wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 09:52:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,739 Commits 12 Branches 184 Tags
7b21cd8cf0daa8163439fbfd39dc986cf449fbf2
Commit Graph

654 Commits

Author SHA1 Message Date
David Garske
61f6b5e29c Peer review feedback. 2022-03-31 10:04:23 -07:00
David Garske
c905c613e9 Support for Intel QuickAssist ECC KeyGen acceleration. 2022-03-30 13:07:47 -07:00
David Garske
5b0735cdb4 Fixes for async ECC broke in PR #4982. 2022-03-28 11:29:33 -07:00
JacobBarthelmeh
25d5a624d2 Merge pull request #4975 from cconlon/smallStack 
smallstack cleanup for OpenSSL Compatibility Functions
 2022-03-25 17:06:59 -06:00
David Garske
3af3274dcd Merge pull request #4982 from SparkiDev/sp_x64_improvements 
SP ASM improvements
 2022-03-25 13:04:01 -07:00
Sean Parkinson
fd66f6bcec SP ASM improvements 
Change Karatsuba implementations for x86_64.
Fix ECC code to better handle corner cases.
Add 'lower' versions of functions wehn an input is known to be less than m.
Add mont_add/dbl/tpl/sub for P384.
Change ECC point add to be cache-attack resistant.
Change mod_exp to be cache-attack resistant.
 2022-03-25 10:04:25 +10:00
David Garske
6e550c8d75 Fix for KCAPI ECC KeyGen. Disable ECC consistency checks with KCAPI. Allow public AddSignature (used to be public). Fix KCAPI ECC SharedSecret output size. 2022-03-23 09:37:50 -07:00
David Garske
c9e3094cb0 Fixes for KCAPI ECC verify. Cleanup of the pubkey_raw. Fix KCAPI AES possible used uninitialized. 2022-03-23 09:37:50 -07:00
David Garske
8d695f97c9 Fix for KCAPI KcapiEcc_LoadKey parameter to kcapi_kpp_keygen. Added option to release handle on load. Fixes for KCAPI sign output length. Added additional argument checking. 2022-03-23 09:37:50 -07:00
David Garske
318350f63b Fix for ecc_check_privkey_gen with KCAPI. Fix KCAPI ECDSA to ensure we don't leak handle for multiple sign/verify calls. 2022-03-23 09:37:50 -07:00
Chris Conlon
210eb6283c smallstack reduction for wc_ecc_import_x963_ex, mp_jacobi 2022-03-21 14:43:43 -06:00
Chris Conlon
339e44bd87 smallstack reduction for wc_ecc_import_point_der_ex() 2022-03-21 14:43:43 -06:00
David Garske
b546b2a5ec Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID. 2022-03-17 14:48:30 -07:00
David Garske
4ec49d2189 Merge pull request #4943 from SparkiDev/sp_arm64_perf_1 
SP ASM performance improvements
 2022-03-14 18:40:51 -07:00
Sean Parkinson
3ea5e56c26 SP ASM performance improvements 
Mostly improving Aarch64 assembly.
Change Karatsuba implementations.
Specialised code for exponentiating to 0x10001 for RSA.
 2022-03-11 08:42:46 +10:00
Sean Parkinson
6b7f0d4ee7 Merge pull request #4905 from anhu/custom_ext_parse 
Injection and parsing of custom extensions in X.509 certificates.
 2022-03-10 10:39:05 +10:00
Anthony Hu
98f733767b Use MAX_OID_SZ 2022-03-09 17:20:50 -05:00
Anthony Hu
d77d9b93dc This fixes a make check error. 
The flags activated code that didn't account for the new oid encoding. This
code fixes that.
 2022-03-07 15:47:47 -05:00
John Safranek
0e0ac14bbf Merge pull request #4901 from SparkiDev/kcapi_ecdh_fixes 
Fixes for KCAPI ECDH/DH and page alignment
 2022-03-07 11:01:16 -08:00
Sean Parkinson
7006efe97f Merge pull request #4861 from JacobBarthelmeh/ECC 
Deterministic ECDSA: fix for larger curve sizes
 2022-03-07 08:26:35 +10:00
David Garske
0c3b9c733f Fixes for KCAPI ECDH/DH and page alignment. ZD 13763 2022-03-04 15:06:16 -08:00
Jacob Barthelmeh
a4a4bdc20f fix typo, add macro guard, remove dead code path 2022-03-04 10:49:11 -07:00
Jacob Barthelmeh
d1212f9247 add P521 test case and fix for k generation 2022-03-03 10:44:24 -07:00
Jacob Barthelmeh
56de8cd622 add check on hash size passed in 2022-03-02 16:52:04 -07:00
David Garske
b21036947c Merge pull request #4894 from SparkiDev/sp_p521_hashlen_fix 
SP P521: hash len needs special attention when 521 bits
 2022-03-01 12:04:51 -08:00
Sean Parkinson
605d701113 SP P521: hash len needs special attention when 521 bits 
Need to right shift number down when hash is more than 521 bits.
Previously handled at a byte level and now at bit level.
Always return err from sp_*_ecc_mulmod_add_only_*().
When ECC add and double points are public and only have SP
implementation, check that the point ordinates are the right size.
 2022-03-01 09:56:22 +10:00
David Garske
cc2eb0ab71 KCAPI Testing fixes. 2022-02-25 15:16:55 -08:00
Sean Parkinson
2eb044dc60 SP: Add support for P521 2022-02-23 14:51:47 +10:00
Sean Parkinson
d10900e124 ECC with SP math: OOB write 
Don't let input points ordinates be greater than modulus in length.
 2022-02-22 17:00:23 +10:00
Jacob Barthelmeh
f0a0cd1078 fix for larger curve sizes with deterministic ECC sign 2022-02-14 09:55:38 -07:00
David Garske
d1267b5203 Merge pull request #4805 from SparkiDev/ecies_aes_ctr 
ECIES: add support for more encryption algorithms
 2022-02-10 07:04:24 -08:00
Sean Parkinson
e50f661639 ECIES: add support for more encryption algorithms 
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
 2022-02-10 09:54:22 +10:00
David Garske
40fff86807 Merge pull request #4801 from tmael/cert_rr 
cert subset improvements
 2022-01-28 11:00:55 -08:00
Sean Parkinson
b890a2f15d ECIES: allow compressed public keys 
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
 2022-01-27 12:10:59 +10:00
Tesfa Mael
a37e17084d Use mp_iszero 2022-01-26 17:33:42 -08:00
Tesfa Mael
1c1bd413e0 cert subset SHA2-256, ecc-256, cert gen, cryptocb 2022-01-26 17:11:00 -08:00
David Garske
9bbc5e07e6 Merge pull request #4733 from JacobBarthelmeh/ECC 
include hmac for deterministic ecc sign build
 2022-01-26 10:01:46 -08:00
Daniel Pouzzner
6a56d3e131 jumbo patch of fixes for clang-tidy gripes (with some bug fixes). 
defect/gripe statistics:

