Commit Graph

5049 Commits

Author SHA1 Message Date
David Garske 7eb840d615 Merge pull request #4115 from SparkiDev/ed25519_openssl_fix
ED25119 and SHAKE-256: fixes
2021-06-11 10:41:51 -07:00
David Garske b28aab4cf9 Merge pull request #4098 from SparkiDev/san_hw_name_fix
Certs: fix leak when multiple hardware names in SAN
2021-06-11 08:25:28 -07:00
Sean Parkinson ed14e593c7 ED25119 and SHAKE-256: fixes
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
2021-06-11 10:13:31 +10:00
David Garske 2fc5b03d71 Merge pull request #4102 from danielinux/psoc6-sha-fixes
[PSOC6_CRYPTO] Do not directly include psoc6 port header to prevent loops
2021-06-10 06:57:17 -07:00
Sean Parkinson 3ecb8d5a3e Merge pull request #4062 from dgarske/dh_key
DH Key and Params Export cleanups and Apache httpd fixes
2021-06-10 20:54:32 +10:00
Sean Parkinson 56c317e1ab Merge pull request #4052 from elms/gcc11_fixes
fixes for gcc 11 compile and other whitespace
2021-06-10 15:51:04 +10:00
David Garske c6c7dfd5db Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
David Garske c6fc709502 Merge pull request #4072 from SparkiDev/ecc_sp_c_mod_sub_fix
SP C ECC: mont sub - always normalize after sub before check for add
2021-06-09 12:36:46 -07:00
Sean Parkinson d8cd7cbee1 Merge pull request #4024 from kabuobeid/zd12245
PKCS7: Check size in wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow.
2021-06-09 10:06:02 +10:00
Sean Parkinson 50dca86dcf Merge pull request #3878 from JacobBarthelmeh/ECC
add deterministic k generation for ECC sign
2021-06-09 09:47:19 +10:00
Sean Parkinson 32c215775a Merge pull request #4093 from guidovranken/DecodeResponseData-allocation-check
ASN: Catch allocation failure in DecodeResponseData
2021-06-09 09:38:53 +10:00
Sean Parkinson 70d2c838bb Merge pull request #4080 from kaleb-himes/SHAKE_DEFAULT_FIX
Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag
2021-06-09 08:52:05 +10:00
David Garske ae4af3c681 Merge pull request #4071 from SparkiDev/fp_ecc_long_order
ECC FP: cached doesn't work when order has more bits than prime
2021-06-08 12:17:04 -07:00
David Garske 4a85127507 Improve wc_DhKeyToDer for public key size calculation. Fixes bug with the output too (was missing 1 byte in length for the unused bits byte in bit string). 2021-06-08 09:55:56 -07:00
David Garske 9b215c5138 Fixes for DH Pub key import/export and new test case. Improve wc_DhParamsToDer. 2021-06-08 09:27:30 -07:00
David Garske 6db0b42c7f * Refactor of DH key and param exports code (moved into asn.c) enabled with WOLFSSL_DH_EXTRA.
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
2021-06-08 09:27:26 -07:00
David Garske 54d13f63c1 Merge pull request #4067 from haydenroche5/pkcs8
Add an API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key.
2021-06-08 09:21:53 -07:00
David Garske de70681229 Improve code comments to explain FP_ECC limitation for SECP160R1, SECP160R2, SECP160K1 and SECP224K1. 2021-06-08 08:41:36 -07:00
David Garske 61eae79f71 Merge pull request #4074 from SparkiDev/ecdsa_dbl_table_point
ECDSA FP ECC: fix corner case
2021-06-08 08:35:17 -07:00
David Garske 50e8509a36 Merge pull request #4037 from SparkiDev/prime_test_err_check
TFM prime checking: check for more errors
2021-06-08 08:06:37 -07:00
David Garske 9497c74283 Merge pull request #4081 from strongX509/master
SHA3-based RSA signatures require SHA-3 hash OIDs
2021-06-08 07:46:18 -07:00
Daniele Lacamera 6d1981abd1 Do not directly include psoc6 port header to prevent loops 2021-06-08 08:24:43 +02:00
Sean Parkinson 88322b82a5 Merge pull request #3871 from julek-wolfssl/openvpn-master
OpenVPN additions and fixes
2021-06-08 13:54:14 +10:00
Sean Parkinson 194b494741 Merge pull request #4034 from embhorn/zd12261
Fix declarations for EVP_VerifyFinal and RSA_private_encrypt
2021-06-08 12:15:30 +10:00
Sean Parkinson b3352648dd Merge pull request #4097 from guidovranken/blake2-init-key-fixes
Check return value in BLAKE2 key init functions
2021-06-08 11:54:29 +10:00
Sean Parkinson 8ee1dda2f9 Merge pull request #4001 from dgarske/time_long
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
Sean Parkinson 23d733f837 Merge pull request #4063 from guidovranken/zd12328
Fix length calculations in Base64_SkipNewline
2021-06-08 10:55:15 +10:00
David Garske 3e307aa626 Merge pull request #4091 from JacobBarthelmeh/Testing
add strict check on signature length
2021-06-07 11:02:02 -07:00
Guido Vranken 4e318ade36 In wc_PBKDF1_ex, break out of outer loop on error 2021-06-07 16:21:02 +02:00
Jacob Barthelmeh f97ca1c1ca adjust test case and add useful comments 2021-06-07 19:44:05 +07:00
Sean Parkinson e76ae2b8ac Certs: fix leak when multiple hardware names in SAN
Can only be one hardware name in SAN as this indicates the certificate
is for verifying signatures created by hardware module.
