Commit Graph

9087 Commits

Author SHA1 Message Date
Kiwamu Okabe 95658be0ce WICED wolfCrypt-TLS_cli_srv-Https_cli 2019-02-26 10:37:48 -07:00
toddouska efc1ab8c42 Merge pull request #2111 from SparkiDev/ed25519_fixes_1
Various improvements for testing
2019-02-25 13:55:28 -08:00
toddouska 0360b38de4 Merge pull request #2116 from SparkiDev/pkcs11_id_fix_1
Fixes for PKCS #11 private key id and ECC
2019-02-25 13:09:15 -08:00
David Garske 3785bafdf4 Merge pull request #2096 from kaleb-himes/ZD4707
Update for newer versions of the TI compiler
2019-02-25 13:05:43 -08:00
toddouska 603a9b2e59 Merge pull request #2110 from dgarske/spelling
Fixes for various spelling errors
2019-02-25 13:04:12 -08:00
toddouska 72a50b8d46 Merge pull request #2109 from dgarske/pkcs7_buf
Fix for proper detection of PKCS7 buffer overflow case
2019-02-25 13:02:09 -08:00
Sean Parkinson 0e914d81dc Fixes for PKCS #11 private key id and ECC 2019-02-25 11:17:56 +10:00
Sean Parkinson feea036ec9 Fix generation of certs_test.h
Fix formatting of certs_test.h:
- remove trailing spaces
- change leading tab stops to spaces
2019-02-25 09:00:26 +10:00
toddouska b037334732 Merge pull request #2106 from dgarske/ecc_pubkey
Adds `ECC_PUBLICKEY_TYPE` to the support PEM header types
2019-02-22 12:09:10 -08:00
toddouska 04e3c4414d Merge pull request #2102 from SparkiDev/pkcs11_aes_cbc
Add support to PKCS #11 for AES-CBC and NO_PKCS11 defines
2019-02-22 12:07:23 -08:00
toddouska 9b125c5797 Merge pull request #2107 from JacobBarthelmeh/Compatibility-Layer
remove null terminators on substrings
2019-02-22 10:26:06 -08:00
Sean Parkinson 8bb4e23f8d Various improvements for testing
Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE.
Increase size of replyin client.c so all HTTP reply is displayed.
Fix api.c to support only Ed25519 (not RSA and ECC)
Fix suites.c to detect when CA for client won't work (Ed25519 only)
For Static Memory add debugging and small profile.
Also allow realloc to be called with NULL.
Add more Ed25519 certs and keys.
Fix names of Ed25519 filenames for client and server.
Do NOT turn on ECC_SHAMIR by default with lowresource.
Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 17:14:19 +10:00
David Garske ee3eb8fb4c Fix for proper detection of buffer overflow case when calling wc_PKCS7_EncodeSignedData. 2019-02-21 13:32:28 -08:00
David Garske 289f51a77d Fixes for various spelling errors. 2019-02-21 13:29:44 -08:00
Jacob Barthelmeh 5932cdab15 cast on strlen return value 2019-02-21 13:04:38 -07:00
David Garske 5801e7773b Merge pull request #2108 from miyazakh/server_help_in_jp
fixed examples/server to take additional parameter for "-?"
2019-02-21 05:55:32 -08:00
Hideki Miyazaki b68eab6450 fixed to take additioanl option for -? 2019-02-21 13:44:08 +09:00
Jacob Barthelmeh 18d3e04dbf remove null terminators on substrings 2019-02-20 16:39:18 -07:00
Sean Parkinson b0957c68fb ForceZero the devKey field of Aes in PKCS#11
Don't memset the key field of AES in PKCS#11.
2019-02-21 08:22:56 +10:00
toddouska 9c9221432f Merge pull request #2087 from ejohnstown/aesgcm
Update TLS for AES-GCM/CCM changes
2019-02-20 11:43:06 -08:00
toddouska b8dc772ef8 Merge pull request #2105 from dgarske/fix_stm_aesgcm
Fix for STM32 AES GCM
2019-02-20 09:23:11 -08:00
toddouska 3013cdd925 Merge pull request #2095 from SparkiDev/asm_macosx
Get Mac OS X working with the x86_64 assembly files
2019-02-20 09:19:29 -08:00
toddouska 025fba8ec6 Merge pull request #2093 from dgarske/tls13_async_dh
Fix for TLSv1.3 with DH key share when using QAT
2019-02-20 09:16:54 -08:00
toddouska 5d667ed1b8 Merge pull request #2075 from SparkiDev/port_zephyr
Zephyr port of crypto
2019-02-20 09:10:04 -08:00
David Garske d81fb727a3 Adds ECC_PUBLICKEY_TYPE to the support PEM header types. Fixes #2097. 2019-02-20 08:40:57 -08:00
David Garske ba14564c49 Fix for STM32 AES GCM, which was incorrectly using software crypto when authInSz != 16. The wc_AesGcmEncrypt_STM32 and wc_AesGcmDecrypt_STM32 functions correctly handle all variations of authInSz. 2019-02-19 15:38:09 -08:00
David Garske c2fbef2f7f Refactor to populate preMasterSz on XMALLOC. Fix for DoClientKeyExchange and ecdhe_psk_kea, which assumes preMasterSz is zero. Fix for TLS v1.3 resumption not properly setting preMasterSz. Removed for TLS v1.3 PSK setup test for preMasterSz == 0, which is not required. Spelling fixes for tls13.c. 2019-02-19 13:01:21 -08:00
David Garske dc1f0d7822 Fix for DH with QuickAssist to only use hardware for supported key sizes. Fix in random.c for seed devId when building async without crypto callbacks. 2019-02-19 11:57:55 -08:00
Sean Parkinson 520ae52ece Add support to PKCS #11 for AES-CBC and NO_PKCS11 defines
Added PKCS #11 specific defines to turn off support for algorithms.
2019-02-19 13:50:12 +10:00
Sean Parkinson e3997558a9 Fixes from review and added REAMEs and setup.sh
Add README.md and setup.sh.
Add READMEs with license information.
2019-02-19 11:47:45 +10:00
Sean Parkinson 5e1eee091a Add threaded samples using buffers and sockets 2019-02-19 11:47:45 +10:00
Sean Parkinson 4302c02e67 Include zephyr directories in the release 2019-02-19 11:47:44 +10:00
Sean Parkinson 2c447b24cd Fixes from review and add IDE files 2019-02-19 11:47:44 +10:00
Sean Parkinson 3366acc9ce Zephyr port of crypto 2019-02-19 11:47:44 +10:00
John Safranek c0d1241786 Modify the TLSv1.3 calls to the AES-GCM and AES-CCM encrypt functions to
use the FIPS compatible APIs with external nonce.
2019-02-15 13:52:23 -08:00
kaleb-himes d806134cbf Update for newer versions of the TI compiler 2019-02-15 13:05:37 -07:00
toddouska 25dd5882f8 Merge pull request #2094 from dgarske/ecdsa_der_len
Adds strict checking of the ECDSA signature DER encoding length
2019-02-15 10:53:57 -08:00
toddouska 7275ee5f19 Merge pull request #2089 from SparkiDev/tls13_sup_ver
Make SupportedVersions respect SSL_OP_NO_TLSv*
2019-02-15 10:36:32 -08:00
toddouska d9a5898e91 Merge pull request #2082 from SparkiDev/parse_kse
Fix length passed to key share entry parsing
2019-02-15 10:31:14 -08:00
toddouska c04cade97c Merge pull request #2083 from JacobBarthelmeh/Testing
Expected Configurations Test - NIGHTLY BUILD #505
2019-02-15 10:23:55 -08:00
Sean Parkinson 16f31cf8c6 Get Mac OS X working with the x86_64 assembly files 2019-02-15 15:08:47 +10:00
Sean Parkinson e47797f700 Make SupportedVersions respect SSL_OP_NO_TLSv* 2019-02-15 08:26:03 +10:00
David Garske a9f29dbb61 Adds strict checking of the ECDSA signature DER encoding length. With this change the total signature size should be (sequence + r int + s int) as ASN.1 encoded. While I could not find any "must" rules for the signature length I do think this is a good change.
If the old length checking method is desired `NO_STRICT_ECDSA_LEN` can be used. This would allow extra signature byes at the end (unused and not altering verification result). This is kept for possible backwards compatibility.

