for FIPS.
2. Replace tabs with spaces.
 2018-04-13 09:40:09 -07:00
John Safranek
7c24880ae2 FIPS Revalidation 
1. Updated CMAC to allow tag length from 4 to 16 bytes, inclusive.
 2018-04-13 09:40:09 -07:00
John Safranek
0d1b197784 FIPS Revalidation 
1. Enable SHA-224 by default if building for FIPSv2.
 2018-04-13 09:40:09 -07:00
John Safranek
a9ee541e3f FIPS Revalidation 
1. Added new AES-GCM Encrypt API for FIPS where the IV is generated internally.
2. Fix the AES-NI guard flags so it can be used when FIPS enabled.
 2018-04-13 09:40:09 -07:00
John Safranek
1f56d8312e FIPS Revalidation 
1. Added CMAC to the boundary.
2. Added DHE to the boundary.
 2018-04-13 09:40:09 -07:00
John Safranek
7d620eb1ee FIPS Update 
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
 2018-04-13 09:40:09 -07:00
John Safranek
5d4e1a2678 FIPS Update 
1. Move SHA-224 and SHA-256 into FIPSv2.
2. Move HMAC into FIPSv2.
3. Move Hash_DRBG into FIPSv2.
 2018-04-13 09:39:02 -07:00
John Safranek
701c809e5b FIPS Update 
1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2.
2. Tweak the SHA-3 header to follow the new FIPS pattern.
 2018-04-13 09:39:02 -07:00
John Safranek
910ecc9689 AES-CCM FIPS 
1. Add new error code for the AES-CCM FIPS KAT failure.
2. When enabling FIPSv2, force enable AES-CCM.
 2018-04-13 09:39:02 -07:00
Eric Blankenhorn
a0d8327320 Coverity fixes 2 (#1493) 
* Coverity fixes for wolfcrypt folder
* Fixes for remaining issues
* Fixes for test files
 2018-04-13 05:35:18 -07:00
toddouska
84f7bd8cde Merge pull request #1494 from dgarske/wpas 
Fix for building wpa_supplicant
 2018-04-12 13:49:31 -07:00
toddouska
eacd98fe4e Merge pull request #1491 from dgarske/config 
Configure improvements and new options
 2018-04-12 13:48:20 -07:00
toddouska
8f1e8be2d0 Merge pull request #1490 from dgarske/hashoid_cleanup 
Hash OID cleanup
 2018-04-12 13:46:47 -07:00
David Garske
cf1230d232 Fix for building wpa_supplicant (./configure --enable-wpas) after PemToDer refactor in PR #1467. 2018-04-12 06:53:44 -07:00
David Garske
1f7b954d47 Fix for wc_GetCTC_HashOID in FIPS mode. Uses the new wc_HashTypeConvert to handle conversion from unique WC_ALGO (int) to WC_HASH_TYPE_ALGO (enum wc_HashType). 2018-04-12 06:51:23 -07:00
David Garske
ce6728951f Added a new --enable-opensslall option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build. 2018-04-11 13:54:07 -07:00
David Garske
689203d310 Added some more features to the --enable-all. Added new --enable-webclient option. 2018-04-11 13:54:07 -07:00
David Garske
ee5d78f84f Added new wc_OidGetHash API for getting the hash type from a hash OID. Refactor PKCS7 and PKCS12 to use new API and reduce duplicate ocde. Updated wc_GetCTC_HashOID to use wc_HashGetOID and maintain back compat. 2018-04-11 13:53:30 -07:00
toddouska
d85580691b Merge pull request #1492 from dgarske/fix_noasn_pwdbased 
Fixes for ASN disabled and PWDBASED enabled / Win FIPS
 2018-04-11 12:09:30 -07:00
David Garske
83bfdb1594 Fix for issue with unique hash types on ctoacrypt FIPS using different values than WC_HASH_TYPE_*. Add new API wc_HashTypeConvert to handle the conversion between enum wc_HashType and int. For FIPS it uses a switch() to convert and for non-FIPS it uses a simple cast. Changed the pwdbased_test to return actual ret instead of adding values (made it difficult to track down error location). 2018-04-11 09:30:30 -07:00
David Garske
3f3e332a3a Fix for evp.c statement will never be executed in wolfSSL_EVP_CIPHER_CTX_block_size. 2018-04-11 08:18:39 -07:00
David Garske
38aa56cc40 Fix for Windows FIPS build in current master. Resolves issue with missing DES/AES key size enums. 2018-04-10 20:07:14 -07:00
David Garske
565f394972 Fix for building without ASN and PWDBASED enabled (./configure --disable-asn --enable-pwdbased). 2018-04-10 16:36:11 -07:00
toddouska
e25da80766 Merge pull request #1467 from dgarske/asnpemtoder 
PEM Encrypted Keys cleanup and PemToDer move to wolfCrypt asn.c
 2018-04-09 16:33:30 -07:00
David Garske
a38576146e * Added support for disabling PEM to DER functionality using WOLFSSL_PEM_TO_DER. This allows way to use with DER (ASN.1) certificates only in an embedded environment. This option builds, but internal make check requires PEM support for tests. 
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
 2018-04-09 13:28:15 -07:00
David Garske
5a46bdf6f6 Added unit test for using encrypted keys with TLS. Only works with --enable-des3, since the keys are all encrypted with DES3 (also requires either --enable-opensslextra or --enable-enckeys). 2018-04-09 13:28:15 -07:00
David Garske
d68a6fb4c7 Make sure wc_encrypt.h includes the ciphers. 2018-04-09 13:28:15 -07:00
David Garske
98c186017a Fixes for build failures. Added new WC_MAX_SYM_KEY_SIZE macro for helping determine max key size. Added enum for unique cipher types. Added CHACHA_MAX_KEY_SZ for ChaCha. 2018-04-09 13:28:15 -07:00
David Garske
2c72f72752 Fixes for FIPS, sniffer (w/o enc keys), scan-build issues and backwards compatability. 2018-04-09 13:28:15 -07:00
David Garske
9be11bf62c Fix to correct missing wolfSSL_EVP_BytesToKey header int he NO_MD5 case. 2018-04-09 13:28:15 -07:00
David Garske
1f00ea2115 Fixes for various build issues with type casting and unused functions. Moved mystrnstr to wc_port.c. Added some additional argument checks on pwdbased. 2018-04-09 13:28:15 -07:00
David Garske
e60032b961 Fix for duplicate API defs. 2018-04-09 13:28:15 -07:00
David Garske
b01535b483 Fix for stray character. 2018-04-09 13:28:15 -07:00
David Garske
8a31f13cb6 Remove obsolete WOLFSSL_PEMPUBKEY_TODER_DEFINED header logic. 2018-04-09 13:28:15 -07:00
David Garske
6de8348918 Fixes for various build configurations. Added --enable-enckeys option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN CryptKey function to wc_encrypt.c as wc_CryptKey. Fixup some missing heap args on XMALLOC/XFREE in asn.c. 2018-04-09 13:28:15 -07:00
David Garske
1315fad7dc Added ForceZero on the password buffer after done using it. 2018-04-09 13:28:15 -07:00
David Garske
3a8b08cdbf Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz. 2018-04-09 13:28:15 -07:00
David Garske
c83e63853d Refactor unqiue hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). Refactor the Sha3 types to use wc_ naming. 2018-04-09 13:28:15 -07:00