David Garske
6b3ff9bae2
Merge pull request #4459 from julek-wolfssl/missing-ext
...
Add x509 name attributes and extensions to DER parsing and generation
2021-10-28 14:30:37 -07:00
Juliusz Sosinowicz
9c8e4f558c
Explicit cast to int
2021-10-28 21:05:19 +02:00
David Garske
6bb7e3900e
Merge pull request #4511 from JacobBarthelmeh/Testing
...
build fixes and PKCS7 BER encoding fix
2021-10-28 10:52:58 -07:00
Juliusz Sosinowicz
ef37eeaeaa
Code review fixes
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
a6be157628
Gate new AKID functionality on WOLFSSL_AKID_NAME
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
cb79bc5c46
Use same code for DecodeNsCertType with templates
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
842dba7946
Put address and postal code in WOLFSSL_CERT_EXT
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
2531cd961f
Code review fixes
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
d9af698aa4
Implement raw AKID with WOLFSSL_ASN_TEMPLATE
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
c162196b27
Add x509 name attributes and extensions to DER parsing and generation
...
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
2021-10-28 14:50:53 +02:00
Sean Parkinson
0e18e9c404
Merge pull request #4502 from dgarske/async_test
...
Fixes for async TLS v1.3
2021-10-28 14:13:32 +10:00
David Garske
55ee5e41db
Merge pull request #4510 from SparkiDev/sp_cmp_c64
...
SP: change to sp_c32.c now in scripts caused changes to sp_c64.c
2021-10-27 18:50:13 -07:00
David Garske
c16f0db1b5
Fixes for handling WC_PENDING_E async responses in API unit test and examples. Resolves all issues with --enable-all --enable-asynccrypt --with-intelqa=.
2021-10-27 15:08:39 -07:00
David Garske
eb56b652ca
Fix for async TLS v1.3 with multiple WC_PENDING_E on client_hello and server_hello processing. Fix for not aligned NUMA.
2021-10-27 15:08:38 -07:00
Jacob Barthelmeh
f585dcd5ab
adjust inSz with BER PKCS7 parsing
2021-10-27 15:12:04 -06:00
Daniel Pouzzner
7915f6acb0
linuxkm: add the remainder of known needed SAVE_VECTOR_REGISTERS() wrappers to PK algs, add DEBUG_VECTOR_REGISTERS_{EXIT,ABORT}_ON_FAIL options; add a slew of ASSERT_SAVED_VECTOR_REGISTERS() to sp_x86_64.c (autogenerated, separate scripts commit to follow).
2021-10-26 20:24:29 -05:00
John Safranek
75df6508e6
Add a read enable for private keys when in FIPS mode.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
1d07034fb9
linuxkm: fix line length in types.h, and add #ifdef _MSC_VER #pragma warning(disable: 4127) to work around MSC bug re "conditional expression is constant"; fix flub in ecc.c.
2021-10-26 20:24:29 -05:00
Daniel Pouzzner
62c1bcae8a
linuxkm: {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around RSA, DH, and ECC routines that might use sp-asm.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
0eb76bcfd8
linuxkm: add missing RESTORE_VECTOR_REGISTERS() in wolfcrypt/src/poly1305.c:wc_Poly1305Update().
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
85a8c06062
linuxkm: add DEBUG_VECTOR_REGISTER_ACCESS (debug feature switch), ASSERT_SAVED_VECTOR_REGISTERS, and ASSERT_RESTORED_VECTOR_REGISTERS macros, and move the fallback no-op definitions of the SAVE_VECTOR_REGISTERS and RESTORE_VECTOR_REGISTERS to types.h. also fixed several ASCII TAB characters in types.h.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e0395c6441
linuxkm: in wolfcrypt/src/sha{256,512}.c, remove {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around AVX implementations, as this needs to be refactored for efficiency and the underlying assembly is not yet kernel-compatible.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
ad4c200cd2
linuxkm: wolfcrypt/src/memory.c: in {save,restore}_vector_registers_x86(), allow for recursive calls (some crypto calls are recursive).