    configured --enable-all --enable-sp-math-all --enable-intelasm

    with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result

    [note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]

    pre-patch warning count per file, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy    6  wolfssl/tests/suites.c
    clang-analyzer-security.insecureAPI.strcpy    2  wolfssl/testsuite/testsuite.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/server/server.c
    bugprone-suspicious-missing-comma             3  wolfssl/examples/client/client.c
    readability-redundant-preprocessor            2  wolfssl/wolfcrypt/src/asn.c
    readability-redundant-preprocessor            1  wolfssl/wolfcrypt/src/rsa.c
    readability-redundant-preprocessor            9  wolfssl/src/ssl.c
    readability-redundant-preprocessor            2  wolfssl/src/tls13.c
    readability-redundant-preprocessor           18  wolfssl/tests/api.c
    readability-redundant-preprocessor            3  wolfssl/src/internal.c
    readability-redundant-preprocessor           10  wolfssl/wolfcrypt/test/test.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/benchmark/benchmark.c
    readability-named-parameter                   7  wolfssl/src/internal.c
    readability-named-parameter                   1  wolfssl/wolfcrypt/src/ecc.c
    readability-named-parameter                   1  wolfssl/testsuite/testsuite.c
    readability-named-parameter                  11  wolfssl/wolfcrypt/src/ge_operations.c
    misc-no-recursion                             3  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix          4  wolfssl/wolfcrypt/src/asn.c
    readability-uppercase-literal-suffix          1  wolfssl/src/ssl.c
    readability-uppercase-literal-suffix         13  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-too-small-loop-variable              1  wolfssl/wolfcrypt/src/rsa.c
    bugprone-too-small-loop-variable              2  wolfssl/wolfcrypt/src/sha3.c
    bugprone-too-small-loop-variable              4  wolfssl/wolfcrypt/src/idea.c
    bugprone-signed-char-misuse                   2  wolfssl/src/ssl.c
    bugprone-signed-char-misuse                   3  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-signed-char-misuse                   3  wolfssl/examples/client/client.c
    bugprone-macro-parentheses                   19  wolfssl/wolfcrypt/src/aes.c
    bugprone-macro-parentheses                  109  wolfssl/wolfcrypt/src/camellia.c
    bugprone-macro-parentheses                    1  wolfssl/src/tls.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/md4.c
    bugprone-macro-parentheses                    2  wolfssl/wolfcrypt/src/asn.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2b.c
    bugprone-macro-parentheses                  257  wolfssl/wolfcrypt/src/sha3.c
    bugprone-macro-parentheses                   15  wolfssl/src/ssl.c
    bugprone-macro-parentheses                    1  wolfssl/wolfcrypt/src/sha.c
    bugprone-macro-parentheses                    8  wolfssl/tests/api.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/sp_int.c
    bugprone-macro-parentheses                    6  wolfssl/wolfcrypt/benchmark/benchmark.c
    bugprone-macro-parentheses                   38  wolfssl/wolfcrypt/src/hc128.c
    bugprone-macro-parentheses                   12  wolfssl/wolfcrypt/src/md5.c
    bugprone-macro-parentheses                   10  wolfssl/wolfcrypt/src/sha256.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/test/test.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/ecc.c
    bugprone-macro-parentheses                    2  wolfssl/tests/suites.c
    bugprone-macro-parentheses                    4  wolfssl/wolfcrypt/src/cpuid.c
    bugprone-macro-parentheses                   26  wolfssl/wolfcrypt/src/blake2s.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/sha512.c
    bugprone-macro-parentheses                    3  wolfssl/wolfcrypt/src/poly1305.c
    bugprone-macro-parentheses                   24  wolfssl/wolfcrypt/src/ripemd.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/src/internal.c
    readability-inconsistent-declaration-parameter-name    1  wolfssl/testsuite/testsuite.c