2021-06-07 12:02:23 +10:00
Guido Vranken 96b7b193d7 Check return value in BLAKE2 key init functions
If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail,
so the error must be propagated.
2021-06-07 03:34:44 +02:00
Guido Vranken bd7b57783d Remove excess space characters 2021-06-07 03:20:16 +02:00
Guido Vranken 1af3f482cb Catch allocation failure in ASNToHexString 2021-06-06 19:52:15 +02:00
Guido Vranken 76e0a8666b Catch allocation failure in DecodeResponseData 2021-06-06 03:12:53 +02:00
David Garske 5d33161032 Fixes for RSA keygen with SP (no DH). Thanks Sean. 2021-06-04 13:32:59 -07:00
Jacob Barthelmeh c245c4a812 add strict check on signature length 2021-06-05 03:09:33 +07:00
David Garske 21060afb80 Fix for building SP math only (small) with key generation. Fix for WOLFSSL_EXTRA. Fix for RSA without PSS. Fix for ed25519 spelling error. 2021-06-03 10:56:54 -07:00
Jacob Barthelmeh 66c7acb076 add use of heap hint for malloc 2021-06-03 23:38:30 +07:00
Andreas Steffen 0caf3ba456 SHA3-based RSA signatures require SHA-3 hash OIDs
The SHA-3 ASN.1 OIDs are defined by NIST under the
nistalgorithm/hashAlgs node.
2021-06-01 22:02:23 +02:00
kaleb-himes 94831eadf1 Sync SHAKE256 default (disabled) with parent default edDSA448 (disabled) and remove WOLFSSL_NO_SHAKE256 flag 2021-06-01 11:38:17 -06:00
Jacob Barthelmeh ab07c55609 check on hmac free and add else if case for check if key is 0's 2021-05-28 16:27:54 +07:00
Sean Parkinson c69665b999 ECDSA FP ECC: fix corner case
When the same table is used for both base point and public point (which
is not a valid thing to do) then a corner case occurs when the table
point can be added to the same point. This has to be a double operation
instead.
The table point isn't able to be doubled as it has a z-ordinate of 0 and
the original point is overwritten with the invalid add result.
Fix this case by:
 - copying the table point into the result,
 - setting z-ordinate to Montgomery form of 1,
 - double the result point in place.
2021-05-28 13:06:20 +10:00
Jacob Barthelmeh 252971aad7 better comments on RFC steps and fixes for combining code blocks, fix for check on sign_k value 2021-05-27 17:27:15 +07:00
Sean Parkinson 4e88521a90 SP C ECC: mont sub - always normalize after sub before check for add 2021-05-27 11:08:05 +10:00
Sean Parkinson 6bf9a887e1 ECC FP: cached doesn't work when order has more bits than prime
Small curves that are not commonly used do not work with scalars that
are the length of the order when the order is longer than the prime.
The table is generated based on modulus length not order length.
Simple fix is to not allow these curves to be used with FP_ECC.
Order isn't passed into the pseudo-public APIs.
2021-05-27 09:53:03 +10:00
John Safranek 1fe445368c Merge pull request #4069 from guidovranken/zd12349
Several ASN decoder fixes
2021-05-26 16:13:54 -07:00
Guido Vranken 1fbc3dc2d4 Heap-allocate additional CertStatus structs in DecodeResponseData 2021-05-26 21:41:47 +02:00
Guido Vranken cfef249041 Several ASN decoder fixes
See ZD 12349
2021-05-26 20:15:32 +02:00
Hayden Roche 88370285cc Add an API function wc_DecryptPKCS8Key to handle decrypting a DER, PKCS#8
encrypted key.
2021-05-26 10:48:14 -07:00