89ed811e23
fix compile error when disabled SCEPROTECT
2021-11-22 21:36:02 +09:00
82a9f74476
Compat updates
...
- implement `wolfSSL_PEM_X509_INFO_read`
- `wolfSSL_EVP_CipherUpdate` no-ops on `NULL` input
- add md4 support to `wolfSSL_EVP_MD_block_size` and `wolfSSL_EVP_MD_size`
2021-11-22 11:45:27 +01:00
5182e2a8c8
Merge pull request #4580 from kareem-wolfssl/minor_fixes
...
Check ssl->arrays in SendClientHello to avoid null dereference. Allow building with fallthrough defined.
2021-11-19 16:55:01 -08:00
f6c48bf7dc
Merge pull request #4560 from kaleb-himes/OE30-OE31-non-fips-changes
...
OE30 and OE31 changes external to FIPS module for NetBSD builds
2021-11-19 15:49:30 -08:00
34346bab4f
Merge pull request #4579 from JacobBarthelmeh/PKCS7
...
BER size adjustment with PKCS7
2021-11-19 14:49:03 -08:00
72d4dcce0f
Fix updated FALL_THROUGH macro. Fix a couple of case statements and remove a trailing whitespace.
2021-11-19 14:13:02 -07:00
5a72fee3df
Disable algorithms: fixes
...
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
- mp_cond_copy not available unless ECC compiled in
- wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
2021-11-19 16:56:33 +10:00
7e2fab6f4a
warning with keil build and native lwip want read case
2021-11-18 22:58:50 -07:00
f50fcd918e
support Renesas RA SCE protect mode on RA6M4 evaluation board
2021-11-19 14:22:16 +09:00
7e81372131
Merge pull request #4583 from dgarske/zd13242
...
Improve `ret` handling in the `ProcessPeerCerts` verify step.
2021-11-19 10:22:08 +10:00
af097401f2
SP: fix range of k to be 1..n-1
...
Was checking less than order - 2 then adding one.
i.e. 0..order-3 => 1..order-2
2021-11-19 09:40:26 +10:00
3054f20c6a
Improve ret handling in the ProcessPeerCerts verify step.
2021-11-18 14:51:09 -08:00
4324cf8f0a
Correct cast from uint to uchar
2021-11-18 10:18:25 -07:00
5a85d63543
Added curve25519 support for NXP SE050
...
Reverted commented out lines from se050_port.h
2021-11-18 09:23:59 -07:00
e33156d0dc
Merge pull request #4578 from kaleb-himes/OE33_NON_FIPS_CHANGES
...
OE33: Fix issues found by XCODE and add user_settings.h
2021-11-18 06:59:43 -08:00
b42a0d9712
native lwip update
2021-11-17 17:36:44 -07:00
370570d19b
ASN: DH private key encoding
...
Proper fix for sequence length when small keys.
2021-11-18 08:28:49 +10:00
38ec0bb31f
Merge branch 'master' of github.com:wolfssl/wolfssl into OE33_NON_FIPS_CHANGES
2021-11-17 14:02:56 -07:00
ddf06b8161
BER size adjustment with PKCS7
2021-11-17 12:03:32 -07:00
f638df3575
Fix issues found by XCODE and add user_settings.h
...
Disable internal test settings by default
2021-11-17 11:00:56 -07:00
ef62fab4ea
Update
...
1. WIN10 FIPS build should use version 5,2 now.
2. Update the v5-ready build ot use version 5,2.
3. Remove eol-whitespace from the benchmark source.
2021-11-17 09:19:34 -08:00
e8e0bc0d49
Merge pull request #4552 from SparkiDev/sp_mod_exp_zero
...
SP: mod_exp with exponent of 0 is invalid
2021-11-16 08:29:13 -08:00
33a6b8c779
Merge pull request #4531 from dgarske/cryptocb_aesccm
...
Added crypto callback support for AES CCM
2021-11-16 22:45:11 +10:00
8606788198
SP: mod_exp with exponent of 0 is invalid
...
Don't allow exponenetiation by 0 as it is cryptographically invalid and
not supported by the implementation.
Also check for even modulus in mod_exp.
2021-11-16 11:27:26 +10:00
6086728968
Fix possible segfault occurs when mp_clear() is executed for uninitialized mp_int
...
If NULL is passed as the digest argument of wc_DsaSign(), mp_clear() will be
called before mp_init() is called. This can cause segmentation fault.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-16 09:57:02 +09:00
f621defefe
Fix the segfault occurs when mp_clear() is executed for uninitialized mp_int on i386
...
test_wc_DsaSignVerify() passes the tests but causes an error.
free(): invalid pointer
If NULL is passed as the digest argument of wc_DsaVerify(), mp_clear() will be
called before mp_init() is called. On qemu-i386, the dp field of the mp_int
structure is non-null by default, which causes a segmentation fault when calling
mp_clear(). However, if WOLFSSL_SMALL_STACK is enabled, this problem does not
occur.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com >
2021-11-16 09:56:56 +09:00
1559e92dca
Add crypto callback AES CCM test case.