2021-10-26 20:24:28 -05:00
John Safranek
f1d43f6891
Add error code for the private key read lockout.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
b577984574
rsa.c: fix whitespace.
2021-10-26 20:24:28 -05:00
David Garske
3fcdcbc1f9
Fix for RSA _ifc_pairwise_consistency_test to make the async blocking.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e61d88657d
WOLFSSL_ASYNC_CRYPT: in EccSharedSecret(), don't try to wolfSSL_AsyncInit() if there's no priv_key to supply an asyncDev; in RSA _ifc_pairwise_consistency_test(), disable async to force blocking crypto.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
10304c9143
linuxkm: portability fix in aes.c for SAVE_VECTOR_REGISTERS() call ("embedding a directive within macro arguments is not portable").
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
c0778e5ad9
gate access to wc_Sha512.devId on !NO_SHA2_CRYPTO_CB.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
0f05a71bfb
linuxkm: refactor SAVE_VECTOR_REGISTERS() macro to take a fail clause as an argument, to allow the preprocessor to completely eliminate it in non-kernel builds, and for backward compat with WCv5.0-RC8.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
342e319870
dsa.c: fix up comment spelling/typography in wc_MakeDsaKey().
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
7a4ec22953
pkcs7.c: further smallstack refactor of PKCS7_EncodeSigned().
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
f60cb94b82
wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist.
2021-10-26 20:24:28 -05:00
Daniel Pouzzner
255d2d650f
rsa.c: add missing WOLFSSL_ASYNC_CRYPT clauses to _ifc_pairwise_consistency_test().
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8c3cbf84f9
add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
d39d389c6e
aes.c: in CheckAesGcmIvSize(), don't disallow GCM_NONCE_MIN_SZ for FIPS 140-3, i.e. always allow it.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
67db7b7f32
fixes for issues identified by Jenkins run:
...
Makefile.am: clean .build_params file;
ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();
move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);
fix new unused-label defect in wc_ecc_shared_secret_gen_sync();
fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);
fix NO_INLINE ForceZero() prototype;
ecc.c: add missing if (err == MP_OKAY) in build_lut();
wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;
ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;
WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
87578262aa
wolfcrypt smallstack refactors:
...
rsa.c: wc_CompareDiffPQ()
dh.c: wc_DhGenerateParams()
dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()
srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()
ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()
test.c: GenerateNextP() dh_generate_test() GenerateP()
2021-10-26 20:24:27 -05:00
Daniel Pouzzner
ddda108de6
sp_int.c:sp_set(): use PRAGMA_GCC_* macros, not ad hoc gated __Pragmas, to mask spurious -Warray-bounds.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
ed33315f25
wolfcrypt/src/sp_int.c: add pragma to sp_set() to suppress false positive -Warray-bounds on gcc-11.
2021-10-26 20:24:26 -05:00
Daniel Pouzzner
b673622322
FIPS 140-3 misc fixes including fixes for rebase errors.
2021-10-26 20:24:26 -05:00
John Safranek
c31ed64eb5
Add guard around the public key check for DH to skip it when we have
...
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
2021-10-26 20:24:26 -05:00
John Safranek
b54459ace3
When the ECC PCT verify result is 0, the PCT fails.
2021-10-26 20:24:26 -05:00
John Safranek
175bab9a6f
Add missed step in DH key pair generation.
2021-10-26 20:24:26 -05:00
John Safranek
f42106201a
In the RSA PCT, initialize the plain output pointer.
2021-10-26 20:24:26 -05:00
John Safranek
aa3fb6f0d0
Update visibility on a SP math function for DH.
2021-10-26 20:24:26 -05:00
John Safranek
04ffd2ab45
Fixes:
...
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
John Safranek
3eaeaf3a57
Add sign/verify PCT to ECC.
2021-10-26 20:24:25 -05:00
John Safranek
9bf36f329a
Add sign/verify PCT to RSA key gen.
2021-10-26 20:24:25 -05:00
John Safranek
5d7c6dda72
Restore the PCTs to ECC and DH.
2021-10-26 20:24:25 -05:00