    pre-patch warning count summaries, with suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-suspicious-missing-comma                           6
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-too-small-loop-variable                            7
    bugprone-signed-char-misuse                                 8
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2

    pre-patch warning count summaries, without suppressions:

    clang-analyzer-security.insecureAPI.strcpy                  8
    bugprone-branch-clone                                     152
    readability-non-const-parameter                           118
    bugprone-suspicious-missing-comma                           6
    bugprone-suspicious-include                                52
    readability-magic-numbers                               22423
    readability-redundant-preprocessor                         45
    readability-named-parameter                                21
    readability-function-cognitive-complexity                 845
    readability-else-after-return                             398
    bugprone-implicit-widening-of-multiplication-result       595
    readability-function-size                                  21
    readability-isolate-declaration                          1090
    misc-redundant-expression                                   2
    bugprone-narrowing-conversions                            994
    misc-no-recursion                                           3
    readability-uppercase-literal-suffix                       18
    bugprone-reserved-identifier                               56
    readability-suspicious-call-argument                       74
    bugprone-too-small-loop-variable                            7
    bugprone-easily-swappable-parameters                      437
    bugprone-signed-char-misuse                                 8
    readability-misleading-indentation                         94
    bugprone-macro-parentheses                                601
    readability-inconsistent-declaration-parameter-name         2
    bugprone-suspicious-string-compare                        495
    readability-redundant-control-flow                         20
    readability-braces-around-statements                    11483
    clang-analyzer-valist.Uninitialized                         1
    clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling   3502
 2022-01-21 01:25:48 -06:00
Jacob Barthelmeh
29513e1ec8 include hmac for deterministic ecc sign build 2022-01-20 09:25:32 +07:00
John Safranek
2cf21a3f69 Old Compiler Warning Cleanup (GCC 4.0.2) 
ecc.c,api.c: Initialize some variables to fix warning for possible
uninitialized variable use.
 2022-01-14 17:33:49 -08:00
Daniel Pouzzner
c557a74953 wolfcrypt/src/ecc.c: fixes for cppcheck complaints: invalidPrintfArgType_sint identicalInnerCondition 2022-01-08 00:29:35 -06:00
David Garske
38214bd083 Disable the FIPS consistency checks in ECC and DH for key generation by default. 2021-12-22 10:06:19 -08:00
David Garske
0ce9703768 Merge pull request #4666 from SparkiDev/ecc_enc_mem 
ECC: better protection when using encrypted memory
 2021-12-20 14:48:13 -08:00
Sean Parkinson
0b2b218de7 ECC: better protection when using encrypted memory 
Added new ECC scalar multiplication implementation.
 2021-12-17 08:30:45 +10:00
Daniel Pouzzner
b7307e0ca5 ecc.c: small stack refactor for mp_int on the stack in wc_ecc_gen_deterministic_k(). 2021-12-16 13:00:10 -06:00
Daniel Pouzzner
fed5eb1d94 ecc.c: fix a deadcode.DeadStores warning in wc_ecc_gen_deterministic_k(). 2021-12-16 13:00:10 -06:00
Sean Parkinson
bd7e19b8fe Merge pull request #4639 from JacobBarthelmeh/ECC 
deterministic ECC sign edge case fix and add variant
 2021-12-16 08:48:37 +10:00
Daniel Pouzzner
2193df1d62 add WOLFSSL_ECC_NO_SMALL_STACK. 2021-12-10 23:57:14 -06:00
Jacob Barthelmeh
dfce101b5b deterministic ECC sign edge case fix and add variant 2021-12-08 09:54:47 -07:00
Daniele Lacamera
baee7bace4 Merge pull request #4584 from ethanlooney/nxp_se050_curve25519 
Added curve25519 support for NXP SE050
 2021-12-02 02:47:36 -08:00