2021-11-15 16:22:10 -08:00
d3fc8c229a
mp_sqrt: TonelliShanks algorithm doesn't handle zero
...
(0 * 0) mod p = 0.
Modular reduce n and shortcut when 0.
2021-11-16 09:23:07 +10:00
64407bbd7d
Merge pull request #4564 from rizlik/unused_ret_value_fix
...
woflcrypt/src/rsa.c: check memory allocation return value
2021-11-16 08:56:47 +10:00
79f18c7585
SP sync: Missing update
2021-11-15 08:33:14 +10:00
a626a4fb02
Fixes for spelling errors.
2021-11-12 10:27:49 -08:00
600d562168
Merge pull request #4558 from anhu/falcon_bench
...
Add Falcon benchmarking.
2021-11-12 09:14:08 -08:00
4e20b93e72
Merge pull request #4556 from douzzer/updateFipsHash
2021-11-11 14:23:01 -08:00
c702dab988
Merge pull request #4561 from haydenroche5/wc_prf_fix
2021-11-11 13:03:58 -08:00
3ea4e35737
woflcrypt/src/rsa.c: check memory allocation return value
2021-11-11 16:25:03 +01:00
2f29ca1092
Make fixes/improvements to TLS PRF code.
...
Make `wc_PRF` return an error if it doesn't find a corresponding hash for the
passed in hash type. Currently, if `wc_PRF_TLS` is called with `NO_OLD_TLS`
defined, it will do nothing but still return success. Make it return an error
instead. These problems were uncovered when running the wolfEngine unit tests
with wolfSSL 5.0.0 FIPS Ready, which defines `NO_MD5` and `NO_OLD_TLS`.
2021-11-10 15:19:43 -08:00
3c1deff611
Fix falcon bench cleanup case (should not free if init fails). Fix RSA key gen keySz with ./wolfcrypt/benchmark/benchmark -asym.
2021-11-10 15:03:44 -08:00
453404a864
Get the falcon keys into wolfssl/certs_test.h
2021-11-10 17:33:24 -05:00
6bb86cf4da
OE30 and OE31 changes external to FIPS module for NetBSD builds
2021-11-10 15:16:21 -07:00
5fe078d7db
sig1, sig5 --> sig
2021-11-10 16:52:05 -05:00
246d470956
Refactor to do proper memory management.
2021-11-10 16:42:48 -05:00
6165323829
Satisfy a jenkins test.
2021-11-10 15:29:09 -05:00
237b098ba5
Add Falcon benchmarking.
2021-11-10 14:53:35 -05:00
ed0418c2a8
fix whitespace.
2021-11-09 22:17:38 -06:00
341bd7bbbc
mp_test: when SP_INT_DIGITS is even calc was wrong
2021-11-10 09:33:14 +10:00
8e0fdc64be
Merge pull request #4522 from dgarske/static_eph
...
Fixes and refactor for static ephemeral key support
2021-11-10 08:22:51 +10:00
9a83842c29
Merge pull request #4536 from luizluca/refactor_nameconstraints-permit
...
ASN: refactor name constraints checks
2021-11-09 10:44:17 -08:00
df82b01e68
Added x448 static ephemeral support.
2021-11-09 08:27:42 -08:00
5dac25f470
Eliminate EIGHTK_BUF use in asn. Cleanup uses of 0 in set_verify for callback.
2021-11-09 08:23:19 -08:00
ff3179012d
SP: fix when mont_mul_order is defined
...
Customer configuration that failed:
./configure --enable-cryptonly --enable-ecc --enable-sp=yes,asm
--disable-rsa --disable-dh --disable-sha3 --disable-sha224 --disable-md5
--disable-sha --disable-pkcs12 --disable-memory --disable-chacha
--disable-poly1305 --disable-sha512 --disable-sha384 --disable-aesgcm
--disable-aescbc --disable-aes --disable-rng CFLAGS="-DNO_SIG_WRAPPER
-DWOLFSSL_PUBLIC_MP -DECC_USER_CURVES -DNO_ECC_SIGN -DNO_ECC_DHE
-DNO_ECC_KEY_EXPORT"
2021-11-09 17:50:21 +10:00
Hideki Miyazaki
Juliusz Sosinowicz
David Garske
Kareem
Sean Parkinson
JacobBarthelmeh
kaleb-himes
Ethan
John Safranek
Masashi Honma
Marco Oliverio
Hayden Roche
Anthony Hu
Daniel Pouzzner