Commit Graph

14222 Commits

Author SHA1 Message Date
Sean Parkinson 70d2c838bb Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-09 08:52:05 +10:00
David Garske ae4af3c681 Merge pull request #4071 from SparkiDev/fp_ecc_long_order
ECC FP: cached doesn't work when order has more bits than prime
2021-06-08 12:17:04 -07:00
David Garske 54d13f63c1 Merge pull request #4067 from haydenroche5/pkcs8
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key.
2021-06-08 09:21:53 -07:00
David Garske de70681229 Improve code comments to explain FP_ECC limitation for SECP160R1, SECP160R2, SECP160K1 and SECP224K1. 2021-06-08 08:41:36 -07:00
David Garske 61eae79f71 Merge pull request #4074 from SparkiDev/ecdsa_dbl_table_point
ECDSA FP ECC: fix corner case
2021-06-08 08:35:17 -07:00
David Garske 5586bc349c Merge pull request #4056 from SparkiDev/mp_int_rem_apis
MP Integer: remove unsupported API prototypes
2021-06-08 08:08:04 -07:00
David Garske 50e8509a36 Merge pull request #4037 from SparkiDev/prime_test_err_check
TFM prime checking: check for more errors
2021-06-08 08:06:37 -07:00
David Garske 9497c74283 Merge pull request #4081 from strongX509/master
SHA3-based RSA signatures require SHA-3 hash OIDs
2021-06-08 07:46:18 -07:00
Sean Parkinson 88322b82a5 Merge pull request #3871 from julek-wolfssl/openvpn-master
OpenVPN additions and fixes
2021-06-08 13:54:14 +10:00
Sean Parkinson 194b494741 Merge pull request #4034 from embhorn/zd12261
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
2021-06-08 12:15:30 +10:00
Sean Parkinson b3352648dd Merge pull request #4097 from guidovranken/blake2-init-key-fixes
Check return value in BLAKE2 key init functions
2021-06-08 11:54:29 +10:00
Sean Parkinson 8ee1dda2f9 Merge pull request #4001 from dgarske/time_long
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
Sean Parkinson 23d733f837 Merge pull request #4063 from guidovranken/zd12328
Fix length calculations in Base64_SkipNewline
2021-06-08 10:55:15 +10:00
David Garske 3e307aa626 Merge pull request #4091 from JacobBarthelmeh/Testing
add strict check on signature length
2021-06-07 11:02:02 -07:00
Guido Vranken 4e318ade36 In wc_PBKDF1_ex, break out of outer loop on error 2021-06-07 16:21:02 +02:00
Jacob Barthelmeh f97ca1c1ca adjust test case and add useful comments 2021-06-07 19:44:05 +07:00
Guido Vranken 96b7b193d7 Check return value in BLAKE2 key init functions
If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail,
so the error must be propagated.
2021-06-07 03:34:44 +02:00
Sean Parkinson 898b9d5e24 Merge pull request #4084 from dgarske/sp_math_keygen
Fix for building SP small math only (no DH) with key generation
2021-06-07 10:48:01 +10:00
David Garske 5d33161032 Fixes for RSA keygen with SP (no DH). Thanks Sean. 2021-06-04 13:32:59 -07:00
Jacob Barthelmeh c245c4a812 add strict check on signature length 2021-06-05 03:09:33 +07:00
David Garske d7117cd8bb Merge pull request #4089 from danielinux/psoc6-sha-fixes
psoc6_Crypto port: fixes to sha256/sha512 objects
2021-06-04 09:16:42 -07:00
Daniele Lacamera a5a4925370 Fixed sha256 and sha512 interface for psoc6 crypto module 2021-06-04 13:22:17 +02:00
Chris Conlon 961773b384 Merge pull request #4079 from lealem47/PKCS12UnitTest
Pkcs12 unit test
2021-06-03 16:07:54 -06:00
David Garske 21060afb80 Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error. 2021-06-03 10:56:54 -07:00
Jacob Barthelmeh 66c7acb076 add use of heap hint for malloc 2021-06-03 23:38:30 +07:00
Chris Conlon 6cfb982740 Merge pull request #3981 from miyazakh/qt_oslext_cnf
Added compatibility layer API
2021-06-01 15:25:37 -06:00
Lealem Amedie 72fc7e62b8 Fixed spacing 2021-06-01 14:47:51 -06:00
Andreas Steffen 0caf3ba456 SHA3-based RSA signatures require SHA-3 hash OIDs
The SHA-3 ASN.1 OIDs are defined by NIST under the
nistalgorithm/hashAlgs node.
2021-06-01 22:02:23 +02:00
Kaleb Himes a27cdc538a Fix typo 2021-06-01 13:30:32 -06:00
Kaleb Himes 3a9c6ea924 fix FIPS v2 check ($ENABLED_FIPS not set for v2) 2021-06-01 13:29:39 -06:00
kaleb-himes 94831eadf1 Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag 2021-06-01 11:38:17 -06:00
Lealem Amedie 03a5395b53 Fixed casting issue 2021-06-01 09:46:30 -06:00
Lealem Amedie 2db233d10e Added wolfssl_PKCS12_verify_mac testing in test_wolfSSL_PKCS12() function in api.c 2021-05-28 16:33:46 -06:00
Chris Conlon 15931fa199 Merge pull request #4060 from kojo1/encrypt_len
FP_MAX_BITS for ENCRYPT_LEN
2021-05-28 15:55:58 -06:00
Sean Parkinson 9fff404313 Merge pull request #4073 from TakayukiMatsuo/tk12138
Add calling wc_FreeMutex for globalRNGMutex
2021-05-28 16:11:00 +10:00
Sean Parkinson c69665b999 ECDSA FP ECC: fix corner case
When the same table is used for both base point and public point (which
is not a valid thing to do) then a corner case occurs when the table
point can be added to the same point. This has to be a double operation
instead.
The table point isn't able to be doubled as it has a z-ordinate of 0 and
the original point is overwritten with the invalid add result.
Fix this case by:
 - copying the table point into the result,
 - setting z-ordinate to Montgomery form of 1,
 - double the result point in place.
2021-05-28 13:06:20 +10:00
TakayukiMatsuo 54dba6a2f2 Add calling wc_FreeMutex for globalRNGMutex 2021-05-28 11:19:40 +09:00
Sean Parkinson 6bf9a887e1 ECC FP: cached doesn't work when order has more bits than prime
Small curves that are not commonly used do not work with scalars that
are the length of the order when the order is longer than the prime.
The table is generated based on modulus length not order length.
Simple fix is to not allow these curves to be used with FP_ECC.
Order isn't passed into the pseudo-public APIs.
2021-05-27 09:53:03 +10:00
John Safranek 1fe445368c Merge pull request #4069 from guidovranken/zd12349
Several ASN decoder fixes
2021-05-26 16:13:54 -07:00
Guido Vranken 1fbc3dc2d4 Heap-allocate additional CertStatus structs in DecodeResponseData 2021-05-26 21:41:47 +02:00
Guido Vranken cfef249041 Several ASN decoder fixes
See ZD 12349
2021-05-26 20:15:32 +02:00
Hayden Roche 88370285cc Add an API function wc_DecryptPKCS8Key to handle decrypting a DER, PKCS#8
encrypted key.
2021-05-26 10:48:14 -07:00
Hayden Roche 5e4e73d6e9 Add an API function wc_EncryptPKCS8Key to handle encrypting a DER,
PKCS#8-formatted key.