Per RFC6979: `How a signature is to be encoded is not covered by the DSA and ECDSA standards themselves; a common way is to use a DER-encoded ASN.1 structure (a SEQUENCE of two INTEGERs, for r and s, in that order).`

ANSI X9.62: ASN.1 Encoding of ECDSA:

```
ECDSA-Sig-Value ::= SEQUENCE {
  r INTEGER,
  s INTEGER
}
```

Fixes #2088
2019-02-14 12:05:34 -08:00
John Safranek e2d7b402e7 Update so TLSv1.3 will work. Needed to make the implicit IVs full sized
when copying. Added a flag to SetKeys() to skip the IV set (used for
TLSv1.3).
2019-02-14 12:04:32 -08:00
John Safranek 3223920fd9 Add a guard for AES-GCM and AES-CCM for the change in Encrypt for the
AES-AEAD type and macros.
2019-02-14 12:04:05 -08:00
John Safranek cd7f8cc653 Update AES-GCM/CCM use in TLS with a wrapper to select the correct API
depending on using old FIPS, or non-FIPS/FIPSv2.
2019-02-14 12:04:05 -08:00
John Safranek 67e70d6cb6 Update TLS to use the new AES-GCM and AES-CCM APIs that output the IV on
encrypt rather than take the IV as an input.
2019-02-14 12:04:05 -08:00
David Garske 64cb07557d Merge pull request #2091 from SparkiDev/pkcs11_fixes
Fix PKCS #11 AES-GCM and handling of unsupported algorithms
2019-02-14 09:49:02 -08:00
Sean Parkinson 5856d6b3dc Fix PKCS #11 AES-GCM and handling of unsupported algorithms 2019-02-14 17:06:15 +10:00
Jacob Barthelmeh 275667f0e9 remove ocsp attempt with ipv6 enabled 2019-02-13 19:01:09 -07:00