There's already a function wc_CreatePKCS8Key, but this only creates the
unencrypted PKCS#8 key. TraditionalEnc exists, which takes a non-PKCS#8 key,
converts it to PKCS#8 format, and encrypts it, but this function isn't in the
public-facing API. I've modified TraditionalEnc to use wc_EncryptPKCS8Key after
wc_CreatePKCS8Key. wc_EncryptPKCS8Key is essentially the encryption portion of
TraditionalEnc moved out into its own function. wc_EncryptPKCS8Key will be in
the API going forward so that users can do PKCS#8 encryption without relying on
the non-API TraditionalEnc. Next, I'll be adding a corresponding
wc_DecryptPKCS8Key to handle decryption.
2021-05-26 10:48:11 -07:00
David Garske 41af3da0e3 Merge pull request #4057 from SparkiDev/no_tls12_pkcb
TLS: fix build with no TLSv12 but PK callbacks
2021-05-25 15:26:40 -07:00
Guido Vranken 360d6c8a4f Additional fix for Base64_SkipNewline 2021-05-26 00:25:27 +02:00
David Garske 3cc69ee6a0 Merge pull request #4064 from SparkiDev/evp_aes_gcm_stream_leak
EVP AES-GCM Streaming: must free Aes
2021-05-25 15:11:03 -07:00
Hideki Miyazaki 1c0fd3f1c0 addressed review comments part3 2021-05-26 06:17:33 +09:00
Hideki Miyazaki e2284d59bf addressed review comments part2 2021-05-26 06:07:48 +09:00
Hideki Miyazaki ae502c7a09 addressed review comments part1 2021-05-26 06:07:48 +09:00
Hideki Miyazaki af67965f65 addressed jenkins failures part1 2021-05-26 06:07:48 +09:00